I might have differed with Brendan Eich on a few matters, but he was a good steward of Firefox in my book.
When Mitchell Baker took the reins, Mozilla became rather more heavy-handed towards us - the irony being that Waterfox was once proudly displayed on the Mozilla website under their "Powered By" banner.
I appreciate the constant existential wobble Firefox faces, but they've made some peculiar decisions as of late.
On one hand, they're finally implementing features users have been clamouring for ages (tab groups, vertical tabs and the likes) - on the other, rather odd policy choices.
I should point out, it seems daft to me when others suggest using forks with no well-established governance of their own, essentially shifting trust from an organisation at least answerable to certain regulations, to individuals with no proper framework or guidelines.
I've done my best with Waterfox over the years to have it represented by a proper legal entity with policies to follow; so if anyone is interested take a look.
Here's my question: in light of what Mozilla is doing, why don't other forks like Waterfox or Librewolf write a manifesto/contract saying they'll never sell your user data and won't turn "evil" (until they do, of course), and then decide to offer a paid version of their browser.
Two possible outcomes:
1. No one cares. No one pays for it. Nothing changes and nobody loses anything.
2. Enough people pay for it to keep the product healthy and the user-centric promise alive. The Internet is saved.
So why isn't anyone trying to replace Mozilla yet, with a more sane business model than living on the back of Google's fear of antitrust investigation? What's the worse that can happen?
Just sell a bonafide paid version alongside the free one, don't just rely on donations. There is a massive difference between offering a paid product and begging passers-by to spare some change.
The problem with paid versions, is that I don't really trust them either. MBA creep will happen and suddenly the TOS changes and my paid tier is going to have data collection and 'some' ads. I have to move to a high tier to avoid them. After a few cycles of that, one day all the tiers have data collection and ads.
> The problem with paid versions, is that I don't really trust them either.
Yes, Trust is at the foundation of the whole problem with the Tech Industry:
/1/ users (consumers) expect to be protected (not injured, not cheated, not surveilled) by the products that they use, and
/2/ the WWW is a monstrosity, the only software that we can in fact trust is never connected to the Internet (in other words, we don't trust any software)
Ergo...
Given /2/, we cannot trust any software, full stop. Even paying $CORP for its products is no guarantee of care, safety, and security.
and
Given /1/, which software do we accept? For OS, I prefer Linux by far. Even where usability is a little rough, I can exclude components that I do not want. When obliged to use Windows, I hold my nose and try as much as possible to foil all the bloat, anti-user patterns, and telemetry. I resent it all the way!
I prefer Firefox because I like the features and I insist on a small set of extensions: uBlock Origin, Multi-Account Containers, Privacy Badger. Google is a nasty surveillance ecosystem and Microsoft is a Spaghetti Western: by turns good, bad, and ugly.
If it will fund further development and maintain the current commitment to respect for privacy, I am willing to allow Mozilla to do some aggregate analysis of my browsing habits, just as I am willing to provide survey answers for products that I buy.
I don't love the aggregate analysis, but Mozilla needs to do browser business in the modern world.
The tech industry is just one rug-pull after another, but still people line up to try standing on the rugs!
1. We won't show ads in our product -> We'll show skippable unobtrusive adds in our free product only -> We'll show bottom-of-the-barrel scum ads in our free product only -> Those skippable ads are now not skippable -> We'll add a few vetted ads to the paid product -> We're going to shove ads onto every surface of the product we can find!
2. We don't collect or sell data about you -> We will collect limited data for "telemetry." -> We'll also collect some demographic data "to improve the product." -> We're going to collect everything we can get our hands on, but we won't sell it. -> We share your data with only vetted, trusted "partners." -> We share your data with everyone we do business with -> We firehose your data to anyone willing to pay for it!
It's the same progression every time, but users keep thinking this time it will be different.
Paid version have that problem somewhat less because they have a source of income that could dry up if they do. Paying someone means they are beholden to you as well, while free gives you nothing.
There is a reason I get my email via fastmail: they differentiate themselves on privacy features. I also have my own domain, so if fastmail does turn evil they know I can easially move away. I can run my own email server, but having done that I know it is harder than I want. There are other services I'd pay for if I could find someone I could trust to take a small amount of money. (small is key - plenty would do this for thousands, but I don't have that much free cash)
Don't get me wrong, the above is not very large, but it is still something.
