Comment by MrAlex94
1 year ago
I might have differed with Brendan Eich on a few matters, but he was a good steward of Firefox in my book.
When Mitchell Baker took the reins, Mozilla became rather more heavy-handed towards us - the irony being that Waterfox was once proudly displayed on the Mozilla website under their "Powered By" banner.
I appreciate the constant existential wobble Firefox faces, but they've made some peculiar decisions as of late.
On one hand, they're finally implementing features users have been clamouring for ages (tab groups, vertical tabs and the likes) - on the other, rather odd policy choices.
I should point out, it seems daft to me when others suggest using forks with no well-established governance of their own, essentially shifting trust from an organisation at least answerable to certain regulations, to individuals with no proper framework or guidelines.
I've done my best with Waterfox over the years to have it represented by a proper legal entity with policies to follow; so if anyone is interested take a look.
Edit: FWIW I've written some more thoughts on it here: https://www.waterfox.net/blog/a-comment-on-mozilla-changes/
Here's my question: in light of what Mozilla is doing, why don't other forks like Waterfox or Librewolf write a manifesto/contract saying they'll never sell your user data and won't turn "evil" (until they do, of course), and then decide to offer a paid version of their browser.
Two possible outcomes:
1. No one cares. No one pays for it. Nothing changes and nobody loses anything.
2. Enough people pay for it to keep the product healthy and the user-centric promise alive. The Internet is saved.
So why isn't anyone trying to replace Mozilla yet, with a more sane business model than living on the back of Google's fear of antitrust investigation? What's the worse that can happen?
Just sell a bonafide paid version alongside the free one, don't just rely on donations. There is a massive difference between offering a paid product and begging passers-by to spare some change.
The problem with paid versions, is that I don't really trust them either. MBA creep will happen and suddenly the TOS changes and my paid tier is going to have data collection and 'some' ads. I have to move to a high tier to avoid them. After a few cycles of that, one day all the tiers have data collection and ads.
> The problem with paid versions, is that I don't really trust them either.
Yes, Trust is at the foundation of the whole problem with the Tech Industry:
/1/ users (consumers) expect to be protected (not injured, not cheated, not surveilled) by the products that they use, and
/2/ the WWW is a monstrosity, the only software that we can in fact trust is never connected to the Internet (in other words, we don't trust any software)
Ergo...
Given /2/, we cannot trust any software, full stop. Even paying $CORP for its products is no guarantee of care, safety, and security.
and
Given /1/, which software do we accept? For OS, I prefer Linux by far. Even where usability is a little rough, I can exclude components that I do not want. When obliged to use Windows, I hold my nose and try as much as possible to foil all the bloat, anti-user patterns, and telemetry. I resent it all the way!
I prefer Firefox because I like the features and I insist on a small set of extensions: uBlock Origin, Multi-Account Containers, Privacy Badger. Google is a nasty surveillance ecosystem and Microsoft is a Spaghetti Western: by turns good, bad, and ugly.
If it will fund further development and maintain the current commitment to respect for privacy, I am willing to allow Mozilla to do some aggregate analysis of my browsing habits, just as I am willing to provide survey answers for products that I buy.
I don't love the aggregate analysis, but Mozilla needs to do browser business in the modern world.
1 reply →
Paid version have that problem somewhat less because they have a source of income that could dry up if they do. Paying someone means they are beholden to you as well, while free gives you nothing.
There is a reason I get my email via fastmail: they differentiate themselves on privacy features. I also have my own domain, so if fastmail does turn evil they know I can easially move away. I can run my own email server, but having done that I know it is harder than I want. There are other services I'd pay for if I could find someone I could trust to take a small amount of money. (small is key - plenty would do this for thousands, but I don't have that much free cash)
Don't get me wrong, the above is not very large, but it is still something.
Nothing is forever, but if you get a contract that prohibits their data play (collection, derivation, sale, all of it...) for a year or whatever, you're good for that long. That'd be enough for me.
You have to trust and/or monitor and apply active pressure to (something that virtually nobody does) the developers to some extent either way. The difference with a paid distribution is that there's at least some revenue that helps keep the project afloat, and with a free distribution there's not.
e.g. if you have a CEO/lead developer that's initially acting responsibly, but has a "bankruptcy threshold" beyond which they'll start selling your data, a revenue stream will stave that point off.
Semi-crazy idea: Add clauses which destroy half the company if they change the deal without a year of advance notice.
1 reply →
Yes, this. When Mozilla (or any other corporation) demonstrates positive cashflow, the odds of MBAs and other vulture capitalists descending on it increase massively. And I have never seen customer agreements like this survive a buy-out: the new owners are never constrained by the promises (or even contracts) of the previous company.
>So why isn't anyone trying to replace Mozilla yet,
Because writing manifestos is easy and making a browser is proper hard work ?
My comment is targeted to the developers of Waterfox and Librewolf - they're already making a browser, so the hard part is done.
I'm wondering why don't they try to step it up further by selling a paid version alongside their open source product. What is the worst that can happen? Nobody pays for it and they continue making $0 just like they are happily doing now.
10 replies →
And making a browser that's actually financially viable enough to pay for your time and effort without pissing off your user base because of paid features is even worse.
Especially in a crowded market, where we're arguing extensively about a browser that has 2.54% of the market share. Chrome (67%), Safari (18%), Edge (5.2%) [1]
[1] https://gs.statcounter.com/browser-market-share
Most of those also have a browser mostly as add-ons, bundling, ecosystem value, or trademark / brand name trojans.
Admittedly, if you're looking to make a browser, there's a lot of various prior attempts that remain in existence, yet have never really received that much attention. [2]
[2] https://upload.wikimedia.org/wikipedia/commons/7/74/Timeline...
Personal preference is that somebody would implement a scripting language alternative other than Javascript. Anybody heard of TCL lately? It's supposed to be a browser scripting language alternative according to the w3.org specification [3] Really, almost anything other than Javascript as an alternative. Just for some variety.
[3] https://www.w3.org/TR/html401/interact/scripts.html
Exactly, so why not write them?
I am at the point where I would happily pay an annual subscription on the order of a few hundred dollars per year just to avoid the headaches of today's browsers. Don't add new features, don't change the look of anything, just give me security updates and bug fixes. The only problem with this model is what we saw happen to the streaming services; paying to avoid ads just means your data is worth that much more. Paying for a higher-tier plan is a signal that you have a greater level of disposable income, and are hence more valuable to advertisers.
When this topic has been discussed on Hacker News in the past, it has also been pointed out that developing a browser with feature parity to Firefox or Chrome would be prohibitively expensive.
Kagi's Orion browser has a lifetime sponsor price of $150. That plus the Kagi subscription support its development.
It's currently macOS and iPad/iPhone only, but a Linux version is being worked on. I don't know their plans for a Windows version.
Which is great, but I'm not going to buy it until it's fully open source: https://orionfeedback.org/d/3882-open-source-the-browser/34
1 reply →
Tbh while I have been using Kagi as search and their AI assistant a lot lately, their browser lacks massively in functionality. uBlock Origin has never been working for me, neither on macOS nor on iOS, and for me it just doesn't deliver enough to convince me to switch.
What is a fair price? Developers are not cheap and you need to pay many of them every month (or get the equivalent in donated time). We can debate that number of course, so I'm going to start the discussion at $50/year. So your "lifetime sponser" is only worth 3 years (ignoring interest which isn't significant at this time scale).
Accounting for lifetime anything is hard (I don't know how to do the math, I'm sure people that do debate a lot of complex issues), but I'm again going to suggest that a lifetime subscription needs to be 20x the yearly fee to give a number to start the debate at.
1 reply →
And it crashes constantly. Lots of other bugs that you start noticing when doing deeper things. I tried it for about six months. Just not a reliable or serious browser although very fast when it actually works.
Brave https://brave.com/ has been around for a while
https://old.reddit.com/r/privacy/comments/191yu33/why_is_bra...
Kagi is making the Orion browser, which you can pay for. I am a happy customer.
There's also Ladybird and several Webkit wrappers.
Ladybird is targeting a 2026 alpha release and last time I looked they lacked site isolation and other sandboxing measures: https://github.com/LadybirdBrowser/ladybird/issues/57
Orion works on Apple OSes only.
4 replies →
I tip some projects that help me. It's been years since mozilla started to do evolve in ways that feel weird. I'd tip for a fork.
Question is: how many people would jump ship, and then how much money would that represent to pay devs.
https://buymeacoffee.com/waterfox
please do tip a fork. Right now this money seems to go to one person, but if that person starts making significant money we can probably talk them into hiring others to work on the project.
3 replies →
This idea of having an moral alignment covenant I think is a great one. I'm fed up of being bait-and-switched by companies that get buy-in by being open and friendly, and then later they decide to kill the golden goose. If you're committed to FOSS then commit! Make it official so that people can trust that you're not going to enshittify later.
Open AI is still technically a non-profit. The price of freedom is eternal vigilance.
2 replies →
I'd pay for this.
[dead]
Most of the other "forks" (e.g. Librewolf) are just patches on top of vanilla Firefox sources, so it's really not a whole lot to scrutinize by hand. I've skimmed at least most of the patch files personally just out of curiosity. In my distro of choice, NixOS, the sources are built by Hydra or my local machine, so I'm not trusting that their binaries match the source either.
That makes it a bit easier to trust, but it does run into the issue that it stops working if Mozilla hits a certain level of untrustworthiness.
They got more than $7B to build a browser.
"I appreciate the constant existential wobble Firefox faces"
I would also love to face $7B existential wobbles.
To put that number in perspective, drawing just 1% of that down each year and putting in a bank account earning interest would fund 100 engineers on $500k/year indefinitely.
I get what you're saying, but the reality is that it takes more than engineers to run a browser company. You'd have to find 100 engineers who can double as lawyers, designers, project managers, etc., and handle payroll, and HR, and after those 100 engineers end up doing the job of 300 other people, how much code are they writing? Your point about them appearing to waste money is taken, I'm just pointing out that it's not quite as bald-faced as that.
2 replies →
They got it over many years with ongoing expenses because they had a browser, so comparing it with 7B lump sum is silly.
With the same argument you could probably retire, after all you already earned (years you've been working) * (average salary).
7 replies →
Yeah Mozilla at this point is really like the kid riding the bike and putting a stick in his own front tire meme. I had an interview with them years ago and even then it was clear they were wasting time on the most pointless bureaucracy while Firefox was languishing. Doesn’t google literally give them millions a year to exist? Like idk if I can even think of something more mismanaged than Mozilla.
Wikimedia tries but despite their best efforts Wikipedia is still unrivaled.
> I appreciate the constant existential wobble Firefox faces
The wobble seems to somewhat artificial. I'm having trouble believing Firefox could ever not be able to afford to continue browser development — there are way too many interests at stake. Google alone would have no choice but to bail Firefox out because Chrome can't be the only browser without being regulated to hell and back.
Google providing most of their funding is a fact, and that this provides a large amount of leverage over what Firefox can do is obvious. So how is the balancing act artificial?
For it to be self-imposed there needs to be an comparable amount of money ready to spring forth if Google ever pulled out that Mozilla is somehow keeping a lid on.
We are able to develop not just an open source kernel, multiple different distributions and a large suite of software. I would think that we could also develop a browser that doesn't need to spy on us.
I don't see how a regulated entity is better in any way than an individual.
We repeatedly see attacks on freedom and privacy by the people who are supposed to protect them, those so-called "regulators": chatcontrol, recent UK backdoor wishes, repeated French proposals to enforce DRM even on opensource. And I wouldn't even google Russia, China, or other less democratic states.
Regulated is probably worse than some anarchistic who-knows-by-whom software, but FOSS and auditable these days, tbh. Especially as everyone's audit capabilities grow day by day with AI. It's kind of good at grinding tons of code.
A heavily regulated entity with all licenses in the world might be more hostile toward users than some niche project.
> I don't see how regulated entity is better in any way than individual.
I feel you. Regulatory bodies have definitely fallen short in many cases, and we've seen concerning proposals from governments that threaten digital privacy and freedom. "Who watches the watchmen" seems incredibly apt nowadays.
However, I feel there's a fundamental difference between imperfect accountability and no accountability at all. With a legal entity governed by stated policies, users have:
1. Transparency about who makes decisions and how
2. Clear terms that create binding commitments
3. Legal mechanisms for recourse if those commitments are violated
4. A persistent entity that can't simply disappear overnight
Perfect? Not really. The ICO in the UK, for example, hasn't been amazing at enforcing data protection. But the existence of these frameworks means that accountability is at least possible - there are levers that can be pulled if someone can be bothered to.
In contrast, with software maintained by anonymous or loosely affiliated individuals, there's no structural accountability whatsoever. If privacy promises are broken, users have no recourse beyond abandoning the software.
FOSS and auditability are valuable safeguards, sure, but they primarily protect against unintentional privacy violations that might be discovered in code reviews. They don't address the human element of intentional policy changes or decisions about data collection.
I grow wearier by the day by the incessant calls to denounce and disown everything that isn't perfect.
> I feel you. Regulatory bodies have definitely fallen short in many cases, and we've seen concerning proposals from governments that threaten digital privacy and freedom. "Who watches the watchmen" seems incredibly apt nowadays.
Many regulatory bodies seem to constantly fall short of what they are supposed to do and then demand more money and powers to continue to fail at what they are supposed to do.
At what point would you accept that they maybe not fit for purpose and other solutions should be considered?
It maybe better to put resources into educating people on how to protect themselves from privacy breaches or minimise the impact.
