Mastodawn

It really sucks to be in a world where you have to choose between two vendors for the tools you must use to access most of your life, both of which have clearly stated they are actively working against both your best interests and the best interests of society. Of course, there's an alternative — various third parties, many of which are actively malicious and none of which are remotely reasonable choices when it comes to security, feature parity, or anything else.

Today this is about browsers, but the fact that I have to specify is its own problem.

Eleanor Saitta Oct 4, 2024

Justin Pickard Oct 4, 2024

@dymaxion Oh no. I feel like you might need these as tattoos.

grmon Oct 4, 2024

@dymaxion https://donotreply.cards #servicetoot

DONOTREPLY.CARDS

DO USE DO NOT REPLY CARDS FOR BETTER REPLIES ↱

o ifrit caduco 🦔🫚🪾⛈️🐌🌰🍛Oct 4, 2024

@grmon @dymaxion Don't do it

Wilfried Klaebe Oct 5, 2024

@grmon That's right there on the bottom of each one.

grmon Oct 14, 2024

@wonka yes, but: most people don't know the tld cards. just like me. one of the reasons as a ux dev i favor adding www or at least underline the link. bye.

Wilfried Klaebe Oct 14, 2024

@grmon adding "https://“ would work too

Ahmet Alphan Sabancı Oct 4, 2024

@dymaxion couldn’t agree more. It took me a while to come to terms with it but right now the only meaningful option is strategic pragmatism in these cases. I wish this wasn’t the case but there’s nothing I can do if the “alternatives” are nowhere near to being real options in my life.

SamLR/Cass Oct 4, 2024

@dymaxion Thank you for answering "which duopoly" :)

(Also ugh)

Nefarious Celt Oct 4, 2024

@SamLR @dymaxion mostly. I have a third option after ditching WinTel. And I don’t use chrome on my Mac

quoll (√)Oct 4, 2024

@dymaxion probs a good idea to flick some coins to https://servo.org/sponsorship/

Sponsorship - Servo aims to empower developers with a lightweight, high-performance alternative for embedding web technologies in applications.

Servo is a web rendering engine written in Rust, with WebGL and WebGPU support, and adaptable to desktop, mobile, and embedded applications.

Servo

Eleanor Saitta Oct 4, 2024

What part of this did you not understand?

quoll (√)Oct 4, 2024

@dymaxion you don't have to _use_ the software just give them some of your hard earned.

but fair enough, sorry 🙇

Eleanor Saitta Oct 4, 2024

@quoll
A browser is the size of an operating system. If you can't stand up at least a ten person full-time dedicated security team, separate from all the actual dev work — or have a meaningful short-term path to doing so — you're not building a serious tool for non-hobbyists. Like, nothing wrong with hobbies, but I have more than enough expensive hobbies as it is. Maybe they'll get lucky and in fifteen years they'll have something useful with a big enough team to back it up, but I'm not betting on it. And to be clear, ten security engineers is a bare minimum even if you're working in a memory safe language with generated parsersfrom scratch.

Aloïs Cochard Oct 4, 2024

@dymaxion @quoll you sounds so wrong on so many levels, but the sad thing is that it's impossible to discuss with you based on the cards you are throwing at us.

I'm not so sure, what kind of interaction you expect from this? or is it like preaching negativity or something?

he/him Oct 4, 2024

@alois @dymaxion @quoll

All they want is a discussion on the problem, which is something they are already well informed on.

Basically the cards are just saying "this discussion is at a level above the basics-I know full well what the options are, what enshittification is, etc."

So maybe we talk about how this description is so depressingly apt for so many things I honestly thought they were talking about cell phones, for example, to emphasize their point about how applicable this really is everywhere

Aloïs Cochard Oct 4, 2024

@TeflonTrout @dymaxion @quoll @falcennial thanks a lot for taking time to explain this reasoning to me!

The original intent is making more sense now, even though I'm still convince it rely on a flawed logic.

I surely wish the situation was better and I think we all agree on that, I understand and respect that here is not a space for debate.

MiloWinterBurn Oct 5, 2024

There is space for discussion, which is sort of a debate right?

I'd like to hear your thoughts on how a competing browser could materialize without a metric shitton of money. (assuming that is one of the points where you disagree)

Isaac Ji Kuo Oct 4, 2024

@dymaxion @quoll

The way to ensure this problem will happen is a "standard" that is too complex for anyone but one or two big organizations to keep up with. Any standard that is too complex or flexible will be taken over by Embrace Extend Extinguish Enshittify.

ActivityPub, by the way, is exactly such a standard. It'll get taken over at some point.

The way to avoid it is a simple inflexible standard, like Diaspora protocol. Doesn't guarantee success, though. People like shiny new features.

