389

Mozilla drops new Privacy Note and Terms of Service; People are saying it is Bad News (blog.mozilla.org)

submitted 2 days ago by whydudothatdrcrane@lemmy.ml to c/opensource@lemmy.ml

93 comments fedilink hide all child comments

Not a good look for Firefox. Third partners and device fingerprinting clearly mentioned in the documents.

The move is the latest development in a series of shifts Mozilla has undergone over the past year.

The gecko engine and Firefox forks, such as Tor, Mullvad, Librewolf, and Arkenfox, are stables of private, open source web browsing.

In fact, Mozilla's is one of the few browser engines out there, in a protocol-heavy industry that many say only corporate or well-funded non-profits can reliably develop.

What is more, daily driving the more hardened-for-privacy Firefox derivatives can be frowned upon by many sites, including your bank and workplace.

Mozilla's enshittification leaves the open source community without a good alternative to Firefox, after years of promoting it as a privacy-friendly alternative to spyware-cum-browser Chrome.

you are viewing a single comment's thread
view the rest of the comments

[+] pyu@lemmy.blahaj.zone 6 points 2 days ago* (last edited 2 days ago)

[deleted]

[-] sleep_deprived@lemmy.dbzer0.com 5 points 2 days ago

The choice of C++ + Swift feels strange and off-putting to me. Swift, at least, is pretty safe as languages go, but does leave me scratching my head a bit. C++, though, frankly should have no place in a new browser project. For a piece of software whose whole purpose is to essentially download and run untrusted code, C++ is unacceptable.

It's realistically not gonna happen, but what I'd really like to see is Servo developed into a full browser.

[-] KeenFlame@feddit.nu 2 points 1 day ago

Could you explain how their language choice affects the security of the software? Because it's open source and easier to find cracks?

[-] sleep_deprived@lemmy.dbzer0.com 3 points 1 day ago

No, the industry consensus is actually that open source tends to be more secure. The reason C++ is a problem is that it's possible, and very easy, to write code that has exploitable bugs. The largest and most relevant type of bug it enables is what's known as a memory safety bug. Elsewhere in this thread I linked this:

https://www.chromium.org/Home/chromium-security/memory-safety/

Which says 70% of exploits in chrome were due to memory safety issues. That page also links to this article, if you want to learn more about what "memory safety" means from a layperson's perspective:

https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/

[-] KeenFlame@feddit.nu 2 points 1 day ago

Cool, it makes sense I guess. But why would other languages not also be succeptible to memory injections?

[-] sleep_deprived@lemmy.dbzer0.com 2 points 1 day ago

In simple terms, they just don't allow you to write code that would be unsafe in those ways. There are different ways of doing that, but it's difficult to explain to a layperson. For one example, though, we can talk about "out of bounds access".

Suppose you have a list of 10 numbers. In a memory unsafe language, you'd be able to tell the computer "set the 1 millionth number to be '50'". Simply put, this means you could modify data you're not supposed to be able to. In a safe language, the language might automatically check to make sure you're not trying to access something beyond the end of the list.