Mastodawn

alia Jul 15, 2024

Yup, it's true. Firefox 128 includes new adtech features that are turned on by default and announced with very little fanfare, so most people might not even know they're there.

Well, this is me telling you they're there. You might want to go ahead and take a minute to opt out.

Here's the little helpful explainer from Mozilla about how it all works:

https://support.mozilla.org/en-US/kb/privacy-preserving-attribution

My read seems to be: Mozilla says website surveillance is generally bad and should be defended against. Cool. No notes. Firefox actually has a lot of nice anti-tracking and privacy features there and that's the main reason why I like Firefox.

But, and I swear I'm not even joking a little bit here, Mozilla goes on to say that advertisers might be happier if Firefox itself just tracked you directly and sent activity reports back to them.

Doesn't that sound great?

Now, to Mozilla's credit, they claim to anonymize the activity reports. And you can still meaningfully opt out of the whole system.

But WTF, mate?! I use Firefox *because* it fights against adtech. Or at least it used to. Now, Mozilla just lets adtech right in the front door and hopes you won't notice?

Well, we noticed. Mozilla is damage and we need to route around it.

UPDATE: The about:config setting for this is `dom.private-attribution.submission.enabled`. It's a bool. Set it to false to turn it off.

Privacy-Preserving Attribution | Firefox Help

Firefox 128 introduces privacy-preserving attribution, allowing advertisers to measure campaign performance while protecting user privacy.

Jeff Martin Jul 12, 2024

There's hope tho.

In Mozilla's earlier days, they jettisoned a totally new web browser project called Servo. It's sort of a ground-up effort to build a browser using the latest safety tech, like the Rust programming language.

https://servo.org

And the best part is, Servo is totally independent from Mozilla now and they have * independent funding * !

Meaning, Google isn't bankrolling Servo as anti-trust insurance (*cough* Firefox *cough*), so there's a chance it might actually take a real stance against adtech on the web.

Servo is faaaar from ready for general use yet, but it's picking up development speed. Definitely an option to keep an eye on for the future.

Servo aims to empower developers with a lightweight, high-performance alternative for embedding web technologies in applications.

Servo is a web rendering engine written in Rust, with WebGL and WebGPU support, and adaptable to desktop, mobile, and embedded applications.

Servo

keithzg Jul 12, 2024

@cuchaz And with the development history of Gecko's attempts at becoming portable and embeddable into other applications and web browsers, Servo may overtake it for usability from a development perspective sooner rather than later :cat-tears-of-joy:

AzureArmageddon Jul 13, 2024

@keithzg @cuchaz Potential replacement for electron as well? A man can dream.

@keithzg @cuchaz is Mozillaeven trying to make Gecko not a pain to work with for embedding when they shove Rust everywhere in it?

sparrows (doll arc) :flaglesbian::neoamazonia::vriskasip:Jul 12, 2024

@cuchaz does it have a new source of funding? we heard that the big grant it got a year or two ago had run out

J. "Henry" Waugh Jul 12, 2024

@dangerdyke @cuchaz I believe Servo has "baseline" funding from the Linux Foundation (e.g. cloud bills from running CI and hosting itself), though still needs grants for features and full-time paid focus from anyone

Klara ❤️Jul 12, 2024

@cuchaz Also, Ladybird just gained quite a few full time developers IIRC.

J. "Henry" Waugh Jul 12, 2024

@boo_ and may or may not have lost them again due to drama (which I won't get into)

Hadley T. Canine (fox)Jul 13, 2024

@boo_ In case you missed the most recent drama with them:

https://github.com/SerenityOS/serenity/pull/6814

Gender neutral language within build instructions by Tunas1337 · Pull Request #6814 · SerenityOS/serenity

It's a minor nitpick, but I think it's important; assuming the user and/or developer of the operating system is male isn't exactly the best.

GitHub

Dr Ro Smith Jul 13, 2024

@hadley @boo_ Yeah, I was gonna say, this is not a great alternative.

Cassandrich Jul 13, 2024

@boo_ @cuchaz It's a dead end project due to developer having ideology in conflict with interests of users.

