> Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies
Browsers were supposed to act as agents working for the user. User-agents. These days it's getting harder and harder to find a browser that doesn't work for an ad company at the expense of the user.
Chrome's entire reason for existing is data collection. Firefox can, for now at least, be hardened to work for the user (and prevent a lot of fingerprinting), but Mozilla is an ad-tech company too now. They've made their lack of respect for Firefox users clear by making Firefox spy on users by default so that Mozilla can sell that data to marketers.
The recent events related to FF are not that much of a shift, considering that Google pays $20B per annum to its (technically non-ad tech) partners, then 85% of Mozilla's total revenue comes from its partnership with Google. That ship had sailed long time ago.
Firefox really has been going downhill for a long time. Forcing Pocket into the browser, the ad infested new tab page, telemetry, making user accounts a thing, force installing TV show promotions, etc.
What they haven't done before is spend a fortune buying up an ad-tech start up. They barely even bother to maintain a pretense that they care about Firefox users. They basically came right out and said "We know that users don't want this, we can't convince them to, so we were right to force it on them by default and just hope most people don't notice and start complaining" (https://cdn.adtidy.org/blog/new/2wffyscreen_mozilla.png?mw=1...)
Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.
Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.
Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.
And of course they want to cater to advertisers because it is advertising that maintains the open web, and it is advertising that is paying for all browser development, actually, including Safari. And the open web is also dying, because people have been moving to mobile apps, where all pretence that "the user agent must act on your behalf" is gone. In other words, even if you get what you wish for, in a couple of years it may not matter at all.
> And of course they want to cater to advertisers because it is advertising that maintains the open web
As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.
We've had the means/tech to support publishers directly for years (I don't mean crypto). It's in the interest of companies like Google to keep users (and publishers, and brands) in the dark. And one of the issues here is that they have so much impact on the discourse. There are only few places, where I saw more people using ad blockers than the adtech businesses I worked with or at.
> Nobody wants to pay for a browser
True, but I don't think people would have an issue with paying for browsers if they understood the value of it. At this stage, I think the only solution would involve:
> As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.
I know what you're saying, I agree, as I worked (in the past) on advertising platforms as well, but both of those statements can be true at the same time.
The open web was built on advertising, but the perverse incentives in advertising are also poisoning the open web.
I don't think we've ever had a good solution. People like free stuff, and also, micro-transactions are not possible given the huge banking fees. What we're seeing, the alternative, are subscription-based services behind closed hardens, and mobile apps whose ads can no longer be blocked, so here we are.
I also think that Google isn't the greater evil, because Google has an incentive to keep the web going. For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.
The problem with micropayments goes beyond the finances.
It's a major friction point.
How do you set up the payment relationship the first time? Maybe you can get it down to one click, at best, with stored credentials.
When you consume content, you still have to track expenditures, whether it's a prepaid credit balance draining or an invoice building up. Every pageview becomes a "is this worth 8 cents?" discussion.
A broad cooperative flat-rate programme-- Patreon on steroids-- seems the best way to manage that. The consumer signs up for the entire universe at $20 per month, and then doesn't have to think about what happens if he visits a new site, or opens 500 articles this month and 5 next month. It's all sorted out with analytics at the content-provider level.
> micro-transactions are not possible given the huge banking fees
Cryptocurrencies like Litecoin have low transaction fees (currently less than a cent). Apple somehow manages to sell apps that cost just several bucks.
Also, in Russia, a Fast Payment System allows transfers up to $1000/months without commission, however these terms are available only to personal transfers and not for business. But it shows that low-cost transfers are possible even in traditional banking system.
Litecoin, as a cryptocurrency, is rife with scams and offers no chargeback mechanism and either requires an end-user to run their own wallet software which can be hellaciously easy to screw up or lock oneself out of or get scammed out of by savvy hackers, or host the wallet through some third party who then has to deduct their own pound of flesh to keep the service running be that through additional fees or through the same anti-consumer "you are the product" practices as ad networks.
Apple (literally the single wealthiest company on the planet) "somehow" manages to sell inexpensive licenses to primarily ad- and surveillance-financed agents that infest end-user hardware through a marketplace that probably acts as a loss-leader for them to sell said hardware to begin with.
And "transfers of up to $1k/mo without commission"? (Why is that quoted in USD instead of Rubles?) Venmo, Zelle, Paypal, and countless other services in the US allow you to transfer $1k/mo and more without fees to other people using the same system and with a lot of friction to get money back out of said system. And the fees are still "only free to friends/family" specifically because you only need chargeback protection when paying to a business.
> micro-transactions are not possible given the huge banking fees
I actually worked on several projects like this and we found a few ways of making this work. A simple example would be having a wallet you can top up, so you can pay per article. The fee was _roughly_ 2x the CPM for a post, and the cost for an average user ca. $5 per month IIRC. There's a bunch of companies doing this stuff, but their usual issue was scale/publisher relationships. After a few years of trying and 3 companies later I ended up in a situation where this wasn't a problem. Apologies for being vague here.
> I also think that Google isn't the greater evil, because Google has an incentive to keep the web going
True, but the web Google wants to "keep going" is _very_ unlikely the same as the one that's good for users. Chrome or Android serve as storefronts, hence consent assumed by default (think Manifest V3, FLOC, etc...).
Example: think of the deal they signed with Conde Nast (and earlier Reddit). Nowadays, Google has exclusive access to search results from Reddit.
> For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.
I witnessed it in 2010s when working with publishers (EU, UK, and some US-based). It wasn't much different than what happened during the "cookiegeddon" around '17 '18 (IIRC): moving to new platforms, pushing towards subscriptions, bundles, or focussing on premium/high quality content.
The publishers I spoke with (again, as a vendor working in publishing and then, later, in adtech) generally would be more than happy to drop the ads if we had any other way to let people pay for stuff without using dark patterns (e.g. subscriptions people tend to forget about).
The only people who created pushback were not even their advertising partners, it was _their own sales people_, responsible for pushing their inventory via direct sales. It makes perfect sense, from a people/internal politics point of view. I'd be happy to elaborate on that, but it's getting a bit late!
People like free stuff, but they're also happy to pay for stuff if they understand its value. Imagine walking into a coffee shop and asking for a free americano promising that you'll stare at their ads on your phone for 5 minutes. (This idea only makes sense if you're running an adtech / marketing startup.)
Then, we have more interesting examples like The Guardian, where many of the people supporting them did so because they wanted _other_ people to have access to it.
So yeah, I agree that people like free stuff, and that the current situation is messy to say the least, but I think we need to take a step back and reconsider the things/ideas we take for granted.
> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.
People didn't like Pocket as a product. It wasn't as if they just didn't like it because Firdfox wanted to make money out of it.
Sure they should diversify, but with something that isn't otherwise (so) objectionable. Like their VPN, or sponsorship, or just let go of all the upper management.
> Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.
That's not true. It isn't directly supporting anything except surveillance capitalism. Allowing yourself to be exploited in that way may indirectly support Firefox, but it's not the same thing as direct support.
Firefox users have literally begged Mozilla to let them actually directly support Firefox's development in the form of donations explicitly for that purpose alone, but Mozilla has always refused to allow it.
> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.
People scream at them when they involve themselves in surveillance capitalism so yeah, spending a ton of money that could have gone into firefox development to instead buy an ad company so they can start spying on us while we use the internet isn't helping.
> Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.
Are web browsers more "incredibly complex" than linux? I don't understand how people assume that web browsers are impossible to develop without selling users to the marketing industry while somehow linux and countless other open source projects have never once needed to do that.
Mozilla could at the very least try letting users pay for firefox development like users have been asking them to before they jump to selling firefox users out to the ad industry.
> And of course they want to cater to advertisers because it is advertising that maintains the open web
Advertising doesn't maintain the open web, it poisons it.
