Opera was purchased by a Chinese consortium, I'm not a fan of Brave's hijacking of ad spaces so my preference is currently vivaldi - which was founded by co-founder and former CEO of Opera and has been adding new innovative features at a good pace.
Edit: been having fun trying out the latest vivaldi, loving a lot of their features like you can add website filters like greyscale, invert colors and sepia, monospace font + disable loading images or only load from cache, etc.
You can hold shift to select multiple tabs and then do all these operations, like mute them all, group them, display them tiled... and I feel like I'm just scratching the surface.
It feels like the last time there was a big feature competition between all the browsers.
It's true you can do some of these in each browser, but not all of them. Chrome on mobile lets you split screen tabs, but seems to require an extension on Desktop.
I think you can do tab grouping through a flag, but I haven't really pushed it.
Opera has gestures, but the system in Vivaldi seems more robust.
I tried Vivaldi a while ago and, while I really liked it, it didn't justify not being open-source.
I'm not one of the OSS elitists, but the browser, like the OS, is just one of those basic things that I want full control over.
I'm a huge fan of FOSS, but do you really think that you have full control over any modern piece of software? I think that underestimates how many people actually work on such a project and how many new updates we're getting on a daily basis. Nobody is more than %-wise controlling that stuff anymore. And this % is based on regular financial(!) investment in developer-hours but not in what software you use.
PS: I just fetched a project I'm actively working on. Last fetch was Friday afternoon or Saturday morning. >50 new commits fetched today. Until I'm finished reading and understanding all of them, there will be >500 more I suppose.
It's not about meticulously reviewing every commit for every project that I use, obviously nobody has time for that. For me the most important part is being able to fork the project if you want to add features or are unhappy with the way the original project is going, you don't merely have to beg the maintainers to add a certain feature, you can do it yourself. And perhaps more importantly I'm not screwed if, for one reason or an other, the original maintainers decide to drop the project.
It's very important to me that emacs is open source not because I review every single commit (I don't) but because it means that I can commit a lot of time tweaking and learning the ins and outs of the editor without worrying about having to switch to a different one a few years from now when the original devs get acqui-hired by Facebook and they stop working on their project.
Also, simply making the source-code visible to all, helps keeps the honest guys honest. That's true even if the licence isn't truly Free and Open Source.
I see where you are coming from, but this is simply not true. You can argue nobody concerned with his own reputation commits spyware to a public repo, but malicious actors are usually not concerned with that or try to stay anonymous in the first place.
> You can argue nobody concerned with his own reputation commits spyware to a public repo, but malicious actors are usually not concerned with that or try to stay anonymous in the first place.
It's not so black-and-white though, hence "keeps the honest guys honest". Are Microsoft and Google 'malicious actors'? They're hungry for our data, but they often only do it when they don't think we'll be able to find out what they're doing. https://news.ycombinator.com/item?id=17749330
That's true and, to me, has been brought on the spotlight from Microsoft practices around VSCode. On the other hand, for an OSS project, building the binary is not that hard.
> or me the most important part is being able to fork the project if you want to add features or are unhappy with the way the original project is going
Which is not "complete control" and that was the point I was arguing against. That having source code access enables you to gain some control over your own life is not a point I was arguing against.
Additionally another point: even if you fork you can't keep that fork alive without manpower. Nowadays all the dependencies and apis change all the time as well.
The purpose of the open source requirement is not so I can figure out what is going on and exert control.
The purpose of the open source requirement is so that many other people -- some much smarter than I am, and others only a little smarter than I am -- can figure out what is going on, and then post warnings to me about why I should avoid it.
I completely agree. The rapid flux in these huge browser projects makes personal security audits impossible even if you are one of the top 10 super-rigorous C++ devs in the world. Would be nice if some project forked the browser of their choice and then got some very careful well-respected teams/rockstars to audit it, and from then on, applied only security fixes and outright-rejected dubious stuff like WebUSB, google auto-login, etc. With Chrome and Chromium, sure, you get a very good security team working on it for you at Google, but you also get changes which are not in your best interests and/or undermine security directly or indirectly like, well, WebUSB. This is not ideal.
Thanks. You still didn't answer what is its (unique) selling point though. e.g. Why should I use it over this 'ungoogled Chromium' itself, or say Firefox?
To back astonex’s point, I never tried their browser but Navernis far from a random company.
If you’re afraid of them not having enough resource or not caring enough to maintain it, the company has deep pocket and won’t disappear tomorrow.
I know naver mainly as a chat app, and it was pretty good and hugely popular in Asia at a point. There was a huge account leak a few years ago, so I guess they also should be battle tested now.
Basically it could be a strong independent browser vendor mainly interesting in capturing users in their ecosystem.
It is always good to hear about a new browser. Unfortunately the only Linux download option is a .deb package. Could you please make an .AppImage? AppImage files are a single-file run-anywhere application (think of ThinApp/App-V on windows).
Whatever monetization strategy Websites choose to fund their content is up to them. If ads are the best way to support free content then that should be their choice.
Sure, you can technically starve them of micro ad revenue if you want, but if you're not going to abide by Content creators implicit contract of having their content served with supporting ads then IMO it's best for all involved that you either subscribe for ad-free content directly from them or just stop consuming their content altogether.
There are humans on the other side producing that content, they have as much right for being compensated for their efforts as we do.
That's more like wanting to have your cake and eat it too. Ad driven "free" material is chosen because it was (and mostly still is) seen to be more profitable than subscription based models. If it's not then the onus of change is not on the consumer to make ads more profitable, but on the producer to find what is.
I'm extremely satisfied that ad blocking is spreading ever more rapidly simply because I think that's the most direct way to get out of this current model of profit that leads to so many awful things. The fundamental problem is that with ad based model your customer is no longer the person actually consuming your material, but the advertiser. That, in turn, introduces 'sponsored' content, ads misleadingly ran as actual content, bias in views presented, external censorship of content to remain in the spirit of the advertiser, extensive tracking and data mining of users, and all these other lovely things. Good riddance.
> That's more like wanting to have your cake and eat it too.
What cake and eat it too? There is just Content producers producing content that they want to be compensated for and the industry agreed upon best way to do that for serving a mainstream audience is to publish free content with supporting ads.
> the onus of change is not on the consumer to make ads more profitable, but on the producer to find what is.
Wait so instead of doing what they're good at, content producers should individually be tasked with investing their resources in experimenting with different economic models to try find a viable alternative to serving content without ads? The sites with a large enough content catalog are already doing this with subscriptions, some others are using patreon, consider utilizing their ad-free content alternative when available instead of cutting off their only revenue source.
> What cake and eat it too? There is just Content producers producing content that they want to be compensated for
And I want to be compensated for writing HN comments. Alas, just because I want to be compensated for something, doesn't mean I will be. Content producers feeling entitled to compensation for their free and public content are kind of forgetting the content consumers have agency too.
> and the industry agreed upon best way to do that for serving a mainstream audience is to publish free content with supporting ads.
Just because it works, doesn't mean it's not wrong. Just because it worked for now, doesn't mean it'll keep on working. Nobody is entitled to their business model working forever, or at all.
> Wait so instead of doing what they're good at, content producers should individually be tasked with investing their resources in experimenting with different economic models to try find a viable alternative to serving content without ads?
Yes. They have the content, and want to exchange it for money. It's literally their job to figure out how to do this.
> The sites with a large enough content catalog are already doing this with subscriptions, some others are using patreon
Good. As it should be.
> consider utilizing their ad-free content alternative when available instead of cutting off their only revenue source.
Again, not my responsibility. Especially given that the social contract of the Web is, by design, that if your server responds with 200 OK + data, I get to render that data however I like.
I don't "know" as a viewer how ad-based business models work. In fact I generally assume that ads have to be clicked on to make money. Since I haven't clicked on an ad in years, does that make me a freeloader? I'll assume that once eye-tracking is commonplace then publishers will get paid only when viewers look at their ads. If I avert my eyes, am I stealing? On the other hand: why can't an ad-blocker plugin still trigger a payment for the ad view, while preventing me from seeing it?
> why can't an ad-blocker plugin still trigger a payment for the ad view, while preventing me from seeing it?
The ad-blocker won't load the ad at all for two reasons.
1) Performance. Less to load (and process, and render, etc) means faster load times, less bandwidth consumption, lower CPU usage (think about all those extra scripts), etc.
2) Privacy. If your computer contacts the ad network at all, then it could track you.
Because the blocker fundamentally can't load the ad or contact the respective network while also doing its job, triggering a payment would seem to be more or less impossible.
>In fact I generally assume that ads have to be clicked on to make money.
Not at all. Most of the industry moved away from CPC a while ago due to how dodgy it skews data. Most clicks end up being bots on shady websites Vs actual people. Viewabilty is what the good agencies are advertising against now; with the hope that you'll navigate to the advertiser's site down the line.
> There are humans on the other side producing that content, they have as much right for being compensated for their efforts as we do.
They have a right to ask for compensation, and a right to require it. They have no right to be compensated, if they choose to give away the content for free. That would be saying they have a right to force people to be generous.
Whining about ad-blockers is simply being manipulative, it's trying to guilt-trip people into abandoning their self interest for free. The implicit social contract of the Web, the way HTTP protocol and Web browsers were designed, is precisely what allows for ad-blocking. Browsers are user agents, and what you send in response to a HTTP request is mine to render how I like. Publishers have a proper, correct way to ensure compensation on the Web - it's called a paywall. I pay, then I get content. But they prefer ads, because it's easier. It's easier to bleed people out of their sanity (and privacy) than to ask for money. It's easier not having to write quality content that would be worth paying for. But that's a choice publishers make.
This is the most important point: nobody is entitled to their business model working. If ads aren't working for you, change your business model.
> Whining about ad-blockers is simply being manipulative, it's trying to guilt-trip people into abandoning their self interest for free.
Your attestation usage of "manipulative" is attempting to manipulate in itself. Like I said everyone is technically free to do what they want, but it doesn't change the fact that starving content producers of micro ad revenue goes against their wishes which in most cases deprives them of their sole revenue source.
> The implicit social contract of the Web, the way HTTP protocol and Web browsers were designed, is precisely what allows for ad-blocking.
No the web is not a social contract, it's a combination of technologies. The social contract exists between Content Producers and Consumers and the Web is the platform to enable delivery of that content. The implicit social contract is for Content producers to create content consumers want which is consumed in the way they want their content served. A "blocker" by definition blocks supporting resources that producers wanted their content served with - which in most cases is their primary revenue source for producing that content.
> it's called a paywall. I pay, then I get content.
Great, then use it when that option is available, as a benefit you wont see ads and producers get compensated.
But I hope you're not naive enough to think that a paywall works for all content and all audiences? It's great when it does, content producers get a reliable and predictable source of revenue but there's a reason why ad-supported free content is used, it's not because it's easier, it's because it's viable.
Content creators have unilaterally decided that it's ok to sometimes infect their "customers" with malware and give their information to hundreds of third parties.
Content creators have been acting like assholes and now they're seeing the consequences.
Crying crocodile tears of unfairness won't change that, it's just wasting people's time. If those content creators can't get people to pay for their content, it means their content is worthless.
The implicit social contract is for Content producers to create content consumers want which is consumed in the way they want their content served.
This is just very misguided, by using a completely producer-centric view. The web is merely not a network to connect businesses with customers. When your users are applying a technology to avoid rendering adds, it is a market signal. But the signal isn't simply "I don't want to pay for this content", it is far more likely "stop tracking me across sites and logins".
I certainly agree with you that content producers should have a mechanism for the possibility of revenue, but this is a two way street. Advertising networks have worked for some things , but are becoming more and more invasive, and hence more and more problematic. If enough people reject the model, content producers need to be either looking for a new model or looking for ways to improve this one. This stuff isn't rocket science.
> but it doesn't change the fact that starving content producers of micro ad revenue goes against their wishes which in most cases deprives them of their sole revenue source
Choice of revenue source is, well, a choice. It's not like we're talking about some poor third-world kids, for whom the only choice is between starvation and building ad-powered content farms. It's all just people who asked themselves, "how can I make me some money?", and out of countless of possible business models, chose this particular one, which is giving stuff away for free, attaching a malicious secondary payload to it, and hoping that this secondary payload will generate some money.
> No the web is not a social contract, it's a combination of technologies.
It's that combination of technologies that create this contract. Those technologies create a particular platform, with particular set of rules. It provides ways of giving things away, as well as asking for compensation. It provides ways of saying "strings attached". Unfortunately, many people choose to use the "give things away, no strings attached" path and then, after giving a thing away, demand to be paid. And it's even fine, as long as they realize many people will just brush their latter demand away, as it's silly and improper.
> The implicit social contract is for Content producers to create content consumers want which is consumed in the way they want their content served.
Oh, no no no. Not the last part. Why on Earth I, as a consumer, would agree to a producer dictating how I consume the content after I get it? I have the right to consume it the way I want, and the Web tech stack is built around preserving this right. The producer's right is to structure the content for particular consumption. A paywall, or showing ads before content, or dumping it all in a PDF, is a way of doing that. The consumer's right is to destructure what they get and consume it the way they like.
(As an analogy - if a restaurant wants me to not eat tomatoes, it's free to offers only meals without them. But it would be ridiculous for them to serve me tomatoes and then have a waiter hovering over me, ensuring I don't eat them. Or a waiter dictating I have to eat all of the things on my plate, and in a particular sequence.)
> Great, then use it when that option is available, as a benefit you wont see ads and producers get compensated.
Offer it to me, and I shall use it if I want your content badly enough, or not use it and go elsewhere. That's fair.
> I hope you're not naive enough to think that a paywall works for all content and all audiences?
I'm not. Fortunately, there are alternatives, including donations/patronage, or writing your content off as marketing expense for something else (e.g. articles published for free in hope you'll buy the author's book on the same topic, or just publishing in order to gather trust and goodwill).
(EDIT: and also, there's the elephant in the room - a lot of content can exists solely because of ads. Or, in other words, it couldn't be monetized in any other way. Why? Because it's crap. If that content dies off completely, I say good riddance.)
> there's a reason why ad-supported free content is used, it's not because it's easier, it's because it's viable
It's viable for now (and becoming less so, hence all the whining about ad-blockers). But so is polluting rivers when you're running a factory. Just because something is viable, doesn't mean it's good.
Well, sure. If you want to do something but can't find anyone who wants to pay you for it, then you need to accept that this work has infinitesimal value, and either don't perform it, or leverage it into something people will pay for.
Isn't that what the ad supported model is? You give something away for free in the hopes of getting visibility and exposure. Then you sell that exposure to an ad company.
I heard an interview with an advertiser where the advertiser actually claimed that you don't have the right to go to the kitchen during advertisting breaks.
> it's best for all involved that you either subscribe for ad-free content directly from them
Most don't offer that choice.
> There are humans on the other side producing that content, they have as much right for being compensated for their efforts as we do.
I think I missed that right in our constitution--you must respect other's wishes to impose ads on the content that is otherwise freely accessible on the internet. A “right” is hardly the right word—“social courtesy” may be better.
> Brave actually offers a way to pay for content, if I understand it correctly.
And that's great if a large volume of your visitors are using Brave, but that's certainly not the case for us. Granted, this is anecdata, but I suspect that it holds true for many other sites.
(On a personal note, I'm afraid I object to Brave simply on the basis of its gratingly pretentious name: I've known plenty of people who are brave, whether it's because of things they've done, or because of terrible suffering they've endured, but I'm afraid I see nothing about that web browser to justify the name.)
> On a personal note, I'm afraid I object to Brave simply on the basis of its gratingly pretentious name
I wouldn't blame you.
In any case, this is more of an ethical preference than a serious statement about the viability about Brave's specific monetization model... any product that gives the consumer more choice without entirely depriving people of revenue is welcome to me.
Fine. BUT sites should be responsible for the ads running on their site and held financially or criminally responsible. Adtech is infested with intrusive tracking which is legally dubious in my jurisdiction. To say nothing of the security implications of allowing random unvetted transient 3rd parties to run code. At this point I see a good content blocker as a security measure more than an ad blocker.
In a lot of places Users who don't want ads can subscribe to access ad free content. If that was a superior monetization strategy most websites would adopt it.
Or get an ad blocker or use the browser being discussed. Regardless of your desire for websites to be able to serve ads, the users are mostly in control of whether they want to see the ads.
> I'm not a fan of Brave's hijacking of ad spaces so my preference is currently vivaldi
I'm not affiliated with Brave, but IIRC that requires opt-in from both the owner of the user AND the website. So it seems like a bit of a stretch to call it hijacking, when the website, ads are being "hijacked" from needs to opt-in to this.
Check out the browser. By default no ads are shown. Everything is opt-in at all levels.
The idea is to remove the coercion from ads. Users will earn 70% of all gross ad revenue. The remaining 30% will be split between publisher and the browser.
Users can get paid to tolerate ads, or they can choose to see no ads. If users see ads then users, the browser, and sites all earn money. If they don't then nobody earns money and they get to experience an ad free internet.
Actually, because they're using BAT as the medium of exchange, hypothetically anyone could build another browser / client / extension that could be used and users wouldn't need to worry about any sort of "lock-in".
Brave certainly blocks ads by default, I personally don't see a problem with that. Users can't install adblocker addons in browsers, not much different than downloading an adblocking-by-default browser.
I can't immediately find a source for the publisher opt-in thing. But brave definitely hasn't been doing anything like that in 2016 as your articles suggest, because they only just started now with beta testing brave ads[0]. From my personal testing of brave a couple of times, with the ad opt-in activated, I have also never seen this happening.
Since it's going to be using chromium as a base then theoretically you could install whatever extensions you want to it right now, but that's still in beta
> In addition, all of our UI code (included in normal packages) is written in plain, readable text. This means that all parts of Vivaldi are full audit-able and open from that perspective.
I.E. not downloadable. That's neither open nor open-source.
For projects large like a browser, not sure how having everything open sourced helps users. No one can audit it well enough anyway. Only track record can tell its security and stability.
Many features that made Opera great still don't work in Vivaldi - last time I checked, RMB+wheel tab cycling was completely broken. When it works, the UI is slow and laggy.
Going from old Opera to Vivaldi feels like switching from Sublime to some Electron garbage.
One I made: https://cretz.github.io/doogie/. Admittedly a bit behind on Chromium (updated locally for myself, deploying this week) and no macOS support yet.
I really wanted to like Vivaldi but it deals with a lot of tabs far worse than Chrome ever did and Chrome is utterly abysmal with more than 50 tabs (while I am easily pushing 400 tabs on Firefox with good performance behavior).
One issue here, is that none of these are good cross platformers for mobile. iOS and Android both force you to use their render engine afiak. That's why Edge uses Webkit on iOS and Blink on Android...yet Edge (proper) uses...the Edge engine. Mobile is so much of the world's web usage now...it's basically impossible to decouple them from their root OSes. Imagine if Windows in the 90s or 00s forced every competitor's browser installed to use Microsoft's render engine.
Only iOS forces you to use WebKit which is why it's used by Chrome/Edge/Opera. It's not impossible to decouple them, you're prohibited by the license from using an alternative browser engine.
Android doesn't have any such restrictions so Firefox on Android are able to use their Gecko engine.
Thanks for the correction, either way, I view it as a problem that you can't (easily?) decouple in iOS. Some of these browsers listed have no mobile version, at least not ones fully baked. That alone forces people into the hands of the mobile defaults like Chrome and Safari.
I'm not clear why it matters that it's not available for iOS? All iOS browsers must use WebKit which is what's Chrome's Blink engine is based on and what all browsers mentioned above use.
A mobile browser is a completely different Application then a Desktop browser so you're still going to be using a different "Browser" Application, so I guess I don't understand why my choice for using the built-in Safari on iOS would impact which Desktop browser I'd choose to use?
Because the focus on decoupling from Google, etc is to prevent control of larger corporations and from data intrusion. Mobile is a huge facet of search/browsing now. If you are only decoupling 50% of web usage, you aren't making much of a dent on the behemoths to change their behavior.
Then I really don't get it, Safari is the most dominant browser on iOS and on Android you can use whatever you want - so you never have to use Chrome anywhere.
I'm not sure what you don't get. It's not just about Chrome. Decoupling Google services from Chromium is more than about Chrome itself, it's a backlash against Google and data collection at large. You could just promote Firefox instead of Vivaldi, but you didn't. Why not? I assume because you like choice...and that choice should continue to extend on mobile platforms.
Because you're not clear on what exactly your grievances are with Vivalidi/Brave/Opera using the Blink rendering engine and how exactly does using Safari on iOS or Firefox on Android enforce Google data collection?
> It's not just about Chrome. Decoupling Google services from Chromium is more than about Chrome itself, it's a backlash against Google and data collection at large.
You need to read up on what Chromium is, its an Open Source Chromium browser Chrome is built on without Google Services (i.e. what Chrome is). A large differentiator for Vivaldi and Brave is their privacy first browsers that don't track you:
> You could just promote Firefox instead of Vivaldi, but you didn't. Why not?
Because the whole premise of the article is for making a modified Chromium browser fork, when they could instead use one of the existing actively developed Chromium browsers founded by browser engineers. I have no issue with Firefox which I use as my secondary browser, but the replacement for my main browser Chrome would need to be another Blink-based browser.
But I still have no idea what the rendering engine used in Mobile browsers has to do with anything.
What kind of problem? It makes web browsing stable as the internal engine is tested by Apple without third party bringing their own with updates at random moments and from web developer's perspective, they get a predictable result within iOS without effort and from those, I don't see a problem from users' perspective too.
> from web developer's perspective, they get a predictable result within iOS without effort and from those...
> Maybe you work for Mozilla.
Maybe you're a lazy web developer.
The only thing I miss on iPhone is Gecko. I often run into website that doesn't render properly in Safari and at that point I want to have an alternative rendering engine that would solve the problem. Currently I have to find a desktop computer for it.
This has become such a problem lately, because some of the websites I often use and need to get important information from have this issue, so I always have to be sure that I'll have desktop computer around or carry an Android tablet with me.
Next time I buy a phone, it will be Android unless Apple changes their policy on browser rendering engine. If I knew this worked the way it works, I would have never bought the iPhone in the first place.
Did it also bring stability when Microsoft bundled IE with Windows? Because I'm not sure how you can differentiate the two (and I doubt most would think that was good for the long term health of the Internet).
You're correct with iOS, but Android allows browsers to have their own rendering engine (see: Firefox with Gecko.) Microsoft just didn't want to invest in porting EdgeHTML to Android.
If you're using "Ungoogled" Chromium, you're still contributing to Chrome's monopoly and you're still helping Google's dominance of the web.
Chromium may be open source, but its development is controlled by Google. Unless you have Google-like resources available, you won't be able to create a meaningful fork that your less technically savvy users can benefit from.
"Ungoogled" Chromium is a trap. Use another browser. Use Firefox. Use Safari. Heck, use Edge (aka the new IExplorer).
Because lets stop beating around the bush ... Chrome is the new IExplorer 6.
If you're developing against Chrome/Chromium, particularly "works in Chrome" instead of developing against the published Web standards, you're support Google & Chrome.
That's fair but you can easily develop for the majority Chrome marketshare by focusing on designing and building your applications on top of the actual web standards instead of Chrome's specific implementations. Probably 95% of the APIs you use in a typical app will be easy to use in a standard way anyway.
WebRTC and some of the more mercurial APIs might be a challenge though.
Most developers probably try to do that. But often they only develop on Chrome, and maybe only have automated tests in Chrome (or not at all...). And then when it then breaks for non-Chrome, fixing tends to get lower priority than new features and bug affecting more users.
I like the idea, but where we run into trouble is when the pm comes downstairs and says it looks wrong on his computer. He uses chrome. He rejects the story. Arguments about correct are moot. Everyone uses chrome is his trump card. The business perspective doesn't care about web standards.
This is not wrong, but you're missing the reciprocity.
Devs don't optimize for Chrome because they're evil, they do it because a vast majority of users use Chrome and they know that. So both parties can do their part.
This is a contentless argument, which I am tired of seeing parroted. I do business with hundreds of entities that do not use Google infrastructure. I have thousands of contacts whose email headers indicate usage of Exchange servers.
It's not about your twelve friends who use GMail, or even your hundred GitHub collaborators who use GMail. It's about the entire rest of the Internet, which is still there, living happily outside your bubble.
And even if it weren't, it's an unconstructive, defeatist style of thinking which does not engender positive change in society, but fosters local maxima.
For every person who does not think this way, society is better off.
protonmail sells your email for profit. I would better recommend fastmail which charges you, but it is still in unsafe legal regulation. You are not safe from the "lawful" dragnet neither.
Could you please provide a citation for your first claim that ProtonMail sells your email for profit? Their entire sales pitch heavily revolves around clientside decryption that should in theory prevent this from being possible; I'd very much like to know if this is not the case.
“It also features some changes” says to me that this isn’t a safe fork to recommend to others. Rather than simply releasing a de-badged instance of the public Chrome product, it additionally includes “editorial” comments in the form of turning various switches on or off. Use at your own risk.
Is it though? Security is a fickle thing. Unless there's a a big enough community behind it with security experts examining the changes, I'm not sure I'd trust some random person's changes to not introduce any exploits.
Nope, my objection is to the mindset of making more changes than are necessary to release it. If their opinion had been restricted to “for removing Google” rather than also “and some other stuff”, it’d inspire a lot more trust in their long-term intentions. Being able to see diffs does not improve my trust in their judgement or reasoning.
It was for me as well, but lately I have been experiencing incredible slow-downs in Firefox. I thought it must be my imagination until I tried other browsers and the difference was like between day and night. Firefox is just too slow, even with their new engine.
I saw similar results on my MBP, with Chrome scoring ~90 and Firefox scoring ~60. Not enough to outweigh my reasons for using Firefox, but interesting.
Ditto. I spent about 6 months using Quantum on Linux. While it's a lot faster than old Firefox, it's still got a lot of issues - random crashes, random hangs, high memory and cpu usage. I got so frustrated, I decided to go back despite my privacy concerns. Unfortunately, nothing comes close to Chromium on Linux.
How is it not? I remember being bombarded with news along the lines of 'New Firefox is blazingly fast!'. Which one is that? How do I get a version that has the new engine?
The part that shipped was Electrolysis which splits the formerly giant-single-processed Firefox into a set of 1-9 processes which work as task pools for tabs. Locking one tab hard will lock only that tab, and any others sharing that Electrolysis worker I believe.
The new upcoming part is Servo, the rendering engine written in Rust.
Problem is when something crashes on Firefox it still tends to take everything with it. This is very annoying when developing something. Often when you have bad code as you are creating or changing things.
So for developing I still prefer Chrome. Besides that Firefox since quantum been very nice.
If you're so afraid of Google just don't use Chromium at all. It's a bit like using tools developed by the NSA thinking you are safe because you manually applied patches for all the known backdoors.
Coincidentally I had found out this one today and compiled it myself after a frustrating experience with `brew install chromium` (videos wouldn't play; inputs would blink).
I guess this has more flags set up by default, and it makes it easier to target a stable commit to compile against.
Also as a word of caution, don't use ungoogled-chromium binaries - they never are fully official/confirmed/reproducible. Running opaque blobs from strangers defeats the purpose of leaving Chrome for increasing privacy.
Just bite the bullet and run the 2h compilation process yourself.
>Just bite the bullet and run the 2h compilation process yourself.
I don't think that's the best use of everyone's time or energy. Not to mention, it may be more error prone, or even insecure depending on what your base system is like. And you'll have to track updates. It seems like chromium is problematic to build in general. Debian hasn't marked it as reproducible. It is also not clear if it is possible to build it for Android using a Foss stack. Various efforts to include chromium or derivatives in Fdroid have failed.
Sure, that's a solution if you think that running their binary is unacceptable. But that's begging the question.
Most people running macOS (as vemv at least is) run a lot of random binaries from various types of strangers – mostly proprietary applications, although there's also things like Homebrew cached binaries, 'curl | sh' installers, etc. Now, in this case downloading a binary isn't necessary, since there's the option of building it yourself. That's great, and it's definitely (somewhat) safer to build it yourself... but that doesn't make the binary less trustworthy than if that weren't an option. If building sounds like too much effort, you shouldn't automatically give up on using the program, but just fall back to your personal baseline policy for running binaries. And for a lot of people, for better or worse, I think that policy is fairly trusting.
[2] "A cross platform tool that provisions all of the AWS infrastructure required to build your own privacy focused Android OS on a continuous basis with OTA updates." https://github.com/dan-v/rattlesnakeos-stack
No, that doesn't fix it. It has always been possible to build chromium, just not in a way that meets fdroid's requirements (i.e., build with a foss stack on their debian vm).
That's sad Chromium cannot being built without binary Google blobs for now, but that would be much better to have Chromium (ungoogled) in f-droid - with a 'anti-feature' sign - than to not have it at all.
It's already there on the bromite repository. If you go to bromite's page, they have an f-droid repo which has both bromite and vanialla chromium. It will not get into fdroid proper until it's fully compliant (given they also get the build resources, which is also challenging)
I actually recently added a feature to search for the cheapest spot instance price across a number of different regions. Right now for example the cheapest price for the instance type used c5.4xlarge is ~$0.15/hour in us-east-2. This equates to a full AOSP build with Chromium build included (~5.25 hours) costing $0.80 and without Chromium (~1.75 hours) costing $0.30
How do you handle spot instances being shut down mid-build? Can you recover any built artifacts before the system goes down? IIRC you get a 2 minute warning.
Right now if a spot instance terminates mid-build it doesn't attempt to save any progress. I do have an open item to at least alert users that this has happened though (https://github.com/dan-v/rattlesnakeos-stack/issues/41). Although if Chromium is built it will checkpoint that by saving the built artifact to S3 and would then skip the Chromium build next time. I've found it's much cheaper to do full builds on AWS each time rather than trying to store the source tree for AOSP and Chromium as they are just so large.
Yes, that's well done. But it would be nice to port RattlesnakeOS build system from AWS to e.g. Nextcloud - because you pay for your Nextcloud VPS anyway, most of the time it's doing nothing, and most of the time you don't really care would it build in 2 hours or 2 days.
If you were looking to just do something similar but running on another platform, knowledge of Go isn't required. The core build process is a shell script, which just has some variables injected through Go templates: https://raw.githubusercontent.com/dan-v/rattlesnakeos-stack/...
I'd definitely like to talk to you further about this - it still looks like there's a lot of hardcoded AWS stuff in there, and your terraform code assumes AWS, but it's super cool - thanks.
For sure. I'd love to have this script be able to run standalone as a local build process that would be portable across platforms and only run the AWS specific bits if you passed a flag for example. Anyways, happy to chat - you can shoot me an email dan@vittegleo.com
There are cheap VPS with even NVMe storage nowadays. And to port it on VPS is not much different from porting it to 'any Linux box or VM' which might be local server or even a laptop (when you could just run it with nice settings in background).
> Also as a word of caution, don't use ungoogled-chromium binaries
Unless you’re reading every line of code yourself before compiling it, I’d say you’re no safer going you’re route than downloading the binaries offered from the same source.
Generally as a software developer I can assess which projects' source to trust, else I wouldn't be running thousands of transitive dependencies in my machine.
Binaries which are unofficial to even ungoogled-chromium itself surpass my threshold of trust.
But yes, one could take a further step and extract the interesting bits from this project and apply them to the official Chromium trunk.
How do you assess the trustworthiness of thousands of transitive dependencies with a far greater number of code contributors in a way that scales? This is a serious question, and it would be great if you shared the solution you found. Thanks.
I should admit that my procedures are only marginally better than an average developer's.
Sadly I have no arbitrarily deep audit in place. I just try to pick solid projects, and assume / quickly check that their dependencies don't suck.
Also I'm particularly cautious with npm (as opposed to rubygems or clojars).
I should be looking into either (or both of):
- setting up a multi-user macOS ('me' + 'admin' + 'dev'. I normally operate under 'me'. sudo is only ever executed under 'admin'. Developer tooling is installed for 'dev', an account which cannot access the rest of the filesystem)
- using Docker and/or a VM for all dev activity, as a sandbox.
I did it one time. It was really long to download all the build tools and source code then even more to compile the thing. A lot of free space was required (there was few remaining on my SSD). After that the resulting browser was approximately two times slower (in my perception) than Chrome, so I ditched the thing after ten minutes. So it’s somewhat understandable that not everyone is willing to go thru this, especially for the disappointing result.
Wasn't the compiled-from-source chromium also downloading binary blobs without telling the user? There was an advisory about chromium doing it awhile ago.
Anyone know how this differs from https://chromium.woolyss.com who has been building Chromium, for all major platforms, without Google features for years?
Check features: https://chromium.woolyss.com/#features It's doing more than that - No Google API key, no user identifier, no metrics or crash reports etc.
I don't know enough of the guts of Chromium and Chrome to know if it covers everything, but seems comprehensive to my naive eye.
Every or almost every? E.g. Bromite (www.bromite.org) integrates privacy enhancement patches from Iridium, Inox patchset, Brave and ungoogled-chromium projects for some reason.
Chromium tests if IPv6 is working by connecting to Google's DNS servers with it. This changes it to manual control so these servers can't track that connection.
Debian gets sponsored by various ways but the money isn't used directly for developers nor their time. It is volunteer based project and money is usually used for hardware, sprints, conferences, outreachy etc.
That said Debian does take it seriously when it comes to privacy and security so you can always report bugs on such. Do note that Debian's Chromium builds have always disabled the infamous "mic always on" option which Chromium has (or had, didn't check) by default.
