Category Archives: Tech

Articles about software and technology

Looking Glass: The next ‘bright idea’ from Mozilla (updated)

Back in the day, Firefox was sort of a hackers power browser that fit a niche market. It was probably the most tweakable mainstream web browser on the planet for both geeks and average users alike. Although it is still highly customizable, it has become less so since Mozilla decided to terminate support for so-called “legacy” add-ons and replace them with WebExtensions of the same type as used by Google Chrome. Matter of fact, Firefox has become a Google Chrome clone as far as i’m concerned and some of us — a core Firefox audience that liked running something different and something that wasn’t ‘Googlized’ — didn’t want anything to do with Google, much less their Chrome web browser.

In its [not so] slow, steady decline and separation from its core values, Mozilla has dumbed-down Firefox to the point where it is hardly recognizable and changed its add-on API several times, thus forcing developers to rewrite their code in order to comply with yet another new standard. The developer of the much loved Search WP extension had this to say:

I’d love to support Firefox 57 (with all my extensions) but

1) Webextensions are just *too* limited. You simply can’t do anything useful with them until somebody adds an API just for you. It already starts with the most basic functionality of SearchWP: there does not seem to be a way to modify the search bar.

2) Mozilla ruthlessly breaking all existing extensions on purpose and removing customization possibilities with every new version of Firefox made me loose trust in the foundation and the browser itself – I’m not willing to spend my spare time on a project that has set a course that goes against everything Firefox once stood for.

And the stupidity continues…

For some time Mozilla has been packaging extensions with Firefox in the form of system add-ons, or “features” as Mozilla calls them. Not only is the option to uninstall these add-ons absent from the user interface, but most people aren’t even aware they exist since they’re hidden from the Add-Ons panel (if you want to know more about system add-ons and how to remove them, read the article, Firefox Configuration Guide for Privacy Freaks and Performance Buffs).

In its latest burst of stupidity, Mozilla is now installing yet another add-on without consulting users, but this time, to their undeserved credit, they have made it removable apparently. ‘Looking Glass‘ appears to be some kind of metrics collection add-on disguised as an augmented reality game created by the PUG Experience Group, whoever the hell they are, and it is part of a series of “Shield Studies” conducted by Mozilla. To see what studies Mozilla has foisted upon you that you didn’t agree to, enter about:studies in the address bar and then about:preferences#privacy to opt out. Better yet, stop using the Mozilla version of Firefox altogether.

Of course adding this unwanted crap to Firefox isn’t the worst of it. A while back, Mozilla decided that it needed to jump on the “fake news” bandwagon with its newly created Mozilla Information Trust Initiative in order to steer you away from sources of information that the multi-million dollar Mozilla Foundation decides are not suitable for your consumption.

I no longer suggest using Firefox, at least not the version distributed by Mozilla. If you want Firefox with the privacy disrespecting garbage removed, consider using Waterfox, which is a more privacy-centric, 64 bit fork of Firefox that will apparently continue to support XUL (legacy) extensions in addition to the newer WebExtensions. Some of the features of Waterfox are:

  • Disabled Encrypted Media Extensions (EME)
  • Removed Pocket
  • Removed Telemetry
  • Removed data collection
  • Removed startup profiling
  • Allow running of all 64-Bit NPAPI plugins
  • Allow running of unsigned extensions
  • Removal of Sponsored Tiles on New Tab Page

UPDATE: Mozilla apologizes.

On 18-Dec., after many users complained about the inclusion of the Looking Glass add-on, for which almost nothing was known at the time it was distributed, Mozilla published an apology, moved the add-on to the Mozilla add-on repository and published the source code. The post opened with the following nonsensical statement which raises more questions than it answers:

Over the course of the year Firefox has enjoyed a growing relationship with the Mr. Robot television show and, as part of this relationship, we developed an unpaid collaboration to engage our users and viewers of the show in a new way: Fans could use Firefox to solve a puzzle as part of the alternate reality game (ARG) associated with the show.

Does this sound remotely like anything that should be included in an internet web browser? What is the nature of Mozilla’s relationship with Mr. Robot? We already know that Mozilla has a habit of adding unnecessary functionality through its inclusion of 3rd party services for monetary gain and using its relationships with many privacy destroying corporations, such as Google, to monetize necessary functionality, yet they packaged the Looking Glass add-on with Firefox for no other reason other than, what? They like Mr. Robot? They wanted to make sure you weren’t bored by giving you a game to play? Utter bullshit. And why wasn’t the source code published before the add-on was shipped? And how do we know that the published code is identical to the unpublished code?

The rollout did not meet the standards to which we hold ourselves causing concern that was surfaced through our Firefox community.

Yes it did because Mozilla sacrificed its standards long ago. The only reason they published this apology is because enough users complained.

We received feedback regarding the transparency of the rollout and the processes that govern our auto-install mechanism for add-ons. In response we immediately started our internal review, […]

Good thing most users have no clue about the several system add-ons and “features” that ship with Firefox which are forcefully installed, activated, not easily uninstalled, and are used to collect data. Of course we know that no internal review will be performed to address this glaring privacy issue.

We’re sorry for the confusion and for letting down members of our community. While there was no intention or mechanism to collect or share your data or private information […]

When one considers exactly what Mozilla defines as “user data” and “private information”, one realizes how hollow this misleading claim rings. If they’re so concerned about their users, why aren’t they concerned about the data that is still being collected by the forcefully installed system add-ons of which users are largely unaware? Why aren’t these add-ons removed and placed in the add-on repository?

Resources:

Search

Alternative Search Engines That Respect Your Privacy

Privacy-centric search engines

Following is a table of some search engines which are more privacy-centric than those offered by the privacy-hating mega-corporations like Google, Bing and Yahoo. Note that several of the alternatives listed here are meta search engines which rely either partially or entirely upon services like Google for their search results. While these so-called “alternative search engines” are not true alternatives, they do act as a proxy between you and services like Google and thus insulate you from the privacy risks associated with them.

If you have any search engines you would like to suggest, please leave a comment (you need not be logged in).

Legend:

  • Decentralized – whether the service is controlled by a single entity, such as Google, or distributed among its users, as is the case with YaCy for example
  • Typemeta: uses 3rd party search indexes, such as Google, to deliver search results
    index: crawls the web and indexes content without relying on 3rd party search engines
    hybrid: a combination of both meta and index
  • Requires JS / Cookies – whether the web interface requires JavaScript and/or cookies (web storage)
  • Client Required – whether you have to download and install client software in order to use the service
NameDecentralizedTypeRequires JS / CookiesClient RequiredPrivacy PolicyComments
Disconnect (search page SSL)nometano, but functionality is limited / no, but settings are not savednoprivacy policyDisconnect apparently pulls results from Yahoo, Bing and DuckDuckGo, though in my case it forwards all searches to DuckDuckGo regardless of what the preferred search engine is set to. Personally i see no advantage to using Disconnect over other meta search engines.
DuckDuckGo (search page, SSL)nohybridyes(?) if searching from the FF search bar, no if searching from the web page / no, but settings are not savednoprivacy policyDuckDuckGo claims to pull its search results from over 400 sources including Wikipedia, Bing, Yahoo and Yandex, as well as its own crawler, and its interface is similar to Google. The company generates revenue from ads which can be disabled in the settings. DuckDuckGo also offers a ‘lite’ version which does not use JS or cookies.
FAROO (search page, no SSL)noindexyes / nooptional?FAROO offers a distributed, censorship resistant, peer-to-peer search engine and index, however it is powered by proprietary client software. In answering the question “Why you don’t publish your product as Open Source?“, their response is “[…] it’s not a good idea to hand over your technological advantage to a monopoly, when competing with its free service with enormous brand power.“. A very poor answer in my personal opinion.
findx (search page, SSL)noindexno / no, but settings are not savednoprivacy policyfindx has a decent privacy policy. The interface is plain and functional, though they don’t provide a lot of options to customize it. findx displays ads in their results and, though they are clearly marked, there is no option to disable them.
Gigablast (search page, SSL)partiallyindexyes / nono?Gigablast is an interesting open source search engine that maintains its own index. You can install and run it on your own server. The search interface offers some useful options, such as selecting the format of the output, sorting options, date options and file type options. I couldn’t find a privacy policy, but decided to include it anyway since it is open source.
Hulbee (search page, SSL)nometa?yes / no, but settings are not savednoprivacy policyHulbee has a solid privacy policy and an interesting interface, however it appears they pull their results from Bing, though i don’t know if they use Bing exclusively.
MetaGer (search page, SSL)nohybrid?no, but some functionality loss / no, but settings are not savednoprivacy policyMetaGer, which has been around for a couple decades, has an excellent privacy policy and claims to pull results from up to 50 other search engines.
Mojeek (search page, SSL)noindexno / nonoprivacy policyMojeek is a UK based company with a good privacy policy. Their search engine promises to return unbiased results. The search interface is very plain and the options very limited.
Peekier (search page, SSL)nometayes / no, but settings are not savednoprivacy policyPeekier provides an interesting, though feature limited interface in the form of zoomable text and thumbnail images of the web pages corresponding to your search results, thus allowing you browse the results before visiting the source page. Peekier appears to pull its results from Bing only however, which is unfortunate.
Qwant (search page, SSL)nohybridyes / no, but settings are not savednoprivacy policyQwant, based in France, is an interesting search engine. It is a hybrid in that they use crawlers, but also pull some results from Bing. The interface is pleasant, colorful and easy to use, though there are not many configuration options. Their privacy policy looks solid.
Searx (search page, SSL)partiallymetayes(?) if searching from the FF search bar, no if searching from the web page / no, but settings are not savednon/aSearx is a meta search engine which i have found to be the best of its type because of its capability to pull results from a wide array of third party services and it is highly configurable. The interface is clean, customizable and intuitive. Anyone can run a Searx instance on their own server (see their GitHub page).
Startpage/Ixquick (search page, SSL)nometano, but some functionality loss / no, but settings are not savednoprivacy policyStartpage/Ixquick apparently pulls its search results from the top 10 results of other major indexes, such as Google. They have a strong privacy policy and an extensive Q&A page regarding privacy, however they do use tracking images, so if you are using uBlock Origin, go here for the filters necessary to block them.
Swisscows (search page, SSL)noindex?yes / nonoprivacy policyThe Swisscows servers are located in Switzerland and the company has a good privacy policy. The search interface is modern and interesting in that they use machine learning to evaluate your search terms in order to provide better results. Swisscows is described as “… the first intelligent answer engine because it is based on semantic information recognition and offers users intuitive help in their search for answers.”
YaCy (search page, SSL, self-signed certificate)yesindexyes / nooptionaln/aYaCy is, in my opinion, the most interesting search engine listed here in that it is a decentralized, distributed, censorship resistant search engine and index powered by free, open-source software. At this time YaCy doesn’t produce a lot of pertinent search results, however the more people use it, the better it will become. For those wanting to run your own instance of YaCy, see their home page and their GitHub page. This article from Digital Ocean may also be of help if you want to run YaCy on a VPS.
NameDecentralizedTypeRequires JS / CookiesClient RequiredPrivacy PolicyComments

Upcoming search engines

  • Presearch: a decentralized search engine powered by the community
  • Seeks: a websearch proxy and collaborative distributed tool for websearch

Please leave a comment if you know of any others.

Resources