As much as I identify with the motivations behind this post, it's utterly out of touch. The author complains about the realities of ad-supported business when the truth is that the for-pay browser market died out over a decade ago because it simply was not a sustainable way to operate a business. Even if Microsoft hadn't begun giving IE away for free, someone else would have eventually - they'd swoop in with their VC money, demolish the browser market entirely with a pricing race-to-the-bottom, and then explode like all startups do and leave us screwed. At least when Microsoft did this, they kept shipping their browser afterwards (other than that IE development pause... sigh.)
Ideas like intentionally fragmenting the userbase (with some absurd idea like 'PrivateFox') merely contribute to the issues he highlights; if revenue to fund development is scarce, why would you actively undermine your revenue base and waste resources on the product that is destroying your revenue? It's absurd, no sane organizational leader - moral imperative or not - would ever do this. Mozilla cannot do this.
Hypothetical revenue sources like crowdfunding and intentcasting are great, but it would be utterly irrational for Mozilla to switch wholesale to some new unproven revenue model. Even if it works for a while, eventually they run the risk of scorching the earth (like how Zynga and co completely obliterated viral pathways on Facebook, effectively destroying their revenue streams).
If you want Mozilla to adopt a new business model, you'll need to find a new business model that will actually work at their scale, then prove it works. They can't afford to undermine their extremely important efforts (on Firefox, etc.) just to satisfy your curiosity and desires for an ideal world.
How much can I up vote this? There has been actual research into how much people value their online information (clicks and so forth). The result from one study is a median of 7 Euros (about USD10; http://arxiv.org/pdf/1112.6098.pdf). Not much to build a business on.
It is indeed disturbing that Mozilla's finances depend so much on advertising. No matter how well-intentioned the folks at Mozilla Foundation/Corporation might be, it's difficult for human beings to avoid getting side-tracked when their wallet are running thin and there's easy money up for grabs out there.
But I don't think the author's suggestions are compatible what what we (or at least, I) want Firefox to be, either.
1. Spinning off a variant named PrivateFox just sends the message that the regular Firefox will no longer respect your privacy. It will also make regular, free, not-private Firefox users second-class citizens of the Internet. People deserve to have their privacy protected, regardless of whether they can pay or not. In fact, people who can't pay (minors, the poor, citizens of oppressive third-world regimes, etc.) are often in need of the most protection. Moreover, even if you can afford PrivateFox, the payment creates a paper trail that might negate the benefit of using PrivateFox.
2. Crowdsourcing sounds cool, but only if everyone benefits. There's no point in creating "The World’s First Fully Private Browser" and keeping it proprietary. If there exists technology to improve everyone's privacy, it should be included in every copy of Firefox by default.
3. Intentcasting is an interesting concept, but in the context of a web browser it sounds like just another "Ubuntu sends my searches to Amazon" debacle waiting to happen. If I want good privacy, I probably don't want to tell faceless multinational corporations what I want to buy, either.
Unfortunately, the only alternative that I can think of is a variant of Wikimedia Foundation's annual donation drive. As a long-time Firefox fan, I would certainly donate as much as I can. (Is there someone at Mozilla who can give creepy stares in a banner ad as well as Jimmy Wales does?) But again there's a problem: Mozilla's budget is several times the size of Wikimedia's (300MM vs. 80MM), and I'm not sure that the moral value of Firefox, although significant, exceeds that of Wikipedia. Mozilla needs to be seriously trimmed down if they're ever going to be supported by donations.
> No matter how well-intentioned the folks at Mozilla Foundation/Corporation might be, it's difficult for human beings to avoid getting side-tracked when their wallet are running thin and there's easy money up for grabs out there.
As a former Mozillian, I can't begin to describe how inaccurate this is. Discussion of money, or revenue, were relatively rare compared to the things that Mozillians actually care about. Here's a list of things that were discussed about 100x more than advertising revenue:
- building the mozilla community
- open source
- rust and servo
- where to go for lunch
- javascript performance
- keeping the web open
- making firefox builds fast
- firefox memory usage
- proprietary codecs vs vp8
The lack of interest in pushing Persona forward has made me wildly change my stance on Mozilla. Third party authentication is an important building block of the web which is currently dominated and virtually owned by Google and Facebook.
Persona does everything right, yet it is not being pushed forward anymore; I have my doubt as to whether it ever was. In "keeping the web open", it is such a low hanging fruit I simply don't understand the complete disinterest behind Persona - is Mozilla just waiting to see if a protocol with a cuter name comes along?
Unfortunately it isn't solving a problem that people have.
You answered this dilemma in your own message. Websites are using Google, Facebook, Twitter, GitHub, etc... for logging in. This solves a problem for publishers that want extra info on the user without asking (e.g. their email, their avatar) and users that care about privacy are simply siloing logins - e.g. I'm not connecting with Facebook for work related issues and I have a Google and a Twitter and a GitHub account too.
And surely, if it were popular, then Persona would be a good alternative. Unfortunately it has a chicken and egg problem.
> The lack of interest in pushing Persona forward has made me wildly change my stance on Mozilla.
Persona is simply an example of a product failing due to lack of interest and resources are limited - if you care so much, I'm sure they'll let you contribute ;-)
I care a lot (see my other answer below). I've - successfully - pushed for Persona with all of my clients, I sell it as "Sure, I'll do Facebook authentication for you. I'll even add Persona auth for free, your Firefox users will love it!". Clients love free features.
I also push for it very hard in open source projects. This is where the change needs to happen. Wiki software such as mediawiki for example is ubiquitous, if it can be automatically configured to present the user with a Persona option a lot of people won't bother disabling it and will see it as a nice bonus.
And unlike OAuth, Persona can be readily available with zero configuration! It doesn't need API keys, that's the beauty of it!
They pushed Persona pretty hard (and integrated it into their properties) for quite a while. Nobody cared; everyone prefers privacy-compromising login services like Facebook Login. The battle's lost.
They didn't push it hard enough. Persona leveraged nothing from Mozilla, save brand-by-association, and even that feebly.