> And the open web is also dying, because people have been moving to mobile apps,
That's because many people don't own even computers anymore. Even where computers haven't been entirely replaced by devices that are designed for data collection and mindless content consumption, the cell phone is the computer that people have with them at all times. The dire situation around computing in general wouldn't be so bleak if we could get some decent and affordable mobile devices that weren't designed to spy on us, but I guess you might see it as that spying being what maintains the computer industry.
> Firefox really has been going downhill for a long time. Forcing Pocket into the browser, the ad infested new tab page, telemetry, making user accounts a thing, force installing TV show promotions, etc.
It might be just me, but I find Pocket quite useful and interesting. That, and syncing user accounts across browsers. It's extremely convenient to just stash a link that you can later open while browsing the web on your browser or sitting at home with another laptop.
I guess you can try to make an argument about that being better served with extensions, but that would be missing the forest for the trees. Meaning, extensions are intended to provide third-partied with a convenient way to add custom features and behavior. That is just wasted effort if it's Firefox wanting to add a feature.
Also, you don't need to use any of that if you don't want to. No one forces you to. At most, it takes a couple of clicks to hide the toolbar button. Is that what you call "downhill"?
Frankly, this blend of criticism sounds like grasping at straws. Some people sound like all they want to do is complain about something, and proceed to work backwards to try to find something anything to complain about. This stance is particularly baffling when taking into consideration how god-awful Chrome and Edge are.
With GA4, the tracker code is loaded from www.googletagmanager.com (even if the tag isn't loaded via a GTM container).
The measurement requests can be sent to (region1|www).google-analytics.com or analytics.google.com (to share cookies with Google login better).
> The entire point of DoH is to bypass the ability of the users to prevent browsers from providing browsing habits to their owners.
It is the entire point of DoH indeed, while hiding behind the idea that is somehow prevents the state/ISP from knowing which sites you go to (which it really doesn't).
There only one way to get best of both world:
- force your browser to never ever use DoH / DoT: force good old, in the clear, DNS over port 53
- run your own local DNS resolver (I run *unbound*)
- only ever allow DNS port 53 to/from your machine and your local resolver (I run *unbound* on an old Raspberry Pi)
- have your DNS resolver use DoH
This way you get the imaginary protection that your DNS traffic is "encrypted" between you and your ISP: I mean, it is encrypted... But it's an illusion to believe it prevents your ISP / friendly-state-after-your-well-being from knowing which sites you visit.
But you also get full control over which domains can be resolved or not.
As a sidenote unbound supports "wildcards" when blocking domains, which is sweet (as opposed to your typical OS's hosts files, which doesn't support wildcard).
FWIW I've configured unbound to return 0.0.0.0 for the millions (!) of (wildcarded) domains I'm blocking and then I use dnsmasq, locally, to convert any 0.0.0.0 to transform into NXDOMAIN. It's versatile and I like that way.
It's Linux so you set that up once and it works for years.
No, that is not the entire point of DoH. That’s like saying the entire point of TLS is to prevent users from looking at the traffic being sent to a website.
DNS without DoH, DoT, or DoQ, is wide open to anyone snooping traffic in the raw, that’s not necessarily information you want to share with the world.
Which (for people not handing all of their DNS traffic over to google anyway) usually just means that their ISP can see their DNS traffic which is kind of a moot point because your ISP can see the domains you go to even with DoH.
If somebody is on your local network capturing packets or they've cracked your wifi you've got bigger problems than your DNS leaking a list of domains. They'll also see the IP of every server you visit online anyway
The way DoH is implemented usually means that all of your DNS traffic is collected by some third party for-profit corporation like cloudflare anyway (who admittedly will already know most of the domains you visit anyway because of how often cloudflare's IP space is where DNS will point you).
There really aren't any good options for DNS and privacy, just a lot of compromises. Host your own. Or, if your ISP is trustworthy, you might be better off using what they provide. The DNS traffic between you and your ISP's servers should never leave their network.