Nothing is forever, but if you get a contract that prohibits their data play (collection, derivation, sale, all of it...) for a year or whatever, you're good for that long. That'd be enough for me.
You have to trust and/or monitor and apply active pressure to (something that virtually nobody does) the developers to some extent either way. The difference with a paid distribution is that there's at least some revenue that helps keep the project afloat, and with a free distribution there's not.
e.g. if you have a CEO/lead developer that's initially acting responsibly, but has a "bankruptcy threshold" beyond which they'll start selling your data, a revenue stream will stave that point off.
A modern equivalent to the 'usenet death penalty' is what's really needed. Without a grassroots method to censure and more or less permanently injunct and/or eject bad actors, you can't stop them from harvesting profit from the ecosystem to the exclusion of all other concerns.
Yes, this. When Mozilla (or any other corporation) demonstrates positive cashflow, the odds of MBAs and other vulture capitalists descending on it increase massively. And I have never seen customer agreements like this survive a buy-out: the new owners are never constrained by the promises (or even contracts) of the previous company.
My comment is targeted to the developers of Waterfox and Librewolf - they're already making a browser, so the hard part is done.
I'm wondering why don't they try to step it up further by selling a paid version alongside their open source product. What is the worst that can happen? Nobody pays for it and they continue making $0 just like they are happily doing now.
https://buymeacoffee.com/waterfox wasn't hard to find that. (they also make money from search). Put your money where your mouth is and donate.
Librewolf doesn't want to deal with the administrative overhead of donations - which if they'd only get a few donations makes sense. It likely costs several hundred a month just to hire the accountants and lawyers needed to get the paper work right (you can do it yourself at cost of time doing other things. Often you can find accountants and lawyers who will donate their services, but it is still several hundred dollars worth)
Sure, I'm not counting those who contribute with their work. But if you don't contribute with your work or with your money – that's a freeloader by definition.
A paid version needs to offer something on top of it, which is usually in one way or another proprietary (such as a proprietary service).
Something like this is regarded as the enshitification process, so what typically happens is they (e.g. VC) want to do such after they lured in their users. Which Firefox has (or arguably: had), but Waterfox and Librewolf have not.
Good thought experiment.
It ain't the first drama or controversy with regards to Mozilla, who have had a long tendency which didn't occur recently (and included the time Eich was there). Nostalgia just makes people forget the bad.
It does actually seem pretty difficult to sell a browser; I don’t really see how anybody in their right mind would trust a closed source browser. So, it will be hard to make any parts of it proprietary. It isn’t impossible to sell open source software of course, but it does seem to be pretty difficult.
Rather, I wish we would stop accepting web standards that don’t come with reference implementations. Then, we could have a reference browser, and just run that. I don’t expect it to be performant, but I also don’t think browser performance matters much at all. Web pages are not HPC applications.
Currently we’re accepting the anti-competitive behavior of Google, just DDoSing the community with new standards to implement. This is the root problem. The fact that Mozilla is being killed by funding problems is downstream of the fact that maintaining a web browser requires multiple full time engineers.
And making a browser that's actually financially viable enough to pay for your time and effort without pissing off your user base because of paid features is even worse.
Especially in a crowded market, where we're arguing extensively about a browser that has 2.54% of the market share. Chrome (67%), Safari (18%), Edge (5.2%) [1]
Most of those also have a browser mostly as add-ons, bundling, ecosystem value, or trademark / brand name trojans.
Admittedly, if you're looking to make a browser, there's a lot of various prior attempts that remain in existence, yet have never really received that much attention. [2]
Personal preference is that somebody would implement a scripting language alternative other than Javascript. Anybody heard of TCL lately? It's supposed to be a browser scripting language alternative according to the w3.org specification [3] Really, almost anything other than Javascript as an alternative. Just for some variety.
I am at the point where I would happily pay an annual subscription on the order of a few hundred dollars per year just to avoid the headaches of today's browsers. Don't add new features, don't change the look of anything, just give me security updates and bug fixes. The only problem with this model is what we saw happen to the streaming services; paying to avoid ads just means your data is worth that much more. Paying for a higher-tier plan is a signal that you have a greater level of disposable income, and are hence more valuable to advertisers.
When this topic has been discussed on Hacker News in the past, it has also been pointed out that developing a browser with feature parity to Firefox or Chrome would be prohibitively expensive.
