❌ Software Removal | Firefox #856
Comments
|
Forks are always behind mainline in terms of security. |
it was in my head. Anyway, in term of privacy, tor browser is recommended in top. |
|
From what I've read, Mozilla has removed the addon from their addons website saying it violates their terms due to promoting hate speech. That's fine, if they wan to do that they are within their right to do so since it is their platform. However, from what I've read is that Firefox blacklists the addon and will remove it when you restart the browser. I haven't confirmed that is the case, but if true that is stepping over the line. Mozilla has no right to remove/block an extension that an end-user has chosen to install on their system. Let's not split hairs in regards to left/right wing politics, but look at the implications and precedent that is being set that could be applied to any addon. I don't think @dm17 is wrong to see this as a something to be concerned about. |
Thank you; I agree... And just look at all of the stuff Waterfox strips out of Firefox! That there is so much tracking and crap in there now that Waterfox even has a major following is evidence that Firefox is not a "privacy tool"! |
|
@quantumpacket which "addon" you're talking about? |
|
I believe it's this addon https://dissenter.com/download once again, I have yet to test that the browser blacklists it, but there was a reddit post asking for help on preventing Firefox from unloading it on restart. |
|
So you blame Mozilla to blacklist a addon on a external site which doesn't provide the source code for that addon and track users on their website itself?!: Sound like invalid / trolling post |
|
@beerisgood I didn't mind your first post, but now this is borderline trolling. As I have said twice, the topic is not just Mozillas censorship. Primarily, based on the fact that privacytools.io is supposed to be about privacy and Firefox is not defaultly as private as other browsers with your data. So the politics of George Soros & the Mozilla foundation aside (and their supporting RiseUp) - we can speak objectively about the privacy of Waterfox vs Firefox. It is simply unfair to be promoting Brave & Firefox as the top privacy browsers. Brave defaultly whitelists Facebook and Twitter trackers. Most users will never figure out how to disable most of Firefox's privacy issues - and Waterfox goes much further than one can do manually anyway. |
|
It was originally hosted on the Mozilla addons site, which as OP has stated was removed. The source code is here https://github.com/gab-ai-inc/gab-dissenter-extension/ also what does their download page have to do with this post? Tracking is done on even Firefox's download page. |
|
@dm17 I never vote for Brave. Instead i vote for removing that Chrome/ Chromium shit |
Hmmm, this seems like a slippery slope. When a browser has advert-blocking on by default, I do not consider it to be restricting my freedoms nor invading my privacy somehow, when it blocks me from seeing those adverts. If I want some other behavior, I can adjust the settings, and if the browser does not let me adjust the settings the way I want, I can install some other browser. Same goes for browsers that have anti-phishing and IP-based anti-malware blacklists ... often these are implemented questionably from a privacy perspective (the people providing the blacklists use them as a means of spying on what websites I visit while they scan for whether I'm visiting a website I should not ... typically that was the real motive for providing the free-as-in-beer service in the first place I often suspect), and also the very idea of letting some third party blacklist websites is questionable from a freedom standpoint (often the listing process is politicized either overtly or covertly). Similarly, if an OS comes with a firewall on by default, that prevents me from visiting certain websites, or even blocks entire domains from loading (a la PiHole or the old-school HOSTS file with badsites explicitly prevented from loading), that is not a privacy invasion, that is usually a desired behavior. As long as I can turn it off, if I choose. Here is background, https://en.wikipedia.org/wiki/Gab_(social_network)#Dissenter mozilla-sysadmins versus gabDissenter-devs... unclear to me what the current state is?
You sound like you are saying there was more than one such incident. Are there other examples of where firefox sysadmins and programmers, have seemingly let their political biases or their systems of ethical beliefs, lead them to blacklist addons for non-technical reasons? I will note that mozilla corporation might be subject to the legal constraints against certain kinds of legislatively-defined-hate-speech in Germany and France and such places, is there any indication whether the removal of GabDissenter was due to it being made illegal by a court, rather than just firefox people deciding on their own? I will also note this, https://xkcd.com/1357/ ...and that the addons website is something mozilla pays to host. There is a reddit-thread about GabDissenter versus MozillaAddonsSysadmins, and like a lot of things nowadays, seems to be full of self-censorship and maybe forum-mod-censorship and possibly even reddit-sysadmin-censorship (I'm not familiar enough with reddit to say on way or the other). https://old.reddit.com/r/firefox/comments/bbugc5/firefox_bans_free_speech_commenting_plugin/?limit=500 Google has removed the pages from their cache, and Chrome has followed mozilla in blocking the extension in question. The reddit thread DOES assert that the GabDissenter addon can be installed still, just, no longer installed from addons.mozilla.org -- it has to be installed from the extension-owner's site with some kind of different code-signing procedure, or something? Quoting:
End quoth. I dunno whether what is said there is true, or maybe, was true at one point and now firefox is detecting and unloading the addon at runtime, or what. But the waters(heh) around the most recent firefox-versus-waterfox controversy seem pretty muddy. waterfox-vs-firefox is a different issue, and a thorny one
