Louis Rossmann criticizes Mozilla's handling of the Firefox browser, arguing they've prioritized telemetry and user tracking over performance and essential features. He points to the declining market share as evidence of their mismanagement and expresses frustration with the browser's increasing bloat and sluggishness. Rossmann believes Mozilla has lost sight of its original mission of providing a fast, open-source alternative to dominant browsers and is instead chasing trends that don't benefit users. He contrasts this with the Pale Moon browser, highlighting its focus on performance and customization as a better embodiment of Firefox's original values.
The blog post "Trust in Firefox and Mozilla Is Gone – Let's Talk Alternatives" laments the perceived decline of Firefox, citing controversial decisions like the inclusion of sponsored tiles and the perceived prioritizing of corporate interests over user privacy and customization. The author argues that Mozilla has lost its way, straying from its original mission and eroding user trust. Consequently, the post explores alternative browsers like Brave, Vivaldi, and Librewolf, encouraging readers to consider switching and participate in a poll to gauge community sentiment regarding Firefox's future. The author feels Mozilla's actions demonstrate a disregard for their core user base, pushing them towards other options.
HN commenters largely agree with the article's premise that Mozilla has lost the trust of many users. Several cite Mozilla's perceived shift in focus towards revenue generation (e.g., Pocket integration, sponsored tiles) and away from user privacy and customization as primary reasons for the decline. Some suggest that Mozilla's embrace of certain web technologies, viewed as pushing users towards Google services, further erodes trust. A number of commenters recommend alternative browsers like LibreWolf, Falkon, and Ungoogled-Chromium as viable Firefox replacements focused on privacy and customizability. Several also express nostalgia for older versions of Firefox, viewing them as superior to the current iteration. While some users defend Mozilla, attributing negative perceptions to vocal minorities and arguing Firefox still offers a reasonable balance of features and privacy, the overall sentiment reflects a disappointment with the direction Mozilla has taken.
Servo, a modern, high-performance browser engine built in Rust, uses Open Collective to transparently manage its finances. The project welcomes contributions to support its ongoing development, including building a sustainable ecosystem around web components and improving performance, reliability, and interoperability. Donations are used for infrastructure costs, bounties, and travel expenses for contributors. While Mozilla previously spearheaded Servo's development, it's now a community-maintained project under the Linux Foundation, focused on empowering developers with cutting-edge web technology.
HN commenters discuss Servo's move to Open Collective, expressing skepticism about its long-term viability without significant corporate backing. Several users question the project's direction and whether a truly independent, community-driven browser engine is feasible given the resources required for ongoing development and maintenance, particularly regarding security and staying current with web standards. The difficulty of competing with established browsers like Chrome and Firefox is also highlighted. Some commenters express disappointment with the project's perceived lack of progress and question the practicality of its current focus, while others hold out hope for its future and praise its technical achievements. A few users suggest potential alternative directions, such as focusing on niche use-cases or becoming a rendering engine for other applications.
Mozilla's Firefox Terms state that they collect information you input into the browser, including text entered in forms, search queries, and URLs visited. This data is used to provide and improve Firefox features like autofill, search suggestions, and syncing. Mozilla emphasizes that they handle this information responsibly, aiming to minimize data collection, de-identify data where possible, and provide users with controls to manage their privacy. They also clarify that while they collect this data, they do not collect the content of web pages you visit unless you explicitly choose features like Pocket or Firefox Screenshots, which are governed by separate privacy policies.
HN users express concern and skepticism over Mozilla's claim to own "information you input through Firefox," interpreting it as overly broad and potentially invasive. Some argue the wording is likely a clumsy attempt to cover necessary data collection for features like sync and breach alerts, not a declaration of ownership over user-created content. Others point out the impracticality of Mozilla storing and utilizing such vast amounts of data, suggesting it's a legal safeguard rather than a reflection of actual practice. A few commenters highlight the contrast with Firefox's privacy-focused image, questioning the need for such strong language. Several users recommend alternative browsers like LibreWolf and Ungoogled Chromium, perceiving them as more privacy-respecting alternatives.
Mozilla has updated its Terms of Use and Privacy Notice for Firefox to improve clarity and transparency. The updated terms are written in simpler language, making them easier for users to understand their rights and Mozilla's responsibilities. The revised Privacy Notice clarifies data collection practices, emphasizing that Mozilla collects only necessary data for product improvement and personalized experiences, while respecting user privacy. These changes reflect Mozilla's ongoing commitment to user privacy and data protection.
HN commenters largely express skepticism and frustration with Mozilla's updated terms of service and privacy notice. Several point out the irony of a privacy-focused organization using broad language around data collection, especially concerning "legitimate interests" and unspecified "service providers." The lack of clarity regarding what data is collected and how it's used is a recurring concern. Some users question the necessity of these changes and express disappointment with Mozilla seemingly following the trend of other tech companies towards less transparent data practices. A few commenters offer more supportive perspectives, suggesting the changes might be necessary for legal compliance or to improve personalized services, but these views are in the minority. Several users also call for more specific examples of what constitutes "legitimate interests" and more details on the involved "service providers."
Firefox now fully enforces Certificate Transparency (CT) logging for all TLS certificates, significantly bolstering web security. This means that all newly issued website certificates must be publicly logged in approved CT logs for Firefox to trust them. This measure prevents malicious actors from secretly issuing fraudulent certificates for popular websites, as such certificates would not appear in the public logs and thus be rejected by Firefox. This enhances user privacy and security by making it considerably harder for attackers to perform man-in-the-middle attacks. Firefox’s complete enforcement of CT marks a major milestone for internet security, setting a strong precedent for other browsers to follow.
HN commenters generally praise Mozilla for implementing Certificate Transparency (CT) enforcement in Firefox, viewing it as a significant boost to web security. Some express concern about the potential for increased centralization and the impact on smaller Certificate Authorities (CAs). A few suggest that CT logs themselves are a single point of failure and advocate for further decentralization. There's also discussion around the practical implications of CT enforcement, such as the risk of legitimate websites being temporarily inaccessible due to log issues, and the need for robust monitoring and alerting systems. One compelling comment highlights the significant decrease in mis-issued certificates since the introduction of CT, emphasizing its positive impact. Another points out the potential for domain fronting abuse being impacted by CT enforcement.
DigiCert, a Certificate Authority (CA), issued a DMCA takedown notice against a Mozilla Bugzilla post detailing a vulnerability in their certificate issuance process. This vulnerability allowed the fraudulent issuance of certificates for *.mozilla.org, a significant security risk. While DigiCert later claimed the takedown was accidental and retracted it, the initial action sparked concern within the Mozilla community regarding potential censorship and the chilling effect such legal threats could have on open security research and vulnerability disclosure. The incident highlights the tension between responsible disclosure and legal protection, particularly when vulnerabilities involve prominent organizations.
HN commenters largely express outrage at DigiCert's legal threat against Mozilla for publicly disclosing a vulnerability in their software via Bugzilla, viewing it as an attempt to stifle legitimate security research and responsible disclosure. Several highlight the chilling effect such actions can have on vulnerability reporting, potentially leading to more undisclosed vulnerabilities being exploited. Some question the legality and ethics of DigiCert's response, especially given the public nature of the Bugzilla entry. A few commenters sympathize with DigiCert's frustration with the delayed disclosure but still condemn their approach. The overall sentiment is strongly against DigiCert's handling of the situation.
Despite significant criticism and a year-long controversy, Mozilla continues to promote and partner with OneRep, a paid service that removes personal information from data broker sites. Security expert Brian Krebs reiterates his concerns that OneRep's business model is inherently flawed and potentially harmful. He argues that OneRep benefits from the very data brokers it claims to fight, creating a conflict of interest. Further, he highlights the risk that OneRep, by collecting sensitive user data, could become a valuable target for hackers or even sell the data itself. Krebs questions Mozilla's continued endorsement of OneRep given these ongoing concerns and the lack of transparency around their partnership.