Tbh while I have been using Kagi as search and their AI assistant a lot lately, their browser lacks massively in functionality. uBlock Origin has never been working for me, neither on macOS nor on iOS, and for me it just doesn't deliver enough to convince me to switch.
What is a fair price? Developers are not cheap and you need to pay many of them every month (or get the equivalent in donated time). We can debate that number of course, so I'm going to start the discussion at $50/year. So your "lifetime sponser" is only worth 3 years (ignoring interest which isn't significant at this time scale).
Accounting for lifetime anything is hard (I don't know how to do the math, I'm sure people that do debate a lot of complex issues), but I'm again going to suggest that a lifetime subscription needs to be 20x the yearly fee to give a number to start the debate at.
And it crashes constantly. Lots of other bugs that you start noticing when doing deeper things. I tried it for about six months. Just not a reliable or serious browser although very fast when it actually works.
Kagi has several repos open for contributions [1] but Orion isn’t fully open source yet [2]:
> Is Orion open-source?
>
> We're working on it! We've started with some of our components and intend to open more in the future.
>
> Forking WebKit, porting hundreds of APIs, and writing a browser app from scratch has been challenging for our small team. Properly maintaining an open-source project takes time and resources that we are currently short on. If you would like to contribute, please consider becoming active on orionfeedback.org.
It’s not obvious to me which of their public repos are Orion components.
You can contribute translations [3], bugs [4], and docs [5]. Orion is based on WebKit, so you can contribute upstream there [6]. Oodles of open issues on their bugzilla [7]
please do tip a fork. Right now this money seems to go to one person, but if that person starts making significant money we can probably talk them into hiring others to work on the project.
also, slightly related, people should look into / take inspiration tor browser. they're really great at releasing regular updates with high quality and features, surely they know how to handle this kind of projects
This idea of having an moral alignment covenant I think is a great one. I'm fed up of being bait-and-switched by companies that get buy-in by being open and friendly, and then later they decide to kill the golden goose. If you're committed to FOSS then commit! Make it official so that people can trust that you're not going to enshittify later.
Most of the other "forks" (e.g. Librewolf) are just patches on top of vanilla Firefox sources, so it's really not a whole lot to scrutinize by hand. I've skimmed at least most of the patch files personally just out of curiosity. In my distro of choice, NixOS, the sources are built by Hydra or my local machine, so I'm not trusting that their binaries match the source either.
That makes it a bit easier to trust, but it does run into the issue that it stops working if Mozilla hits a certain level of untrustworthiness.
To put that number in perspective, drawing just 1% of that down each year and putting in a bank account earning interest would fund 100 engineers on $500k/year indefinitely.
I get what you're saying, but the reality is that it takes more than engineers to run a browser company. You'd have to find 100 engineers who can double as lawyers, designers, project managers, etc., and handle payroll, and HR, and after those 100 engineers end up doing the job of 300 other people, how much code are they writing? Your point about them appearing to waste money is taken, I'm just pointing out that it's not quite as bald-faced as that.
It doesn't take more than engineers to maintain an open-source browser, though. Why does it have to be a company at all? Remember Firefox? Firefox was literally just an act-of-love fork from some engineers from a dead acquisition by a dying dot-com era behemoth.
Put another way, does the Linux kernel or the Python language need to be run by a company, or will foundations does these jobs ok?
There are plenty of open source projects that are enormously successful without a single lawyer or project manager in sight.
Or you could literally outsource 90% of that and focus on what you actually should be, engineering and development of Firefox and other Mozilla products. These companies are bloated beyond belief and they have nothing to show for it, clearly it’s not working.
It's not that silly, because that's a huge amount of money. What do you think the gross expense of building software like this should be? Because this may be the end of the line.
so if I've worked for 20 years from age 20 with a 100k average salary that's 2m
A 2m lump sump at 20 would allow me to live a lifestyle of a 20k/year life, not good enough.
Had I lived that over the last 20 years and saved the rest of the 100k in an 8% return fund then I'd have 4m today and could drawdown a 40k/year life at 1%.
Had I been given a lump sum of 100 times my desired salary though, or 10m, then sure, no need to work.
And depending on where you live, 40k might be barely scraping by now, and certainly not enough another 20 or 40 years down the road when you get to the point where you need daily care and medical services.
Yeah Mozilla at this point is really like the kid riding the bike and putting a stick in his own front tire meme. I had an interview with them years ago and even then it was clear they were wasting time on the most pointless bureaucracy while Firefox was languishing. Doesn’t google literally give them millions a year to exist? Like idk if I can even think of something more mismanaged than Mozilla.
