Quote from: A on June 30, 2023, 20:26:36You don't need to audit the entire code to know if telemetry is being used. You can simply monitor outgoing web traffic, then check the part of the source

Again, demagoguery - you can't know what to track in advance, and a sleeping "dog" can sneak through the firewall unnoticed even with a DPI that doesn't know what to look for.

Quote from: A on June 30, 2023, 20:26:36In the first place, when any new code is merged it is reviewed, there are also 3rd party audit companies that review these patches

Again, pure demagoguery - you, "A", personally checked from scratch 100% of the code of a certain version of Linux (and there are dozens of them with a bunch of repositories) and all updates to it.

What we bet that you 100% did not check anything and trust third parties. And 100% unfounded. =)

Quote from: A on June 30, 2023, 20:26:36On top of that there are competitions to hack widely used software like Pwn2Own and FireFox has a bug bounty program.

And how much have you personally earned so far? What do you think, if the person who finds the holes manages to sell exploits for them on the criminal market (or he himself manages to earn orders of magnitude more money thanks to them using criminal methods) for a larger amount of money than they are paid officially and legally, will he begin to report this to the code repository?

There has long been a whole underground industry of searching, developing and using exploits on the planet. Thousands of extremely professional developers work there, many of which are an order of magnitude superior to the intelligence of employees of large companies involved in both development and search for holes in software. =)

What a naivety to believe in the reliability of software and OS today ...

Quote from: A on June 30, 2023, 20:26:36Never had this problem, though it is possible it doesn't happen on linux

I don't use Linux, but under Windows, FF has the ability to spontaneously freeze sometimes under any OS from the W7-W10 I use (the latest versions are much more often) and after being forced to delete its processes from the task manager, the next time you open it, it can spontaneously once every few months the current session with tabs will be lost, and there may be a hundred or more of them. It's not about bookmarks - there are no problems with them. Moreover, the directory for the "backup" is completely erased, which is complete nonsense on the part of those who make FF.

And I can also remember the key drawback of FF (however, it's not better in chrome) - it's impossible to combine bookmarks from different versions using standard tools (and not even third-party ones), while preserving the date / time and frequency of visits. So no clones. Complete idiocy, but it's true.

I often use different portable versions of FF/Chrome and have to switch between tabs on different PCs/laptops. Naturally, synchronization through an account does NOT suit me, because. I do not use accounts knowingly or intentionally.

All modern software is imprisoned for the secret, quiet theft of users' private data and use for commercial or criminal purposes. Nobody hates it anymore. Unfortunately, it is no longer possible to get rid of all this obsessive "service" unless you rewrite everything yourself. Naturally, I am not able to rewrite Linux, Firefox and something else. Like no one else, except for some well-coordinated commercial team working for money. And it's not a fact that they will notice all the bugs in the code. What a long-proven fact, when even the US intelligence agencies implemented extremely complex mathematical corrections, is imperceptible in the Unix/Linux repository. Seemingly harmless to most developers...

So stop demagogy and accept the fact that you are using software that is extremely hostile to you in the modern world. This is a deliberately NOT trusted environment, which is partially controlled by external mechanisms for additional authentication, but it still potentially leads to digital Armageddon. Especially given the current options for mathematical crypto-encryption, which are already potentially breaking on the latest quantum computers, which no one will advertise, of course.

Quote from: A on June 30, 2023, 20:26:36The reason why browsers can get memory hungry these days other than all these responsive websites with things like react and etc is isolation. Since the brother has to replicate resources per thread to isolate the processes. That said, not all memory is always used up as sometimes memory is set aside internally

I don't care what it looks like from a professional's point of view, what matters is how it looks from a layman's point of view - FF began to consume memory many times more than 30-40 versions ago. At the same time, there are no special visual or complex improvements in reality to read the same 1-3 kb of useful text in most cases.

Any industry gradually closes in on itself and no longer lives for the sake of the client, but for the sake of itself. So she needs to constantly prove that they are doing the right thing and that there is some "progress". In reality, most developers parasitize on clients, as in other areas of work.

