The newest version of Firefox now enables advertisements in the address bar if compiled with official branding.
My understanding is that disabling this functionality by default may leave us in breach of the Mozilla trademark policy.
I think we should want to disable this functionality (and probably also Pocket in general) since it has gotten to this level of aggressiveness, but I don't see a path forward that allows us to legally do so without dropping the official branding.
What do we think?
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Child items
...
Show closed items
Linked items
0
Link issues together to show that they're related.
Learn more.
Firefox includes a generic branding option, AFAIK. Alpine originally used it, but we switched to using the official branding after they placed it under Creative Commons license (with the trademark waiver you linked).
Perhaps we could come up with better branding, though?
i am in favor of this change. as a backup option, perhaps a modified and unbranded version could be offered alongside the official, but i see little reason not to just drop it outright.
I’d rather not maintain multiple versions of FF, neither via means of librewolf or some other unbranded+branded version of FF. We should decide on one version and only stick with that
Similarly, I don't think the security team wishes to support multiple forks of FF either. We should determine what we want to do moving forward and have only one, either Firefox itself or a fork which has removed the adware.
i'm more in favor of removing it entirely, in any case. i feel as though it has become adware and spyware at this point, and i do not think it is appropriate for a linux distribution to be distributing adware and spyware through its official repositories.
i think librewolf would be a good choice, as it keeps the maintenance burden of removing those features outside of alpine.
I think the first step would then be to understand what Librewolf actually does with Firefox. Do they hardly patch it, or is it mainly a matter of default settings and build options? From what I understand from their site, they rely a lot on Arkenfox, which is already meant to allow the end user to drastically mitigate the official FF's privacy issues. It's not useless at all to provide a pre-configured bundle of course, but maybe a distribution should just build things the saner it can. For example, BLFS indicates a way to disable telemetry by adding "unset MOZ_TELEMETRY_REPORTING" to mozconfig. They might be other things of this kind to do.
I would be in favor of shipping the upstream, with ads and other garbage patched out, and debranded if necessary to comply with the trademark terms.
I don't think the maintenance of an actual fork is feasible, no matter who's responsible for it. Upstream plus patches seems like the most reasonable way forward.
Yeah, I think it would make more sense to potentially use LibreWolf (which is basically a distribution of firefox) as a way to exchange patches between distros.
I would prefer not to re-brand firefox due to the extra work involved.
I also think that in general, we should try stick to what upstream does, and if what upstream does is problematic, that should be reported and handled upstream. If you choose firefox, this is what you sign up for. (and to my understanding it is possible to disable the ads as a config option?)
If Firefox is not good enough for users, then we should probably look at providing alternatives, such as librewolf, and find a maintainer who is willing to maintain it.
Perhaps we could ship a policies.json file as part of our Firefox package? In such a file you can set things like DisableFirefoxStudies, DisablePocket, DisableTelemetry which then remove the need for people to do so in about:config manually?
If you choose firefox, this is what you sign up for.
I don't think our users signed up for adware though. Sponsored tiles were one thing, overriding the behavior of the address bar to show ads is another.
I guess what we can do is ship the policy data separately and have it install_if on firefox. This allows the user to opt-out of having it installed if they do not want it and want to be spammed, I guess.
Distro maintainers are the user's advocate to upstream. If upstream does something shitty (e.g. ads), the distros are positioned to protect users from them. The carrot is nice ("please don't put ads in"), but it's also obviously not going to work, and distros also have a stick (patch out the garbage).
If I may, as an end-user, I would like to see firefox kept as-is, perhaps with a warning in the apk info string, and a recommendation for librewolf (or whatever other vendored Firefox replacement is selected, if one is) so that I know that the Firefox I'm getting is Firefox, not some bait-and-switch or modified version.
Part of the "social contract" I saw chatted about is also that the end-users know that what they're getting is what it says on the tin. If I want firefox, and you say "hey, this has ads now in an obtrusive way" I can either say, "don't care, still want" or "hey, they suggest librewolf... Let's see what that is like". However, if I apk add firefox and I get waterfox/librewolf/palemoon, I'm going to be pretty pissed since that is not what I'm expecting. If want those, I'll go look for those.
There is no need to drop the branding to do this. Doing that is self-defeating. Patch out anything malicious and let Mozilla be the party to initiate a conflict if they will. Make them be the bad guys. Call their bluff.
That said, I like the suggestion, but I also think it's wise to make a statement to rebuke Mozilla and make it clear that we don't like this behavior and it materially affects our relationship with Mozilla as an upstream. Switching to a fork is also a good option.
Simple way to patch out all the malicious features: iterate prefs and replace any containing "http" with empty string (i.e. remove all phone-home to fixed urls).
I don't think you're in a position to make any such guarantee, unless you are a lawyer offering pro-bono work yourself. In conflict with the legal trademark policy of Mozilla, no less. You want to "call their bluff" and have them be the bad guy by enforcing the trademarks - but you don't offer any recourse if they call our bluff.
Following further discussion on IRC, and summing up the options as I see them:
Ship a policy template (easy) (further research: are all of the knobs we require provided here?)
Ship patches which violate the trademark policy and wait for them to complain (risky)
Package librewolf alongside either of these two options
Package librewolf and replaces=firefox it
I think we should do option 2 and option 3. This gives us a chance to evaluate librewolf without making any drastic changes and gives us a quick path to option 4 if Mozilla lawyers press the issue.
I'm mostly ok with that proposal. Since I don't think it's been mentioned here yet, only on IRC, it should be noted that even official Mozilla binaries only have the new spyware enabled for US downloads, since it's a huge flagrant GDPR violation. As such, if we're building from source and not requesting a US-localized version, no change should be needed to prevent the spyware from being included. However there's a good deal of existing unsafe phone-home/spyware functionality I assumed Alpine was already disabling, that apparently it's not. This should be fixed too.
If Mozilla's build system has existing documented ways to disable these things (for some, I think it does), I believe those should be used to get rid of as much as possible. This almost certainly is okay from a standpoint of Mozilla's policy and minimizes the scope of what's to be fought over to what really needs it, and ensures that things we already were clearly in the right over don't become "concessions" Mozilla tries to make to get away with insisting on keeping other things.
What does turning that off do? Does it change the name (binary name or in UI)? What else? Unless it really changes nothing significant user-facing, I don't think that's a good option and I think we should fight not to have to do it.
It seems the new ads can be disabled easily. Providing the settings behind are not silently renamed as FF sometimes does, it should not be that hard to just sanely pre-configure it.
@ollieparanoid is apparently the main person behind the adaptation. I’d love to hear his insight into this mess.
In postmarketOS, most anti-features of firefox ("firefox studies", pocket, "UserMessaging", ...) are disabled in policies.json of mobile-config-firefox. It gets installed to /etc/firefox/policies/policies.json. So in theory Alpine could ship something like this as well, even as part of the firefox and firefox-esr packages. Users who wouldn't want the policies set by Alpine could simply modify the file, similar to other config files in /etc.
Limitations:
Setting the default search engine is not possible unless using the ESR version of firefox (reference). In our config this is set to DDG, when installing regular firefox it simply gets ignored.
When using a profiles.json file, in Firefox Settings shows something like "firefox is configured by your organization". That's what the policies feature was designed for, but having the message is weird in the context of a Linux distribution. Clicking the message leads to about:policies, which shows what is configured in that file. (In pmOS we got rid of this with some CSS tweaks... but that makes the configuration more complex and I would not recommend this for Alpine.)
I also think that in general, we should try stick to what upstream does, and if what upstream does is problematic, that should be reported and handled upstream. If you choose firefox, this is what you sign up for. (and to my understanding it is possible to disable the ads as a config option?)
What upstream is doing is definitively problematic. Drew made a good summary here. One anecdote I could add is, there was right click -> "Copy Link Location", it's now "Copy Link" and a new menu entry with the size of the old string has been added as "Save Link to Pocket" in order to mislead people to click that instead. I've clicked it a couple of times before I realized what was going on.
So in my opinion, we should shield users from software with such anti-features. I've lost hope that firefox upstream will change and think we should switch to something like librewolf in Alpine, after carefully auditing their patches and with a transition phase. From a quick glance librewolf looks promising.
Users who really wish to use upstream firefox on Alpine could still use the flatpak.
EDIT 2023-03: Crossed out the "lost all hope" part. In hindsight I realize that this wasn't a productive way to look at it. Mozilla consists of many people and the ones I met IRL at FOSDEM are really nice. I still think it's worth for Alpine considering switching to LibreWolf, but we should try to work together with upstream where we can and shouldn't assume bad faith like I did above with the right click story. Sorry for that.
When using a profiles.json file, in Firefox Settings shows something like "firefox is configured by your organization".
I wonder if it would be acceptable to replace "organization" with "distribution" in that text to make it not misleading.
Users who really wish to use upstream firefox on Alpine could still use the flatpak.
This is not a solution. It's a regression from distro-vetted package to one that's likely far more malicious shipped by Mozilla, and it's built against glibc not musl and probably does not even run right (flatpak support for non-glibc systems was flaky last I checked).
More malicious sure, but the Flatpak image works fine on Musl systems. I use it myself for the few times I need DRM support and it runs as if if were a native package.
Since Alpine advertises as targeted at those who "appreciate security" (among other things), it should replace Firefox with Librewolf. Librewolf is not "just some random fork" of Firefox, it explicitly exists to remove tracking, phoning home and other big tech anti-features which work against user's security. Mozilla is as bad as Google, Microsoft, Amazon and other such "companies" or organizations.
The other alternative browser for those who appreciate privacy and security is (was?) Ungoogled Chromium, but I do understand that a) it is a pain to compile, b) Manifest V3 exists, so it has to rely on older versions of Chromium as base.