[HN Gopher] Deviations from Chromium (features we disable or rem...
___________________________________________________________________
Deviations from Chromium (features we disable or remove)
Author : jacooper
Score : 250 points
Date : 2022-09-06 17:39 UTC (5 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| skrowl wrote:
| Interesting, but I think I'll still use Firefox and Mull
| imbnwa wrote:
| Real question is how're they gonna support distribution of
| critical Manifest v2 extensions like uBlock Origin once the
| Chrome extension store ceases to distribute v2 extensions in
| January[0]
|
| [0]https://github.com/brave/brave-browser/issues/15187
| gigel82 wrote:
| Also check out Ungoogled Chromium (https://github.com/ungoogled-
| software/ungoogled-chromium) which goes above & beyond by not
| just "proxying" services but rather removing all phone-home
| functionality altogether.
|
| There's no for-profit entity behind it, so no perverse incentives
| to monetize either (but that also means they don't have a budget
| for proper CI, signing, distribution, etc.) so there's a bit of
| DIY work involved on less-popular platforms.
|
| I use Ungoogled Chromium as a backup whenever a website makes the
| unfortunate choice of not properly supporting my main browser,
| Firefox.
| chasil wrote:
| I personally use Bromite.
|
| https://www.bromite.org/
|
| I used to use SRWare Iron on the desktop, but not for many
| years.
|
| https://en.m.wikipedia.org/wiki/SRWare_Iron
| jacooper wrote:
| The reason brave is a bit less hardcore ungoogled-chromium is
| usability.
|
| Brave can be used by anyone, with the experience they expect
| from a modern browser.
|
| No need for some weird workarounds to install extensions, no
| support for widevine, etc.
| commoner wrote:
| Ungoogled Chromium is the Chromium-based desktop browser that I
| use as a backup to Firefox, but I almost never need it.
|
| I have two installations of Firefox: a primary installation
| that has Enhanced Tracking Protection and privacy extensions
| enabled, and a secondary installation that has neither but
| clears all history when the browser is closed. I'll switch to
| the secondary installation when the primary one doesn't work
| with a site, usually because the privacy features interfere in
| some way. It's easy to do this with two editions of Firefox
| (e.g. stable and Beta/Developer Edition, or a fork like
| LibreWolf or Mull).
|
| With this setup, I rarely ever use Ungoogled Chromium, and
| haven't used it for some time.
| deadbunny wrote:
| You can just use profiles in FF and achieve the same. No need
| for 2 separate installs.
| commoner wrote:
| Absolutely, and I do use Firefox profiles on desktop with
| the Profile Switcher for Firefox extension.* Profiles
| aren't available on Android, however, so I use multiple
| installations there.
|
| * Profile Switcher for Firefox:
| https://addons.mozilla.org/en-US/firefox/addon/profile-
| switc...
| jacooper wrote:
| I dont work for brave, the page's title uses "we". I just added "
| brave's" to give more context.
| k__ wrote:
| This makes Chrome look like a garbage fire.
| jacooper wrote:
| It always has been.
|
| Chrome is a privacy nightmare.
| encryptluks2 wrote:
| This isn't about Chrome, but about Chromium... the same source
| that Brave is based on. Most of these settings are configurable
| via policies as well. Firefox looks equally bad if not worse.
| k__ wrote:
| I can read, thank you.
| NonNefarious wrote:
| I don't really care what they do. You can't use their browser
| without signing up for an account, which is absolute hypocrisy
| and even WORSE than regular browsers.
| gunapologist99 wrote:
| This is incorrect. I've used Brave and never created an account
| (not even sure how). Are you confusing this with Google Chrome
| and its accounts, because that also can be used without
| creating a Google account?
| kunwon1 wrote:
| I've never used Brave before. I was curious about this, so I
| just downloaded the browser. I'm able to use it without signing
| up for an account. I was never even prompted to create an
| account.
| rav3ndust wrote:
| I've been using Brave since 2019, and I am unsure what a "Brave
| Account" is.
|
| In fact, I don't know of a desktop browser that _requires_
| account signin. Chrome encourages it, but you don 't have too
| to be able to use the browser.
| zerotrustonthis wrote:
| Imagine trusting Brave to be your browser:
|
| 1o Injecting affiliate codes into users url's without consent:
| https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-web-
| browser-is-hijacking-links-and-inserting-affiliate-codes/
| 2o Scamming people into thinking they are giving donations to
| content creatos:
|
| https://web.archive.org/web/20190606100032/https://twitter.c...
|
| Brave is always behind in security patches to Chrome by design,
| Google first need to push the patch to Chromium, Brave need to
| grab that patch and adapt it to Brave.
|
| Brave adds new potentially security issues with all the
| modificatios and code they add to it.
| concinds wrote:
| Both have been reversed, and both were addressed convincingly
| (that these were true mistakes, not misbehavior they walked
| back).
|
| https://www.theverge.com/2020/6/8/21283769/brave-browser-aff...
|
| https://www.reddit.com/r/brave_browser/comments/a8d34y/youtu...
|
| It's suspect to me that every thread that mentions Brave
| attracts such bizarre vitriol, with people who keep rehashing
| old arguments (which are off-topic and _never_ with any actual
| context so people can make up their own minds). Haven 't
| suprjami wrote:
| I don't use Brave and I'm not shilling for it, but it does
| consistently rate high in privacy research:
|
| https://privacytests.org/
|
| https://arstechnica.com/information-technology/2020/03/study...
| jeroenhd wrote:
| It should be noted that the person behind privacytests.org is
| a current Brave employee. That said, I haven't seen any signs
| of compromise yet; it makes sense that privacy-focused
| developers end up at privacy-focused companies.
|
| However, you can have a good privacy record for protecting
| users from third parties and still make bad decisions. Not
| informing users about what websites do or do not take part in
| the crypto collection programme from the start was a bad
| decision IMO. Altering URLs to insert referrer codes is also
| a bad idea. This doesn't mean Brave doesn't try to protect
| your privacy, but it's still quite user hostile in my
| opinion.
| dark-star wrote:
| > Services We Proxy Through Brave Servers
|
| So they're asking users to trust that their servers don't track
| them? Has there been any audit done on their infrastructure (a
| quick Google search didn't reveal anything)? How are they making
| sure that there are no employees who enable some simple tracking
| on their proxies for some extra cash?
|
| True, it's probably far-fetched, and one could argue that "it's
| still miles better than Google", but (as some others further down
| have noted) Brave didn't have the best track record in the past
| (they tried tracking their users too...)
| bawolff wrote:
| Huh,they list lang client hints, but not accept-language
| header???
| Dwedit wrote:
| > Cookies are given a maximum lifetime of 7 days for cookies set
| through Javascript and 6 months for cookies set through HTTP
|
| What the hell, I don't want my logon cookies to expire so
| quickly.
| forgotusername6 wrote:
| Do you mean if you open up a website you used two weeks ago you
| still want to be signed in? For a website you visited daily the
| cookie could be refreshed.
| tetromino_ wrote:
| Depends.
|
| A banking website? No, a quick automatic signout is obviously
| safe and correct.
|
| An entertainment site, a forum, some kind of social media?
| Certainly I want to stay signed in.
| 9dev wrote:
| To the contrary, why would you want to be signed out? Your
| account, and therefore by extension, your cookies, should
| only be usable by you.
|
| I cannot think of a reason why I would want to loose my
| sessions every other day.
| CobrastanJorji wrote:
| I think if convenience measures favorably against even minor
| security concerns in nearly any situation, you are probably not
| the target audience for specialty security-focused web browser
| projects.
| MockObject wrote:
| Timeouts and expirations are an absolute plague of the modern
| world. I can count on one hand the number of sites that I want
| to be logged out from automatically.
| brnt wrote:
| My browser is configured to not save any state past shutdown.
| I prefer that login info is not stored in an opaque way in a
| 'jar' that's hard to control.
| j-krieger wrote:
| It's not a jar. You can control your cookies perfectly
| fine. No one but you and the original host can access them.
| xnx wrote:
| Even worse when they lose track of what page you were on when
| you log back in. ( _cough_ Sharepoint _cough_ )
| croshan wrote:
| Your logon cookies should be set serverside, with the Secure
| and HttpOnly flags set, entirely unaccessible by javascript. So
| they'll last 6 months.
|
| When I see cookies set by javascript, their primary purpose
| seems to be user tracking, not auth.
| matips wrote:
| Sometimes cookies are used as they were designed - to store
| data in browser. For example 5etools-mirror-1.github.io. App
| without cloud storage or user account system. It stores your
| shortcuts in YOUR cookies, not in the server's DB.
| mazlix wrote:
| That would mean you are sending your shortcuts to the
| server on every request, localStorage would be much better
| in that case to save bandwidth.
| ris58h wrote:
| That's why we have localStorage.
| jefftk wrote:
| Local storage is also cleared on the same schedule, or
| else it could be used as a substitute for cookies.
| polski-g wrote:
| This might be why my browser is constantly logged out of
| SteamPowered.com
| PufPufPuf wrote:
| Nope. Same problem on Firefox. Steam just loves logging you
| out.
| datchi wrote:
| > Services We Proxy Through Brave Servers
|
| Would it not be better to proxy these through Tor? Brave already
| has support for Tor built in.
