I don’t know anyone that works at Meta, so I’m hoping that someone here could answer this for me-
What makes employees there feel good (or at least okay) about doing stuff like this? You're spying on people, no? Surveilling ordinary people, not enemy combatants or foreign militaries? Perhaps a friend of a friend or even a family member? This kind of thing is so creepy and disturbing to me, not that it’s anything new…
The sad reality is that this behavior gets normalized in the name of making money.
For employees it gets normalized at the first signal that your livelihood might be affected if you don't comply.
As someone who's privacy conscious, it's an uphill battle to convince co-workers to actually follow laws instead of trying to find loopholes.
I've worked at places who collect every possible data point and distributes it willy nilly in Excel spreadsheets posted in Slack. I raised it to a CISO and the response was "all that information is available for everyone anyway via the interface". I know a German company requires you to "accept" data collection and processing in order to settle a debt. I reported this to their legal department which I personally knew a person and they said they'd "look into it ASAP" two years ago.
In the end people just roll along with it. I know this is unpopular, but the only forward I see way to prevent this from happening seems to be using courts and tightened legislation.
Meta or not, people don't like being fired or being threatened to. Period. They like the comfy job.
But don't ask me why. I'm a troublemaker. I bring up this stuff, I talk to CEOs, I refuse to do stuff that breaks the GDPR or other laws, I got people to scream at me for being stubborn. Other people aren't like that.
If someone talked to me this way in the real world it would be the last time I would ever interact with them. It’s a Redditism used to express incredulity that the parent commenter could be so stupid as to have posted what they posted. It adds nothing to the conversation and doesn’t belong here.
You're reading a lot into two words there. And someone probably has said "um, what?" to you in the real world; but you wouldn't notice because it is a common pattern of speech.
The internet will be a remarkably combative place if that is the standard you set for when someone calls you stupid - it'd be a lot better to only read that into a statement if it actually gets explicitly said.
Generally employees put the responsibility on management. As everyone has a higher up they answer to, no one feels personally responsible. From the top down, the concerns of how things are actually implemented are often too abstract. Combine these dynamics with institutional echochambers and group-think.
Employees just want to make it to the weekend. Execs want to hit their targets. Sales dept. needs their bonuses. The board wants to pump valuations.
Yes. Was my same first thought. Same thing that happened in Germany:
"The banality of evil" how Hannah Arendt described Adolf Eichmann's excuse that he didn't bare any responsibility since he was just doing his job...
Not Meta but I once got yelled at not by a real manager, but by a PM because I said I wouldn't let the team do something shady without legal signing off. I'm in Europe so it was GDPR related.
The PM tried shopping the task to other teams, but nobody took the bait after I raised it publicly, and both legal and the external law firm sided with me after about three months of delay.
In the meantime I raised the topic of yelling with HR but every step of the way the company made me feel like I was the one in the wrong for not complying.
I believe if I were meeker I would probably have complied right there.
Money, it's just business. I think every big corp is morally bankrupt (otherwise they wouldn't be big). There are some exceptions, of course, if a company found a sustainable way to monetize their output.
This is basically it. There are a dozen ways to become huge, and they all are essnetially anti-humanity.
There's an expression: normalization of deviance.
This is where we are now. People idolize others because of their wealth, and that wealth is always gained by means which are ultimately harmful to the greater population. Even the wealthy philanthropistMS which will remain unnamed acquired their greatness by cheating and stealing. But as long as you make a great show and give it all away eventually (while living lavishly the entire time), you look good.
As a 90s teen growing up with Grunge and in a DYI punk scene, I remember my youth being a lot about authenticity, and it felt weird reading about how the 80s were all about money and fame and how selling out was ok.
To me that sounded absolutely absurd and a freaking caricature, something out of "American Psycho".
Today I was just discussing with a friend how we're perhaps even more materialistic and cut-throat...
A fear of mine is that we are speedrunning Cyberpunk 2077. And that’s not something to expire to. It’s a bleak no-hope hell.
Hope is about finding and using that moral compass. To change worse outcomes to better outcomes for everyone. The “I’ll take mine” or “My group needs to win” attitude is poison to yourself and to the world, and if you don’t see that your conscience is blind or broken.
This is nothing new, in numerous books on moral philosophy and people who have been in these situations have spoken out on it.
As an old-school leftist that feels politically orphaned, I feel like there's a huge group that is hating all the current bullshit. Even terminally online people.
I don't see a way out, though. I just hope we can leave a planet for the animals.
EDIT: On the other hand: the internet is already a dystopia if you look closely. Maybe it will prove to be a fad and people will go back to their lives. One can hope!
> There are a dozen ways to become huge, and they all are essnetially anti-humanity.
Offering customers lower prices is a way to gain more customers. Software allows for automation and efficiencies of scale. The end result will be a few big organizations that win, without cheating or stealing. (Although, there most likely is cheating or stealing due to other factors).
But I would not classify the success of most larger modern businesses solely due to cheating or stealing. It was simply being at the right place at the right time and executing correctly to take advantage of developing technologies to take advantage of economies of scale.
In this specific case, I know my family and friends benefit greatly from the “free” instant communication and file transfer capabilities that Meta offers (WhatsApp). There obviously might be costs, but international communications have been made far, far cheaper and higher quality due to WhatsApp.
Its way less bad than some investors ie on Wall street or arms/military business, by huge margin. Folks scamming old people out of money or encrypting their HDDs for ransom should be shot in sight. But - this topic affects billions very directly, and its not about the effect now, but helping general direction which is outright evil by any moral standards.
I can pull out usual godwin's law plug but I guess we all know what would be there. People like to feel great about themselves, its subconscious. And if slightly tilting reality in their favor can achieve that then what's the problem, right. Again, this is not a conscious decision so most don't even notice that, and who would complain about feeling better about themselves.
Old enough, when you want to see such things like these biases in people around you, its very easy once you start looking for them. I guess we really are all heroes of our own stories (but what I mention is far from uniformly distributed, some folks are really stellar human beings and some opposite)
Buy they very actively push and lobby to end those peaceful times, ie second Iraq invasion for completely made up reasons, or stay in Afghanistan way beyond anything reasonable, when it was clear there is no winning possible.
Big companies are paperclip maximizers, for money instead of paperclips. It’s strange how many people can see the danger of a hypothetical nonhuman intelligence with a goal of making as many paperclips as possible, but not the danger of actual nonhuman intelligences with the goal of making as much money as possible.
In theory optimizing for money long term should align everyone's interests. The problem is that (for a number of reasons) public executives have far more incentive to be short sighted.
I know it's not so hip here but the answer is money. You go to work for money. It's not to socialize, not for personal growth, and not for charity. If I want those things I have hobbies (including hobby programming.)
There are many industries which are inherently hostile to users, insurance, betting, marketing, etc. If you ask people if they feel good about enabling the kind of things these companies tend to do, you probably won't get an answer. I don't think Meta is an outlier here nor are they the only one. Even across other industries you will find many questionable practices in usual operations. If pushing the boundaries of ethics gives a business an advantage, you can guarantee that someone will be doing it, and eventually most will be doing it. It's simply the natural tendency of any system with competing entities. The question we should rather be asking is, how do we tweak the system. What can be done to disincentivize pushing the boundary like this?
Finding a company less bad for the world than Meta isn't very hard. They pay really well to compensate, so people will rationalise working there of course, but "everyone does it" is just a way to dodge responsibility for your own choices
If you value money over other people, it's a great place to work though
In principle, I think most people believe their morals would prevent them from working at a company like Meta.
On the flip side, how much are morals worth if you have the opportunity to be financially free?
There's also the opportunity to work on interesting problems.
Anecdotally, of course, I know a Meta engineer at the L7 level (generally staff engineer in these large tech companies). He makes over seven figures a year, 75% of that being from stocks. The money is there.
I am not even sure most people could articulate their morals. It's not just about never having heard about things as moral absolutism or consequentialism. Similar to how atrophied people's understanding of sympathy and empathy is as well.
Are the people working on the interesting problems doing most of the spying?
I'm sure there's overlap like people working on AR scraping images of people's homes to build better models but they also do a ton of research where they use open datasets.
I'm curious what this distribution is.
I'm also curious what the answer is for just average programmers. Meta has like 70k employees. Surely a lot of them aren't doing interesting stuff
> What makes employees there feel good (or at least okay) about doing stuff like this?
I got this exact thought IMMEDIATLY (yet again) and posted on it here as well, putting my two cents in.
This is totally unacceptable for a software engineer to implement features like this simply because their company told them to, doing what the company tells them to makes them money, so they do it.
No apparent thought into whether they are creating is harmful, or caring about it.
I've given up on any anger directed towards the company itself. They will make money any way they can. Now, the engineers who actually implement it bothers me, because it is clearly not something that should be built.
To me, I don't care how much I'm being paid or how bad it would be to lose my job at that time.
I would resign before working on features like this and deal with the consequences.
History suggests there is no shortage of people who will throw all semblance of morality away as long as they are surrounded by people who they believe have done the same. I almost think the people who are not willing to cave in this way are the rare ones.
I've heard people justify working there (often to themselves) by saying things like, "If I don't do it, someone else will. So, I may as well do it and make virtuous use of the money."
I think some people also tell themselves that they'll be agents of change and fix things from within but that almost always winds up being another self delusion at worst and impossibility at best. There was a certain amount of this on display in Careless People.
Nobody is stopping you from making whatever you want and putting it out there in the world. If you believe strongly in a different order of things, go for it!
It should be noted that no ethically -trained software engineer would ever consent to write a DestroyBaghdad procedure. Basic professional ethics would instead require him to write a DestroyCity procedure, to which Baghdad could be given as a parameter.
+1 for “money”. how many years until AI makes everyone’s job obsolete? do you really think countries like the US have their citizens’ best interests in mind? i’m guessing Forced Meaningless Labor (like the cartoon prisoners hammering rocks) is more probable than Universal Basic Income.
> What makes employees there feel good (or at least okay) about doing stuff like this?
Would someone explain in plain language what is wrong with an app listening on a port for messages from the browser? It seems like a helpful asynchronous method to maintain state between browser and app.
Same thing at Google or Apple. Google has everyone’s email
and browsing history, Apple has the complete copy of everyone’s iMessage and SMS history (in the non-e2ee iCloud backups, readable by Apple).
Anything these companies know, the FBI and CIA can know, without a warrant thanks to FAA702 (did we all forget about PRISM?).
The state now has leverage over almost every normal citizen, thanks to what these companies have built.
Optimization with the objectives we have today, and more generally financialism are all about splitting up end-to-end tasks into pieces and removing redundant common work. This is obviously good...upto a point. It gets bad because morals and a bunch of other stuff also gets split up.
Like someone mentioned below, it's unrealistic to expect people to think about second or third or nth order effects of their job. Heck, those effects are not even visible in 90% of cases.
To answer your question, the engineer at meta is just building a graph database. It takes a `void* node_data` as argument. Another is just building a kafka-clickhouse data pipeline that can transfer so many millions of `void* message`s a minute. The android engineer is just improving the percentage of requests without location data by using wifi ssids as fallback. The CEO just sees "advertising revenue WoW" in his dashboard. And so on. That it is actually being used for spying is many steps away from each of them -- OK, in the case of meta I'm sure the employees know to an extent. But it's still very different from the feeling they would get if they were doing the end-to-end task themselves.
It's the same thing with other questionable products. It's split up sufficiently across the supply chain that no one is actually aware enough of the task end-to-end.
In some cases, the same participant in the supply chain will be a supplier for something really good and necessary..but they will also be a supplier for something despicable. In this case, it is easy for everyone involved to sweep the latter under the rug.
As far as I have thought about it, there is no way to get rid of this larger problem without also losing the (unfathomably massive) benefits.
Getting privacy advice from an adtech funded outlet sounds like reading democracy advice from the Chinese ruling party or vegetarianism advice from lions to be honest.
It might be correct-and-incomplete but they just have no credibility on the topic.
You’re not wrong, but there was a time many of olds remember when editorial content and commercial concerns were firewalled. It used to be outrageous, and usually wrong, to suggest an editorial position was contingent upon a business benefit for the media outlet.
They're more tightly bound than that. They're dependent on Google Display Ads. Which really makes their whole diatribe that much more pathetic.
Any media company that decided to traffic the ads themselves, from their own servers, and inline with their own content, would effectively be immune from ad blocking.
> Ditching these deeply invasive products remains a good idea
While still allowing random third party javascript to run unchecked on a parent website.
> While still allowing random third party javascript to run unchecked on a parent website.
Lol, why are you commenting as if somehow allowing it to run negates the other good ideas in some way? Obviously some is better than none, and all is better than some, but each step takes more effort.
It’s odd that orgs like NYT don’t run their own ad services. I’m sure they have a dedicated department for ad sales for physical copies. They’re large enough that companies would work directly with them. And they would have at least some editorial control on what is displayed on their site.
I've worked for a few companies that had ad placements. I wasn't too deep into that side of things, and it was a long time ago, but as I recall, at reddit there was an in house ad auction platform. If there wasn't any ads sold for the period, we'd either show in house ads (think the old reddit merch store, pics of animals, a pic of one of the reddit staff with a paper tube on his forehead to resemble a narwhal, etc) or ads from a network like AdSense. Once upon a time this actually caused issues because there was malware being served from one of those and networks
Hosting the ads on the same server as the content is done in some cases, but doesn’t result in any immunity. If the ads are sufficiently annoying, it only leads to a merry little game with the adblocker annoyance list community, where they figure out new regexen to block the content, deploying daily. Bypass the blocks too effectively, and the adblocker will accidentally start blocking website content. Users will assume the website itself is broken, and visit less.
Self-hosting ads is not really a winning game unless your ads are non-animated, non-modal static text and images.
But I am glad they are pushing people toward other browsers because that is the biggest step. Once you have taken that step, installing the most popular extensions is trivial.
Does the ad blocker prevent leaks of your information?
I know it blocks a use of your information against you (targeted ads). And any external source is a potential leak (e.g. the kinds of things that CORS is supposed to reduce).
But does an ad blocker specifically leak more, or just reduce the incentive to collect that information?
A full-featured ad blocker (uBlock Origin original, not the neutered Lite version that runs on Chrome now) will intercept requests at the network level and prevent your browser from requesting the advertisers' JavaScript code. Your browser not only won't show the ads, it won't run the code that was supposed to show them or even send a request to the advertisers' servers.
This blocks most existing tracking methods. The only thing you're not protected from is first-party tracking by the site you're actually visiting, which is impossible to fully protect against.
>prevent your browser from requesting the advertisers' JavaScript code. Your browser not only won't show the ads, it won't run the code that was supposed to show them or even send a request to the advertisers' servers.
Incidentally, just blocking JavaScript with NoScript kills quite a lot of ads (obviously, not first-party ones if you've white-listed their JavaScript for site functionality; but I try to avoid that when there isn't real demonstrated value) without any need for an explicit ad blocker.
NoScript is indeed very effective at blocking tracking, but it also breaks a lot of websites.
If that is an acceptable compromise, you could also try ditching the Internet altogether, as that not only blocks all online tracking, it also blocks a lot of fraud, misinformation and all kinds of harmful content.
Except for non-negotiables (eg: bill paying, government websites, etc.) a website that fully breaks when blocking js is just a worthless site which is not worth my time.
Anubis (https://anubis.techaro.lol) requires Javascript and is required to view some otherwise static websites now because AI scrapers are ruining the internet for small websites.
That’s always my problem with NoScript being suggested. For some people who consume stuff off RSS feeds or static sites and Wikipedia that probably works. But for literally anything more than that you can’t do that.
> NoScript is indeed very effective at blocking tracking, but it also breaks a lot of websites.
Sure, images may no be present without JS lazy-loading them. Accidentaly, NoScript also fixes a lot of websites. Publishers are often paywalling posts via JS and initial HTML is served with full articles.
1st-party would likely be prevented by disabling cookies? Obviously they could fingerprint every visitor on every request, but most just set an ID cookie and check it on subsequent pages I think, since that's good enough for tracking most people (who aren't actively trying not to be tracked). Of course, that breaks things that need a session (like a cart), but depending on what you want from a site, it could be fine.
Those things help, yes. I say that it's impossible to fully block first party tracking because you must interact with the server in order to accomplish anything and those interactions can be tracked. But a third party can be cut entirely out of the loop.
they don't load up the ads at all so they can't know your information in the first place at least from the ads themselves. if the website is sharing information directly there's nothing you can do outside of some kind of vpn and never logging on to any services.
I think there was a Defcon where they showed that some ad networks let the advertiser themselves provide the image/video. By targeting only people who first visited a given website, they know who you are. And by adding selectors on the ad, they extract your characteristics, including location.
It looks very stretched, but the real magic happens when this data is sold in bulk. It allows recouping who is where. Your target person may or may not be in each dataset, their location isn’t known like clockwork, but that allows determining where they work, where they sleep and who they’re with. One ad is useless as a datapoint, but recouping shows reliable patterns. And remember most people on iPhone still don’t have an adblocker.
That may not be viable for many non-technical users, which is their audience. On HN, it would be an error to omit ad blockers; the Washington Post has a different audience. I expect that most would find installing and learning a new browser to be too much effort and too hard to understand.
I would bet money that the techie they asked to put the list together included "use an adblocker." And then the higher-up who approves articles like this said "shit! wait... no, no, no, delete that one!!" These corporations are deeply deceptive.
MSN used to be this special variation of Internet Explorer on Windows during the early era of the internet. My grandmother used it and the rebranded browser was packaged with other software products (if I recall correctly, I could be conflating it with preinstalled trash back in the day). It had a different color theme and allowed you to log into your hotmail account. I think at one point it became an IE addon.
I remember it revolved around giving you the news and maybe even loading hotmail with a special ui button. I have a foggy memory of it, but this MSN forum thread confirms the MSN Explorer existed[0].
You could even build a personal home page of sorts with the weather.
Any ways it had a following of people who got their news and it still exists in some form today. I know the website msn.com always catered to news stories, but I don’t know if they were always reposted if they once had writers. I think it’s always been some sort of data harvesting/media credibility facade news-focused branch of Microsoft.
Well the truth is Microsoft branding is totally incoherent, and MSN has been anything and everything MS thought they could put their name on. Like there is a cable network called MSNBC which now has nothing to do with either MS or NBC.
Originally, like Bill Gates wrote about it in a book completely ignoring web browsers, MSN was a proprietary Windows client like AOL. Later on it became a 'web portal' like Yahoo. Then a 'content' site. At one point, it was even a social media site. Somehow, when my parents got cable internet, they were funneled into a @MSN.com account. It had this fake "dialer" which pretended it was "connecting", even though the internet was always on.
For many years since, MSN has just been the tabloid news to remind you that Microsoft shit is low class.
What about the other app ? Now that this trick is known, either it’s completely fixed, including in system webview, or all the other usual spyware ,that the play store is full of, are going to use it to track their user.
Google still hasn’t fixed the issue of app being able to list all other installed app on your phone without requiring permission despite having been reported months ago. They didn’t even provide an answer.
I believe Google isn’t interested in Android user privacy in any way, even when it’s to their own benefit.
At this point either use iPhone, grapheneos or no phone at all.
If any software engineers out there are working on things like this I can only pray they STOP and think about why what they are doing. Implementing features by having to jump through hoops, just so that their employer can better spy on people and make more money.
That is so wrong, on so many levels ... I personally couldn't do it.
I hate this even more than NSO Group's Pegasys, which could easily get people killed. I'm ok with my reasoning, and I really hate that one as well.
Here, with Meta and Yandex, you see what you always see.
As soon as people catch on, they immediately remove it. But they will keep using it until that day comes.
For money, while trying to hide it from the users they are spying on.
It's greedy and evil and whoever in these companies think up these ideas should be let go. Immediately, in a perfect world.
Instead they'll just try another approach.
While everyone else has to clean up this latest one.
"Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse."
I believe it is good form to keep work and personal machines completely separate, including phones. If you ever have to hand over your devices for discovery in a law suit I think you will come to the same conclusion.
I very much agree. Retired now but I used to have a separate phone for each major client for HIPAA compliance but it's good advice everywhere (and $50 year-old android phones and $15/month Tracfone accounts aren't just for criminals!)
The question may need a little more context - it's easy to avoid by simply uninstalling it. If you're actually asking how to minimize its presence, consider using an app like Island which isolates the apps into a separate profile which can't see anything in your main profile.
Remove lock-ins that forces people to use a specific chat app. Move private communication away from "platforms" to interoperable protocols. That is the only way for us to regain control over our own private communications.
Zen Browser (FF) on Win and Firefox on iOS (for sync) works well for me. Edge for all M365 related stuff. Still use Chrome for web dev. Not sure what to move on in that regard...
I'm a relatively new web dev and I've been quite happy with Firefox's Web Dev tools. What does Chrome's dev tools give someone that Firefox's doesn't? I can edit css on the fly, see where a css rule is being overwritten, debug javascript, etc.
I use FF but Chrome's dev tools have a lot more going for it including memory profiling and performance tools. On the other hand, Chrome's network panel is awful and it's a chore to see the domains and full URLs involved.
> Know, too, that even if you don't have Meta apps on your phone, and even if you don't use Facebook or Instagram at all, Meta might still harvest information on your activity across the web.
A bit wishy washy. They are still tracking you, just not as effectively as before.
""
Millions of websites contain a string of computer code from Meta that compiles your web activity. It might capture the income you report to the government, your application for a student loan and your online shopping.
""
If I read that correctly then they are capturing all https web content you
access in clear text and uploads it all to Meta? Then Meta
I thought the exploit was used to track where you visited,
not the full data of each webpage.
It does sound fantastical. A piece of code that can violate the same origin policy would be a huge vulnerability. Meta could be working with other sites to share data on users via code running on both sites, but snooping on tax data without the IRS helping? Unlikely.
I can only assume they're suggesting that companies like Intuit and H&R Block are sharing this data with Meta, but that seems like a huge violation of privacy and with tax data it might even be illegal.
Basically, they created a channel between the browser and a localhost webserver running in their native apps, by abusing the ability to set arbitrary metadata on WebRTC connections. That way, they were able to exfiltrate tracking cookies out of the browser's sandbox to the native app, where they could be associated with your logged-in user identity.
I've noticed that recent Chrome version does not allow me to download the pdf I'm viewing. I had to open it in Firefox. The Chrome browser only allowed me to save it to drive (cloud)
You can absolutely download PDFs on the all Chrome versions including the most recent. You need to do is set chrome to download them instead of open them.
I am a developer but have to deal with questions on this regularly from people's at my company due to the IT department being small.
I mean once you get into a pdf. Sometimes web page opens it instead of allowing download. The built-in pdf browser of chrome has no option to save it locally on android phone. I have not been not precise in explaining, because I find Google and Android constantly reducing my ownership of my own phone and that's another brick in the wall here
I have the opposite problem: I want to simply render the pdfs so I can, you know, read them. not download them like they are data to be fed into another app.
Never used Chrome, and don't use Meta apps... and when I did, I did not give them any real information.
I'm disgusted by the number of people giving real personal information to these assholes. "Open"AI insisted that you give them a real, functioning phone number to use ChatGPT. No goddamned way.
WaPo’s reputation so tarnished they have other outlets reporting for them? I don’t understand why a slashdot article has WaPo in the headline. Are they some authority on privacy?
If we truly lived in a democracy which 'obeyed' the overwhelming will of the people, there would be laws with 'horrific' penalties for any effort to track devices or people online.
For most people in the west, using yandex and chinese alternatives would be better than local ones, because neither china nor russia has any auhority over you, while your local agencies do.
Maybe even a "start using Internet Explorer again" movement ;-)
For all the hate it got, IE was nowhere near as privacy-invasive as any of the "modern" browsers now, even Firefox. If you configured it to open with a blank page, it would quietly do so and make zero unsolicited network requests.
The future of Google as Chrome’s owner is genuinely in question now due to Google’s antitrust losses, in case you weren’t aware.
There’s a few different cases, one recent one Google has lost and is now in the “remedy” phase. Meaning the court has officially decided Google did bad, and is now considering what to make Google do about it. And splitting up Google into separate Chrome, search, etc companies is completely on the table.
No, that was Firefox. Chrome's spread was fueled by literal malware or spyware bundling it to get some of Google's sweet money and some of the most aggressive advertisement campaigns for any online product ever.
Was it Firefox? I remember Firefox existing at the time but I don't think it's ever really had dominant market share, perhaps when it was Netscape? I do remember the IE campaign went on quite a long time to where eventually Chrome showed up to the party and people shifted over as well as shifted their family and friends over. You don't see that kind of active effort for Firefox ever.
Yes, FF was revelatory (features and performance) and, relatively, very popular for a time. 31% was a massive share considering it was up against a browser that was the default for the vast majority of people using computers.
Mozilla have had so many chances to position themselves as the privacy-preserving alternative in current years but just can't get out of its own way in any sense (e.g. corporate greed or being hostile towards users). There's still dim hope for FF and some of its forks, like Librewolf, but hopefully forward thinking projects like Servo and Ladybird can fill the void.
It's sort of interesting that Brave was not affected by this because they already blocked the technique used by the Yandex app. I wonder if Brave devs were aware of that specific abuse, or if they just thought that localhost traffic was distasteful categorically.
That's one opinion from one columnist. Also, the full phase was "dirty war," by which they seem to mean one dominated by covert operations by intelligence services rather than conventional forces, on both sides.
Web browsers should become outmoded soon. It was fine for bootstrapping the web, but now to keep up a browser must emulate the operating system and more in a single app. This pressure is the centralizing factor in browser dominance. Ditch the features, drop the spy protocol (http), just get the files.
Turn what off? HTTP is how you receive the web page in the first place. It is not, in itself, causing data to be sent from your computer to others. That happens either because of a script on the page or because you request a web page (i.e. the browser sends headers).
I can't speak for the user who you are responding to, but an AI maxi might believe that an AI powered interface will take over all information retrieval.
Full time Firefox user. I run hundreds of tabs for days on end and need to restart it every week or so. Well worth it to not use Chrome. Need to open a site in Chrome about once a month
Firefox? Weird question. I haven't even installed Chrome in the past 7 years. Firefox is fast (but I obviously don't know if Chrome is faster) and it never crashes.
Chrome does feel faster to me; I remember someone here saying that was because of some kind of procedural loading shenanigans or something.
But the main hook for me is how websites look. I do a lot of reading on the browser, and fonts on Chrome always look better than on Firefox. I would switch to Firefox in a heartbeat if only things started looking the same on it.
I mean those aren't real controversies though, it's more like "we added a VPN feature and included the VPN, but have now removed it". A real controversy would be like Mozilla who was pushing for censorship and silencing "bad actors" in the years after the first Trump election.
"This includes bringing new users to Binance & other exchanges via opt-in trading widgets/other UX that preserves privacy prior to opt-in. It includes search revenue deals, as all major browsers do."
Seems pretty relevant to the current topic and not part of the VPN controversy.
I use Chrome for Google workspace, Firefox for ongoing personal logins, and Brave incognito for other browsing (restarting completely for a new session when changing gears).
Last week's discussion on a profile management tool offered several insights into how others a bit further down this path use their browsers of choice: https://news.ycombinator.com/item?id=44132752
Zen Browser works well for me. It's a Firefox fork but privacy-focused whereas Mozilla recently became an ad company and published hostile TOS changes. No issues I had when I was evaluating LibreWolf.
JavaScript Chrome developers did a good job of convincing people that Safari is the new IE.
I love Safari on macOS. I love the pinch/zoom with the tabs. I love that private browsing mode, at least seems to, keep things contained to the tab they started with. e.g. if I open facebook in a private tab then open new tab and go to facebook, it’s going to make me login.
Chrome’s developers didn’t have to say anything. Anyone who’s been trying to build on the latest web features (for me, particularly WebGL, WebRTC, WebGPU and IndexedDB) over the past decade has been bitten by Safari over and over again. They usually come around after being raked over the coals by the web dev community, but they’re still usually years behind.
When “Safari is the new IE” was first published, they absolutely were. They’ve gotten a bit better since then, but all the same it was hilarious to see people who used to rail against IE for flaunting web standards (cough John Gruber cough) suddenly start saying that web standards were a bogus racket once Apple decided to stop keeping up with them.
Safari is far from perfect, but I’m glad they don’t implement everything Chrome does. Many of the complaints come down to “Safari doesn’t even support RunBitcoinMinerInBackground.js. It sucks!”
And on the plus side, it’s vastly better at power efficiency, meaning I can use my laptop longer without being plugged in.
sure if you want to live a life stuck in the App Store and Play Store walled gardens... having a decent web browser is the way towards a truly open web
Safari is the new IE not because they refuse to implement questionable new web “standards”, but because
- It has all sorts of random quirks in their supposedly supported features;
- Mobile Safari has even more quirks;
- No other major browser introduces random serious bugs like Safari does (remember the IndexedDB one?);
- Version updates are tied to OS updates meaning it’s the only major browsers that’s not evergreen, and coupled with the previous points you have to carry workarounds for bugs forever, and of course can’t use new features;
- Extensions are 10x harder to develop and more than 10x more expensive to publish since they’re tied to Xcode, Apple Developer Program and MAS, because fuck you;
- Like another commenter said, it’s the only browser that crashes on me (random “this page has experienced a problem and reloaded” or something like that);
- PWA is another kind of hell in Safari but opinions are divided so whatever. At the very least it’s not conducive to an open web.
It’s a piece of hot garbage, like a lot of other Apple software these days. Sure, maybe it’s battery efficient or something. I don’t give a shit because I work plugged in.
Oh and developer tools in Safari are crap but who cares.
Developers don't convince anyone of anything! They just build stuff according to standards (which are inevitably set not by standards orgs, but by the most popular browsers), and then they expect all browsers to follow those standards and "just work".
When a browser like Safari fails to adhere to those standards, sites will break ... but you can't expect developers (of most sites; I'm not talking about the top 100 or anything) to test in every possible browser ... and then change their code to accommodate them. Certainly not in ones with single-digit percentages of market share, that require their own OS to test (like Safari).
If Apple wanted more web devs to support Safari they should port it to Linux and Windows. The web is supposed to be an open standard, you shouldn't need a devices and software from a specific manufacturer to develop for it (I say that posting from a Mac).
I continually try, but Safari is the only browser where I routinely experience crashes once or twice a month. There are also some random incompatibilities with certain websites (related to the CORS issue as mentioned in another comment) that force me back into another browser anyway.
I tend to use Safari on my mac, but I will say that it evaluates CORS slightly differently than other browsers so that sometimes I have to disable CORS protection to get a site to work that works fine in Chrome or Firefox, and it's the only browser I've used where I expect to have it crash hard with a SEGFAULT or something every once in a while.
Is it easier to build a browser for MacOS? Arc was Mac only for the longest time, until they released a crippled Windows version. DuckDuckGo browser started Mac only.
I'm pretty worried about the security of Brave and stopped using it. I'd like to be wrong. But years old patches missing in Chromium not ported over until recently makes me nervous (referring to a recently addressed long time websocket bug in Brave). What else is missing? It just seems to risky to use for me.
It's CREEPY to imagine the Internet is under a mandate to protect your privacy.
Don't be CREEPY.
The EU cookie fiasco is just that. All of a sudden, your every day experience was derailed extremely in a way that 'broke' HTML standards and sites at first in hundreds of ways. All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning. Ironically, they will remember your cookie settings if you 'sign up'. Meanwhile nothing became more secure or private. It was just a way for the EU to virtue signal out loud and be annoying. It throws the user into sitespace to navigate the site's own cookie settings. It's theater.
Meanwhile, advanced fingerprinting is, well uhm, advanced. If the EU cared about cookie privacy a better course of action would have been to see whether browsers were locked down with best anti-fingerprinting possible and local cookie dialogues... and certify the ones that were. Educate users, harass them one time.
> All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning.
How is this true? You don't need a cookie warning if you're not tracking or doing other nastiness. A cookie banner is not required for functions like user sessions or keeping track of a shopping art.
> All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning.
If the site never tracked the user, they wouldn't need to show the cookie banner in the first place.
The 'fiasco' is for your benefit. If you don't like the banners, get a blocker or don't visit sites that track you.
It's a pissy thing to add, but do you also get upset with places that have "This area is under video surveillance for your [cough] security"?
What makes employees there feel good (or at least okay) about doing stuff like this? You're spying on people, no? Surveilling ordinary people, not enemy combatants or foreign militaries? Perhaps a friend of a friend or even a family member? This kind of thing is so creepy and disturbing to me, not that it’s anything new…
reply