I don't have a firm opinion on the waterfox-versus-firefox question, except to say that every year there is always Yet Another Firefox Fork which promises to provide better privacy and on-by-default settings and whatnot. PrivacyToolsIO even used to list one, the JonDoBrowser project if memory serves. But it is actually shockingly tough to maintain a soft-fork of a complex thing like Firefox, and almost none of these projects tend to make it over the long term. The default behavior of Firefox w.r.t. privacy is "pretty good" (compared to chrome especially), and with a few key addons (also listed further down the page), that becomes "very good". Soft-forks that promise to do better, tend to end up doing worse: they fall behind on the upgrade-treadmill, and at some point are not pushing the security-patches needed (browsers are a huge risk when it comes to using them without the latest security-patching done promptly). As for the question of whether Waterfox should be WorthMentioning (which is distinct from the question of whether Firefox should be delisted-or-demoted), unlike most of the soft-fork efforts waterfox seems to have been around quite some time. Not sure how well they keep up with security-patches, but well enough not to wither away over the years, at least. They have a wikipedia page https://en.wikipedia.org/wiki/Waterfox and the project was started in 2011. It has mostly nerdy-technical difference with stock firefox, but also some good moves for privacy: no Pocket, telemetry, data-collection, startup-profiling, the EME/DRM disabled by default, and the default search-engine is Ecosia rather than Google-or-similar (they started out as a tree-friendly search engine in 2009 but as of 2018 have apparently begun to rebrand as also being a privacy-oriented search engine). p.s. Brave is not the best of all available options, but in some situations it is necessary: not just Chrome, and the reference-implementation Chromium, but also every other major browser (in terms of market share I mean) browser except firefox-and-firefox-clones, is based on the same engine as chromium. That means Safari, Opera, and MicrosoftEdge are all running on the same basic rendering-engine and javascript-engine as Chrome... and in turn, means that webdevs fairly often JUST test their websites on Chrome. Firefox is down to the single-digits of market share nowadays, much like it was back in the days of MSIE6 dominance fifteen years ago. Point being, there are plenty of websites where TorBrowser just does not work right, and firefox is also at risk of such things happening, so a webkit-or-chromium-based browser that tries to respect privacy is needed pragmatically today, even if not ideal from a long-term perspective. p.p.s. There is no need for accusations of trolling, and counter-accusations of the person making the accusation getting accused of trolling. Please stick to the merits of the case, and whether privacy is at risk with a particular tool, and if so to what degree, compared to other tools that provide similar functionality. Personal bickering is non-helpful. |
I appreciate the long and thoughtful reply. The following addresses a few issues:
|
security and stability not good for FF
Mozilla develops at an unstable speed as they tend to push frills and extra features. It's actually wise to stay behind a bit because the feature richness they always chase actually causes security bugs. Users on the chronic upgrade path are always exposed to the highest number of unknown bugs, which are more risky than known bugs that can be controlled for if needed. I sometimes have to pin a past version of Firefox because of a reckless release, and in a couple cases it took a couple years for Mozilla to put out a version that overcame nasty behavior like spontaneous crashes. OTOH, Firefox + gHacks (Librefox) empowers users to decide whether they want to be on the bleeding edge or not. That control is an advantage for advanced users. Novice users will just take any upgrade, which means they'll take upgrades that just deliver new functionality (read: more bugs). Mozilla ❤️'s CloudFlareRecent versions dance for CloudFlare (a privacy abuser). It's said to be disabled out of the box but it's still not a privacy-respecting direction. Does Mozilla alter users' configs?
👀 yikes; that's really fucked up if it's true. Fair enough if they want to control what's in their repository (since 3rd party repos are an option).. but to take end-user control away from users (who should be in control over their own installations) is an unacceptable appropriation of liberty. Firefox doesn't teach visitors anything newEveryone knows about Firefox so users don't get much value out of seeing it on PTIO. Exceptionally, if PTIO actually studied Firefox in depth and had strong reasons to dismiss other forks, then it would make sense but this doesn't seem to be the case. It's likely one of the blind crowd-following endorsements. Tor Browser is a Firefox fork in the top slot. Showing users Firefox only distracts them from what they should be considering. (FF-guts) Waterfox vs. Librefox (Firefox + gHacks)I've not dug into that but perhaps someone should. The problem with letting Tor Browser stand as the only Firefox implementation is that it can't handle profiles. So if a user wants a secure way to do profiles using a Firefox-based client then one of these might be the answer. (edit) Starting to dig in a little... Waterfox has had lags of ~9-14 days on security updates. Librefox wouldn't have that problem. PTIO's focus is mass surveillance and FF-raw defaults to sending telemetry data. PTIO should put its own mission above all. It seems Waterfox is more suitable than FF-raw for endorsement, but the listing should warn users about the security update lag and let them decide. These are the relevant features to PTIO:
For me ATM, FF-raw is a loser. Endorsement should go to Waterfox or Librefox. Someone needs to dig into the pros and cons of Waterfox and Librefox strictly in terms of mass surveillance and present their findings. (Chromium-guts) Brave vs. Ungoogled Chromium
Indeed it's a problem. Ad blocker projects usually profit by kickbacks from advertisers in exchange for favorable treatment. Ads are already unfair, creating an arms race whereby vendors are forced to push ads to offset damage done by their competitors' ads. Then ad blocker projects like Brave manipulate ad exposure to game it to be even less fair. I looked into Chromium-based browsers a year or so ago and short-listed these for a closer look: https://github.com/eloston/ungoogled-chromium (sources from Iridium and Inox) In the end I favored Ungoogled Chromium. I didn't keep good notes so I don't recall why it came out ahead, but it's certainly harder to trust Brave with all its controversy and advertising shenanigans. "Web Browser" category is in the wrong placeIt shouldn't be at the top level. It's software, and should be under the software category. |
|
Thanks @libBletchley, very concise reply. Would be nice if the folks that thumbed down my post (Mikaela, lumbo7332, abbluiz, ookangzheng) would state their reasons why. I don't see how to @ them though. |
Then i ask you why the builds are all stable? Even the beta build. (never test alpha build) All Chrome/ Chromium Forks still send data to Google and none of them remove or disable all google telemetry.
I guess the mean the encrypted DNS stuff? |
|
@dm17 I started a ditch Github thread and downvotes came but not a single good reason was given to put GH over the alternatives from a mass surveillance standpoint. Decision makers would be foolish to give much consideration to votes. I have yet to see a good case for FF-raw in this thread. |
This begs the question. I've seen Firefox deploy unstable crash-prone releases, and they've even escaped the quality control of Debian. I had to pin an old version to get something that simply functions for a while. Stability is a clear weakness for Firefox.
If that's true users should be warned of that on PTIO (in the Brave endorsement). And if you've found a bug in Ungoogled Chromium, have you reported it? Or is there an existing bug report? I would be interested in seeing what you're talking about specifically with U/C. Chromium has pros and cons but it's not easily dispensable because most webmasters target it (I think @five-c-d mentioned this as well -- Firefox only has like 5% of the market). PTIO should endorse the lesser of Chromium-based evils, as well as a lesser of Firefox-based evils, and take care to make it clear which is the lesser of those evils. uMatrix does not exist on Firefox IIRC, and the alternatives are dicey. I use TB, UC, and FF-raw; giving up any of the 3 would be problematic^1 (although I should replace ff-raw with either librefox or waterfox). I've only hesitated because FF-raw is official Debian, and giving that up steps outside of Debian's generally decent QA. That's the one advantage to FF-raw, but it's unique to users of Debian-based OSs. (1) Using privacy-focused add-ons breaks websites in various ways that's not always trivial to fix and tends to sidetrack workflow. So when FF + <shitload of PTIO-relevant extensions> breaks a site, often Ungoogled Chromium + uMatrix (and others) will produce a funcational privacy-centric result. |
Just check it by yourself?!
Firefox is still the best browser for privacy and security. Not matter if 5% on some suspicious statistics.
What? Kidding? https://addons.mozilla.org/en-US/firefox/addon/umatrix/
Chrome/ Chromium and Privacy are two different worlds. You can't get privacy with such a browser. No matter which addons or configs you use. See above |
Pushing a privacy newb to a Chromium-based browser is very uncool. A lot of people take PTIO at face value and place 100% trust in their offerings. Firefox, as much as I detest what Mozilla has become, is the lesser of all evils when it comes to privacy. Firefox + the about:config / profile hacks are perfect for people just getting their feet wet. The people that run this site seem to have a dislike for the Firefox forks, I doubt you will ever see them posted. Those that take issue with Mozilla's behavior will find them on their own, as I and many others have. This site would lose a lot of credibility if they started suggesting Google browsers. |
Nothing in the project description on this page: https://github.com/eloston/ungoogled-chromium supports your claim. This is why it's important to cite your sources, when asked. I could dig through bug reports and try to guess what it is that you're talking about, but in the end it's only a guess and your claim is vague. Exactly what information is Ungoogled Chromium sending to Google?
If you're talking about FF-raw, you've contradicted your statement about gHacks. Please be clear about which "Firefox" you are referring to.
Most users don't tamper with the user-agent string, so I see no reason to consider the stats suspicious. |
In effect, you are saying remove Brave and replace it with nothing Chromium based. Yet, you've not made a case for Ungoogled Chromium leaking data.
At first you seemed to be talking about FF-raw. But it's implied you're actually talking about Librefox, correct? Please be clear.
We are not here to please those running the site or to tell them what they want to hear. We are exposing privacy abuses and countermeasures. Those making the decisions can do what they want with the information. I'm not here to filter or bend the findings to their taste or to fit into their pre-existing world views.
Credibility is already on the low side, and Ungoogled Chromium is not a "Google browser". If the unfiltered information about privacy abuses and countermeasures is disregarded, that's what harms credibility. |
|
@libBletchley Agreed; I have no idea what you're talking about @angela-d. No one is "pushing" anything; this issue is about removing Firefox, which is not acceptable as a "privacy recommendation" compared with the alternatives. Please state why it is "uncool" to recommend a chromium-based browser (which is sort of off-topic in this thread). How is ungoogled-chromium a "Google browser?" It is even in the name that it is not... Perhaps you have access to evidence that we do not? |
You have stated this opinion before, and I am happy to look at any evidence for it... But so far no one in this thread has supported that claim with evidence. Furthermore, I would like to truncate this conversation to one topic at once (not both privacy & security, but just privacy - for now). Furthermore, if Waterfox is Firefox minus some privacy-leaking behaviors, then how is it not self-evidently better? @beerisgood, @angela-d also mentioned that you cannot get privacy with ungoogled-chromium... Can you please cite some evidence for this? Theoretically, if you have a browser leaking information about you (chromium in this example), then you strip out the code that is responsible for that information leaking - why is that invalid or impossible? |
|
@libBletchley I stand corrected, the leaks I had read about were, of course, vanilla Chromium based.
The forks in general, here. They aren't listed and don't seem like they ever will be. There's been a lot of posts suggesting the same forks in different threads, yet they chose Brave over all of them.
Only a select few can push changes to the site, no? So yes, you have to "please" them or your commits don't get pushed. |
Waterfox is a fork, but Librefox is not. Librefox is standard FF with a series of gHacks. I'm not sure if the PTIO config changes you linked to are wholly the same as what composes Librefox, but I see that One of the problems is that "Mozilla Firefox" is endorsed, and then further down the page users are given a series of tasks to harden it. That style of mass surveillance avoidance will fail the lazy masses. If the endorsement were for "Librefox" instead of "Mozilla Firefox", and included a statement on the spot about steps required make it "Librefox", that would be more compelling than endorsing FF-raw and then listing optional tasks further down.
Those with the power have to go along in the end for something to change, but it would be backwards to let guesswork about what will be liked influence the findings - like when a UK prime minister orders scientists to discover that marijuana is harmful, it's a disservice to all for the scientists to undermine scientific principles to get the demanded result. If we find that Waterfox is better at avoiding mass surveillance then that's what should be presented regardless of whether it compels action. |
Well that is worrisome! Perhaps they're taking money or have interests over privacy? Perhaps you have more information about this? It is well known that well-funded companies fund seemingly unrelated sites (like privacytools.io potentially) to market their products. Perhaps I'll make another thread recommending to remove Brave. It is obviously more interested in pleasing advertisers than protecting customers. |
Yes, and perhaps they are secretly alien invaders with big tentacles instead of eyeballs! Maybe they just built privacyToolsIO and invested hundreds of hours of time for free trying to thwart mass surveillance, because they have something to hide: their alien mothership on the dark side of the moon, whilst sending pod-people to infiltrate humanity! Oh nohz! Hint: Please. Do. Not. Start. This. Kind. Of. Stuff.
Sure, nothing wrong with having that discussion. But please be aware that privacyToolsIO is not about purity of essence, and it is aimed at a broader userbase than people who are willing to hand-compile their own ELinks for OpenBSD so as to avoid the slim possibility of JPEG-file-format zero-day remote arbitrary code execution exploits. Nine out of ten website-visitors are running a flavour of Chromium, and privacyToolsIO has to recommend a flavour-or-two of chromium that
Rather than looking at things from the purist perspective (if it ain't perfect then remove it), try to look at things from the pragmatic perspective (what tools satisfy A+B+C the best and which of them is currently best-in-class for everyday endusers and which of them is WorthMentioning for hardcore endusers willing to go the extra mile).
No, you are wrong: the word 'fail' implies a failure. That pathway is exactly what the masses need, to incrementally upgrade their privacy-consciousness and their toolkits. the issue here is monkey
9 out of 10 people run Chrome or a knockoff thereof (msEdge/appleSafari/opera/etc) which are purposely built to monitor the habits of the enduser, direct the enduser to specific search engines, and so on -- browsers with built-in-adverts are not the norm, but browsers are very much indirectly facilitating the advert industry and the user-profiling biz. If you want them to get out of that, you have to give them something they can put to use immediately which does not have a learning-curve like the Matterhorn. Partly that is usability, but partly it is existing rep. Most people have heard of firefox -- and likely used it in the past in some form, if they have been alive long enough. It is a well-known brand with a decent reputation amongst the public. Specifically, unlike Tor which is either an unknown or a negative-reputation to a very large slice of humanity. Firefox is not perfect, by any stretch, but let not the perfect be the enemy of the good-enough-for-now. And especially not when what the masses will use INSTEAD is typically going to be Chrome-on-Windows and Chrome-on-GooglizedAndroid! "Firefox on all platforms" is the recommendation of privacyToolsIO because it is a large incremental improvement over that base-level-state. The section on installing hardening-tweaks via about:config and/or ghacks, as well as the section immediately above on hardcore addons like NoScript, is a good thing because it once again incrementally improves privacy-levels for individual endusers. Using firefox instead of chrome-and-knockoffs is a fairly easy-to-stomach upgrade for most endusers. They can keep using the internet the way they are used to. They can get assistance from a vast number of forums and helpdocs and walkthrus and such. Firefox concentrates hard on being compatible with 99.99% of the websites out there which matter to endusers. Once they HAVE made the leap to a browser used by the 10% of somewhat-privacy-conscious folks, it is possible they will go further, and join the 1% -- hardcore-privacy-conscious folks which run TorBrowser-the-firefox-ESR-fork, or misnomer-Librefox-the-firefox-alt-config, or somewhat more simply stock-firefox-with-NoScript-and-uMatrix-and-all-the-trimmings. But one step at a time, is the key to this happening someday, not "anybody who does not handcompile ELinks is a lazy sheeple"