| gunapologist99 wrote:
| That would probably massively increase latency, and most
| regular users would probably not tolerate that (and they'd
| think it was Brave's fault).
| Phelinofist wrote:
| In what way is proxying through Brave better than talking to
| the G directly anyway?
| somenameforme wrote:
| Any request you make to Google's servers, including something
| as innocuous as e.g. Google Fonts can be used to shape and
| track you, your habits, and so on.
|
| When it goes through a proxy, that becomes much more
| difficult.
| carlhjerpe wrote:
| If they're reachable through Tor, that's not a given.
| joshspankit wrote:
| It seems so trivial, but I really wish they found a way to
| support the Serial API.
|
| If I want to flash an ESP32 through the web browser, my only
| choice (besides installing Chrome) is to boot up Windows and use
| _Edge_.
| bawolff wrote:
| I honestly can't tell if this is sarcasm or not.
| jeroenhd wrote:
| I have to admit that the ESPHome flash tool is quite
| convenient. There's a quick web interface to set up some
| config and you can flash microcontrollers with dedicated
| firmware from pretty much any device.
|
| It's one of those silly features that you use maybe once or
| twice a year at best; same with WebUSB and WebBluetooth.
| [deleted]
| sammyteee wrote:
| Anyone know why Chromium lacks H.264 & AAC support?
| brnt wrote:
| It lacks DRM support I thought.
| Thoreandan wrote:
| MPEG-LA Patents, over 5,500 of them.
|
| https://en.wikipedia.org/wiki/Advanced_Video_Coding#Patent_h...
| https://www.mpegla.com/programs/avc-h-264/
|
| To get h.264 into Firefox, Cisco stepped up and offered to take
| the heat -
|
| https://en.wikipedia.org/wiki/OpenH264
| https://blog.mozilla.org/en/mozilla/royalty-free-web-video-c...
| https://news.ycombinator.com/item?id=25706252 (recent HN
| repost)
|
| but that doesn't mean they can safely be in Chromium.
|
| See also: The entire reason VLC can do MPEG-2 decoding being a
| French student research project.
| gunapologist99 wrote:
| Both are patent-encumbered and good to very-good alternatives
| exist.
| maybebutnot wrote:
| Nextlevelpepega wrote:
| [deleted]
| rising-sky wrote:
| This is a subset of what they bring to the table:
| https://github.com/brave/brave-browser/wiki/Deviations-from-...
|
| I personally use either Safari or Brave (for chrome extensions
| and debugging) exclusively
| mmastrac wrote:
| I don't remember hearing about #2 at the time, but that's
| incredibly disappointing.
|
| I don't really get the love for Brave. It always strikes me as
| being a completely opportunistic company (brave tokens were are
| particular turnoff).
| speedgoose wrote:
| Is there a web browser based on Brave but without the crypto scam
| features?
| mongol wrote:
| What is Edge browser's privacy story? Is it any good?
| jeroenhd wrote:
| It used to be great. Chrome without the Google tracking and
| some Microsoft tracking that was easy enough to disable.
|
| Then they completely Microsofted it up. More tracking than
| Google, with more opting out you need to do and no way to opt
| out completely. Even comes with an interest free loan plugin
| that sometimes alters the HTML of checkout pages.
|
| Edge is the bloated corpse of what could be the best new
| browser from the last 10 years. A corpse that keeps coming
| back to life, trying to replace your default browser every
| other Windows update.
| speedgoose wrote:
| In summary, Microsoft tracks you instead of Google.
| brnt wrote:
| Even chattier.
| causi wrote:
| I wish there was a version of Brave without the loud orange
| logo on the address bar and without the stupid carded tab
| switcher.
| lmkg wrote:
| Take a look at Vivaldi and see if it's what you're looking for.
| Broadly, Brave is pro-privacy and pro-crypto while Vivaldi is
| pro-privacy and anti-crypto.
|
| Vivaldi is forked from Chromium directly rather than from
| Brave, but the similar pro-privacy stances mean that they
| remove or mitigate many of the same features. E.g. both disable
| FLOC, both have built-in ad-blockers, and both have committed
| to maintaining compatibility with ad-block extensions broken by
| Manifest V3. For what it's worth, Vivaldi is closed-source.
| brnt wrote:
| > Vivaldi is closed-source.
|
| Therefore not even remotely a replacement for Chrome, Brave
| or any browser really. Vivaldi is also some of the chattiest
| in a network analysis I saw, which does not bode well either.
|
| Good UX is nice, but orthogonal to privacy, sane defaults and
| user freedom.
| RankingMember wrote:
| Brave's paywall-bypassing news article viewer is tops. Does
| Vivaldi have that? I love Brave save for the crypto nonsense.
| easrng wrote:
| Add the Bypass Paywalls extension, it works on Firefox and
| Chromium. https://github.com/iamadamdev/bypass-paywalls-
| chrome
| PufPufPuf wrote:
| Brave browser is just three browser extensions in a
| trenchcoat
| maxloh wrote:
| It would be better if we have Chromium's UI too. Brave's theme
| is not as good as Google's one.
| cowtools wrote:
| Ungoogled Chromium?
|
| I've heard that the cryptocurrency features are disabled by
| default in Brave, but I've never used it.
| ycta39840398 wrote:
| No, they're _enabled_ by default. Brave makes a big deal
| about all of its features being opt-in, but the crypto shit
| is a big, glaring exception.
| jacooper wrote:
| That's not correct. Brave awards aren't enabled by default,
| and you have to manually to opt in for it to work.
|
| Yes the button is there, but you can just hide it.
| robotnikman wrote:
| At least on the mobile version it seems to be. You get a
| popup letting you know about BAT when you visit some
| sites, and whenever you open a new tab the page usually
| have some background or story about NFT's or some other
| crypto thing.
| notsrg wrote:
| "Show Brave Rewards icon in address bar" is the only
| setting you really need to disable. Every once in a while
| they launch a new feature related to crypto i.e. in the
| new tab page but generally they're pretty good at letting
| you opt out entirely.
| jacooper wrote:
| You can disable the ads on the new tab page too.
| suoduandao2 wrote:
| If you dislike decentralization, why not just use chrome?
| speedgoose wrote:
| I don't think crypto currencies are the right solution for
| web decentralisation. And anyway, I prefer sustainability
| over decentralisation at all costs.
| PufPufPuf wrote:
| I don't dislike decentralization. I dislike blockchain scams.
| rosywoozlechan wrote:
| You can just not use those features. It's not like they upsell
| you on them or anything. If you don't use them they aren't in
| your face. I actually tried using them and found them kind of
| silly and useless. No website or creator I visit seems to be
| using attention tokens, and the tokens I bought to just to try
| it out remain unspent.
| speedgoose wrote:
| I don't want to promote scams though.
| netr0ute wrote:
| How is it a scam?
| thatguy0900 wrote:
| There was a big uproar when it came out, they would
| accept donations on behalf of creators even if those
| creators had never made any kind of contract with them.
| Not sure if they still do that but it's pretty sketchy
| behavior to take money on behalf of someone you've never
| talked to and probably doesn't want you taking money for
| them. Especially people that already have actual donation
| methods.
| k__ wrote:
| Don't encourage them.
| nwienert wrote:
| In the future, just flag. It's explicitly breaking rules.
| speedgoose wrote:
| How is it breaking the rules?
| nwienert wrote:
| https://news.ycombinator.com/newsguidelines.html
|
| Under comments, rule #1, 2, 6.
|
| No one benefits from your comment. If you think it's a
| scam, put some rationale. It's a lazy comment that adds
| no value.
| speedgoose wrote:
| I was merely replying to one answer to my comment. I
| don't think one has to write an essay in such
| discussions. Water is wet, scams are scams.
| nwienert wrote:
| If you don't want to explain, don't comment. That's the
| rules here. Stop wasting peoples time.
| [deleted]
| smoldesu wrote:
| Brave directly profits off of showing their users
| advertisements. I have no intention of supporting that
| monetization scheme, crypto or not. It's a direct
| downgrade from the privacy models of Ungoogled Chromium
| and Firefox.
| MichaelCollins wrote:
| Firefox also profits from showing ads, search "sponsored"
| in about:preferences. This is on by default, but I think
| firefox users forget about it because everybody with
| sense disables it.
| mr90210 wrote:
| How much would you pay for a browser that does not track
| you at all?
| speedgoose wrote:
| The problem is tracking brings more money than what the
| average user is willing to pay. My persona is not
| relevant.
|
| I think the solution is from regulations, like GDPR in
| Europe. It's not popular to say that here, but at least
| you can think about it.
| sascha_sl wrote:
| The answer is nothing, because a browser without
| significant adoption is bound to have some inevitable
| issues. I've tried Orion, for instance, but the fact that
| 1Password is not signing extensions so that IPC works on
| these browsers (rightfully so, because it'd be easy to
| grab your entire vault) already makes it not worth
| considering. It also would likely need to be proprietary,
| because selling binaries doesn't really work too well if
| your product picks up steam. Which then conflicts with
| the privacy promise.
|
| Ungoogled Chromium is probably your best bet.
| [deleted]
| godelski wrote:
| As cool as Brave is, I still think it has big issues running
| Chromium. Chromium still allows Google to dictate a lot of the
| internet. We should have more competition in the space and that
| will help us all. I honestly even wish there was more than
| Chromium (and the various colors), Safari, and Firefox. It really
| seems a lot of these decentralized services have become highly
| centralized and thus a lack or competition and growth.
| [deleted]
| jgalt212 wrote:
| Chromium still allows Google to dictate a lot of the internet.
|
| IE6 still allows Microsoft to dictate a lot of the internet.
|
| the more things change...
| silisili wrote:
| I'm glad it did. They made an amazing browser at light speed
| that people actually want to use due to that decision.
|
| The interesting question to me is...what happens if Brave gets
| bigger than Chrome. Like how Ubuntu did Debian, on the desktop
| at least.
|
| Does Google nix Chromium? More restrictive licensing? Curious
| the outcome.
| nicce wrote:
| The speed is caused by filtering many ads by default. Nothing
| rocket science what you could not do with browser extensions
| by yourself.
| silisili wrote:
| I was referring more to development speed, if that wasn't
| clear, my apologies. That said, it is also speedy to use
| for the reasons outlined.
| armchairhacker wrote:
| you can still use Konquerer or any old / niche browser if your
| site isn't using the latest HTML/CSS features and Javascript
| APIs.
|
| The issue is that webpages are incredibly complex - they can be
| full-scale applications - yet they are expected to run the
| exact same in different browsers, down to subtle implementation
| details. So in order to make a new browser you would basically
| be reinventing Chromium.
|
| Or you could start fresh with a new language to write websites
| in complete with a new browser engine. I would actually love
| this, web design today is a huge mess with HTML / CSS / JS
| quirks and backwards compatibility. But you still have the
| literally trillions of existing websites, which you'll have to
| support with Chromium or Gecko until the end of time. And more
| importantly, you have the 99.9% of users who are still using
| Chromium or Firefox and won't be able to use your new website,
| so you'll have to backwards-generate HTML/CSS/JS from your new
| script anyways.
| jefftk wrote:
| _> you can still use Konquerer_
|
| There are only three actively developed full browser engines
| (WebKit, Blink, Gecko) [1], and Konqueror runs on WebKit.
|
| (It used to use KHTML, which WebKit began as a fork of)
|
| [1] https://www.jefftk.com/p/browser-engines
| brnt wrote:
| Since Qt doesn't come with WebKit for some time now, I
| think Konqueror is for all intents and purposes orphaned.
| Its outdatedness breaks the Oauth2 flow for setting up
| Gmail calenders/contacts in Kontact.
| gjsman-1000 wrote:
| Building a web browser that is feature-complete, bug-compatible
| with Chromium, and relatively secure is _about as_ complicated
| as building a whole operating system from scratch.
|
| Plus, as Mozilla has learned, nobody ever made money from
| selling web browsers. Costs a fortune to develop, makes almost
| nothing in return except for influence or protecting other
| businesses. Plus, why the heck would you do that if Chromium is
| open-source? It's completely pointless.
| jrm4 wrote:
| Do we have to Stallman this question again?
|
| Building from open source mostly controlled by a big-ol
| company is the opposite of future-proofing, especially when
| "connectedness" is part of that company's bread and butter.
| Just having access to source doesn't guarantee much in this
| day and age.
| concinds wrote:
| The problem with that argument is that browsers don't compete
| on engines but on features, UX and integration (and bundling).
| All an engine is about, is webcompat (and Chrome wins here).
| It's literally not a differentiating feature. A good engine is
| an engine that never, ever fails to render a webpage (again,
| Chrome wins here).
|
| Even if Gecko was fully on-par with Blink (I keep hearing from
| Firefox users that they struggle with some websites, though
| admittedly very few, but Chrome obviously works fine with
| them), they'd have just invested millions in man-hours to get
| to the _starting line_ , and have webpages not fail to render.
|
| A lot of companies might switch to Firefox if they switched to
| Blink and webcompat was never an issue. I've argued before that
| Firefox would benefit from switching to Blink (and gain better
| security, webcompat, enterprise support, and on and on), save
| tons of manpower and money, and compete on privacy, features,
| integration, and things users actually care about, as well as
| keeping Manifest v2, and patching out other Chrome-badthings.
| But that's basically Brave.
| jjcon wrote:
| Chromium isn't written by just 1 entity, Microsoft intel
| samsung have all made major contributions - and anyone can hard
| fork it if they want to. I know most others here disagree but
| we do need standardization in this modern web world and
| chromium is just that.
|
| Even if we don't like it, the reality is what it is. Firefox is
| dead (about the same market share as 'samsung internet' these
| days). It would be best if we worked to make these web
| standards (chromium) bend to our collective will (like brave or
| Microsoft) rather than chasing pipe dreams of a Firefox return.
| kitsunesoba wrote:
| Hard forking isn't a practical consideration unless the
| organization in question is willing to build a team that can
| rival Google's Blink/Chrome team, which is a ridiculously
| tall order. Microsoft is capable of doing that but I don't
| think they want to.
| jjcon wrote:
| > which is a ridiculously tall order
|
| And yet a ton of people here think there should be lots of
| people building lots of completely separate browser
| engines... that is certainly more difficult
|
| To the point though - I think the threat of hard forking
| does something in and of itself to the chromium maintainers
| kitsunesoba wrote:
| The main issue with hard forking is keeping up with
| Google's unrelenting firehose of changes, many of which
| have serious security implications, which is going to
| become more and more difficult as the fork diverges.
| Maintaining an original web engine is certainly no simple
| task, but it's more reasonable than having to deal with
| the output of a much larger and more well-funded team.
| stanmancan wrote:
| WC3 creates the standards and it's up to the browsers to
| implement them.
| plorkyeran wrote:
| That ceased being true a long time ago. Ever since the
| formation of WHATWG in 2004 the browser vendors have been
| the ones creating the standards.
| dragonwriter wrote:
| > WC3 creates the standards and it's up to the browsers to
| implement them.
|
| That was mostly true until they came out with XHTML2, then
| the browser vendors were, like, "LOL, no, that's not
| happening, here's what we're going to do", and thus was
| born WHATWG and the HTML Living Standard.
| objclxt wrote:
| > we do need standardization in this modern web world and
| chromium is just that.
|
| Yes, we need standardisation - that means we need multiple
| browser engines. You can't have a standardised web with a
| single browser engine. That's the whole point of standards.
|
| Generally speaking, the W3C will only move a standard into
| the recommendation track if two competing implementations
| have been demonstrated.
|
| If Chromium was the only browser engine around we wouldn't
| have web standards: we'd have Chromium features.
| tomxor wrote:
| > and anyone can hard fork it if they want to
|
| Chromium is so large that it cannot be meaningfully forked by
| anyone but the most well funded enterprises... Even M$ track
| chromium as upstream. There are no true chromium forks, they
| are all derivatives that track chromium - it's too much to
| maintain.
|
| The problem is not merely a chromium monoculture and chromium
| specific historic implementation complexities, but the
| difficulty involved in building and maintaining a complete,
| modern and compliant web browser.
| encryptluks2 wrote:
| The same can be said about Firefox, or any larger project.
| Yet people still do it and some people generate their own
| Linux distros using LFS. Just because it isn't
| painstakingly easy to build like a Go app, doesn't mean
| that it isn't possible or isn't done. Searching Google will
| find a lot of people forking Chromium and adding their own
| changes.
| tomxor wrote:
| LFS is not comparable, you can make your own opinionated
| choices and so it's feasible to have a small scale linux
| distro. The web is not like that, there's a massive non-
| optional spec you must implement for your browser to be
| minimally useful.. and even once you get there it takes a
| lot of people to merely maintain that level of
| completeness and compliance.
|
| The state of web browsers is more comparable to
| derivative distros like Debian based or red hat based
| etc. They don't hard fork, they track upstream with a
| bunch of changes continually rebased on top.
|
| > Searching Google will find a lot of people forking
| Chromium and adding their own changes.
|
| Those aren't hard forks, they are derivatives, you wont
| see those people continually extending it with new
| features from W3, fixing zero days and improving
| implementations... they are the "debian based" in my
| analogy.
| cowtools wrote:
| Firefox market share is dying because of this mentality that
| is killing it. Self-fuffiling prophecy.
|
| The standardization is in the standard, not the
| implementation. You do not need everyone to use the same
| implementation in order to have standardization: that just
| allows the implementer to bend the standard to his will.
| jjcon wrote:
| No, Firefox didn't die because a few of us devs stopped
| using it and standardized around chromium. They died
| because chrome has outperformed them on speed and
| efficiency for a decade+ (I still can't run FF on my Mac
| without my fans whirring to life). Not to mention things
| completely outside their control like chromes marketing
| budget.
|
| I'm not trying to place tons of judgement on Mozilla though
| - just saying we all need to face the reality rather than
| living in denialism.
| k__ wrote:
| Yes.
|
| While I was the first to jump ship, when Chrome got
| released, I really tried to like Firefox in the last ten
| years, but in the end Mozilla failed on so many fronts,
| that they lost me to Brave.
| eropple wrote:
| _> I still can't run FF on my Mac without my fans
| whirring to life_
|
| I haven't seen this behavior on a Mac since Firefox
| Quantum was released, FWIW. It's what got me to switch
| back to Firefox in the first place. (Sidebery and a few
| other nice extensions have helped keep me there.)
| jjcon wrote:
| I didn't use Firefox pre-quantum so I've only seen this
| behavior post quantum. I last gave Firefox a try about a
| year ago and while the fans weren't as bad the battery
| life/power consumption just wasn't comparable to safari
| or chrome based browsers
| tapoxi wrote:
| Firefox market share is dying because for the longest time
| it was slower than Chromium. These days in my personal
| experience, it's mostly on-par but there's not a whole lot
| of compelling reasons to use it.
|
| I get the privacy angle, but I'm searching Google anyway.
| They have all my email since 2004, my photos since 2007. My
| phone is Android. Switching to Firefox alone makes a
| minimal impact on my overall privacy footprint and causes
| some websites to load slower.
|
| In ye olden days you could make the argument that it was
| more customizable than Chrome, but since the shift to
| WebExtensions that differentiator is gone. What's wild is
| that they didn't think of the top 10 power user features
| (like Tree Style Tabs) and attempt native support for them,
| they just kneecapped extensions without offering an
| alternative.
| WorldMaker wrote:
| Also Firefox's market share is dying because of its built-
| in privacy tools blocking trackers by increasing opt-in and
| the conflict of interest that the largest analytics firm
| (Google) is also the largest advertising networks/firm
| (Google) and relies on some of the most ubiquitous trackers
| (Google) and owns the biggest competing browser (Chrome).
|
| I believe that Firefox's market share is _greatly_ under-
| reported and Firefox 's dying at least somewhat over-
| exaggerated. But then all the headlines get to people and
| it becomes a self-fulfilling prophecy in that way too that
| all the people that feel some pressure to abandon a "dying"
| ship only because everyone keeps telling them to.
| jefftk wrote:
| _> its built-in privacy tools blocking trackers ...
| Firefox 's market share is greatly under-reported_
|
| Firefox doesn't block Google Analytics or other standard
| analytics providers by default:
| https://www.jefftk.com/p/firefox-does-not-block-
| analytics-by...
| WorldMaker wrote:
| >> its built-in privacy tools blocking trackers *by
| increasing opt-in*
|
| Enhanced Tracking Protection is one-click to turn on, and
| suggested as an option on first startup on a fresh
| install (modulo A/B tests and whatnot) and is a setting
| that syncs across your devices if you do turn it on just
| once. Anecdotally, most people I know still using Firefox
| as daily driver also have Enhanced Tracking Protection
| on. Enhanced Tracking Protection _does_ block Google
| Analytics and other standard analytics providers. (So
| much so that some ad companies have started to treat
| Firefox as an "ad blocker" by default and have
| increasingly harsh warnings that sites are not supported
| in Firefox due to "ad blocker". ETP blocks _zero_ ads,
| just trackers.)
| encryptluks2 wrote:
| I'm sure that die hard fans of any failing company said the
| same thing. Further proof that Firefox fans mentality is
| more akin to a cult than actual technical merits.
| gjsman-1000 wrote:
| No. Firefox has been dying for, what, a decade now (losing
| market share since 2013)? The only people using Firefox are
| the people who care about Firefox as a product and a
| competitor, which is (in the grand scheme of things),
| almost nobody. Everybody else left, often with decent
| enough reason. Google recommended Chrome, Chrome was faster
| for a long time, Firefox stagnated and put ads and
| sponsorships everywhere, and wasn't better in almost any
| respect for a normal user than Chrome.
| stormdennis wrote:
| I use firefox mainly because it feels less creepy than
| chrome and works great with uBlock Origin.
| mmastrac wrote:
| Almost everything everyone accuses Mozilla of and uses as
| their reasons for leaving is far worse in a Chrome
| ecosystem. It boggles my mind how people can complain
| about X and then jump to chrome where X is just as bad or
| worse.
| Dma54rhs wrote:
| FF is inferior product and seems to waste the last money
| on things completely unrelated projects. Sooner or later
| it's a dead product or they start using chromium/webkit
| and go for the Brave/Vivaldi model.
| gjsman-1000 wrote:
| Ah... no? Firefox, before Quantum, was slower than
| Chrome, had worse battery life than Chrome, and (on a
| Mac) was way louder than Chrome. And by the time they
| mostly fixed these problems, there was basically no
| reason to use Firefox other than it wasn't Chrome -
| which, other than to a developer, is not a selling point
| to the masses.
| ipaddr wrote:
| Many mobile users have a phone with an internet icon that
| opens in chrome. As mobile rises firefox share declines.
| literalAardvark wrote:
| ... and crashed all the time, which is how they lost me.
| I care, I tried.
|
| They shot themselves in the foot every 6 months for 10
| years.
| stormdennis wrote:
| How many users does a browser need to break even? 4% of a
| billion is still 40 million
| bobviolier wrote:
| That depends on how the browser makes money.
| jacooper wrote:
| I used to refuse Chromium for the Same reason.
|
| But honestly it already happened, Firefox is already
| irrelevant.
|
| Mozilla is mis-managed organization that is funded to avoid
| anti-trust investigations, they dont fully push for privacy
| because they are afraid of google, do out of touch changes, and
| focus on political advocacy.
|
| Compare that to brave, which builds its own independent search
| engine, ad network, and has privacy by default in its products.
|
| There is no hope that Mozilla and Firefox will change the
| status-quo anytime soon, Firefox is losing users at crazy rate,
| and Mozilla is absolutely failing to do anything to change
| Firefox's destiny towards irrelevance.
|
| Brave is almost everything Mozilla should've been.
|
| Actually do what they sey, no hidden google analytics in their
| products, no unique ID for each installer downloaded, push for
| privacy by default and independence from big tech, not being
| shy from google, because they are their only income.
|
| I would argue, that if Mozilla wants to turn its course around
| with their "limited resources" it should drop gecko, and
| anything irrelevant to the users experience.
|
| Fork Chromium, the best web engine out there by a mile, and
| remove any anti-privacy / anticompetitive code, while still
| taking advantage of the huge development resources directed to
| chromium from many parties, and maybe Mozilla can also
| influence Chromium's development.
|
| Start pushing privacy by default, its the reason brave is
| gaining users at such a rapid pace, its a browser I recommend
| to everyone, as just by installing it they already are much
| more private than with chrome.
|
| What matters is the users experience, its why brave is growing.
| ravenstine wrote:
| I totally agree that Mozilla is mismanaged, but I'll still
| take a mismanaged and politicized Mozilla over a tentacle of
| The Google any day.
|
| And that's precisely why I use Firefox. In response to the
| comment you were responding to, I don't know why anyone
| should care about how relevant Firefox is. For every browser
| someone invents, there will be someone claiming how bad it is
| from a security standpoint because reasons. Whatever. I can't
| keep changing browsers every time someone on HN says my
| browser is flawed or that the company behind it sucks.
|
| Unless things have changed, there are things about Firefox
| that I want that Chromium doesn't have. Can I disable history
| entirely in Chrome? Last time I looked, _nope_. Can I have
| multi-account containers? Nope. Can I block autoplaying
| videos? Nope. Can my ad-blocking not be nerfed? Nope. Can I
| not have the settings flags get taken away so frequently?
| Nope. I 'm sure there's other things as well.
|
| If Brave went the road of completely relying on its own
| browser engine or a fork of Chromium, I'd be all in. The
| longer Brave is around, the more likely I might make the
| switch. Another reason I don't want to leave Firefox is I've
| seen plenty of new and hip web browsers come and go.
| jacooper wrote:
| > Unless things have changed, there are things about
| Firefox that I want that Chromium doesn't have.vCan I
| disable history entirely in Chrome? Last time I looked,
| _nope_. Can I have multi-account containers? Nope. Can I
| block autoplaying videos? Nope. Can my ad-blocking not be
| nerfed? Nope. Can I not have the settings flags get taken
| away so frequently? Nope. I 'm sure there's other things as
| well.
|
| > Can I disable history entirely in Chrome?
|
| on brave, you can make it completely remove the browser
| history on every start.
|
| > Can I have multi-account containers?
|
| I agree, its a great feature of Firefox, the closet thing
| on chromium is multi profile windows
|
| > Can I block autoplaying videos?
|
| I think brave does this by default, not sure though.
|
| > Can my ad-blocking not be nerfed?
|
| Brave shields is based on ublock origin, and its a part of
| the browser, not limited by any extension API.
|
| > Can I not have the settings flags get taken away so
| frequently?
|
| Im not sure you can say this is am advantage of Firefox
| after the many settings they removed.
| ravenstine wrote:
| > on brave, you can make it completely remove the browser
| history on every start.
|
| I guess that's fine, but what I want is no browser
| history at all except for back-forward navigation
| purposes. In Firefox, there's an about:config flag that
| completely turns off history when set to false. Not sure
| which one. The effect is that nothing ever shows up in
| History or History > All History, with the exception of
| the Recently Closed Tabs section, and the URL bar
| autocomplete doesn't reference anything that you've
| navigated away from.
|
| Not that I'm doing anything bad on the internet, but what
| I found is not holding info about history in memory or on
| disk made things a little snappier and I just prefer what
| I do to be ephemeral unless otherwise opted in to. And
| yeah, I know that cookies and local storage are a thing,
| but that's really not the point.