Imagine Mozilla Persona being named Mozilla Login (recognition barrier down), being an integral part of the browser, just like Chrome does with Google Login (first use barrier down) and integrating seamlessly with Google and Facebook logins (registration barrier down).
I'd wager the user counts would be a significant percentage of Firefox users, making Mozilla Login a first-class citizen of Web Authentication APIs and breaking the chicken-and-egg problem. From there on, it'd be expectable that technical superiority could carry it to the top.
> Imagine Mozilla Persona being named Mozilla Login (recognition barrier down)
We actually did some testing along those lines, and it came back pretty negative. When "Mozilla" was too prominent, people did not expect it to work with other browsers, and wouldn't even attempt to use Persona.
Thanks for the enlightenment. Did you not consider going for adoption by regular Mozilla users, and only then try expanding to the wide open internet? I have the feeling that by trying to tackle everyone at once you ran into brand recognition problems.
The question must be asked: Does Persona have any chance of being used, in that context?
This branding issue can be compensated by having the browser pull out a dedicated login interface, or by really leveraging the known Mozilla brand (accepting the negative aspect you presented, which is inescapable). Without compensation, it is indeed a lost cause.
I'm a long time Firefox / Thunderbird user on Windows / Android & Linux and I've never heard of "Mozilla Persona", which is a shame becasue it sounds pretty good.
Except that they never got to the stage where a third party could put it on their sites and not have a reliance on Mozilla.
You _still_ have to pass verification details back to the Mozilla servers in order to discover whether the login information you're passed is valid, which (a) means that Mozilla can track all of your users and (b) slows everything down.
This is going to put any large site off of relying on it.
nope, the verifier implementation was always (and still is) open. we recommended against standing up your own verifier since the best practices and processes for securing a verifier weren't known, and the verification process hadn't stabilized. If you have a strong commitment to maintaining your own verifier, you can run one.
I don't get this mindset. It was pushed for barely a few months. Firefox took years to even come close to making a serious dent in the market share. Should they have given up after a year and said "The userbase has spoken and prefers IE"?
Persona as an alternative needs to be there and officially supported by Mozilla. I know they use it internally and "support" it, but the way they stopped all forms of promotion towards it etc makes it sound as if the protocol is abandoned.
Who cares what trendy new oauth2-based method RandomBlog#123 implements? Open source in general is very incremental. If it's there and solves a problem, it is a tool in the software engineer's belt. When it becomes apparent that companies don't permanently support their oauth2 "customers" and revoke all their API keys etc and Business asks "we can't have that happen again", then Persona becomes attractive. When updating the "log in with facebook" buttons will become tiresome because of social networks changing every few years, suddenly "logging in with the browser itself" becomes relevant.
It's an opportunity and they don't see the gain in it, but this is what "Keep the web open" is all about. Preventing every website in the world to depend on Google and Facebook's good graces. Protecting users from the really, really stupid password auth system.
Well, they could either push that or push their phone OS. I think their FxOS is kind of more important battle.
The battle for federated authentication is kinda lost already. Big centralized authentication are a major advantage for both the authenthication providers (lockin) and users(information and assets provided) and consumers(ease of use).
I mean a sign in with Github is kind of awesome. You can authorize Travis or Circle to scan your repos and do their magic. Could Persona allow something like this? I kinda doubt it.
Sign in with Facebook allows you to see who of your friends is playing.
> Could Persona allow something like this? I kinda doubt it.
It's not meant to. Persona is not meant to replace OAuth as a data provider but as an authentication method.
When you log in with a third party auth, you don't necessarily want the site to have access to all your personal details. The reverse is also true: when you want the site to have access to your details from ShadySocialNetwork1952.ru, you don't necessarily want them to handle authentication for you.
OAuth was originally designed for sharing data. The way it works though allows for federated logins as all you are doing is checking that a person is who they say they are.
Users won't get that. Hell I'm a layman (security wise) and I don't get that.
I do get a shiny icon that says sign-in and it pops a window that says I should login with given info.
EDIT: Thanks for downvotes, but I'm trying to demonstrate that those that use authentication won't really understand or value the complex background/guarantees of Persona.
No worries, I was speaking towards those that did downvote me.
And that is kind the crux of the issue, this protocol was a no sell to users and it didn't offer any incentive to the developer. To paraphrase your previous statement, it wasn't chicken and an egg. It was an chicken and an egg versus a goose and a golden egg.
People would pay for information/services (I think it gives you your friend graph + poking your friends) that FB connect allows you to have for free. Its users are 'taught' because developers made those logins ubiquitous, because more info on the customers. Or tighter integrations with services like Github. Or easier login experience (like StackExchange).
Maybe it's also just a case of an unfinished project. They got something partially working out the door and called it done. Now they've decided the resources should be dedicated to something else. Without improvements, maintenance and (as you said) promotion, it will never take off. Once it's been around long enough without taking off, people will use that to justify not supporting it.
Except one thing: it requires cash (SSL cert[1]) you're stuck with the google/facebook/etc-style situation of having to rely on a 3rd party to maintain your identity.
It's not a popular opinion here where most people have well-paying tech jobs, but real identity and privacy on the net is something the retired, disabled, unemployed, single-parent, and other poor people need as well. Without solving this problem fist, you are simply incentivizing the current status quo and dooming any new scheme to fail.
[1] No, that SSL cert is not "cheap" when you have to live on SSDI that doesn't even cover rent/food/etc fully. The domain itself is less expensive, and can be sub-delegated between a few people.
Uhm... Persona certainly doesn't require its users to buy SSL certs. How many people are actually affected by your use case there? How many app developers are gonna go: "I'm working on my app and I want persona, but .. damn! 10 bucks a year! Can't afford that for my app that's going to be used by millions of users"
"The support document, provisioning page and authentication page must all be available over HTTPS, and the server's SSL certificate must be certified by a trusted CA whose certificate is in the standard Mozilla certificate bundle."
I suspect you're still stuck in the "users will just use somebody else as their identify provider" trap. We've seen where that leads - it gave us Hotmail, GMail, Facebook, G+, "MS passport", and the like. Persona, on the other hand, correctly allows anybody to host their own identity - iff you can pay for it.
"millions of users"
Stop with the narrow thinking - that's not the only use-case for encryption, as the internet is not a many-to-one medium like TV. The personal website I put up for my friends should be encrypted, just like everything else we send over the net.
A domain costs about $10 a year. A RapidSSL cert costs about $10 a year. A StartSSL cert can be as cheap as $0 a year. I wouldn't say SSL certs are that expensive.
And if you can't use HTTPS, nothing on your site is secure, so fussing over which authentication system you're going to critically compromise seems a bit academic.
Spoken like someone who has never had to live in bay area on <$1500/month. SSDI (social security disability income) doesn't pay much, and rent for a tiny, crappy appartment in CA eats up a lot of that. $10-20 extra means not eating for a few days.
A domain is free, if it's delegated. It's also something many people already have.
StartSSL is not an option (had problems with them pre-openssl-mess; absolutely not an option now).
This stuff misses the point, though: REAL privacy (not relying on a 3rd party like facebook) is
a selling point that is becoming more popular "post-snowden". While I assume technical challenges can be made point-and-click easy over time, requiring cash is a hurdle that will shut out MANY people. Evidence: free email vs minor-fee/year email.
Right now, any competing service is already up against the hurdle of trying to get people to switch from what they currently use (facebook, google). The idea of not being tide to a big company is enough to overcome that hurdle, for at least some people. Requiring cash scraps that window of opportunity, sometimes for actual cash-availability reasons, and others for perceived reasons.
Thank you for thinking about and alleviating the memory usage problems. Firefox has seriously improved in this regard and now runs decently even with pathological numbers of open tabs (Yeah, I know.).
I'd appreciate it if downvoters could point me towards the standards body that oversees the VP8 standard. Apparently I just missed the news when it was submitted to an independent standards organisation…
(This debate makes me appreciate how RMS must feel trying to educate people about the difference between free-as-in-beer and free-as-in-freedom)
"In May 2010, after the purchase of On2 Technologies, Google provided an irrevocable patent promise on its patents for implementing the VP8 format, and released a specification of the format under the Creative Commons Attribution 3.0 license.[6] That same year, Google also released libvpx, the reference implementation of VP8, under a BSD license.[7]"
Every codec's situation is unclear. MPEG-LA doesn't provide indemnification either, and they would be stupid to do so.
As an example, there are license pools for MP3, and companies generally pay them. Yet over the course of several years, German customs cleared out displays with mp3 players at Cebit because their creators didn't know that there's another patent to license.
Now, that isn't too bad for someone providing indemnification: It would be a matter of the pool paying that third party, and including that in their future pool fees.
"Unfortunately" a patent holder is generally allowed to control distribution entirely (eg refuse to license to any single party they dislike). Indemnification in that case would probably mean reimbursing the costs of development and production (and maybe lost future income).
None of that changes the fact that it is proprietary. Free to use does not mean the same thing as non-proprietary. The definition of VP8 is entirely defined and controlled by a single corporation (Google), not by a standards body.
For example XUL is proprietary, even though the specification is available under a CC licence, because it is controlled by a single vendor, not an open vendor-neutral standardisation process.
Unless VP8 has been submitted to some standards body that I'm unaware of it remains proprietary. Evidence of such a submission and ratification is the only thing that would be relevant to this discussion. The licence of various implementations, or any patent grants are irrelevant to its status as proprietary.
And yet, strange to say, anon1385's definition is routinely used to describe Google Native Client as proprietary; and particularly by Mozilla partisans.
Just to emphasis that, here is the (former) top man Brendan Eich on the topic:
>"Proprietary" as in "sole proprietor" is appropriate for a project with zero governance, launched by Google after some incubation closed-source, dominated by Googlers.[1]
Which sounds exactly like VP8 to me (even libvpx for that matter).
That is a page about software implementations not standards. We are talking about standards.
For example, there are various implementations of both H.264 and VP8 that meet that definition of non-proprietary software. The licence of those implementations has no bearing on the status of the standards themselves. I could write a proprietary, closed source VP8 or H264 encoder and again that would make no difference at all to the status of the standards because it would just be an implementation.
>You are, apparently. Why do you think that's what anyone else is talking about?
This thread started with the quote "proprietary codecs vs vp8". That is clearly talking about standards not implementations. The very post you replied to talked about standards, standards bodies and ended with "The licence of various implementations […] are irrelevant to its status as proprietary".
>H.264 is patent-encumbered.
I've no idea what you are getting at here. You seem to still be confusing standards and implementations. Are saying that software that is affected by patent claims must be proprietary? x264 is proprietary? LAME is proprietary? ffmpeg is proprietary? Are you aware of the huge number of extremely broad software patents that have been granted? Just about any non-trivial software will infringe some patent or other.
>Are saying that software that is affected by patent claims must be proprietary?
Yes, I'm saying that if a piece of software cannot be freely distributed and used because of intellectual property laws, it is proprietary.
>Are you aware of the huge number of extremely broad software patents that have been granted? Just about any non-trivial software will infringe some patent or other.
In practice, it all depends on to what extent the patents are enforced. Real-world usage of "proprietary" reflects practicalities.
and "VP8" is a standard not an implementation (libvpx is an implementation). So the original comment was not clear, but in the context of Mozilla pushing VP8 as video standard for the web it would be very strange if the original poster had meant implementations rather than standards. Unless Mozilla are advocating that everybody use a specific implementation of VP8, but that would be hugely hypocritical and inconsistent after their war against WebDB/SQLite.
>Yes, I'm saying that if a piece of software cannot be freely distributed and used because of intellectual property laws, it is proprietary.
I think that is a ridiculous definition. That means all VP8 implementations are proprietary[1]. In a world of submarine patents and patent trolls your definition of proprietary is meaningless because any software could become proprietary at any time when a previously unknown or unenforced patent starts being enforced. Additionally, it's a definition that is very location specific - many of these software patents are not valid or recognised in most of the world. I don't have much interest in the US legal system being forced upon me by people obsessed with US patent law when I'm not a US citizen or resident.
>and "VP8" is a standard not an implementation (libvpx is an implementation).
It's apparently called "libvpx" internally, but the project page refers to it as "the VP8 video codec, a high quality, royalty free, open source codec". http://www.webmproject.org/docs/vp8-sdk/index.html
>So the original comment was not clear, but in the context of Mozilla pushing VP8 as video standard for the web it would be very strange if the original poster had meant implementations rather than standards.
No one on this thread besides you has said anything about standards. The original comment included "proprietary codecs vs vp8" on a list of positive things Mozilla has done, which also included other implementation-specific things like "javascript performance".
>Unless Mozilla are advocating that everybody use a specific implementation of VP8, but that would be hugely hypocritical and inconsistent after their war against WebDB/SQLite.
Mozilla is, in their own browser, using a codec (read as: implementation) which isn't proprietary. This has two positive effects: it keeps Firefox from becoming proprietary; and it also helps push other browsers to implement the same video format (either using the same codec or not), which helps increase the format's marketshare, meaning that more videos on the Web can be viewed using a non-proprietary codec (implementation).
>In a world of submarine patents and patent trolls your definition of proprietary is meaningless because any software could become proprietary at any time when a previously unknown or unenforced patent starts being enforced.
It's not meaningless, it's just somewhat fuzzy. I think you're committing the continuum fallacy here. A piece of software which I can only use if I pay the patent owner a million dollars is clearly proprietary. A piece of software which is more than 20 years old is clearly not proprietary (unless it's proprietary for copyright reasons), since any patents would have expired. In between are some gray areas, but that doesn't invalidate the overall concept. As a practical matter, it's useful to only consider software proprietary on patent grounds if there is a specific patent holder who has asserted a specific patent against it.
>Additionally, it's a definition that is very location specific - many of these software patents are not valid or recognised in most of the world. I don't have much interest in the US legal system being forced upon me by people obsessed with US patent law when I'm not a US citizen or resident.
So, you think it doesn't matter if people in the US can't see videos on the Web without paying for a patent license as long as it doesn't affect you directly?
>Nokia have actively brought cases against HTC over some of those patents.
Wikipedia mentions that a German court ruled against Nokia.
Just read the reviews. I left in 2011, before the FirefoxOS stuff had really kicked off. I can believe the strategic direction complaints in the reviews, but I didn't experience it too much myself.
Sorry if I came across as arguing that Mozillans care more about money than about the great things you mentioned.
But one doesn't need to care a lot about money in order for money to become a major factor, perhaps unconsciously, in your long-term decision-making. I remember there being public anxiety whenever there was doubt about whether Google would renew the search deal. Over time, that kind of anxiety takes a toll. Perhaps it's less of a concern for ordinary employees, but top-level executives definitely think about money a lot. $300M/yr is a lot of money to take for granted.
> perhaps unconsciously, in your long-term decision-making
That's why long-lived organizations have internal checks and balances. Even if the individuals eventually fail sometimes, the organization can identify and self-correct.
> That's why long-lived organizations have internal checks and balances.
Checks and balances are for preventing individuals' interests from swaying the organization. They're useless when the whole organization's interest, or even survival, is at stake.
Mozilla is almost completely dependent on its partnership with Google, and apparently, the majority of Mozilla's board members are okay with this. And of course this decision has everything to do with the fact that 90%+ of the organization's revenue would evaporate if they refused the partnership.
> They're useless when the whole organization's interest, or even survival, is at stake.
Instead of debating theoretical scenarios, wouldn't you like to describe what such a situation would look like so we could reason what layers of internal or external controls would have to kick in so the issue could be corrected?
Tor browser is made by EFF, and the only reason it doesn't threaten vanilla Firefox's market share is because tor is slow as hell.
If Mozilla made two versions of Firefox that were just as fast as each other but only one of them respected privacy, there would be no reason for anyone to choose the non-privacy-respecting version.
I am the author of Javelin Browser (javelinbrowser.com , for Android), and I think I founded a business model (that works) that is entirely opposite of Firefox's and Chrome's, VPN services. In fact, Javelin is so pro-consumer that it has Ad-Block built-in.
In less than a month, I'm edging close to 50k downloads with a good retention rate (installed users), and with revenue coming in from Pro accounts and VPN subscriptions.
The long term plan is to grab the market share by focusing on a Pro-Consumer experience, all whilst enabling a better secure and decentralised internet.
The moment they start to integrate somekind of ads (yes, I heard the rumor/plans) in Firefox they are dead. It doesn't even matter if they don't track, aren't intrusive or whatever. The users will run away.
Run away to what? An ad-supported, privacy-undermining browser like Chrome? A constantly outdated and insecure browser like IE? Safari? Don't be ridiculous.
I'm with sleepyhead - what exactly is wrong with Safari? I'm a web developer and I use Safari almost exclusively. Hardware-accelerated (on OSX, anyway), good performance, accurate rendering, no privacy intrusions.
Safari's a joke. Only runs on mac, ships support for key platform features late (and ships subpar support when it comes to things like video/audio codecs), and delivers slower performance.
I respect the JSC team a lot but Safari is an active hindrance to anyone trying to ship HTML5 games. It's just a poor-quality browser.
It sounds like you are coming from a web development direction, and are frustrated that Safari doesn't support the web APIs that you care about. As a software engineer, I can sympathize with that.
But as a user, I prefer Safari, because I find that it prioritizes user experience over fidelity to the web page. Examples:
1. Safari was one of the first browsers to ship with a popup blocker
2. Safari defaults to blocking third party cookies
3. Safari Reader cuts out distracting ads and other crap, improving nearly every article. I click it whenever I can.
4. Safari Power Saver defeats annoying animations while saving battery life
I love that Apple is able to deliver features like these, because their fortunes are not tied to advertising.
I also strongly dispute that Safari is slower. For example, I visited cnn.com with Safari and Chrome, and attempted to scroll while the page loads. Safari scrolls responsively, while Chrome and Firefox stutter until the page finishes loading. Things like scrolling performance have a much bigger impact on how my browser feels than any JavaScript benchmark.
It's true that some websites don't work well in Safari, especially HTML5 games. For pages where I want to see that stuff in action, I'll switch to Chrome. But frankly, most web pages are made more usable by disabling newer features. Chrome then becomes a poor man's opt-in.
Scroll latency has nothing to do with performance. You can achieve low scroll latency by doing scrolling and composition on a worker thread - which, IIRC, is more or less what OS X and iOS do, and is something Safari can take advantage of freely because it's not portable.
If memory serves, recent builds of Firefox (on the non-release channels) are actually starting to roll out OMTC (off main thread compositing) which delivers the same sort of 'performance' you like about Safari, while keeping the perks of Firefox having a faster parser, faster JS runtime, and modern feature set.
You are generally correct that latency is important, though. I don't know if the Chrome dev team prioritizes it much, but Mozilla recently started putting more effort into measuring and reducing latency in various parts of the browser (inattention had let latencies get pretty bad in some places.)
Safari's fortunes aren't tied to advertising because Apple already extracted a payment for every user that runs Safari. They're free to do those things like disable cookies and bundle an ad blocker because they don't have to consider the desires of content creators or generate a revenue stream via their browser. It's the same set of tactics Microsoft was free to use with IE. It's impossible for Firefox or Chrome to offer similar features without directly undermining their revenue sources.
Scroll latency has a lot to do with "perceived performance" and that's the only measure a user cares for - Chrome might be 1000x faster for SunSpider / whatnot benchmark but if it stutters and stalls when scrolling a page, users will consider it slower.
If in one browser an asm.js compiled Unreal Engine 4 game loads in 5 seconds, and in Safari it loads in 2 minutes, you better believe users will notice. JS performance matters.
Yes, they'd notice that. But how often does that scenario (running Unreal Engine 4 under asm.js) happen, would you say, on a day to day basis? Compared with trying to scroll a loading webpage, I mean. We're probably talking orders of magnitude difference, I suspect.
I use Safari as my main browser for the reasons you mention, but it is slower. It just feels like a cumbersome dinosaur compared to FF or Chrome. And the navigating back flow is less than desirable. I find myself navigating too often to a blank page, or it just seems like Safari doesn't know what to do.
Basically, it does everything great except for the actual browsing part.
I use a Mac and I am not one of the "willing to lock themselves into Apple's" crowd. I use a Mac because it's reasonably fast, exceptionally well-built and has a reasonably good Unix OS (a very good one if you count MacPorts).
IE is outdated and insecure? IE6 - IE8 could have that label applied but IE9 - IE11 have incorporated major web standards, are quite fast, and have closed many security holes. At least you gave reasons for swiping at IE, what's up with Safari?
Safari doesn't solve anything for people not willing to lock themselves into the Apple walled garden (at present, the vast majority of desktop/laptop computer users)
Modern IE is a lot better than old IE, certainly; it runs some small subset of HTML5 applications, the javascript performance is adequate, and they have a faster release cycle. However, it still updates less often than Firefox/Chrome, has a worse security track record, and introduces new features on a longer delay. Moving to IE wouldn't make Firefox users any safer or better-served.
And let's not forget IE, like Safari, is platform-locked. Safari, at least, runs on OSX while IE users have to endure Windows. Most of them don't seem to care.
I don't know the details of Mozilla's finances, but they should be treating their current income as a windfall, not as a reliable future income stream. i.e. their expenses should be significantly less than their revenue, and they should invest the balance, and attempt to create a trust which is capable of financing itself in perpetuity, in the same way as medical research charities like the Wellcome Trust.
I was kind of nodding until I read "Apple clearly cares about customers (witness the success of their stores, and customer service that beats all the competition’s"
Well... While they certainly focus their care on some kinds of users, I have nothing but stellar things to say about their customer service. All my Apple machines have longer productive lives than my other computers.
Hmm. Here's another business-model idea for Mozilla, just off the top of my head: allow people to set a price on their privacy, and take a cut.
- People who are really worried get to set the price to a level no-one will pay; other people maximise revenue,
- Mozilla's incentives are aligned with users rather than advertisers (because they have to work to prevent giving away private information for free if they want to sell it).
I share the anxiety with the author, but what else one can choose if no Firefox?
Chrome now pushes Google Now down every throat, Opera has Google set as a default search engine and doesn't allow to change that, Safari is Mac only, IE is hard to customize and lacks addons. Others are often unusable/unstable or lack crucial features (codecs, synchronization).
> Opera has Google set as a default search engine and doesn't allow to change that
You mean the search bar when opening a new tab? True, that's always Google. But if you go to settings, the third thing from the top is managing search engines, and setting the default to use for things entered in the address bar :)
Another red flag Doc doesn't mention here is the fact that Mozilla now requires extraordinary knowledge to disable JavaScript in Firefox.
There are broadly useful reasons to have this available as a toggle in the common UI (such as when you want to save an image from a site that uses JavaScript to prevent right clicks), yet it's hidden inside of the cryptic (to most users) about:config.
And why might this be? There could be several reasons all in play at once, including an attempt to protect users from themselves (think: The Nanny Browser), but I would just point out that the advertising infrastructure Mozilla increasingly relies on, with its cross-site user tracking, leans heavily on JavaScript.
It would appear that with that as a counter incentive, Mozilla has chosen to side with the ad networks, instead of with the users, in choosing which options to expose for easy control.
Ordinary users do not want to disable JavaScript. Hell, they don't even know what it is. Advanced users like you can still use NoScript or about:config.
This was exactly the explanation from Mozilla side and it makes sense. The reason for the decision was people telling "my internet stopped working" (white pages) once they've disabled JS by accident.
Too many people mistakenly disable JavaScript every time a Java vulnerability hits the news, and there was a period not too long ago when a new Java vuln seemed to appear every other week. It was around this time that the "disable JavaScript" option disappeared from Firefox.
It's an interesting thought: should we be dumbing down everything or just engaging in a bit of education instead and helping people understand what JavaScript does and its use on web pages?
The manual for my car mentions things that must be done for maintenance. They don't dumb it down. Meanwhile in computer land we hide all options and dumb everything down to "protect" the user.
There is a difference between being easy to use and molly-coddling. It is a difficult balance to get it seems!
> It's an interesting thought: should we be dumbing down everything
This is not a case of "dumbing down everything", the ability to remove javascript is still there, what is not there is one (of formerly 3) often inadvertently used method for it.
> The manual for my car mentions things that must be done for maintenance.
Disabling javascript is not maintenance, it's a significant structural change in the browser's abilities, like removing the car's suspension. And it makes no sense to put that as a switch on the car's dash.
If you want something used by millions of people, you have to make it as simple as possible. Insisting that people learn about the invisible internals is more likely to put them off using it than to result in them learning.
If you want to continue that, you could consider the manual to be about:config. No one is stopping you from reading the manual or going to about:config, but it's not required.
>> Ordinary users do not want to disable JavaScript
But sometimes "ordinary" users do need to disable Javascript. Wouldn't it make more sense to put in a pop-up "Disabling Javascript will potentially break lots of websites. Are you sure? Y/N"
It's perhaps a tempest in a teapot, since these ordinary blokes will simply follow a different set of connect-the-dots instructions they found while searching for "how do I save an image from XYZ website?"
No, it does a terrible job at explaining this. The browser's job is to display the webpage under the constraints set by the user, "javascript off" being one of the common constraints. If the page works incorrectly under this constraint, this is the problem of the webmaster who created it. The whole idea that Javascript is absolutely necessary for browsing is what's killing Internet with extremely slow websites and makes it insecure.
But when you say "one of the common constraints", do you have any figures for how common? How many people as a %age of Firefox users, for example, switch Javascript off? If it's less than 5%, removing the checkbox is a perfectly fine decision.
JavaScript is not slow. If I set a constraint "Don't use the letter 'e' on this page" and the text is garbled, is that the fault if the webmaster? Disabling the letter 'e' intentionally is very uncommon. If Firefox ships the option, they will have to support all the people who complain that pages are broken because they forgot or didn't know about the "feature."
I think if you want to disable JavaScript, you probably know what about:config is and how to use Google...
I think it does make sense to hide an option that pretty much breaks most of the Internet. As long as it's still in about:config I think that's reasonable.
By the way, you can download any image on the page from the Media tab in Page Properties, if I remember correctly.
It's actually a pretty bad development that most websites will no longer function without javascript. Graceful degradation was once one of the hallmarks of good tradecraft, and imo it should remain that way. The server should adapt to the client, not the other way around.
If you turn off javascript, most sites become at best read-only. A good chunk don't work at all or partially break in ways that make the site unusable even for viewing (e.g. flickr).
I'm trying to think of sites of that degrade nicely. I can only really think of HN and gmail.
I don't need to show any counter examples. I'm not the one that is saying that most websites don't work without javascript. Show me some evidence that greater than 50% of websites are broken when JavaScript is disabled, and I'll listen. No such evidence will be provided though, because it's a ludicrous claim.
FWIW: I've been using NoScript for years, and it's clear to me that the vast vast majority of sites work fine with JS disabled. Most of them work better with JS disabled than with it enabled.
- browsers don't support feature 'x'
- some browsers support feature 'x'
- all browsers support feature 'x'
- websites start relying on feature 'x'
- browsers change feature 'x' from being easy to switch off/on to defaulting to 'on'
- browsers remove easy facility to remove feature 'x'
That's a pity. Ideally websites would work with clients both new, old and configured to explicitly leave out eye candy and things like javascript. Of course there is a price to pay in terms of user experience and it is more work to keep your website alive across many different browser versions so I can see the reasoning behind this. But it violates the spirit of be strict in what you send but liberal in what you receive. If what you receive is the message that 'javascript isn't wanted' then you should respect that and make your stuff work without. Of course there are websites where javascript really is a must but if I want to use my bank website without javascript (to get rid of all the unnecessary pop-ups, overlays and other bs) and I find out that it simply doesn't work anymore then that's disappointing.
So, mozilla obviously did the right thing here in hiding a feature that 'nobody' uses anymore but it is merely the last nail in the coffin of the non-programmable browser.
And for some weird reason I find a browser that does not have the ability to execute downloaded code a good thing.
Well as a developer it's easier to just assume JavaScript will be there. For example, imagine playing a game in a browser without JavaScript (yeah CSS can come close, but not close enough for my liking).
It was an example. Any 'app-like' content, like games, video/music players/calendars, etc. will and should fall apart when it's main language is disabled. Of course some pages incorporate JS to achieve better looking UI, but I can't imagine going back.
It's kinda like wanting to have National Geographic without the pictures.
Yes, so do I, but time and again the world speaks and tells me "You disable javascript and cookies by default? What kind of a weirdo are you? No site for you, fuck off"
Turning off JS ruins the internet. I say this as an avid NoScript fan (been running it for nearly a year) - the vast majority of websites will fail (often mysteriously) with JS disabled, even if you use some curated whitelist. You need a lot of technical knowledge and debugging sense to figure out what you can/can't disable.
That's why I stopped using NoScript long ago. Things should just work, and NoScript doesn't let things just work. It'd be good if it had a list or something, but I have no clue what it would actually block/allow, since that's specific to the user's purpose.
I enjoy the challenge of figuring out how to disable some parts of site. It's a trial and error affair, but very interesting sometimes. It helps you realize how sites are built.
Removing the settings option for javascript was almost certainly not a move for advertising/tracking. The simple fact is, too many web pages are turning into web applications, so turning off javascript has no use on the modern web. Therefore they took away the option.
Since we're on the topic. I wish they would at least create an option that makes the javascript part operate in a way that I don't have to disable PaX on Firefox. It is both the most critical desktop application to be protected and one of the very few that can't be. Even X.Org works fine with PaX these days.
PaX prevents pages from being marked executable if they were ever writable, even if they are first (or simultaneously) marked non-executable. This means that no JITs are compatible with PaX.
Not allowing pages to be simultaneously executable and writable has a lot of merit, but the stricter restrictions of PaX are a hard sell. It would be nice if PaX had an option to just disallow pages that are simultaneously writable and executable.
It would be interesting to see a model where processes that were very restricted via the Linux Capabilities framework were allowed to execute pages that were once (but no longer) writable. This would allow programs such as browsers to run JITs in OS-level sandboxes.
Edit: actually, I wonder if PaX allows shared pages that are executable in one process and writable in another. That would be another interesting model.
"PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000." [1]
Yes you could, if you knew about it and trusted it.
I think there's a spectrum of skills, not a binary split amongst user skills. Hard to say where the average user is with disabling JavaScript, because skill levels are multidimensional.
While I disagree with article, I do wonder, what should Mozilla do to not suffer the shrinkage further?
On other side there is Google which can advertise their own browser on their site, plus there is IE which ship their browser with Windows. How do you compete with those?
Right, but in my opinion lately they have gotten a lot of better, but their userbase isn't following suit.
Right now their only slight fault is probably their dev tools aren't as sharp as Chrome, but performance wise it starts, and works equally or better than Chrome.
It was a lot better than IE6/7 when I started using it. It was still a log slog to make 1% gains in market share. People didn't even think of browsers as an application you can replace. It was just the internet.
Firefox won by being good enough that users nagged other users into replacing IE. They definitely were and I think we have FF to thank for a lot of the improvements to the web. I love it when companies compete simply on being better. It's probably more controversial, but I appreciate Apple for the same reason. They don't use "crutches" like corporate support, lock-ins or cheap prices. For the most part they set out to make something people will want to buy with their own money even though its more expensive.
I think Apple are losing mobile phone market share for the same reason. That strategy sets a high quality bar. You need to be substantially better than the competition. When it works, it pushes the whole bar up and everyone benefits, even consumers who choose the easiest/cheapest option.
Maybe Firefox's smartest strategy isn't 'make the best browser' anymore. I'm not going to call on them to abandon it though. I say try to make the best browser and if they fail, c'est la vie.
> I love it when companies compete simply on being better. It's probably more controversial, but I appreciate Apple for the same reason. . They don't use "crutches" like corporate support, lock-ins or cheap prices.
These sentences kinda don't add together. You're telling me that Apple with their walled garden was without lock-in and that they won on quality?
What you're describing are large leaps. Large leaps can't happen constantly. I feel there is quite literally a hard limit to what leaps you can make, in one domain (basically low hanging versus high hanging fruits). Compare Chrome to Firefox to when it was when it came out, and compare it now. The difference has evaporated. On the other hand Chrome has steadily gained user base at a very high rate. It's delusional to thing it was only made on basis of having a good product. Eich was right, winning against net super powers will be THE TEST for Mozilla.
Anyway, I think Mozilla is working towards that goal, but Mozilla can't make make that leap if we don't support it now.
Apple has lot of products and subsequent strategies, hence controversy. :)
I didn't mean it in a very wide sense. I'm not sure how the walled gardens fit into my story/observation. I don't like walled gardens, but I think it is tangental. I mean it in the context of a person buying a gadget (ipods and/or ipads make a good example)
The other hardware companies will tweak a product to be have the biggest screen, RAM or HDD (whatever feature retailers are highlighting ) at some price-point and they'll do it at the expense of the battery or some feature shoppers are not looking at as closely right now. They'll create a product just tailored to buying managers' checklists. Apple don't do this. They won't compete on price or checklist features.
I don't want to idealize them too much, but I think Apple do a lot less of the above than most. They generally win by making some something people will want enough to pay for with their own money at a price that gives Apple their fat profit margin. Sometimes it's by "inventing" a category like the last big string of big wins. But, for a long time people have been buying Apple laptops at a premium price. No major category invention just consistently good quality of software and hardware.
I hope I'm not drinking kool-aid. I'm not even mush of an Apple consumer (more of a windows avoider) but I think they do keep and artistic integrity like a Jazz band that chooses not to make a trendy pop record. Mot people prefer (by definition) poppier music. But, from a certain perspective there is a greeter victory in making a popular Jazz song than a popular pop song, if you're a jazz band.
I'm not sure if that's the optimal strategy for being successful (though it obviously serves Apple) but I think that's the kind of competition that improves a market.
Back to FF. I really appreciate them. They won by being awesome and making using the web better. Faster, prettier. They had tabs. They had awesome plugins like firebug that helped developers and helped a lot of non developers understand how the web worked. They had lots of plugins that showed people they could customize their web experience. They proved that OSS could be awesome for users.
My perspective is that of a fan. From that perspective, I'd like to see FF succeed or fail by trying to be the best browser. If that conflicts with being a more popular browser or more profitable one, I'd like them to choose "best browser." If they are handicapped because Chrome has better access to users, I still want them to compete on being the best. I would rather see them die trying then surviving because they figured out a way to get more ad revenue at the expense of user experience. That's obviously different to the investor/owner/employee perspective.
As for support, I don't think they can raise the kind of money from donations they can make in advertising. I like the PrivatefFox crowdsourcing idea.
How? By caring about browser more than about politics.
It's quite disturbing to see Mozilla evangelists like Heilmann spreading some dubious ideas and sometimes plain FUD around.
Here's an open letter from me: fuck you and your cancerous spyware. Advertising ruined TV, and businesses like yours are hell bent on ruining the web, too.
Here's a novel idea: build something people want to use, not something that helps scamming people into buying something they don't need.
> They should probably start with dropping their yak shaving shenanigans (Rust, Persona et. al.), nice toys as their are.
So, you are saying that Mozilla should stop having long-focus technical efforts to develop technologies to support the future of the open web, and leave long-focus technical development to the commercial browser vendors? Seems to me that might help the balance sheet in the short-term, at the expense of Mozilla permanently -- and quite likely distantly -- trailing the commercial vendors as the latters' long-focus efforts come to fruition and Mozilla is forced to play catch-up, but Mozilla lacks such innovation of their own.
I use Firefox, mainly because I like it and it allows me to create my own browser with addons. I don't use Chrome, mainly because I don't like it, and it doesn't allow as much customization as Firefox; it also seems to try to prevent me from doing things that Google doesn't like, like downloading Youtube videos.
I sympathize with people's suspicion of advertising worming its way into Firefox. And as the worms bore, there's a danger that Firefox as we know it could disappear in place. If Mozilla allows its survival to depend on advertising, it will be difficult for Mozilla to oppose advertisers.
But my greater fear is that Firefox could disappear altogether. I really don't see how such a large organization of paid people (and I do not begrudge them their livelihood) can exist without either advertising, paid use, or some kind of consulting. Paid use isn't looking good. I suppose it helps that Firefox is vaguely an anti-trust antidote for Chrome.
Years ago I felt uneasy about gmail's increasing awareness of me as me. As that unease grew over the years I thought about alternatives. Eventually I chose a paid alternative, and I've been happy with it for a few years.
I'm feeling uneasy about Firefox now. Not so much about the danger of it pimping for advertisers, but about its very viability. And I'm thinking about alternatives, because as much as I'd like to, say, pay for some version of Firefox that ensures its survival, I have zero control over whether that will ever be on offer.
PrivateFox, from the article, is interesting, despite its problems, but it still depends on Mozilla's survival.
It has its own existential issues, being mainly today lack of users, which would matter later when the uzbl devs run out of interest and retire or otherwise move on. What I like about the idea of it is that it's minimal and composable, a la the Unix philosophy. The composable part would take much more work on my part than merely installing a Firefox addon. But in the end it would be possible (if difficult) to create my own browser, which Firefox and its addons make easy.
uzbl as is will never be an alternative for most web users (although some packaging of common features could appeal to a slightly larger group). But small niche projects do live on, and I'm hopeful for uzbl.
My other alternatives are along the lines of text browsers like lynx or links2, but those are options for a true, advertising/surveillance dominated web dystopia. Still, they're on the list. (And you web developers should be using them now, to see what happens for users with accessibility issues, or who just can't or won't use javascript.) https://en.wikipedia.org/wiki/Lynx_%28web_browser%29https://en.wikipedia.org/wiki/Links_%28web_browser%29
They have policy against downloaders, but they only apply it if it's used on their product (YouTube) and allows it for other sites. And Chrome made it hard (for the not tech-savy users) to install extensions from outside of Web Store. So basically they are blocking chrome extensions that conflicts with their interests.
I vaguely remember (it's been a couple years) installing an addon to download videos, then trying to download a yt video and being told "no." Sorry, that's the best I can remember.
That sounds like a problem with the addon, not chrome. Or the addon forcefully limited itself due to the web store's policies.
I'll give you that the chrome web store is a lot less open than mozilla addons but chrome's infrastructure certainly doesn't prevent you from doing what you want. (Source: I do it)
Does anyone here remember how Firefox started? It was one guy who was sick to death of how bloated the Mozilla browser had gotten, and just wanted something that worked. PrivateFox is essentially the same thing, except instead of a bloated browser platform, we have a bloated world-wide web, and we're trying to "thin it down".
What Doc is suggesting is not only spinning up yet-another-Firefox, but that we should have to pay for the privilege of having a browser experience which isn't incredibly annoying and frustrating. I'm from the Open Source community. We don't pay for our code, we download it for free and give it away, because it's just what you do as a good person. It's given away by people on their personal hosting or by university mirrors and other donated resources. What we don't do is try to extort cash from users so that they can have a half-decent experience getting and using our content.
2. The web is not consumer culture
It seems that Doc is certain that the way we currently consume content on the web is good, and permanent, and we have to work around what's on the web and how business is done today. Doc shows many examples of how we should pay for our web content - either in a proprietary browser, or crowdfunding, or 'direct consumerism' - consumer culture without the need for advertising, essentially.
I didn't get on the internet to pay for a web browser that gives me the privilege of non-annoying content. I got on the internet because somebody paid to provide me a service, either out of generosity, or after being paid by me for some other good or service. Game servers funded by game sales. Journals funded by the top 1% of power users. Chat servers hosted by donations or for free. Porn sites funded by member subscriptions (yes, I went there).
There are many ways to get paid for the services or content you provide. Advertising is the most annoying, most deceptive and most harmful way to do it. There is no reason we have to put up with the status quo and accept ridiculous websites with shitty content and a bad user experience just because they're "free". I say fuck the ad industry. I really don't need most of what's on the web. If I really needed it, I would pay for it, same as with everything else in my real life.
I don't live in a home with "featured content by name brands". I pay my rent. I don't drive a free car "featuring new technology by ZomboCom Inc"; I pay off a loan. I don't drink free sodas with e-ink wifi-enabled rolling banner ads; I pay the $1 for my damn soda. There is no need to support everything you consume with advertisements.
--
Paying for a browser that specifically gives me a non-shitty browsing experience is the equivalent of telling the ad industry you love them so much you're willing to pay them off to stop the onslaught of ads. I have another way of telling the ad industry what I think: by boycotting all websites with advertising. I'm not going to miss the lack of content, either; because you can't miss what you don't know exists.
I propose a browser add-on that disables all hyperlinks to sites that are funded by advertising. This would create a smaller, more intimate, more content-oriented internet. It would encourage community and sharing, and increase the quality of content. It would reduce unnecessary noise and distraction. And it would force content producers to actually find out what users find worthwhile, and if they really want to pay for it, in one way or another.
Ideas like intentionally fragmenting the userbase (with some absurd idea like 'PrivateFox') merely contribute to the issues he highlights; if revenue to fund development is scarce, why would you actively undermine your revenue base and waste resources on the product that is destroying your revenue? It's absurd, no sane organizational leader - moral imperative or not - would ever do this. Mozilla cannot do this.
Hypothetical revenue sources like crowdfunding and intentcasting are great, but it would be utterly irrational for Mozilla to switch wholesale to some new unproven revenue model. Even if it works for a while, eventually they run the risk of scorching the earth (like how Zynga and co completely obliterated viral pathways on Facebook, effectively destroying their revenue streams).
If you want Mozilla to adopt a new business model, you'll need to find a new business model that will actually work at their scale, then prove it works. They can't afford to undermine their extremely important efforts (on Firefox, etc.) just to satisfy your curiosity and desires for an ideal world.