Q: How many people are using a web browser on a daily basis worldwide as their main window to the collective infosphere? A: Billions.
Q: What fraction of the corresponding GDP would it take to fund a serious browser-as-public-good initiative that would develop this technology to its full potential without the perverse constraints of adtech business models?
A: 0.0001%? Too small to compute?
The idea that critical communication infrastructure must be (directly or indirectly) supported by advertising interests is certainly not obvious.
Advertising businesses, like all businesses or individuals should be guests on that global platform, playing by the rules, not setting the rules. The status-quo is a unique and singular failure that has been normalized for reasons that historians will surely describe with gory detail in due course.
There are more ways to fund things than either adtech or dazed and confused individuals paying/donating directly for software. Especially when the stakes are extremely high.
Mozilla's attempt to provide a more palatable alternative while accepting the premise that the web is an ad-funded technology was, alas, always doomed. Its market share is trending to zero and it is just a matter of time before complete disaster...
> The idea that critical communication infrastructure must be (directly or indirectly) supported by advertising interests is certainly not obvious
I think the problem is more that the trend over the last 5-7 decades has been to privatise things. The EU (for instance) has rules forcing (e.g.,) privatisation of train companies and postal services. This has caused previously government-owned services to be privatised.
In this day and age, I'd be surprised to hear of any successful case where a non-public good was made public in a Western country. (I'll restrict my surprise to there because of insufficient familiarity with other countries to make such sweeping statements.) Whether it'd be web browsers, water treatment facilities, energy-related, healthcare-related, infrastructure-related, etc.: if it's currently privatised, it will emphatically not revert to public; if it's currently public, it might be forced to be privatised.
You might think about "privatised-but-with-strings-attached" variants, like in California with "carrier-of-last-resort", or in EU with public transport concessions requiring also services that operate at a loss to service small population centers / unpopular hours. Typically, these impose restrictions on the market parties on what they must deliver in order to be granted the concession. That seems like a way to guarantee the kind of service a government would deliver, but by market parties. And it is! But once you encode rules, you can start eroding them. Every new concession tender going out, you can try to dilute such conditions. A bit is enough - every step gained can be relied upon in future negotiations ("you're asking for more than last term"). And, of course, every small step can be argued by increasing costs - because cost will always increase anyway.
The TL;DRR (didn't read the rant): the public commons has a tendency to erode in favour of privatisation. There is pressure to do so, and no real counterpressure to reverse, only to not go too fast.
> I think the problem is more that the trend over the last 5-7 decades has been to privatise things.
The private/public border is volatile and heavily contested and by all accounts will forever be a topic of political debate.
But notice how unusual the context of web technologies: Its not that a private monopoly is controlling and selling some piece of web infrastructure (that might, instead, be opened to more competition, turned into a public good etc).
No, what is happening is that a very specific business sector (advertising) is controlling universal communications infrastructure.
A loose analogy would be if a single private oil company would manufacture and distribute all automobiles in circulation - for free, but securing that they can run on nobody else's energy.
The conjectured "public-good" browser is not crowding out any private interests as there is no market for selling browsers. There is a market for advertising but its not competing for surfaces, it owns all surfaces.
Guess what, in this terminally conflicted arrangement you would never see an electric vehicle.
The highjacking of central infrastructure to serve narrow private interests will inevitably reduce innovation and welfare and any techie that is worth their title knows thats already the case.
I think it's curious that there are two models driving OS and browser development at the moment:
1) Google's model. They try to control all the ways that people discover goods and services, and then sell ads to the providers of services. Whether people are looking for electronics, flights, restaurants, contractors or nannies, they are going to use Google Search or Google Maps or another Google service to find it, and service providers need to pay Google to be discovered. Google is using ads to get a cut of every business transaction.
2) Apple's model: They try to control all the ways that people pay for things. For digital goods, that's the App Store and In-App-Purchases, for traditional things it's Apple Pay and Apple Card and Apple Cash. Apple is using payment services to get a cut of every business transaction.
The problem isn't building a publicly-funded browser, it's building a publicly-funded browser that's good and that can keep up with the demands of the platform - which means taking risks, also when it comes to security and privacy.
A publicly-funded equivalent of MSIE 6, heroically made 100% secure and private, would be a disaster for the web. And that's a pretty likely outcome if it's designed by a government committee and prioritizes safety above all.
The "demands of the platform" drive expanding capabilities of the browser, which in turn drive increasing commands of the platform. A vicious spiral. Magically getting everyone to switch to a less powerful browser would necessarily beat back the demands of the platform. That would be a wonderful thing, not a disaster.
On the other hand, a publicly funded equivalent of Firefox 3.5 or maybe SeaMonkey with incremental improvements over time (e.g. adding things like form validation and pie charts and bar charts and line charts to html, and not adding USB or GPU or ad tracking or attestation support) would be amazing for the web.
Mozilla is up in a bunch of shit at this point. They have a half a BILLION dollar nut to raise annually, and money from Google covers the whole thing. It's ridiculous.
In Wikipedia Mozilla expenses are listed at 420 million total and 220 million of that is software development expenses.
The unspoken reality is that a large number of people have figured out a way to be paid by software companies to not deliver the core product.
Logically that must be due to a combination of public relations, legal bloat, or sociopathy.
In some sense, legal bloat in the current world is a necessity, so table that one temporarily.
Public relations are any sort of venture to improve the public image of the company. Why does a company need any sort of public relations that's not associated with performance or design of the core product? I would argue any dollar spent here is sociopathic; someone has created a perception that the core product would suffer due to factors other than the core product performance. "Mozilla will suffer because we don't have cute red and blue balloons on our homepage. Competitor X has cute balloons. We are f**ed!"
Direct sociopathy is "Mozilla needs good leadership, like me. I should be part of Mozilla because of my ideas."
So in reality, at least two of the three cases presented originate in sociopathy.
And the kinda point is, the company would do just fine without either.
There is an "argument" that people online put forward, perhaps to try to preserve the status quo. It goes something like this: Every browser must implement every "web standard".^1
Meanwhile the incumbent browser vendors profiting from online ads are on the committees that decide what will be the standards.
Have also seen Mozilla supporters on HN claim Firefox must "compete" with Chrome and that this means matching nearly all of its features.^2
(An HN commenter suggested sending Referer: news.ycombinator.com to www.jwz.org may have adverse consequences hence the use of IA)
The tunnel-vision ignorance and stupidity of this comment is over the top, IMHO. Have seen similar comments on HN.
1. I am submitting this comment with a text-only browser that is maintained by a single person and implements only a small fraction of web standards. It does not support ads. There are no "cookie pop-ups". Clearly, such browsers have value. In many cases I find I can access more information more easily and more rapidly than people using larger browsers like Firefox who are constantly battling against the influence of advertising and "web development" just to read some text.
2. The definition of "compete" as used by these folks does not account for the possibility that some www users (cf. web developers) may want less features, not more.
in 2024, Mozilla still enables sending the Referer: header by default. May I suggest that any criticism Mozilla receives about supporting website operator and advertiser interests before www user interests is deserved.
> (An HN commenter suggested sending Referer: news.ycombinator.com to www.jwz.org may have adverse consequences hence the use of IA)
May I suggest to said reader that anyone technically inclined who still keeps that misfeature enabled in their browser deserves the targetted response they get.
"For the last few months we have been working with a team from Meta (formerly Facebook) on a new proposal that aims to enable conversion measurement – or attribution – for advertising called Interoperable Private Attribution, or IPA." https://blog.mozilla.org/en/mozilla/privacy-preserving-attri...
I have supported Firefox for a long time. I enjoy using Firefox with plug-ins such as uBlock Origin, Privacy Badger, Multi-Account Containers, and FlagFox.
I understand the need to work with Google and Meta. I don't like or trust the advertising business but I recognise that these companies are billion-dollar giants.
However, activating a feature without asking users is a failure to uphold the mission statement. And Meta is a repeat offender in the domain of security.
> I understand the need to work with Google and Meta.
I confess that I don't understand a need for them to work with Meta. What does anyone but Meta gain by adding this feature? A quick search doesn't show that Mozilla gets significant financial support from Meta (although maybe that's just bad searching on my part). If not money, what does Mozilla gain from this? Goodwill and a hearty thanks?
There is chrome://geckoview/content/config.xhtml but many options shown there are nonfunctional. The relevant option is listed but I'm not sure if setting it to false has any effect.
Edit: Just found out that on that link above, you can set general.aboutConfig.enable to true to enable about.config.
It looks like the xml page and the about.config one are the same, as the modifications I made are synced.
Thank you so much for that! I was missing the ability to configure a very important option for me in Stable (layout.css.prefers-color-scheme.content-override), but couldn't keep using Nightly because of its instability... You're a lifesaver!
The standard source comes with malware, and the one big alternative comes with malware. Such is the state of the tech industry (even nonprofits) in 2024. Random individuals like Raymond Hill are far more trustworthy than large organizations.
Looks like the windows build for 127 didn't have it but it's there in 128. Updating to 128.0 adds the preference (defaulted to true) and also the new "Website Advertising Preferences", which seems to control the same preference.
I would just uncheck the box as it's right there on the Security page.
Thanks, I just updated to 128, and found the setting under Settings -> Security -> Website Advertising Preferences. I wish I could be surprised that this was opt-out by default, but when you know how Mozilla is funded it all clicks.
Setting dom.private-attribution.submission.enabled to false changed the user agent on my mac to Mozilla/5.0 (Windows NT 10.0; rv:128.0) Gecko/20100101 Firefox/128.0
> I'm not affiliated with Mozilla, but I do understand how wikis work. ;-)
You don't seem to understand why this is problematic though, so I'll explain it to you: enabling tracking when you know that one of your selling points to your users is respect for privacy is a huge breach of trust.
Maybe it hasn't been an active Mozilla mission for a decade in practice, but they did paid it lip service many times in the past decade, so still counts as breach of trust.
"Google/Firefox claim their tracking features are not "tracking" because they use something called "differential privacy". I don't have room to explain this class of technology, but I sincerely consider it to be fake."
Differential privacy is not fake, although quite complex to do in practice.
The fake part isn't whether differential privacy exists. The fake part is claiming differential privacy can be used by browsers to provide aggregate ad conversion data to advertising networks without providing information that can be linked to an individual.
According to Mozilla[1], Firefox's implementaion uses the "Distributed Aggregation Protocol" (DAP)[2]. Individual browsers report their behavior to a data aggregation server, which in turn reports aggregate data to an advertiser's server using differential privacy. But the aggregation server still knows the behavior of individual browsers, so basically it's a semantic trick to claim the advertiser can't infer the behvior of individual users by defining part of the advertising network to not be the advertiser.
Now, Mozilla says the data aggregation server they use is run by the Internet Security Research Group[3], which is a non-profit, so perhaps the social incentives truely are aligned in this case to ensure individual user behavior isn't shared with advertisers. But it's disingenuous to claim user privacy is protected absolutely by technical measures when in reality it's only protected by social measures.
Finally, ad conversions can easily be measured without cookies by serving unique URLs with each ad, so what's even the point of this technology? I'm not clever enough to discern any ulterior motives (if there even are any), but the complexity of the approach is suspicious to me, since ostensibly a much more obvious solution would suffice.
It's fake because it provides information that can be used for evil purposes: attribution to an individual has nothing to do with it. It's fake if it really is 100% anonymous.
Example: Count Jackboot (your favorite evil politician, Trump or Biden or whoever) is running for office. He wants to know voter opinion on topic X so he can lie about it. He commissions a reputable polling firm to ask people about X, and give him only the aggregated results. The polling firm contacts you, asks your opinion about X, and promises you that your opinion can't be linked back to you. You'll be helping the Jackboot campaign completely anonymously.
You believe the anonymity promise, but that's irrelevant, you hopefully don't want to help the Jackboot campaign at all! Saying everything is private because Jackboot only gets anonymous information is a self-serving rationalization by the advertisers and data collectors. The only way to be private is give no information whatsoever.
> ad conversions can easily be measured without cookies by serving unique URLs with each ad, so what's even the point of this technology?
I believe the goal is to infer the impact of impressions which do not require a click or user interaction.
Privacy-preserving attribution works as follows:
Websites that show you ads can ask Firefox to remember these ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad, including a destination website.
If you visit the destination website and do something that the website considers to be important enough to count (a “conversion”), that website can ask Firefox to generate a report. The destination website specifies what ads it is interested in.
Meanwhile, Ladybird, the first new browser engine since the 90's to 100% the Acid3 JavaScript test, just secured $1 million in funding from the founder of GitHub. We, as responsible web users, need to do whatever it takes to break up Google's web oligopoly. The open web is at stake.
It starts by developers stopping by shipping Electron junk (want a Web app with native APIs?, target the system browser with a daemon), or using Chrome only APIs.
I read the Ladybird FAQ for their rationale, but building a new browser in 2024 using an unsafe language is such a facepalm it’s hard to take the entire project seriously.
'unsafe language' sounds like something out of '1984' or 'Animal Farm'; a totalitarian political euphemism, attempting to demonize all 'others'.
The reality is that no language is actually 'safe', and 'safety' itself is a complex trade-off between enforced restrictions, flexibility, and other factors, just like in life.
Instead of "unsafe", we could use "computer verified correctness" or something similar. Truth is that humans make mistakes and Rust is the only "project" which achieves verified correctness in some critical areas, in projects of any complexity.
'the rationale that they are actively evaluating other develoment platforms?
"However, now that Ladybird has forked and become its own independent project, all constraints previously imposed by SerenityOS are no longer in effect. We are actively evaluating a number of alternatives and will be adding a mature successor language to the project in the near future. This process is already quite far along, and prototypes exist in multiple languages."
Yup I don't understand the downvotes. I don't code in Rust but I also don't feel insecure about it: I wish more projects were written in Rust (or something similar).
