Not a good look for Firefox. Third partners and device fingerprinting clearly mentioned in the documents.
The move is the latest development in a series of shifts Mozilla has undergone over the past year.
The gecko engine and Firefox forks, such as Tor, Mullvad, Librewolf, and Arkenfox, are stables of private, open source web browsing.
In fact, Mozilla’s is one of the few browser engines out there, in a protocol-heavy industry that many say only corporate or well-funded non-profits can reliably develop.
What is more, daily driving the more hardened-for-privacy Firefox derivatives can be frowned upon by many sites, including your bank and workplace.
Mozilla’s enshittification leaves the open source community without a good alternative to Firefox, after years of promoting it as a privacy-friendly alternative to spyware-cum-browser Chrome.
deleted by creator
(e.g. you use Firefox to make a post, they have to process those keystrokes through Firefox to send it to the server, and thus could require permission to do that in the form of having a license)
A better example would be stored credentials, credit card information, and other PII type data.
Personal emails, messaging, anything
I refuted most of these points on this user’s post.
This is absolutely abnormal. No browser should require a license to my own data unless they plan on doing something with it.
No other FOSS includes this language and I would argue that Firefox executable is no longer FOSS. It’s now source available.
Yeah I am unconvinced of this line of thought. If I use (say) Kate Editor to edit a document, do the developers of Kate need a license to the content of that document in order to save it to my desktop? Since the text content is stored in a Qt widget does Qt also need such a license? Linux itself carries the data from the application to the disk, do the Linux developers (all of them?) also need a license?
They do not. Your use of the software, with software you “control” (edge cases of cloud compute, etc.) does not require you to grant a license to the software.
It is abnormal for a free software project to have an EULA (i.e. a contract that one must agree to in order to install and use the software). This particular EULA does not seem to be as onerous as most but it may still place substantial restrictions on use.
The acceptable use policy, for example, covers much more than just crime (including a prohibition on “graphic depictions of sexuality or violence”). However, it also specifically refers to “Mozilla services” so one could argue that it doesn’t apply to normal usage of Firefox; however, the Firefox EULA also specifically claims it does. Is Firefox itself a Mozilla service? I would assume not under the usually understood definition of such, but it’s not really clarified.
It’s far easier to use something unburdened by an EULA, so I’m typing this from Librewolf.
Read the policies yourself
I suggest reading this diff to the FAQs instead, paints a much clearer picture:
https://github.com/mozilla/bedrock/commit/d459addab846d8144b61939b7f4310eb80c5470e
Basically removes all the language about not selling data and some about privacy. Down in the comments someone argues this is due to a narrow legal definition of that language in certain jurisdictions, but that couldn’t sound more like an empty excuse if they tried. Actually all the reactions from Mozilla I have seen on this so far sound like pure corpo PR bullshit to me.
“Mozilla can’t do anything wrong”. And people keep swallowing.
Nope sorry when a company is asking for to broad of rights it’s for a reason and Mozilla can fuck off. I wish ladybird was ready.
Mozilla is going to surveil their users and feed the data to their AI/Ads systems. They needed people to opt-in, so they created a EULA.
You write a wall if text thinking you will shift the views of disgusted people turning their back to the product, a product at that which was iconic for their open source culture, and yet it somehow managed to alienate the niche that was more favorable to it. Good luck with that!
You: “Public opinion is tanking, so it must be true!”
Them: Provides detailed, sourced information that explains the situation
You: “Nerd, I don’t read that shit”
Are you following your emotions or are you truly trying to understand the changes? You seem to be attacking / strawmanning people left and right in this thread and are generally not interacting in good faith.
On the contrary, I think this is a responsible way to operate. The terms of use apply to the Mozilla distributed binary, not the open source version and open source forks, and I don’t think additional terms shut them out of that. The privacy policy is clear, concise as can be and links so that people can jump directly to what is being collected.
People are saying it is Bad News
So, uhh, you want to tell us who is saying it’s bad news?
gestures vaguely in a direction
Ehh, people, you know?
