Follow

reminder that firefox:
- is funded in great part by google.

- ships with an hidden telemetry extension to send data about users having telemetry disabled (bugzilla.mozilla.org/show_bug.),

- checks wether the sites you attempt to connect to are unsafe, according to a google database, updated from google’s servers every 30min (which sends them some nice cookies along with it),

- uses google analytics on the addons repository, thus tracking users attempting to install add-ons. They claim it is "extremely useful to us and we have already weighed the cost/benefit of using tracking.", so they entirely admit to not caring about user privacy,

- remotely installed an add-on without user permission (to advertise a tv show)

- can also change your settings remotely

- integrated pocket, a proprietary service, into the browser,

- by-passes user dns settings to instead redirect requests to cloudflare, a company whose goal is basically to transform the internet into the cloudflarenet.

- also collects a whole bunch of data by default among which some uniquely identifying information about your device but also your interactions with firefox. This can be disabled by opting out of their spying^Wtelemetry program.

Mozilla is not your friend, they’re first and foremost a corporation.

this doesn’t mean you should stop using firefox. but you also shouldn’t trust mozilla just because they claim to respect your privacy, which is a suspicious thing to claim in the first place

Show thread

@papush aleast some user accessible configs allow to disable all of those nasty stuff, what is bad that they are brought by default like this :blobsweats:

@Miaourt yes, and many of this needs messing about in about:config too, which isn’t the most user-friendly thing to do, while still being much better than needing compile-time patches like chrome of course.

@papush wonder if extensions can mess in this area mmh mmh

@papush @Miaourt distribution makers shipping firefox should ship with settings disabling this by default!

@webfreak @papush Debian do (did?) it afaik, even with some proprietary blobs removed

@webfreak i think most disable telemetry by default, or at least at hope. it’s the least they could do

@Miaourt The number of those things increases all the time, which is not good. It's time for a fork, but it ain't easy to do, so…

@papush

@papush DuckDuckGo, Purism and some others claim the same thing too

idk how can this even be something to brag about, should be the norm

@papush all corporations should be assumed to fundamentally be against your interests

mozilla is not an exception

i do think they are much less bad than google or whatnot

but capitalism, by its very nature, corrupts everything, absolutely

@lumi @papush well.. Mozilla Corporation is basically non-profit from what I understand. It feels wrong to put it in the same category as #gafam.

@hexmasteen @lumi the mozilla foundation is non-profit, the mozilla corporation is for-profit subsidiary of the mozilla foundation

@papush @lumi wikipedia says:

The Mozilla Corporation reinvests all of its profits back into the Mozilla projects. The Mozilla Corporation's stated aim is to work towards the Mozilla Foundation's public benefit to "promote choice and innovation on the Internet."

@papush What are good browsers to use instead? I'm on Debian.

@TwoVealCutlets i honestly don’t know how to answer that sadly. browsers are such complex beasts nowadays, it’s tough to fully trust any of them. as i said you can still use firefox but you might want to read up about ways to disable the various tracking features.

@papush @TwoVealCutlets There are some Firefox forks, but most either lack support or have idiotically over-aggressive developers (github.com/jasperla/openbsd-wi). The rest is WebKit based in some form (Blink), which there are good reasons to avoid as well.
Yep, it looks bad. At least there *is* a version of Fennec (Firefox for Android, the old version) on F-Droid, which is free of anything proprietary.

@TwoVealCutlets @papush I'd just use Firefox, the Debian project's builds of the browser should be quite trustworthy, but do take the time to disable telemetry and whatnot in settings and about:config:
https://wiki.archlinux.org/index.php/Firefox/Privacy
https://www.privacytools.io/browsers/#about_config

@TwoVealCutlets @papush Falcon works fine. Midori works most of the time. The others take some time to get used to.