There are several research, already published here many times, which show that something insane like 75%+ of all the security exploits would be rendered cold dead in their tracks had Rust been used.
I don't know how anyone, even a C/C++/VisualBasic/PHP coder, could not like that.
I suspect the downvotes are for a very simple reason: "Why not Rust?" comments are contributing next to nothing to the conversation. At this point, comments like this are tiresome and predictable.
What would be interesting are detailed separate posts such as what you mention about security exploits addressed and of course the stream of wonderful software that people are writing in Rust (and other languages as well for that matter). Bringing it up in relationship to Ladybird, which is an amazing accomplishment already, is incredibly petty and off-putting. The poster can do better and the community deserves better.
You are correct about Rust not being mentioned explicitly, but I am yet to see a stream comments about memory safety coming out of say the Java, Python, Go, Haskell, etc. community. Then again, maybe I am wrong?
As for petty. "[B]uilding a new browser in 2024 using an unsafe language is such a facepalm it's hard to take the entire project seriously." sounds pretty darn petty and dismissive to me for a project that is making good progress. We desperately need diversity in terms of web browser implementations and "not taking seriously" a project which could very well become viable within the next few years solely based on their programming language of choice feels wrong to me (even as someone with next to no love for C++).
Why can't they just fork Blink like everyone else? A new rendering engine is an unnecessary duplication of effort and ripe for security issues.
I don't think the open web is really as dependent on the browser anymore anyway. We already have multiple choices today, but the web is still mostly controlled by a huge big companies and nations. Doesn't feel particularly open. A new browser engine won't really solve that.
Meanwhile a million dollars could go towards some network R&D or popularizing Freenet instead.
The world doesn't need a dozen HTML renderers. If we actually want a free and open web, that's a infrastructure and content censorship/algorithmic promotion issue, not a layout engine or JS engine problem.
Yes, but Ladybird will be a much smaller attack surface. Starting with a competent, modern base and a great deal fewer lines of code will prove advantageous for both security and performance. See: WireGuard
It's new. That misfeature was checked for me, even though I had "strict privacy protection" set, the level that comes with a warning that it might break some websites. And even though I had "Do not track" checked. On two different computers.
This version of Firefox, 128.0, was auto-installed by Ubuntu update.
The thread does not explain whether the behaviour of Firefox was actually changed when they added the check box, or if it is a new option to opt-out of something that could not be opted-out before.
It added in the 'privacy preserving feature' that did not exist before, automatically enabled.
> Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.
> Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.
I read it as satire. Even chrome is better than firefox.
"Now to be clear, the disclosure Chrome provides to users is not adequate. Their wording of the "Ad Privacy" feature popup is highly disingenuous and the process to disable once notification is given is too complex and must be performed on a per-profile basis. But at least they do it"
Still waiting for a browser that doesn't send a million things to fingerprint me with. Random websites don't need to know the battery level of my device. It shouldn't even be able to know my window size or resolution. It's beyond me that we should provide any information to send back other than our IP address and the resource we want to access. Anything more than that should be allowed on a case-by-case basis, but 99% of websites don't need more.
Do I understand the feature correctly? Your browser tracks your activity and submits it, non-anonymously to a mozilla operated server where it is vulnerable to lawful or lawless interception or compromise by hackers, and from there they sell anonymized (hopefully) data to advertisers?
Wierd, I just updated to v128 (been offline a couple of days) on android, and the Settings -> Data Collection -> Marketing wad already off. I already had the usage and studied off, so maybe that's why
It is obvious why Firefox does this though; they have no income otherwise like Google does. Firefox users somehow think that using is "supporting" Mozilla/Firefox, but it is not, and they would not pay for the browser, or pay a subscription free. Privacy-friendly ads are a reasonable way for Mozilla to survive long-term -- if they are indeed privacy-friendly.
Ultimately you probably either need a clean-room NGO that ensures the data cannot be de-anonymized, or accept that ad impact counting is BS anyway and only measure profit increases across A/B ad phases.
You can't reasonably claim "they would not pay for the browser, or pay a subscription [fee]" when it is not even possible for a user to donate to the Firefox project specifically.
I believe it’s worse than that. I don’t think they can use donated funds for Firefox development since donations are tax-deductible and Firefox is a for-profit company.
You can. There are a lot of open source projects that solicit donations, and if you talk to the developers you will find out that practically none of them get donations that would support even a single developer.
The only thing that seems to somewhat work is Patreon, which seems to work fine for some developers that are good marketers, but even there the number of creators that can support themselves is very small, and I don't know of any Patreons that support more than a single person.
To support a browser, you need a team, and there is no plausible way to pay for that team with donations.
It's not that nobody has tried financing open source with donations, it's just that nobody has found a way to make it work yet.
