Firefox search update(blog.mozilla.org) |
Firefox search update(blog.mozilla.org) |
'By the way, these values have come out in other contexts. I remember in an earlier war General Westmoreland saying “We had to destroy the village in order to save it”. But it was not an irony. He meant it. I mean, so did the early Christian communities that settled into this country mean it. That for a witches own good one had to dunk her repeatedly in water. Now we have come a long way since then haven’t we[?]'
<https://rickroderick.org/106-nietzsche-knowledge-and-belief-...>
I don't see a problem as long as there's not enough bytes of information that can infer a person. Aggregating the data in the client would allow this, so I see some kind of time shifting to protect the activity patterns.
I think its possible that the laws are still being violated, but good luck suing companies like MS or Google as an individual. Governments won't go after them because their spy agencies love the constant stream of data they can collect from it.
Its anecdotal I know, but would have to say that I know more web devs who use Firefox as their daily driver (or use more than one browser), than those who use just Safari or Chrome only. The better web developers (better able to solve bugs, and write less error prone code) are the ones who don't use Chrome for everything.
When you make a comment here, do a quick search beforehand to check the topic doesn't already exist, and do abide by the spirit of the guidelines.
If you want to do some kind of high-level data collection, this seems like a fairly ethical way of doing it? It's certainly better by miles than what all of chrome, android and edge have been pushing recently.
I have firefox suggest turned off on my machine (at least the one I have firefox as my main browser on), but that's just me.
Lots of ads.
Its just a glimpse into the future of this company.
We are past the peak.
I'd pay a monthly recurring EU$ 0(.|,)99 for that!
It's clear that libre browsers have failed. They are not sustainable. They are too big, too complex, and apparently only two organizations are really capable of keeping one going. One is an ad company, the other is a patsy for the ad company.
I don't see a way out of this that is at all sustainable.
Now I am afraid of enshittification, that they will try to shove search suggestions one day and hide/remove the option to deactivate them.
I'm not entirely sure how to phrase it better while keeping it pithy but the current wording reads to me like they're collecting the searches as well as the categories, and they deliberately aren't doing that.
(I entirely understand that some people will reasonably have an issue with what they -are- doing, but it's at least worth understanding what that actually is before deciding whether you're one of them :)
I don't want to be treated as a product, sold to data brokers without my knowledge.
My browsing experience is already tailored to me by my own actions.
I guess I'll be migrating to LibreWolf.
Is it possible to use Firefox without having a browsing experience? It is a web browser!
Seems like Mozilla really is fighting a losing battle: Whenever they as much as think about doing 1% of the monitoring that their competitors do (often for user research to guide and focus their development efforts; unclear if that's what's happening here though), they alienate a vocal part of their user base; when they don't, their software drifts further and further from what users actually want and need.
The problem is that Mozilla then consistently does something else, and tells its users that it's for their own good.
Every time I hear "anonymous data", I think of that time AOL published anonymized search logs (for academic research). The anonymization was negligent, and an NYT reporter de-anonymized and tracked down one of the users with the local & personal info present in the search queries.
https://en.wikipedia.org/wiki/AOL_search_log_release
https://web.archive.org/web/20130404175032/http://www.nytime...
So, they need to collect data about my search habits so they can show me relevant ads in Firefox Suggest? At this point why do I even bother using Firefox? I seriously might as well just use Chromium.
Before you leave please give LibreWolf a shot. It’s a modified Firefox with “spying/tracking/etc” disabled.
It's more risk than I'm willing to take for a software I use or everything critically important to me - including banking access.
> Binaries are unsigned, third party update service, Google safe browsing disabled unless you build from source, running unusual browser setups can actually make you more distinctive online, unencrypted DNS by default, speed of security patches is slower than base Firefox, etc.
I now just have "Blank Page" set for my Homepage, new windows, and new tabs.
I just tried setting a local file in Firefox and it seems to work again, so I may go back to that.
I may have to simply use the URL bar with data collection opted-out, as I'd rather not bother with vetting and installing a custom open source extension to override the new tab behavior.
Firefox is nice in that not only it has sync of basically everything, but you can run your own server for it.