Josh Justice Jul 13, 2024

@dalias @boo_ @cuchaz could you say more about this ideology? I want to know if j should avoid it. Feel free to DM it if you prefer

Jeff Martin Jul 13, 2024

@CodingItWrong @dalias @boo_ There was a GitHub PR about a pretty innocuous change that got closed by the developers with a revealing take.

Looks like the PR was in the pre-fork SerenityOS project rather than Ladybird itself, but I think the same developer in this issue is leading Ladybird development, so still relevant:

https://github.com/SerenityOS/serenity/pull/6814

Gender neutral language within build instructions by Tunas1337 · Pull Request #6814 · SerenityOS/serenity

It's a minor nitpick, but I think it's important; assuming the user and/or developer of the operating system is male isn't exactly the best.

GitHub

Børge Jul 12, 2024

@cuchaz They're also on the fediverse: @servo

@cuchaz Ladybird browser has forked out of SerenityOS and is now aiming to be a completely independent browser.
https://ladybird.org/

Ladybird

Ladybird is a truly independent web browser, backed by a non-profit.

🜏 Osric Ovcharka Dog 🜏Jul 13, 2024

@Albi @cuchaz I thought that the Ladybird dev crew were anti-trans & anti-pronouns ? ?

Tor Iver Wilhelmsen Jul 13, 2024

@osric @cuchaz @Albi it seems that was someone on the SerenityOS side of things.

cha Jul 13, 2024

@cuchaz the task of implementing a web browser sound sooo hard. I would reimplements Postgresql from scratch with better perf before finishing writing the architecture design of the stuff.

Kudo to those projects but I would not bet on the success!

Wolf480pl Jul 13, 2024

@cuchaz so if all of us nerds stopped using Firefox as the less-bad browser and switched to (some fork of) Chromium...

how much of a dent would that make in Firefox's user share?

probably not much, but

if Firefox lost all of its users, would that kill Mozilla?

would the death of Mozilla cause Google to be hit with antitrust?

would the end result be better than Mozilla's continued existence?

Cassandrich Jul 13, 2024

@wolf480pl @cuchaz FFS accelerationism is a dumb af idea.

Wolf480pl Jul 13, 2024

@dalias @cuchaz
Yeah, and it's unlikely that the idea from my last post would work. Betting on Google getting and losing an antitrust lawsuit would be stupid

But what frustrates me is that we can't incentivize Mozilla to stop doing bad things, because no matter how much badness they do, Firefox is still better than Chromium

Well that can't be true. Surely there is a threshold of badness where it doesn't make sense to use Firefox anymore. I think it's still far, but we should figure out where

Cassandrich Jul 13, 2024

@wolf480pl @cuchaz Beautiful analogy for the Democrats though. 🤪

Wolf480pl Jul 13, 2024

@dalias @cuchaz
uh, I don't think I'm qualified to speak about the specifics of US political system, but from the outside, it looks like it's fucked up in many more ways than the web browser "market" is

Jeff Martin Jul 13, 2024

@dalias @wolf480pl

Cassandrich Jul 13, 2024

@cuchaz @wolf480pl Except that anyone can fork Firefox. The threshold for "stopping using it" is not a threshold for choosing Chrome (that's *never* an option) but a threshold for a hard fork to become worthwhile.

Cassandrich Jul 13, 2024

@cuchaz @wolf480pl For those of us who use distros, though, our distro protects us from whatever shit Mozilla management does. Makes it the easier option than a fork.

Jeff Martin Jul 13, 2024

@dalias @wolf480pl Sometimes distros do and sometimes distros don't. My preferred distro at the moment (Linux Mint) didn't this time around. But I get it. Maintaining a fork is a lot of work, even if it's the distro that's doing the forking.

Cassandrich Jul 13, 2024

@cuchaz @wolf480pl In this case it's at most changing the about:config key default, or a build time configure option, or patching the code out with a big if(false){} around the call point.

Jeff Martin Jul 13, 2024

@dalias @wolf480pl you'd be amazed how much work it takes to keep patches like that working in a project that's constantly changing.

Jeff Martin Jul 13, 2024

@dalias @wolf480pl or maybe not. Maybe you already know. But I try not to get upset if people don't want to maintain their forks forever.

