Firefox - New Terms of Service

Head_on_a_Stick · 2025-03-03 07:40:41

Pirx wrote:

Head_on_a_Stick wrote:
LibreWolf doesn't offer builds based on the LTS version of Firefox.
So? Some will say it's good for security, some will say it's bad.

I'm not sure I understand your comment

Debian's security team think the current firefox-esr package is covered and I believe them. For testing/unstable the security of the non-ESR firefox package is not usually covered by the security team but instead relies on the package maintainer to notice the new upstream releases. During the upcoming freeze the non-ESR firefox package may become outdated.

For BunsenLabs I think using the browser provided by the stable release makes the most sense, and users can always add LibreWolf themselves.

I use Debian's stable release to avoid Mozilla's terrible development decisions and I'm sure I'm not the only one. ESR can be better.

Pirx wrote:

Librewolf, Waterfox, Brave or Vivaldi

None of those browsers are available from Debian. And for good reasons, I think.

If you can't apt-get it then it probably isn't worth having

Last edited by Head_on_a_Stick (2025-03-03 07:42:28)

Pirx · 2025-03-03 08:39:28

Head_on_a_Stick wrote:

I'm not sure I understand your comment

??? Just check other discussions about Firefox clones on the Internet. Some people will argue they are more secure, others will say they aren't.

Head_on_a_Stick wrote:

Debian's security team think the current firefox-esr package is covered and I believe them.

I believe them, too, but are you saying that we should be only using programs approved by Debian security team? That sounds dangerously similar to what all the big corporations are telling us...

The fact that Debian team doesn't look after some browsers security doesn't automaticaly make them insecure. There are teams of developers behind them and even bigger teams behind the web engines they use. So, as long as you're not using an obscure browser build on an independent engine there is no reason to panic.

If you can't apt-get it then it probably isn't worth having

That's the whole point. Other distros let you apt install and apt upgrade those browsers. BunsenLabs is a Debian-BASED distro. It's not Debian-IDENTICAL.

Head_on_a_Stick · 2025-03-03 15:26:25

Pirx wrote:

Just check other discussions about Firefox clones on the Internet. Some people will argue they are more secure, others will say they aren't.

Ah, I see. Well for LibreWolf the devs build versions based on the latest (non-ESR) FF release within a few days so their coverage seems pretty good. I couldn't comment on their "security" compared to FF because I'm not an expert in any way and I really don't know but I'm more inclined to trust Mozilla over three random devs at a hobby project.

Pirx wrote:

are you saying that we should be only using programs approved by Debian security team?

Use what you want, I really don't care :-)

My point was that Debian's security team offers a guarantee that BunsenLabs would be foolish not to take advantage of (IMO).

I'm not part of the BunsenLabs dev team though so my opinions are mine alone and do not represent any sort of "official" position at all.

Pirx wrote:

The fact that Debian team doesn't look after some browsers security doesn't automaticaly make them insecure. There are teams of developers behind them and even bigger teams behind the web engines they use. So, as long as you're not using an obscure browser build on an independent engine there is no reason to panic.

Users can add those browsers you mentioned themselves, and at their own risk. Why should BunsenLabs divert valuable resources towards packaging different browsers and making sure they're kept up to date? Sounds like a waste of effort to me.

Pirx · 2025-03-03 16:00:32

Head_on_a_Stick wrote:

Use what you want, I really don't care :-)

Why aren't you supporting the idea of more browsers being added to BunsenLabs, then? That's exactly what will let people choose easily and use what they want.

Head_on_a_Stick wrote:

Why should BunsenLabs divert valuable resources towards packaging different browsers and making sure they're kept up to date? Sounds like a waste of effort to me.

Waste of effort? The whole point of creating another Debian-based distribution is to take effort like that. Otherwise, you can just stick to Debian.

Head_on_a_Stick · 2025-03-03 16:05:23

Pirx wrote:

Why aren't you supporting the idea of more browsers being added to BunsenLabs, then? That's exactly what will let people choose easily and use what they want.

People can already do that. BunsenLabs is close enough to Debian that all .debs should install and work just fine. The browsers you mention can all be installed in BunsenLabs already.

The dev team here isn't very big and they're all working flat out already. What's the point of adding to their burden if users can already access the software?

unklar · 2025-03-03 16:08:51

marens wrote:

unklar wrote:
Then, again Net --> Add-ons and Themes --> flagfox; uBlock; uMatrix; SkipRedirect and Keepassxc-Browser-Plugin.
Before installation:
uMatrix > Go to dashboard > My Rules > Export to file...
You will get a my-umatrix-rules.txt file inside ~/Downloads.
uBlock Origin > Open the dashboard > My Filters > Export...
You will get a similar my-ublock-static-filters_2025-03-02_22.23.58.txt file inside ~/Downloads.
Save the files somewhere and after installation, import the files the same way and all your local settings are there.
In a slightly different way, you can instantly restore all your old bookmarks and favicons.
If you are interested, open a new topic.

Thank you!
This is what I do

Pirx · 2025-03-03 16:36:36

Head_on_a_Stick wrote:

What's the point of adding to their burden if users can already access the software?

You can install almost any software on any modern Linux distribution, but a selection of software that is included in the instalation/repositories is one of the most important things that make a distribution to be this exact distribution. Of course, if the team has no resources to do it that's fine, but adding/replacing/removing software is an important part of developing a new distribution and we definitely shouldn't call it "a waste of effort".

greenjeans · 2025-03-03 19:22:19

Stuff like this is why I focus mainly on making "mini's" instead of full featured versions of my own projects, all the basic infrastructure with no pre-chosen major programs including no browser.

People tend to have strong opinions about such things, especially browsers. Easier just to leave it up to them sometimes.

So I never get an e-mail saying "Hey I liked what you did, but had to delete XXXX because that's crap, why don't you use YYYY instead?"

What I get is: "Hey cool stuff, I added YYYY and some other stuff , added some themes and icons and now it's awesome, check out this screenshot!"

Pirx · 2025-03-04 00:30:04

While I don't like to have to many programs pre-instaled, I like to have as many as possible in the repos. I think that Firefox-ESR should be the default browser, but it would be nice to have an option to apt install some alternatives. Of course, I understand that this is not the team's priority and my wishes won't necessarily come true.

unklar · 2025-03-06 16:19:06

https://www.kuketz-blog.de/unplugtrump- … -big-tech/

Tip 14: Privacy-friendly browser

Say goodbye to Google Chrome and switch to a browser that places more value on your privacy, such as Firefox, LibreWolf or Brave. They block/disable tracking and offer additional functions that prevent your surfing habits from being collected and analyzed. You can find a comprehensive comparison with a table at the end of the first part of the big browser series.

#change browser #Firefox #Brave #privacy #NoGoogle #NoTracking

Martin · 2025-03-06 20:18:59

unklar wrote:

https://www.kuketz-blog.de/unplugtrump- … -big-tech/
Tip 14: Privacy-friendly browser
Say goodbye to Google Chrome and switch to a browser that places more value on your privacy, such as Firefox, LibreWolf or Brave. They block/disable tracking and offer additional functions that prevent your surfing habits from being collected and analyzed. You can find a comprehensive comparison with a table at the end of the first part of the big browser series.
#change browser #Firefox #Brave #privacy #NoGoogle #NoTracking

Somewhat off topic and somewhat on topic: I listened to the Angry Planet episode called "Welcome to the Nerd Reich" earlier today:
https://soundcloud.com/war_college

/Martin

chroot · 2025-03-06 21:17:34

FF can be configured as secure as other browsers. No need to include another browser in the installation, IMO. Users can decide what software to install after the internet connection is established.

In FF version 136, they changed the settings to allow users to disable the browser's telemetry.

The problem of Mozilla and FF is that they provide users opt-out, instead of opt-in options. That's bad for average users.

Last edited by chroot (2025-03-06 21:54:59)

Pirx · 2025-03-06 22:08:32

chroot wrote:

In FF version 136, they changed the settings to allow users to disable the browser's telemetry.
https://i.postimg.cc/N5cHqcLk/8428b4429112137908798e8b60f34f60387ffabd.png
The problem of Mozilla and FF is that they provide users opt-out, instead of opt-in choices. That's bad for average users.

This is not the same issue. Telemetry hasn't been a real problem for years. This topic is about recent changes to ToS.

chroot wrote:

No need to include another browser in the installation, IMO. Users can decide what software to install after the internet connection is established.

Agreed. I've been thinking about the whole browser situation and have changed my mind about it. BunsenLabs is not advertised as a beginner friendly distro and it shouldn't be problem for its users to install alternative browsers. And, let's be honest - without Chromium, there will be no Brave or Vivaldi, without Firefox there will be no Librewolf or Waterfox. So yes, it makes sense to keep Chromium and Firefox in the repos.

Head_on_a_Stick · 2025-03-07 20:13:07

So the relevant prefs.js additions to block the new telemetry should be

pref("datareporting.healthreport.uploadEnabled", false);
pref("datareporting.usage.uploadEnabled", false);

^ Those could be set by BunsenLabs at /usr/share/firefox/browser/defaults/preferences/bunsenlabs.js to disable it OOTB in a freshly installed system.

It would only be needed once the ESR version catches up to this "feature" though.

johnraff · 2025-03-09 07:11:55

^bookmarked, thanks.
At that time in the future we'd have to choose between tweaking the default setting and putting up a HOW-TO for users to do it themselves.

Right now my firefox about:config has:

datareporting.healthreport.uploadEnabled	false

(default setting)
But nothing for datareporting.usage

---
Is this TOS issue about actual changes to the browser behaviour or to the terms users are asked to agree to? If the latter, on Debian it would be necessary for a popup to be raised when installing from apt. Not unheard of, but rare. A different case from downloading a binary directly from Mozilla.

Last edited by johnraff (2025-03-09 07:15:48)

Sector11 · 2025-03-09 15:56:30

I was going to open a new thread, but this seems like a good place actually.

Did an update today, first in 10-12 days.
Debian Bookworm (stable) so not in a panic to do it daily. HOWEVER the one bug it found had a very interesting comment:

Fetched 322 MB in 25s (13.0 MB/s)                                             
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
serious bugs of firefox-esr (128.7.0esr-1~deb12u1 → 128.8.0esr-1~deb12u1) <Outstanding>
 b1 - #1099130 - firefox-esr: Please package a fork that respects users privacy
Summary:
 firefox-esr(1 bug)
Are you sure you want to install/upgrade the above packages? [Y/n/?/...] 
 firefox-esr(1 bug)

So I said no, put it on hold and carried on.

Are you sure you want to install/upgrade the above packages? [Y/n/?/...] n
**********************************************************************
****** Exiting with an error in order to stop the installation. ******
**********************************************************************
E: Sub-process /usr/bin/apt-listbugs apt returned an error code (10)
E: Failure running script /usr/bin/apt-listbugs apt
 
 2025·03·09 @ 12:17:06 ~
   $ hld firefox-esr
firefox-esr set on hold.
 
 2025·03·09 @ 12:17:25 ~
   $ up2

Head_on_a_Stick · 2025-03-09 18:15:23

^ That bug report provides the complete plan for the future in respect of Debian's firefox-esr package so thanks for that :-)

Reference: https://bugs.debian.org/cgi-bin/bugrepo … %231099130

For apt-listbugs I would recommend uninstalling it because it can be harmful for users of the stable release.

Do not put the firefox-esr package on hold, it will degrade the security of your system significantly and is totally unnecessary. If you don't want Mozilla to track your inputs just disable the option shown by @chroot earlier in the thread.

greenjeans · 2025-03-09 18:29:34

The warning is interesting...wonder if that will show up somehow when using Synaptic to install the package?

Is this TOS issue about actual changes to the browser behaviour or to the terms users are asked to agree to? If the latter, on Debian it would be necessary for a popup to be raised when installing from apt. Not unheard of, but rare.

I've seen that, it's still used on an older firmware package but I can't remember which one, older Intel wifi firmware I think it was.

Also this popped up a few days ago : https://lists.debian.org/debian-securit … 00036.html

Last edited by greenjeans (2025-03-09 18:31:35)

johnraff · 2025-03-10 02:54:02

^Those security announcements come up all the time, for packages when they get upgraded in the debian-security repo (which we have enabled by default). Firefox gets them every month or two, it seems. But I don't see any mention of the TOU issue there.

Sector11 · 2025-03-10 18:04:34

Head_on_a_Stick wrote:

So the relevant prefs.js additions to block the new telemetry should be
pref("datareporting.healthreport.uploadEnabled", false);
pref("datareporting.usage.uploadEnabled", false);
^ Those could be set by BunsenLabs at /usr/share/firefox/browser/defaults/preferences/bunsenlabs.js to disable it OOTB in a freshly installed system.
It would only be needed once the ESR version catches up to this "feature" though.

my: /usr/share/firefox-esr/browser/defaults/preferences/firefox.js
Does not have any "pref("datareporting" string of any kind in it so I'm guessing that final statement means it's not necessary. I HOPE!

johnraff wrote:

^bookmarked, thanks.
At that time in the future we'd have to choose between tweaking the default setting and putting up a HOW-TO for users to do it themselves.
Right now my firefox about:config has:
datareporting.healthreport.uploadEnabled	false
(default setting)
But nothing for datareporting.usage
---
Is this TOS issue about actual changes to the browser behaviour or to the terms users are asked to agree to? If the latter, on Debian it would be necessary for a popup to be raised when installing from apt. Not unheard of, but rare. A different case from downloading a binary directly from Mozilla.

My "about:config > datareporting" looks like this

#21 2025-03-03 07:40:41

Re: Firefox - New Terms of Service

#22 2025-03-03 08:39:28

Re: Firefox - New Terms of Service

#23 2025-03-03 15:26:25

Re: Firefox - New Terms of Service

#24 2025-03-03 16:00:32

Re: Firefox - New Terms of Service

#25 2025-03-03 16:05:23

Re: Firefox - New Terms of Service

#26 2025-03-03 16:08:51

Re: Firefox - New Terms of Service

#27 2025-03-03 16:36:36

Re: Firefox - New Terms of Service

#28 2025-03-03 19:22:19

Re: Firefox - New Terms of Service

#29 2025-03-04 00:30:04

Re: Firefox - New Terms of Service

#30 2025-03-06 16:19:06

Re: Firefox - New Terms of Service

#31 2025-03-06 20:18:59

Re: Firefox - New Terms of Service

#32 2025-03-06 21:17:34

Re: Firefox - New Terms of Service

#33 2025-03-06 22:08:32

Re: Firefox - New Terms of Service

#34 2025-03-07 20:13:07

Re: Firefox - New Terms of Service

#35 2025-03-09 07:11:55

Re: Firefox - New Terms of Service

#36 2025-03-09 15:56:30

Re: Firefox - New Terms of Service

#37 2025-03-09 18:15:23

Re: Firefox - New Terms of Service

#38 2025-03-09 18:29:34

Re: Firefox - New Terms of Service

#39 2025-03-10 02:54:02

Re: Firefox - New Terms of Service

#40 2025-03-10 18:04:34

Re: Firefox - New Terms of Service

Board footer