I have the feeling people are overreacting to anything Mozilla does these days, just to have an excuse to talk people into using (politically?) worse browsers.
Yeah, ususally at this point someone goes “ugh, I’m never using Firefox again because Mozilla don’t respect people any more… iT’s TiMe To iNsTaLl BRaVe!”
Strangely enough, that’s what I thought for a long time but not this time. Removing the lines I saw makes absolutely no sense unless you’re selling users data, which I strongly oppose to.
I’ve started to use librewolf, unsure if this is a good idea.
Your mastodon feed might be different that mine, lmao
Can you be more specific than pointing in a vague direction?
This is trolling. It is beyond self-evident that the Open Source fediverse has thoroughly criticized the latest Mozilla move. I myself point out device fingerprinting and third party vendors. You respond to neither approach. You want me to do homework and quantify the sentiment on the trending Mozillla hashtag? Sealioning. Diigressing the topic of conversation? Report and block you sad impotent spook troll.
Onus probandi.
You make the claims, you serve the proof. You can’t point at a vague, general direction and go “here, proof!”. Especially not a social media feed, that’s the most subjective, volatile “proof” you could provide.
Quote me the text, in its full context, where it says that Mozilla is selling the data they are “now collecting”, or that it was optional for them without degrading services. Because I can’t find it.
All I see is data that Mozilla is required to collect to provide existing services, they are now putting it in black on white. I don’t really care what the “general opinion” is, opinions do not automatically become facts once sufficient people hold them.
I’ve seen Mozilla do bad stuff, this is just a very standard privacy policy update. Let’s criticize them when they actually deserve it, and encourage them the rest of the time.
Also, nice strawman instead of simply answering my question. 🥰
I was on your side until this message.
Have you considered what is driving this change?
Looking from the sidelines, I think it’s all about money, specifically, how to make the development of Firefox sustainable. Yes, I’m aware of the cynical view that this is about lining the pockets of the CEO, I have no evidence for this.
I think that’s essentially caused by how we have licensed open source software and had limited resources to combat abuse at the industrial scale that silicon valley companies have monetized other people’s work.
Bruce Perens is attempting to erect “Post Open”, but I’m not yet sure if that is going to solve the fundamental issues.
Disclaimer: I’ve worked a little on the community standards document for the post open project.
Being halfway between both sides, I can see the need for a monetary model to sustain development, yet I am challenged by the opacity that this feels like. The OP’s point that it feels like a downward slide toward principles compromise is challenging. Especially in light of the enshittification of everything lately, Mozilla needs to do a better job communicating how this is not going down that path and yet also trying to sustain itself.
Centrism is apathy and sucks
Reductionism is lazy and sucks. You didn’t even read the comment you responded to, you’re just mad that not everyone is upset enough for you.
No, not particularly. I’m not that upset myself, I recently switched to Librewolf. I just get annoyed at what I perceive as statements that ride the fence. Privacy is not a place to give ground on.
Did it ever occur to you that people can have a mix of views that don’t fully conform to one ideology or another? It’s a spectrum, not riding the fence. Like politics, not everything is a team sport.
I suppose Mozilla should lock the doors and institute slave labor rather than find some way of paying their employees that might be construed by you to be giving up privacy
Now that’s a mental leap to get there.
Oh, I thought we have to take extreme positions
That’s an idiotic statement. Realism or understanding what realpolitik is in a political situation is far more likely to allow you find and develop change in an organization, as well keep you from wasting your time on useless leverage points. In this case knowing both frames of reference is valuable so that action can be taken, as opposed to just writing five words.
Privacy and defending it is a worthy thing to have an ideological stance on.
Librewolf doesn’t exist in mobile
And IronFox don’t exist on desktop. That’s why they’re listed together.
I see, thanks
If Mozilla wants to limit their use of my input, why the do I need to give them a full, non-exclusive license?
Which Firefox fork do people recommend? Ideally it should be available as Flatpak, keep the Firefox version number and not have a separate user-agent.
LibreWolf seems to be the best on first glance? https://flathub.org/apps/io.gitlab.librewolf-community
Librewolf is the best ✅
I started using Zen today, it seems fine. If you’re privacy conscious librewolf is definite the best
Nope is buggy.