The only thing I've ever seen from the ICO is a letter saying that if I have customer data I have to pay them a fee or pay a fine. Then I have to go through the inconvenience of telling them I don't have any, so I don't have to pay this fee.
2 replies →
Hey, thank you for Waterfox! I'm using it a lot across all my machines. Well done!
we need to clean cut from mozilla.
do they still make ot worthwhile for developers? are any on the payroll still?
i think the community should mobilize to sign up for adopting A single fork* as the official fork and completely drop mozilla from existence.
* only criteria should be the fork that is most convenient for all the other forks to just point to instead of mozilla and continue to ship with their patches. and that one fork should have the minimum resources to respond to security disclosures in place of mozilla, nothing else as a requirement.
More importantly that fork should be what other forks base off of. Anyone can put a skin on a browser, but someone needs to do the engine. If every fork who wants an engine improvement goes to the one place there is some mass behind making the fork real, and the other forks can still to their skin if they think it useful. That one fork also means that when mozilla comes out with a new version there are enough hands to merge (at least until Mozilla diverges too far from the fork)
What about Servo? That's coming along and already has a company/coop behind it.
https://blogs.igalia.com/mrego/servo-revival-2023-2024/
1 reply →
the first part of your comment is exactly what i said.
the second part, it looks like you ignored my whole comment.
there should be no more mozilla. if they exist by means of opensource contributors. i question if they have their own developers on payroll still? which might be slightly harder to replace.
>it seems daft to me when others suggest using forks with no well-established governance of their own
Yes, it may be that we are jumping from the frying pan into the fire. On the bright-side this opens up an opportunity for a company, or a suite of companies, to fund an alternative browser. Such an entity might have Signal at its lead, or similar, who's mission is solely to "tighten up" the software stack on which it runs.
That sounds very much like Ladybird's mission.
Truly independent
No code from other browsers. We're building a new engine, based on web standards.
Singular focus
We are focused on one thing: the web browser.
No monetization
No "default search deals", crypto tokens, or other forms of user monetization, ever.
https://ladybird.org/
> I should point out, it seems daft to me when others suggest using forks with no well-established governance of their own, essentially shifting trust from an organisation at least answerable to certain regulations, to individuals with no proper framework or guidelines
Individuals that care about these things have a far better track record than any business with employees, bills to pay, and investors.
Until that individual tires of the work, and then stops working on it completely or sells it to someone with less scruples or the project gets hijacked by malicious actor.
Aren’t the latter two more or less what happened to Firefox?
1 reply →
> I should point out, it seems daft to me when others suggest using forks with no well-established governance of their own, essentially shifting trust from an organisation at least answerable to certain regulations, to individuals with no proper framework or guidelines.
That just shows that trust in Mozilla has sunk below "random stranger" levels. IMO that shift is entirely deserved.
Rather odd policy choices is an understatement.
The context to keep in mind here is that Mozilla purchased an ad company back in June. They spent money on it, and they will move to earn a return on investment.
Absent that context this could just be another tone deaf policy choice that gets rolled back when there's enough heat, but with that context in mind it's far more likely to be them laying the legal foundation to incorporate Anonym's targeted advertising into Firefox.
From the Register article about the acquisition:
> Arielle Garcia, director of intelligence for ad watchdog Check My Ads, told The Register in an email that she's generally skeptical of claims about privacy-preserving ad technology.
> "For example, how do Anonym’s audience capabilities, like their lookalike modeling, jibe with what Mozilla considers to be 'exploitative models of data extraction?' The data that is 'securely shared' by platforms and advertisers to enable ad targeting and measurement have to come from somewhere – and there’s more to privacy than not leaking user IDs."
https://www.theregister.com/2024/06/18/mozilla_buys_anonym_b...
This is not the first time Mozilla bought an ad company, last time it was Qlikz. And last time it cost them most of their German users. Wonder how many users they will lose this time.
1. Is github the best place to report bugs / issues for Waterfox?
2. When (not in your lifetime obviously) Waterfox is broken, what canaries do you have deployed that we can archive now, like Mozilla's tell here?
3. What keeps waterfox afloat? Where/how do you accept funds?
4. How do I find a sync alternative or provide my own? Such that, I'm not reliant on Mozilla sync/backend? ... If none exists, how much would it cost for you to embed one? Would you accept a serious bounty for it assuming the focus is self hosted / no Waterfox backend services?
> When (not in your lifetime obviously) Waterfox is broken, what canaries do you have deployed that we can archive now, like Mozilla's tell here?
This is so melodramatic. It’s a set of patch files applied to the Firefox source tree. If an evil maintainer hatches a maniacal plan to collect user statistics and deletes the patch that removes telemetry or whatever, you can just `git revert`.