| > I think this is fine. We are hostile. Maybe we should just embrace it. Once you're seen as hostile, you'll see countermeasures applied that target you. You don't get to act with impunity, and since Firefox is not coming from a place of power (their market share isn't enough to force the issue), Firefox will take a lot of damage. Possibly enough to kill it as a choice for most people. > expect this situation to improve though. Curbing fingerprinting for the sake of privacy will necessarily entail normalizing all browsers to the point they can no longer be used as identifying bits of information. It's impossible to do so while not making browsers the exact same. The browser you are running, possible even the version of the browser you are running, will almost always be trivially accessible as long as there are actually different browsers to choose from with actual different implementations. Think about it, even if the actual API space is identical in usage and result, there will still be differences in how the underlying code run, with differing performance and timing characteristics. We live in an age where it's best practice to do security operations in constant time operations just so things like a password auth can't be used to determine someone's real password by how quickly it fails and many attempts. Without throwing away all performance criteria for everything and relying on other browsers to as well (it does no good to hire yourself as the only one acting this way), you can never rely on the browser you're using being anonymous if you want any JS usage at all, my guess is something similar applies to DOM and CSS as well, even if somewhat harder to capitalize on. > We have a huge advantage in the form of control over our computers and what software they run. That advantage is worth nothing in the larger scheme of things. Facebook doesn't care what you do. But they do care about Firefox affecting ~7% of people visiting, and if Facebook and a few other high profile sites both ban Firefox and start up with their own rhetoric and narrative about Firefox, Firefox is dead. Other sites will use that as an excuse to do the same. At a minimum people that want access to these sites will install a separate browser, but most will likely just switch browsers, either initially or eventually. Then we're left with the best current choice for privacy dead, and everything has been set back years because not only have people switched to less protective browsers, but there's been a clear showing of power and others are going to be less likely to push against that for fear of the same outcome (and let's be honest, Chrome has at best mixed incentives). > That's true but there's nothing wrong with a revolution. A revolution you can't win is a disaster for all those except those in power, who now have convenient targets to go after. |
This is already the case for uBlock Origin and filtering extensions in general. Sites deploy blocker blockers. Users deploy blocker blocker blockers. It's a never-ending arms race at this point.
> and since Firefox is not coming from a place of power (their market share isn't enough to force the issue), Firefox will take a lot of damage. Possibly enough to kill it as a choice for most people.
It doesn't have to force anything. It just has to keep working despite any interference. If uBlock Origin can get away with it, surely Firefox can too.
> Think about it, even if the actual API space is identical in usage and result, there will still be differences in how the underlying code run, with differing performance and timing characteristics.
Surely there are ways to mitigate these side channel attacks. If it can be done in other systems, it can be done in the browser as well.
> Without throwing away all performance criteria for everything and relying on other browsers to as well
It doesn't mean throwing away performance, it means matching the performance and output of the more popular browsers.
> But they do care about Firefox affecting ~7% of people visiting, and if Facebook and a few other high profile sites both ban Firefox and start up with their own rhetoric and narrative about Firefox, Firefox is dead.
Probably not. We already have at least one browser with ad blocker included and enabled by default even on mobile: Brave browser. It doesn't just block ads, it replaces them with its own advertising system in order to steal their market share. Not sure if it's possible to be more hostile than this and yet Brave browser is growing.