ISPs seeing the domains of user traffic is not a given. And DoH is a step toward mitigating that.
People were setting their DNS resolver to custom values before DoH.
I agree that DoH would ideally be enabled at the OS level, or that the browser flow would default to still checking host file before sending out the query.
Unless you are using an VPN, your ISP can see the IPs you are communicating with regardless of the hostnames associated with them and in turn resolve those back to hostnames or at least netblock owners.
True, but n the cloud era, destination IPs don't mean what they used to. If peopel wash their blog with AWS or Cloudflare or Netlify, etc., dest. IP means little.
They're not talking about IP's. They're talking about SNI, which communicates the target hostname in the clear before the https session is established. ECH addresses that problem, but that is only recently starting to see wider use.
DoH is pushed by goggle et al to ensure you continue to provide your data to them.
The browser should respect the OS. The OS should respect the network (dhcp/slacc). If you want to override this then that should be an active choice by the user.
I am quite happy with my OS using normal dns (via WireGuard when out) to my dns server which blocks bad domains before they even reach my firewall, I don’t need DoH, although I have no problem with that as a concept.
What I don’t like is my browser taking away my choice and breaking the model. It should defer to the OS (and I can’t see any time I wouldn’t want it to defer to the OS)
The entire point of DoH is to take away control of DNS from the OS vendor to the browser.
There were other encrypted standards(dnscrypt for example) that didn't require you to do that, but the one that bypasses the OS was forced by adtech monopolist in charge.
No, the point of DoH is to take control of DNS from ISPs (and related middlemen) and give it back to site/service owners (so their settings are not overridden for whatever reason) and the end-user (so their habits are not as easy to disrupt or track at the ISP level).
> but the one that bypasses the OS was forced by adtech monopolist in charge.
Assuming by “adtech monopolist in charge” you mean Google, I don't think taking control from OS would benefit them given they effectively have control of more than two thirds of the mobile market share globally¹ so they are shooting themselves in the foot as much as anyone else – so I assume there are practical reasons², or purely technical ones, for DoH being their preferred choice (assuming that are pushing a preference).
And anyway, there is nothing that says applications have to implement DoH instead of letting the OS do that, Chrom{e|ium} and FF have gone that way in part because base OS support wasn't (isn't?) commonly available/enabled.
----
[1] A less than two thirds if you only count the US, as some published figures do, because Apple does rather better there compared to global averages.
[2] isn't dnscrypt's standard still officially a work-in-progress?
If it was implemented at an OS level and respected standard configuration then fine, DoH, DoT, whatever, I’m happy.
However it wasn’t, and it doesn’t defer to the OS or the network. I can’t set a dhcp option on my network to tell my dozens of clients what dns server to use, I have to manually adjust each browser. I additionally get different reaults depending what I use, my browser will contact a different server than any other application.
That’s broken behaviour which benefits AdTech companies like Google.
> I can’t set a dhcp option on my network to tell my dozens of clients what dns server to use, I have to manually adjust each browser.
But at that point, you are effectively the ISP trying to control how users do DNS, in a way that might enable you to track/block/redirect. You might be trustworthy to your users so that is fine, but that isn't the case for every user's relationship with their service providers.
Is there an arrangement that would stop less trusted networks from tracking/redirecting/blocking DNS requests without (accidentally) helping AdTech by making DNS-based blocking harder?
Completely forgot to take to this a week ago (busy times…) but this more recent (that is touching in the same issues of inconvenience for some and whether it should take precedence over safety concerns of others) reminded me: https://news.ycombinator.com/item?id=41471510#41472889
First, you can disable encrypted DNS, second you can set up your own DNS server and setup browser to use it. And your own DNS server will respect DHCP config.
Personally I would like OS to completely ignore DHCP config (like proxy or DNS server address) because those features can be misused for malicious purposes.
A lot of mobile apps use TLS connections when communicating with their backends.
You can MITM the traffic, and continue to deliver the traffic using a self signed certificate that you’ve trusted on your mobile device, and boom, you can capture the traffic at your proxy point and be happy.
A lot of mobile apps use certificate pinning to ensure that the backend certificate matches what the app expects. Now your self signed certificate, even though it’s trusted at the OS level, no longer matches the certificate that the app is expecting, and no data is exchanged after TLS handshake fails.
A lot of mobile apps use TLS with certificate pinning, so even if the user installs a system-wide root CA, the app doesn't accept it and won't let the user look at what data is being sent to the servers.
DoH and similar technologies don't override /etc/hosts. They're just a different way of making DNS queries. The entire point of these technologies is to prevent your ISP and everyone else along the way from knowing which websites you visit.
DoH means that each application does its own DNS queries, instead of using the OS's functionality. Whether that includes reading /etc/hosts is up to the application, and it looks like high profile applications like Chrome and Firefox don't read /etc/hosts.
> The entire point of these technologies is to prevent your ISP and everyone else along the way from knowing which websites you visit.
More correctly, the point is to shift all that from one organization to another. Maybe you trust Google or Mozilla more than you trust your ISP, but I don't think it's the same for everyone.
You could even argue that your ISP can already see which hosts you connect to, so using it's DNS resolvers doesn't add much information for them. Using DoH means that both your ISP and another party can see that.
Excluding leaks, the ISP does not see the hostnames, what it sees are the IPs you're connecting to. 20% of internet traffic goes through Cloudflare, so at least for those, the IPs are meaningless.
Both privacy and security are layered, and perfect is the enemy of good. Securing the DNS is an obvious first step, forcing the Internet to HTTPS by default was another. Google and Mozilla have contributed to better privacy. People that want more privacy, depending on needs, can also use a VPN or for the more extreme cases, something like Tor.
Not sure what you mean about having to trust Google or Mozilla. I'm not using either Google's or Mozilla's DoH servers. But yes, I would trust them more than my local ISP. Google, at least, proved quite competent in handling whatever data they collect.
In TLS 1.3 server certs are encrypted. And while browsers support ECH (Encrypted Client Hello) to encrypt SNI, almost no server supports it. Cloudflare has ECH disabled globally for some "issues" they do not disclose [1].
> DoH means that each application does its own DNS queries, instead of using the OS's functionality.
HUH?! No! You aren't supposed to implement DNS on the application level! Most modern OSes support some form of DNS over TLS at the system level. You should use that.
You’re not but that’s the point. Google realise they don’t control the OS (in many cases) and thus struggle to monetise it.
I don’t have a problem with doing dns lookups over http, or any other protocol you want to use, if I configure my OS resolver to do that.
When people don’t like DoH they tend to mean they have a problem with bypassing the OS.
Theres then the concept of DoH, network admins have a harder job blocking it without MitMing traffic (and in some cases installing new root certificates and thus reducing security for users).
I’m less concerned about that. The argument for DoH often goes to “I don’t trust my network but I do trust Google” but I can see why some don’t trust their network. Personally I’d tunnel all traffic if I were on an untrusted network.
As someone who doesn’t trust Google (as their income comes from selling my personal data against my will) but does trust my network (as I am the network admin) I lean in the “anti DoH” camp, but regardless of which camp, DNS should be configured at the OS level (whether that’s a manual choice to use Google or cloudflare or whatever, or to accept the network hints)
What you mean is that network admins have a harder time controlling people's devices.
I have a DoH server set in my Chromium browser, installed on my corporate laptop, and I love it, because my DNS queries don't leak to my network admin.
The perspective is significantly different when you're both the user and network admin. From your vantage point, you're picking the lesser of two evils.[1] But there's a third option that keeps you in even greater control, yet it's increasingly becoming more onerous to preserve. It's something like a collective action problem.
[1] Or at least you think you are. If your employer is running provisioning and "security" malware, I wouldn't take any bets on what they're logging or not logging.
I think it's the tone of the site that turns people off. I'm sympathetic to the message, and I love a simple website without JS and trackers, but I have to admit that design wise it's a little reminiscent of some of the websites made by schizophrenics.
Whoever that creator is it looks like they've even missed some things too. I didn't see anything about the Mr Robot fiasco, or that one time they pushed a pop up ad at everyone and then, after the backlash, told the firefox users who were upset about it to add a line to about:config that would only disable the one ad they'd already clicked past: browser.vpn_promo.enabled = true
Keeping the door open for using browser.whatever_else_promo.enabled later on I guess.
He's moved the URL here - the site continues to be updated - https://digdeeper.club/articles/mozilla.xhtml
True, no mention of Mr. Robot though I'd say that was minor compared to whatever else they've been pulling off.
Power balance is how relationships always evolve. Browsers are basically politicians at this point and they are easily swayed by the power of the dollar and have varying degrees of requirements to side with the users.
Google, of course, has rammed chrome into it's primary place.
I'm sorry, this seems egregious. I agree that it should've been off by default but I challenge anyone to read how the implementation works (not just the blog post and the FUD responses to it) before calling it a giveaway to the ad industry: https://github.com/mozilla/explainers/tree/main/ppa-experime...
FF is currently a key tool in the fight to avoid a Google-top-to-bottom future, and before we start the meme that it's gone to shit we should be really really sure that's actually true.
It is ridicoulous. Why do browser developers cooperate with ad companies? They were supposed to protect us from them.
It gives no benefits to end users. Ad companies will not stop using old methods, they will just add one more method.
I hope responsible Linux distributions will patch this out and disable by default.
A fair model would be if this feature was opt-in and if Mozilla paid to the users who enabled it.
> The purpose of this API is to provide a privacy-first design for advertising companies to be able to measure how advertising drives conversions. That is, answering the question of whether advertising effectively achieves its goals, such as increased sales.
Not my problem. I don't earn anything from their sales.
It really is disheartening to see so many technically-inclined people berate the one browser that is preventing Apple/Google hegemony. The expectations set upon Mozilla and Firefox are so unrealistic it's laughable.
Firefox is rock solid, open-source, backed by a great organization (which has recently reinvested additional resources in it) and a joy to use imo. Also, the levels of vitriol that even the slightest bit of anonymous telemetry incurs is unhelpful and I encourage people who hold that viewpoint to really interrogate it.
While Firefox is great, they should not sell their userbase to Facebook with such proposals. If ad companies want to know about ad effectiveness, they must pay the users for collecting the data, not collect it for free without asking the user.
Ultimately, the problem is that entire premise is deeply offensive. I do not want my browsing history being monitored, collected, sent to third parties, and sold to marketers in any form period. I do not want a browser using my data in any way to support surveillance capitalism.
The implementation is just FLoC/Topics API all over again and it's still not compelling. The first kick in the teeth comes right at the start where the entire thing is predicated on data gathered from having an ad shoved in your face.
> At impression time, information about an advertisement is saved by the browser in a write-only store. This includes an identifier for the ad and whether this was an ad view or an ad click.
I do not want ads. Ever. Like many (likely most) firefox users, I go to some lengths to prevent them from showing up in any form. Now that firefox is going to be profiting directly off of firefox users seeing and clicking on ads they will certainly degrade our ability to prevent them.
It then involves sending my data to third parties so that it can be aggregated. Then my browsing has to be monitored to identify conversion events. None of this is acceptable.
Here's what their Cookie Monster paper says:
> User perspective. Ann browses various publisher sites that
provide content she is interested in, such as nytimes.com and
facebook.com. Ann does not mind seeing relevant advertising,
understanding that it funds the free content she enjoys.
I am not Ann. I very much mind seeing advertising, relevant or not. I do not understand that if funds "free content" I enjoy. If I need to be exploited to pay for something, that thing it isn't "free" and if it's infested with ads I do not enjoy it. The entire thing is based on a fantasy where users find this acceptable. We don't and it isn't. If we did, we'd probably all just be using chrome.
> FF is currently a key tool in the fight to avoid a Google-top-to-bottom future
Why should we care if Firefox isn't Google if both are just going to exploit us?
You're preaching to the choir, but even preaching needs to be truthful and I don't think calling Mozilla ad-tech or suggesting that it's just as bad as Google is remotely true. This is where "the perfect is the enemy of the good" comes from.
I mean, what do we have now? Google and a bunch of middle-man ad techs are hoovering up everything they can get, including a crap-ton of stuff that browsers can't affect at all, and wink-wink-promising that they anonymize some of it in some cases even though no one can verify that. A world in which the subset of that data that passes through a browser has been provably anonymized would seem to be strictly better, even if you still don't like it.
> You're preaching to the choir, but even preaching needs to be truthful and I don't think calling Mozilla ad-tech or suggesting that it's just as bad as Google is remotely true.
Mozilla is literally an ad-tech company. They bought and now own an actual ad-tech start up, they are partnering with Facebook to develop and implement protocols like DAP, and they are currently working on turning firefox into an ad platform that will deliver reports of people's browsing history to marketers in exchange for money. In what way are they are not an ad-tech company exactly?
I'll admit that they aren't as bad as Google, but they're heading in that direction and they've also only just gotten into the ad-tech game. It took Google a long time to get as evil as they are now.
Rejecting firefox because of Mozilla's new role as an ad-tech company and their insistence on exploiting firefox users isn't the perfect becoming the enemy of the good. Surveillance capitalism isn't good. Maybe standing up for ourselves and our values by saying no to spying from Firefox will cause Mozilla to look to other options. Even if it doesn't, it will keep us from being exploited and tarnished by our participation in their decline.
I've been a firefox user from the very beginning. My first browser of choice was Netscape. I hate that the enshittification of firefox is here, but I won't ignore it any longer. We still have a few alternatives like librewolf that provide the benefits of firefox without the recent corruption, and there's some hope on the horizon with ladybird too. The internet is only in the sorry state it is now because we've conceded too much to advertisers. We need to start holding ourselves and the software/services we use to a higher standard or it's only going to get worse. If Mozilla suddenly wants to be a part of the problem, I'll leave them behind while I look for a new solution.
Until they pulled this recent spying stuff I was a firefox user, but now I'm testing librewolf, zen browser, and brave. I might give Basilisk a try too. I'm also keeping an eye on ladybird but it looks like it isn't really ready yet.
Ultimately on the desktop I'll need something based on firefox because it can be hardened better than anything else I've seen and my work has me regularly dealing with some nasty websites.
I still have to find some options for mobile though.
Well, I wish you luck then. I still don't think PPA represents capitulation to advertisers in any significant sense, but I can understand why a purist would disagree, and certainly the fact that they get so much of their money from Google makes me fear that the extent to which they constitute a real alternative may dwindle or disappear someday.
Safari does a decent job of that, especially with Apple pushing an increasing number of privacy features by default. Of course, that comes with it being as a feature of an expensive hardware ecosystem, rather than an independent product.
Browsers were supposed to act as agents working for the user. User-agents. These days it's getting harder and harder to find a browser that doesn't work for an ad company at the expense of the user.
Chrome's entire reason for existing is data collection. Firefox can, for now at least, be hardened to work for the user (and prevent a lot of fingerprinting), but Mozilla is an ad-tech company too now. They've made their lack of respect for Firefox users clear by making Firefox spy on users by default so that Mozilla can sell that data to marketers.
Currently, you can disable that spying in about:config by setting dom.private-attribution.submission.enabled to false (see https://news.ycombinator.com/item?id=41311479 and also https://web.archive.org/web/20240827185708/https://make-fire...). No idea how long that will continue to be an option or how often you'll have to go back and reset that back to false following updates though.
We really need a new browser that actually works in the interest of the users.