It'll go well for a while (and users even might love you for it for a year or two, since you can focus your effort on fixing bugs and not introduce new ones with new features), and then you'll slowly but steadily lose users to other browser that do adapt.
Losing users for a web browser, means losing search referral revenue in the short term (literally Mozilla's lifeblood), and losing web developers in the long term, which will break the experience even further.
Just one example that almost made me switch browsers: Web site translation. I was regularly using Chrome in parallel for that, but now Firefox fortunately supports it too (and in a privacy-preserving local way at that – a true innovation), so they keep me as a user.
- End-to-end encrypted tab, history, and bookmark sync across devices
- Content translation, as mentioned above ideally in a privacy-preserving way
- Plugin support
- Cookie-jar-per-tab and proxy-per-tab support (Firefox allows doing both through Multi-Account Containers)
I'm sure some other users also feel the same.
I'm impressed you don't even need a HTML renderer component and all that comes with it.
Also, it is possible to continue iteratively improving a complex piece of software like a browser, beyond just the web standards race. Security, privacy, performance, and reliability/bugs/code correctness are areas where new computer science is constantly coming down the pipe and worth integrating. And maybe other things like AI or features for AR/VR systems, though it's more debatable whether those belong in general purpose browsers.
Browsers aren't Unix utilities that should do one thing and just one thing and thus can theoretically reach a state of "done". But even there it's not always a certainty. For example, "sudo" being superseded by a simpler more secure "doas", and then more recently by SystemD "run0". Even simple utilities continue to evolve.
It's almost like a "one size fits all" browser can't actually exist. I'm hoping for a more minimal, but excellent, browser to come around to meet the needs of the sort of user I am.
I think this is one of the adverse effects of Firefox changing how extensions work. In the Good Old Days, Firefox was a reasonably minimal browser and you could pick and choose which advanced functionality you wanted by choosing which extensions to install. But since extensions have been largely neutered now, a whole lot of that advanced functionality has to be built into the browser proper. This is fine if you want that stuff, but it's really uncomfortable if you don't.
Can't they just take Google's yearly $600,000,000 payment and build the best browser "for the user" while also addressing technical debt and organizational issues so it can continue as an open source project if/when the money ever dries up?
It's not like the power users who currently use Firefox and yet dislike this stuff are going to switch away from Firefox, since there's nothing to switch to other than Chrome, which is clearly worse.
Personal anecdote, I didn't like Pocket being added to Firefox, but eventually I did start using it - only because it came from Mozilla. And I currently pay Mozilla money for Relay (along with VPN), which are examples of them expanding outside of their core browser features.
I think it's more that everyone used Google for search (because it at least was legitimately the best by a good margin) and then Google used that position to push Chrome. The other stuff may have helped, but I think search was 90% of it.
And tabs. That was a cool idea.
Right now, Firefox's strategy seems to be focused on trying to follow in Google's footsteps and do everything they can to implement something almost as good as Chrome just without some--but not all!--of the extra things we hate about Google. The result of this strategy is there are simply way too few answers to the question "why should I use Firefox instead of Chrome?" that aren't "because someone has to lest we lose the war, and it may as well be you (as I guess you drew the short straw today)" :(.
I want to be clear: these unique selling propositions can be really small. If you are using Linux on a computer with a touch screen, Firefox implemented good multi-touch with kinetic scrolling support for X11... it puts Chromium to shame, and so if you are using such a computer you are likely to use Firefox even if it is less performant or doesn't work with a few websites you like. The goal isn't to only target the majority by chasing analytics: it is to win a thousand 0.01% minorities that add up to 10%.
The only other UI thing--and I'm using Firefox right now, and have been using Firefox as my primary browser for months now--that I can think of are container tabs. This one is interesting because, frankly, it doesn't buy me that much over Chrome's support for multiple profiles, and yet I do slightly prefer the feature, and clearly a bunch of other people do if you look around: implementing this feature won Firefox a bunch of users who now consider this part of their workflow and can overlook other faults.
Firefox used to be really good at this: they owned the space of web developers due to Firebug--which was also a critical market as it meant websites tended to work in Firefox--but Chrome saw that and took it from them. If I were in charge of Firefox, my hail marys wouldn't be allocated to end user acquisition: it would be focused on what I can offer developers to get them back to using Firefox as their primary browser. But like, it isn't even clear to me Firefox right now cares about developers anymore :/.
I mean... not only did they lay off the entire MDN writing team back in 2020--which to me was putting Firefox at the forefront of developers' minds (in the same way you mention users knowing about Google)--but, as far as I understand, they also laid off a lot of the dev tools team. Their website showing the features of Firefox for developers sounds strong, but I feel like Chrome also now has all of this stuff. I am excited to see that Firefox claims to have better support for CSS Grid debugging, I guess?
I also say that, because another place Firefox used to have a unique selling proposition is that it was "the hacker's browser": you could easily alter any part of the interface due to its crazy XUL layer, and I knew a ton of developers and users alike who would sell you on Firefox due to the crazy Firefox-specific extensions you could install. But as Chrome added extension support, Firefox not only wanted to be compatible with Chrome's extensions... they dropped (almost) everything that was unique about Firefox.
As it stands, they at least do retain some functionality that isn't just the same as what Chrome offers: support for synchronous fetch hooks (which I might be describing poorly) that is used by the more advanced ad blockers. This is a great USP because, of course, Google isn't going to support those... but Firefox stops there. I contend that it wouldn't be a big lift for them to add some extra Firefox-specific extension API surface and get, for example, the Tridactyl user community back to 100% on Firefox.
And there is frankly a ton of uncharted territory on being able to make powerful web extensions. I used to be in charge of the iPhone native code extension community, and I seriously feel more crippled trying to easily modify a web page than I ever did with a native Objective-C app, and that's insane: I myself constantly run into roadblocks due to being unable to dig into the private data of JavaScript objects or closures, and I see other developers complain about being locked out of styling web components.
Firefox should lean into "it is easier to hack the web with Firefox" as we know Google is going in the opposite direction. Despite the insane complexities of jailbreaking your iPhone, we had around a consistent ~10% marketshare; and no: that wasn't piracy! Not only did the US Copyright Office investigate and say we weren't the problem, we had a thriving ecosystem of paid native app extensions! (Though, frankly, if Firefox managed to hold ~10% marketshare entirely on the back of piracy, I'd be OK with that!)
Otherwise, as it stands, Firefox seems to be removing unique selling propositions as they focus on narrowly re-implementing exactly the set of things offered by Chrome. They have decided that the only market worth targeting is the mass market, and so they are making the same analytics-driven decisions Google makes with respect to safety, streamlining, and prioritization that forsake developers and power users as part of a losing battle with Google for 90% of the web when they used to own the other 10%.
Of course, changing the UI, using Google safebrowsing as default and other anti-user practices have nothing to do with it. /s
They can do that for as long as Google is willing to pay. Without additional revenue stream, the day Google decides to cut cost and stop sponsoring Mozilla, that's the day Firefox will run into big trouble. Any additional revenue stream is going to help.
I am no CEO but that seems very clear to me.
Chasing ghosts isn't more sustainable than the money from google. Yes it's a business relationship. but I'm not sure how they aren't completely "vassalized", to use your term, at this point already. It's not a potential problem, if google stops paying they would shutdown in a matter of months.
It's not a bad thing, Firefox as we know it wouldn't exist by now otherwise
There's no shortage of privacy respecting open source software that somehow doesn't have to choose between depending on Google and selling out their users. Firefox knows that most people won't opt out. They're choosing to take Google's money and screw over their users at the same time.
Obviously not. It's very difficult to make people understand something when their jobs depend on them not understanding it.
Browsing history, bookmarks, clipboard, open tabs, shortcuts, search engines, suggestions from firefox, suggestions from sponsors. Each of those can be individually turned off and on.
Why do you think Firefox Suggest using browsing history, bookmarks, clipboard, open tabs, shortcuts, search engines, suggestions from firefox isn't building the best browser "for the user"? Or were you just ignorant of what Firefox Suggest did and didn't bother to take a moment to look it up in Firefox?