Quote from: NikoB on June 29, 2023, 20:19:39And again, the stupidest answer of the Linux apologist (in which everything is also full of holes). )))
Is "A" himself capable of auditing tens of millions of lines of code from scratch? Or does he trust (believes without reason) to third parties that everything is in order there? =) Approximately how fools believed the authorities, people in white coats and some "experts" like Fauci. And now they are brazenly and cynically denied compensation for proven damage to the health of hundreds of thousands of people in the USA alone (not counting hundreds of thousands of deaths), because the criminal government illegally forbade filing lawsuits against pharmaceutical companies, although this is a direct violation of the US constitution, and lawsuits against it, to power simply ignores (again illegally).

So who on planet Earth is able to audit the code of "open" software from scratch with its current volumes? And support the audit later? 0.0001% of the population? =) And even this assessment looks optimistic? It turns out, as in other cases, "A" is a real demagogue and nothing more.

You really like your personal attacks as you feel insulting others gives you some sort of credibility...

You don't need to audit the entire code to know if telemetry is being used. You can simply monitor outgoing web traffic, then check the part of the source

In the first place, when any new code is merged it is reviewed, there are also 3rd party audit companies that review these patches

On top of that there are competitions to hack widely used software like Pwn2Own and FireFox has a bug bounty program.

QuoteBy the way, in FF, after 100 versions, the long-standing problem of losing tabs opened in the session has not been solved - they are occasionally spontaneously lost, and the sessionstore-backups folder is stupidly reset to zero, and a person, if he does not take care of the periodic backup of this folder, risks being left without working set, if he does not use third-party plugins - which steal user information ..

Never had this problem, though it is possible it doesn't happen on linux

QuoteThe latest versions of FF are memory hungry, just like chrome. At the same time, FF is still poorly compatible with some sites, especially when scaling pages with larger fonts. Formatting is always better in chrome because site builders test everything in chrome first and not in FF with a small market share.

The reason why browsers can get memory hungry these days other than all these responsive websites with things like react and etc is isolation. Since the brother has to replicate resources per thread to isolate the processes. That said, not all memory is always used up as sometimes memory is set aside internally

Quote from: Joe on June 02, 2023, 15:03:37Just because something is open source doesn't make it safe or privacy respecting. Mozilla has 2.4K repositories on Github alone and over 20 million lines of code went into developing their browser, it wouldn't be easy to audit them and unless there is financial incentive to disclose vulnerabilities, the software may have hundreds of exploits that are undisclosed and actively exploited for
years.

Quote from: A on June 02, 2023, 19:40:16People audit the code as it is added. And they do have financial incentives to find bugs. Open source doesn't always mean private, but it makes it easy to tell if

And again, the stupidest answer of the Linux apologist (in which everything is also full of holes). )))
Is "A" himself capable of auditing tens of millions of lines of code from scratch? Or does he trust (believes without reason) to third parties that everything is in order there? =) Approximately how fools believed the authorities, people in white coats and some "experts" like Fauci. And now they are brazenly and cynically denied compensation for proven damage to the health of hundreds of thousands of people in the USA alone (not counting hundreds of thousands of deaths), because the criminal government illegally forbade filing lawsuits against pharmaceutical companies, although this is a direct violation of the US constitution, and lawsuits against it, to power simply ignores (again illegally).

So who on planet Earth is able to audit the code of "open" software from scratch with its current volumes? And support the audit later? 0.0001% of the population? =) And even this assessment looks optimistic? It turns out, as in other cases, "A" is a real demagogue and nothing more.

I myself have been using FF for many years. But rather for a different reason - non-disabled incorrect black and white font smoothing in chrome since version 50. On screens with ppi below 180 (which is almost all mass-produced 2.5k monitors and almost all fhd screens of laptops), this looks the most terrible and leads to vision damage. Hundreds of millions (minimum) of people who use chrome and its clones with non-switchable incorrect black and white anti-aliasing (as well as color ClearType) on PC / laptops 100% spoil their eyesight.

FireFox since version 69 also has vague wrong font smoothing, which can no longer be switched to the normal, correct one like in XP, but there is a setting to completely turn off anti-aliasing, which saves the situation on screens with low ppi, which I use on all laptops and PCs , except for screens with ppi 220+.

Otherwise, FireFox has some advantages, but also a key drawback - it does not have a built-in auto-translator for sites from other languages, while Chrome has it built-in and works on 100% of sites, unlike plugins in FF.

By the way, in FF, after 100 versions, the long-standing problem of losing tabs opened in the session has not been solved - they are occasionally spontaneously lost, and the sessionstore-backups folder is stupidly reset to zero, and a person, if he does not take care of the periodic backup of this folder, risks being left without working set, if he does not use third-party plugins - which steal user information ...

The latest versions of FF are memory hungry, just like chrome. At the same time, FF is still poorly compatible with some sites, especially when scaling pages with larger fonts. Formatting is always better in chrome because site builders test everything in chrome first and not in FF with a small market share.

Quote from: Joe on June 02, 2023, 15:03:37Makes sense, but then why remove settings from about:config? Leave it there for the more privacy conscious tinkerers to be happy.

They are slowly switching to rust programming language. To keep an option requires the staff to reprogram everything, it isn't as simple as "keeping the option". It's like adding a new engine to a car and asking can you keep the old engine in there as well? If you don't know what Rust is, it is a memory safe programming language. (Most exploits are memory based)

QuoteJust because something is open source doesn't make it safe or privacy respecting. Mozilla has 2.4K repositories on Github alone and over 20 million lines of code went into developing their browser, it wouldn't be easy to audit them and unless there is financial incentive to disclose vulnerabilities, the software may have hundreds of exploits that are undisclosed and actively exploited for years. I agree that some browsers apply so much protection from fingerprinting that it ends up breaking websites, if you can install a forked Chromium/Firefox browser, you would have to tweak it to work well enough for you as well.

People audit the code as it is added. And they do have financial incentives to find bugs. Open source doesn't always mean private, but it makes it easy to tell if it is or isn't. You don't need to audit the entire code to simply find out of data is being sent or not. I mean let us be honest, what do you think the forks do? Audit the code and add their changes.

QuoteTheir support of deplatforming after January 6, 2021 was a wake up call to me (Look up "we need more than deplatforming" as I can't share links). I don't think a browser should take any sides in politics. In addition to that, they are also welcoming Google's Manifest V3 with open arms which will bring more disadvantages to our browsing experience. The EFF did a short roundup of the problems this brings.

Firefox has said they will still support manifest v2, they have to also support manifest v3 if you want chrome plugins to work on firefox. I don't see a problem with supporting v3 if you still support v2.

As for deplatforming stuff, that is independent of the browser. Mozilla has never claimed they will block anyone themselves. If anything, their article for deplatforming is more asking for transparency in who is promoting an agenda. Not support for deplatforming itself. If anything, their call was for if someone gets deplatformed, that is also made transparent including the algorithms. But I guess some jumped on the headline and not the content. I suggest actually reading the statement instead of just the headline.

QuoteUnfortunately, when it comes to mobile, in particular Android (iOS has Safari) I have to say we have a very sad picture where the user is either using a Chromium based browser, a browser running on Webview sharing data with Google or Firefox.  There is no real choice and any newcomer browser just ends up being another Blink based browser. Google really standardized web browsing over the last decade.

ios is even worse cause safari is the only option, all browsers are just wrappers in safari. Choice of engines for android is same as desktop, I mean lets be honest either you are on webkit/blink or on gecko. There is no realistic other option even on desktop

That said, I am actually pretty happy about engines being standardized, back in the day was a nightmare. The only thing I am upset about is the lack of addons for browsers, especially Mozilla's choice to require accounts to add custom addons (you can still use popular ones like ublock origin and stuff, most privacy ones are there. But I want more, like user scripts and etc)

Quote from: A on June 02, 2023, 10:15:22There is nothing wrong with putting settings into about:config, the easy user friendly settings are easily available for most users. And settings that are meant for advanced users are in about:config

I agree with this, however, it is wrong to later remove editing the options even in about:config. A recent example is the puzzle icon that leads you to extensions, you can no longer remove it even in the about:config settings.

Quote from: A on June 02, 2023, 10:15:22Some settings were made permanent in the rewrite simply because they don't have the people to rewrite everything. So focusing on the settings most people use made the most sense

Makes sense, but then why remove settings from about:config? Leave it there for the more privacy conscious tinkerers to be happy.

Quote from: A on June 02, 2023, 10:15:22FireFox respects user privacy just fine and that can be seen in the source code which is fully open with no proprietary components. While some browsers like Tor Browser and LibreWolf go a step further, most of the stuff is overkill for average users. Some of which may even make websites inaccessible without the user knowing what they are doing

Just because something is open source doesn't make it safe or privacy respecting. Mozilla has 2.4K repositories on Github alone and over 20 million lines of code went into developing their browser, it wouldn't be easy to audit them and unless there is financial incentive to disclose vulnerabilities, the software may have hundreds of exploits that are undisclosed and actively exploited for years. I agree that some browsers apply so much protection from fingerprinting that it ends up breaking websites, if you can install a forked Chromium/Firefox browser, you would have to tweak it to work well enough for you as well.
Their support of deplatforming after January 6, 2021 was a wake up call to me (Look up "we need more than deplatforming" as I can't share links). I don't think a browser should take any sides in politics. In addition to that, they are also welcoming Google's Manifest V3 with open arms which will bring more disadvantages to our browsing experience. The EFF did a short roundup of the problems this brings.

Quote from: A on June 02, 2023, 10:15:22That said, I am not going to say I agree with all their policies. Especially for mobile. Prior we had access to all extensions with no problem including loading our own, now you need a Mozilla account to add custom extensions. That is annoying.

Unfortunately, when it comes to mobile, in particular Android (iOS has Safari) I have to say we have a very sad picture where the user is either using a Chromium based browser, a browser running on Webview sharing data with Google or Firefox.  There is no real choice and any newcomer browser just ends up being another Blink based browser. Google really standardized web browsing over the last decade.

Quote from: Joe on May 31, 2023, 21:07:45It's a bad business idea for Mozilla, as hopping into this time machine will allow people to see how with each new large update, Mozilla was taking control away from the user and first hiding settings to about:config and then making them permanent and unchangeable. Pale Moon started life pretty much as a fork of an older, more customizable version of Firefox and that it remained. And now to have a Privacy respecting Firefox you need to put a lot of bandages on it or get Tor Browser or Librewolf, which is to Firefox what Ungoogled Chromium is to Chrome.

There is nothing wrong with putting settings into about:config, the easy user friendly settings are easily available for most users. And settings that are meant for advanced users are in about:config

Some settings were made permanent in the rewrite simply because they don't have the people to rewrite everything. So focusing on the settings most people use made the most sense

Chromium and Chrome and Mozilla Firefox and Tor Browser and LibreWolf are not the same thing. Chromium is upstream of chrome and chrome has proprietary components that are on top of Chromium. In comparison, Tor Browser and LibreWolf are downstream of Mozilla Firefox. And Mozilla Firefox does not have any proprietary components

FireFox respects user privacy just fine and that can be seen in the source code which is fully open with no proprietary components. While some browsers like Tor Browser and LibreWolf go a step further, most of the stuff is overkill for average users. Some of which may even make websites inaccessible without the user knowing what they are doing

That said, I am not going to say I agree with all their policies. Especially for mobile. Prior we had access to all extensions with no problem including loading our own, now you need a Mozilla account to add custom extensions. That is annoying.

It's a bad business idea for Mozilla, as hopping into this time machine will allow people to see how with each new large update, Mozilla was taking control away from the user and first hiding settings to about:config and then making them permanent and unchangeable. Pale Moon started life pretty much as a fork of an older, more customizable version of Firefox and that it remained. And now to have a Privacy respecting Firefox you need to put a lot of bandages on it or get Tor Browser or Librewolf, which is to Firefox what Ungoogled Chromium is to Chrome.