The inability to donate to Firefox is a valid and longstanding criticism of the Mozilla corporate/foundation setup.
Mentioning this deficit in a comment chain about the projects financial sustainability is relevant and appropriate.
It is also true that many projects have funding problems, but that does not negate the parents point.
Mozilla is not a particularly good steward of Firefox and there should be a way to donate specifically to Firefox development, if just for Mozilla as an indicator on what should be their priorities.
Sorry, I think I wasn't clear. I meant to contradict the statement "You can't reasonably claim ..." with "You can [reasonably claim]".
What I am saying is that it is extremely unlikely that people would donate to Firefox, even if was possible to do so. At least not enough to actually pay for more than a few developers. (And you need more than a few developers for a browser, even if you cut useless features nobody asked for like Pocket integration.)
I would pay for a browser that was 100% ad- and tracking-free. I pay for an email account. I pay for YouTube. I pay for several streaming media services. I get that people are used to browsers being free, but no reason that can't change.
Apple tried this with iOS 2 and 3. Minor versions cost users roughly 5-10 USD per update.
Therefore many users did not install the latest OS on their devices. The cost, although small, was a barrier for many people.
Apple quickly pivoted and now all software updates are free of charge to all supported devices.
If Mozilla starts charging for Firefox, I predict either people stick with the oldest version that is free, or stop using Firefox and use a fork that maintains its free (in cost) license. Or maybe only 2% of users convert to a paid version of Firefox.
I don’t disagree with your point — however apple only charged for the early iOS updates on the iPod touch. And they only did it to comply with the Sarbanes-Oxley Act — which required that if you upgraded a device not on a subscription, you had to charge.
They stopped doing it after they lobbied congress to change the law.
If Apple delivers a defective device to the customer, I see no reason why they shouldn't be fixing it using the money the customer originally paid. A security vulnerability may eventually leave a device completely unusable.
There are a couple of problems with this argument. One is that with a device (especially a premium one) the cost of support for a reasonable lifetime is considered baked into the price. The other is that security updates imply a security issue, meaning the company sold you an insecure, i.e. defective device in the first place.
What paid browsers are on offer with good technology? The only ones I'm aware of are still chromium based or I think mac only, so that's a pretty bad feature set.
The thing is, you cannot pay for Firefox even if you wanted to*, so the assertion that people wouldn't pay is unproven (but has good circumstancial evidence). I'd still prefer they make a paid version without this crap.
* Donations to Mozilla go to a non profit which is separated from Firefox development and has questionable effectiveness in general
The reason many companies don't offer a paid option to remove tracking is it can be seen as an admission by the company that they know tracking is wrong to some extent. So these companies would rather just force it on everyone and pretend like there's nothing wrong with it.
After all these "I would pay for Firefox if I could" comments, it would be fun for Mozilla to start a Gofundme like page, where if it hits $300M (or whatever amount they're getting from Google per year) they'll make it an option, otherwise they'll go back to trying to find another revenue source.
It's very hard to believe that an average user would ever pay for a browser, when alternatives like Chrome and Safari exist. It's the same as paid email services, in my opinion. Like sure, there will be some segment of users who'll do it, and they'll probably get $10-20M/year if it offers some features free email services don't. But hitting that $100M through donations on a yearly basis would be hard when there are free equivalent alternatives.
Mozilla is like Wikipedia, where the vast majority of the funds they receive go to causes unrelated to development or maintenance of their core product (web browser or encyclopedia).
Mozilla Foundation did not acquire an ad company, and none of their dollars can be legally used to acquire and ad company. Once again, HNers fail to understand the difference between Mozilla Corporation and Mozilla Foundation, and conflate all their criticisms.
Mozilla chose to structure themselves in a way that was confusing and has led to their interminable distractions and side projects.
They apparently were under the impression early on that Mozilla Corporation would somehow actually make money from Firefox which would then fund the Mozilla Foundation's other projects. I doubt that they anticipated that nearly all of the money coming into Firefox would come from their primary competition and they'd wish they could allocate funds in the other direction, but here we are.
If you know so much more than the rest of us: Is there some important reason why they haven't fixed their structure already? The for-profit supposedly reinvests all its profits into the non-profit, so I'm unclear what purpose the distinction is serving at this juncture.
I never thought if it like that, and I wouldn't agree at all tbh. But also, as said, never thought about it. What makes you think it is heavy on entrepreneurs?
1. The average user doesn't have to pay for the browser in a donation model, you just need enough users to feel passionately enough about it to fund it sufficiently to develop it.
2. No one is arguing that Mozilla should replace their revenue from Google overnight with donations. We're just asking that Mozilla give us the option to pay for Firefox already.
Another user (trying to demonstrate to me that donations would never be enough [0]) figured that if we assume a similar rate of donations as Thunderbird gets then Firefox would bring in $70m/year just in donations.
That is a heck of a lot of money. That funds 140 developers even at inflated Bay Area salaries, 280 developers if you're willing to branch out of the Bay and offer closer to $200k/year on average as a base salary (still an insanely high average rate in most of the country and the world). Even if you took a full 50% for general/administrative and overhead, that sum would still pay for 70 bay-area or 140 rest-of-the-world developers.
If Mozilla really does need more developers than that for Firefox specifically, then fine, they can keep accepting money from Google—no one is saying they should only be funded by donations. But that they don't even make it an option is frankly bizarre.
I also pay for Orion, but can’t use it much until the multi-container support is working well. Right now Firefox is the only browser that does this right.
Upvoting you in the hopes that more people in this thread will put their money where their stated principles are and help support a privacy focused browser with clear funding sources so that Orion doesn’t go the way of Opera.
I also used Firefox’s containers a lot. In my case, I often need to log into multiple AWS simultaneously, or at least bounce between them quickly enough to be a major hassle if I had to log out of one to log into the other. Now I use Safari’s profiles to do that.
What’s your Firefox use case that Orion doesn’t handle? (Sincere question; that wasn’t meant as “it works for me so stop complaining!” snark.)
I'll be honest, I was waiting for Orion RC 128 to get released, since that's when the multi-container feature was supposed to land (according to [1]). I just updated Orion RC, and the profile management is pretty nice, but seems to be missing some things: (1) assigning full or partial URLs to always open in a specific profile, and (2) profile assignment on a per-tab basis, rather than per-window.
Other than that, the browser is pretty amazing. Blazingly fast, support for both Firefox and Chrome extensions, and lots of customization. There's a lot to love about it, and as soon as the two features above land I'll likely be switching to it as my primary driver (on MacOS)
"Privacy friendly" (not really) ads are not a reasonable model. That just makes them a chrome knockoff, and there's no longer a purpose for their existence.
A reasonable way to survive would be to have invested part of the half billion dollars per year they've been taking in for the last 15 years and built up a trust to permanently pay for developers.
> Privacy-friendly ads are a reasonable way for Mozilla to survive long-term -- if they are indeed privacy-friendly.
At some level, trusting that privacy-friendly advertising through Firefox actually respects privacy is going to have to involve trusting Mozilla. Mozilla seems to have gone out of its way over the years to erode user trust, and this is just one more step down that road. As the author says, if Firefox is even sneakier about this than Chrome, what scope is there for trust?
I don't think Mozilla is going to pull a Google and deliberately choose to become evil. Mozilla simply doesn't have (or want?) the resources to hire competent product people (if such a thing even exists) to manage features and marketing. This is the problem with running software as a company instead of an open project where the product is the end rather than a means to profit.
I'd pay 100 dollars yearly for Firefox. At least. If it would deliver on the core product, and drop all advertisement crap in the build they ship me. It baffles me that this is still not an option.
I checked and is true that is enabled by default. The "Learn more" link on the setting lands here:
>PPA is enabled in Firefox starting in version 128. A small number of sites are going to test this and provide feedback to inform our standardization plans, and help us understand if this is likely to gain traction.
PPA can be disabled in Firefox settings.
No one seem to have outlined this point of view, so here it is:
This feature is supposed to replaced the current tracking methods for advertising purposes – and is better (or less worse) from a privacy point of view. It is currently on by default to ensure there is enough testers. If the test is not successful, the plan is to remove this feature again.
There is a long term benefit for everyone if this is adopted.
Let’s not forget how Google is clawing onto third party cookies, etc., and put Firefox’s position in relation to this.
It does leave a lot of critic points open though:
* enabling it by default is really putting a negative light on it. I understand that if it’s disabled by default, no one will allow it and the test will fail due to lack of data points, there is simply no good solution here I can think of.
* will advertising companies really renounce the other tracking methods if this method proves useful for them or will it become just one more tool on their belt?
As usual, the worse part if all of this really is Mozilla’s communication, they could have done much better. How could they imagine for a second it wouldn’t become a shitstorm, I wonder…
For what it's worth, there already have been bugs filed and quickly closed in the Mozilla bug tracker on this. I just created a new bug to make my stance on this behavior clear.
Ads aren't very important really, if you want to help, I recommend donating all your money to those in need and volunteering at a local homeless shelter, soup kitchen, or anything of the like.
Considering that we have long had the ability to feed an house everyone and ads are a big part of the machine sucking a huge chunk of human wealth into the pockets of a minority your time is much better spent taking down that machine than it is picking up the trash it dumps in your neighborhood.
This gives me impression like what happens to the nuclear weapon proliferation. At beginning, it is an arms race, between US and USSR, between users and advertisers. Either side thinks they can't survive without vanquishing the other. Eventually they realize it is stupid to continue, and reach a point to both step back.
I think Mozilla is at the point where they realize it is no longer beneficial to continue the race against advertisers. It is time to collaborate. This way both users, advertisers, and maybe Mozilla themselves can all benefit from stepping back one foot.
I personally support this move. Morally speaking, content creators I consume deserve income from my visit, as long as my privacy is preserved. Seems a good compromise if it works.
> Either side thinks they can't survive without vanquishing the other.
Except, it actually is not a two way street. It's purely one way. Without users, the content sellers can't survive. But if users stop consuming ads and eliminate content revenue streams, the users will be just fine. So what if TikTok goes out of business or something?
All the failure of online advertising would mean would be regressing to a time when the internet was not very commercialized yet, which was an amazing awesome time when we had pretty much all the positives of today with few of the negatives.
They need us, but we don't need them. Big Content is a parasite.
> content creators I consume deserve income from my visit, as long as my privacy is preserved
I doubt that most people in these discussions wouldn't agree with that point. The problem lies in the details. Advertisers don't take anything less that complete personalized targeting. We are not in the 2000s era of buying ad space on related websites/forums anymore. The problem is there are misalignment between targeted ads and privacy. And I didn't find all the proposal for anonymity successful, it is always possible to de-anonmize the data.
If a website uses targeted ads and track users, they won't use the PPA feature Mozilla introduces here. So the setting won't affect user. On the other hand, if a website is not evil and willing to sacrifice revenue for better user privacy, and use non-targeted ads, PPA gives them tool to do so. In contrast, the current adblocking methods are blunt forces. They don't distinguish the nature of specific ads.
>Morally speaking, content creators I consume deserve income from my visit, as long as my privacy is preserved.
sad for the content creators (I do actievely try to donate and subscribe to quality content when apt), but I simply don't tryst my privacy being preserved any longer. So opt out of this setting and keep Adblock extension on. The well has long been poisoned for me.
But I'm also in the minority and it seems there's still enough adrev going that I'm barely an atom in the market.
> Morally speaking, content creators I consume deserve income from my visit, as long as my privacy is preserved.
For me, tracking is not my primary concern with ads: I use an ad blocker as an accessibility tool to allow me to even exist on the internet at all. I have ADHD. Nearly all content on the internet is flanked by ads that make it impossible for me to actually read or watch it—they're intentionally distracting enough to draw the eye of a neurotypical person, and it's hopeless for me.
I dread a world where even Mozilla embraces advertising and the false idea that the only thing to solve is privacy. Ads are a problem for many, many reasons, and we need to find alternative answers for funding.
I might consider it when advertisers stop using malware and spyware in their ads. There's absolutely no reason that an ad would need to run a script, contact a third-party system, or track anything about the viewer.
So far though, they show no intentions of doing non-hostile advertising. Instead they're constantly striving to make it even worse.
So I'll keep the adblocking as it remains a reasonable and necessary defense measure.
I often hear an argument along the lines "content creators should be paid for their work". I think it should be "content creators _can_ be paid for their work". "Should" implies they are automatically entitled to it.
Put content out there, if I like it, I'll pay. If it's not good enough for enough people to pay for it _consciously_, then it's not good enough, and you stop doing that. You move on to better things and so does everyone else, with the added benefit of the content pool being a little less diluted.
Coupon codes have existed before the Internet as a privacy-preserving way for businesses to track conversions for advertising. If a buyer quotes "MAGAZINE5" when purchasing to obtain a 5% discount, the seller knows the magazine advert is working. In modern times, there is nothing technologically preventing a business placing online ads with frequently changing coupon codes "HAPPY15" vs "HAPPY22" to gauge effectiveness of particular ad formats in more granular ways.
Television and radio advertising exists and has existed long before the Internet without any need for detailed conversion tracking. Brief "To help us improve our business, could you please tell us how you heard about our brand?" questions in order forms has sufficed. A/B testing of billboard placements have sufficed.
Put simply, "Privacy Sandbox" is presented as a solution to a "problem" that doesn't exist.
Coupons worked, but they can't really work now in the way they used to. People exchange codes in other information channels. Especially in the current, always-connected, high speed internet era.
Doesn't that simply turn the "other information channels" into another advertising channel? If you are putting out codes to bring in customers, and customers arrive with the code, um, mission accomplished?
Maybe, but not necessarily. These channels, like the Honey browser extension, alert users who are likely going to pay anyways, that they can use a coupon to pay less. This I think is a loss for the company, and a misrepresentation of the campaign statistics, if looking at the effectiveness of the coupon code.