Hacker News users discuss Mozilla's continued promotion of OneRep, a paid service that removes personal information from data broker sites. Several commenters express skepticism about OneRep's effectiveness and long-term value, suggesting it's a recurring cost for a problem that requires constant vigilance. Some propose alternative solutions like Firefox's built-in Enhanced Tracking Protection or opting out of data broker sites individually, arguing these are more sustainable and potentially free. Others question Mozilla's motives for promoting a paid service, suggesting potential conflicts of interest or a decline in their commitment to user privacy. A few commenters defend OneRep, citing positive experiences or emphasizing the convenience it offers. The overall sentiment leans towards distrust of OneRep and disappointment in Mozilla's endorsement.
Mozilla's code signing journey began with a simple, centralized system using a single key and evolved into a complex, multi-layered approach. Initially, all Mozilla software was signed with one key, posing significant security risks. This led to the adoption of per-product keys, offering better isolation. Further advancements included build signing, allowing for verification even before installer creation, and update signing to secure updates delivered through the application. The process also matured through the use of hardware security modules (HSMs) for safer key storage and automated signing infrastructure for increased efficiency. These iterative improvements aimed to enhance security by limiting the impact of compromised keys and streamlining the signing process.
HN commenters generally praised the article for its clarity and detail in explaining a complex technical process. Several appreciated the focus on the practical, real-world challenges and compromises involved, rather than just the theoretical ideal. Some shared their own experiences with code signing, highlighting additional difficulties like the expense and bureaucratic hurdles, particularly for smaller developers. Others pointed out the inherent limitations and potential vulnerabilities of code signing, emphasizing that it's not a silver bullet security solution. A few comments also discussed alternative or supplementary approaches to software security, such as reproducible builds and better sandboxing.
Summary of Comments ( 52 )
https://news.ycombinator.com/item?id=43231096
The Hacker News comments discuss Louis Rossmann's video about Firefox's declining market share. Several commenters agree with Rossmann's assessment that Mozilla has lost focus on its core user base by prioritizing features that don't resonate with power users and developers. Some point to specific examples like the removal of XUL extensions and the perceived bloat of the browser. Others argue that Firefox's decline is inevitable due to the dominance of Chrome and the network effects of Google's ecosystem. A few commenters defend Mozilla's decisions, suggesting they're trying to appeal to a broader audience. The discussion also touches on the difficulty of competing with a resource-rich giant like Google and the importance of open-source alternatives. Several users express nostalgia for Firefox's past dominance and lament its current state.
The Hacker News post titled "Louis Rossmann opines on the Firefox debacle [video]" with the ID 43231096 contains a number of comments discussing Louis Rossmann's video on the recent controversies surrounding Firefox. Several commenters express agreement with Rossmann's critique of Mozilla's perceived shift away from its core user base and towards a more mainstream, arguably less privacy-focused approach.
One commenter argues that Mozilla's decline began with the removal of XUL extensions, claiming that it alienated power users and significantly diminished Firefox's customizability, a key differentiator from other browsers. This commenter contends that Mozilla failed to provide adequate alternatives for the functionality lost with XUL extensions, leading users to migrate to other browsers or resort to cumbersome workarounds.
Another commenter expresses frustration with Mozilla's apparent prioritization of superficial features and aesthetic changes over core functionality and performance improvements. They suggest that this focus on less essential aspects has neglected the needs of users who value Firefox for its speed, customizability, and privacy features.
Several comments also discuss the perceived influence of Google on Mozilla's decision-making, referencing Mozilla's dependence on Google as its primary search engine partner. Some speculate that this financial relationship may have incentivized Mozilla to adopt policies more aligned with Google's interests, potentially at the expense of user privacy.
Some commenters express skepticism about Rossmann's perspective, suggesting that his views are overly dramatic or misinformed. One commenter points out that Firefox still retains a dedicated user base who appreciate its commitment to privacy and open-source principles. Another challenges Rossmann's criticism of specific features, arguing that they are either beneficial or inconsequential to the overall user experience.
A recurring theme throughout the comments is the sense of disappointment and frustration with Mozilla's direction. Many long-time Firefox users lament the perceived decline of the browser and express a desire for Mozilla to return to its roots as a champion of user choice and privacy. Some suggest that the recent controversies represent a turning point for Firefox, potentially leading to further user attrition if Mozilla fails to address the concerns raised by its community.