Oh, come on.

I did raise a stink over closed-source DRM, I raised a stink not just over Firefox adding it, I raised a stink over the entire web standards process. I have raised stinks about telemetry and advertising within Firefox. I've raised stinks about Pocket being purchased and not Open Sourced, and then integrated into the browser by default. I've raised stink about a lot of things.

Nevertheless, it is still objectively true that Mozilla Firefox is the best mainstream browser right now for privacy, and anyone who argues otherwise is either not looking at the bigger picture or hasn't done much research into how companies do the majority of their tracking online. The privacy problems that Mozilla has had have objectively less impact on people's everyday privacy than Chromium's hobbled extension support. The ability to turn on anti-fingerprinting features uplifted from Tor is more important than whether or not Google search is enabled by default. Container-extensions are more practically impactful on everyday privacy than Pocket is.

I am literally complaining about and criticizing Mozilla right now, and yet the immediate reaction is to jump on the one positive thing I said and act like I'm somehow ignoring Mozilla's other issues. I'm not ignoring those issues, but the "Mozilla is corrupt and no better than Google" meme is similarly completely ridiculous. Every single other browser on the market including DeGoogled Chromium and Safari are hobbled in ways that make them worse for privacy, and overall Mozilla still as a company has a better track record on fighting for privacy and building privacy-preserving tools than Google/Microsoft/Brave -- at least it has a better track record in the ways that matter.

It is so frustrating to try and have a constructive conversation about real missteps that Mozilla is making when people view anything less than a complete condemnation of the company like that means they're being put on a pedestal. Mozilla isn't perfect, and it's clumsy and sometimes does outright bad stuff, and that is still consistent with them being one of the better corporate privacy advocates on the Internet.

> It is so frustrating to try and have a constructive conversation about real missteps that Mozilla is making when people view anything less than a complete condemnation of the company like it's holding them on a pedestal.

Check the title. It is absolutely on topic. Mozilla is doing this to themselves, each and every one of those is an unforced error. If your mission really is a free and open as well as privacy respecting web you don't invite the largest privacy violator on the planet to the table to have a say. Just like you don't invite serial killers and druglords to your panel on how to combat crime.

> If your mission really is a free and open as well as privacy respecting web you don't invite the largest privacy violator on the planet to the table to have a say.

If you're trying to insinuate that working with Google or Facebook on this issue means that Mozilla fundamentally doesn't care about privacy, that is a ridiculous, fantastical claim that requires closing your eyes to years of work from the company.

I am right here criticizing Mozilla for partnering with Facebook, they should not be doing that. It's irresponsible and harmful. Nevertheless, Firefox is objectively the most private consumer-grade browser on the market, including Brave and DeGoogled Chromium. Nevertheless, Mozilla has done more to push web privacy forward than the majority of people on this site myself included, and more to push web privacy forward than the entirety of the rest of the browser market.

Even if you are on topic, there's nothing constructive about jumping onto every Mozilla thread arguing that Mozilla is the same as Google when they're very clearly not. It's unproductive because I shouldn't even need to be wasting my time defending a company that I came here to criticize. It makes it harder to fix real problems when all of them are equated and treated as being identically severe, and when the conclusion everyone draws from every problem is "use something based on Chrome and give up on the entire effort".

A Mozilla that fundamentally cared about privacy would have made none of these decisions. I've grown increasingly cynical over the last couple of years that this is just another marketing ploy, it sounds good and keeps us in but you have to wonder whether it is really true given their decisions to date.

The 'years of work from the company' are fantastic, but should not give them a pass in the present, given that the last couple of years most of that goodwill has been burned.

Additionally, it seems like it would be practically zero up front cost for Mozilla to provide a no-telemetry, no-google, no-pocket, no-ads, no-sync, no-experiments, no-privacy-compromise alternative build as a one-click option for people who actually want a privacy-focused browser. Instead, we have to download the normal "product-manager-ized" one and turn off a bunch of intrusive stuff we never really wanted in a browser.

They don't do this, though. I speculate (without any direct knowledge of the situation) that this is because they believe that the majority of their users would opt for this build instead, and they would lose "insights" (and of course revenue).

Someone, somewhere, is prioritizing "line go up and to the right" over embodying the fundamental ethos of a privacy-focused company. If you ship private software, there is of course no line.

It is interesting though how long people will continue to assume the best, in a way it is endearing, and it worked for for instance Google for more than a decade. There are still people who believe they are acting in our best interest even today.

> but should not give them a pass in the present

I don't know how you can possibly read either my comments or the general tone of the other people responding to me as giving Mozilla a pass on this, or naively assuming the best about them.

Even with that criticism, it is still just plain silly to say that Mozilla even in its modern state is not meaningfully different from Google/Facebook/etc. You can be as cynical as you want to be, but if you can't tell the difference between Chrome/Chromium and Firefox today, then that's not cynicism, it's either a lack of realism or a lack of attention.

I've gone into a few of the tangible differences elsewhere, but even in recent years and even with recent missteps, it's still pretty obvious that Mozilla is better on privacy and user rights than Google is. And it's OK to want better than Mozilla. It's OK to want a company that takes more hard-line stances and that pushes harder on its core browser. Lots of people want that, myself included. Doesn't change anything about what I've said above though.

> it's still pretty obvious that Mozilla is better on privacy and user rights than Google is.

'better than Google', after Facebook the #2 privacy violator on the plant isn't much of a bar.

> And it's OK to want better than Mozilla. It's OK to want a company that takes more hard-line stances and that pushes harder on its core browser.

Mozilla claims to be that company, and that is why I have a problem with all these issues. Once upon a time they were the gold standard, that's no longer true today.

> 'better than Google', after Facebook the #2 privacy violator on the plant isn't much of a bar.

And it is the only bar to clear. Here's the list of browser makers we have right now:

- Google

- Microsoft

- Apple

- Brave

- Some people off someplace trying desperately to make Gecko secure.

- Some people off someplace trying desperately to make V8/Electron/Chromium competitive on privacy.

- Some proprietary stuff like Vivaldi that's also based on Chromium.

- Mozilla

Mozilla wins that fight. They are still the gold standard by virtue of nobody else being able to make a competitively private browser.

> Mozilla claims to be that company

Even with its faults, Mozilla is still completely accurate in claiming that they push meaningfully harder for both privacy and user agency on the web than other browser manufacturers. Now, as you say, that may be a low bar to clear. But given that no one else is even trying to clear the bar, that is still a meaningful difference between Mozilla and its competition.

----

I think the biggest issue I have with these kinds of debates is that there's never anything constructive or new being offered, it's not even pointing out a new criticism. I know about Mozilla's failings as a company, you're not illuminating anything for me on that front, I know about all of their controversies. So you've identified that Mozilla could be better, great. Now what?

There's value in pointing out problems when it actually draws attention to an issue, but everybody on this thread knows what the issues are with Mozilla. And it is still obvious that Mozilla is noticeably better on these issues than the rest of the browser market, and that Mozilla is still doing quite a lot of good in that space. You're commenting on a thread of people who are pointing out Mozilla's flaws and telling it to do better -- and you're putting those people down and calling them naive.

Well, if pointing out Mozilla's flaws and telling them to be better is a waste of time, what would you propose instead? Moving over to Chrome? Pretending that indie Gekko projects have the resources to be private or secure? Giving up on the entire thing and not using the web anymore? I mean, drop a donation link to Servo, do something other than snubbing people for caring about trying to make the web better. You have exactly one available group of allies in this fight, and your response to that is to call them naive and say they're not good enough.

You're talking to someone who likely agrees with you on the vast majority of your privacy stances, and who is actively criticizing Mozilla right now, but that's not enough unless it's paired with despair and a complete dismissal of the company? Don't you see how that's unhelpful? And it's not even accurate: Mozilla may have "fallen", but they are still overall doing more good than harm in this area and they are still producing the best browser for privacy on the market. There's a huge lack of perspective in the doom-and-gloom takes, they're just as narrow and selective as the the view that Mozilla can do nothing wrong -- it's acting like all of the recent work on ETP and supercookies just doesn't exist or something, it's as if DoS or multi-account containers were never made. The Tor Uplift project only started in 2016 and only went live in mainline Firefox in 2019, but sure, Mozilla isn't doing anything for privacy now.

It's simple: absolute vs relative. For you Mozilla is in a relative sense the best because they take the foremost stance about privacy. For me being 'privacy first' is an absolute thing: it precludes you from doing a whole raft of things that Mozilla has done. So for me they lost the title, that doesn't mean they aren't still the best.

plant->planet

> Every single other browser on the market including DeGoogled Chromium and Safari are hobbled in ways that make them worse for privacy

I'm curious about why you believe this about Ungoogled Chromium, as I had concluded the opposite after researching.

This is a great question, and it gets to the heart of practical privacy online.

DeGoogled Chromium does actually have less telemetry problems than Firefox, so it's really easy for DeGoogled Chromium proponents to say that it's the most private. The issue is that DeGoogled Chromium is Chromium, and Chromium is a less privacy-capable browser engine than Firefox.

That could be a longer conversation, but the short versions:

- Chromium lacks a number of privacy features that Firefox has, including some anti-fingerprinting options that can be enabled through `about:config`, and container support, which is a really big deal for isolating site data and avoiding correlating user sessions on websites like Github/Youtube/etc... with incidental visits to those sites.

- Chromium's extension API is hobbled, particularly in a couple of areas that Ublock Origin cares about. The wiki goes into more detail on this[0].

----

The mistake is in looking at the small amount of (admittedly bad) data-leakage that Firefox does have and being so worried about that information being sent to Google/Cloudflare that you pick a browser that is less good at keeping you private on every other site you visit, including visits to Google/Cloudflare pages.

Thinking practically about this stuff is just a really hard thing to learn to do, at least it is for me. Maybe other people are magically good at it. But I regularly find that it's helpful for me to sit down and think through my privacy goals more tangibly in the form of "how much data is X actually leaking, what should my priorities be based on the volume/nature?" A lot of people worry about privacy problems in the wrong order.

DeGoogled Chromium does have better defaults than Firefox in multiple areas. It's just that the privacy benefits from those changes don't outweigh a crippled Ublock Origin install.

[0]: https://github.com/uBlockOrigin/uBlock-issues/wiki/uBlock-Or...

>anti-fingerprinting options that can be enabled through `about:config`

For reference: `privacy.resistFingerprinting`

You're probably gonna be downvoted a lot, but I'm afraid you're correct. Mozilla cares about web standards (like HTML or CSS or WebExtensions) - that was their mission after all, it's wrong to say they don't. But their action repeatedly show that don't care about open standards for anything else, like their browser itself.

I'll give another example - look at their Sync system. It's a pseudo-open unholy mess of Mozilla-unique ("proprietary" as in "owned by and unique to a certain company") standards without any regard for interoperabilty and openness. I'm 99% positive it could've been a couple of standard technologies, but they reinvented everything (auth, blob storage, everything) in absolutely unnecessarily unique manner, and awfully overengineered. I've had pleasure of attempting an alternative implementation based on their specs (to self-host, had to abandon because it's all way too hostile), so I know what I'm talking about. It's under a guise of "open standards" (in a sense it happens to be partially documented) but no single engineer in their sane mind would adopt this for their own projects.

Privacy and security? Last time I've checked (admittedly, a couple years ago) it was years since they knew their Firefox Account/Sync auth has security issues and has to trust Mozilla servers to be secure (login form and cryptography suite is not built into browser, like in proper end-to-end encrypted software, but served online), and they didn't do a thing about it, entirely dismissing it as a non-issue. Could've sent that password over HTTPS and just promise to not to save it (actually my alternative now-dead Accounts/Sync implementation did just that as a shortcut). In other words, Mozilla gets a nice gag order (or gets hacked) and they can be forced to circumvent all their end-to-end encryption pull your browsing history just fine without changing a thing on your machine so no local code audit would help. That's not how privacy-conscious software is written (e.g. Signal - it might get backdoored, but it'll need an update to deliver a backdoor).

It doesn't help that there are no alternatives I'm aware of. Firefox sucks but that's - sadly - the best we have.

This is correct for the most part, but please consider that Mozilla tried to stop DRM being standardised and only has it as an opt-in extension: https://blog.mozilla.org/en/mozilla/drm-and-the-challenge-of...