> This data will not be associated with specific users and will be collected using OHTTP to remove IP addresses as potentially identifying metadata. No profiling will be performed, and no data will be shared with third parties.
So it seems they aren't selling it directly. But I wouldn't be surprised if aggregated numbers could be used for sales deals. (Hi Bing, we have 137M "travel" searches a month, I'm sure that you could put some big juicy ads next to those if you purchase the default search engine status)
Why would Google need this information? Don't they already get all of that and more in the queries themselves?
Or is this about supplying Google with a user profile that persists beyond incognito tabs, cleared cookies/history etc.?
I read it more as "we, Mozilla, want to know what Firefox users use their browsers for" rather than "we want to hand this data to Google on a per-query level". That said, it is incredibly vaguely worded.
More importantly: "Google is offering to pay us a bajillion dollars for some anonymized search data"
Citation needed here. Your head isn't good enough.
I've been using Arkenfox to turn off all the telemetry/etc but it increasingly feels like a game of whackamole.
I might not have been running multiple browsers daily if any one browser is perfect, but currently some websites seemed optimized for Firefox while others seemed optimized for Chrome. (And a small handful of websites are actually better with Lynx).
"Remember, you can always opt out of sending any technical or usage data to Firefox. Here’s a step-by-step guide [0] on how to adjust your settings."
---
1. Click the [hamburger menu button] and select Settings.
2. Select the Privacy & Security panel.
3. Scroll down to the Firefox Data Collection and Use section.
4. Check or uncheck the box next to Allow Firefox to send technical and interaction data to Mozilla.
[0] https://support.mozilla.org/en-US/kb/share-data-mozilla-help...
Wouldn't actually putting "user privacy first" lead to the conclusion that gathering insights like this shouldn't be done on a opt-out basis and instead be opt-in, at the very least?
Personally, I'd see "privacy first" as not needing to sell any user data at all, in the first place, but we're clearly beyond that already.
I think telemetry and the data software collects can help with usability, design, and product enhancement and that it's very likely this can be done to some extent without harming privacy.
That requires users paying, something often suggested, but I have not heard of working commercially for anything where a competitor can supply a user as the product alternate. Privacy just isn't that valuable.
Can you imagine a world without Linux, with Windows and Mac pretty much the only mainstream alternative? I’d rather pay a small fee not to have that.
That's not the world we live in today?
Software subscriptions are a hard "no" for me. Even if I loved literally everything else about Firefox, if they did this I'd have to stop using it.
I do donate on average €2/month for various projects, though.
https://www.mozilla.org/en-US/privacy/firefox/
Quite a few company and organization names are referenced. These include well-known ones like "Google" and "Microsoft", but also others that (at least to me) are far more obscure, such as "our third-party ad platform Kevel" and "AdMarketplace (a third-party referral platform)".
Questionable words like "send", "sends", "sending", "share", "shares", and "sharing" also appear quite a few times.
More broadly, the notice is quite long. A software product that truly respects its users' privacy should have a short privacy policy, mainly because it isn't collecting data to begin with, it isn't sending data to third parties, and so forth.
I know some people will claim that the data collection and sending that Firefox does is somehow acceptable because some of it can be disabled, or because it might be less than what other browsers do. I don't buy into those arguments. A privacy-respecting browser would have users opt in to enable any functionality that might transmit user data, or just not even include such functionality at all by default (it would have to be voluntarily added via an extension, for example).
And if it's not for their own metrics, but to sell... who's going to buy? Facebook tracking pixels and other statistics cookies are so much more valuable that this kind of data
How about a write-up on how Firefox plans to stay competitive and integrate/innovate on some of the best features from competing browsers?
I still think chrome is the better browser both in functionality and performance, but at least Firefox was 90-95% of the way there, and respected my desire to not sell my data.
While this in of itself isn’t super egregious and has an easy opt out, what alternatives are there? I know there’s a bunch of chrome clones, but at that point why not just use raw chromium?