I installed Zen a while ago when Flathub recommended it to me. Didn’t really like the minimalist design, especially with the auto-hide title bar.
I switched to LibreWolf after seeing these news. It’s been working just as well as firefox and you can adjust the privacy functions as much or as little as you want.
I appreciate the recommendation. I’ve been using Firefox for many years but I admit it’s time in the sun is over. It hurts to leave it behind but I guess nothing lasts forever.
Goodbye old friend
Yeah, I’ve been using firefox for as long as I can remember. Sad to see it go this way.
Zen seems to have picked up a lot of privacy improvements but it’s a pretty small team doing a lot of ambitious work. I like it, but it’s got a lot of (minor, mostly aesthetic) bugs.
I use mullvad for stuff I really don’t want a record of (for as much as that’s possible)
On the chrome side, Vivaldi (former opera before they sold out to china) is a good browser, but even more ambitious and even more buggy than zen. It has a built in email client. Like, who does that?
It has a built in email client. Like, who does that?
Like Seamonkey! 😂
I wish librefox would come to android
I’m using Fennec on mobile and it seems to be working fine.
Hm, I might switch to this, this article worried me a bit
Well it’s been a nice time while it lasted but this should be a lesson that nothing is safe from enshitification and corruption. Fortunately there are a few options till something better arrives. Personally I’m waiting for Ladybug
Ladybug xD
I’m looking into Ladybird browser that everyone here is talking about and I can’t find anything about when they will release something.
Alpha will drop around 2026[site], but they have several contributors so who knows. Compiled it a few months ago at it was just a browser without engine, not sure how much it developed now but I’m hopeful
Keep an eye on it, but it’s not ready yet.
deleted by creator
The choice of C++ + Swift feels strange and off-putting to me. Swift, at least, is pretty safe as languages go, but does leave me scratching my head a bit. C++, though, frankly should have no place in a new browser project. For a piece of software whose whole purpose is to essentially download and run untrusted code, C++ is unacceptable.
It’s realistically not gonna happen, but what I’d really like to see is Servo developed into a full browser.
deleted by creator
Yeah, I know the history. And if they fully switch to Swift and manage decent performance, that would be acceptable, just strange. And it would also be fine to use whatever language if it were only a hobby project. I just reject the notion that C++ is an acceptable choice for new projects in security-critical positions.
deleted by creator
Yeah, it was ok when the project started. The issue begins once it transitions from a toy to a potential competitor with Firefox.
deleted by creator
And as I said, if they manage to entirely switch, I won’t have reservations.
As far as security in extant browsers and C++, see here: https://www.chromium.org/Home/chromium-security/memory-safety/
The Chromium project finds that around 70% of our serious security bugs are memory safety problems.
It’s a serious issue.
Could you explain how their language choice affects the security of the software? Because it’s open source and easier to find cracks?
No, the industry consensus is actually that open source tends to be more secure. The reason C++ is a problem is that it’s possible, and very easy, to write code that has exploitable bugs. The largest and most relevant type of bug it enables is what’s known as a memory safety bug. Elsewhere in this thread I linked this:
https://www.chromium.org/Home/chromium-security/memory-safety/
Which says 70% of exploits in chrome were due to memory safety issues. That page also links to this article, if you want to learn more about what “memory safety” means from a layperson’s perspective:
https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/
Cool, it makes sense I guess. But why would other languages not also be succeptible to memory injections?
In simple terms, they just don’t allow you to write code that would be unsafe in those ways. There are different ways of doing that, but it’s difficult to explain to a layperson. For one example, though, we can talk about “out of bounds access”.
Suppose you have a list of 10 numbers. In a memory unsafe language, you’d be able to tell the computer “set the 1 millionth number to be ‘50’”. Simply put, this means you could modify data you’re not supposed to be able to. In a safe language, the language might automatically check to make sure you’re not trying to access something beyond the end of the list.
Correct me if I’m wrong but ladybird is focused on a new browser, and not a new browser that is privacy oriented? Their language is pretty specific about donations and independence, but I didn’t catch anything that specifically denotes privacy.
deleted by creator
@pyu @opensource @whydudothatdrcrane we have ‘brave browser’ and ‘librewolf’ too
I keep Firefox, brave, Librewolf, and Vivaldi All configured and loaded with my plugins and bookmarks.
When Google pulled out of Firefox funding I expected them to go down a dark path.
I don’t know that any of those choices of browsers are going to be significantly better than the others long-term. I’m also hoping for ladybug eventually.
LW doesn’t seem to play nice with some of my sites and some of my plugins. It’s the one I want most to work. The last time I tried it, delivering pass keys out of bitwarden in it didn’t work. And that kind of makes it a no-go for me. I should try it again though it’s been at least a year.
I’m pretty sure brave would sell my kidneys if they could. But they are the only one on the list that’s truly funded and they keep up with the Joneses on YouTube ad blocking. And there also probably the strongest browser for anti-fingerprinting at the moment.
Vivaldi seems to work okay but it’s just a Google clone, they’ve only dedicated to not enforcing manifest V3 for “as long as they could.”
I thought Mullvad was the best in anti-fingerprinting. Anyone can check their own configuration with EFF’s “cover your tracks” site.
They slightly edge out brave on vanilla. Once you load all of your plugins and stuff braves a little better at lying about it. To be fair they’re both close enough it doesn’t matter either one will get the job done. I usually think of mull as a leave it vanilla and use it when you need to leave no trace.
Note just to be sure, Mull is a different thing than Mullvad. What you wrote makes sense for Mullvad, but I am not so sure if this is the case with Mull, the mobile app.
Does using a fork like Librewolf and Ironfox keep you safe from this?
I don’t think we understand very well the threat model here. Are we talking about having a Mozilla account or the web engine itself. If you have an account they will probably start doing mining shit with it. What about activists researching certain topics then? The content browsed can be visible to Mozilla if they use their account for syncing bookmarks. That should be a dealbreaker right there. No different than Meta user-profiling the fuck out of your engagement behaviors. Now if this is NOT the case and you haven’t a Mozilla account, I assume that the version of the web engine available back at the time of the fork is exactly the same. So far so good.
The problem is that browsers are hard, and there is a ton of web protocols to be implemented, various fixes for security, support extensions and other QOL features. WORD ON THE STREET is that tasks like these cannot be undertaken as solo/hobby projects, that funding and an organization structure is essential. The teams behind LibreWolf, Waterfox, etc have a track record of already lagging behind Firefox’s version updates. Same goes with user-profile and configuration sets like Arkenfox (if I am not wrong). You may tweak the conf all you want, but if privacy and anonymity is compromised at the web engine level, these forks will be left with little to do about it. Then the only option will be to keep using an old version of the web engine (sacrificing security and quality of life extensions), or ditching the gecko web engine altogether.
That is why people are looking for genuine alternatives to the web engine.
Lmao, this is fascism behavior
Time for Ladybird to release their first alpha?
Not an exhaustive list on the Gecko engine or its forks:
- Mozilla Firefox (Windows, macOS, Linux, Android, iOS)
- LibreWolf (Windows, macOS, Linux)
- Waterfox (Windows, macOS, Linux)
- Tor Browser (Windows, macOS, Linux, Android)
- Pale Moon (Windows, Linux)
- Basilisk (Windows, Linux)
- K-Meleon (Windows)
- Midori (Windows, macOS, Linux)
- SeaMonkey (Windows, macOS, Linux)
- Floorp (Windows, macOS, Linux)
- CometBird (Windows)
- IceDragon (Windows)
- Flock (Windows, macOS, Linux)
- Capyloon (Windows, macOS, Linux)
- Ladybird (Windows, macOS, Linux, Android)
- QupZilla (Windows, macOS, Linux)
- Zen Browser (Windows, macOS, Linux)
- Comodo IceDragon (Windows)
- Otter Browser (Windows, macOS, Linux)
I thought Ladybird was its own seperate project and engine.