> I appreciate the constant existential wobble Firefox faces
The wobble seems to somewhat artificial. I'm having trouble believing Firefox could ever not be able to afford to continue browser development — there are way too many interests at stake. Google alone would have no choice but to bail Firefox out because Chrome can't be the only browser without being regulated to hell and back.
Google providing most of their funding is a fact, and that this provides a large amount of leverage over what Firefox can do is obvious. So how is the balancing act artificial?
For it to be self-imposed there needs to be an comparable amount of money ready to spring forth if Google ever pulled out that Mozilla is somehow keeping a lid on.
We are able to develop not just an open source kernel, multiple different distributions and a large suite of software. I would think that we could also develop a browser that doesn't need to spy on us.
I don't see how a regulated entity is better in any way than an individual.
We repeatedly see attacks on freedom and privacy by the people who are supposed to protect them, those so-called "regulators": chatcontrol, recent UK backdoor wishes, repeated French proposals to enforce DRM even on opensource. And I wouldn't even google Russia, China, or other less democratic states.
Regulated is probably worse than some anarchistic who-knows-by-whom software, but FOSS and auditable these days, tbh. Especially as everyone's audit capabilities grow day by day with AI. It's kind of good at grinding tons of code.
A heavily regulated entity with all licenses in the world might be more hostile toward users than some niche project.
> I don't see how regulated entity is better in any way than individual.
I feel you. Regulatory bodies have definitely fallen short in many cases, and we've seen concerning proposals from governments that threaten digital privacy and freedom. "Who watches the watchmen" seems incredibly apt nowadays.
However, I feel there's a fundamental difference between imperfect accountability and no accountability at all. With a legal entity governed by stated policies, users have:
1. Transparency about who makes decisions and how
2. Clear terms that create binding commitments
3. Legal mechanisms for recourse if those commitments are violated
4. A persistent entity that can't simply disappear overnight
Perfect? Not really. The ICO in the UK, for example, hasn't been amazing at enforcing data protection. But the existence of these frameworks means that accountability is at least possible - there are levers that can be pulled if someone can be bothered to.
In contrast, with software maintained by anonymous or loosely affiliated individuals, there's no structural accountability whatsoever. If privacy promises are broken, users have no recourse beyond abandoning the software.
FOSS and auditability are valuable safeguards, sure, but they primarily protect against unintentional privacy violations that might be discovered in code reviews. They don't address the human element of intentional policy changes or decisions about data collection.
> I feel you. Regulatory bodies have definitely fallen short in many cases, and we've seen concerning proposals from governments that threaten digital privacy and freedom. "Who watches the watchmen" seems incredibly apt nowadays.
Many regulatory bodies seem to constantly fall short of what they are supposed to do and then demand more money and powers to continue to fail at what they are supposed to do.
At what point would you accept that they maybe not fit for purpose and other solutions should be considered?
It maybe better to put resources into educating people on how to protect themselves from privacy breaches or minimise the impact.
The only thing I've ever seen from the ICO is a letter saying that if I have customer data I have to pay them a fee or pay a fine. Then I have to go through the inconvenience of telling them I don't have any, so I don't have to pay this fee.
I never see regulatory bodies demand money or powers. That's private companies and law enforcement, respectively. Regulators seem to be staffed by skeleton crews allowing them to take on one case a year, and the Google-tier customer support that entails.
> I never see regulatory bodies demand money or powers.
It happens quite often after a big failure. I've worked in government myself as a contractor and seen huge amounts of waste while completely failing what they were supposed to be doing. I left after a few months (I was asked to stay) because I was utterly disgusted by it.
> That's private companies and law enforcement, respectively.
Law Enforcement most certainly, but private companies that just isn't true.
Maybe if you are at some large corporation, however generally waste at large corporations I've seen is due to having to cancel projects because of situations changes e.g. I was working on a large project to that was to integrate the platform with Russia, that got cancelled for geopolitical reasons.
Most private companies aren't large corporations though and most work is done by a few super stars in the company.
do they still make ot worthwhile for developers? are any on the payroll still?
i think the community should mobilize to sign up for adopting A single fork* as the official fork and completely drop mozilla from existence.
