I’ve long been warning about the dangers of relying on just one browser as the bullwark against the onslaught of Chrome, Chrome skins, and Safari. With Firefox’ user numbers rapidly declining, now stuck at a mere 2% or so – and even less on mobile – and regulatory pressure possibly ending the Google-Mozilla deal with makes up roughly 80% of Mozilla’s income, I’ve been warning that Mozilla will most likely have to start making Firefox worse to gain more temporary revenue. As the situation possibly grows even more dire, Firefox for Linux would be the first on the chopping block.
I’ve received quite a bit of backlash over expressing these worries, but over the course of the last year or so we’ve been seeing my fears slowly become reality before our very eyes, culminating in Mozilla recently acquiring an online advertising analytics company. Over the last few days, things have become even worse: with the release of Firefox 128, the enshitification of Firefox has now well and truly begun.
Less than a month after acquiring the AdTech company Anonym, Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This “Privacy-Preserving Attribution” (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.
↫ Jonah Aragon
If you have already upgraded to Firefox 128, you have automatically been opted into using this new API, and for now, you can still opt-out by going to Settings > Privacy & Security > Website Advertising Preferences, and remove the checkmark “Allow websites to perform privacy-preserving ad measurement”. You were opted in without your consent, without any widespread announcement, and if it wasn’t for so many Firefox users being on edge about Mozilla’s recent behaviour, it might not have been snuffed out this quickly.
Over on GitHub, there’s a more in-depth description of this new API, and the first few words are something you never want to hear from an organisation that claims to fight tracking and protect your privacy: “Mozilla is working with Meta”. I’m not surprised by this at all – like I, perhaps gleefully, pointed out, I’ve been warning about this eventuality for a long time – but I’ve noted that on the wider internet, a lot of people were very much unpleasently surprised, feeling almost betrayed by this, the latest in a series of dubious moves by Mozilla.
It’s not even just the fact they’re “working with Meta”, which is entirely disqualifying in and of itself, but also the fact there’s zero transparency or accountability about this new API towards Firefox’ users. Sure, we’re all technologically inclined and follow technology news closely, but the vast majority of people don’t, and there’s bound to be countless people who perhaps only recently moved to Firefox from Chrome for privacy reasons, only to be stabbed in the back by Mozilla partnering up with Facebook, of all companies, if they even find out about this at all. It’s right out of Facebook’s playbook to secretly experiment on users.
This is what I wrote a year ago:
I’m genuinely worried about the state of browsers on Linux, and the future of Firefox on Linux in particular. I think it’s highly irresponsible of the various prominent players in the desktop Linux community, from GNOME to KDE, from Ubuntu to Fedora, to seemingly have absolutely zero contingency plans for when Firefox enshittifies or dies, despite everything we know about the current state of the browser market, the state of Mozilla’s finances, and the future prospects of both.
Desktop Linux has a Firefox problem, but nobody seems willing to acknowledge it.
↫ Thom Holwerda
It seems my warnings are turning into reality one by one, and if, at this point, you’re still not worried about where you’re going to go after Firefox starts integrating even more Facebook technologies or Firefox for Linux gets ever more resources pulled away from it until it eventually gets cancelled, you’re blind.
That’s extremely disturbing and disheartening. If Firefox becomes tainted, I think Webkit (KHTML, the one used in Safari) may be the last best alternative for modern browsing… unless I’m missing someone there.
And who to use this technology and develop it as a web browser? For free? More or less impossible, too much work involved. Remember companies like Google are spending billions and Firefox hundreds of millions. For people the use their web browser “for free”.
i hope ladybird does what mozilla don’t.. ‘working with meta’ equals ‘working against humanity’
I mean, realistically, on what merits can one compete. Firefox was free and not lacking in any meaningful way, compared to the competition. Then Chrome came and people just went with it. Small portion of us, not migrating to Chrome now being angry at Firefox and wouldn’t touch Brave with a stick. Ladybird AFAIK won’t get any news coverage on this site due to AFAIK not accepting a toxic “gender-neutral pronouns ” pull request. I mean we are fucked and we pretty much can’t do anything about it.
??? well… now I get the reason why the link to https://www.osnews.com/story/140120/ladybird-browser-goes-serious-github-billionaire-co-founder-now-involved/ is giving 404… I thought there was some reason when I realized that the post spent less than 48 hours on the site before being deleted, but I didn’t imagine it was an ideological boycott.
…what?
What is the link?
>> …what?
>> What is the link?
https://github.com/SerenityOS/serenity/pull/24647
Pale Moon has received a lot of development work the last 3 years and is the best of the independent browsers right now in my opinion. It seems to work well with over 99% of sites. It’s even got features like full jpegxl support that are missing in the big name browsers, and a fairly robust slate of up-to-date extensions.
It’s not “if” anymore. It is tainted already.
For now, if anyone want any degree of privacy, they must embrace a Chromium based browser or a poorly maintained Firefox fork.
The work on Ladybird began way too late, I’m afraid. We will need to accept this to be the state of affairs for two or three years until it’s ready. And pray that it will find a way to be sustainable without shenanigans like Mozilla Corportation is doing.
Mozilla got complacent and who wouldn’t?
Wasn’t Mozilla’s intent here to try to push the advertising industry away from invasive ads, towards something more controlled and privacy-friendly, with this setting being the first hopeful step? At least, that’s what I got from Mozilla’s blog post on this new feature.
That’s also what Brave said they would do, and look what we got instead: A privacy destroying, crypto entangled mess that not only isn’t safer and more private, it actively tracks and sells your information as much as Chrome does, if not more. Now Mozilla is headed down the same path.
I would say that someone with the skills, time, and motivation needs to fork either Firefox 127 or the last ESR to not include this mess and make a privacy focused browser, but the last few times that was tried it always ended badly (Palemoon, Waterfox, LibreFox).
they can say whatever they want, browsers should have nothing to do with ads aside from not hindering the ability to block them..
So, I do NOT condone this, and think it’s terrible and hope it gets removed (thanks Debian for being on 115 ESR still!), but we also need to figure out a way to get Mozilla sufficient non-burdened funding to keep going. Although the last few (more than a few?) years worth of apparently poor decisions and things that just don’t really seem like things they should be doing make me question if Mozilla should be the one, moving forward, to keep shepherding Firefox along.
But let’s be honest here: the money issue is real and _somehow_ we need to pay for this in a sustainable way that will help keep Firefox (whether Mozilla or otherwise!) developed with the ethics and goals that pretty much we all desire.
In theory, if a hundred thousand people all chip in $50-100 per year, there’d be a lot less financial pressure and potentially different motivation going on. I just wish there was a better way of doing that without going all AdWare or NagWare or ShareWare style. *sigh*
Anyone have any good ideas to motivate enough people to keep funding things like Firefox?
news like this actually motivates me to stop my regular contributions to them tbh..
bamdad,
That’s a fair point, but on the other hand contributions never provided enough to eliminate the google dependency. I don’t think anybody knows how to do that sustainably long term.
Drizzt321,
There are many of us on the same page. The inconvenient truth though is that advertising has pulled out ahead of other business models for generating revenue. Another option is charging enterprise customers, but even if they were willing to pay for browser tech, they’re also more likely to turn to google and microsoft for it
Unfortunately I do not 🙁
It comes down to money. If organisations/projects like Mozilla are to survive, they need to be able to pay developers. That is the bottom line.
Chrome and Safari have the benefit of organisations with revenue in the hundreds of billions bankrolling them. At the same time, Mozilla is dependent on the generosity of Google and its contributors to keep the lights on. It has gotten to point where there are certain pieces of software where the “community” cannot hope to keep up the development race any more as long as folks expect to receive the software for free.
mkone,
+1
Agree on everything. I wanted to add that mozilla have the additional burden of having to clear a higher bar than competitors. Every time mozilla has tried to formulate a revenue model which is independent from google, they are chastised for it by people threatening to leave mozilla for chrome. It seems like a double standard. Despite some of my disagreements with mozilla I still want them to survive because a browser monoculture is extremely dangerous for an open web. But I’m afraid mozilla are already on the brink of irrelevance. It seems like in the eyes of their remaining user base, all paths just lead to more criticism. Like an event horizon; I don’t see a way out.
Yes same here in agreement. However some of their projects to make money were really, really dumb. They would have been better investing the money into Firefox development. A 0.0001% percent chance of making trillions via creating a mobile OS that ends up replacing Android, is not better than improving the core product you make that people want to use. That’s been my complaint. If it were a truly good chance of making money that didn’t infringe on privacy, I’d be all for it.
Bill Shooter of Bul,
I think firefox OS would have had potential if it were around before the android/ios duopoly, but by the time it came around it was too late. Mozilla offers VPN services and I’m honestly not sure how well that’s working out to generate revenue. Anyone know? Mozilla deserve credit for rustlang, but even a highly regarded project like that costs money and can fail at having a business model.
Ultimately you have a valid point, mozilla want to run themselves like a tech giant with lots of projects. Companies like microsoft, apple, google, etc can do this because they have so much money that even total flops don’t really matter to them financially. Flops are a disappointment but at the end of the day the companies just lean on their cash cows dancing all the way to the bank.
https://www.theverge.com/2024/3/3/24085995/apple-car-project-titan-timeline-driverless-ev-doomed
But for mozilla, given their economic reality, it does come across as irresponsible. What should they do to support themselves though? It’s easy to criticize but hard to come up with an actual solution.
I’ve made this argument a few times.
We seem to have this perverse idea that $500m a year is somehow “not enough” . Because we value IT companies in the billions these days.
But i think we are having this whole debate from the wrong perspective. Mozilla are pulling in enough in a single year to keep it’s entire development team funded for 50+ years. If they dump everything outside that, the money is there to develop a browser and email client. The cost of buying this ad biz alone would have funded the current Dev team for years and years Im sure. Ladybird has kicked off their project with a “mere” $1m and their (paid) team is currently planned to be half the size of Mozilla’s browser Dev team
Adurbe,
The problem is that money is only available riding google’s coattails, but if they break their google dependency, that’s the problem. I believe google’s money is counted under “Royalties” in their financial reports. Without that they loose 5/6 of their income, leaving about $100M…
https://assets.mozilla.net/annualreport/2022/mozilla-fdn-2022-fs-final-0908.pdf
Of course it’s well known that corporate executives are overpaid, I don’t dispute this for mozilla, but even if mozilla hypothetically eliminated 100% of the general administration costs, which is $109M, without google they still wouldn’t have close to enough to pay current expenses & staff.
The statement shows $221M for software development costs. Maybe you can make the case that mozilla have to cut out most of the programs and staff that that they have. At the end of the day I guess that’s the main dilemma. Is it better to have unpopular revenue sources but be able to keep projects going and workers employed? Or is it better to throw in the towel on generating new revenue, kill off side projects and lay off most of the staff? I imagine that you’d prefer the later. but something tells me that not many people within mozilla would want that.
So, where do we go? With the exception of the Apple-exclusive Safari, every other browser out there is Chromium with a different hat and maybe some third-party additions tacked on, which means core design elements of Chrome like Manifest V3 come as standard.
For now, I opted out of this new “privacy-preserving ad measurement” thing and continued using Firefox.
It’s not just Desktop Linux btw, Windows has the same issue, since Edge is now Chromium with a different hat (big mistake by Microsoft btw, for several reasons).
Also, you have to admire Google’s strategy: They let everyone get comfortable with Chromium and abandon their own browser codebases, and once they had everyone in the fold (including Microsoft)… rugpull time!!! Manifest V3 and the deprecation and removal of Manifest V2 is the rugpull, since it’s a core design element of Chromium that you can’t simply comment out, major re-architecting of the codebase would be required.
Only Firefox remains as a cross-platform browser, which is kept in suspended animation by Google and they can pull the plug anytime they want.
And that’s how the ad giant defeats ad blockers, not by implementing some kind of crappy DRM that would be bypassed in days but by controlling every browser out there through the “benevolence” that is open-source Chromium.
kurkosdr,
Manifest v3 happening is bad enough, but I still think web DRM would be detrimental beyond anything we’ve seen. The natural escalation of DRM is kernel based rootkits, which can be quite effective. Obviously google would have the ability to lock down android considerably. But even on windows it could be effective with TPM, which is an ideal technology for hardware assisted DRM. I am very glad google’s efforts to promote this failed initially, but they might yet take a page from microsoft’s playbook backing off temporarily to appease the current news cycle before quietly trying again after media interest has died down. I pray this never happens. It’d mark the end of the open internet as we know it.
Google doesn’t have the power Hollywood has (Hollywood studios own the vast majority of big-budget movies people want to watch), and they certainly didn’t have it back in 2008. There were (and still are) competing services to Google’s services, and YouTube wasn’t the big content provider it is now back then.
So, instead of Google inventing something silly and doomed to failure like Microsoft Silverlight (which does DRM btw) and making it a requirement for using Google services, they created their own browser with the mission of reducing every other browser to irrelevance. Open-sourcing it in the form of Chromium (with the exception of the proprietary syncing bits, as to avoid direct competition) was also critical to the plan. Then once everyone had gotten comfortable with Chromium and had abandoned their own browser codebases, it was rugpull time (Manifest V3 and Manifest V2 removal).
This is what’s known as a “long con”. Much like Steam Deck is a “long con” to put Steam in a preferential position against GOG and other app stores such as Epic’s. Or Hashicorp’s “commitment” to open-source while keeping all the copyrights so they can rugpull later (as they did).
kurkosdr,
I think Google has more power over browsers than Hollywood ever did, but in any case google’s requirements for DRM in the browser are quite different than Hollywood’s. Hollywood needed DRM to be 100% effective. If even 0.1% of users managed to break DRM, that’s all that would be needed to leak the movie, which is what always happened. All it takes is one person with a hardware mod to copy the movie unencrypted. But google’s application of DRM on websites would actually be very different. They don’t need it to be 100% effective to be useful. Say 5% of users jailbreak their devices to block the ads, that’s still 95% of the user base who are watching the ads. It’s clear why web drm that enforces unaltered browser configurations would be a big win for google and advertisers in general.
That’s how it is now, but it wasn’t so in 2008. Google Chrome (and Chromium) was the tool that brought them to their current position of power over browsers.
And it was all done with “benevolence”, not force. And that’s what makes it a very good strategy.
kurkosdr,
That’s all well and good but what I am not understanding is why this is a rebuttal to the point that DRM would benefit google? Obviously they were planning on doing it before the public outcry. They may still want to do it, but they have to find a way of “selling” it to the public or somehow gradually slipping it in unnoticed.
I don’t think that’s a valid comparison, one because it’s hardware and not a web browser, and two because where is the con? It’s an x86 compatible portable gaming device, you can use it as-is with SteamOS or you can install your own Linux or even Windows on it if you wish. You can also install games from other sources, there is absolutely no lockdown at all. I have GOG games running fine on my Steam Deck via GOG’s Linux install files, along with some Windows-only titles via Wine which of course is built into the Steam Deck and works better than it does on my Void Linux workstation. Yes, Steam is more tightly integrated on the Deck, but complaining about that is like complaining that macOS works better on Apple hardware.
I’m leaving it switched on to help Firefox out.
Theoretically this can be fixed as long as the browser engine is open source.
Blink, Webkit, Gecko and Goanna are open source.
Ladybird and Servo are also open source and could become contenders in the future. I really hope Ladybird can become the fourth engine.
As a backup, Netsurf and Dillo are also open source, but they are just bobbing up and down on the sea without any direction will to compete.
I would be surprised if Ladybird ends up making anything useful, their are sooooo many web standards, etc.
it’s worth noting that it might not necessarily be a bad thing. Everybody is knee-jerking at this news, maybe it’s time to sit back and do some reading first and then decide whether it’s bad or not.
Personally, i am still on the fence regarding this issue.
“The solution starts by decoupling metric collection from ad networks, and instead only providing them with noisy aggregates metrics that still allow them and their customers to measure the success of a campaign in a relatively accurate way, without compromising the privacy of each individual.”
“Ad networks and other AdTech providers can then request aggregate reports from the DAP provider. Reports are anonymized by using differential privacy, and other measures (including some cryptographic schemes to protect individual reports). At no point is a collector able to see or interact with individual conversion reports, which ensures that you are not individually tracked.”
Can it be exploited in hundreds of ways? Probably. Is it as bad as we all make it to be? Maybe not.
All i am suggesting is to go through the code and proposal and maybe then start forming opinions.
This is a decent summary of how this works and what it’s likely intended to accomplish.
https://andrewmoore.ca/blog/post/mozilla-ppa/
I agree. They desperately need money to stay afloat and it looks like they have found a way to get money from the advertising space with out collecting and transmitting any identifying data. This could be considered a serious attempt to harness some of the available capital out there without compromising their stance on privacy.
I think people are mostly worried this will just be the first step. Regardless if this actually is a technical sound solution.
That said: I’m glad people are pointing it out.
For the record Thom, Its been pretty obvious Mozilla was mostly screwed the moment Chrome started existing. Its just a question of time and regulators appetite for taking on anti competitive behavior.
Regulators are always very late to the table.
A company for example first needs to become a monopoly before a regular can take any actions and only then when they actually did something wrong.
Lennie,
While antitrust laws have rarely been applied to non-monopolies, I don’t think there’s a legal requirement for a company to be a monopoly, the company just as to be dominant, which is subtly different. Also not that it’s enforced much, but it would go against antitrust laws to exploit a dominant position in one market to establish control over another market. Of course regulators are notoriously late to the table, even by decades. Some tech companies are clearly interfering with competition and being allowed to do so for so many years. Market interference can even become a tenant of their business model (ie apple blocking competitors). IMHO when it comes to antitrsut, justice delayed is justice denied.
I’m firmly with the Brave crowd for sometime now, but I do find this loss of web engine diversity disturbing.
Looking Firefox struggling is like watching the last breath of a pet that you lived with for 15 years.
The problem with moves like this, is that Firefox, from a normie perspective, loses more and more of the differentials that used to set it apart from Chrome. So the user is left with the following question: “Why use what is just a more incompatible Chrome?”
One day, one day….
https://www.osnews.com/story/236616/stop-using-firefox-browser-use-ladybird-instead/
Hmm… Tracking, or pronouns. Which one of these…
Hopefully the Servo Project can get up to speed quickly. It would be great to have a modern embeddable web engine that can be integrated into other projects and provide an alternative to Chromium, Chromium Embedded Framework (CEF), and Electron apps. If the Servo project is made correctly; then Firefox, GNOME Web (Epiphany), Qt/KDE apps, and other frameworks can help it progress and share in its development and maintenance. One of the things that went wrong with Gecko was its inability to be integrated easily into other software projects. Are there any plans for a Servo Embeddable Framework that would function similarly to CEF in the Chrome ecosystem?
It would be great to have the Proton Foundation release a web browser based on Servo to replace our reliance on Mozilla. I’m glad that Mozilla was around to release Firefox and bring down Internet Explorer’s grip on the web, but it feels more and more like they have no real plan to maintain their financial viability in the long term.
See https://michael.kjorling.se/blog/2024/disabling-privacy-preserving-ad-measurement-in-firefox-128/ for ways to disable it before letting the update through so that your saved session(s) don’t have to experience it even once.
TL;DR: You can add user_pref(“dom.private-attribution.submission.enabled”, false);
to your user.js
Note for those, using LibreWolf (which by definition should be privacy-oriented fork of Firefox for desktop):
– in version 128 the UI setting is missing
– in about:config you can see that dom.private-attribution.submission.enabled=true, so you have to set it manually to false
The Android versions of Mull, Fennec et al are still at version 127, so cannot check the status there.
Well, lads. It was fun while it lasted. Firefox is now uninstalled from home and work machines. Currently using Vivaldi, and waiting for DDG to be ready to be my daily. Are these two browsers safe from poaching executives with raging ad-boners? I don’t even know anymore (but probably not).
Where do we go from here? We need stable computers and secure access to the internet, for pretty much everything at work and at home. Windows is a steaming pile of anti-privacy crap, Linux package systems are a bloated and confusing mess and hardware support is still severly lacking, Apple is Apple and Chromebooks are the devils own all-in-one stop-shop for tracking. OpenBSD is great, but still relies on browsers in the userspace. And it certainly isn’t user friendly or ready for the family computer.
I just can’t keep up anymore, and most people, while annoyed, don’t care enough to do anything about it. And I totally understand why.
What a delightfully digital dystopian time to be alive.
I mean: I told you so
Applies to a bunch of people, including me, but how do we get the general public to accept it ? If we can’t even get the power users and IT people to do the same ?
Chrome is clearly a better browser than IE 5+ was, that was a time when a new browser could make inroads (Mozilla Firefox), now it’s much harder to convince people to switch.