Cassandrich Jul 13, 2024

@cuchaz @wolf480pl That's why I don't do actual code removal diffs that are subject to merge conflicts but strategic if(0), #define, etc.

Cassandrich Jul 13, 2024

@cuchaz @wolf480pl Usually you can make merge-conflict-proof fixes for malicious features just by:

1. if(false) on call point.
2. abort() as safety in low-churn line of malicious part
3. Changing domain name of the C&C as a second line safety.

undead enby of the apocalypse Jul 13, 2024

@wolf480pl @cuchaz would probably do more harm than good, especially since for example the tor browser is built on Firefox

Also this is just a personal thing but I personally hate the look and feel of chromium browsers. And I’m not aware of any that are worth using, except for maybe ungoogled chromium if you really want to use a chromium based browser for some reason (though I haven’t tried ungoogled chromium)

Wolf480pl Jul 13, 2024

@enby_of_the_apocalypse @cuchaz
yeah but it kinda feels like Boeing...

Jeff Martin Jul 13, 2024

@wolf480pl ooh, interesting questions.

If Firefox lost all of its users, I suspect that would kill Mozilla, since they get the vast majority of their funding by pushing Google as the default search.

Although, since google is probably funding Mozilla as basically anti-trust insurance, they might keep funding Mozilla anyway? Hard to say.

As for what happens next in a world after Mozilla has failed, I couldn't say with any certainty. I'm a pretty poor predictor of the future.

Niku Jul 13, 2024

@cuchaz With https://ladybird.org/ there is another non-profit browser on the rise. Im looking forward to the alpha of ladybird in 2026

Ladybird

Ladybird is a truly independent web browser, backed by a non-profit.

Jonas Jul 13, 2024

That and Ladybird is giving hope indeed!

https://ladybird.org/

Ladybird

Ladybird is a truly independent web browser, backed by a non-profit.

Daniel Rotter Jul 15, 2024

@cuchaz servo is not a browser though, so not really a replacement for firefox. So I think this is still a long way to go.

m0xEE Jul 12, 2024

@cuchaz
Okay, it looks like I'm staying on FF 118.2.0 on my Android and Windows devices — the last release to have a preference to disable WebP support, and on 124 on my Linux boxes — on which I could patch the option to disable WebP back in and build it myself, building FF for Android and Windows seems like going into too much trouble.
After 124 my userChrome.css hacks started breaking and I stopped updating — now I see that it's not even worth it. Thanks for bringing this to attention!

Pretty Good (at crashing out)Jul 12, 2024

@cuchaz obligatory librewolf mention. Removes all of the "what the fuck are you doing Mozilla" anti-features and keeps the useful ones that actually enhance privacy. https://librewolf.net/

LibreWolf Browser

A custom version of Firefox, focused on privacy, security and freedom.

Jeff Martin Jul 12, 2024

@prettygood Yeah, LibreWolf is definitely on my to-research list. I've heard good things about it, but don't know much directly yet.

I'm a little worried about the long-term viability of Firefox forks that are in the remove-things camp tho. But for what it's worth, I use a browser with a similar goal called Mull on my Android phone. So I'm not against them entirely.

lioness (stuff)Jul 13, 2024

re: lb: I haven't successfully compiled/installed it (so I can't actually recommend it) but I might give it another go soon

@prettygood @cuchaz Quick question.
I'm currently using firefox and have quite a few bookmarks and extensions, how difficult would it be to import those into librewolf?

Pretty Good (at crashing out)Jul 13, 2024

@flesh @cuchaz if you're using the Firefox Account, then its zero effort. Librewolf lets you use the Firefox account and sync all your stuff the same way you would now. Even if you're not using the Account feature, you can just export the bookmark and re-import them via normal means. The browser is functionally the same, there are just some undesirable parts removed and some default settings changed. https://librewolf.net/docs/features/

LibreWolf Browser

A custom version of Firefox, focused on privacy, security and freedom.

undead enby of the apocalypse Jul 13, 2024

@cuchaz @prettygood @flesh for me importing bookmarks from an html file didn’t work, I had to import them from a json file for it to work. A bug people should maybe be aware of

undead enby of the apocalypse Jul 13, 2024

@prettygood @flesh @cuchaz you can export Firefox bookmarks to a json file by clicking on the three bars menu in the upper right corner of Firefox, going to bookmarks, clicking on manage bookmarks (in the bottom of the bookmarks menu), clicking on import and backup, and selecting backup (rather than export to html, which is what I previously tried but importing that didn’t work).

