Introducing a terms of use and updated privacy notice for Firefox | The Mozilla Blog
blog.mozilla.org
We’re introducing a Terms of Use for Firefox for the first time, along with an updated Privacy Notice.  Why now? Although we’ve historically relie

Not a good look for Firefox. Third partners and device fingerprinting clearly mentioned in the documents.

The move is the latest development in a series of shifts Mozilla has undergone over the past year.

The gecko engine and Firefox forks, such as Tor, Mullvad, Librewolf, and Arkenfox, are stables of private, open source web browsing.

In fact, Mozilla’s is one of the few browser engines out there, in a protocol-heavy industry that many say only corporate or well-funded non-profits can reliably develop.

What is more, daily driving the more hardened-for-privacy Firefox derivatives can be frowned upon by many sites, including your bank and workplace.

Mozilla’s enshittification leaves the open source community without a good alternative to Firefox, after years of promoting it as a privacy-friendly alternative to spyware-cum-browser Chrome.

  • sleep_deprived@lemmy.dbzer0.comEnglish
    83·
    2 days ago

    The choice of C++ + Swift feels strange and off-putting to me. Swift, at least, is pretty safe as languages go, but does leave me scratching my head a bit. C++, though, frankly should have no place in a new browser project. For a piece of software whose whole purpose is to essentially download and run untrusted code, C++ is unacceptable.

    It’s realistically not gonna happen, but what I’d really like to see is Servo developed into a full browser.

    • KeenFlame@feddit.nu
      2·
      6 hours ago

      Could you explain how their language choice affects the security of the software? Because it’s open source and easier to find cracks?

      • sleep_deprived@lemmy.dbzer0.comEnglish
        3·
        6 hours ago

        No, the industry consensus is actually that open source tends to be more secure. The reason C++ is a problem is that it’s possible, and very easy, to write code that has exploitable bugs. The largest and most relevant type of bug it enables is what’s known as a memory safety bug. Elsewhere in this thread I linked this:

        https://www.chromium.org/Home/chromium-security/memory-safety/

        Which says 70% of exploits in chrome were due to memory safety issues. That page also links to this article, if you want to learn more about what “memory safety” means from a layperson’s perspective:

        https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/

        • KeenFlame@feddit.nu
          2·
          6 hours ago

          Cool, it makes sense I guess. But why would other languages not also be succeptible to memory injections?

          • sleep_deprived@lemmy.dbzer0.comEnglish
            2·
            6 hours ago

            In simple terms, they just don’t allow you to write code that would be unsafe in those ways. There are different ways of doing that, but it’s difficult to explain to a layperson. For one example, though, we can talk about “out of bounds access”.

            Suppose you have a list of 10 numbers. In a memory unsafe language, you’d be able to tell the computer “set the 1 millionth number to be ‘50’”. Simply put, this means you could modify data you’re not supposed to be able to. In a safe language, the language might automatically check to make sure you’re not trying to access something beyond the end of the list.