Hacker News new | ask | show | jobs
by autoexec 666 days ago
> Regarding analytics, I believe browsers should take user's side and do not cooperate with marketing companies

Browsers were supposed to act as agents working for the user. User-agents. These days it's getting harder and harder to find a browser that doesn't work for an ad company at the expense of the user.

Chrome's entire reason for existing is data collection. Firefox can, for now at least, be hardened to work for the user (and prevent a lot of fingerprinting), but Mozilla is an ad-tech company too now. They've made their lack of respect for Firefox users clear by making Firefox spy on users by default so that Mozilla can sell that data to marketers.

Currently, you can disable that spying in about:config by setting dom.private-attribution.submission.enabled to false (see https://news.ycombinator.com/item?id=41311479 and also https://web.archive.org/web/20240827185708/https://make-fire...). No idea how long that will continue to be an option or how often you'll have to go back and reset that back to false following updates though.

We really need a new browser that actually works in the interest of the users.
7 comments
rpastuszak 665 days ago
> but Mozilla is an ad-tech company too now.

The recent events related to FF are not that much of a shift, considering that Google pays $20B per annum to its (technically non-ad tech) partners, then 85% of Mozilla's total revenue comes from its partnership with Google. That ship had sailed long time ago.

https://untested.sonnet.io/Defaults+Matter%2C+Don't+Assume+C...

link
autoexec 665 days ago
Firefox really has been going downhill for a long time. Forcing Pocket into the browser, the ad infested new tab page, telemetry, making user accounts a thing, force installing TV show promotions, etc.

What they haven't done before is spend a fortune buying up an ad-tech start up. They barely even bother to maintain a pretense that they care about Firefox users. They basically came right out and said "We know that users don't want this, we can't convince them to, so we were right to force it on them by default and just hope most people don't notice and start complaining" (https://cdn.adtidy.org/blog/new/2wffyscreen_mozilla.png?mw=1...)

link
bad_user 665 days ago
> Forcing Pocket into the browser

Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.

Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.

Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.

And of course they want to cater to advertisers because it is advertising that maintains the open web, and it is advertising that is paying for all browser development, actually, including Safari. And the open web is also dying, because people have been moving to mobile apps, where all pretence that "the user agent must act on your behalf" is gone. In other words, even if you get what you wish for, in a couple of years it may not matter at all.

link
rpastuszak 665 days ago
> And of course they want to cater to advertisers because it is advertising that maintains the open web

As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.

We've had the means/tech to support publishers directly for years (I don't mean crypto). It's in the interest of companies like Google to keep users (and publishers, and brands) in the dark. And one of the issues here is that they have so much impact on the discourse. There are only few places, where I saw more people using ad blockers than the adtech businesses I worked with or at.

> Nobody wants to pay for a browser

True, but I don't think people would have an issue with paying for browsers if they understood the value of it. At this stage, I think the only solution would involve:

1) education 2) regulation/better legislation

link
bad_user 665 days ago
> As someone who worked both on advertiser and publisher sides (incl. content monetisation): advertisers like to say that they support publishers and the open web, but in fact, they are keeping it hostage.

I know what you're saying, I agree, as I worked (in the past) on advertising platforms as well, but both of those statements can be true at the same time.

The open web was built on advertising, but the perverse incentives in advertising are also poisoning the open web.

I don't think we've ever had a good solution. People like free stuff, and also, micro-transactions are not possible given the huge banking fees. What we're seeing, the alternative, are subscription-based services behind closed hardens, and mobile apps whose ads can no longer be blocked, so here we are.

I also think that Google isn't the greater evil, because Google has an incentive to keep the web going. For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.

link
hn_version_0023 665 days ago
> micro-transactions are not possible given the huge banking fees.

We can change this via legislation. The “financialization” of everything feels related to the adtech conundrum.

Bringing banks to heel for the good of society is long overdue IMO.

link
thisislife2 664 days ago
> micro-transactions are not possible given the huge banking fees

Look up papers on UPI - https://en.wikipedia.org/wiki/Unified_Payments_Interface - it is heavily used for micro-transactions in India.

link
hakfoo 664 days ago
The problem with micropayments goes beyond the finances.

It's a major friction point.

How do you set up the payment relationship the first time? Maybe you can get it down to one click, at best, with stored credentials.

When you consume content, you still have to track expenditures, whether it's a prepaid credit balance draining or an invoice building up. Every pageview becomes a "is this worth 8 cents?" discussion.

A broad cooperative flat-rate programme-- Patreon on steroids-- seems the best way to manage that. The consumer signs up for the entire universe at $20 per month, and then doesn't have to think about what happens if he visits a new site, or opens 500 articles this month and 5 next month. It's all sorted out with analytics at the content-provider level.

link
codedokode 665 days ago
> micro-transactions are not possible given the huge banking fees

Cryptocurrencies like Litecoin have low transaction fees (currently less than a cent). Apple somehow manages to sell apps that cost just several bucks.

Also, in Russia, a Fast Payment System allows transfers up to $1000/months without commission, however these terms are available only to personal transfers and not for business. But it shows that low-cost transfers are possible even in traditional banking system.

link
rpastuszak 665 days ago
> micro-transactions are not possible given the huge banking fees

I actually worked on several projects like this and we found a few ways of making this work. A simple example would be having a wallet you can top up, so you can pay per article. The fee was _roughly_ 2x the CPM for a post, and the cost for an average user ca. $5 per month IIRC. There's a bunch of companies doing this stuff, but their usual issue was scale/publisher relationships. After a few years of trying and 3 companies later I ended up in a situation where this wasn't a problem. Apologies for being vague here.

> I also think that Google isn't the greater evil, because Google has an incentive to keep the web going

True, but the web Google wants to "keep going" is _very_ unlikely the same as the one that's good for users. Chrome or Android serve as storefronts, hence consent assumed by default (think Manifest V3, FLOC, etc...).

Example: think of the deal they signed with Conde Nast (and earlier Reddit). Nowadays, Google has exclusive access to search results from Reddit.

> For instance, what happens with local newspapers, when they die, besides depriving ad networks of revenue, is that the audience of these newspapers moves to walled gardens like Facebook. The failure of advertising on the web right now results in more centralisation.

I witnessed it in 2010s when working with publishers (EU, UK, and some US-based). It wasn't much different than what happened during the "cookiegeddon" around '17 '18 (IIRC): moving to new platforms, pushing towards subscriptions, bundles, or focussing on premium/high quality content.

The publishers I spoke with (again, as a vendor working in publishing and then, later, in adtech) generally would be more than happy to drop the ads if we had any other way to let people pay for stuff without using dark patterns (e.g. subscriptions people tend to forget about).

The only people who created pushback were not even their advertising partners, it was _their own sales people_, responsible for pushing their inventory via direct sales. It makes perfect sense, from a people/internal politics point of view. I'd be happy to elaborate on that, but it's getting a bit late!

People like free stuff, but they're also happy to pay for stuff if they understand its value. Imagine walking into a coffee shop and asking for a free americano promising that you'll stare at their ads on your phone for 5 minutes. (This idea only makes sense if you're running an adtech / marketing startup.)

Then, we have more interesting examples like The Guardian, where many of the people supporting them did so because they wanted _other_ people to have access to it.

So yeah, I agree that people like free stuff, and that the current situation is messy to say the least, but I think we need to take a step back and reconsider the things/ideas we take for granted.

link
greenchair 665 days ago
When I was a kid you could buy a browser in an electronics store :)
link
Y_Y 665 days ago
> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.

People didn't like Pocket as a product. It wasn't as if they just didn't like it because Firdfox wanted to make money out of it.

Sure they should diversify, but with something that isn't otherwise (so) objectionable. Like their VPN, or sponsorship, or just let go of all the upper management.

link
krzyk 665 days ago
What people? Do you have source for that?

Anectodal one: I liked it.

link
autoexec 665 days ago
> Fun fact: by subscribing to Pocket, you're directly contributing to Firefox's development.

That's not true. It isn't directly supporting anything except surveillance capitalism. Allowing yourself to be exploited in that way may indirectly support Firefox, but it's not the same thing as direct support.

Firefox users have literally begged Mozilla to let them actually directly support Firefox's development in the form of donations explicitly for that purpose alone, but Mozilla has always refused to allow it.

> Mozilla found itself in a situation of damned if they do, damned if they don't. People scream at them for depending on Google, and then they scream at them for trying to diversify their revenue.

People scream at them when they involve themselves in surveillance capitalism so yeah, spending a ton of money that could have gone into firefox development to instead buy an ad company so they can start spying on us while we use the internet isn't helping.

> Nobody wants to pay for a browser, browsers are essentially incredibly complex nowadays, and I have yet to hear how in the world are browsers supposed to get funding.

Are web browsers more "incredibly complex" than linux? I don't understand how people assume that web browsers are impossible to develop without selling users to the marketing industry while somehow linux and countless other open source projects have never once needed to do that.

Mozilla could at the very least try letting users pay for firefox development like users have been asking them to before they jump to selling firefox users out to the ad industry.

> And of course they want to cater to advertisers because it is advertising that maintains the open web

Advertising doesn't maintain the open web, it poisons it.

> And the open web is also dying, because people have been moving to mobile apps,

That's because many people don't own even computers anymore. Even where computers haven't been entirely replaced by devices that are designed for data collection and mindless content consumption, the cell phone is the computer that people have with them at all times. The dire situation around computing in general wouldn't be so bleak if we could get some decent and affordable mobile devices that weren't designed to spy on us, but I guess you might see it as that spying being what maintains the computer industry.

link
chipdart 664 days ago
> Firefox really has been going downhill for a long time. Forcing Pocket into the browser, the ad infested new tab page, telemetry, making user accounts a thing, force installing TV show promotions, etc.

It might be just me, but I find Pocket quite useful and interesting. That, and syncing user accounts across browsers. It's extremely convenient to just stash a link that you can later open while browsing the web on your browser or sitting at home with another laptop.

I guess you can try to make an argument about that being better served with extensions, but that would be missing the forest for the trees. Meaning, extensions are intended to provide third-partied with a convenient way to add custom features and behavior. That is just wasted effort if it's Firefox wanting to add a feature.

Also, you don't need to use any of that if you don't want to. No one forces you to. At most, it takes a couple of clicks to hide the toolbar button. Is that what you call "downhill"?

Frankly, this blend of criticism sounds like grasping at straws. Some people sound like all they want to do is complain about something, and proceed to work backwards to try to find something anything to complain about. This stance is particularly baffling when taking into consideration how god-awful Chrome and Edge are.

link
AyyEye 666 days ago
Mozilla is a Google vassal and nothing more. Google analytics? Check. Firefox Safebrowsing sending your private tab traffic to google? Of course!

https://spyware.neocities.org/articles/firefox

Mozilla only has their Google billion$ in mind, not you. https://digdeeper.neocities.org/articles/mozilla

link
dheera 666 days ago
> Google analytics? Check.

Add this to /etc/hosts

    0.0.0.0 www.google-analytics.com
    0.0.0.0 google-analytics.com
    0.0.0.0 ssl.google-analytics.com
link
_Algernon_ 665 days ago
Firefox doesn't respect hosts by default. An about:config option needs to be toggled for this to work.
link
shadowgovt 665 days ago
Fascinating. I wonder what the history is of Firefox deciding to ignore hosts? Hosts has been standard since the early days of the Internet.
link
jhpacker 666 days ago
With GA4, the tracker code is loaded from www.googletagmanager.com (even if the tag isn't loaded via a GTM container). The measurement requests can be sent to (region1|www).google-analytics.com or analytics.google.com (to share cookies with Google login better).
link
tommica 666 days ago
Is it as simple as this?
link
dogecoinbase 666 days ago
Unfortunately no. The entire point of DoH is to bypass the ability of the users to prevent browsers from providing browsing habits to their owners.
link
TacticalCoder 665 days ago
> The entire point of DoH is to bypass the ability of the users to prevent browsers from providing browsing habits to their owners.

It is the entire point of DoH indeed, while hiding behind the idea that is somehow prevents the state/ISP from knowing which sites you go to (which it really doesn't).

There only one way to get best of both world:

    - force your browser to never ever use DoH / DoT: force good old, in the clear, DNS over port 53

    - run your own local DNS resolver (I run *unbound*)

    - only ever allow DNS port 53 to/from your machine and your local resolver (I run *unbound* on an old Raspberry Pi)

    - have your DNS resolver use DoH
This way you get the imaginary protection that your DNS traffic is "encrypted" between you and your ISP: I mean, it is encrypted... But it's an illusion to believe it prevents your ISP / friendly-state-after-your-well-being from knowing which sites you visit.

But you also get full control over which domains can be resolved or not.

As a sidenote unbound supports "wildcards" when blocking domains, which is sweet (as opposed to your typical OS's hosts files, which doesn't support wildcard).

FWIW I've configured unbound to return 0.0.0.0 for the millions (!) of (wildcarded) domains I'm blocking and then I use dnsmasq, locally, to convert any 0.0.0.0 to transform into NXDOMAIN. It's versatile and I like that way.

It's Linux so you set that up once and it works for years.

link
bluejekyll 666 days ago
No, that is not the entire point of DoH. That’s like saying the entire point of TLS is to prevent users from looking at the traffic being sent to a website.

DNS without DoH, DoT, or DoQ, is wide open to anyone snooping traffic in the raw, that’s not necessarily information you want to share with the world.

link
autoexec 666 days ago
Which (for people not handing all of their DNS traffic over to google anyway) usually just means that their ISP can see their DNS traffic which is kind of a moot point because your ISP can see the domains you go to even with DoH.

If somebody is on your local network capturing packets or they've cracked your wifi you've got bigger problems than your DNS leaking a list of domains. They'll also see the IP of every server you visit online anyway

The way DoH is implemented usually means that all of your DNS traffic is collected by some third party for-profit corporation like cloudflare anyway (who admittedly will already know most of the domains you visit anyway because of how often cloudflare's IP space is where DNS will point you).

There really aren't any good options for DNS and privacy, just a lot of compromises. Host your own. Or, if your ISP is trustworthy, you might be better off using what they provide. The DNS traffic between you and your ISP's servers should never leave their network.

link
chgs 665 days ago
DoH is pushed by goggle et al to ensure you continue to provide your data to them.

The browser should respect the OS. The OS should respect the network (dhcp/slacc). If you want to override this then that should be an active choice by the user.

I am quite happy with my OS using normal dns (via WireGuard when out) to my dns server which blocks bad domains before they even reach my firewall, I don’t need DoH, although I have no problem with that as a concept.

What I don’t like is my browser taking away my choice and breaking the model. It should defer to the OS (and I can’t see any time I wouldn’t want it to defer to the OS)

link
Xelbair 665 days ago
The entire point of DoH is to take away control of DNS from the OS vendor to the browser.

There were other encrypted standards(dnscrypt for example) that didn't require you to do that, but the one that bypasses the OS was forced by adtech monopolist in charge.

link
pwdisswordfishz 665 days ago
> That’s like saying the entire point of TLS is to prevent users from looking at the traffic being sent to a website.

In the case of mobile apps, it is.

link
grishka 666 days ago
DoH and similar technologies don't override /etc/hosts. They're just a different way of making DNS queries. The entire point of these technologies is to prevent your ISP and everyone else along the way from knowing which websites you visit.
link
autoexec 666 days ago
> DoH and similar technologies don't override /etc/hosts.

It seems that it does:

https://bugzilla.mozilla.org/show_bug.cgi?id=1544233

https://github.com/StevenBlack/hosts/issues/968

https://old.reddit.com/r/firefox/comments/e64073/dns_over_ht...

https://www.liquidweb.com/help-docs/Fixing-Firefox-Bypassing...

https://superuser.com/questions/437649/firefox-not-taking-no...

https://stackoverflow.com/questions/37452361/why-is-my-hosts...

link
roelschroeven 665 days ago
DoH means that each application does its own DNS queries, instead of using the OS's functionality. Whether that includes reading /etc/hosts is up to the application, and it looks like high profile applications like Chrome and Firefox don't read /etc/hosts.

> The entire point of these technologies is to prevent your ISP and everyone else along the way from knowing which websites you visit.

More correctly, the point is to shift all that from one organization to another. Maybe you trust Google or Mozilla more than you trust your ISP, but I don't think it's the same for everyone.

You could even argue that your ISP can already see which hosts you connect to, so using it's DNS resolvers doesn't add much information for them. Using DoH means that both your ISP and another party can see that.

link
dotancohen 665 days ago
Since the application itself is making the DNS requests, it is completely building the relevant OS networking features, including hosts file support.
link
cyanydeez 665 days ago
Power balance is how relationships always evolve. Browsers are basically politicians at this point and they are easily swayed by the power of the dollar and have varying degrees of requirements to side with the users.

Google, of course, has rammed chrome into it's primary place.

link
kilolima 666 days ago
I just switched to Libre Wolf, seems like a pretty good Firefox replacement but without the malware.
link
ineptech 665 days ago
> Mozilla is an ad-tech company too now.

I'm sorry, this seems egregious. I agree that it should've been off by default but I challenge anyone to read how the implementation works (not just the blog post and the FUD responses to it) before calling it a giveaway to the ad industry: https://github.com/mozilla/explainers/tree/main/ppa-experime...

FF is currently a key tool in the fight to avoid a Google-top-to-bottom future, and before we start the meme that it's gone to shit we should be really really sure that's actually true.

link
codedokode 665 days ago
It is ridicoulous. Why do browser developers cooperate with ad companies? They were supposed to protect us from them.

It gives no benefits to end users. Ad companies will not stop using old methods, they will just add one more method.

I hope responsible Linux distributions will patch this out and disable by default.

A fair model would be if this feature was opt-in and if Mozilla paid to the users who enabled it.

> The purpose of this API is to provide a privacy-first design for advertising companies to be able to measure how advertising drives conversions. That is, answering the question of whether advertising effectively achieves its goals, such as increased sales.

Not my problem. I don't earn anything from their sales.

link
axolotlgod 665 days ago
It really is disheartening to see so many technically-inclined people berate the one browser that is preventing Apple/Google hegemony. The expectations set upon Mozilla and Firefox are so unrealistic it's laughable.

Firefox is rock solid, open-source, backed by a great organization (which has recently reinvested additional resources in it) and a joy to use imo. Also, the levels of vitriol that even the slightest bit of anonymous telemetry incurs is unhelpful and I encourage people who hold that viewpoint to really interrogate it.

link
codedokode 665 days ago
While Firefox is great, they should not sell their userbase to Facebook with such proposals. If ad companies want to know about ad effectiveness, they must pay the users for collecting the data, not collect it for free without asking the user.
link
nuker 665 days ago
> FF is currently a key tool in the fight to avoid a Google-top-to-bottom future, ...

Right now is actually Safari that prevents it, like it or not. Especially iOS one where users have to use it. Firefox is rounding error in this fight.

link
autoexec 665 days ago
Ultimately, the problem is that entire premise is deeply offensive. I do not want my browsing history being monitored, collected, sent to third parties, and sold to marketers in any form period. I do not want a browser using my data in any way to support surveillance capitalism.

The implementation is just FLoC/Topics API all over again and it's still not compelling. The first kick in the teeth comes right at the start where the entire thing is predicated on data gathered from having an ad shoved in your face.

> At impression time, information about an advertisement is saved by the browser in a write-only store. This includes an identifier for the ad and whether this was an ad view or an ad click.

I do not want ads. Ever. Like many (likely most) firefox users, I go to some lengths to prevent them from showing up in any form. Now that firefox is going to be profiting directly off of firefox users seeing and clicking on ads they will certainly degrade our ability to prevent them.

It then involves sending my data to third parties so that it can be aggregated. Then my browsing has to be monitored to identify conversion events. None of this is acceptable.

Here's what their Cookie Monster paper says:

> User perspective. Ann browses various publisher sites that provide content she is interested in, such as nytimes.com and facebook.com. Ann does not mind seeing relevant advertising, understanding that it funds the free content she enjoys.

I am not Ann. I very much mind seeing advertising, relevant or not. I do not understand that if funds "free content" I enjoy. If I need to be exploited to pay for something, that thing it isn't "free" and if it's infested with ads I do not enjoy it. The entire thing is based on a fantasy where users find this acceptable. We don't and it isn't. If we did, we'd probably all just be using chrome.

> FF is currently a key tool in the fight to avoid a Google-top-to-bottom future

Why should we care if Firefox isn't Google if both are just going to exploit us?

link
ineptech 665 days ago
You're preaching to the choir, but even preaching needs to be truthful and I don't think calling Mozilla ad-tech or suggesting that it's just as bad as Google is remotely true. This is where "the perfect is the enemy of the good" comes from.

I mean, what do we have now? Google and a bunch of middle-man ad techs are hoovering up everything they can get, including a crap-ton of stuff that browsers can't affect at all, and wink-wink-promising that they anonymize some of it in some cases even though no one can verify that. A world in which the subset of that data that passes through a browser has been provably anonymized would seem to be strictly better, even if you still don't like it.

link
autoexec 665 days ago
> You're preaching to the choir, but even preaching needs to be truthful and I don't think calling Mozilla ad-tech or suggesting that it's just as bad as Google is remotely true.

Mozilla is literally an ad-tech company. They bought and now own an actual ad-tech start up, they are partnering with Facebook to develop and implement protocols like DAP, and they are currently working on turning firefox into an ad platform that will deliver reports of people's browsing history to marketers in exchange for money. In what way are they are not an ad-tech company exactly?

I'll admit that they aren't as bad as Google, but they're heading in that direction and they've also only just gotten into the ad-tech game. It took Google a long time to get as evil as they are now.

Rejecting firefox because of Mozilla's new role as an ad-tech company and their insistence on exploiting firefox users isn't the perfect becoming the enemy of the good. Surveillance capitalism isn't good. Maybe standing up for ourselves and our values by saying no to spying from Firefox will cause Mozilla to look to other options. Even if it doesn't, it will keep us from being exploited and tarnished by our participation in their decline.

I've been a firefox user from the very beginning. My first browser of choice was Netscape. I hate that the enshittification of firefox is here, but I won't ignore it any longer. We still have a few alternatives like librewolf that provide the benefits of firefox without the recent corruption, and there's some hope on the horizon with ladybird too. The internet is only in the sorry state it is now because we've conceded too much to advertisers. We need to start holding ourselves and the software/services we use to a higher standard or it's only going to get worse. If Mozilla suddenly wants to be a part of the problem, I'll leave them behind while I look for a new solution.

link
ineptech 665 days ago
What browser do you use?
link
autoexec 665 days ago
Until they pulled this recent spying stuff I was a firefox user, but now I'm testing librewolf, zen browser, and brave. I might give Basilisk a try too. I'm also keeping an eye on ladybird but it looks like it isn't really ready yet.

Ultimately on the desktop I'll need something based on firefox because it can be hardened better than anything else I've seen and my work has me regularly dealing with some nasty websites.

I still have to find some options for mobile though.

link
sebazzz 665 days ago
> Firefox can, for now at least, be hardened to work for the user (and prevent a lot of fingerprinting), but Mozilla is an ad-tech company too now.

That still isn’t a great reason to then keep using the even worse option, being Chrome, instead.

link
crooked-v 665 days ago
Safari does a decent job of that, especially with Apple pushing an increasing number of privacy features by default. Of course, that comes with it being as a feature of an expensive hardware ecosystem, rather than an independent product.
link