The problem is that you literally need a budget of about $300 million per year just to maintain a web browser engine, because it is one of the most complex pieces of code ever created, and it has to support a mountain of standards that keeps growing and be backward compatible with the last 25 years of standards, and it has to be constantly improving its performance to deal with the increasing processing demands of JavaScript and CSS, and plug all the security holes. Maintaining 25 million lines of code is incredibly expensive and rewriting its pieces in Rust to have better performance with parallel processing and fewer security holes requires paying for high quality programmers.
At this point, there are only 3 entities even attempting to maintain a performant web engine, which are Google, Apple, and Mozilla. If we all abandon Firefox, then we are left with just Google and Apple in the W3C committees that can implement the web standards and we wonât have a single voice of sanity in the room with any power to push for usersâ rights and privacy. Mozilla is far from perfect, but using the alternative browsers means giving more power to Google to control the web standards, because almost all the web browsers that claim to respect user rights are based on Googleâs code, so you are giving Google more market share.
Mozilla does a lot of things that I dislike, and it is far too dependent upon Google for its funding, which makes it hard to oppose Google. However, Apple isnât very active in the W3C committees, and they are increasingly dominated by Google (and Microsoft to a lesser extent). This is why I keep using Firefox, and why I encourage people to buy their services such as VPN, because Mozilla is far better than the alternative.
The problem is not related to what users can do â most never change the defaults, thatâs why defaults are so important â but about what the funded entity feels itâs allowed to do. âŚ
I do get your points.
Thereâs a difference between âfear about how Mozilla will actâ and âhow Mozilla has actedâ. We should judge Mozilla on the latter. We certainly shouldnât judge Mozilla based on vague innuendo of association, we should only base it on action and thatâs not what the previous poster was doing.
Is it delusional to think that Brave could pick up the slack and maintain their own engine (forked from chromium) if necessary? Personally, I have been far more impressed with Brave lately, with Mozilla apparently completely abandoning any concern of what the community wants.
I get your arguments for why we will miss Mozilla if they stop, but the organization is just too bad for me to support them.
Another point along this line of thinking, the founder of brave literally was the long-time leader of mozilla and helped to start it originally, so if anyone would know what it would take to replace mozilla, it would be him.
While you have a point, I think majority of funding is a bit more than âvague innuendo of association.â
Youâre right. I should have said â⌠based on Google paying Mozilla for default search and a vague innuendo that this relationship will affect Mozillaâs policies/actions.â Remember that Mozilla could always go back to Yahoo Search or even Bing Search if Google wanted to use that relationship to strong arm Mozilla.
I think itâs more subtle than that. Before it comes to strong-arming, there needs to be an open conflict. And I think receiving funding is a pretty strong incentive not to start one.
I think itâs more subtle than that. Before it comes to strong-arming, there needs to be an open conflict. And I think receiving funding is a pretty strong incentive not to start one.
Mozilla is free to go back to Yahoo Search or talk with Microsoft about making Bing Search the default. There is more than one option.
To put the shoe on the other foot, letâs consider this hypothetical: Suppose the NSA started buying Librem 5âs, should we all assume that Purism is tainted???
Itâs not free to change your supplier, the cost of getting one is a lot of work. Especially when the current one pays well.
In this case it is. Itâs really one update of a default setting. And theyâve done it before: Remember that Mozilla has changed from Google Search to Yahoo Search ⌠and back.
If NSA provided the majority of Purismâs income, I would start asking questions.
First: Would you ask questions or already be making conclusions?
Second: Hmm. How do we know they havenât??? The investors in the $9M of convertible bonds is not public, so I guess we donât know whether or not it was the NSA. But, think about it, the NSA would want to keep that private, right??? /s
We are at this point right now. Mozilla cooperates with Facebook to do similar what Google does with Chrome. They want to collect data, but not on Browser like Google, they want to transfer data via E2EE to a specific servers that pseudonymize data to share with advertising companies. It also should be able to be used as data for machine learning.
This is the red line they want to cross. Seams Mozilla want to be dead as organization. They call it âstrong privacyâ, I call it a privicy punsh into our face.
FTP can be secure, providing that you use the right options. You can use FTP with SSL (i.e. TLS) in a number of ways.
I was aware of SFTP (which is basically a wrapper around SSH), but not aware of FTPS. I still disagree. Thatâs like saying that âHTTPâ is secure". Itâs âHTTPSâ that is secure. Similarly, it is FTPS that is secure, but not FTP. Not only that, but I donât think that Firefox
ever support FTPS so itâs moot in regard to Mozilla ( 20 year bug was resolved to âwontfixâ 4 years ago https://bugzilla.mozilla.org/show_bug.cgi?id=85464 ).
As you mentioned, it (FTPS) isnât firewall friendly because it either runs on a different default port (990) or requires a separate port for negotiation.
IMO, FTP should simply be retired and be replaced by SSH or SFTP (which is basically a wrapper around SSH) or, when a login isnât needed, HTTPS. I say this as someone who did way too much insecure FTP automation 20 years ago using âexpectâ (hard-coded passwords to vendors sent in plaintext).
FTP used with SSL comes as a pair of variants i.e. whether you implicitly use SSL and that means connecting to a different control port (just as with HTTPS) v. you explicitly request SSL after connecting insecurely to the standard control port (21). In that sense the explicit approach is the same as e.g. SMTP, and for that matter HTTP, where you can make an insecure connection, then request the connection to âgo secureâ. The explicit approach is still secure provided that at least one end is configured to avoid a downgrade attack i.e. will always insist on an attempt to âgo secureâ and will insist on disconnecting and aborting if âgoing secureâ does not succeed.
So, technically, no. HTTP can indeed be secure (using the Upgrade header).
Thatâs the killer. The data connection on a different port. Not NAT friendly and not firewall friendly. Also not exactly IPv6 friendly.
If it is being used programmatically (as you were apparently doing 20 years ago), that isnât a very easy approach, since FTP bears absolutely no relation as a protocol to SFTP. By contrast, FTPS (in either variant) is an easy code change, particularly FTPS with implicit SSL.
Donât get me wrong. I see the weaknesses in FTP.
All references in this post to SSL should be taken as synonymous with TLS. I know thatâs not the case.