Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Imagine you download an update for a video game. In the settings is a new oddly-labeled toggle that, when enabled, changes a few sprites as an homage to a popular celebrity.

This button was meant to be hidden by default, but was accidentally shown to 5% of their userbase. The developers later apologised that the wording spooked their customers, some of whom were aware that certain malicious game mods also gave opaque additions to the settings page, and removed the change thereafter.

Q: Do you boycott this company?



The difference is, it is not a video game.


Exactly. GP is not using an apt comparison. For many people, the primary reason to use Firefox is privacy. They made a massive faux pas against their primary selling point and people are upset.

Would you consider switching a product if the main reason you liked a product came into question? I think any rational person would.


Not really, because there aren't any thoroughly supported, mainstream browsers as clean of spyware features as Firefox.


It would be easier for me to use Chrome. All of my coworkers use Chrome. Before Quantum, Chrome had better performance [1]. Chrome is everywhere. I have to test my web apps on Chrome regardless of whether it is my primary browser or not.

I'm not saying I'm leaving Firefox, but I am going to reevaluate which browser I choose. Mozilla lost a lot of trust from me and I am going to reevaluate how I interact with their products.

If supported, mainstream, and clean of spyware are the three boxes you are trying to check and you still feel Firefox checks them, great. But, now is as good of a time as any to reevaluate why you are using a browser and if the browser really meets what you are looking for.

[1] https://www.digitaltrends.com/computing/best-browser-interne...


This whole fiasco has literally nothing to do with privacy.


I wholeheartedly disagree. It is a security issue, privacy issue, as well as many other types of issues.

Installing an extension without my permission is a privacy issue. It doesn't matter what that extension does. It doesn't matter if that extension is literally just an icon on a tray or if it literal spyware. It doesn't matter if it was ever enabled. You can't claim to be privacy conscious and then do something like that.


This is outrage for the sake of outrage. What I don't understand is why people are going with it.

There is a clear, palpable difference between an update that adds "literally just an icon" and one that adds spyware. The former has literally zero things to do with privacy. The latter is spyware.


We can agree to disagree then. I think your opinion is reasonable and I can understand where you are coming from.

To me personally, however, this is a very bad smell. They have shown that they will push unrelated code as a Shield Study. This faux pas was signed off by a Firefox Product Manager, Data Steward, Legal, QA, Release Management, AMO review and a member of the core Shield Team [1]. If none of these members realized it was a bad idea, I have lost all faith in their product development. If it wasn't signed off by those members, there is a major red flag about who has the ability to add these types of things and/or their processes.

Either marketing has too much say, they have poor processes, or they are totally out of touch with their user base. These all raise red flags for me. I can't feel confident knowing that there is no spyware in my browser.

Mike Conley a Mozilla dev commented on the bug ticket, "I am also curious about this. I have been asking around, and have not yet found a single Firefox peer that was involved with this in either implementation or review."[2] Everything about this was handled incredibly poorly. I will wait for the postmortem, but currently I don't have a lot of faith in Mozilla or their processes.

[1]https://wiki.mozilla.org/Firefox/Shield/Shield_Studies [2]https://bugzilla.mozilla.org/show_bug.cgi?id=1424977


There is no link, implied or otherwise, between allowing a harmless, off-by-default, accidentally visible extension and "spyware in my browser". This extension wasn't just harmless for your privacy, but it was intentionally, specifically harmless.

Yes, it does highlight that Mozilla isn't a perfect, flawless entity that never makes mistakes, but the process protected your interests exactly the way it was designed to do and you already knew that anyway.

If the issue is that Mozilla sometimes pushes imperfect code, why is everyone harping about this absolutely harmless instance and not, say, one of the hundreds of actually meaningful security vulnerabilities? Why are people fixated on this totally arbitrary and counterproductive metric of the fact it showed up under the "extensions" header, rather than a metric of whether it has literally anything to do with the interest you're trying to protect?

If you only want to run code written by perfect entities, fine, go ahead. But you shouldn't have been using Firefox in the first place, and you certainly shouldn't be making unsupported moral claims about them for not hitting impossible standards.


I don't understand how that changes the ethicality of the action.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: