Everyone saying "oh, just right click and remove it; it's so easy" is entirely missing the point. The simple fact is, Mozilla took a third-party, proprietary service and bundled it into the browser. If this becomes the new norm, imagine downloading Firefox v53 and having six different services installed (all consuming memory, collecting personal data, etc.) all because some research studies they collected said "people like this." Sure, every subset of the population is going to like different services. When I download Chrome, I install PushBullet, Disconnect, the Chromecast extension, and Ublock. But that doesn't mean that every other users wants or even needs those same things. The entire purposes of add-ons is that they can be... added onto the default experience. Mozilla has now begun changing the default. While they may claim this was done "purely for the benefit of users," it sure smells like it was done for money.
EDIT: for anyone who doesn't think it wasn't about money, please explain why it is so difficult to remove, why I have to open about:config to "disable" (not remove) it, and why it wasn't just added as an add-on (which already existed)?
> (all consuming memory, collecting personal data, etc.)
the integration does not collect personal data until the user opts in, and it does not consume memory beyond loading the image from disk until the user opts in.
meanwhile, that search bar up at the top is an integrated browser function (not even an add-on) that sends personal data to a 3rd party, closed source server.
> please explain why it is so difficult to remove
you remove it just like every other thing in your toolbar: click the menu button, drag it off of the toolbar.
> Mozilla has now begun changing the default
like when they added bookmarks, search, download menu, spaces, and countless other functions? that's literally what browser vendors do.
> like when they added bookmarks, search, download menu, spaces, and countless other functions? that's literally what browser vendors do.
All of those features either work offline or use Mozilla's own services as opposed to third party services.
The only exception I can think of at the moment is search which should also be provided through add-ons in my opinion because I don't use it - I go directly to Google website and search there.
> Mozilla took a third-party, proprietary service and bundled it into the browser
This is no different from the integration with Google or Yahoo. The Firefox-side code is not proprietary. It doesn't consume resources if you're not using it.
You can remove it via the customizeable UI feature too.
I've seen Firefox employees stating that there was no money involved.
Walled garden "ecosystems" can be also useful to people called "users". There are plenty of ways they can give up their privacy to gain some convenience.
The service integration code is entirely open source and isn't executed even once unless you choose to use it.
Just for comparison, Chrome has chunks of closed source code, including the binary blob that is downloaded on first run to enable listening for "OK Google". This add-on is pre-installed. And it's pre-installed to make Google more money.
It's not an add-on; it's a default, difficult-to-remove-entirely integration into the browser. Surely that must have taken more engineering work than to simply ship it as a default add-on, which is why people are questioning the motives behind it. How about instead of installing extra, third-party services into the browser that people may or may not want, Mozilla improves the add-on search experience to direct users to add-ons they may like? Or the first boot experience?
And I think comparing Firefox to Chrome is just legitimizing the argument; Firefox markets itself essentially as the opposite of most of the things Google does. "It's okay because Chrome does it" doesn't make me feel very good about Firefox.
It's a feature that folks had been asking for in Firefox and was originally planned a while back. The resources to do the actual service side were better used elsewhere, though.
I only referenced Chrome because the post I responded to specifically mentioned Chrome for comparison.
> The service integration code is entirely open source and isn't executed even once unless you choose to use it.
Not very reassuring.
Do you suggest i make a daily reminder to check the Firefox source code to check whether the implemented privacy invading code still "isn't executed" ?
of course it was done for money, I don't think there's any doubt about that. The question is: Is that bad? If this was an extension you could remove entirely, that didn't be default track you, I'd say no. Just like with google/yahoo tie-ins, mozilla has to earn money somehow. But I think the implementation of this tie-in was extremely clumsy
People need money to live. It is unavoidably about the money. The real problem is not the money, but where it comes from. It is not coming from the users, who expect everything to be free. That is the real problem. Things won't get better until we truly are the customer, not the product.
Well for one thing Firefox's cloud sync is completely open source, whereas Pocket is a proprietary cloud service. This, I believe, is one of the primary reasons people have a problem with this whole situation.