Leandro Martin Peralta Oct 6, 2024

@dymaxion @quoll This makes me think of advocates of the small internet who propose the issue stems from how permissive and ever-expanding the web is in terms of features and capabilities and that an alternative to that is having more constrained protocols that make the implementation of clients easier and expose a smaller attack surface in terms of security and privacy. The Gemini protocol looked promising when it came out, but it won't go mainstream anytime soon sadly.

Alan Campbell Oct 4, 2024

@dymaxion It looks to me that NASA is in a similar bind RE human access to space. Their choices [so far as I'm aware] are a company run by an undeservedly rich inveterate fascist or a company most recently known for their aircraft suffering multiple incidents.

.vad//hakara🧭Oct 4, 2024

@dymaxion I thought you were talking about mobile phones until the final line. Our world is sad and broken.

Eleanor Saitta Oct 4, 2024

@vadhakara
RIGHT?? Or like a dozen other places where oligarchs have gotten their claws in

Nini Oct 4, 2024

@dymaxion There's a lot of situations with two bad options competing for which'll hurt and/or inconvenience you the least in the world which is in itself a sad situation to find oneself in.

Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵]Oct 4, 2024

@dymaxion yeah, it applies so directly to library systems too, although the second-tier options aren't normally actively malicious but may range from incompetent to outdated to unsuitable for larger libraries.

Dave Goldsmith Oct 4, 2024

What? Coke and Pepsi aren't enough for you?

Log 🪵Oct 4, 2024

@dymaxion Sort of weird in comparison that I have so many choices of vendors when I want to destroy the planet via profligate consumpton: BP, ExxonMobil, Chevron, ConocoPhillips, Shell, Gazprom, Sinopec, Saudi Aramco, Total, Petrobras, Marathon, Enbridge. They don't use DRM. They don't embed telemetry. They don't consider themselves an additive platform. Their streams and downloads rarely get hacked. They're just like, "Here. Burn this."

Log 🪵Oct 4, 2024

@dymaxion Why did tech evil have to get so freakin' *needy*?

Mister Moo 🐮Oct 4, 2024

@dymaxion Google should not be allowed to own Chrome or Chromium anymore.

mmby Oct 4, 2024

@dymaxion it is rather bleak, it's like every larger entity out there is using the polycrisis to push their agenda through, while the world is distracted by all the things everywhere

ewe2 Oct 4, 2024

First world problem.

Eleanor Saitta Oct 4, 2024

@ewe2
No, actually it turns out that people in the global south also have a right to privacy, also get impacted by digital security issues — whether or not they're online themselves — and are also stuck with the impacts of the same duopoly. 67% of the world uses the internet and it's still going up pretty quickly.

ewe2 Oct 5, 2024

@dymaxion True, its a first world problem created *by* the first world *for* the the first world. I said nothing about the global south. We invented these artificial conditions to create scarcity to increase profits. All else is externality, particularly security and it affects *everyone*. I could rant more about that but we have a very difficult mindset to shift and it goes deeper, as you say, than browsers.

Jacket Oct 4, 2024

@dymaxion What is the duopoly for browsers?

Eleanor Saitta Oct 4, 2024

@jacket
Chrome and Firefox. Safari is still digging its way out of a decade of underinvestment, and all the third party browsers a) use either the firefox or chrome engine, and b) with the exception of Microsoft, don't really have the development and security lift to keep up with their upstream and ensure their fork isn't causing problems.

Jacket Oct 4, 2024

@dymaxion The other alternatives are ports of those or uses the engine they use. If we look at web engines there is only 4 that are actively still being developed. WebKit (apple), Blink (google), Gecko (Mozilla) and Goanna (M. C. Straver). The LST one is a for of Gecko. It's a bit of a old school Gecko. So we can say that there is only 3 engine for all the browsers, kind of. There is an interesting project that is being developed at the moment called #ladybirdbrowser. It's a new browser made from scratch, with it's own engine. Something we didn't see in decades.

Eleanor Saitta Oct 4, 2024

@jacket
Yes, I've been following browser development for 30 years and browser security for 20.

A browser isn't a rendering engine, and forking a browser, let alone a rendering engine, still leaves an amazing amount of work to do, in particular from a security perspective. While the alternatives may sometimes deliver interesting user experiences, I wouldn't ever recommend that someone use them in anger.

MiloWinterBurn Oct 5, 2024

@dymaxion @jacket so now that we're here, what's your opinion on ladybird? Do they eventually have a shot?