I have been donating a few hundred dollars to Mozilla every year (or at least most years) for the last 7 years. It's not much, but I might stop that donation now.
It is important to be aware that >64 bit supercookies ("impressions") are now being stored outside of the cookies subsystem in their own PrivateAttribution.sqlite database.[1]
The implications are numerous:
1. There is no user interface or settings yet available to change the whitelist of Google-enrolled (Google being the only enrollment option today as far as I have discovered) ad-tech domains that are allowed to set the supercookies or use these supercookies to track users between sites.[2] By contrast, users can currently configure cookie settings such that they are only allowed for certain user-whitelisted sites.
2. There is no user interface yet to view and delete the supercookies, as one can currently do with normal cookies.[3]
3. Supercookies are shared across all Firefox containers breaking existing expectations of container isolation.[4]
4. Supercookies were shared across private browsing and non-private-browsing sessions until v120.b5, then Private Attribution was disabled in private browsing sessions (for now, and pending decisions on whether supercookies should persist across private browsing sessions).[5]
5. The setting privacy.firstparty.isolate is not honoured by Firefox's Private Attribution feature.[6]
6. Users are at greater security and privacy risk due to implementation of an extremely complicated and obfuscated draft standard that is full of technobabble bullshit which deliberately avoids real security and privacy impacts.[7] For example, the specification hand waves away the significance of a 64-bit supercookie as somehow being difficult to use to track users between sites. Reality is that only 33 bits is needed to uniquely identify every human alive today, and 37 bits for every human who has ever lived. The specification's section on privacy and security impacts does not address, for example, a website including an ad that proceeds to fingerprint John's browser as an 18 bit identifier as demonstrated at [8], then combine it with other identifiers such as the netblock/ASN of John's home internet connection. Later when John is in a completely different Firefox container connected to his employer's WiFi network browsing another site, the browser fingerprint or other tracking data within the 64-bit supercookie can trivially be used to associate John with his employer.
This Firefox partial implementation of "Private Attribution API" is just a small part of the full set of "Privacy Sandbox" anti-features Google is busy adding to Chrome, including, and of much greater concern:
1. "Private Attribution API" event-level reporting. Currently Firefox appear to have just implemented aggregate-level reporting, so the supercookie values aren't shared outside of the browser. The full specification from Google also allows event-level reporting where the supercookie values (which are set by an ad-tech company such as Google when the user visits site A) are later re-shared with the ad-tech company when the user visits a completely different site B.
2. "Protected Audience API". Execute within the browser auction bidding JavaScript bots from multiple advertisers where the bot can peek at private user data in order to bid on the impression, and then the winning bot will display the ad and report back the winning impression.
3. "Topics API". Summarise browser history in order to tell ad companies what categories of websites the user has been visiting. For example, John is interested in boats, fishing, car racing, beer and travel. Jane is interested in rock climbing, exercising in gyms, yoga, Italian cuisine and furniture.
As usual when people criticize Mozilla, this thread is way over the top.
I agree it's not good that this is on by default. But saying that Chrome is better because it at least asks is disingenuous. Chrome simply presents you with the "Enhanced Ad Privacy" window and a button "Got it" or "Settings". That's clearly a dark pattern and technically not "asking" at all. The Topics API which you enable by clicking "Got it" is, at least from what I read, clearly worse than what Mozilla has implemented. Calling "differential privacy" a fake is simply untrue. It is not easy to implement, but if done properly, it's absolutely not fake.
I agree though that Mozilla has, as usual, dropped the ball here in how they have introduced this technology. They are obviously desperate, and they know if they would ask, probably the vast majority of people would not agree. Also as usual, they will probably roll back this setting once the outcry is large enough, and they have once again lost trust and gained absolutely nothing. It's also clear that with the tiny market share Firefox has nowadays, thinking they could introduce a new ad technology is simply hubris.
Q: What fraction of the corresponding GDP would it take to fund a serious browser-as-public-good initiative that would develop this technology to its full potential without the perverse constraints of adtech business models?
A: 0.0001%? Too small to compute?
The idea that critical communication infrastructure must be (directly or indirectly) supported by advertising interests is certainly not obvious.
Advertising businesses, like all businesses or individuals should be guests on that global platform, playing by the rules, not setting the rules. The status-quo is a unique and singular failure that has been normalized for reasons that historians will surely describe with gory detail in due course.
There are more ways to fund things than either adtech or dazed and confused individuals paying/donating directly for software. Especially when the stakes are extremely high.
Mozilla's attempt to provide a more palatable alternative while accepting the premise that the web is an ad-funded technology was, alas, always doomed. Its market share is trending to zero and it is just a matter of time before complete disaster...