@TwoVealCutlets
@hexmasteen @papush
Wasn't it WebKit based? Btw if I'd go back to a Blink-engine based browser, I probably go with Vivaldi. It's UI can be altered to more suit my needs, like moving the tabs to the side and the address bar to the bottom. All natively, instead of with an extension with Firefox 🙂

@jonw
And Chromium uses the Blink engine if I'm not mistaken, like 95% of the web browsers? 🙂
@TwoVealCutlets @hexmasteen @papush

@RyuKurisu

Ah, yes. My bad. You are one level further down the stack than I was :)

@TwoVealCutlets @hexmasteen @papush

@duponin @TwoVealCutlets i mean, yeah. also emacs’ built-in browser is pretty nice. but sadly webdevs like to reimplement even basic features that are supported by every browser in javascript :blobcatverysad:

@papush
If we start to act like that, we will stop to use any web browsers and will build our own from bash scripts using openssl commands to decrypt https, netcat to connect to server and pandoc to convert html to something human readable unlike that html trash
@TwoVealCutlets
@papush those who say about privacy a lot, usually don't care about it: Mozilla, DDG, ProtonMail... It's just marketing stuff.
@a1batross @papush Mozilla isn't perfect, but Firefox is still a hundred times better than Chrome in terms of privacy and freedom. And if you don't trust Mozilla, there are always forks like Waterfox, Pale Moon and whatnot.
@mmizore @papush I'm not fan of Chrome or Firefox, I just use what runs best. I really appreciate the 60FPS experience when choosing software.

Firefox is the only smooth browser on desktop.
But on mobile, I use Bromite, which is fork of Chromium.

@mmizore
>hundred times
i’d say it’s just barely better, but otherwise yes

@papush Chrome includes some pretty nasty proprietary blobs, including a DRM module, by default. Firefox (at least in Linux builds) doesn't, which by itself makes a huge difference.

@papush @mmizore Comparing a huge global company that make money by spying on people and using the information to manipulate them with a nonprofit that creates open technologies for everyone. "a hundred times" seems reasonable.

@hexmasteen well, a non-profit owning a for-profit, with millions of dollars involved, many of which coming from one of those huge global companies. but i still said they were better

@mmizore @a1batross @papush Another good option could be GNU Icecat if people don't want Mozilla. Hundreds of millions of people on this planet didn't understand the value of privacy, still using Google products and Facebook. They didn't know what they lost could cost them more and more with technology always evolving. They knew nothing.

@TwoVealCutlets @papush datamining, no standard protocols support, can't really verify how much my mails are encrypted.

@a1batross @papush With regard to datamining, that was a smear campaign by a rival company, Private Internet Access. With regard to support of standard protocols, I'm pretty sure that e-mail in and of itself is a standard protocol. The last claim is true enough, I guess, but since they have a committent to privacy, it figures it would extend to the encryption of mail.

@TwoVealCutlets @papush well, again, it's all about how much you trust/believe them.

While they claim high privacy, only thing I can do is to trust their words.

@TwoVealCutlets @a1batross smtp and imap are standard protocols, and i think you need to pay extra to be able to use them with protonmail

@papush @TwoVealCutlets there is a bridge available that "seamlessly decrypts and encrypts" mail though.

Aaand it's not FOSS. :D

@papush

- So what? As far as we know, the money Mozilla gets from Google is far from making them biased. Firefox even recommends extensions that block ads on YouTube

- Telemetry helps building software immensely. As long as it serves this purpose, and not another one like advertising, it is fine to me.

- They disabled the data sharing with Google on Google Analytics. Yes, you can do that. It's quite hidden, but it's there because of GDPR and because Google doesn't want a privacy-conscious competitor to take over. Data collection is not the only way Google makes money with Google Analytics, they also sell services related to it.

- This was a huge mistake they admitted to and it will certainly never happen again.

- You can disable remote settings. Disable "Use recommended performance settings."

- You can disable Pocket too. It's quite simple with the Firefox policy system. support.mozilla.org/en-US/kb/c

- omfg are you fucking kidding??? this is DNS over HTTPS, which GREATLY enhances privacy. Cloudflare are limited by their strict privacy policy (which was actually made stricter as part of Mozilla's agreement with them). Anyway you can disable that too in the networking settings. But don't.

- As I said, telemetry isn't inherently bad

@papush oh I forgot to address the Google Safe Browsing database.

So they only send HASHES of the domains you connect to, and their requests even include random dummy hashes to avoid Google figuring out what you're doing.

Google Safe Browsing is VERY IMPORTANT as sometimes, it's just impossible to take down malicious websites. We need a way to prevent people from accessing them.

@NekoSock telemetry is spying.

being able to disable some of those anti-features isn’t the point, they’re still there in the first place, it reflects on how little mozilla actually cares about user privacy.

the mr robot ad was a huge mistake that might very well happen again since they still have the ability to remotely control firefox installations in several ways, which is wrong on its own

safe browsing means connecting to a google-owned server to download a database, even if you don’t directly send the urls you browse it still allows them to track you

i also don’t trust google to decide for me what is safe. any google-owned website is unsafe to me

dns over https doesn’t enhance privacy when you send requests to a datamining company like cloudflare, i couldn’t care less about the privacy policy of a us-based company. it’s also not up to the browser to decide how i want my domain names resolved.

@papush

Mozilla cares about privacy. They're not here to make profit, what do you want them to do with your data?

Even when you enable telemetry, it is handled respectfully and privately. But telemetry isn't enabled by default. Firefox actually ASKS YOU when you install it if you want it enabled or not. So you're not just able to disable it, you're given the choice to not have it to begin with.

As for Safe Browsing, it's fine to not trust Google, but you have to admit there is a need to check websites for safety. It is unfortunate that there are no other services that are as good as Google Safe Browsing.

In this blog post blog.chromium.org/2012/01/all- Google explicitly states that the information collected as part of operating the Safe Browsing service is only used to flag malicious activity and is never used anywhere else at Google and that Safe Browsing requests won't be associated with your Google Account.

Firefox also stores cookies used by the service in a distinct storage. Google have no way to associate Safe Browsing queries with you in any ways.

@papush

Also, Cloudflare doesn't get to choose whether they care about their privacy policy, they HAVE to. If they promise never to store or share data, they have to uphold their promise.

Arguably, using the default DNS, or any unencrypted DNS, is much worse than using 1.1.1.1. Firefox is meant to be private by default, so it uses 1.1.1.1 by default. This has no drawbacks as the privacy policy guarantees respect of data privacy.

@NekoSock well they also have to share their data with the nsa, rather conflicting. and no i don’t have to admit there is a need to outsource checks for safety, there isn’t.

@papush US companies don't *just* have to share data with the NSA, that would be insane. They have to get a subpoena for it. If this ever happens, it would be publicly known and we would just stop using them.

And if there is no need to check websites for safety, then how do we take down malicious websites? Often, they are registered with name registers that are unwilling to take down content and are hosted in shady servers in foreign countries. perhaps they could be blocked on a national or ISP level, but that is hard when DNS requests are encrypted lol

@NekoSock so, we stopped using google yet?

and don’t take down malicious sites, especially since i have a feeling google and i might disagree on what constitutes a malicious site.

@papush I have not heard of any controversial Safe Browsing takedowns. They didn't take down 8chan, gab, or any of that. Most of the websites there are phishing, scams, and malware websites.

@NekoSock idk if it still does, but it’s blocked the pirate bay in the past (and what does this have to do with taking anything down)

@papush Well, a Safe Browsing block is effectively a takedown, as most browsers, including Google Chrome, Safari, Firefox, Vivaldi, and GNOME Web, will refuse to connect to the website.

Also, I doubt Safe Browsing blocked TBP for piracy. Why would they care about piracy? They're not being hosted on Google servers.

We all know TPB can be sometimes extremely shady in their advertisement, they also run JS crypto miners, and it's likely they crossed a line to Google Safe Browsing. Anyway, right now, they are not banned.

@NekoSock five botnets blocking a site by default is completely different from the site being taken down. tpb has been upfront about its crypto-mining (not that i agree with it tho, but i thought they got blocked because of “piracy”). it’s not much different than google having me train their self driving car ai tbh.

looking it up it seems tpb was blocked for “Attackers on this site might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).”, which is funny because google does exactly the same :blobcat3c:

@NekoSock @papush my friend who owns a small biz and sells legitimate goods was listed on there randomly at one point.

i imagine he was far from the only victim of trust as generous as yours
Sign in to participate in the conversation
niu.moe

Welcome to your niu world ! We are a cute and loving international community O(≧▽≦)O !