Eleanor Saitta Oct 5, 2024

@MiloWinterBurn
Maybe in a five years if they get a hell of a lot of money? They're going to be looking at thousand of engineers to get to a level of feature and security parity that makes them as serious alternative without using other people's code, even if they're smart about architecture, language, and legacy support. If they start integrating other people's code, they'll also inherit its security issues, which means fewer devs but much more integration, patching, and hardening work. I don't see a funding model that's going to get them there, though.
@jacket

MiloWinterBurn Oct 5, 2024

@dymaxion and I'm guessing this is the kind of coding where genAI can't contribute a lot?

I was thinking about funding models as well - was briefly triggered to go on one of my fun "let's build a startup in my head" joyrides again (I've done dozens, up to nuclear containerships). There is a demand, and there is money. But it's a long way there.

Jacket Oct 5, 2024

@MiloWinterBurn @dymaxion Ladybird need to go fast to get up to date with the features that exists on other browsers I think. But it is going fast. I checked the repo and there is no day passing without a bunch of PR. The development looks solid. So, I don't know. Maybe? It's a fun experiment whatever happens to it.

MiloWinterBurn Oct 5, 2024

@jacket @dymaxion so how does their progress compare to servo? Servo seems to have more funding, but it seems like it's not nearly enough to get somewhere

Jacket Oct 5, 2024

@MiloWinterBurn @dymaxion I just follow ladybird by curiosity, and maybe to contribute at some point but I don't know much about servo. It looks interesting. I just know the challenge of creating a competitive browser nowadays is huge.

Jacket Oct 5, 2024

@dymaxion You're right. Do you think the problem is the bar being higher for a browser to be decent today? I feel like I could easily make a competitive browser for the 90's along pretty fast. I would probably need a big team to compete with today's browsers.

Eleanor Saitta Oct 5, 2024

@jacket
Well, the security bar cannot be lowered, and that leaves a lot of irreducible complexity. Things like service workers are pretty important to how people actually use web apps now. You could support fewer media formats and ditch DRM, of course, but that also breaks a lot of existing content. Yes, if you redesigned the web ecosystem from scratch you could eliminate a lot of complexity without losing functionality, but that's also not going to happen. Yes, some of that complexity exists as a competitive moat by browser vendors, and it's working.

(roll m3tti)Oct 4, 2024

@dymaxion the day chrome came out and everybody was switching i was seeing that this time will come. Having a standard is beautifull but having just one product that means the standard is not how it should be. But i also think that we as developer are also in charge. Just look at what the web did till now. We invented a lot of stuff that should make everything better but we were left with a complexity that still just renders html but resulted in this duality of browsers.

Michael Richardson Oct 4, 2024

@dymaxion yeah. So how do we (society) pay for browsers?

Eleanor Saitta Oct 4, 2024

@mcr314
I wish I had a good answer, for any shared Infrastructure.

Pteryx the Puzzle Secretary Oct 4, 2024

@dymaxion @mcr314 Once upon a time, that was what governments were for... but we can't trust them with a piece of technology that can be undermined with surveillance either.

Eleanor Saitta Oct 4, 2024

@pteryx
Exactly.
@mcr314

Martin Schlegel Oct 4, 2024

@dymaxion that made me look up the statistics and o boy do I live in a bubble. If it’s use on “big” devices like laptops I know very few people who use Chrome, Safari or Edge. Seems like that is very strange https://gs.statcounter.com/browser-market-share maybe it’s due to my profession but in my personal circle of friends and coworkers I would have put firefox at 70% with the rest a mix of Chromium, Opera, Safari (mostly on apple phones) and some Chrome.

Browser Market Share Worldwide | Statcounter Global Stats

This graph shows the market share of browsers worldwide based on over 5 billion monthly page views.

StatCounter Global Stats

Eleanor Saitta Oct 4, 2024

@martinschlegel
Yup! I'm actually surprised Safari is that high now — I guess Apple's investment there is paying off.

Martin Schlegel Oct 4, 2024

@dymaxion I’m more surprised at chrome. Apple makes a decent share of phones and most don’t switch their browser on their phone. And for most apple laptops it’s the same. But I don’t even remember the last time I saw Chrome in active use on a PC or laptop.

Martin Schlegel Oct 4, 2024

@dymaxion if you switched chrome and firefox, that would more or less represent what I experience.

Eleanor Saitta Oct 4, 2024

@martinschlegel
Yeah, no. Firefox is slightly more popular than Linux on the desktop, but not by a lot.

Eleanor Saitta Oct 4, 2024

@martinschlegel
Part of this is work, remember — every org that I've worked with over the past eight years that was mature enough to be managing browser extensions etc has been chrome-only.

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Oct 5, 2024

@dymaxion Before the last paragraph I thought you're mentioning about #USElection

neoghost_drowsy

MiloWinterBurn Oct 5, 2024

@dymaxion so not recommending anything, just expressing hope that either servo reaches the point where alternatives can be built on it, or ff gets forked for this. Or both