Btw, Debian now moved to gitlab hosting (their own instance salsa.debian.org) so it should be much easier to contribute to Debian now. :)
P.S. while Debian Developer myself, I stay away a lot from browser and especially Chromium, and I always suggest Firefox (it has really got better last year or so).
it should be much easier to contribute to Debian now
But aren't they constantly getting new versions of Chromium from Google? I think going into the Debian Repo of Chromium and changing it would not be a viable path, right? You either have to convince Google to accept your changes too (Good luck with them accepting the de-googling haha) or you would have to consider a life of constantly de-googling new versions of Chromium.
Debian maintains its set of patches often (quite easy to handle with quilt in debian/patches). We get upstream source from upstream of course and use our patches until they get accepted (we don't force upstream to do so) when we of course remove obsolete ones.
Yeah, Chrome isn't so good that I find a need for the open source community to maintain a fork of it. ⌘Space Safari and I get on with my life.
It's been interesting to experience Internet Explorer, then Firefox, Chrome, and finally coming back to operating system default browsers with Edge and Safari and being perfectly content.
The leverage Microsoft and Apple are utilizing with their operating system ecosystems is fairly pleasant, creating better out of the box experiences. Installing more software just feels like such a nit-picky user experience that I don't want, especially with refreshing my systems now and again.
Why is this downvoted so heavily? It's a legitimate opinion. I don't agree with it and you may not either, but it highlights the fact that for at least a portion of the user base the default browser may be an acceptable option.
I would appreciate it more if people mentioned why my comment doesn't contribute to the discussion, but I think it's more realistic to say that I've been downvoted simply because someone didn't like what I had to say.
I didn't downvote you, but perhaps people are thinking that attitudes like the one presented in your original comment are what lead to IE6 and the general state of the internet in the late 90s / early 2000s?
The problem for me is that no one I know has a mac (I think their market share is like 10 percent). It's too expensive for many of the people I know and the rest play video games so they can't use a mac.
I use Epiphany (aka GNOME Web) and it's like Safari: a minimal WebKit-based browser with no Google integration, but it's cross-platform, open source, and features Firefox sync integration for history/bookmarks/passwords/etc. I can't recommend it enough.
I might recommend using an operating system that matches your values. Maybe something like Debian? I have my own criticisms of the GNOME project, but I really enjoy their release cycle.
I think the only thing that's missing is allowing the containers to sync with Firefox Sync with a client-side passphrase. I don't want to lose all of that "work" I've put into carefully separating websites into their own containers when I switch to another machine or re-install the OS, etc.
Also, it should be easy to "reset and switch" a website from one container into another while leaving no traces that it's been in another container. I often load a website in no container or in another container, and then I use another plugin to switched it to where it should be. This should be a default feature.
I'm still not happy with how AMP operates. Seems like it will mess up the interwebs. Something on IPFS along with tighter usage of compression and markup compliance is likely a better solution than AMP.
Google is the main funder of Mozilla via search royalties and direct funding. It's easily changed...but in reality Mozilla suffers if you do change the default because they lose royalties. It's hard to be a good competitors if your livelihood depends on people staying with your competitor's services.
They are mostly the same. I think they look better on Firefox.
Firefox has no websockets inspector which chrome has but it does have a CSS grid view tool which chrome doesn't have. There was a bunch of new improvements to the Firefox dev tools recently but I haven't checked them out yet.
Not advocating browsers either way, but as someone working a lot with css grids lately, chrome does have this tool. Hovering over any element that has a grid-area style, or a grid-template-* style will display the full grid on the page.
If you do a lot of debugging or reverse-engineering, FF’s dev tools lacks a lot of essential tooling compared to Chrome.
Things like getting all event listeners for a DOM element (with inspectable closure variable values), local workspaces, blackboxing files and folders, async-spanning stack traces, saving CSS/JS edits to source files, document event breakpoints...
I would use it instead of Chrome but it's significantly slower than chrome on mac, especially from the perspective of a dev. (Not sure about Linux or Windows.) When FF catches up in perf I will switch.
Everyone says to dump Chrome, and suggest other platforms that are comparable from a users perspective. But what about DevTools? Chrome has by far the best Web Development capabilities out of any other browser. Is there any single alternative or a set of tools that can match it?
https://vivaldi.com
https://brave.com
https://www.opera.com
Opera was purchased by a Chinese consortium, I'm not a fan of Brave's hijacking of ad spaces so my preference is currently vivaldi - which was founded by co-founder and former CEO of Opera and has been adding new innovative features at a good pace.
Edit: been having fun trying out the latest vivaldi, loving a lot of their features like you can add website filters like greyscale, invert colors and sepia, monospace font + disable loading images or only load from cache, etc.
https://pbs.twimg.com/media/Dn03GeXWkAEXRP3.jpg
Feels like they're focused on adding cool features users want, instead of Chrome's catering to mainstream-only users and features that benefit Google.