You can import that file in librewolf using the import browser data setting under general in the settings (or clicking the thing in the upper right corner that appears on fresh installs asking you to import bookmarks, clicking on the dropdown menu (which might say another browser you have installed by default, for some reason you can’t directly select Firefox), clicking on bookmarks from html file, and then in the menu to select a file that opens up clicking on the dropdown menu in the lower right corner of the menu (above open and cancel) which should say html file by default and selecting json file. You should now be able to find the json file you created earlier and open it.

undead enby of the apocalypse Jul 13, 2024

@prettygood @flesh @cuchaz made the explanation a bit more detailed in case others having that problem stumble across this. It really is a bit unnecessarily confusing, both how to make your bookmarks export a json file, and how to import a json file.

undead enby of the apocalypse Jul 13, 2024

@flesh @cuchaz @prettygood I spent way too long today trying to get this to work/finding out how, and almost gave up on librewolf after the html file import didn’t work on second try, so I hope I could’ve made that a bit more easy (and less frustrating and time consuming) for others

Jupiter Jul 13, 2024

@prettygood @cuchaz

Yeah, and if they ever allow Dark Mode with Data Protect(?) enabled, I'll use it.

Anti-fingerprinting? FFS.

Pretty Good (at crashing out)Jul 13, 2024

@avoca @cuchaz you can always install a different theme that is something other than the default dark theme. Or, you know, turn off the fingerprinting setting, if dark mode is that much more important to you.

Jupiter Jul 13, 2024

@prettygood @cuchaz

Nah, I just moved over to Brave.

The way Mozilla are seemingly headed it was only a matter of time anyway.

Cheers though.

undead enby of the apocalypse Jul 13, 2024

@cuchaz @avoca @prettygood I use the dark reader plugin, though I’m not sure if this is the way to do it that breaks fingerprinting the least. Idk what’s worse, having it send requests to use dark mode to websites, or making websites have a dark mode appearance on the client side but having one more (commonly used, but still) plugin? Idk

undead enby of the apocalypse Jul 13, 2024

@prettygood @cuchaz @avoca the FAQ of librewolf suggests people set that up manually for every website they use that has a dark mode setting, which is just a hassle and involves trying to find that setting and then setting up cookie exceptions, and it doesn’t work if a website doesn’t have that setting or if you just want to idk search things, use websites other than the few you commonly use. It’s just not a viable solution, at least not for me.

undead enby of the apocalypse Jul 13, 2024

@cuchaz @avoca @prettygood and keep in mind that dark mode is an accessibility thing for some people, this isn’t always just some insignificant personal preference or sth. And even if it wasn’t, people should have the option and there should be information about how to set this up in a way that impacts fingerprinting the least other than manually setting it for every website, so that they can make an informed decision. People can’t just expect everyone’s priorities to be the same.

delve, antifa supersoldier Jul 12, 2024

@cuchaz Gonna add that config setting to my user.js file. Thanks!

Gemma 👽Jul 12, 2024

@cuchaz
Thanks for the warning.

Wasn't expecting this junk from Firefox, but I guess everyone has a price.

Jeff Martin Jul 12, 2024

@prettyhuman Yeah. It didn't use to be like this. It all just makes me sad now.

Captain of the SS El Faro Jul 12, 2024

@cuchaz I just know an org has my best interests at heart when they call selling my data to the highest bidder "privacy-preserving". Guess it's time to make my own browser, with blackjack and

Matthew Jul 12, 2024

Do you know where it is, in the android app?

Jeff Martin Jul 12, 2024

@mrblissett Sadly, I don't. I stopped using Firefox on Android a while back in favor of a fork called Mull. So I don't know what the setting looks like on mobile, or if it's even there at all.