Expected, but meaningless if we can't drive people towards Firefox and away from Chromium products. That's something of a responsibility we all have, especially those of us invested in the safety and security (collectively, trust) of the web.
I haven't seen anything yet on whether Brave will support it, though if I'm understanding correctly, they won't have a choice since they're using Chromium. Hopefully I'm misinformed.
Judging by all the hate Mozilla gets around here, it would be nice to at least see some credit given where it is due.
Ultimately I think we must permanently return to browser ballots back by the law, like the IE bundling fallout. Otherwise friction and incentives will continue to entrench one dominant player.
Mozilla gets hate because they say they're fighting for the user and then fail to live up to that standard. People expect Google to try and screw over users, so when it happens nobody is disappointed. I do agree that this results in oddly skewed reactions, but the emotional side makes sense.
When a shirt is dirty, one stain doesn't stand out much.
When a shirt is white and clean, the smallest stain stands out.
Mozilla is one of the rare companies with a mostly white clean shirt.
It is been judged harshly, while we should rejoice that they have been doing amazing things for 20 years despite the competition being terrible people playing dirty.
If we keep doing this, they will be no more Mozilla in the world. Who wants to be the good guys if you are held up against impossible standards when your competitors are paid handsomely to destroy the world?
I know some groups that target perfect ethics: they do nothing, because it's impossible to do anything without screwing up sometimes.
I disagree. The shirt isn't white anymore but turning beige. Precisely because people let a lot of Mozilla's shit slide just because "there aren't any better alternatives".
We're not holding Mozilla to higher standards than Google - we just have already discarded Google as an option.
Not collecting telemetry that many users have explicitly stated they do not want and even turned off at every opportunity is not a particularly high standard. Not wanting advertisements integrated into the web browser is not a particularly high standard. Criticizing that the CEO salary has been increasing to absurd levels while the browser has been declining and regular engineers are facing is not holding them to a particlarly high standard. Not wanting the last remaining competitive free web browser run as a commercial project rather than a non-profit foundation is not a high standard. Mozilla chooses to be shittier and shittier. Inaction would be better.
> The shirt isn't white anymore but turning beige. Precisely because people let a lot of Mozilla's shit slide just because "there aren't any better alternatives".
There's some nuance there, too.
It's "turned beige", in part, because people refused to use it while it was still "white". Mozilla has had to make the tough calculation of whether to be pure with zero users and therefore zero good impact, or to be beige to try to get some of these fickle users back and maybe have SOME good impact.
So, basically, people aren't satisfied when Mozilla is pure/idealist, and they aren't satisfied when it's compromising/pragmatic ("If they do that, I might as well keep using Chrome!").
I'm not letting Mozilla off the hook, or giving my blessing for every single decision that's been made. But, there's probably some utility to us taking the view of "just shut up and use Firefox" for the next N years.
> Mozilla has had to make the tough calculation of whether to be pure with zero users and therefore zero good impact, or to be beige to try to get some of these fickle users back and maybe have SOME good impact.
I can't really recall any decisions made that were unpopular with existing users, but likely to lure new users in. Ads on new tabs doesn't seem like something that would bring new users in. Pocket doesn't either, since iirc you could install the extension in Chrome if you really wanted it.
Most of the controversies I remember were either to increase Mozilla's revenue, or boondoggles like their mobile OS. My major annoyance was that the increase in revenue seems like it was spent on boondoggles or weird, unrelated charity rather than going back into improving the browser.
I'm still also a Firefox user, but it's like 99% because ads are not their primary source of revenue rather than any remaining fondness towards Mozilla.
I was thinking of EME, specifically, when I wrote that.
But, also, bringing money in is proxy enough for being able to do "good" for whatever definition we'd like to use. So, money or users, I think my general point about compromising their ideals for pragmatism is still valid (not necessarily true or correct, but it's an argument that can potentially be made).
> So, basically, people aren't satisfied when Mozilla is pure/idealist, and they aren't satisfied when it's compromising/pragmatic ("If they do that, I might as well keep using Chrome!").
I suspect those are mostly different groups. And my personal take is that Mozilla did indeed make that calculation... and proceeded to sacrifice the die-hard core userbase in order to get wider appeal, but they managed to not actually get the wider audience to buy in either, leaving them with nothing.
I agree with your assessment and I always suspected that would be the case, even when these decisions were being made.
Has there ever been a case of an underdog company/product actually gaining market share by becoming less different than the market leader? It always seems like a mistake from the outside, to me. I feel like an underdog is more likely to succeed by actually being different and attracting people who would prefer those differences. Why would anyone change from what they're currently using to an alternative that is almost exactly the same?
Very true. I just like to add their strategic investment in Hubert Burda's Cliqz. A thinly disguised attempt to shut out Google ads and replace them with the ones from the Burda empire. Their mendacious user privacy rhetoric still makes me sick and is on par with what we've read in the Web Integrity Standard.
> Mozilla is one of the rare companies with a mostly white clean shirt.
No. Not even close.
> while we should rejoice that they have been doing amazing things for 20 years despite the competition being terrible people playing dirty.
I reject the "other"-ness in this comment. I was a Mozillian. I was helping do those things. The notion that I should heap accolades upon a bunch of folks who are only now affiliated with Mozilla and who were not contributing during the era in which Mozilla was doing the great things actually deserving of the goodwill associated with its name? And who have themselves been positively poor torchbearers for that name? Condescending.
2023 is the project's 25th birthday. It did amazing things for about 15 of them—by which I mean the people who made up the project. "Mozilla" is merely a legal fiction.
There's no reason your question couldn't have been posted in a relevant (sub)thread, instead of here, where it's (i) not on topic for the current subject, but (ii) looks like it could be, and therefore (iii) has the same effect as moving the goalposts.
They did shift the goalposts, but I do wonder what browser you'd recommend (and I won't make a bad faith assumption that its chrome like they did). Brave?
The browser with a built-in crypto wallet? No thanks.
I stick to Safari and Firefox. They're not perfect but they're the only modern browsers that don't use Blink, which is what gives Google the power to make moves like this.
Pocket, cliq, Push Notifications for Mozilla Blog without user consent, Mr robot, Firefox Suggest etc they are littered with mistakes and scandals and have never improved their governance or process.
I can give them a pass on technical decisions like Thunderbird or breaking extensions but when it's purely commercial it has to be judged differently.
The fact that an easter egg about a TV show makes the list of the worst things they've ever done speaks volumes. It was a bad decision, but it was not malicious and it had negligible impact on users. Google does something 10x worse every single day.
I was about to post this comment. I can't BELIEVE people are still hung up on the Mr. Robot thing. This is exactly what we're talking about in this thread when we say that HN has a strong anti-Mozilla bias for some reason.
Whenever I see this I just assume it's people that are against Firefox/Mozilla anyway and are looking for any possible excuse to shit on them. Yes, it was bad, and an ideal organization would not have done it. But it is orders of magnitude less severe than what Google does to us every day. Not even a comparison.
No but things like hiding the favicon when the audio playing notification is on the tab, changing UIs for no good reason, removing features for no good reason...these are the things that piss people off. Mostly designers making life shit for no good reasons, and then the CEO whining about low pay and constantly increasing her salary (after firing the rust team)
In a situation like that, it's not just about any direct harm that may have arisen.
It's also about the loss of trust.
That particular incident, for example, was completely unnecessary. It involved a significant display of unbelievably poor judgment, and a total lack of foresight. It shouldn't have happened.
The fact that it did happen, despite it being such an obviously bad idea, raised a lot of questions and doubt.
It causes people to wonder what other incidents, which could potentially be far worse, might happen in the future.
It's remembered years later because it involved such a major loss of trust for so many people.
Here's the thing, though. You've used several key phrases in this comment: "a lot of questions and doubt," "wonder what other incidents [...] might happen in the future," and "major loss of trust."
All valid concerns, but why post about them on the internet? Especially when it's nothing concrete--you used the words "questions", "doubts", and "might happen"? If someone is taking the effort to post FUD (literally) about Mozilla and "trust", why the hell aren't they using that same effort to post about Google or Microsoft and "trust"? Aren't those obviously much bigger problems?
Again, it's not wrong, per se, but I feel like it's bordering on some kind of astroturfing for people to complain about the fucking Mr. Robot non-story that happened years ago when TFA is about Mozilla at least signalling the right thing while Google is trying to be overtly evil YET AGAIN. I can actually type "Fuck Google" faster than I can type "Mr. Robot", so I'd have to have some kind of weird agenda or priorities to bring up Firefox's Mr. Robot thing.
While you may consider it to be a "non-story", for some of the Firefox users who experienced it first-hand, it was a significant betrayal that can't be easily forgiven. The implications go far beyond the incident itself.