It's surprisingly difficult to disable searching from the browser UI in Firefox. Firefox insists you have at least one search engine enabled at all times. The best option I know of is to set the undocumented setting "browser.urlbar.update2.engineAliasRefresh" to "true" in about:config, which enables an "Add" button in the Search preferences for adding custom search engines. You can then add a fake search engine on localhost that will always fail, and set this to be the only enabled search engine.
I think these were the most important:
keyword.enabled
browser.fixup.alternate.enabled
browser.urlbar.suggest.searchesYES! My friend, you have found my holy grail, thank you
Why isn’t this opt-in? Seems to give away the plot.
"This helps us [...] providing a browsing experience that is more tailored to your needs"
How would my browsing experience be different in any of the categories? Unless it's about showing me ads yet again.
If the categories were things like "using search as the most convenient way to find a well-known website", "entering a term that's likely to appear in a news headline", and "asking a fully-formed question", I'd find the claim that this is about ways to make a better "browser experience" more convincing.
Mozilla is supposed to be better than this. I don’t really see anywhere else to go though if you want a web experience that works out of the box (non-free codecs and the like).
This. It's not necessary, and I consider it dangerous. Even if the browser maker is 100% on the same privacy page as I am, browsers are too complex to trust with personal data.
Not to mention, the way the text is written makes me think it's ai generated and that makes it somehow even worse.
Every company that claims to respect your privacy is full of shit. There is too much money to made in not respecting it and this is the sole reason that they exist.
Even if you follow those steps you listed there and uncheck all those boxes you're shown in the standard settings pages, then Firefox will just continue to send out 'pings' when you interact with certain elements in the browser interface. And that's just the tip of the iceberg.
Mozilla is like one of those politicians that just won't stop yapping about traditional conservative family values, who is later found to have several extramarital children and numerous affairs with same-sex partners themselves.
{
"policies":
{
"DisableAppUpdate": true
}
}
/opt/APPfirefox (package root)
/opt/APPfirefox/firefox (currrent nightly)
/opt/APPfirefox/bin/firefox-127.0a1 -> /opt/APPfirefox/firefox/firefox-127.0a1
/opt/APPfirefox/distribution/policies.json
[1] https://support.mozilla.org/en-US/kb/customizing-firefox-usi...
I had the settings disabled, then updated to the latest version ("126.0 (64-bit)") and settings were kept disabled.
So at least for now it looks like it respects your current settings.
Note says it takes 30 days for them to remove your data history.
I wonder if pihole or similar could just block the dns for this crap.
That's clearly not a solution either since expensive products and services with subscriptions still routinely collect every scrap of data they can get their hands on. Companies will always make more money by violating your privacy while also charging you as much as they possibly can so that's exactly what they do.
At the very least collection of non-anonymized data should be opt-in at most. So where is the problem?
More recently, there was that whole thing where YouTube was "accidentally" adding delays to non-Chrome browsers.
If this is why, you've just made Firefox better for me! Thank you!
"Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening "
Not a Firefox power user, but also not a fan of having to learn through HN that I need to disable some random opt-in to not have my browsing leaked by my browser. Was genuinely on the fence about deleting it and simplifying to Safari.
Sure they do. I know a lot that have, anyway. I'm one of a tiny percentage of my tech circle who uses it anymore.
Or... they can, because they are still more private and respectful than Chrome and Edge, at least.
Firefox used to _stand_ for things that internet savvy folks cared about, and at least some of that would trickle down to make even the non-savvy user's browsing experience better.
B) Email protocols aren't a moving target to the degree that the web is
C) Thunderbird has the benefit of being able to freeload off the base platform development that Firefox continues to do, although of course it's a lot of work even to adapt to those changes.
Wasn't this also shown with anonymized taxi-cab data (released in NY?) many moons ago?
Would it not be possible with knowing that you are tracking this data to funnel people into doing searches in a way that would reveal things?
Directions to the out of state reproductive health clinic, combined with card data would be all it takes to do serious things to people in some states.
Defaults matter. A lot.
Anonymized data is not always anonymous, collected server side or otherwise.
There are many papers on the topic. One of the more popular examples is "Robust De-anonymization of Large Sparse Datasets" using the Netflix Prize Dataset.
>We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world’s largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber’s record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.
https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf
This paper speaks about AOL in 2006, which I think you are referring to: https://digitalcommons.law.uw.edu/cgi/viewcontent.cgi?articl...
However, it should be noted that the AOL dataset had a bunch of stuff that was identifiable by its nature (e.g. people searching for their full names or address), and the dataset wasn't scrubbed of those searches. So the controversy wasn't just re-identification of data, but also just a bunch of already-identifiable data.
>Anonymized data is not always anonymous
More importantly, in my opinion, is that data that is anonymous now is just one other dataset away from not being anonymous anymore.
If anything, I think it's both safer and more accurate to start from the assumption "anonymized" data can be de-anonymized and and require evidence to refute that rather than starting from a place of assumption that anonymization works and then trying to find a way to attack it. In practice, there's just not a good track record of this being done effectively, and I think people should generally be skeptical of whether this is even possible in many cases.
The trouble is that we'd still have to take the word of the entity doing the data collection that they've done this properly, and it's clear that we can't take anyone's word for that.
It can, but that's too often little more than a justification to take as much data as possible much of which is misused. In this case, what a person searches for on the internet isn't helping one bit with "usability, design, and product enhancement"
Anything short of that is you ignoring the concept of consent entirely, and doing whatever mental gymnastics you can to feel fine with doing so.
In fact cookie banners show this. People hate them because they force meaningless choices on them. If you make a website with tracking as an opt-out option, almost everyone clicks "accept all". If you make a website with tracking as opt-in, almost every one clicks accept all. That shows that opt-in/out or consent does literally nothing ot reflect people's preferences, the act of making a choice completely dominates the actual decision.
That means that if you want to respect user preferences you don't actually get around making default choices for them, and it's why consent is pretty much meaningless.
I disagree with this interpretation - the banners force themselves in front of the user before accessing the content. And then the choice is almost always "Accept all" and "complete a checklist mini-game of things you don't want cookies for". It's not a shock that people when confronted with this will click the easy button, and that doesn't mean it reflects their actual interests. It's just fatigue. If the "accept our cookies" button was off to the side of the page, and defaulted to "none" unless the user did something otherwise, I wonder what the "accept all" numbers would look like then. Actually, I don't.
EDIT: I've been getting a lot of down votes for this stance, surprisingly. Why not share your position if you don't agree? There must be a bunch of hardcore people on here who are writing directly on the metal in machine code. Short of that, you are in fact using someone else's code in all your projects.
I think that when most devs hear "using existing code", they're thinking of the latter, not the former.
———
Will they though? Maybe some toy ones but the distribution of other browsers are largely built on chromium with a few on Firefox and one or two on WebKit.
Beyond that, there’s Arc that’s made a splash with the HN crowd but IIRC, it’s VC funded so a whole different set of concerns.
There will be other browsers but almost the entire browser market is essentially funded by Google.
Yes, but that was my actual point. If one simple UI design trick is enough to completely flip the choices of users, then consent forms aren't a robust way to collect preferences at all. In fact if you wanted to genuinely and in good faith provide access to granular preferences, giving a more complicated set of choices would be the only way to go about it, and that fatigue is still real even if the design has a legitimate purpose.
What you're saying is true, the only way for the choice to be representative would be to have like a binary yes/no choice because that's simple, but that's not even necessarily what the user wants either. You're going to get a significantly more accurate view of people's real preferences by collecting data, like what Firefox is doing here, and then setting defaults accordingly.
What I'm saying is that calling a library/crate/whatever is an entirely different thing from using a tool like a compiler/IDE/etc. In the former, you're incorporating external code into your project. In the latter, you're not.
I think most people wouldn't say that you're "using someone else's code" in your project just by using a tool written by someone else because the tool's code is not being included in your project.
Perhaps I misunderstood you, though. Your statement "There must be a bunch of hardcore people on here who are writing directly on the metal in machine code" heavily implies that you believe that using an assembler or compiler counts as "using existing code". In this context, I don't think it does.
By the way, I do, in fact, sometimes write code directly in machine language. Not large amounts of it, of course, but some.