This is not a true statement, without the qualifiers, but it is essentially correct. Firefox is the best browser for privacy and security, that the masses are likely to actually install, if they are only somewhat-privacy-conscious and not interested in hassle of a niche-browser. If you want to fight mass surveillance, you need to help the masses, incrementally. So that makes firefox the proper browser for privacyToolsIO to recommend, either top1 or top2, depending on what the intended audience/readership is. Right now the list is TorBrowser + Firefox + Brave, followed by tweaks to harden firefox (some straightforward and some complex/arcane/hassle). Which is not perfect but is solid. One could argue for Firefox + TorBrowser + Brave, or maybe even Firefox + Brave + TorBrowser, and still have the 9-out-of-10-use-chrome-based-masses firmly in mind. But several people in this thread seem to mistakenly believe that not only must firefox be completely removed as no better than GoogleChrome, but also that brave should be junked as no better than GoogleChrome. This would give a fundamentally altered top3, possibly Waterfox + ungoogledChromium + TorBrowser if @dm17 got their way, or ELinks + ungoogledChromium + TorBrowser if @libBletchley had their druthers... if I'm slightly wrong on the exact picks or exact ordering, apologies, but I'm not FAR wrong. Nothing really incorrect with those ... iff the audience is hardcore privacy cipher-punk humans, the small slice of humanity that ALREADY cares a lot, and is ALREADY willing to go the extra mile. But that is no longer fighting mass surveillance, that is just, insiders swapping insider-tips with each other. Completely different target-audience, completely different idea of who the readership is, and is very much no longer trying to help the masses: indeed, the whole point of insider-tip-lists like that is to feel superior to the masses ('they are just lazy' kind of contrast to insiders). Yes, most people are lazy, if you define that as "unwilling to spend dozens of hours re-installing all their tools every few months for getting the best-of-the-best-of-the-best" in privacy-respecting purity. If only everybody really deeply cared about privacy, that might even work! But we live in a reality where most people cannot even spell metadata, let alone tell you what it means. They won't install random binaries from the internet they have never heard of, either, because it has been drilled into them that this is ludicrously poor infosec/opsec. (Which is true.) And no, they won't invest dozens of hours researching tools, followed by dozens of hours carefully installing and configuring all of the results of that r&d effort. They are reading privacyToolsIO for some helpful "double your privacy-level with this one cool tip" type of thing. That is the audience: everyday people, not hardcore wizards. |
Interesting that you feel comfortable mocking me like this. You must be some kind of authority here. I'm going to stick to the argumentation below:
I did not claim privacyToolsIO is about purity of essence. This also seems like mocking my efforts here to get the easiest to use privacy option to the masses. Can you point to any of my suggestions that would decrease ease of use for the masses? For instance, people on all platforms can easily click a download-and-install binary on the Waterfox website. OpenBSD is not a from-source distro, and someone running OpenBSD would merely install Elinks from the ports system. So again, this just sounds like you're mocking me.
Decently? Why down play it? If there are easy-to-install and more privacy-respecting alternatives, then why not a "greatly privacy-respecting" recommendation?
Can you be more specific here about which browser recommendations would result in "endpoint-pwn'age"?
Can we address why Waterfox, for example, does not fulfill this?
I'm not saying there should be a "top 3" - or "if it ain't perfect then remove it." I'm saying, why not pick the top 3 that are easy to install for the masses in terms of privacy. What is the evidence for lack of pragmatism in this suggestion? Again, why is Waterfox so "hardcore?" I don't think basic privacy respect is hardcore.
You want the masses to incrementally upgrade their privacy? Seems reasonable, but if there is an easier path, then why not recommend it?
Are you implying here that non-mainstream browsers like Waterfox are "random binaries"? I agree that people should have to spend lots of time researching tools; I take that as one of the primary purposes of sites like privacyTools - and is the reason why I want to contribute back to it after my research into why Firefox is not a browser that is good for privacy.
No one here suggested Matterhorn. Why stress "immediately?" The suggestion in this thread was Waterfox as a privacy-respecting Firefox - can't it be used just as immediately?
I don't get how this adds to your argumentation that it should be suggested to them.
If a browser is starting to invade privacy more and more, then why should privacyTools continue to reenforce this reputation?
I don't get this. Tor is in the #1 recommendation slot on privacyTools. If public reputation plays a factor, then why is Torbrowser a top recommendation? If public reputation is not a factor, then your previous claim does not make sense.
Again, I'm not implying the audience is wizards. This is a straw man argument. If you think this is not a straw man argument, then you need to state who is arguing that the audience of privacyTools should be more adept or is wizards. Again, I'm arguing that the audience should not have to be so adept to figure out - against the recommendation of privacyTools - that Firefox is not a very privacy conscious choice. |
I'm not mocking you, I'm pointing out you are "rhetorically" accusing the six people that run this project of being paid plants of the mass surveillance giants.
Do not do that. There is an edit-button on your post where you did that. Edit out your slur, and I will happily remove my analogy pointing out how ludicrous your accusation is ("on nohz maybe the people running the site are invaders from planet zorg"). Both of those hypotheticals are completely groundless conspiracy theories. If you really have evidence, then post it immediately, right now. If you have no evidence, then you are behaving so badly in "merely" positing the hypothetical, that you either recognize what you are doing is wrong, and fix the situation by striking the wrong thing you did... or you fail to do so. Pick one or the other. But no, the person in the wrong here is you, not me.
Ones that have relatively lower security: lagging patch-level, lack of personnel concentrating on security-problems, lack of eyeballs reviewing the codebase, potential MitM opportunities in the distribution-chain, etc. Librefox is better in this respect than Waterfox, which is better than PaleMoon, which is better than MSIE6 on winXP (hundreds of thousands of these still hitting wikipedia), which is better than MSIE6 running on Win98 still (thousands of these!). TorBrowser is probably slightly ahead of Librefox because it has more people involved that are competent when it comes to security... the old with-enough-eyeballs-all-bugs-are-shallow kind of thing. Firefox has some problems, but the average grandpa can install it from a well-known place and let the auto-updates take care of security, for the most part. This is not the-best-of-the-best-of-the-best security, mind you: it is just, good enough for what grandpa can stomach, so that he is not backsliding to Chrome at some point. Brave browser I'll save for your new thread about the evils of Brave ;-) [edit: see below for Brave-vs-PaleMoonAndBasilisk]
Waterfox has one single dev, correct? It is not in privacyToolsIO 'worth mentioning' section at this point, let alone in the top3. Your proposal is to eliminate firefox entirely, rather than demoting it to the worthMentioning section, and promote waterfox immediately into the top3.
What plays a factor, to my knowledge, is A) whether the project is widely vetted and widely respected, and B) the balance of the amount of privacy provided with the amount of ease-of-use plus ease-of-installation plus likelihood the project remains viable, aka sustainability. pretty clear who has a well-vetted reputation
TorBrowser is pretty widely vetted and (amongst privacy-nerds) pretty widely respected, and gives a large amount of privacy without a SEVERE amount of hassle. It is definitely a two-wizards tool however: you cannot expect to just install it and go about browsing as usual, there will be hiccups along the way. See also, using firefox+noscript, which is recommended but with a caveat. Firefox with addons is very widely vetted and (amongst privacy-nerds) reasonably respected ... despite screwups repeatedly over the years, Mozilla is still a reasonable option, compared to the major-browser-alternatives. It is a one-wizard tool: install it and install some addons from the well-known place and go. Incrementally return to tweak further: even better. Waterfox is not widely-vetted, it has an extremely small userbase and an even smaller number of developers. It is, unlike TorBrowser which is ESR-based and unlike Librefox which is current-rolling-release-based, in that twilight zone of old-version-with-manual-backports ... thus, even if it hypothetically had tenfold as many devs as TorBrowser, the waterfox project is structurally harder to vet. You can get a sense of how many eyeballs are looking into a given project, by using wikipedia pageviews as a proxy-measure:
If you don't like wikipedia pageviews, you can use alexa pageranks, or subreddit subscriber-counts, or google queryzeitgeist, or various other things. They all give the same answers, about which projects are dominant (Chrome), which projects are significant (Firefox and Safari), which projects are niche but well-vetted (TorBrowser), which projects are very niche but somewhat-well-vetted (BraveBrowser and Chromium), and which projects are ultra-niche and less-well-vetted (Waterfox and PaleMoon and clinging-for-dear-life-to-relevance ELinks). The same nums also tell us, as well, which projects are so esoteric they do not even have a wikipedia article yet, and cannot be well-vetted by the normal english definition of the word well and the word vetted: Librefox and UngoogledChromium. pretty clear who is arguing for the wizards
If the target audience of the site is the masses, recommending things that are to the far end of the esoterica spectrum will backfire: they will trust in the reputation that privacyToolsIO has been cultivating, and install some random binary from some random site on the internet. Which will end poorly. Not just for the people that got burned: for privacyToolsIO, whom they will blame for the improper recommendation. If the target audience of the site is insiders that are willing to invest dozens of hours, then recommending only the best-of-the-best-of-the-best esoteric tools with a large amount of hassles, a higher possibility of vetting-trouble, and so on... well, that is fine. But it changes the character of the website, and makes it useless to grandpa, in the process. No offense to grandfathers -- plenty of them are extremely tech savvy, have endless hours to research tools and tweak configurations (benefit of being retired), and care deeply about old-fashioned ideals about privacy. But the average grandfather is just like the average person: not that wizardly, does not have the stomach for extreme hassles, only cares somewhat.
Definitely @libBletchley :-) This is the same argument they have against signalapp, which they want to replace with Jami-fka-RingCx-fka-SFLphone, on the basis of "vetting does not matter and privacyToolsIO must only recommend the best-of-the-best-of-the-best tools without regard to hassles and hiccups". 99% of their arguments are political in nature, not technical. To a lesser extent yourself @dm17 since you are wanting to drop all the somewhat-mainstream options and start listing the ultra-niche ones in the top3. If you were arguing that Waterfox should be in worthMentioning, that is one thing, but you are specifically arguing that two of the current top3 should be deleted en toto, and you are arguing mostly on political grounds (the GabDissenter thing and how it was handled) rather than on privacy-of-the-enduser grounds.
If you want Firefox demoted from the top3 and put into worthMentioning, then you have to make the argument, and show what should replace it -- aka is relatively better in all key aspects (where "key aspects" is determined by the target audience's implied needs rather than on some absolute uber-privacy-nerd scale). Firefox, even without addons, is better than Chrome, which is what the majority of people run. Firefox, with a handful of addons -- helpfully right on the same page firefox is recommended -- is a VERY good step up. Some people will keep taking that route, and apply all the tweaks, eventually and incrementally. Some people will switch gears, and use TorBrowser-aka-Firefox-ESR instead. (Ask yourself: since TorBrowser is based on a delayed-by-a-few-months respin of Firefox, doesn't that make every single politically-based argument you are putting forth against Mozilla Foundation, apply to TorBrowser-a-few-months-from-now? If not, why not?) Is firefox a maximally-privacy-conscious choice? Nope. Does that mean demotion? Maybe, show me the alternative which Dave-in-Denmark can use as easily and with as few hassles, yet gives about-equal security-levels and significantly better privacy-levels. Does that mean not just demotion to worthMentioning, but outright deletion? Unlikely, unless there are enough other tools to REALLY fill the gap. And there are not. Browsers are tough. |
|
@blacklight447-ptio ...sure I'm also a fan of FirefoxESR. But should it replace FirefoxStable, in the recommendations, as the top2 choice? Given that we already have TorBrowser listed as the top1 choice, and it is basically a purposely-very-light soft-fork of FirefoxESR? If we do change the recommendations from TorBrowser + FirefoxStable + Brave, to instead be TorBrowser + FirefoxESR + Brave, what should be done about the firefox4android and firefox4ios portion, should those point to firefoxKlar, or firefoxFocus, or fennecFdroid, or just keep them pointing at firefoxStable? See comments in pull #881 Is that even the correct ordering? What should be in the top3, if not those? What about the larger question, which is whether WorthMentioning should include Waterfox / UngoogledChromium / etc? Or should ONLY the three that are listed now, remain listed? @Thorin-Oakenpants is recommending that LibreFox not be WorthMentioning because of flaws in the way it uses the ghacks base-layer (LibreFox also pulls in a lot of pyllyukko stuff as well as adds things on top of what both those already-listed-as-related projects are doing). @libBletchley was only trying to summarize, not trying to associate, I'm sure. No offense intended to any of the three projects, in other words. But that does bring up the question, of whether ghacks and pyllyukko ought to be mentioned in the WorthMentioning area, rather than below the about:config tweaks near the bottom of the page. I think that custom user.js files are something only a very advanced enduser would want to do, right? Somebody that has already installed hardcore addons, and already researched about:config tweaks, might want to consolidate their decisions into a user.js projects like pyllyukko or ghacks... but these are not things that the typical everyday person who just switched away from Chrome, would want to start with immediately, correct? |
|
As discussed one the privacytoolsio matrix room, what we could potentionally consider is making a script that will configure firefox with privacytools.io recommend baseline(so for example the about:config prefs). Anyhow, as I understand it, there is currently no real issue that would make firefox a privacy unfriendly choice, and pushing users to alternative browsers will probbaly also have unforseen consequences. My vote would be to currently keep the browser as they are now, with tor as top recommendation, firefox as second, and brave as chromium based alternative. |
Did you have a read over this thread? To be specific, why is this feature list not demonstrative of "privacy unfriendliness" (considering they are changes from FF mainline): |
I read that as: "should PTIO censor more privacy-focused browsers from the masses who are unlikely to find them without PTIO?" |
|
@dm17 I scanned over it, but im just putting it out there as an option nonetheless. |
If you ask Google and Microsoft, then Firefox is an alternative browser... Could have unforeseen consequences...
