Does "No Surprises" mean I won't find unwanted Firefox extensions pre-installed by Mozilla that are impossible to remove and only serve to reduce privacy by opening up new unwanted avenues to access my input and broadcast it over third party non-mozilla private networks? Shouldn't I at least be able to opt-out of a private video service running on a third party server that I have no terms of use or privacy policy covering?
"All changes must be ‘opt-in’, meaning the user must take non-default action to enact the change."
Right, just like I "opt-ed" in to Firefox Hello.
I can't even "opt out" of Firefox Hello!
"Uninstalling the add-on restores the user’s original settings if they were changed.
I wish. Just goes to show that they're pushing an uneven playing field where Firefox Extensions are auto-installed, can't be removed, and can break all the rules. But hey, at least everyone ELSE can't break all the rules.
Funny that they won't even apply this philosophy to their own products and services that they are forcing into user installations without an opt-in or opt-out.
Firefox Hello is opt-in. If you don't use it, it will just be a button in your toolbar, it will do absolutely nothing before you opt-in, by making a call.
As a bonus: You can make video calls without ever having to create an account.
Your reply changes the definition of "opt-is". He's not saying "Hello is opt-in because you can choose not to use an active feature if you don't want to", he's saying it's not enabled unless you actually use it by clicking on it, otherwise it is an inert feature that isn't doing anything. You have to take actions (opt in) in order for it to be active. If Firefox included an extra theme with the download, but I had to specifically go in and choose that theme, it would be analogous. Ask Toolbar is not analogous, because it is operational as soon it is installed.
Sorry, but mildly put, your definition of opt-in seems to be an unrealistic one. If you think Mozilla should ask whether people want to have a change or not for every single change, then that's your prerogative, it has nothing to do with practical software development though.
"Click INSTALL to install this third party software"
I did not realize that this community had become so adverse to traditional software that asking a user before installing new software was now considered "revising definitions" and weird.
That's all I want: To be asked before third party software is automatically installed.
We used to call that adware/malware when a company bundled third party software without permission.
I consider the way they hid the "block third party cookies" option a surprise.
Mozilla is so dependent on Google and other companies' money, they can't be completely trusted to offer the best privacy out of the box.
The fact that Safari has 3rd party cookies disabled by default whereas Firefox hasn't... is both telling and sad.
Look into RequestPolicy [Continued], it prevents those third party sites from even loading data via a request in the first place. It's very nice having that level of control if you find it to be worth the time to fiddle with a few sites' request settings. I find that I prefer the simplicity in a site loaded without a lot of third party BS (and often not even CSS for sites that use a CDN for it).
This policy has zero to do with Pocket if you actually read it. It's about changing the user's search engine and homepage. Unless of course you wanted to get in a completely unrelated jab at Pocket again because reasons.
Get over Pocket. There's no closed source code included. The open source code that integrates with Pocket is never executed due to lazy loading if you don't specifically use Pocket. No money changed hands. It was implemented because users had been asking for the functionality for years and Mozilla determined that it made more sense to partner with the best in breed provider of the service rather than reinvent the service and support it on an ongoing basis themselves. You can right-click and remove it if you don't want it.
I actually pulled down the Firefox nightly code and removed both the Pocket and the Telefonica crap. Its not that complicated, however, removing it from each update is a pain, so I stopped. So it can be done, which is the point of Open Source I believe.
This policy was created in 2009 in response to the controversy when NoScript started messing around with ABP and broke functionality so that ads would display on the NoScript developer's website.
Wow, thank you for posting that. Very informative. The post and the NoScript reply [1] both raise some interesting points about how to compensate plugin authors for their hard and continued work that seem like they're still not addressed six years later. I have never really stopped to consider either compensating plugin for their work and I rely on them daily.
I doubt it, this blog post is 6 years old. Mozilla no longer have the same beliefs in this area, clearly. Just look at Pocket integration and the recent Yahoo! search engine change.
The internet is a source of constant dynamic change and the flexibility to adopt new synergies is essential to maintaining best in class shared experiences.
It's stuff like this that has an indirect effect that is much more serious than the change itself.
Not all that long ago there was a thread here about 'why those bloody end users don't keep their systems up-to-date'. Well, there you have it: because they never just get the fixes, they also get all kinds of other junk rammed down their throats, if such an upgrade does not break their systems entirely. And so the end-users get wise and stop updating their systems, resulting in systems that are then wide open to malicious parties.
I feel that I'm pretty tech savvy and in spite of that I've got a hard time clicking the 'upgrade' button next to my browser for that exact reason, it's a toss-up if it will actually do something useful for me or if it will cause me no end of misery to try to restore the situation back to working after a failed update.
I'd need a couple of extra hands to count the number of times where an update to an otherwise perfectly functioning system caused it to break and in some cases that in turn led to a complete re-install.
In tech we even have a meme for that: "If it isn't obviously broken, don't fix it!".
You raise an extremely good point that describes my feelings lately perfectly.
How do HN folks manage the inevitable change in and monetization of popular and useful products?
I'm having serious heartburn consuming updated products (e.g. Win 10 and FireFox). It seems that the forced dichotomy is Control, Ease of use, Features within 3 years: Pick two. I had been really happy with my customized FireFox and locked down Windows 7 from the control and usefulness standpoint but FF has been taking liberties that parent notes and Windows has a "new direction" than the standalone value they provided with Win 7. Now it feels like they're yanking the rug out, and constantly evaluating the large amount of technology I rely on is tiring.
Hah. I actually am very happy with my music solution (for now). I buy CDs and rip them with iTunes to MP3 on my media PC to a network drive, and then manually sync my phone. I can play it on anything by opening a folder.
The UI is essentially put in CD, wait, have music, and sync phones occasionally.
What is your current setup that you're happy with?
My entire outlay is now a single laptop running CentOS 7, a desktop as a backup machine if I kill the laptop, some earphones, a dumbphone and a USB stick and USB mp3 player in the car. I rsync the USB stick for the car periodically and that is it.
As for everything else, browser is Firefox still (ick) and the only services I use are an IMAP box and domain.
I gave up music on my phone, contact sync, email on my phone, navigation, everything. A simpler life seems to be better for me.
Your browser updates anyway, the "click to restart to get the new version" just initiates a restart. You'll get the new version next time you close and re-open anyway.
If any search engine should be the default, at least pick the best or the most privacy friendly. Yahoo is neither. On top of that it is just a relay to Microsoft Bing.
How hard is it to just ask the user which search engine they would like to use on install?
That's the wrong question. The right question is how much Yahoo paid mozilla to do this. At a guess, a lot less than the $145M that mozilla got in the past from Google.
We had multiple offers on the table, all of which had improved finances compared to the previous contract. Yahoo's offer was focused on the US, which allowed us to partner with Yandex and Baidu in other regions of the world.
All else being the same, I don't see how supporting a global search monoculture controlled by a direct competitor would have been in the best interests of the Web or of Mozilla.
What you could have done is this: change nothing for those users that had already downloaded mozilla and were happy with their results. Slamming around your users like that is for me expressly against the reasons why I'm using firefox and not one of the other browser offerings.
And I'm not exactly a google fanboy, to put it mildly.
That's fair; the intent was to only change the search setting for users who had not changed their default. I don't know the specifics around that decision, but it seems like a reasonable position; I'm not sure anything further would have been viable. Still, I get how that can seem intrusive, and I apologize for it.
At the time we landed this change, we also tweaked the search box to increase the visibility of alternative engines and make it easier to switch your default. Hopefully that mitigated some of the pain for you.
We're in a weird place. We have to make enough money to fund the engineering that keeps Firefox competitive, but we also have to stay true to our non-profit mission and ownership. Balancing those two interests is difficult, and we're not always going to get it right. For when we don't, I'm sorry.
> We're in a weird place. We have to make enough money to fund the engineering that keeps Firefox competitive, but we also have to stay true to our non-profit mission and ownership. Balancing those two interests is difficult, and we're not always going to get it right. For when we don't, I'm sorry.
That I completely acknowledge and there is absolutely no need for you to apologise, where work is being done mistakes are automatically being made. The people I'm most scared of are those that claim they never make mistakes.
Is there an easy way for users like me to simply pay Mozilla for the product?
I'd much prefer that than being made the subject of a tug-of-war between internet giants.
> Is there an easy way for users like me to simply pay Mozilla for the product? I'd much prefer that than being made the subject of a tug-of-war between internet giants.
You can always donate to the non-profit Mozilla Foundation at https://donate.mozilla.org. They do really important work, and there are legal limits on how much revenue the corporation can send upstream to the foundation.
As far as I know, Firefox only has two points of monetization: the default search engine and sponsored tiles on the new tab page. It takes roughly ~4 clicks to switch to DuckDuckGo and disable the tiles. I don't think just changing those is enough to satisfy folks, but I'm not sure how to draw that line. Basing it strictly on monetization wouldn't exclude things like Pocket, which frustrates a bunch of folks on HN.
Can I ask you to elaborate more (perhaps we should switch to email, or, ironically, Firefox Hello?) on what sorts of decisions bother you, and which are non-issues? It seems like the hot buttons for folks tend to be: Yahoo, Pocket, Hello, Tiles, H.264, and Australis. Am I missing any? What would your paid-for Firefox look like?
That seems like a poor example of something that should be opt-in. The people who would benefit most from it seem the least likely to opt-in to optional features.
True, but I would like to know that my non-Google browser contacts Googles server every now and then. If the goal is "no surprises", then users should be made aware of this feature and allowed to opt-in or out easily.
It's pretty benign. I'm not sure "warning you about potential phishing sites" is the sort of surprise they were trying to move away from. Would you consider being warned of a revoked SSL certificate a surprise too?
>Would you consider being warned of a revoked SSL certificate a surprise too?
I suppose not, but it's not the feature I find surprising, it's that it's a Google service in a browser I picked because it's not a Google product. Yeah, I know, the SSL revoking is a service provided by each of the certificate providers, so it's sort of the same thing.
Google search is in Firefox as well, but it's not surprising, it's kinda obvious really. They could do so similar with the anti-phishing/malware thing. On the phising site warning just write "This is a Google provided service, click to opt-out".
This derogatory treatment of Mozilla by hivemind consensus emerging from opinions of a vocal minority is a curious phenomena and a indicator of the increasing ideological rift in open source community. It can be roughly summarized as a conflict between deontological and consequentialist ethics. User privacy, "meritocracy", freedom from DRM/EME, etc above all else vs strategical trade-offs that strengthen competitive positions against Chrome, Edge and Safari.
How exactly destroying user's trust wrt privacy and including extensions no one wanted does strategically strengthen against competition? I would say it weakens Mozilla's position.
Pocket is small stuff. A button on the taskbar that can be removed. Or completely disabled in about:config. Surprising, but not much damage.
For me the Sync surprise was much more disappointing. They broke the feature to the extent it became unusable for me any more (unless I spend some more weekends trying to understand their poorly-documented proprietary protocol mess, which is not how I'd like to spend time).
Unfortunately the View Pocket List menu entry in Bookmarks menu cannot easily be removed. (It is there even with browser.pocket.enabled set to false). Fortunately for me that I don't access the Bookmarks menu too often to be annoyed by it.
> Unfortunately the View Pocket List menu entry in Bookmarks menu cannot easily be removed.
It will be removed if you remove the Pocket icon using the (right-click) contextual menu on the icon. The entry is not removed if you remove manually using the `about:config` way.
Related bugzilla entry[1]:
> The normal/supported way to remove Pocket works fine: Right click the button, select "Remove from toolbar".
It's not about how hard it is or isn't to disable. It's about how a lot of users suddenly wondered what scummy software they downloaded that put that button in their browser, only to be left feeling extremely dirty when they found out it was Mozilla.
It makes you wonder what other liberties they'll take to make a couple bucks and when the other shoe will drop. It has made me start actively evaluating alternatives, when previously I considered it to be the best.
"All changes must be ‘opt-in’, meaning the user must take non-default action to enact the change."
Right, just like I "opt-ed" in to Firefox Hello.
I can't even "opt out" of Firefox Hello!
"Uninstalling the add-on restores the user’s original settings if they were changed.
I wish. Just goes to show that they're pushing an uneven playing field where Firefox Extensions are auto-installed, can't be removed, and can break all the rules. But hey, at least everyone ELSE can't break all the rules.
Funny that they won't even apply this philosophy to their own products and services that they are forcing into user installations without an opt-in or opt-out.