* only criteria should be the fork that is most convenient for all the other forks to just point to instead of mozilla and continue to ship with their patches. and that one fork should have the minimum resources to respond to security disclosures in place of mozilla, nothing else as a requirement.
More importantly that fork should be what other forks base off of. Anyone can put a skin on a browser, but someone needs to do the engine. If every fork who wants an engine improvement goes to the one place there is some mass behind making the fork real, and the other forks can still to their skin if they think it useful. That one fork also means that when mozilla comes out with a new version there are enough hands to merge (at least until Mozilla diverges too far from the fork)
the first part of your comment is exactly what i said.
the second part, it looks like you ignored my whole comment.
there should be no more mozilla. if they exist by means of opensource contributors. i question if they have their own developers on payroll still? which might be slightly harder to replace.
>it seems daft to me when others suggest using forks with no well-established governance of their own
Yes, it may be that we are jumping from the frying pan into the fire. On the bright-side this opens up an opportunity for a company, or a suite of companies, to fund an alternative browser. Such an entity might have Signal at its lead, or similar, who's mission is solely to "tighten up" the software stack on which it runs.
> I should point out, it seems daft to me when others suggest using forks with no well-established governance of their own, essentially shifting trust from an organisation at least answerable to certain regulations, to individuals with no proper framework or guidelines
Individuals that care about these things have a far better track record than any business with employees, bills to pay, and investors.
Until that individual tires of the work, and then stops working on it completely or sells it to someone with less scruples or the project gets hijacked by malicious actor.
> I should point out, it seems daft to me when others suggest using forks with no well-established governance of their own, essentially shifting trust from an organisation at least answerable to certain regulations, to individuals with no proper framework or guidelines.
That just shows that trust in Mozilla has sunk below "random stranger" levels. IMO that shift is entirely deserved.
The context to keep in mind here is that Mozilla purchased an ad company back in June. They spent money on it, and they will move to earn a return on investment.
Absent that context this could just be another tone deaf policy choice that gets rolled back when there's enough heat, but with that context in mind it's far more likely to be them laying the legal foundation to incorporate Anonym's targeted advertising into Firefox.
From the Register article about the acquisition:
> Arielle Garcia, director of intelligence for ad watchdog Check My Ads, told The Register in an email that she's generally skeptical of claims about privacy-preserving ad technology.
> "For example, how do Anonym’s audience capabilities, like their lookalike modeling, jibe with what Mozilla considers to be 'exploitative models of data extraction?' The data that is 'securely shared' by platforms and advertisers to enable ad targeting and measurement have to come from somewhere – and there’s more to privacy than not leaking user IDs."
This is not the first time Mozilla bought an ad company, last time it was Qlikz. And last time it cost them most of their German users. Wonder how many users they will lose this time.
1. Is github the best place to report bugs / issues for Waterfox?
2. When (not in your lifetime obviously) Waterfox is broken, what canaries do you have deployed that we can archive now, like Mozilla's tell here?
3. What keeps waterfox afloat? Where/how do you accept funds?
4. How do I find a sync alternative or provide my own? Such that, I'm not reliant on Mozilla sync/backend?
... If none exists, how much would it cost for you to embed one? Would you accept a serious bounty for it assuming the focus is self hosted / no Waterfox backend services?
> When (not in your lifetime obviously) Waterfox is broken, what canaries do you have deployed that we can archive now, like Mozilla's tell here?
This is so melodramatic. It’s a set of patch files applied to the Firefox source tree. If an evil maintainer hatches a maniacal plan to collect user statistics and deletes the patch that removes telemetry or whatever, you can just `git revert`.
When Mitchell Baker took the reins, Mozilla became rather more heavy-handed towards us - the irony being that Waterfox was once proudly displayed on the Mozilla website under their "Powered By" banner.
I appreciate the constant existential wobble Firefox faces, but they've made some peculiar decisions as of late.
On one hand, they're finally implementing features users have been clamouring for ages (tab groups, vertical tabs and the likes) - on the other, rather odd policy choices.
I should point out, it seems daft to me when others suggest using forks with no well-established governance of their own, essentially shifting trust from an organisation at least answerable to certain regulations, to individuals with no proper framework or guidelines.
I've done my best with Waterfox over the years to have it represented by a proper legal entity with policies to follow; so if anyone is interested take a look.
Edit: FWIW I've written some more thoughts on it here: https://www.waterfox.net/blog/a-comment-on-mozilla-changes/