36 votes

Temporary fix for the Firefox extension bug

70 comments

  1. [56]
    joelthelion Link
    Congrats to the Firefox team for fixing this so quickly. With a fix in less than a day, I don't think this will be so bad for Firefox.

    Congrats to the Firefox team for fixing this so quickly. With a fix in less than a day, I don't think this will be so bad for Firefox.

    19 votes
    1. [54]
      emdash Link Parent
      Yup. Mozilla made a mistake out of ineptness. It’s not the end of the world and you can be damn sure this won’t happen again. For the people who felt so insulted and outraged that they decided...

      Yup. Mozilla made a mistake out of ineptness. It’s not the end of the world and you can be damn sure this won’t happen again.

      For the people who felt so insulted and outraged that they decided they had enough and permanently switched to Chrome, I don’t really know what to say.

      23 votes
      1. [48]
        Deimos (edited ) Link Parent
        This is something that honestly distresses me about the current state of the internet. There are just so many people that are constantly so eager to get outraged about something, but to what...

        This is something that honestly distresses me about the current state of the internet. There are just so many people that are constantly so eager to get outraged about something, but to what purpose?

        People on Twitter were outraged that the official Firefox Twitter account took so long to acknowledge the issue, and then after it did, they were outraged that the tweet seemed too "casual" about it. It used an exclamation mark!

        People on Reddit were outraged that the bugzilla bug and github issue had both been locked, and they couldn't use them to post directly at the Firefox devs about how they were also being affected by it, and how ridiculous the whole thing was. They know you're affected, everyone's affected. It's not helpful to have thousands of confirmations that "everyone" does, in fact, include everyone.

        People on HN were outraged that the "Priority" field on the bugzilla bug wasn't set to the highest ("P1") priority for a while. There were already multiple confirmations that Mozilla was pretty much all-hands-on-deck figuring out how to fix it, but the priority field didn't reflect that! What the fuck are these amateurs doing?!

        People wrote multi-thousand-word "Dear Mozilla" posts, multi-thousand-word "I knew this would happen someday" posts, multi-thousand-word "my trust has been destroyed forever" posts. If you managed to gather everything together somehow, I'm sure that tens of millions of words were written about this (and are still being written). People spent hours looking at all the different outrage posts, upvoting the outrage comments, retweeting the outrage tweets.

        But, in the end, what actually happened? Firefox's extensions didn't work for a few hours. I'm not saying that's inconsequential, it's obviously a pretty significant screw-up, but there were multiple workarounds available that took a few minutes to apply if you really needed your extensions urgently. Absolute worst case, you could just use a different browser in the meantime. I didn't have anything pressing to do on the internet last night, so I closed my browser, played games for a while, and read a book for a while. It was fixed (not fully, but enough) before I woke up this morning.

        A month from now, I bet that if you were sitting down with any of those people that spent hours being outraged about this and asked them what significant events happened with them lately, none of them would even think of bringing up "that time Firefox extensions stopped working for a few hours". They'll have totally forgotten about it, because it didn't really matter very much.

        I don't know. I don't really have a specific point I'm trying to make. I just think the current online culture is messed up, but I don't really know what anyone can do about it.

        64 votes
        1. [44]
          cadadr Link Parent
          The ungratefulness is crazy. There are idiots over HN that write that Firefox has backdoors, calling it spyware and stuff (paraphrasing that last one, I read sth. like "all the spying Mozilla...

          The ungratefulness is crazy. There are idiots over HN that write that Firefox has backdoors, calling it spyware and stuff (paraphrasing that last one, I read sth. like "all the spying Mozilla did"). It is not Chrome, a proprietary package with an open source component. This is Firefox, everything is public, there are no backdoors in it. People go crazy that they can't get the "fix" now, and when they get it now, they don't like the how.

          I mean if this was so big a deal, we should commit suicide as an industry over the fact that up until late 2010s, the major desktop OS provided almost no security to the casual user, forcing them to buy or pirate anti-virus software and other sorts of digital homeopathy. That it was common practice that installers for mainstream software packages installed toolbars to your browser.

          Surely this whole thing made the guys over at Mozilla ask themselves why do they even bother when there are slews of people out there that can so ironically switch from Firefox to Chrome over blinking privacy concerns or public fuckups, when the latter was quite recently caught stealing your login to hideously enable Sync to Google, with no way to disable (IIRC).

          16 votes
          1. [2]
            ssgjrie Link Parent
            I wonder if that point of view was influenced by the Mr Robot stunt? They can install add-ons remotely and "abuse" that privilege... I mean, moving to Chrome because of what happened today is an...

            There are idiots over HN that write that Firefox has backdoors, calling it spyware and stuff

            I wonder if that point of view was influenced by the Mr Robot stunt? They can install add-ons remotely and "abuse" that privilege... I mean, moving to Chrome because of what happened today is an over reaction, but Mozilla isn't completely blameless here.

            6 votes
            1. cadadr Link Parent
              I did dislike and disapprove of that myself too. But going from Mozilla's shortcomings (management or technical) to blaming them malice is a big and unjustifiable jump. TBH todays HN is far...

              I did dislike and disapprove of that myself too. But going from Mozilla's shortcomings (management or technical) to blaming them malice is a big and unjustifiable jump.

              TBH todays HN is far different from HN a year and a half ago. The "HN's become reddit" false-cliche has come true. I don't believe this outrage would happen there if the place was still mostly comprised of entrepreneurs and people involved with serious software development, especially FOSS.

              12 votes
          2. [41]
            lionirdeadman Link Parent
            I think this article shows some of the things that people would call spyware : https://spyware.neocities.org/articles/firefox.html It's surely not as bad as Chrome but it's still a little...

            I think this article shows some of the things that people would call spyware :
            https://spyware.neocities.org/articles/firefox.html

            It's surely not as bad as Chrome but it's still a little unsettling how much data is going there.

            1. [38]
              Wes (edited ) Link Parent
              These arguments are all really bad. Firefox is just checking that you're not stuck on a captive portal (eg. hotel wifi). That isn't "spyware". Outbound requests simply won't work yet, and Firefox...

              These arguments are all really bad.

              Whenever you start Firefox, it makes this request
              In fact, it makes it every time you go to a website, and even a few times in a row for a single website. So Firefox "phones home" all the time, without your knowledge.

              Firefox is just checking that you're not stuck on a captive portal (eg. hotel wifi). That isn't "spyware". Outbound requests simply won't work yet, and Firefox needs to know that to function correctly.

              Automatic connections to some websites you've visited, including their trackers

              Preloading to speed up your browsing experience? Again, not "spyware".

              Firefox tracks users with Google Analytics

              Yes they do. But they also make it extremely clear that Firefox includes telemetry, and make it easy to opt in or out. When it's the first thing they show you when you first launch the product, I don't see how you can claim they're "spying".

              "Safe" Browsing?

              Downloads a routine list of malicious pages to warn you about. Not spyware. In fact this is significantly more privacy-centric than doing a check on the fly like they could have.

              Firefox Health Report

              Same thing as the GA issue above, isn't it? That's just stretching one argument into two.

              Anti-privacy search engines by default

              I'm sure they'll be happy to give up the only thing keeping them alive.

              Pocket - a privacy nightmare

              Oh my god they save the URLs that you store in Pocket, their URL-saving service.

              Automatic updates

              Ughhh.

              If the 90's website design didn't give it away, none of these arguments hold any water whatsoever.

              edit: Typo

              16 votes
              1. Diff Link Parent
                I'm guessing this one might actually be updating the thumbnail previews of the sites. Seems to fit the network traffic pattern he describes.

                Automatic connections to some websites you've visited, including their trackers

                I'm guessing this one might actually be updating the thumbnail previews of the sites. Seems to fit the network traffic pattern he describes.

                5 votes
              2. [36]
                lionirdeadman Link Parent
                I didn't make it but for the sake of argument, I'll respond with the best of my knowledge. Uh, yeah, the thing is.. IceCat or un-google chromium (which the author has tested also) actually don't...

                These arguments are all really bad.

                I didn't make it but for the sake of argument, I'll respond with the best of my knowledge.

                Firefox is just checking that you're not stuck on a captive portal (eg. hotel wifi). That isn't "spyware". Outbound requests simply won't work yet, and Firefox needs to know that to function correctly.

                Uh, yeah, the thing is.. IceCat or un-google chromium (which the author has tested also) actually don't need to do this (and potentially a ton more browsers). Even assuming best intentions, is it possible there's a way which doesn't require phoning home?

                Yes they do. But they also make it extremely clear that Firefox includes telemetry, and make it easy to opt in or out. When it's the first thing they show you when you first the product, I don't see how you can claim they're "spying".

                Yeah except it's not the first thing you see at all and have to go at the bottom of the settings page to disable it if you even know about it. Also, from what I know, that particular "telemetry" is not able to be disable since it's hard-linked.

                Same thing as the GA issue above, isn't it? That's just stretching one argument into two.

                Yeah except it's well, a different service which provides different information.

                If the 90's website design didn't give it away, none of these arguments hold any water whatsoever.

                They do in the context where you want to reduce your digital footprint as much as possible, some people will consider this a violation of their privacy since they never wanted or have been asked about it.

                1 vote
                1. [33]
                  Diff Link Parent
                  You don't have to phone home but you do have to phone somewhere. On top of that, that "somewhere" needs to be very easily recognizable apart from whatever captive login page. Easiest way to do...

                  Uh, yeah, the thing is.. IceCat or un-google chromium (which the author has tested also) actually don't need to do this (and potentially a ton more browsers). Even assuming best intentions, is it possible there's a way which doesn't require phoning home?

                  You don't have to phone home but you do have to phone somewhere. On top of that, that "somewhere" needs to be very easily recognizable apart from whatever captive login page. Easiest way to do that is hosting a tiny little text file that literally just says "success." If you receive anything else, you know you're being held captive.

                  You could check a third party site, but now you're depending on and phoning to a 3rd party that might be less privacy-friendly. And they might change their page, breaking things or at the very least making it harder to tell if you're actually captive. Current solution is the simplest, most effective way to my knowledge.

                  Yeah except it's not the first thing you see at all and have to go at the bottom of the settings page to disable it if you even know about it. Also, from what I know, that particular "telemetry" is not able to be disable since it's hard-linked.

                  Nope. On the first start of Firefox (or the start of a new profile) a little banner pops up informing you of what's going on, with a button that takes you directly to the setting to disable it. Opt-out instead of the ideal opt-in, but since the majority don't care, they'd never get any feedback. The few of us who care are immediately presented with the choice. Not ideal, but it's the best of a bad situation.

                  6 votes
                  1. [32]
                    lionirdeadman Link Parent
                    Those two browsers don't phone anywhere, that's the thing. (Although that's not what Wes said) A little banner is the equivalent of a cookie banner, no one will go through and do anything about...

                    You don't have to phone home but you do have to phone somewhere.

                    Those two browsers don't phone anywhere, that's the thing.

                    On the first start of Firefox (or the start of a new profile) a little banner pops up informing you of what's going on,

                    (Although that's not what Wes said) A little banner is the equivalent of a cookie banner, no one will go through and do anything about it, c'mon now. We all know this. It's probably the most annoying behaviour on the web and anyone who's used the web for a certain amount of time will start closing them without reading them simply out of habit.

                    2 votes
                    1. [31]
                      Diff Link Parent
                      They have to. There's no other way to check for a captive portal. I just browsed through the source code, and grepped for the captive detector, and AFAICT it phones to the URL indicated in...

                      Those two browsers don't phone anywhere, that's the thing.

                      They have to. There's no other way to check for a captive portal.

                      I just browsed through the source code, and grepped for the captive detector, and AFAICT it phones to the URL indicated in captivedetect.canonicalURL and compares its contents to captivedetect.canonicalContent. If either is unset, the feature breaks and it logs an error. I couldn't tell by grepping the source what the actual default URL is, but I do see the vanilla pref("captivedetect.canonicalURL", "http://detectportal.firefox.com/success.txt"); in here among a few others setting it to blank.

                      Installed Icecat, checked about:config, looks like the blanks win out. By default, Icecat does not have this feature. This is good for an intensely privacy-focused browser, but is a bad default for the masses.

                      (Although that's not what Wes said)

                      I'll defer to Wes there then, it's been a few weeks since I've seen it firsthand. Still hold it's the best of a bad situation. They need the data, and they're very upfront about it.

                      6 votes
                      1. Wes Link Parent
                        It could simply be a matter of different behaviour on different platforms, in different regions, or across different versions. As I said I remembered it being a modal (>1 year ago), so they may be...

                        I'll defer to Wes there then

                        It could simply be a matter of different behaviour on different platforms, in different regions, or across different versions. As I said I remembered it being a modal (>1 year ago), so they may be trying different things.

                        The important part though is that they are informing users.

                        3 votes
                      2. [29]
                        lionirdeadman Link Parent
                        I see.. That makes sense. All the telemetry is unneeded, it might wanted to find bugs but I personally think manual (by default possibly) instead of automatic bug reporting is much better since it...

                        They have to. There's no other way to check for a captive portal. [...] Installed Icecat, checked about:config, looks like the blanks win out. By default, Icecat does not have this feature. This is good for an intensely privacy-focused browser, but is a bad default for the masses.

                        I see.. That makes sense.

                        They need the data, and they're very upfront about it.

                        All the telemetry is unneeded, it might wanted to find bugs but I personally think manual (by default possibly) instead of automatic bug reporting is much better since it asks for the consent every time so you can take in how much data that really means.

                        As for the health reporting, I really think it's unneeded and kind of creepy.

                        1 vote
                        1. [6]
                          Diff (edited ) Link Parent
                          Eh. Agree to disagree. People don't submit bug reports. Over the years they've been conditioned to just slap the Cancel/Go Away button on any of those "Windows has encountered a problem!"-type...

                          All the telemetry is unneeded, it might wanted to find bugs but I personally think manual (by default possibly) instead of automatic bug reporting is much better since it asks for the consent every time so you can take in how much data that really means.

                          Eh. Agree to disagree. People don't submit bug reports. Over the years they've been conditioned to just slap the Cancel/Go Away button on any of those "Windows has encountered a problem!"-type dialogs because "It's not like it changes anything anyway." This gives them a chance to get actual useful info on how their product is being used without bothering anyone. And if it does bother anyone, they are extremely upfront and tell you how to disable it immediately.

                          Just because you might not collect a certain bit of info for your projects doesn't mean it isn't useful for a massive organization needing to direct its efforts. For example I tend to have hundreds of tabs open on every single device, laptop, desktop, phone. This makes my browser start up a little slow, so if my usage becomes more common Mozilla might focus on optimizing that case so more people have a speedy, positive experience. I don't see anything wrong with that as long as its all consensual.

                          There's also a slow memory leak somewhere. I'm fairly certain it's not in Firefox itself, but an addon or possibly a website. As much as I've tried to track it down, I can't. But it doesn't show itself in a new profile, just my existing ones. FHR could tear the mask off this issue fairly easily (Hey look at that, all users of X addon are leaking memory), while it's been plaguing me for months.

                          10 votes
                          1. [3]
                            cadadr Link Parent
                            It looks like you're a power user so you might already know this, but there is about:memory where you can clean up memory and observe usage, and about:performance where you can see how much memory...

                            It looks like you're a power user so you might already know this, but there is about:memory where you can clean up memory and observe usage, and about:performance where you can see how much memory tabs & addons consume, and their energy impact; also hovering on rows shows a tooltip that has "dispatches since ..." info which I assume it is how many times it has done something or received an event. Maybe they help find the issue.

                            10 votes
                            1. [2]
                              Diff Link Parent
                              Holy crap thank you so much. I've tried so long to comb through about:memory but have never been able to find anything. And last time I was on about:performance it looked way different and was...

                              Holy crap thank you so much. I've tried so long to comb through about:memory but have never been able to find anything. And last time I was on about:performance it looked way different and was pretty much only useful for identifying big CPU usage. This new page is fantastic.

                              6 votes
                              1. cadadr Link Parent
                                Oh glad that was useful, no problem!

                                Oh glad that was useful, no problem!

                          2. [2]
                            lionirdeadman Link Parent
                            I will agree to disagree. Anyone who's ever been a git repository knows that a ton of people are willing to report issues. The thing is, there are tons of organizations which don't live off from...

                            People don't submit bug reports.

                            I will agree to disagree. Anyone who's ever been a git repository knows that a ton of people are willing to report issues.

                            Just because you might not collect a certain bit of info for your projects doesn't mean it isn't useful for a massive organization needing to direct its efforts.

                            The thing is, there are tons of organizations which don't live off from telemetry and I use their projects. It's really not that unheard of.

                            1 vote
                            1. Diff Link Parent
                              It's not unheard of or impossible to do without, it's just deeply helpful. You've got a massive project with a limited force, you need to know how to direct your efforts. Just handing out surveys...

                              It's not unheard of or impossible to do without, it's just deeply helpful. You've got a massive project with a limited force, you need to know how to direct your efforts. Just handing out surveys or the like leaves you with a crippling bias on everything. Being able to get automated, anonymized usage reports from everyone (except those who object to it, who are immediately informed of the situation) gives you a much clearer picture.

                              Again, in an ideal world, I'm with you. No telemetry at all, the browser does not require that to be able to browse the web. But in this case it's the best solution available IMO.

                              3 votes
                        2. [22]
                          cadadr Link Parent
                          That is all meaningless in this context because that does not mean it is spyware. It is a system they are open and up front about and can easily be disabled.

                          That is all meaningless in this context because that does not mean it is spyware. It is a system they are open and up front about and can easily be disabled.

                          6 votes
                          1. [21]
                            lionirdeadman Link Parent
                            That system reports about the user's activities in their program (and potentially outside of it), that program is spying whether or not the user is made aware of it in my books anyways.

                            That system reports about the user's activities in their program (and potentially outside of it), that program is spying whether or not the user is made aware of it in my books anyways.

                            1. [12]
                              dblohm7 Link Parent
                              I think you would be interested in looking at the actual data.

                              I think you would be interested in looking at the actual data.

                              6 votes
                              1. [11]
                                lionirdeadman Link Parent
                                That's a lot of data and it's not the whole picture because it's stripped down from what they actually receive, they most likely can log IPs and associate things with others on the server-side...

                                That's a lot of data and it's not the whole picture because it's stripped down from what they actually receive, they most likely can log IPs and associate things with others on the server-side which may or may not happen if we read their privacy policy. They won't show that close because it'd be meaningless to anyone who gets that but it could be used internally to analyze behaviour. I'm not here to say that Mozilla is evil because that'd be dumb but I think some of their behaviour I'd feel a lot better without.

                                1. [10]
                                  dblohm7 (edited ) Link Parent
                                  I work at Mozilla. I used to work on the Telemetry stack. Both ends are open source. We don't associate anything with IP addresses. EDIT: And here are some links to descriptors for every single...

                                  I work at Mozilla. I used to work on the Telemetry stack. Both ends are open source.

                                  We don't associate anything with IP addresses.

                                  EDIT: And here are some links to descriptors for every single telemetry probe in the product:
                                  Histograms Scalars

                                  Each ping also includes a header containing environment data.

                                  Full documentation generated from the in-source docs is available here.

                                  10 votes
                                  1. [2]
                                    anowlcalledjosh Link Parent
                                    Do you know if anyone has considered publicising these pages more widely? It seems like dropping a link to them next to the option to enable/disable telemetry might help to demonstrate what kind...

                                    Do you know if anyone has considered publicising these pages more widely? It seems like dropping a link to them next to the option to enable/disable telemetry might help to demonstrate what kind of data you're collecting.

                                    4 votes
                                    1. dblohm7 (edited ) Link Parent
                                      It's an interesting idea. I'm not sure whether our UX people would go for it, but I can certainly file a bug and see what happens! EDIT: I looked, and the "Learn More" link points to this page...

                                      It's an interesting idea. I'm not sure whether our UX people would go for it, but I can certainly file a bug and see what happens!

                                      EDIT: I looked, and the "Learn More" link points to this page which references the generated in-tree docs.

                                      6 votes
                                  2. [7]
                                    lionirdeadman Link Parent
                                    That's good Wouldn't that allow for abuse and someone could just throw tons of garbage? That's quite overwhelming. I would never expect an average joe to read and comprehend this. Has Mozilla...

                                    I work at Mozilla. I used to work on the Telemetry stack. Both ends are open source.

                                    That's good

                                    We don't associate anything with IP addresses.

                                    Wouldn't that allow for abuse and someone could just throw tons of garbage?

                                    EDIT: And here are some links to descriptors for every single telemetry probe in the product:

                                    That's quite overwhelming. I would never expect an average joe to read and comprehend this. Has Mozilla considered giving a more in-depth but still friendly way to see exactly what is being sent sort of like how the spyware.neocities link that started all this tries to break it down (it's not as in-depth but I think you get what I mean)?

                                    1 vote
                                    1. [6]
                                      dblohm7 Link Parent
                                      Not really. I said we don't save the IP, not that we don't do rate limiting or anything like that. It's pretty hard to find the right balance, because there's always somebody out there who isn't...

                                      Wouldn't that allow for abuse and someone could just throw tons of garbage?

                                      Not really. I said we don't save the IP, not that we don't do rate limiting or anything like that.

                                      That's quite overwhelming. I would never expect an average joe to read and comprehend this. Has Mozilla considered giving a more in-depth but still friendly way to see exactly what is being sent sort of like how the spyware.neocities link that started all this tries to break it down (it's not as in-depth but I think you get what I mean)?

                                      It's pretty hard to find the right balance, because there's always somebody out there who isn't satisfied. We're either accused of offering hand-wavy assurances that can't be trusted, or that we're providing a deluge of details that can't be parsed by the public. There isn't One True Sweet Spot that will make everybody happy.

                                      6 votes
                                      1. [5]
                                        lionirdeadman Link Parent
                                        Well, the privacy policy is probably intentionally vague to allow the telemetry team to have some level of control without changing it at all the time and the in-source docs are clearly not meant...

                                        We're either accused of offering hand-wavy assurances that can't be trusted, or that we're providing a deluge of details that can't be parsed by the public. There isn't One True Sweet Spot that will make everybody happy.

                                        Well, the privacy policy is probably intentionally vague to allow the telemetry team to have some level of control without changing it at all the time and the in-source docs are clearly not meant for the public, surely something in between would be nice where it goes from the very vague and you can click a plus sign to expand it and see more detail with finally a link to the in-source documentation would be a right middle-ground possibly? I could try showing you a design of what exactly I mean if you're interested in showing this to those which could implement it. (I wouldn't take an actual thing from Mozilla's telemetry system because it goes way over my head)

                                        1. [4]
                                          dblohm7 Link Parent
                                          Since I’m so busy on other things, I would welcome you to join our IRC server, join the #telemetry channel, and engage directly with the team on this. They’re all great people and would love to...

                                          Since I’m so busy on other things, I would welcome you to join our IRC server, join the #telemetry channel, and engage directly with the team on this. They’re all great people and would love to hear suggestions for improving user comfort with their work.

                                          4 votes
                                          1. [3]
                                            lionirdeadman Link Parent
                                            But the IRC was killed like a week ago.. wasn't it? I don't think Mozilla set-up anything other than kept up with Freenode's channel and rust moved to Discord.

                                            But the IRC was killed like a week ago.. wasn't it? I don't think Mozilla set-up anything other than kept up with Freenode's channel and rust moved to Discord.

                                            1. cfabbro Link Parent
                                              Plans to... but it's not dead yet AFAIK. From April 26, 2019:

                                              Plans to... but it's not dead yet AFAIK. From April 26, 2019:

                                              In the next small number of months, Mozilla intends to deprecate IRC as our primary synchronous-text communications platform, stand up a replacement and decommission irc.mozilla.org soon afterwards. I’m charged with leading that process on behalf of the organization. -Source

                                              4 votes
                                            2. dblohm7 Link Parent
                                              Nothing has changed yet with IRC. The options for replacing it are still under consideration.

                                              Nothing has changed yet with IRC. The options for replacing it are still under consideration.

                                              2 votes
                            2. [8]
                              Wes Link Parent
                              The word "spy" is by definition a secretive action. https://www.dictionary.com/browse/spy https://en.oxforddictionaries.com/definition/spy https://www.merriam-webster.com/dictionary/spy...
                              4 votes
                              1. [7]
                                lionirdeadman Link Parent
                                Hm, well, I'm not sure how else I would describe such a feature other than spyware. Any ideas?

                                Hm, well, I'm not sure how else I would describe such a feature other than spyware. Any ideas?

                                1 vote
                                1. [6]
                                  Wes Link Parent
                                  It's just regular old telemetry. A lot of the privacy community uses emotionally charged words like "surveillance", but they're moving further away from accuracy by doing so.

                                  It's just regular old telemetry. A lot of the privacy community uses emotionally charged words like "surveillance", but they're moving further away from accuracy by doing so.

                                  9 votes
                                  1. [5]
                                    lionirdeadman Link Parent
                                    Why it would be inaccurate to describe it that way? Surveillance doesn't imply secrecy so it seems like a good way to describe it.

                                    Why it would be inaccurate to describe it that way? Surveillance doesn't imply secrecy so it seems like a good way to describe it.

                                    1 vote
                                    1. [4]
                                      Wes Link Parent
                                      It doesn't necessarily imply secrecy, but it does imply close and targeted observation of an individual. Somebody might be surveilled if they're suspected of a crime. To say that somebody is being...

                                      It doesn't necessarily imply secrecy, but it does imply close and targeted observation of an individual. Somebody might be surveilled if they're suspected of a crime. To say that somebody is being surveilled suggests that they're being closely watched by another person or organization.

                                      Telemetry is more appropriate because it's clear that the tracking is aggregate, optional, and not targeted to an individual.

                                      5 votes
                                      1. [3]
                                        lionirdeadman Link Parent
                                        I disagree. Surveillance doesn't imply that it's targeted. Surveillance systems are rarely if ever for targeted used whether that's home or say a mall, it's not targeted. Telemetry is also a lot...

                                        I disagree. Surveillance doesn't imply that it's targeted. Surveillance systems are rarely if ever for targeted used whether that's home or say a mall, it's not targeted.

                                        Telemetry is also a lot more ambiguous about what is collected so it doesn't convey the same amount of information. I'm unsure why you'd think that telemetry implies it's optional at all, not sure where you got that from.

                                        1 vote
                                        1. [2]
                                          Wes Link Parent
                                          It may evoke different imagery for different people, but my mind goes right to the idea of somebody being parked outside your house and observing your actions. It's uncomfortable and unsettling....

                                          Surveillance systems are rarely if ever for targeted used whether that's home or say a mall, it's not targeted.

                                          It may evoke different imagery for different people, but my mind goes right to the idea of somebody being parked outside your house and observing your actions. It's uncomfortable and unsettling.

                                          Even if the word means different things to others though, I don't think anyone likes the idea of being watched. That's why I described it as emotional language.

                                          Contrast that to a program which collects crash reports to correlate common factors, or reviews aggregate data to determine which features are being used and should be focused on. This is a much more technical and impersonal process, which the word telemetry implies. It doesn't evoke that same sense of imagery, at least for me.

                                          I'm unsure why you'd think that telemetry implies it's optional at all, not sure where you got that from.

                                          That's fair. I'm making an assumption just because as mentioned above, it's a much more technical term and as a feature of software it can generally be disabled. However if somebody is actually being surveilled in the real world, they likely have no ability to prevent that.

                                          But you're correct - calling something telemetry does not mean it's optional. I'll recant that point.

                                          1 vote
                                          1. lionirdeadman Link Parent
                                            Wouldn't that actually be spying? Consider the same thing but in a store. What would people call it? Oh wait, it already happened and people were outraged. Or well, it didn't actually happen but...

                                            somebody being parked outside your house and observing your actions.

                                            Wouldn't that actually be spying?

                                            Contrast that to a program which collects crash reports to correlate common factors, or reviews aggregate data to determine which features are being used and should be focused on.

                                            Consider the same thing but in a store. What would people call it? Oh wait, it already happened and people were outraged. Or well, it didn't actually happen but Walmart patented the idea anyways.

                                            Here's an article talking about it if you're interested

                                            I would certainly say that people don't want this sort of collection but let it happen on the internet mostly out of ignorance or failure to care since we see scandal after scandal of internet privacy issues and possibly because of the belief that they're "anonymous".

                2. [2]
                  Wes Link Parent
                  My guess: they just break or act unexpectedly in that situation. That might be okay for techies but is a problem for regular users. Especially those that travel a lot. I just installed Firefox...

                  is it possible there's a way which doesn't require phoning home?

                  My guess: they just break or act unexpectedly in that situation. That might be okay for techies but is a problem for regular users. Especially those that travel a lot.

                  Yeah except it's not the first thing you see at all

                  I just installed Firefox from scratch. It opened this tab: https://www.mozilla.org/en-US/privacy/firefox/. I believe this used to be a modal dialogue, but it still makes the information they collect very clear. Definitely not spying.

                  Yeah except it's well, a different service which provides different information.

                  In that case I would need to read more into it. I assumed they used GA for their health report.

                  3 votes
                  1. lionirdeadman Link Parent
                    But ungoogled chromium would have no reason to deviate from normal Chromium's behaviour so that would mean Chrome potentially can't do that which would... be really odd, no? Hmmm, I've actually...

                    My guess: they just break or act unexpectedly in that situation. That might be okay for techies but is a problem for regular users. Especially those that travel a lot.

                    But ungoogled chromium would have no reason to deviate from normal Chromium's behaviour so that would mean Chrome potentially can't do that which would... be really odd, no?

                    I just installed Firefox from scratch. It opened this tab: https://www.mozilla.org/en-US/privacy/firefox/. I believe this used to be a modal dialogue, but it still makes the information they collect very clear. Definitely not spying.

                    Hmmm, I've actually never seen that page pop-up before possibly because of my distro so I won't take that further but even so, that wouldn't make the software non-spying, it just means they're upfront about it - kind of like Chrome (although they do a really shitty job at doing so)

                    In that case I would need to read more into it. I assumed they used GA for their health report.

                    Nah, the GA thing really is only on a window page for some odd reasons that I didn't really check but they partnered with Google so they (and others) could have "anonymous" analytics.

            2. [2]
              cadadr Link Parent
              That is simply the dumbest page I have ever seen TBH. They accuse Mozilla of spying and sneakiness, and then link to pages that describe how to disable the "offending" features---and all of them...

              That is simply the dumbest page I have ever seen TBH. They accuse Mozilla of spying and sneakiness, and then link to pages that describe how to disable the "offending" features---and all of them are pages on the official websites of Mozilla and Pocket. That is so ridiculous, and I feel sad for the author.

              9 votes
              1. lionirdeadman Link Parent
                The point of the website is more so to point out where the browser (intentionally or not) connects to servers while the user might not know about it and how to disable that behaviour in certain cases.

                The point of the website is more so to point out where the browser (intentionally or not) connects to servers while the user might not know about it and how to disable that behaviour in certain cases.

                1 vote
        2. feigneddork Link Parent
          Funnily enough I was watching smarter every day about how YouTube, Twitter, and Facebook are being gamed from external sources for political and economic reasons and the most effective vector is...

          Funnily enough I was watching smarter every day about how YouTube, Twitter, and Facebook are being gamed from external sources for political and economic reasons and the most effective vector is to exploit people's ability to get angry and upset over needless shit.

          I think there needs to be a stronger in real life community and more displays of positivity rather than more online social networks that have "user generated content" which only serves as a vector to split us apart as a society.

          Pretty recently I deleted my Facebook and one of my twitter accounts. Today I deleted my Reddit account. It was honestly freeing not being so angry over pointless menial shit on a hourly basis, if not a daily basis. It's one of those things I would now recommend to people as I feel pretty great without seeing pointless drama.

          6 votes
        3. firstname (edited ) Link Parent
          Something that came to thought from reading your comment from my perspective is based on human emotion and the need of outlet for those emotions. People think they are anonymous on the web, and...

          Something that came to thought from reading your comment from my perspective is based on human emotion and the need of outlet for those emotions.

          People think they are anonymous on the web, and they often are purely peer to peer in some way or another, from their perspective at least. It creates this space of potential outlet for emotions. Just as a journal would have back before the internet.
          Imagine you being mad about someone in your life, maybe even hateful, towards lets say a coworker. And you end up writing about it in your journal. Later this journal ends up in the hands of this said coworker, all of a sudden he or she is hateful towards you as well, at least it´s likely. Hate creates more hate. And the internet is this huge shared journal.

          And if it something you care deeply of, emotions gets even more magnified. I think many of those who wrote the posts actually love Firefox. When something you love breaks there is probably a chain of emotions, you end up getting scared, then upset.

          I dont know, its late. I probably need to edit this to make it more coherence. Perhaps tomorrow. The point is, we humans are an emotional driven social being and the internet amplifies the outlet potential of emotions.

          5 votes
        4. Amarok Link Parent
          It's just good old-fashioned pandering. I think of these people as robots, stuck in a loop, looking for anything that might get them noticed... parroting every vapid insignificant thought and...

          It's just good old-fashioned pandering. I think of these people as robots, stuck in a loop, looking for anything that might get them noticed... parroting every vapid insignificant thought and reaction, circlejerking each other in whatever ways serve their groups' collective delusions best. They all vote each other up and pat each other on the back for their cleverness.

          It's like when you see a tuning fork take out a fucking bridge just by holding the resonant frequency. I think of these circlejerk themes like the resonant frequency of the forums where they appear.

          3 votes
      2. suspended Link Parent
        I do. They overreacted.

        For the people who felt so insulted and outraged that they decided they had enough and permanently switched to Chrome, I don’t really know what to say.

        I do. They overreacted.

        22 votes
      3. [3]
        j3n Link Parent
        I've been a Firefox user since it was called Firebird, and it will take a bigger snafu than this to make me switch. That said, I think you're going too far in the other direction. This wasn't just...

        I've been a Firefox user since it was called Firebird, and it will take a bigger snafu than this to make me switch. That said, I think you're going too far in the other direction. This wasn't just a small mistake. This was a massive blunder that required multiple mistakes that suggests systemic ineptitude. This is going to substantially erode user trust in Firefox and Mozilla. Will this specific thing happen again? Almost certainly not, but it leaves me wondering what's going to go wrong next.

        I want so badly to like Mozilla. They're one of a very small number of large organizations in the tech world who really seem to be aligned with the average user's interests. I've considered applying for a job there several times, but I've yet to do it because they just seem so lost right now. They seem to have absolutely no direction both in terms of vision and engineering.

        9 votes
        1. [2]
          teaearlgraycold Link Parent
          As far as their technical capabilities? Sure. But Google is so far past losing my trust that there's no way Mozilla could match them.

          This is going to substantially erode user trust in Firefox and Mozilla

          As far as their technical capabilities? Sure.

          But Google is so far past losing my trust that there's no way Mozilla could match them.

          13 votes
          1. j3n Link Parent
            I agree. There's really nothing that Google could do to make me okay with using Chrome. I'm rapidly coming to the point where I desire a fork of Firefox though. That's weird since Mozilla seems...

            I agree. There's really nothing that Google could do to make me okay with using Chrome. I'm rapidly coming to the point where I desire a fork of Firefox though. That's weird since Mozilla seems like they should be the organization I want maintaining my browser. The fact that they're not in practice is confusing and I'm not really sure what to do about it.

            8 votes
      4. Wes Link Parent
        I saw people switching because they missed their extensions: ad blockers, password managers, vim keybindings, etc. That seems completely rational. These tools are often required for people's...

        For the people who felt so insulted and outraged that they decided they had enough and permanently switched to Chrome, I don’t really know what to say.

        I saw people switching because they missed their extensions: ad blockers, password managers, vim keybindings, etc. That seems completely rational. These tools are often required for people's workflows. Suggesting they shouldn't be able to switch browsers for that reason comes off as moralizing.

        Regardless, I saw little "outrage and insult" in the comments. Most people were just discussing the magnitude of the screwup.

        4 votes
    2. cadadr Link Parent
      If people are not losing addon configs, then it shouldn't really be that big of a problem. Surely not as big a deal as people make it to be. Nothing compared to Heartbleed or goto fail bugs. Or...

      If people are not losing addon configs, then it shouldn't really be that big of a problem. Surely not as big a deal as people make it to be. Nothing compared to Heartbleed or goto fail bugs. Or the absence of security in Windows up until Win 8.

      10 votes
  2. [10]
    NecrophiliaChocolate Link
    I don't really understand why people were sooo up in arms about this. This problem happened on a Friday night, a time where the average person is out (people who are more likely to switch imo),...

    I don't really understand why people were sooo up in arms about this. This problem happened on a Friday night, a time where the average person is out (people who are more likely to switch imo), and fixed in the morning. People need to relax.

    10 votes
    1. [3]
      firstname (edited ) Link Parent
      what is this out you are talking about? Firefox is the nerds choice :P Jokes aside. This must have been a super stressful day over at Mozilla, and they have been very transparent about what is...

      what is this out you are talking about? Firefox is the nerds choice :P

      Jokes aside. This must have been a super stressful day over at Mozilla, and they have been very transparent about what is going on and kept us updated if you knew where to look. I also like that the fixes where made in the background with no steps needed on the consumer side.

      The community also helped out and there where temporary fixes out there very quickly, so kudos to them. It shows why open source has a high value.

      edit: firefox is still open source right?

      17 votes
      1. teaearlgraycold Link Parent
        It's licensed under the Mozilla Public License 2.0, which is Stallman-approved.

        It's licensed under the Mozilla Public License 2.0, which is Stallman-approved.

        8 votes
      2. NecrophiliaChocolate Link Parent
        Yeah, I am really happy how much people were helping each other out.

        Yeah, I am really happy how much people were helping each other out.

        2 votes
    2. [6]
      ssgjrie Link Parent
      This also deleted some add-on data (tampermonkey scripts, container tabs, etc). It's not the end of the world, but it's a big annoyance for many users. You know there's more than one country/time...

      This also deleted some add-on data (tampermonkey scripts, container tabs, etc). It's not the end of the world, but it's a big annoyance for many users.

      This problem happened on a Friday night

      You know there's more than one country/time zone, right?

      9 votes
      1. [2]
        NecrophiliaChocolate Link Parent
        That's true, an oversight on my part. Fair argument. How much of FF users are power users and how many just use it as if it were Chrome or Edge?

        You know there's more than one country/time zone, right?

        That's true, an oversight on my part.

        This also deleted some add-on data (tampermonkey scripts, container tabs, etc). It's not the end of the world, but it's a big annoyance for many users.

        Fair argument. How much of FF users are power users and how many just use it as if it were Chrome or Edge?

        6 votes
        1. ssgjrie Link Parent
          No idea, but I assume that the % is higher than other browsers as it allows things like having the tabs on the side. The mainstream browser with higher percentage of power users is probably...

          No idea, but I assume that the % is higher than other browsers as it allows things like having the tabs on the side. The mainstream browser with higher percentage of power users is probably Vivaldi (from ex-Opera employees), but they're small when compared to Firefox.

          By the way, this bug affected the Tor browser (even though they use a "Firefox Extended Support" base)... this is bad because they also rely on add-ons to protect users.

          2 votes
      2. [3]
        dblohm7 Link Parent
        The only data that should be consistently affected is container info. Users who let the updates do their thing are not expected to have data loss. There was data loss for people who tried to fix...

        The only data that should be consistently affected is container info. Users who let the updates do their thing are not expected to have data loss.

        There was data loss for people who tried to fix their problems by attempting to reinstall their add-ons.

        5 votes
        1. [2]
          ssgjrie Link Parent
          There was a few reports on Firefox's subreddit from people that didn't touch anything but still lost tampermonkey and containers data. That's why I left that comment. In any case, it was a big...

          There was a few reports on Firefox's subreddit from people that didn't touch anything but still lost tampermonkey and containers data. That's why I left that comment.

          In any case, it was a big screw up even with small data loss.

          1. dblohm7 Link Parent
            The loss of container data was a side effect of a security feature that kicks in when container add-ons are removed. As a result of this incident, a bug is now on file to request user confirmation...

            The loss of container data was a side effect of a security feature that kicks in when container add-ons are removed. As a result of this incident, a bug is now on file to request user confirmation before wiping the container data.

            1 vote
  3. [4]
    zmk5 Link
    I noticed the problem when all my extensions went away all of a sudden, but then came back like 5 min later. They were really quick on the fix haha

    I noticed the problem when all my extensions went away all of a sudden, but then came back like 5 min later. They were really quick on the fix haha

    5 votes
    1. [3]
      ssgjrie Link Parent
      It took a few hours to fix. Also, some users are reporting add-on data missing (tampermonkey scripts, container tabs).

      It took a few hours to fix. Also, some users are reporting add-on data missing (tampermonkey scripts, container tabs).

      4 votes
      1. [2]
        zmk5 Link Parent
        I just looked it up. I apparently woke up at the tail end of the extension bug, so I thought they fixed it super quick lol

        I just looked it up. I apparently woke up at the tail end of the extension bug, so I thought they fixed it super quick lol

        2 votes
        1. Diff Link Parent
          Because of the timing of the bug, you're not alone. Most of the western hemisphere is in the same boat as you since it primarily was going on while we were all asleep.

          Because of the timing of the bug, you're not alone. Most of the western hemisphere is in the same boat as you since it primarily was going on while we were all asleep.

          4 votes