|
| > Brave shields is based on ublock origin, and its a part
| of the browser, not limited by any extension API.
|
| Nice, I didn't know that.
|
| > Im not sure you can say this is am advantage of Firefox
| after many settings theg removed.
|
| Yeah, Firefox has a similar problem but my perception is
| it happens less often than with Chromium/Chrome.
| axolotlgod wrote:
| I agree. There are enough substantial features in Firefox
| that push it over the top for me.
|
| For one, scrolling is just _so much better_ than in any
| Chrome browsers, which I have noticed tend to drop frames
| and lag, regardless of the machine. Is it extreme? No, but
| for me, it is noticeable and Firefox just has that silky
| smooth scroll feeling.
|
| Another big one is Manifest v3. I think Google may alienate
| a minority of their audience when it is implemented in
| January, and Firefox may see a bump in users. Having a
| kick-ass ad blocker like uBlock Origin work robustly will
| be a selling point for some people.
|
| Another one I see people don't often mention is design. I
| may be in the minority of hardcore Firefox users, but I
| really have enjoyed the redesigns, and Firefox is still
| customizable enough for me to feel some joy using it.
|
| Overall, Mozilla is definitely mismanaging and leadership
| needs to be turned over, but the browser is still in a good
| spot. If things turn around, I could see it becoming more
| and more popular.
| sfink wrote:
| It seems to me like most of the management _has_ turned
| over in the last year or two. Whether that 's good or bad
| remains to be seen.
| [deleted]
| endisneigh wrote:
| I respect your opinion but honestly fragmentation sucks. I wish
| there was even more consolidation - ever use a power drill? 7
| different battery types non compatible with each other.
|
| On a related note I'm happy usb seems to be the general
| connector winner (though it's certainly not without fault).
|
| What would the average consumer gain if there were say, 10
| different browser engines equally popular?
|
| Chromium is open source and you can easily disable features you
| disagree with. Don't see the downside. Fork it and add
| functionality you'd like, like Brave.
| bombcar wrote:
| I'm glad there are multiple different power-tool
| manufacturers, and I'm not entirely sure there'd be as much
| competition if they were all forced to use one battery
| connector.
|
| (You can buy adapters if you want, but it's generally not
| worth it).
| endisneigh wrote:
| Why are you glad that there are multiple battery
| connectors? Makes no sense to me. It's like disagreeing
| with AA batteries.
|
| It's like electric cars having different chargers and no
| standard.
| bombcar wrote:
| Because the companies can develop different toolsets that
| do different things (the weight/power tradeoff for one,
| some battery connectors allow more than just voltage to
| cross, but also information and the tool can work with
| the charger/battery to produce better power), and for me
| the actual downsides have been minor or none.
|
| Even construction guys often have a huge mix of various
| tool brand and battery types and it's sometimes a minor
| annoyance.
|
| And you'll notice that AA batteries are almost
| universally ... gone; replaced with built-in batteries or
| custom-wrapped lithium batteries.
|
| Standards are great when things are calmed down, but when
| there's rapid advance they can cause their own issues (we
| saw this in the wireless world). Even the electric
| charger for cars thing runs into the limits of the
| standard (the fastest charging is almost always non-
| standardized).
|
| Having a "baseline" standard for those could be nice,
| something like we have with USB, but even that has its
| annoying problems.
| smegsicle wrote:
| long live 18650
| bb88 wrote:
| > And you'll notice that AA batteries are almost
| universally ... gone; replaced with built-in batteries or
| custom-wrapped lithium batteries.
|
| Ever open up a Dewalt battery pack? It's a circuit board
| and a whole bunch of 18650's. All of them are 3.7 V.
| What's different is the amount of power they supply and
| the energy they hold, how fast they can recharged, etc.
|
| But we have that with the AA/A/C/D standard as well. Some
| batteries can hold more energy, some can deliver more
| current for a longer time, etc. NiCad, Alkaline, NiMh...
| etc.
| dimensionc132 wrote:
| Why can't you people talk directly about the
| problem/issue rather than in analogies and abstractions?
| nocman wrote:
| The point you seem to be missing is that Chromium isn't a
| standard.
|
| If you want to reduce fragmentation while avoiding having one
| entity with too much control, the solution is fair setting of
| web standards and multiple browser implementations from
| different entities.
|
| Requiring everyone to "just fork Chromium" would leave far
| too much power in the hands of Google (as if they didn't have
| far too much power already).
| michaelmrose wrote:
| There is some consolidation among power tools
|
| https://toolguyd.com/tool-brands-corporate-affiliations/
|
| They still screw you on batteries and indeed would do so
| harder if there were fewer companies. Instead of incompatible
| batteries per brand it would be per year.
|
| Sorry sir that's a 2022 tool it can't use 2021 batteries.
|
| You can either ask congress to establish a standard, start a
| power tool company that supports more brands with adapters,
| or basically suck it up because selling batteries way over
| cost is extremely profitable and nobody wants actual
| competition in that space.
|
| The one thing you don't want is consolidation. Likewise you
| think you want consolidation among browser engines but you
| really don't because it gives the vendor future leverage to
| fuck you.
| marricks wrote:
| A lot of if there was an independent web consortium which
| agreed on standards.
|
| Which, hey, we do have and the more power chromium gets the
| more Google can just ignore that.
| mike_hock wrote:
| The same the average user gains from having 10 manufacturers
| to choose from when buying standardized USB connectors.
| endisneigh wrote:
| More browser engines does not imply standardization.
|
| Would you prefer the 2000s when you had your choice of
| dozens of power connectors for cell phones?
|
| There's a reason the EU is mandating USB-C. Corporations
| have no reason and historically will not standardize
| amongst themselves for most things unless there's a single
| winner.
| fsckboy wrote:
| _More browser engines does not imply standardization.
| There's a reason the EU is mandating USB-C_
|
| when you can plug your USB-C internet into either chrome
| or firefox without thinking about it, you have
| standardized.
| [deleted]
| cowtools wrote:
| Completely backwards reasoning here. The protocols
| (standards) and implementations are to be considered
| separate.
| brnt wrote:
| Fragmentation sucks, but code monopoly even more. A healthy
| ecosystem needs a plurality of implementations, or Chromium
| needs to come under committee control. (W3C? Something like
| the C++ standards committee.)
| pawelk wrote:
| > ever use a power drill? 7 different battery types non
| compatible with each other.
|
| Battery is the proprietary part. The engine (battery + motor)
| makes it spin, but for the purpose of making a hole or
| driving a screw one can use a wide array of standardized bits
| from various manufacturers. You may need an SDS adapter (one
| way or the other) and that's it. Same bits will even work
| with a hand cranked drill press built 100 years ago.
| xypage wrote:
| I'm finding it hard to give you the benefit of the doubt
| because it really sounds like you're advocating for a Google
| monopoly, which doesn't help anyone. Sure having a bunch of
| different battery types is annoying but in that case either
| you should find a brand you trust and stick with them, or
| brands have fragmentation within themselves which is a
| different issue altogether. The "fragmentation" you're
| talking about here is competition though, there isn't really
| any downside to having a bunch of different popular browsers
| and the upside is that none of them get to do anything crazy
| knowing there's no serious alternative so you can't leave.
| Google is already invasive of privacy, I can only imagine
| it'd be even worse if they didn't feel like there was
| significant risk of people switching browsers because nothing
| else was popular.
| godelski wrote:
| I'd even argue that the battery issue is more complex than
| centralization/decentralization. Look at USB or RCS. If
| there is a political push or reason to capture a wide
| variety of users, then these things work better. (hand
| held) Tools have a different issue, which is brand loyalty,
| which allows manufacturers to create a lock-in environment
| (see Apple). If there was proper competition, then lock-in
| is very hard. I would bet that if there was a big market if
| you could create a universal adapter, battery, or tool. But
| the issue is that you'd need to create a lot of brand
| loyalty. There's so many cheap tools that perform terribly
| and break that this space helps reinforce the brand
| loyalty. But just because new comers have a large uphill
| battle doesn't mean it isn't possible. In fact see how LTT
| is tackling a few different products. Yes, premium, but
| they show it off and the perfectionist mindset is
| essential. Also helps that they already have a userbase and
| brand recognition.
|
| We see similar issues with browsers actually. If other
| browsers could get name recognition, many would turn from
| Chromium. But I don't think that it helps that us nerds
| squabble about Brave v Google v Firefox and just call the
| one we don't like "trash" or "absolute garbage." Honestly,
| they are all fine.
|
| But I would like to point out how there is a real world
| slippery slope. We all used to complain about how Apple
| products were too expensive for the hardware the sold. How
| the lock-in and fanboy-ism would affect the rest of the
| market. And that reality has come true (at least for
| phones). Apple sets a price and others follow. I don't
| really want a world where a singular company dictates how
| the web should work.
| endisneigh wrote:
| Google is not really the point. The point is that there's a
| single standard. Doesn't matter who's it is to me.
|
| > The "fragmentation" you're talking about here is
| competition though, there isn't really any downside to
| having a bunch of different popular browsers and the upside
| is that none of them get to do anything crazy knowing
| there's no serious alternative so you can't leave.
|
| If this is your opinion then what difference does it make
| if there's a monopoly? You can use Firefox or Safari no?
|
| Not to mention chromium is open source. Anyone can fork it,
| like Brave in FTA. I don't see any downsides, given that
| you can disable and features you object to.
| ayushnix wrote:
| > Not to mention chromium is open source. Anyone can fork
| it, like Brave in FTA.
|
| I don't think you understand what a fork truly means.
| Blink, the web browser engine used by Chromium is a fork
| of WebKit. WebKit and Blink are now completely separate
| browser engines made and maintained by different
| companies.
|
| Meanwhile, Brave is a skin on top of Chromium. They've
| patched Chromium to their liking. You can read the first
| paragraph in the link to confirm this.
|
| People are really underestimating what hard forking a
| behemoth project like Chromium really means. I don't
| think anyone besides Microsoft has the capability to do
| it and they've already given up on that prospect.
| godelski wrote:
| > If this is your opinion then what difference does it
| make if there's a monopoly?
|
| The argument is against monopoly, even an effective one.
| Chrome has about 65% market share (88.5% in India), I'd
| call that an effective monopoly (especially considering
| all the chromium based browsers). Large enough to dictate
| how things should be done and people will follow because
| they have to. It doesn't matter that it is open source,
| it matters that there is too large of a userbase that
| decisions fall into the hands of few. It's not like
| Microsoft's Internet Explorer abused this in the past and
| we have no precedence or anything...
|
| I guarantee you that this will only lead to a fracturing
| of the internet, especially considering it is a global
| network.
| garblegarble wrote:
| >The point is that there's a single standard
|
| An implementation isn't a standard, though... and the
| concern is that Google are using their dominance here to
| push more half-baked ideas (some of which they then
| discard, see HTTP2 Push)
| untitaker_ wrote:
| An implementation isn't a standard, yet reference
| implementations exist, and yet the WHATWG standards are
| written in pseudocode.
| frenchyatwork wrote:
| > The point is that there's a single standard
|
| There already was single standard. I think your point is
| that you want there to be a single implementation. You
| can't really have that at this point without allowing
| powerful commercial interests to basically have free
| reign over what code is executed on your computer.
| jrochkind1 wrote:
| > ever use a power drill? 7 different battery types non
| compatible with each other.
|
| OK, but do you think you would be well-served if this problem
| were solved by there being only ONE manufacturer of power
| drills, take what they give you at the price they charge or
| nothing?
|
| It would be one way of solving the problem of lack of
| standardization of power drill batteries.
|
| It is the analogy of what you are speaking in favor of by
| analogy.
|
| The better solution might be multiple drill manufacturers
| agreeing on a battery standard to all use together, so their
| batteries can be interchangeable, but you still have your
| choice of different competing drill and battery
| manufacturers. What would be the analogy with browsers, do
| you think?
| eropple wrote:
| _> What would be the analogy with browsers, do you think?_
|
| It wouldn't be "use a single browser engine codebase owned
| by a single company", and that does seem to be the point
| advocated for here.
| bb88 wrote:
| > OK, but do you think you would be well-served if this
| problem were solved by there being only ONE manufacturer of
| power drills, take what they give you at the price they
| charge or nothing?
|
| Imagine having 20 different gas guzzling cars with 20
| different proprietary fuel inlets. If you buy an Audi say,
| you'd have to go to the Audi refilling station.
|
| > What would be the analogy with browsers, do you think?
|
| There's no need for analogy -- we've experienced this in
| the past, e.g., MS ActiveX and other Internet Explorer bugs
| (or features). There's also the proprietary web, e.g.
| SilverLight and Flash, before HTML5 Canvas came along.
|
| And then HTML5 was a branding effort. Browsers needed to
| support it to be marketable to the general public. Things
| just started working again without needing to install
| plugins or to keep plugins up to date (Flash) -- it was a
| better web.
|
| The W3C could do this if the web gets too fragmented again.
| godelski wrote:
| What a strange argument. The diversity in cars helped set
| the universality in the gas port. The same thing is
| happening with electric vehicles. Yeah, there are some
| proprietary ones like Tesla, but as more manufacturers
| have gotten into the space there have become standards as
| companies realize that a standard charging port helps
| them beat Tesla (being a united force). Network effects
| are real.
| bb88 wrote:
| What a strange rebuttal -- maybe just argue what you
| disagree with and leave the judgement out?
| blowski wrote:
| Building a general purpose browser must be insanely complicated
| challenge with very little reward. It would be interesting to
| see more niche browsers for browsing specific types of site,
| though.
| bombcar wrote:
| The _only_ way a new browser engine will be written in this
| day and age is if a massive company throws absolutely
| billions at it (Microsoft and Apple have both _given up_ on
| this) or a competing browser on the Chromium engine gets
| popular enough that they become the main fork and begin to
| diverge.
|
| I don't really see any other way until HTML and the web is
| replaced by something else entirely.
| chrisseaton wrote:
| What browser engine did Apple give up on?
| bombcar wrote:
| The sarcastic answer would be "webkit" but technically
| Chrome forked _from_ that.
| chrisseaton wrote:
| Yeah I'm not sure Apple has abandoned any previous engine
| they worked on - it's all been incremental for them.
| thrdbndndn wrote:
| I think this point often isn't mentioned enough to be fair.
|
| Chromium is a ridiculously complex project. Most of these
| "independant" browser teams are simply not capable to create
| a browser from scratch.
|
| I'm not saying people should praise Google or anything since
| they obviously have interest in it, But Google is still the
| one who (mostly) build chromium and leave it open source (I
| understand they have to since it was originally a fork of
| Webkit, but I feel Google can do it from scratch if they
| wanted). Without it none of these browsers would exist.
|
| If anything, why almost no one uses Gecko/Firefox as a
| template/start point instead is a more interesting question,
| TBH.
| Iwishbutnot wrote:
| hammyhavoc wrote:
| MrStonedOne wrote:
| rav3ndust wrote:
| And what do Brendan Eich's personal views have to do with the
| software or how it functions?
|
| If you refuse to use anything with any connection to Mr. Eich,
| don't use JavaScript at all - he wrote it.
|
| I have never been able to understand this sort of take- I don't
| agree with everything Richard Stallman has said, but I follow
| him for his views on free software, not his political stances.
| hammyhavoc wrote:
| He profits directly from Brave. It isn't possible to compare
| it to JavaScript.
|
| Me using JavaScript isn't putting money in his pocket.
| rising-sky wrote:
| So, you using JavaScript, just like millions of other
| users, raises the language's profile by usage. He
| definitely is able to profit _indirectly_ from JavaScript
| by virtue of being the author of the most used programming
| language, he can leverage that association to be invited to
| paid conferences and talks, write books, sit on boards, or
| any other avenues via association he chooses to employ for
| economic gain. Making the nuance of direct vs indirect is a
| false dichotomy
| rav3ndust wrote:
| Sure, except your initial post said nothing about profits.
|
| It read like: "Mr. Eich has some involvement with Brave, so
| F Brave."
|
| It's a good browser built by a team of people, and you
| discount it because of one man's involvement that you don't
| like. I ask you, do you refuse any involvement with any
| software whose "leadership" has opinions you disagree with?
|
| I'm not trying to be rude. I've just never understood this
| mentality.
| hammyhavoc wrote:
| Surely it is implied?
|
| If I can help it, I don't buy the products or services
| from which the proceeds go into supporting outright hate
| groups.
|
| Christian Henson made transphobic/ableist remarks on
| Twitter, now I won't be buying any Spitfire Audio
| products. Sure, they're great, yes, there's a team of
| people behind them, but so what? There's plenty of other
| great options out there, why would I want to indirectly
| fund hatred?
|
| Same goes for companies that fund racial hatred. Likewise
| for misogyny.
|
| Are you gay? Are you trans? Are you autistic? Are you
| non-white? Are you a woman? If you can't answer "yes" to
| any of those questions, then why are you having an
| opinion on these matters?
|
| Ultimately, yes, we agree that a product or service
| should just be a product or service, and that bigots
| should stop with the bigotry, but using their product or
| service to fund bigotry should be inexcusable.
| rav3ndust wrote:
| > If I can help it, I don't buy the products or services
| from which the proceeds go into supporting outright hate
| groups.
|
| Unless I've missed a post somewhere, I have not heard
| that anyone inside of Brave shares Mr. Eich's
| religious/political beliefs. Maybe some of them do - and
| that is their right in the United States to practice the
| beliefs they choose, so long as they are not doing
| something illegal. While I disagree with Mr. Eich's
| stance on homosexuality, it is his American right to hold
| that opinion, and my right to have my own.
|
| > Christian Henson made transphobic/ableist remarks on
| Twitter, now I won't be buying any Spitfire Audio
| products. Sure, they're great, yes, there's a team of
| people behind them, but so what? There's plenty of other
| great options out there, why would I want to indirectly
| fund hatred?
|
| Your right to do so. But again, you're lambasting _an
| entire company_ when public remarks have only been made
| by one person. An aside, Brave is free and open-source
| software, unlike Chrome. I 'm sure some people at Google
| also have opinions I disagree with (in fact, I know they
| do when it comes to how some of their internals are
| handled). But their political stances? That belongs to
| the humans who form those opinions, not the software. And
| in the case of Brave, it is a great, FOSS web browser
| with sane defaults "out of the box", enabling me to use a
| browser I enjoy with good privacy defaults, why do I care
| about the political opinions of the "leadership?"
|
| _Every single company_ is going to have someone within
| their ranks whose opinions you surely disagree with.
| Might as well stop using technology.
|
| > Same goes for companies that fund racial hatred.
| Likewise for misogyny.
|
| Which companies are funding these things? I've yet to
| hear of it.
|
| > Are you gay? Are you trans? Are you autistic? Are you
| non-white? Are you a woman? If you can't answer "yes" to
| any of those questions, then why are you having an
| opinion on these matters?
|
| "No" to all of the above. But that doesn't matter - like
| everyone else, I'm allowed an opinion, regardless of my
| race/sexual orientation/mental state (when did any tech
| company insult autistic people?). You don't have to fall
| into one of these classes to have an opinion.
|
| > Ultimately, yes, we agree that a product or service
| should just be a product or service, and that bigots
| should stop with the bigotry, but using their product or
| service to fund bigotry should be inexcusable.
|
| You're free to do as you please. But, for me, Brave is a
| great piece of software that I barely have to configure
| out of the box, and it is one of the only browsers in
| existence that makes privacy the default. You'll excuse
| me if I value this fact over the fact that Mr. Eich has
| some opinions that I might disagree with.
| hammyhavoc wrote:
| Spitfire Audio. Ableist and transphobic remarks. The
| ableist remarks are regarding autism.
|
| Calling it a "mental state" isn't correct either, it is a
| neurodevelopmental condition.
|
| Whilst you don't think you need to answer "yes" to have
| an opinion, you degrade the signal-to-noise ratio with
| your words when there are the voices of others who need
| to be heard.
|
| If you don't have anything supportive or constructive to
| say, then it is the time to sit, listen, read and learn.
|
| Of course, the cishet white dude doesn't understand
| bigotry and the concept of fighting for the right to
| exist because you have never been marginalized.
| rav3ndust wrote:
| > Spitfire Audio. Ableist and transphobic remarks. The
| ableist remarks are regarding autism.
|
| Thanks for the clarification. I'll look into it.
|
| > Calling it a "mental state" isn't correct either, it is
| a neurodevelopmental condition.
|
| In other words, a 'mental illness.' Got it.
|
| > Whilst you don't think you need to answer "yes" to have
| an opinion, you degrade the signal-to-noise ratio with
| your words when there are the voices of others who need
| to be heard.
|
| I disagree. I don't believe you have to be one of the
| affected parties to be able to form an effective opinion.
| I'm capable of looking at the world around me and
| deducing my own conclusions - when it comes to
| homosexuality, it is particularly close to me, as I have
| a sister and a close friend who are both gay. Of course,
| neither of them base their software decisions around the
| opinions of those who hold some kind of leadership
| position for the software in question.
|
| > If you don't have anything supportive or constructive
| to say, then it is the time to sit, listen, read and
| learn.
|
| Thanks for the tip. I put myself in the shoes of those
| who might be more disenfranchised than me every day - I
| have a nice roster of friends and family from all walks
| of life - different races, sexual orientations, and
| gender identities. Doesn't change the point of the
| argument.
|
| > Of course, the cishet white dude doesn't understand
| bigotry and the concept of fighting for the right to
| exist because you have never been marginalized.
|
| You don't know a thing about me. How do you know how my
| life has unfolded? There are more marginalized classes in
| the world than just skin colour, sexual orientation, and
| gender identity.
| hammyhavoc wrote:
| Autism isn't a mental illness.
| https://www.youngminds.org.uk/young-person/mental-health-
| con....
|
| Your opinions need a lot more research and emotional
| intelligence.
|
| The "my friend" thing is so predictable. https://www.rese
| archgate.net/publication/280771596_I'm_Not_H...
|
| Go learn something.
| jacooper wrote:
| Which is totally irrelevant to the product, the company and the
| users experience.
|
| This gossip costed Mozilla its last chance to get back on its
| feet IMO.
| mmastrac wrote:
| It wasn't gossip. Brendan Eich did contribute to a homophobic
| cause and there was a paper record of such.
|
| While it's not my only reason for avoiding Brave (the weird,
| scammy-feeling tokens are another big part), I'd rather stick
| to my principals.
| theteapot wrote:
| No one cares.
| TGRush wrote:
| I expected many things to be critiqued here, but this certainly
| wasn't one of them
|
| Jeez.
| gunapologist99 wrote:
| Once FF started doing experiments on its userbase and started
| churning through their executive teams (and userbase!), I was
| already looking for an alternative. IMO, Brave has now definitely
| overtaken Firefox as the most privacy-focused browser.
|
| Releasing this list publicly on Github is an awesome move,
| especially given the links to the issues that explain the
| reasoning and discussion behind all of it. Kudos on this
| transparency.
| stopcensoring wrote:
| eternityforest wrote:
| These are why I don't use Brave.
|
| If they made them toggle-able options, or added a global privacy
| mode switch to get them back, it would be a great browser besides
| the cryptocurrency stuff.
|
| I left a year ago when the list of removed stuff started growing.
| js2 wrote:
| > The gclient utility (part of depot tools) will fetch the
| official Chromium source code. The tag that is fetched is
| _captured in our package.json_ (for example, 70.0.3538.35). All
| of the source code will be downloaded into the . /src/ folder
|
| The _captured in our package.json_ text links to
| https://github.com/brave/brave-browser/blob/master/package.j...
|
| But I think it's supposed to link to
| https://github.com/brave/brave-core/blob/master/package.json
| gnicholas wrote:
| Is there a way to use tree style tabs on Brave? I was using
| Sidewise (via sideloading since it's not in the Chrome Store
| anymore), but it seems to have been broken by a recent update.
| I'm about ready to jump ship because I need TST. I have otherwise
| liked using Brave though!
| spiffytech wrote:
| Chrome-based browsers have poor support for side tabs. There
| are some extensions that mimic it with an extra window, but
| it's not great.
|
| The Cluster Tab Manager extension has been good enough for me.
| I have to open it explicitly as a tab, but then I can easily
| see and manage all of my open tabs.
| sascha_sl wrote:
| > Chrome-based browsers have poor support for side tabs.
|
| Edge has the best side tabs, closely followed by Vivaldi.
| gnicholas wrote:
| How does Edge compare to Orion? Does it also have nested
| tabs? Vertical is good, but nested is what I need!
| mminer237 wrote:
| > Disable Scroll To Text Fragment
|
| Why would Brave disable this? In my opinion, this is one of the
| most useful additions to browsers in recent memory, and it's
| quite annoying to click a link expecting to go a specific section
| and just be put at the top of the page. I noticed this was broken
| in Brave, but I never would have imagined they intentionally
| broke the feature.
| psygn89 wrote:
| They should just make it an option to opt into.
| madamelic wrote:
| Same with letting you disable their built-in extensions.
|
| Seems pretty wild to me that a privacy browser is alright
| with having their own extensions run in browser without any
| way to disable them or even know they exist.
|
| "But the extensions are open-source so that means you can
| audit them!"
|
| Uh yeah... but maybe I just don't want them to run and put
| "Tip" links on everything. It doesn't matter whether they are
| secure or not, the user should get to choose what they run in
| their browser.
|
| Brave is great (in my opinion), but the more you look the
| more you realize how strongly opinionated it is about how
| people should use the web which is pretty antithetical to
| what Brave says they are trying to do.
| radicaldreamer wrote:
| You can disable them, but the options are hidden all over
| the place in Settings, some seemingly buried intentionally
| to make them hard to find -- using UI dark patterns.
| autoexec wrote:
| Can you actually disable them, or just disable what they
| do by finding and toggling some obscure option in the
| settings? There's a difference between changing how an
| extension running in the browser works and removing it so
| that it isn't running at all.
| Waterluvian wrote:
| This is probably the #1 feature that gives me the most personal
| conflict.
|
| I remember seeing it for the first time and thinking, "oh here
| we go. Google needed browsers to have a feature to make its
| search engine UX better..." But I also cannot deny just how
| useful it is.
| maven29 wrote:
| Does the internet have any discovery mechanisms except social
| media curation and search engines?
|
| If videos can be timestamped for links, why not webpages?
| Linking to automatic content-indexed excerpts shows respect
| for the time spent by recipient and saves markup effort for
| the author.
| Frost1x wrote:
| I mean you can arbitrarily type domain names with common
| TLDs in and see what happens. I hear the white house may
| not be a good start to roll the dice on. Yahoo, Altavista,
| and others used to have a curated index of quality
| websites. Links are inherently a discovery feature.
| Services like StumbleUpon used to exist but could arguably
| be seen as "social."
|
| The problem with "social media curation" as a qualifier
| could be interpreted as "a human is involved." Pretty much
| all forms of discovery, internet or not, requires either
| search or a human involved. Some services of course have
| broadcast mechanisms for curating an index but that's about
| the only exception I can think of for discovery that breaks
| away from these two qualifiers. To some degree, DNS is a
| broadcast system for discovery.
| derefr wrote:
| > I mean you can arbitrarily type domain names with
| common TLDs in and see what happens.
|
| I've always been curious whether any search engine tries
| to index the "disconnected web" by just war-dialing
| domains/IPs like this.
|
| > To some degree, DNS is a broadcast system for
| discovery.
|
| Sadly, there's no real way to build a "DNS spider." You
| could if you could send DNS AXFR queries for arbitrary
| zones; but DNS servers mostly don't respond to these
| without authentication.
| maven29 wrote:
| In the absence of a universal recommender system that
| acts on clustering effects, social networks and link
| aggregators like HN can really be the next best thing.
|
| It looks like at one point, mozilla attempted to solve
| this with their context graph project as well as their
| acquisition of pocket. However, it does look like it has
| all the hallmarks of a technological solution to a
| societal problem. Solving the adverserial aspects as well
| as ethical concerns would require nothing short of a
| rethinking of how we use the web.
|
| https://medium.com/firefox-context-graph/context-graph-
| its-t...
|
| https://wiki.mozilla.org/Context_Graph
| teej wrote:
| Is it time to bring back web rings?
| Waterluvian wrote:
| God I wish. I'm not sure they're actually a good idea or
| not but I miss classic web.
| darepublic wrote:
| Scroll to text? How about in page anchors.
| karaterobot wrote:
| They're kinda damned if they do, damned if they don't. If they
| left it in, (some) people would condemn them for not taking
| privacy seriously. Since they took it out, (some) people
| condemn them for taking this theoretical privacy risk too
| seriously.
| dannyobrien wrote:
| There were some privacy concerns, regarding leaking of user
| information: https://github.com/WICG/scroll-to-text-
| fragment/issues/76
| TheLoafOfBread wrote:
| That was reason why I switched to Brave. I hated that feature
| with passion on Chrome.
| Aachen wrote:
| But _why_ did you want it removed / dislike it
| TheLoafOfBread wrote:
| Because I don't want to suddenly move on some place on a
| page. I want to start on top of the page regardless what
| Google believes is best for me. And what pissed me off was
| that Google decided that this feature is mandatory and I
| can't disable it.
| yunohn wrote:
| You seem to have misunderstood the feature. Google
| doesn't decide anything - the person sharing the text
| with you, or the search result referencing that text, is
| what uses the feature to guide you to the right location.
|
| Sometimes I wonder if people enjoy being blindly knee
| jerk reactionary.
| TheLoafOfBread wrote:
| No I did not misunderstand the feature, it was Google who
| pushed it on me. In Google, in its search engine. And I
| was not able to disable it. Sorry that I don't like to be
| told what I want to see.
| shepherdjerred wrote:
| This is absurd. Do you also wish to disable anchor tag
| navigation?
| TheLoafOfBread wrote:
| What about just keeping existing flags in Chrome [0]
| which used to be there? Is it too much to ask? I don't
| want to use Google search + Chrome so I can get scrolled
| into middle of a page without any context with random
| highlighted text, because Google search believes this is
| what I want to see.
|
| Thankfully switching to Brave solved my issue and this
| stupid feature is disabled.
|
| [0] https://perishablepress.com/disable-chrome-
| scrolltotextfragm...
| yunohn wrote:
| Why do you even use a search engine? Might as well just
| type random domains into your address bar and hope you
| chance upon what you were looking for.
| TheLoafOfBread wrote:
| Bing does not force me to scroll on text. DuckDuckGo does
| not force me to scroll on text. Yandex does not force me
| to scroll on text....
|
| Only Google Search does that. What a knee jerk
| response...
| spicybright wrote:
| Maybe because you can put identifying data in the URL, I guess?
|
| Not that you can't do that with a anchor, param, or an endpoint
| that can take arbitrary numbers/strings.
|
| I'd love to know the explanation too.
| kevincox wrote:
| IIUC the main risk is that they can check if text appears on
| a page based on it.
|
| In an extreme case imagine that someone sends you a password
| in a messaging app which is available via the web. If an
| attacker can trick you to open webpages (maybe they intercept
| a HTTP site and open a few tabs) they can detect if the page
| scrolled based on side channels (data transfer) or direct
| information (did you load a lazy-loaded image from their
| server?). You can use this to learn page content. This is
| vaguely similar to https://en.wikipedia.org/wiki/CRIME.
|
| As a concrete example imagine that a webpage has something
| like this past the first page. <p>Your
| password is 56acc1bc03298ec0</p> <img loading=lazy
| src=https://cdn.example/secure.png>
|
| If I can trick you to load #:~:text=Your password is 5 and
| observe that you looked up the DNS for cdn.example and loaded
| secure.png (especially if that resource isn't cachable) I
| have learned the first character of the password.
|
| If I do this 64 times (on average) I have learned the whole
| password.
|
| This is a little hard to do, especially with pop-up blockers
| being built into most browsers so it is hard for a site to
| open many top-level windows (origin isolation of modern
| browsers will likely block this in iframes) it is not too
| extreme of a case.
|
| Of course there are simpler attacks. Maybe someone can link
| to https://www.youtube.com/feed/history#:~:text=Voice+Feminiz
| at... and they can tell if you have watched this video based
| on how many thumbnails have loaded. You load too many
| thumbnails and you get thrown in jail for being trans.
| chrismarlow9 wrote:
| Fair warning that I have not actually attempted these things,
| but:
|
| 1. I think you could potentially embed an iframe on a page
| and use the scroll positions combined with this feature to
| read information on a page. Start with "a", check scroll
| position, then "ab", then "abc". Similar to a blind sql
| attack where you gather data/hashes by continuously adding to
| the SELECT query using a substring function and a sleep (to
| detect if the substring was found). You brute force character
| by character. I believe this is commonly called an "Oracle
| attack"
|
| 2. XSS/Phishing/Spam. You add a png with a "Your account has
| been compromised" or a "fake form" (think Google docs) or
| whatever your spam message is to a part of a page. You send
| an email with this special url that will cause it to jump
| directly to that location on load.
|
| Just some theories. I'm pretty sure the first one would
| qualify for some sort of bounty, but my experience is most
| bug bounty programs wouldn't count the second one as valid
| (requires user interaction).
| NikolaNovak wrote:
| I'm _extremely_ ignorant in ways of Web and HTML. But this
| sounds like the Anchor functionality of 25 years ago?
|
| Edit: this thing
|
| https://www.w3docs.com/snippets/html/how-to-create-an-anchor...
| autoexec wrote:
| You're right, it does much the same thing, but this works on
| external sites so a webmaster doesn't need to create a bunch
| of anchors to specific information on a page. Instead you can
| link to any site and force the browser to highlight/jump to
| an arbitrary location on that external site.
|
| It's the kind of thing I'd disable because of the privacy
| leaks it makes possible (Ctrl-F on the new page works just as
| well and keeps the user in control), but I can see how some
| people might like the extra convenience (when it's not being
| used maliciously to collect sensitive information from
| otherwise secure websites).
| code_duck wrote:
| It is similar, except it doesn't require anything special in
| the HTML. It scrolls to an occurrence of the specified
| sequence of text.
| Zamicol wrote:
| As it stands today, the spec has issues when considering other
| pre-existing options and future compatibility. For example,
| there is no way to get the URL if the protocol is `file://`.
|
| For a real world example: https://github.com/mozilla/standards-
| positions/issues/194#is...
|
| See the stack overflow issue:
| https://stackoverflow.com/questions/67039633/get-the-text-fr...
|
| (See also the currently "conflicting" library for URL fragment
| queries: https://github.com/Cyphrme/URLFormJS)
|
| I think it can be easily fixed, using solutions like a
| delimiter, but that discussion probably needs to be apart of a
| wider discussion concerning URL extensibility.
| [deleted]
| bburky wrote:
| https://xsleaks.dev/docs/attacks/experiments/scroll-to-text-...
| may be a better description about the security impact, and has
| more context about this and similar cross site leaks possible
| with browsers.
| googlryas wrote:
| I don't really get it. It seems like one of those theoretical
| potential privacy violations, but seems more like an academic
| exercise than anything exploitable.
|
| I guess the idea is, someone can derive data about what you
| clicked based on some side channel (DNS queries? wifi activity?
| power draw?).
| darepublic wrote:
| I am guessing a timing attack
| TechBro8615 wrote:
| It does seem mostly theoretical, but it also seems like a
| natural feature for a privacy-focused browser to exclude. Web
| browsers have a long history of "mostly theoretical" becoming
| "effectively practical," like when some new unrelated change
| invalidates an assumption underpinning the privacy guarantees
| of the original feature.
|
| In terms of this vector, I could imagine it leading to
| history enumeration when combined with CSS, similar to the
| classic "check the color of the link." Or maybe some
| fingerprinting scripts could send signals to server-side
| traffic analysis heuristics by preloading a specific script
| based on which region of the screen is visible within the
| first second of loading the page.
|
| That's all speculation of course, but clearly the feature
| increases privacy attack surface, by giving an external
| observer more paths for potentially reducing your possible
| anonymity sets.
| Phelinofist wrote:
| Came to ask the same question
| FatalLogic wrote:
| >Came to ask the same question
|
| It IS an interesting question. But you should simply upvote
| it, if you have nothing at all to add.
___________________________________________________________________
(page generated 2022-09-06 23:01 UTC)