This sounds like FUD. The whole point of a (modern) browser is in essence a sandbox to safely run other peoples code. If you've ever visited a website, then you've given it permission to "install" arbitrary code from arbitrary sources. They're installed "in" the application (i.e. - its cache). Who cares?
In fact, visiting a website is considerably worse. The code may be quite large, and it's not vetted in any way (unlike the pocket plugin), so it might try to escape the sandbox.
If you're going to get fed up about this, at least have some reasonable basis for that. You might complain about the increased download size or disk usage (but the overhead is likely to be ridiculously small). You might complain about the attention pocket - a non free service - gets this way. Of course, this isn't too different from a default search engine. And did you know about https://activations.cdn.mozilla.net/en-US/?
At the end of the day, is your feeling based on anything other than a grumpy gut?
He cares because installing Firefox means you now also install software that can very easily be considered to be spyware. This is stuff that we'd expect for-profit corporations (hi Google, Microsoft and Opera!) to pull not the Mozilla Foundation who describe themselves as, and I quote, "non-profit organization that promotes openness, innovation and participation on the Internet. We promote the values of an open Internet to the broader world."[1]
Mozilla has clearly positioned itself as (1) the independent browser-vendor who cares about (2) open source, (3) the open web and (4) your online privacy.
If they start bundling "free" proprietary third-party services, where the price is a piece of the user's privacy, to provide a more seamless experience at the cost of bypassing "normal" rules for web-application integration, they have effectively compromised themselves on all 4 of those criterias.
This one incident is not the end of the world to me, but I've had this feeling for quite a while that Mozilla is losing both direction and momentum, and stuff like this helps cement it.
Had it not been proposed as a joke, I would already be looking forward to those Emacs-patches incorporating Webkit as the new embedded browser.[1]
[1] Embedding Webkit was proposed as a "solution" to the famous Emacs-quote "Eight Megabytes And Constantly Swapping"[2] no longer being valid or relevant.
> Mozilla has clearly positioned itself as (1) the independent browser-vendor who cares about (2) open source, (3) the open web and (4) your online privacy.
They were positioned that way, but ever since they gutted the security of Sync[1], it's really hard to take them seriously.
[1] First, your data is now 'secured' on their servers solely by your password, which for most people is memorable and thus breakable; previously it was secured with a high-entropy key, which was secured on your system with a memorable password, if desired. Second, login to their services (which uses that same God password) is performed by downloading JavaScript (and perhaps HTML and/or chrome; I forget now) from their servers, which means that they can at any time choose to intercept as few or as many user passwords as they wish—or as someone with legal authority wishes them to.
> Had it not been proposed as a joke, I would already be looking forward to those Emacs-patches incorporating Webkit as the new embedded browser.
I thought that there was a serious effort to do that. It'd be great IMHO.
If they start bundling "free" proprietary third-party services, where the price is a piece of the user's privacy
Like search engines? Terrible reasoning. Browsers need these or they won't be competitive. There was a judgment call that a read later mode is needed to be competitive, too. We can argue whether it's the right call, but not about the above.
He cares because installing Firefox means you now also install software that can very easily be considered to be spyware.
I don't get how that follows...like, at all. The same kind of weird reasoning can be used for setting a default search engine or sending back crash reports, telemetry or even update checks. We understand that some features of the browser have a privacy impact in return for user friendliness. It's not like they aren't upfront about that.
In all cases, you don't get the impact if you don't use the feature. The original post tried to say there was still some impact from having the JS sit unused on disk. That's just bullshit!
So you'd be 100% OK with Windows having Bonzi Buddy installed by default (and with it not being uninstallable) if it only ran when you clicked the icon, icon that is on the desktop and start menu by default? It only runs when a user clicks it so it's ok?
EDIT: for anyone who doesn't think it wasn't about money, please explain why it is so difficult to remove, why I have to open about:config to "disable" (not remove) it, and why it wasn't just added as an add-on (which already existed)?