The main question is what behavior is being introduced. I haven't researched deeply, but apparently the add-on does nothing until the user opts-in on studies.
Sorry, but I'm uninstalling firefox. They have broken the basic trust I have in them as a user to not push arbitrary code to my machine against my interests.
Do you have any evidence of this?
Assuming their normal processes for SHIELD studies were followed, a _lot_ of different people have to review the plugin before it gets approved: https://wiki.mozilla.org/Firefox/Shield/Shield_Studies#Who_A...
Edit: Also, the contributors list on the plugin's GitHub repo lists exclusively Mozilla employees: https://github.com/gregglind/addon-wr/graphs/contributors
Well maybe Safari, not because Apple wouldn't, but because they just don't care enough about ad revenue.
Chrome: They leech everything they can get away with, granted it goes only to Google, but you know it's just to feed their never-ending ad-revenue goal.
MS: They bypassed IE only ads, and went on to build ads into the entire OS.
Personally I build Firefox from source and maintain a set of patches largely based on these: https://aur.archlinux.org/packages/firefox-esr-privacy/
No, it doesn't show PDFs or videos, but does that belong in the browser anyway?
If you're looking for a browser with first-class vim compatibility qutebrowser is outstanding.
I've also found palemoon to be a perfectly boring/stable/functional variant of firefox without all the drastic/breaking changes (vim plugins work quite well also)
Me, I keep it underground (qutebrowser at the moment) but I'm constantly in search of something better
When it got popular, smart people started bending it to make being a dick possible, which is how we got the Web of today. I don't doubt the same would have happened to Gopher, if it had been the one to get popular.
I happen to like text-only browsers for viewing HTML (e.g HTML tables), tcpclients like netcat for making TCP connections, and my own software for generating HTTP requests. Almost all websites work[FN1], with zero "loading time" as one may experience when using "modern" browsers to do these tasks. I can easily get the content I want (text, with option to download images, PDF, video, etc.) and skip the stuff I dont want. No autoloading of resources. I choose what I want.
Surprisingly, the web is actually getting more, not less text-friendly. Today I can often get text encapsulated in JSON, Markdown, etc. instead of wrapped in HTML, making parsing even easier.
There is heaps of Javascript written by others available on the web today but as a user I have little interest in running it. I would rather write my own.
FN1. "work" means I get the body the page that contains the content.
Truthfully, this is why I use Safari. Apple makes money by selling me devices and services, Mozilla and Google are both driven by ad revenue. Even good actors within these companies are working within a framework where the customer is the product.
.. also Safari saves like 15% on battery.
[1]: http://weboob.org/
+1 for mentioning Otter though - those guys are doing amazing work
I worked at Mozilla for about four years (2011-2015), on MDN. It's built as a wiki, with wiki features open to everyone. The code is all open source and on GitHub. Its issues and tasks and roadmap are tracked in a public bug tracker. We operated in a public IRC channel. We didn't have to do that. We could have just built something targeted to only be used by the technical writing staff at Mozilla, and never bothered to open it up or make the code available or make it transparent about who wrote articles and when. In fact, it's much more work to do all the things we did (and not just in terms of implementing features, but also in terms of dealing with spammers and trolls and other malicious people who wouldn't have had access in a less open system), but we did it anyway because Mozilla is a radically open and transparent organization. But... in four years, not many people from outside Mozilla ever joined in and got involved with actually contributing (either code or articles or edits to articles or housekeeping or suggesting/arguing for ideas of how to improve MDN).
And I've been doing open source for much longer than that, and I see exactly the same pattern: a handful of folks do all that work, and go to the trouble of being open and transparent and providing ways for people to see what's going on and get involved... but people don't.
And then those same people willingly install the software and use it every single day, and complain that they were never consulted, or never got a chance to review, or never got to provide input. You had chances to look at the source code, to see what was being checked in, to read the referenced Bugzilla bugs on commits, to leave comments on them, to submit alternative ideas. You didn't. You did install Firefox, though (assuming your claim is correct that this was installed on your computer). By installing the software while not participating in the process, you absolutely gave your "review" of it, and your "review" was "just make a browser for me for free and don't bug me about how".
Now, if you want to be involved, go start watching Bugzilla and the Mozilla project wiki pages, and CC yourself on stuff and join mailing lists. Because it's Mozilla. You can do that. If you don't want to do that, or you don't think it's worth your time to do that, then don't do it. But don't then come charging onto HN to complain that nobody consulted you. People practically got on their hands and knees and begged you to join in the process of making Firefox and other open source software, and you decided not to.
I'm not sure I agree the web is getting more text-friendly.. it is getting more JSON friendly, mostly, but actually visiting web-pages where JS isn't required is becoming increasingly rare. I've yet to find a text/console browser that can actually run JS. (I know there have been some experiments, but none that actually work last I checked)..
As for all these browsers, all of them(unless I'm mistaken) are based off of one of the big 3(Chrome, FF, Safari) so you still have to trust the big 3 to run these, for the most part, as they are all single-developer or maybe a very small team, and would be very hard pressed to catch underhanded attempts from any of the big 3 to embed any nastiness.
However, when you decided that the source code I could review would be installed on my computer without my consent, then I do object. It's my computer. It runs things that I choose to run on it, not things your marketing/sales department thinks my computer should run.
Additionally I find your rant about "open source is for all of us to contribute and if you don't shut the fuck up" wholly ridiculous.
But you're not going to do that. Which is your right; it's just hard to complain about not being consulted/not getting to review/etc. when you're talking about a piece of open-source software with public repositories and trackers. Anyone on earth is allowed to see what's going on in there.
That said, I still use FF, but I do make sure I keep all the opt-in telemetry and stuff off, since it was one of these settings that "let them" get away with installing the add-on without consent.
Granted the add-on by default didn't do anything unless you enabled it, but still.....
If you now decide you don't want to run that software anymore, that's perfectly fine and is your choice to make. But arguing that you didn't have an opportunity to know what was going on or review code before it landed on your computer, when you installed Firefox by your own choice, when you decided not to take advantage of the radically transparent and open way it's built, is just not going to fly. You had a million and one opportunities to "review" the code you were going to download and run. You just chose to do other things instead. You seem to regret that, but you also seem not to have learned any lesson from it.
This has nothing to do with open source development at Mozilla or anywhere else, it has to do with what Mozilla the organization portrays itself as. If Facebook had pulled something like this, well, I don't think anybody would have been surprised. For Mozilla, I think it's inexcusable, and after the major marketing push on Quantum as 'Chrome without spying!' it's an amazing own goal. I really want Firefox to succeed, and marketing retards at Mozilla are going to sink the whole thing by garnering exactly the kind of publicity they don't need.
Do I need javascript to accomplish any of these tasks? No. I am not interested in graphical web pages. I am interested in retrieving information, images, documents, sound files, video files, etc. I never need javascript to get these files, nor to read, edit or view them.
Simple example: I do not need a webpage full of javascript to view a YouTube video. I only need a video player (compiled without networking code).
Years ago, links added a javascript engine. Later it was removed. There is no point. A script can still consume inordinate amounts of RAM, even when there is no GUI. And for what? What is that javascript doing?
In the distant past, I recall browsers used to hand off media files to other programs, based on Content-Type (see article on MIME posted earlier today). Today, these external programs have been subsumed by the "modern" browser.
Perhaps modern browsers can be useful as offline image viewers, document viewers and media players. As I am in text-mode, the graphical browser is on another computer, connected via crossover cable or LAN. After inspecting their contents in text-mode, I transfer the documents and media files to a fileserver.
The decision to forgo using the so-called modern browser comes down to how important web design is to the user. If the user is interested in how fonts look, how a page of text is arranged, icons, styles, etc. and wants each and every website to look different, then the "modern" browser may be unavoidable. Probably javascript is needed to share in the web designers "vision".
The text-only browser OTOH makes all websites look more or less the same, regular, and if in text mode there is only one font, easy to read, IMO less eye strain on black background. It is perhaps better suited for the user that wants fast information retrieval, reliable, efficient file retrieval and cares little about graphical web design.
https://bugzilla.mozilla.org/show_bug.cgi?id=1423003
As you'll see, this bug is marked as private (at least as of writing this comment). So, as a matter of fact, it does not appear that even the most diligent user had the option of reviewing what's going on. So far, it has not even been disclosed who among the Firefox peers signed off on this change; that information appears to be private as well.
First of all, Firefox is a huge and complex project notorious for its legacy code and architecture. It's not a project that I would find pleasant to work on without getting paid. The only reason I might start working on it for free was if I wanted a job at Mozilla.
Second, it seems to me (as an outsider) that the biggest problem with Mozilla is its management. Any work I contribute to the browser will just be a feather in their cap, and they will still be making bad decisions that I can't meaningfully push back on. The solution for me then would be to fork the whole browser (which has already been done multiple times). However now I'm no longer working with Mozilla, I'm basically fighting them. Without paid, experienced engineers familiar with the Firefox codebase (or a PR budget), there's no reason to believe those forks can "win."
Third, Firefox is just so large that I could spend my whole life and have a negligible impact.
Fourth, as an outsider I'd always be "the wingnut who doesn't work at Mozilla." Perhaps if there were several companies sponsoring Firefox development, there would be more of a social place to fit in.
In conclusion, the state of the web today has left me feeling powerless. If I do nothing it's not necessarily because I'm lazy, but because I see nothing to be done.
This is not hard. Don't automatically install stuff on your users' computers. You're defending something every other software company has found themselves in trouble for previously. I really don't understand why. The fact that Firefox is open source in no way excuses it.
But so does Mozilla. They're a big enterprise when it suits them, and a scrappy upstart otherwise.
The Mozilla brand is looking mighty shabby. Privacy is the one thing they've consistently pushed, and yet I can't recall any serious innovation or stance they've taken on recent years that actually puts their money where their mouth is.
Private browsing was invented by Chrome. Brave shields you from script bloat. Safari's adding machine learning to that end.
Which leaves Mozilla... pushing adware onto its users. Qué?
It's disingenuous to say that users should be able to intuit how it's all organized and how they can contribute, when something like this clearly only happens because of privileged first party involvement with real revenue attached.
Unless you're suggesting that anyone who wishes to spam a campaign to Firefox users can just get that done by opening up an issue and submitting a patch...?
False dichotomy. I chose to opt into USER STUDIES because I trusted Mozilla. I use Firefox specifically because I do not want to use a browser from a company that makes its money off of advertising, meaning Chrome. I trusted Mozilla to hold to their word regarding what opting in to user studies meant, and they instead gave me exactly what I didn't want: advertising.
If your solution to this is to completely throw away my trust in Mozilla, replacing it with having to spend an extraordinary amount of time reviewing every wiki change, mailing list post, commit, and bug, then you're being ridiculous and showing extraordinary contempt for users -- especially the many users who aren't programmers. Firefox is supposed to be a browser that respects users, but this case shows that it doesn't.
Finally, I have both donated to Mozilla and helped resolve a bug, so I absolutely have participated in the process.
Posts are being removed from bugzilla and threads being locked. The code itself comes from a random github repo, not affiliated with mozilla/firefox. (https://github.com/gregglind/addon-wr/)
https://bugzilla.mozilla.org/show_bug.cgi?id=1424977
people here were asking why normal process wasn't followed. No answer or links to resources.
another closed discussion here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1425187
and here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1425171
I appreciate your input as someone who knows the process, but this really wasn't followed this time.
edit: they've changed the repo now. so it's redirected to https://github.com/mozilla/addon-wr
So the only way this code would end up on my machine is one of two ways:
1. The Debian Firefox package is pulling code from Mozilla without the maintainer's review (which is definitely possible, given how complex Firefox is and how there's approximately one person packaging updates including timely security updates), which would of itself be seen as a serious problem
2. The Debian maintainer specifically picked up this code as part of the tarball from Mozilla, and shipped it without noticing (also definitely possible!) or decided it was worth including
For what it's worth, I do not have this plugin in about:addons, and Debian unstable hasn't picked up a Firefox update since December 1, so as far as I can tell the system is working properly.
I didn't install and run anything on your computer. I don't work for Mozilla.
And you installed a piece of open-source software whose source code you could have audited at any time, but you chose not to. You delegated the auditing to someone else, and now you're upset at what they chose to do with the power you gave them. You're free to complain that you don't like what they did, and not to trust them in the future, but you don't get to say that you had no chance to give input or to see what would run. You had plenty of opportunities for that and did not do it.
Firefox is not fully open source.
If yes, then why would it be necessary for me to audit anything?
If no, then PLEASE elaborate on why?
This isn't the first time a piece of software, open source or not, has released a new version that did something users didn't expect or were angry about. The sole difference is that, in the case of open source software, you have the chance to review what it will do by looking at its source code prior to running it. The fact that you didn't review it doesn't mean it was impossible to (that would be the case with a proprietary browser like Chrome).
By... paying attention to the source.