Can you please respond to my reply to this @blacklight447-ptio?^ |
|
@dm17 Im kind of unsure what you want me to reply against sorry 😅 |
|
@blacklight447-ptio they opened this thread, wanting to replace Firefox (delisting entirely) and instead use Waterfox, which is a fork of somewhere-between-ESR-and-stable firefox, plus some portions that are only in Waterfox. Do you have an opinion on whether Waterfox should not be listed, should be WorthMentioning, or should be in the top3, is basically the question. p.s. As to whether Firefox is an alternative browser, I think the answer is definitely yes -- it is now vastly outnumbered in marketshare by the chromium-based browsers. |
How can this list of changes exist: While at the same time, "there is currently no real issue that would make firefox a privacy unfriendly choice," as you say? |
|
Well i see waterfox's "features" a bit of a mixed bag, for example they turn of eme, thats nice for people opposing drm, but will cause people to not be able to use netflix anymore, which in turn can scare them back to chrome. Also they support npapi plugins, which can be seen as a security hazard, they also remove pocket, which while seen as unnecesary bloat by some(me included) it is also seen by other users as a usefull feature, so wheter its bad or not to remove it depends on the perspective of the indiviual. All and all, when i see the real impact of what waterfox does, and look the tradeoff of slower updates, I don't think it is currently a good idea to promote waterfox over firefox. Especially since most things that waterfox does which are universally seen as good(like turning of telemetry) can be done in firefox with a minimal amount of effort. p.s. I would consider it a candidate for a worth mentioning, as it can be a bit lighter on resources, and indeed is drm free, which some users would like. |
|
HN constrains comments to fairly mainstream views, and yet still contains a lot of relevant criticism: A whole thread full of problems, most of which the alternative browsers aren't experiencing. |
Yes, it is at least worth mentioning... |
I don't want to judge anything, just my thought.. Life is short, relax and enjoy ~~ 😉 |
|
This can be closed as WONTFIX, issue resolved. |
Why? Especially after this week's problems at Mozilla - which had again debunked many of the claims in this thread. I don't think this should be closed short of some action items that have been discussed above. |
|
The reason being is because it was an accident, it has been explained and there is nothing to be gained from advertising insert shitty firefox fork. Code signing is there in the long run to protect users from malicious addons. |
Pretty pathetic skipping all of the above argumentation; care to actually make an argument? The above statements demonstrate how non-shitty some of these Firefox forks are... Especially when privacy is a goal. |
|
One thing I have observed is there has been a concerted effort by new accounts to have Firefox removed from privacytools.io, particularly by new accounts/new users. I am curious to know is why libBletchley has deleted their account. Those alternatives are not mature enough, widely available (multiple platforms) etc. The fact that none of those alternatives appear in distribution repositories should tell you something. The fact that that the Tor Project endorses and collaborates with Mozilla (and not some fork) should also tell you something. None of the "issues" mentioned in this thread aren't mitigated by a user.js file like ghacks-user.js, it is mentioned at the bottom of the about:config section. Many of the points are politicized and conflated. I don't want to enter a pointless argument about this. |
I'm not a new user; I joined GitHub in 2012. I will not delete my account either. If you want to get conspiratorial, then it would be against the side of Mozilla/Firefox (the huge company engaging in censorship and does not nearly have the privacy features as the browsers talked about in this thread). Waterfox, in this example, is available on OSX, Windows, Windows portable, and Linux. How is that "widely available (multiple platforms)"? They do appear in distribution repositories. They are all in Arch Linux's AUR, for example. Besides, how is this an argument? Would we argue against Firefox because it isn't available to be installed via Microsoft's repository on Windows? No... No one would argue that. Tor is heavily modified Firefox, so that should tell you something. I don't see how you argument works: that tor is private and tor is based on Firefox means Firefox is peak privacy? No, bunk argument. You can call the argument pointless, but myself and others in this thread do not view it as pointless. Just look at the privacy features in the changelog of Waterfox and Pale Moon... They are more extensive than the typical modifications in user.js and ghacks-user.js. And as said many times, how many users will end up doing these modifications... Not many! |
Yes and it is for a completely different threat model. Most obviously Tor Browser includes includes Tor. It also aims to keep one anonymous so the purpose is quite different to Firefox.
I'm not going to re-iterate what other people have said against Waterfox/other forks. I did read over the thread and I'm not convinced anything should change. If you want to use a shitty fork go use it then but it does not belong on privacytools.io PS: AUR is not an official repository and is use at your own risk. Literally anyone can make a PKGBUILD and submit it. I have done so myself, so that is not a measurement of anything. |
Yes, so that supports my argument and does not support yours. Are you an authority at PTIO? You certainly speak with that kind of tone. I'm not familiar enough to know who runs it - and my thread was started from the idea that users visiting PTIO should not have to be so well researched and knowledgeable to know what to pick and how to use it. |
Tor Project actually has a fairly renowned reputation, the other Firefox forks do not by comparison.
I have contributed in the past. I am stating my opinion on the matter. The fact is you're not the first person to come and spruik some fork of Firefox. Many of those forks have since become unmaintained. The arguments have occurred on and off over the last 5 years, with the result staying the same and the same conclusions being reached. |
|
funny that after all this time. @dm17 comes back to the same old arguments. If you ask me, I would vote to just close this issue. There was no real evidence provided, and the claim that firefox is privacy unfriendly has not been confirmed. Let alone make the small telemetry "issues" be worth the slow Down in critical security updates provided by shitty firefox forks. |
|
I have to agree, removing Firefox as a recommendation makes no sense at this time. Adding Waterfox as a worth mentioning browser... maybe? But that's a separate issue I think, or should be. |
Description
Pretty unfair that you're recommending Firefox and not Waterfox. Especially since FF has recently banned free speech extensions from its repo. Twitter censors everyone, so we have Gab. Gab made an extension, and Mozilla censors it? This is going too far... Part of "privacy" is what you're allowed to see & use (in the privacy of your own computer)!
The text was updated successfully, but these errors were encountered: