Proposal: Waterfox, IceCat, Pale Moon & Seamonkey / Firefox forks #375
Comments
|
Hi, could you share what do you mean by "the direction Mozilla is headed"? Is there anything new we don't know? |
|
@davidtabernerom Shields project is meant to look at different user's settings and how they work on different sites. Here is the last one. The only useful part was this one imho |
Mozilla managed to betray users' trust many times in a couple of months. https://github.com/mozilla/addons-frontend/issues/2785 https://www.theverge.com/2017/12/16/16784628/mozilla-mr-robot-arg-plugin-firefox-looking-glass @beardog108 might give you extra info. Also, not a FF issue, but a Mozilla issue: https://www.youtube.com/watch?v=KPgyTzqDJhM. https://youtu.be/KPgyTzqDJhM?t=987 (16:28) talks about yet another betrayal of users' trust. |
|
For Pale Moon, you should read this: And Pale Moon isnt just a fork like Waterfox, nor have telemetry included. So its currently the best alternative |
Edit:
Pale Moon have a few integral extensions: https://addons.palemoon.org/extensions/privacy-and-security/ Considering that incredibly lucrative deal with Yahoo, a lot of Mozilla's recent actions reek of intense greed & abandonment of principles that made Firefox what it is in the first place. With the recent changes to webextensions and the ui, (not to mention negation of user privacy with opt-out) they are emulating Chrome. @beerisgood I updated my original post, had forgotten about Pale Moon. Though I don't think it's "better" than the other two. I think all 3 are suitable alternatives! @Shifterovich supplied an excellent podcast detailing how much money Mozilla rakes in + some pretty shady happenings within the corporation/organization that aren't covered in any of the links above: https://hooktube.com/watch?v=qMALm1VthGY |
angela-d
changed the title
angela-d
changed the title
|
We should also make a section about Mozilla, similarly to the W10 section, as Mozilla is very often recommended to people seeking privacy and generally open-source freedom. |
|
@Shifterovich Fixed your link: https://hooktube.com/watch?v=qMALm1VthGY |
|
Thanks, didn't know about that. |
|
Just be aware that HookTube sits behind Cloudflare, so there is a trade-off vis-a-vis YouTube. |
|
@Hillside502 - Valid point. Though without much competition for Youtube, I'd say Cloudlfare is the lesser of two evils. Mozilla posted their "apology," does anyone take issue with the fact it came from their Chief Marketing Officer, instead of the CEO? Would it be controversial to remove Firefox from privacytools.io as a suggestion, entirely? |
|
I agree with @z0m8i3 |
|
Cyberfox is another alternative |
|
@PandaCodex isnt it dead? |
|
Possibly semi-offtopic, but do you have any feature comparsion table between those forks (and possibly Firefox itself)? |
|
@Mikaela Excellent suggestion. I submitted a PR https://github.com/privacytoolsIO/privacytools.io/pull/379 with a comparison chart (link beneath "Worth Mentioning" of the browser section) |
|
+1 for this. I avoid Mozilla after they said this: http://uk.businessinsider.com/mozilla-new-initiative-counter-fake-news-2017-8?r=US&IR=T So now they want to filter what you see based on their political views or what they deem as true or false... |
|
You can add too:
|
|
Perhaps recommending Tor Browser without Tor is better than recommending FF with some tweaks? You will look like Tor apart from your IP. |
|
@Shifterovich depends. Tor Browser use Firefox esr. Some guys need modern stuff which only the normal version have (until esr go to new version) |
|
FF + user.js tweaks needs more time than setting Tor for non deepweb. Intika's Librefox-Firefox includes ghacks.user.js in the available releases. |
Can't recommend this. Firefox 63.0.3 is still used -> security problem! Also guys which visit this site, care about privacy and have the few minutes to config the (gHacks) user.js tweaks |
|
@2E0PGS that's enough for me to ditch Firefox. When tech companies become political and censor information that doesn't fit their narrative is the day they are not in support of a free internet. We really need to stop Firefox from being recommended and suggest forks that adhere to the original goals Mozilla seems to have forgotten. |
|
I wholly agree. Anytime this subject is brought up, someone counters it with, "The forks only have x developers and are volunteers; security patches are slow.. you can't beat the army of paid staff Mozilla has." When a staff of size is working against their users, obscure security exploits are the least of anyone's worries. There's probably much worse going on inside that none of us are privy to. Relying on community users to monitor and review such an enormous codebase is nonsense. The codebase is too large to analyze every line of code efficiently and Mozilla has become untrustworthy. |
|
I'll use your argument, @angela-d: "The forks only have x developers and are volunteers; security patches are slow.. you can't beat the army of paid staff Mozilla has."
And remember that even Microsoft has switched to Google product chromium (and so add a more pressure to standardize all that Google want in term of web) |
|
Tor browser is the only "fork" which have enough power to keep it secure. Also Firefox is (yet) the only solution. You can't config any other browser like you want and have good security & privacy |
So what are you going to do when pages don't work in anything but Blink and Servo? Eventually those engines are going to implement features you do not have and site developers will test in those environments and nothing else. This will in turn create even more work. Even Microsoft (with their resources) gave up developing EdgeHTML and opted to use Chromium.
😢 |
Okay.
If you're concerned about privacy there are better ways to achieve this, such as Tor Browser. At least your fingerprint won't then be so unique and you actually have Tor to not expose your IP address. Having such a unique fingerprint will mean that your users can be singled out for targeted exploitation. Nuke the sandbox too hard? Too much security for me. Lets scream about how Mozilla does everything wrong and whinge about fake news again.
Yes and tell me how that goes when you're trying to use NoScript or uMatrix on a mobile browser.
Also, you came here. |
|
No one wants stop your project, but don't list it on privacytools.io |
Everything has bugs. Bugs are then fixed those bugs, people move on. I suppose you'd also say that Chrome's sandboxing is a complete waste of time too? The point is about reducing harm and employing a number of good principals to achieve that.
Which is in violation of the RFC. RFC6797 clearly states:
There are a couple of reasons for this:
There are better ways to waste time, that's your time so I really couldn't care less.
OMG FAKE NEWS is how you responded. In my last reply I placed a bet you'd respond in this way. You never refute so called "falsehoods" with evidence. Which brings me back to what I said earlier: "There also seems to be a small group of devout followers who travel from the Palemoon forums to other parts of reddit, HN and github to spruik the project and derail criticism. I've observed (without naming names) it's the same names doing it over and over again." If there was absolutely no truth to the criticism, it wouldn't bother you.
You can't delete my comments so that really must bother you. We have never criticized the people. We have however pointed out why these things do not belong on privacytools.io
You can exist if you want, just not on privacytools.io, not if the site wants to maintain it's credibility. There has never been any question of that.
You haven't provided any evidence which disproves my previous comments about your project. Why should I go to more effort to dig up more examples of why your project is a shitty pointless effort? |
|
You edited your last reply a number of times. I was already in the process of replying.
Well I don't believe that at all based on your edits.
Nope. If there was evidence of the latter then it would still be something valid you could say about a person. There is certainly evidence of the former, so we can still say it about Pale Moon. |
So that user was trying to form a brigade.
I have clearly stated why (in previous comments, in this issue) why they are wrong. |
Your browser hasn't had the scrolling code removed? Read my previous replies.
Note the key word in my comment trying.
No it just means your browser is compliant with commonly adopted security standards of today. I guess you could interpret that as being dangerous. |
I was referring to your inability to use your scrollbar to read my previous comments. Ie:
|
I figured other huge portions of your browser are missing so why not that.. 🙃
I have done so in my comments. You have just been in denial and haven't provided anything to counter it. I know you will just keep responding until the issue is closed, specifically jasperla/openbsd-wip#86 So I won't be responding after this unless there is something of value for me to respond to. |
I was not trying to form a brigade. Instead, I was annoyed at what appeared to be yet another example of someone repeating the same old claims that I have seen being spouted for years, as a user of the browser, when the fact is that independent development - when done seriously, as Pale Moon (and Basilisk, along with other UXP applications) is - isn't actually a bad thing just because someone doesn't have the resources of Microsoft/Google/Mozilla etc. My other intention with replying here as suggested, was in the hope of providing another viewpoint so that at least one person may come across what has been said and give them more information to make their own decision based on that (rather than only being exposed to the "old and insecure" narrative). I certainly still believe that Pale Moon is highly focused on privacy and security, and thus it would still fit in with the point of this list in my opinion, but that decision is not mine to make and I won't try to argue for its inclusion if it isn't included. As long as the further information provided in this issue helps at least one person who comes across it to make a more informed decision, then that's good enough for me. |
Complaining to your friends about misinformation that is not misinformation and expecting someone to do something about it is brigading.
Old claims, because they are old problems, being in denial isn't going to solve them. There's a very good chance the future will only make them worse.
Just because you make some modifications to an old discarded Mozilla codebase doesn't make it yours. Sure you may have made some additions, changes, improvements, but the large majority of code would go untouched and unused. Many parts won't be touched for many years if at all. Less eyeballs means less chance of a problem being discovered "merely because the code looked wrong -@mattatobin" won't be a thing. Just because something is working doesn't mean it is right.
Well it is. As I have said previously, an application as large and complex as a web browser requires manpower to maintain. A web browser deals with a lot of very sensitive user data. It is the primary focus for security researchers and black hats. To most people there is their "operating system" and their "web browser" which is the gateway to their entire online life. You guys are deluding yourselves if you think 3 developers and a few contributors can somehow maintain all the components of a web browser. In addition to maintaining forks of old XUL extensions that have been abandoned by their own original authors. To market yourself on privacy and security would be dishonest for a few reasons. Nearly all your time will go into maintaining XUL/XPCOM these are huge codebases in themselves abandoned by upstream. Eventually Mozilla is going to deprecate more and more code which you depend on or still use. This will mean less security information from upstream will be useful to you. Mozilla having the marketshare it does is the primary target of research (along with the other major browsers) at events like Pwn2Own. As nobody could care less about Palemoon it's unlikely to get any real auditing from outside parties (TorProject, Private netsec researchers, commercial cybersecurity firms etc). Essentially what you have is security through obscurity. That being said if a specific Palemoon user was a target, browser fingerprinting would be a trivial thing to do. There are many ways to do it. It is very much a cat-and-mouse game between browser vendors and interests that would identify individual users (advertising companies, governments etc). It's going to become more difficult to merge code from upstream when your codebases diverge. You can be in denial about it all you like but it isn't going to change that fact. You won't have the resources to develop replacement security technologies like those mentioned above (sandboxing), permission model etc. This is going to exacerbate any security issues existing in your browser. Anything you do develop you won't have the resources to provide proper QA, integration, automation testing etc. I work in this industry and it often requires a team just to write new tests. You have no presence on mobile platforms, and extension developers are going to be using WebExtensions in order to target both platforms and have code that can be used in Chrome. There are new RFCs being released from the large vendors such as DANE verification and all the other things around TLS all the time. There's new W3C standards being drafted all the time. Once Mozilla abandons Gecko for Servo (or something based off it) your browser is not going to be tested by web developers. This is because Firefox will no longer be using Gecko and thus won't have any similarity to your forked engine Goanna. Even Microsoft with their vast resources decided to abandon EdgeHTML for Chromium this would have been because they did not want to maintain it all by themselves. EdgeHTML was by no means old (2014) before that they had Trident. So in addition to fixing all the previous issues you'll also have to fix issues related to specific websites. When are you supposed to then make time to focus on things like performance (something that Gecko and XUL were never good at) and other general improvements? You have a monumental amount of work ahead of you. Optimism will only get you so far, there will come a point when you have to be realistic. Nobody here has explained why these things aren't something I should worry about if I used your product. All I've seen is denial and claims of misinformation.
Personally if I was you, it wouldn't be a "view point" I would want to stand by as it damages your credibility. As far as @mattatobin goes (a core member of the Palemoon team) in regard to "public record", that is exactly why I have invested the time I have in this issue. So it can be referenced whenever Palemoon ever comes up, whether that be here on github, Reddit, HN or anywhere else.
Nope for the reasons above.
Hopefully that decision is not to use your product. |
Nobody cares for your opinion so yeah... It wasn't going to be listed anyway.
Well actually if you read what it says there:
Notice the word optionally. Yeah. The first recommendation is simply to remove the parts of the blocklist URL string that might infringe on one's privacy ie
Many open source projects of today wouldn't be a half as good as they are without commericial backing.
Binary Outcasts you mean your organization of one person, you. Again with the trying to make yourself sound big. By the way it's very nice to know about how you like the Lorem ipsum dolor sit amet. I like it too. As for Moonchild Productions's crew of 3 there is nothing there worth adding. So you won't have to worry about that. So you're trying to dump us before we dump you? 🤣.
Where's your evidence. You've refuted nothing. You know what there is evidence of? I guess that's just my "world view". aka uMatrix's logger. |
|
I don't really have the time to read all this but assuming @mattatobin is a Pale Moon dev,
sounds like we shouldn't add Pale Moon. Not sure if I can see all the org members here https://github.com/orgs/MoonchildProductions/people but looking at the commit history, Pale Moon is too small to be added to PTIO imo. This thread is very long so the Waterfork/IceCat discussion should be moved to a separate thread imo. |
I don't see mattatobin as a member of privacytools organization. Everytime I found issues with mattatobin, I had the impression of reading boring words by some lawyer. |
A practicing lawyer would almost certainly not have issues with reading comprehension, punctuation and writing coherent sentences. Failing at reading comprehension is counter productive to reading technical standards and then implementing them in your application. |
|
Yes, it appears like they want their browser banned from most of the projects: some distributions have banned it. |
|
To be fair, I am not against @mattatobin or the idea that the new firefox is crap... But I think he just shot himself in the foot with an AR15 being as agressive as he was with the aruging, etc... I disagree though with privacytools.io that Basilisk Browser and forks shouldn't be on the list. Though I also agree the blocklist that is within palemoon is crap. Aka, some addons which are extremely useful such as noscript are blocked unless the blocklist is off. People I install it for never have issues with noscript unless I have video blocked by default and all scripts are not enabled by default. My point being, I believe in many of the different points that are here. You are more than free to disagree with me, but that is entirely my view. I currently use Iceweasel-uxp, and it is a fork of Basilisk-Browser. |
|
But one that is more regularly updated of course. :) and is available for most distros. |
|
@FrostKnight but only for mainline browser and not for old engine based forks ;) |
It does not do any such thing actually. Unless you have it setup the way it is by default. Doing those two things I mentioned, allowing all video and enabling all scripts, makes it work for anyone without the nightmare you say it is. I have that setup on my mother's windows 10 laptop in firefox, and she doesn't complain at all. So nice try, but what you are saying is the real fake news. No worries though, I don't take it personally, I understand you must have had a bad experience with noscript. PS, its in the tor browser for a reason. :) even back when it was a legacy based tor browser. 👍 PS, Tobin, its not on the blocklist for a reason... well a good one anyways. Its just because you got tired of complaints from users that's pretty much it. It is a security addon that gives firefox based browsers what would seem like tank armor in the cyber security world. So yeah, your argument is completely off point. I need to see some proof before I can even humor your argument. sorry, but that's how it is. |
That would be fine, if it is set for full privacy and security by default and rips out as much tracking nonsense as possible and/or disables the tracking nonsense. I guess in essence, a browser like Icecat like I said only very frequently updated. :) |
|
@FrostKnight you're wasting your time arguing with @mattatobin, he has nothing better to do than go around reddit, HN and github spruiking Palemoon/etc. Any argument you make will be simply responded with "fake news". |
True, I guess I was bored and hoping I could help him in my spare time. I wonder if he likes the usa president. I wonder if that is why he keeps using that phrase. xD Maybe he likes Putin like trump too. ;p |
Mental illness is no laughing matter. 🙃 |
|
https://news.ycombinator.com/item?id=19527053, this in particular reads like something you would write:
In all honesty though, renaming whatever it is you're currently working on it's all the same and the same arguments apply. Also who uses NoScript these days. uMatrix is waaay better, especially as you can do the same How to block 1st party scripts everywhere by default. |
|
I recommend that we're stop talking about Pale Moon, cause mattatobin have a lot to do :D Also he never use NoScript, but don't recommend it. I guess it's then fake that it's recommend and default in Tor browser? |
|
@mattatobin Please tell your friend to stop using The Great Cloudwall of Google, Microsoft and Baidu |
and others
For those of us displeased with the direction Mozilla is headed, Waterfox and IceCat are suitable alternatives.
Are either or both of these browsers contenders for inclusion or mentions on Privacy Tools?
Pros of both:
Cons:
Although Waterfox is currently just a "fork," it appears it's going to branch off & become a stand-alone project after the demise of ESR; from 56 release notes:
It has been mentioned that compatibility with "legacy" extensions is also in work to be retained beyond ESR, as well.
Edit:
I forgot about Pale Moon, per @beerisgood's suggestion: https://www.palemoon.org/
Also worth mentioning: https://www.seamonkey-project.org/ - Though I'm not sure how intertwined Seamonkey is with Mozilla:
Which is concerning, given Mozilla's recent activities; definitely not a company that should be handing out advice.
The text was updated successfully, but these errors were encountered: