[GoLUG] If firefox really cared about security

Kyle Terrien kyle at terren.us
Sat Aug 30 03:36:07 EDT 2025 

On Fri, Aug 29, 2025 at 12:35:13PM -0500, Barry Fishman wrote:
> 
> Firefox went from almost 32% of the market in 2010 to 2.45% now.
> 
> https://gs.statcounter.com/browser-market-share#monthly-200901-202507
> 

Wow, it’s that low now.  🙁

> The loss seem very smooth starting about 2012.  Encrypted Media
> Extension (EME) support in Firefox started in 2015, and XML User
> Interface Language (XUL) was dropped in 2017 (according to Wikipedia).
> Its hard for me do see a significant change in Firefox use do to either
> of theses events.

Yikes, I stand corrected.  EME was 2015, not 2013.

2011-2012 was when personnel and attitudes at Mozilla started to
change drastically.  In 2018, someone who contributed significant time
and effort to the Mozilla codebase told me that about 50% percent of
people at Mozilla started in 2012 or after.

Interestingly, Firefox still uses XUL for the UI.  However, they no
longer let you extend it with overlays because “security”.
Thunderbird is the same way.  The entire application is XUL, but they
no longer let you install XUL overlays.

> Browsers that continue to use the XUL extensions like Waterfox, Pale
> Moon, Basilisk, and Conkeror, or webkit ones like Nyxt only have niche
> amounts of users.

Yes, and that’s because small indie players have trouble keeping up
with the ever-evolving web standards.

> I needed to sign a contract via the web recently that required the
> participants, split across the country, to use Chrome.  I ended up
> having to temporarily install Chrome on my laptop, and afterwards spend
> time erasing the changes it made in my user configuration.  Fortunately
> this wasn't as bad as in the past, where it hooked itself into my
> default media files.  Now Chrome asks (persistently) first.

Interesting.  Is it DocuSign who is now only supporting Chrome?

> Firefox made concessions which did not reverse their loss of users, but
> did keep them relevant in the browser user base.  As Chrome, and Google in
> general tend to make their user experience worse with more ads and junk,
> people might again start moving back to Firefox as it is.  I don't think
> they will move to a more user-centric browser that they couldn't run
> most streaming services.  Or maybe it is a lost cause.

It sounds great, because supposedly Firefox is the last hope.
However...

1) Firefox has made their user experience worse with the numerous
redesigns, all of which have been unpopular.

2) The rhetoric about “freedom” is merely rhetoric, as my previous
couple messages expound in excruciating detail.

3) Mozilla is owned by an ad company nowadays.  Also, they are about
to lose their funding from another large ad company (Google) if the
antitrust suit goes through.

It’s a matter of time before Firefox users and revertees figure out
that they had the carpet pulled out from under them.  My conclusion is
that Firefox is a lost cause, and there isn’t really a good contender
at the moment, especially one that has the user’s interests and
freedoms in mind.

Brave Browser has resisted well.  They have a working ad blocker
built-in and disable EME by default.  However, they are still reliant
on the Chromium code base.  Their efforts will only work for so long.

Ladybug has high hopes, but they can’t achieve full engine
independence if they want to support all the web standards.  Maybe a
future compromise is one free browser that supports a subset of modern
web standards and one Google-tainted “smart terminal” that supports
all modern web standards.

> > While everyone was distracted by the sleight-of-hand, the truly
> > nefarious parties silently took over web standards.  Now, we are
> > cooked because there is no organized resistance to the 1984-esque
> > totalitarian control that the nefarious parties are about to unleash
> > upon everyone.
> 
> This is drifting in to politics, but unfortunately much of Science and
> Tech has been politicalized.  This forces us to be confronted in the same
> way.

Yes, there is a political side of the issue.  The previous example of
EME is not value neutral.  Widespread adoption of EME swings the
pendulum in favor of the copyright holders and away from the public.

One of my personal opinions about the PC is that it is a tool, and
because it is your computer (i.e. you own the hardware as well as
whatever software you put on the hardware), just like any other tool
you own it should be an extension of your body and your will.
Anything that causes your computer to work against you is therefore
evil because it makes your personal computer someone else’s personal
computer.

Nowadays, we are in the shift back toward mainframe timesharing
systems, and instead of having glass terminals or teletypes, we have
web browsers, which are (in a way) very smart terminals that store a
lot of state.  Anything inside of a web browser does not run on your
personal computer; it is a service provided to you by someone else,
running on someone else’s computer.

What happens when that smart terminal is too complex to understand,
and too opaque to control?  The real power shifts to the party (or
parties) that run the service, that do understand the inner workings
of the smart terminal, and that have say over which smart terminals
you can run.  Those are political problems, and I don’t think they
will be solved until the pendulum swings back to personal computing.

> If you are interested in what I think is going on you might read the
> book "Doppleganger" by Naomi Klein.  I stole the idea of "Pipikism" from
> her.  Its not an easy read for those of us that are concerned, but it
> does give a clear viewpoint on what seems to be happening, and how it
> might be confronted.

I have not heard of that book, but now I’m interested.

-- 
[*] Kyle Terrien
    Terrenus => from the Earth, to the Cloud
    https://terren.us/

Dilexisti justitiam, et odisti iniquitatem.  -- Psalmus 44:8

More information about the GoLUG mailing list