I don't think that there's "a strong anti-Mozilla bias" here, as you put it earlier. The people affected by that incident, and by others, were probably among the most ardent Firefox supporters. After all, they were still using it long after so many others had already moved to Chrome.
Loss of trust is something that isn't easily forgotten, and it's a relevant factor worthy of bringing up in discussion.
I'm sorry, but it's definitely a non-story, and all this talk about "betrayal" and "trust" is sophistry.
It's a non-story because you had to opt-in to Firefox's "experiments" feature to get the extension pushed to you. Opting in to the experiments feature is *literally* granting permission for Mozilla to change the behavior of your Firefox browser remotely in between official releases. So, Mozilla had your permission to change your browser. I simply will not shed a tear for anyone who felt betrayed by something they signed up for.
And, by the way, I was also "affected" by the Mr. Robot thing because I also opted in to the experiments feature.
Furthermore, the extension did nothing harmful. It didn't even collect any data as far as I know. You know why Mozilla pushed an extension that didn't even collect any data instead of one that does? Because they were acting in a trustworthy way!
Sure, it was a faux pax. Mozilla thought they could be cute the same way a lot of old school FLOSSy, hackery, software would include amusing Easter eggs and jokes. It was inappropriate and didn't land well for a variety of reasons, but there was no reason to lose trust in Mozilla at the time, and there's *certainly* no reason to even bring it up today, years later, when just about every other tech company and computer product is trying their damnedest to spy on you, sell your data, prevent you from having root control of your devices, and squeeze subscription money out of you.
Again, Chrome starts tracking you the instant you launch it for the first time. Microsoft tracks you when you log in to Windows and occasionally re-enables tracking features that you've disabled. Mozilla pushed a silly "fun" extension to users who opted in that didn't collect any data nor make Mozilla any money.
This discussion is nonsense. If you truly don't trust Mozilla after the harmless Mr. Robot extension was pushed to you after you chose to allow them to modify your browser remotely, then go ahead and stop using Firefox- I don't care. But please stop spreading FUD.
My God, you're right. With such poor judgement, they might someday do something really awful like try to force remote attestation into the web at large.
So let's just keep using the browser from the company with 90% control of the web and ACTIVELY (see this article) trying to make it impossible for you to do things like block ads or write a web scraper just because of "some loss of trust"
There is no perfect option right now, and Mozilla will never be that perfect option because they are human and at least three people working there probably want to make some money.
So yeah, lets just keep making them irrelevant so in ten years I won't have a choice and be FORCED to use the browser that says ad blocking is stealing and spoofing your user agent is a violation of the CFAA and all this other blatantly user hostile shit.
It's such clear whataboutism, to have ANYTHING to hold against the only web browser that isn't actively controlled by the people with billions of dollars a year incentive to actually harm how you use the web.
That's not great, but it's not the same as the Mr Robot thing. That much has already stopped. This is a different thing that similarly won't happen again now that backlash has occurred. A different cause of a plane crash that has now been analyzed to prevent in the future, going back to that analogy.
And the biggest: not allowing you to contribute to the FireFox project directly but only to Mozilla which will use the funds in many other pet projects besides doing what they should be doing.
The more apt analogy in that case might be "would you prefer I decapitate you, or forget to buy you a souvenir on my road trip," to better illustrate the difference in severity between Google's and Mozilla's actions.
Announcing that Pocket would be baked directly into the browser, against the will of users—rather than being a promoted extension and despite the fact that it was at the time a completely unrelated company selling closed source SaaS and in the business of collecting telemetry—and then proceeding despite the widespread backlash doesn't bother you? Issuing misleading PR statements carefully worded to strongly suggest that there was no money changing hands re Pocket integration while maintaining plausible deniability concerning the truth, which is that there was money changing hands—that doesn't bother you? That the subterfuge was so effective that Mozilla employees themselves who were not otherwise in the know took it as a statement that there were no kickbacks involved—and then showed up in places like HN comments outright saying that there weren't kickbacks—that doesn't bother you? The fact that when Pocket was bought, it was understood and even claimed that it would be open source (just like all the other Mozilla Foundation IP), and yet we are in our seventh year after the acquisition and it's no more open source today than it was then—this doesn't bother you?
Is there any threshold for mendacity that if crossed would bother you?
It's not that I'm cool with the Pocket bullshit. It's just that I can't bring myself to more than a shrug when I put it next to Google or Microsoft.
I mean, Chrome (including Chromium, IIRC) literally collects and ships a bunch of tracking data to Google THE FIRST FUCKING TIME YOU LAUNCH THE APPLICATION.
Context matters. If Firefox did the Pocket nonsense in an environment where we had multiple decent free (as in freedom) browsers, then I'd grab my pitchfork. As it stands, I just can't feel the righteous indignation your comment is trying to rouse. It's truly NOTHING compared to the other options.
If those breaches in user trust don't bother you, why not use Chrome then? I can't recall any campaign Chrome has pushed that breached privacy as severely.
I see it differently. I couldn't care less about Pocket integration and Mr.Robot easter egg, but Mozilla became hostile toward power users and open web idealists.
They killed Weave (aka Sync 1.0; which was somewhat weird but simple enough to comprehend, reimplement and self-host), replacing it with an NIH-reeking over-engineered abomination that's the very antithesis of standard, open or public. Most people just ignored it as "that's Mozilla own infrastructure, they don't have to make it open, design it well, think of others, or anything else". I could not.
They tried to push a fundamentally flawed Persona/BrowserID standard that continued the trend to remove users from their "own" identities while claiming it's a pro-user pro-privacy move. I can see the logic, but I'm of firm opinion that it would've done more harm than good. I'm glad the project died without gaining any traction and WebAuthn (which has its issues, but where users are the source of their identities) took over. That's what BrowserID should've been, but Mozilla just went with the flow and refused or failed to fight for identity ownership.
It's things like those what made me regret using Firefox (but again, everything else is worse), not some home page sponsored links. That's where they stopped to differ from the rest for me. Mozilla used to be a beacon of doing things right even if it was challenging, fighting for a better web. And they became just another software company, that put their glorious past on all the ads (how they're so pro-everything good) while failing to live up to those high standards.
They had an user agent, but they butchered it and made it just a browser.
Firefox's usage dropping from about 30% down to likely less than 3% today, with almost no mobile usage, should be seen as a severe failure.
This failure isn't just about the product's uptake, too. It's also about the Firefox developers losing meaningful influence over the way the web evolves.
They went from A to B (exact magnitude of change is of course part of the criticism):
|------------B---A---|
anti-user pro-user
Is Mozilla still, currently, a failure at their job?
---
These kinds of discussions are frustrating to me since it feels like we've been dealt a very bad hand. But it's not just this hand, the dealer is firmly set on us only receiving bad hands in any game we play.
Like in a card game, this is the only hand that we'll get. What other corporation do we have to push these kinds of values? What other avenue do we have? It's sad that we've come to this situation, but if the choice is the currently perceived-to-be-failing Mozilla and no Mozilla, I pick the failing Mozilla.
Didn't they try being just a non-profit and it failed? IIRC they had to establish a corporation to sell defaults like search or they wouldn't have had enough funding to continue.
How do we define "evil"? Let's say we can measure how much evil Putin does and put it on a scale:
|--------------------|
anti-user pro-user
Where on the scale is "failure"? Let's say Putin is on the P, and Hitler is on the H:
|----H-------P-------|
anti-user pro-user
Is Putin evil?
The sentiment I seem to see is that anything short of sainthood is evil.
The answer of course is that relativism is not a good way to judge people or organizations. Mozilla chooses to do a lot of shitty things. They should be criticized for that even if someone else is worse.
We have a lot of other comparison points between Putin and Hitler of national leaders who are not generally considered evil, so it's not accurate that the sentiment is that anything short of sainthood is evil.
Besides, people aren't using relativism here. Relativism is the idea that nothing is truly good or bad, it's all a matter of personal or cultural preferences. That would mean that people were saying that that Mozilla's behavior about X, Y, and Z isn't really bad. But that's not really the argument here. People are generally saying that despite engaging in the bad behaviors X,Y and Z, Mozilla is still in balance better than Google, and arguably still worthy of some level of support. To phrase it in terms of Aristotelian ethics: "For the lesser evil can be seen in comparison with the greater evil as a good, since this lesser evil is preferable to the greater one, and whatever preferable is good". You're unquestionably correct that Mozilla should be criticized, even harshly so. But you can criticize a company (or person, or party, or country) and still support them. Or if short of support, still prefer them to the available alternatives.
> Judging by all the hate Mozilla gets around here, it would be nice to at least see some credit given where it is due.
They get hate only for bad or useless things (like the famous "independent voices") but a lot of love for the actual work being done, especially Firefox Containers, enormous performance improvements etc. I'm using Firefox on a daily basis and just the Containers feature make it so much superior to Chrome.
> Judging by all the hate Mozilla gets around here, it would be nice to at least see some credit given where it is due.
Mozilla, the browser, is great.
Mozilla efforts, such as Rust, have been historically great.
Mozilla leadership is currently awful. They focus is on the wrong things - web VR and low-quality foundational AI models. Maybe because they think the web is at risk of disappearing outright. But the true enemy is Google, and they're currently its well-behaved prisoner.
Mozilla can't bite the hand that feeds it, but someone needs to point the FTC, Congress, and the EU at Google. Everything they do, buy, and work on is to point an overwhelming majority of internet users at its ad products. Chrome, Search, Android, YouTube, Apple default search engine deal, etc. Google has become inescapable. And that's rather anti-competitive if you're trying to advertise your business or selling ad tech.
Nevermind that the web commons and standards are constantly in Google's blast radius for funneling everyone into their gaping maw.
I can't see how Mozilla could possibly right the ship with their current CEO. If they get rid of her maybe things could improve. Until then, I'd bet on Microsoft/Apple before I bet on Mozilla when it comes to protecting the web.
1. Under her leadership Mozilla has lost virtually all of its users. It has been reduced to less than 10% of what it had before, maybe worse - I haven't kept up.
2. At the beginning of Covid, a time when remote work was on the rise and tech valuations were through the roof, a time when the browser was more important than ever, she took her largest payout and fired hundreds of employees. She was compensated at over $5M dollars, enough money to pay a team of engineers for years.
3. Firefox has utterly failed to capture Enterprise market, where Chrome has managed to dominate. I doubt most people are even aware that a corp managed Firefox is an option, they have done such a poor job marketing it.
4. Every initiative Mozilla has come out with has completely failed to gain traction. Something like a VPN could have been a great fit for Mozilla but they did nothing with it. Mozilla has been incapable, organizationally, of capitalizing on technology - the thing they're kinda supposed to do exclusively.
She has failed in every conceivable way as a CEO. She has failed in terms of the mission, she has failed her employees, she has failed her users, she has failed to be an example as a leader.
Mozilla, as it exists today, is a convenient project for Chrome to point to and say "look, there's competition" - perhaps the only reason why Google continues to fund Mozilla.
Microsoft and Apple are at least competently run and have incentives to push to reduce Chrome's power.
Well, Pocket Premium got a lot of criticism for going completely against user sentiment, and the small matter of a lot of heavily lawyered weasel wording statements to very strongly imply that no money was exchanged when in fact quite a lot of money was exchanged to make it happen.
TBH it's a really good point. Any time Mozilla has tried to appeal to users in a way that would actually be profitable their users have lost their minds over it.
The issue is that donating money to Mozilla does nothing for Firefox; Personally I use Firefox on everything (home, work, phone); Firefox is the browser for my family too - much the same (Firefox on everything, phones included).
If I could/had to pay/donate for it - I'd gladly do, but it's virtually impossible.
AFAIK income from particular Mozilla products isn't earmarked for spending on specifically those products, so buying non-Firefox products can provide income that can be used to fund Firefox development.
That said, I think income from Firefox's default search engine pretty much dwarfs any income that could potentially be gained from donations/buy-to-support.
As far as I know, the Mozilla Corporation is owned by the Mozilla Foundation, which is a non-profit with the mission to make the internet a better place, or something along those lines. So shouldn't we look at the boards of things like the Wikimedia Foundation or the Internet Archive instead of bay area CEOs for comparison?
It's also not a particularly good look when your own salary keeps rising while you're laying people off and market share keeps plummeting (in my neck of the woods, Firefox actually used to be dominant at 60%+)...
That said, I haven't looked at this in any kind of detail, and all I know of Baker is what her Wikipedia article tells me, which includes writing the Mozilla Public License, managing mozilla.org on a volunteer basis for a while and being instrumental in the creation of the Mozilla Foundation.
I wouldn't classify any of those salaries as exorbitantly large. Hell, I'm fairly certain at least some people shitting on them here earn more than that working at a for-profit.
She completely and utterly failed at her duties as the organization's leader. That over inflated compensation package that's seemingly inversely-correlated with firefox's userbase and the number of technical roles at Mozilla is most certainly not "earned".
I'd personally call it embezzlement or misappropriation of funds, but that's just me.
Haven’t heard about that, but even Safari is kicking their ass on desktop market share. I just visited the Firefox download page. It looks like shit. Something’s not going right over there.
Or it's that she's taking Mozilla down paths that lead to Chrome dominance in the future, while getting paid a hefty sum that would be better spent funding Firefox development.
Google is set to go on trial in 2024 with the FTC. We'll see how that goes. I don't have high hopes, primarily due to how difficult it is to expect larger reach by adhering to past laws that are quite lenient. At most I can see AdX being negatively affected, but that wouldn't result in the substantial change most want here and would just allow another like Apple to step in and repeat what Google has done.
From what I understand, the arguments about self-preferencing kind of always get thrown out due to a more strict interpretation of the law. Did with Apple, and with Facebook when they were acquiring Instagram and Whatsapp.
Ya. All I want is to throw moneydollars at the fucking browser, not at whatever feel-good initiative of the month the Mozilla Foundation is coming up with. I don't understand the problem.
The list you linked includes things like: web access for bluetooth, MIDI, and USB devices. These are very fringe use cases that quite frankly shouldn't be accessible from a random website.
The rest of these sound like extra bits of fingerprintable entropy here and there. Like, in no way will a website knowing how much RAM I have will improve my experience, but it'll help add a few bits of data to my web advertising fingerprints. Magnetometers and battery status would absolutely be fingerprintable; individual device characteristics would be unavoidably measurable.
The page you linked to actually lists all this out, and that should be enough to convince you that these standards shouldn't be implemented.
The end result is that DRM and banking sites will just tell you to use chrome to continue. And users will keep migrating to chrome until Mozilla is forced to implement it.
I dunno about banking sites, currently they seem to be some of the worst out there in terms of caring about modern security techniques. eg SMS 2FA at best, terrible password handling etc. They don't move very fast at all.
It feels weird that I'm now grateful for how crap they are.
Since this is currently being built on Play Integrity API, and banking _apps_ are some of the most prominent users of it, I'm sure banking sites will follow if possible.
For example it is currently the reality in EU, that in order to use any of the native banking apps, a user has no choice but to expose themselves to privacy violations by either Google or Apple, i.e. US companies.
So far I haven't encountered ans issues with banking apps using MicroG in Germany. Could be our banking apps are even more backward though. Also given PSD2 there is always the option of someone developing 3rd party banking apps.
> Also given PSD2 there is always the option of someone developing 3rd party banking apps.
1. From what I've seen, the PSD2 APIs haven't really been created with end users in mind – there are non-trivial accreditation requirements on people/entities wishing to make use of those APIs, the expectation being that only professional middlemen will dally with those APIs.
2. The PSD2 APIs don't necessarily cover the full functionality of a bank's online banking functionality.
3. While you can probably still get quite far with "just" the ability to query the current account data and recent transactions, as well as being able to initiate payments, this doesn't sidestep the bank's authorisation requirements – meaning that unless you can use a hardware TAN generator or something like that, you're still dependent on the bank's app for payment and account access authorisation.
I have heard podcast with lead dev of local bank app talking about how they wish PWAs would be possible. Because right now they have to secure and audit web, ios, android. Instead having one platform would be easier and probably more secure.
Maybe web is the right platform for these. But of course Google will use this to close things down.
Banking apps seem to be the main users of root detection on android. One prominent bank in Australia doesn’t have a web UI at all and only allows access via app. And I suspect it’s partially for security reasons.
The average person is very likely to have malware on their computer, but not on their phone.
Funny story: I had to root my phone to get the Fidelity app to work.
I installed lineageOS, which is passes the Google SafetyNet check out-of-the-box. So most things just work, including my local Credit Union's app.
But lineageOS fails the CTS profile check on my phone. Fidelity checks this after you log in and shows a "For security reasons your account has been blocked..." message.
So I had to root the phone to install a CTS profile fixer, and then more hacks to hide the fact it was rooted.
After that Fidelity worked, but requested root permission every time I launched it until I figured out how to permanently disable that.
I have 4 banking apps and about 8 government apps in my phone. All of them require device attestation. I have no doubt they will use the Web Integrity API as well.
The apps of the banks often generates an OTP or intercept a push notification, ask for fingerprint and send an authorization response back to the server. I go through that with each of my banks every time I login or make some money transfer.
I got codes via SMS when I installed those apps and I had to prove that I owned the phone number I was associating with the app.
> The end result is that DRM and banking sites will just tell you to use chrome to continue.
IMO much bigger issue is that significant amount of non-banking sites that are now trying to shame user with "disable adblocker to continue" messages (easily bypassed) will start requiring this. Or Twitter/Reddit/etc., in the name of "fighting bots" of course, nothing to do with ensuring you are watching their ads...
But this is exactly the problem. If Chrome had only 25% market share they wouldn't feel that they could force users to use Chrome. But if Chrome and Safari make up 80% of the browser market they feel like they can.
The solution is diversity and using browsers that respect users. Chrome only has the power to push this API because they own most of the market.
Chromeium based browsers have more like 95% of the market share. Look in this thread; every little thing Mozilla does is treated like the end of the world and a severe breach of trust. Google literally says "Everyone should implement this brand new proposal that makes being truly anonymous on the web impossible" and it's fucking crickets in their usage numbers.
Personally because my bank app also doubles as the authentication token generator that’s paired with Face ID on my phone. So even if I were to use the mobile site I’d need to open the app at some point to authorize any operation. At that point I might just use the app directly and make my life easier.
...and a teller won't/can't do anything about it and this will change nothing. Maybe leave your keyboard for a second and understand how the world actually works.
Unless you have billions at a bank, I don't see why any bank would even consider changing how their website works because of a single customer. And, well, real billionaires probably don't care about not being able to use a website on Firefox.
A single customer might not have any effect, but if many of them do the same, it could. Don't give up just because your individual contribution is negligible.
Half the banks in my country don’t even have a physical location. And the ones that do are just staffed with low paid service workers who neither care, nor have the ability to do anything about your complaint.
My bank calls me once every few months, if everything is ok, and if there are is something that is bothering me and could be improved, or if they can help with something. At first I thought it is some marketing program and some manager has to achieve some KPIs, but surprisingly, they did listen to suggestions (it took time, but they eventually did).
I had to interact with several bank customer support departments and I'm surprised by experience you described. Are you a $$$-business customer or something?
Business account is in different bank, and the communication there was much harder (obviously by someone not trained in communication and having to talk to me as unplanned part of their job). The fees are lower, though.
So it doesn't seem to be by the amount of $$$ on the account.
especially those of us invested in the safety and security (collectively, trust) of the web.
Note that "safety and security" has become an abhorrent phrase among many of us because it evokes the "authoritarian dystopia" that Google et.al. are creating --- we're more concerned about freedom and interoperability.
What you're saying is all true, but speaking strictly, the security of the web as a whole is endangered if proposals give entities the tools they need to chip away at that freedom and interoperability bit by bit.
That was the intention behind my choice of words — representing the whole web, not just components of it or companies operating on it.
One option is for sysadmins and IT shops serving SMBs to preinstall Firefox on workstations. That way users get used to the browser and might use it privately as well. Bonus: Preinstall uBlock Origin.
That will only happen when people can't do the things they normally could anymore on the browser. I was/am expecting it to happen with manifest v3, as I understood it it would break userscripts and make adblocking a pain, so far it hasn't happened so I still haven't bothered switching off Chrome.
Assuming this gets implemented, users might start being unable to access certain websites or services because their identity is deemed "insufficient", which would move them to use a different browser that does not have this.
My understanding was that manifest v3 implementation was delayed so I'd be surprised if it broken anything yet. It looked to me like the standard blow back management move where they see opposite boiling up so they announce a "delay" and try to sneak it in later when the heat has died down.
As far as I know, disabling it in chromium can be as simple as commenting out the last line that returns the verdict. It'll need more work if you don't want to send data to random "trusted" parties, but brave is already doing that stuff anyway.
I don't see why it would be that difficult. The issue here is with websites that want to mandate it.
Just so you know, barely anyone in the real world uses Chromium, and compiling Chromium takes hours (I have done that many times). So that's not an argument. Also, if this is ever becomes a standard or a de-facto standard, it probably will be implemented as a proprietary feature, in the same way as Widevine or more closely SafetyNet -- if anyone can easily get around this, there is no point of doing it.
If the web integrity and standards depend on coherency and transparency your post does nothing but to miss inform those who know little about the subject.
I haven't seen anything yet on whether Brave will support it, though if I'm understanding correctly, they won't have a choice since they're using Chromium. Hopefully I'm misinformed.