[Trisquel-users] Re : Web Browser
In some jurisdictions, they cannot be "public domain", unless their authors died at least 70 years ago, which I very much doubt. They are probably distributed under a so-called "permissive license" (aka "lax license", aka "pushover license"), which lets anyone do anything they want with the work. Including changing its license for a proprietary software license. The other category of free software licenses are copylefted licenses, such as the GNU GPL. Using a copylefted license, your work cannot end up in proprietary software. It is the whole point of the copyleft: preventing the middleman from stripping out the freedoms you want to give to whoever uses your work, modified or not. See https://www.gnu.org/copyleft/ Now, if the programs you are referring to do not bear any license, they are "all rights reserves", hence proprietary, under the Berne convention. See https://www.infoworld.com/article/2615869/open-source-software/github-needs-to-take-open-source-seriously.html for instance. Here is an excerpt: You don't have to include a copyright statement for your creative work to be under copyright. In any country that's a signatory to the Berne Convention, copyright -- or stronger -- is the default as soon as something is created. If you completely ignore the subject, all your work is copyrighted to you (or to your employer in many cases), and anyone who copies it to use or improve it is in breach of your copyright. See https://www.gnu.org/licenses/license-list.html for a long list of licenses. For free software licenses, the description usually tells whether the license is permissive or copylefted. About "Public Domain", that page says: If you want to release your work to the public domain, we encourage you to use formal tools to do so. We ask people who make small contributions to GNU to sign a disclaimer form; that's one solution. If you're working on a project that doesn't have formal contribution policies like that, CC0 is a good tool that anyone can use. It formally dedicates your work to the public domain, and provides a fallback license for cases where that is not legally possible. And about CC0: CC0 is a public domain dedication from Creative Commons. A work released under CC0 is dedicated to the public domain to the fullest extent permitted by law. If that is not possible for any reason, CC0 also provides a lax, permissive license as a fallback.
[Trisquel-users] Re : Web Browser
This is sheer nonsense and yet another attempt to renew someone's favorite discussion about 4 freedoms and all the rest of it. Everybody can observe that you are, once again, the one bringing back the four freedoms. The GitHub repo I opened will use "The Unlicense" which means no copyright and restrictions/regulations. No copyright would actually mean the classical copyright, under the Berne convention. I will never accept anything from anyone who tells me "I can potentially help" and then imposes regulations on that "help" (however 'ethical' anyone may consider that). Whatever. Good luck with your GitHub repository that only contains a license file (where is the "software" the license is talking about?): https://github.com/anchev/user.js
[Trisquel-users] Re : Web Browser
Without a © it is basically public domain, and cannot be subjected to a license. If only that could be the case! Unfortunately, under the Berne convention (signed by almost all the countries in the world), the copyright is automatic. The "classical" copyright I mean. Where you are basically free to do nothing. That is why I wanted to add a copyright notice: to not be told I released proprietary software! I do not think I am anonymous (there is a link to my Web page on my profile). But anyway, you are right, there is no reason not to be clear. So here are again the two scripts with copyright notices: #!/bin/sh # Copyright 2018 Loïc Cerf (lc...@dcc.ufmg.br) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or (at # your option) any later version. # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # See . if [ -z "$1" ] then printf "Usage: $0 prefs1.js ... " exit fi printf '# key' TMP=`mktemp -dt all_prefs.XX` trap "rm -r $TMP 2>/dev/null" 0 keys=$TMP/$(seq -s " $TMP/" $#) values=$TMP/$(seq -s ".val $TMP/" $#).val mkfifo $TMP/keys $keys $values # List, in alphabetic order, all keys in at least one input file grep '^ *user_pref *( *"' "$@" | cut -d \" -f 2 | sort -u | tee $keys > $TMP/keys & for k in $keys do printf "\t$1" # List the value in "$1" associated with every key or "undef" grep '^ *user_pref *( *"' "$1" | cut -d \" -f 2- | tr -d "$(printf \\t)" | sed -e 's/" *, */'"$(printf \\t)"/ -e 's/ *) *; *$//' -e 's, *) *; *//.*$,,' | sort -ut "$(printf \\t)" -k 1,1 | join -t "$(printf \\t)" -a 1 -e undef -o 2.2 $k - > $k.val & shift done printf ' ' paste $TMP/keys $values #!/usr/bin/awk -f # Copyright 2018 Loïc Cerf (lc...@dcc.ufmg.br) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or (at # your option) any later version. # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # See . BEGIN { FS = "\t" } { val = "" for (i = 2; i = NF) print "user_pref(\"" $1 "\", " val ");" }
[Trisquel-users] Re : Web Browser
Here is a small AWK program that processes the output of the previous script: #!/usr/bin/awk -f BEGIN { FS = "\t" } { val = "" for (i = 2; i = NF) { print "user_pref(\"" $1 "\", " val ");" } } It does the same as https://github.com/jm42/compare-user.js, i.e., "adds a preference if there are >=50% [of the prefs.js/user.js files in argument of my previous script] with the same value and there no other value. The output file is already a valid file to include in your profile directory". Using the same four user.js files as earlier, only 60 keys satisfy the constraints: the output is attached. By the way, all the software I write, including the two scripts in this thread, is under the terms of the GNU General Public License version 3 or any later version.
[Trisquel-users] Re : Web Browser
I removed the tabs right before the sed call. The end of the lines were not removed when there was a comment afterwards: the last sed substitution is for that. Finally I was assuming the keys would be defined at most once per file but "ghacks" makes jokes with several definitions of a same "_user.js.parrot" key: I now just keep one of the definitions. Here is the fixed script: #!/bin/sh if [ -z "$1" ] then printf "Usage: $0 prefs1.js ... " exit fi printf '# key' TMP=`mktemp -dt all_prefs.XX` trap "rm -r $TMP 2>/dev/null" 0 keys=$TMP/$(seq -s " $TMP/" $#) values=$TMP/$(seq -s ".val $TMP/" $#).val mkfifo $TMP/keys $keys $values # List, in alphabetic order, all keys in at least one input file grep '^ *user_pref *( *"' "$@" | cut -d \" -f 2 | sort -u | tee $keys > $TMP/keys & for k in $keys do printf "\t$1" # List the value in "$1" associated to every key or "undef" grep '^ *user_pref *( *"' "$1" | cut -d \" -f 2- | tr -d "$(printf \\t)" | sed -e 's/" *, */'"$(printf \\t)"/ -e 's/ *) *; *$//' -e 's, *) *; *//.*$,,' | sort -ut "$(printf \\t)" -k 1,1 | join -t "$(printf \\t)" -a 1 -e undef -o 2.2 $k - > $k.val & shift done printf ' ' paste $TMP/keys $values Its output when given the four user.js files that https://github.com/jm42/compare-user.js considers is attached. That's very nice of you but perhaps it would be better to refactor it so that it is self explanatory (comments etc). I added two comments. The script is like 20 lines long. There is not much to refactor. We could probably make an interface (a form) with default and recommended values and a column in which the user can enter values (or pick from existing). Then a simple 'Submit' button would be able to generate the user.js. That would be a separate project that could take at input the output of this script (maybe to fill up a database). I will not write any PHP. I can write Shell command lines or AWK programs that process the table the above script outputs.
[Trisquel-users] Re : Web Browser
Here is a Shell script that creates a table from as many user.js and prefs.js file as you want (the only arguments of the script): #!/bin/sh if [ -z "$1" ] then printf "Usage: $0 prefs1.js ... " exit fi printf '# key' TMP=`mktemp -dt all_prefs.XX` trap "rm -r $TMP 2>/dev/null" 0 keys=$TMP/$(seq -s " $TMP/" $#) values=$TMP/$(seq -s ".val $TMP/" $#).val mkfifo $TMP/keys $keys $values grep '^ *user_pref *( *"' "$@" | cut -d \" -f 2 | sort -u | tee $keys > $TMP/keys & for k in $keys do printf "\t$1" grep '^ *user_pref *( *"' "$1" | cut -d \" -f 2- | sed -e 's/" *, */'"$(printf \\t)"/ -e 's/ *) *; *$//' | sort -t "$(printf \\t)" -k 1,1 | join -t "$(printf \\t)" -a 1 -e undef -o 2.2 $k - > $k.val & shift done printf ' ' paste $TMP/keys $values After a header, the script outputs one row per key, ordered alphabetically in the first column. There is one additional column per file (in the order they are given to the script). In such a column, the value is "undef" if the file does not define the key (present in at least one other file). Values are tab-separated. The script will work as long as the input files do not include any tab (\011). Supernumerary spaces anywhere in the input files should not raise any problem. For the challenge (performance is not an issue here), I wrote the script above under a constraint: to not write anything to the disk. Only to pipes (and the final output is to the standard output, that you can redirect). As a consequence, all the commands executed in the two longest lines and the final 'paste' run in parallel. If you (or somebody else) want(s) explanation about part of the script, I can answer.
[Trisquel-users] Re : Web Browser
If you have any better idea let me know. If you want scripts to handle the table, having tab-separated values (you may want to use commas in the cells) looks like a good idea. What scripts are you considering? I can potentially help with Shell or AWK scripts. For visualization, a script can convert the table into a HTML table.
[Trisquel-users] Re : Web Browser
This is nonsense. There is sense: the telemetry component of Firefox sends anonimized data that help Firefox's development, safe search warns about phishing and malware, etc. I am honestly tired of reading preaching about the 4 divine commandments which nobody cares to exercise in practice and just waits for the next listed recommendation. Firefox used by anybody to browse any site is freedom 0 in practice. Administrations and companies customizing Firefox for their needs are exercising freedom 1. Firefox in the repository of GNU/Linux distributions is freedom 2 in practice. And, again, Firefox's forks are freedom 3 in practice. Forks have arisen. Some claim they fix the issues. And they don't. And you still defend their bible. What fork I defended? I do not defend Firefox's default configuration either. Even less its adoption of EME. I defend the free software definition, which has nothing to do with what the software does but that you keep on blaming for not providing you the software you want. You just sit and evaluate what another one does and whether it conforms to the 4 divine commandments or not. And although I have asked a question explicitly saying to leave for a moment these 4, you are back to all that. You asked "Where is the community who has the 'freedoms' to modify things when such critical issue is found?" and I only replied to that. Now you wrongly claim the four freedoms are not "exercised in practice". So, you (not me) are the one "back to all that". You blame the free software definition for not providing you the software you want. If the community does not bring you the software you want, it probably is because it has different views than yours. "Different views than yours" is what you call "nonsense". Like I have said since the beginning of this thread, the privacy concerns you raise are interesting. I hope your advocacy will lead to more privacy-respecting Web browsers. Unfortunately, labeling every opinion different than yours as "nonsense" is not helping... I also hope you will eventually understand that "privacy" and "freedoms" are orthogonal issues. Imperfection (what includes privacy issues) is not the same as oppression. In other words, imperfection is not a reason to blame the free software definition, which has nothing to do with what the software does.
[Trisquel-users] Re : Web Browser
Where is the community who has the 'freedoms' to modify things when such critical issue is found? There are many Firefox forks, what would be impossible without freedom 3. If none fixes what you call "critical issues", it is because their communities do not see those as critical issues. Thanks to freedom 3, another fork can arise to fix the "critical issues". You can push in that direction or, like you do (and it is indeed better to not scatter the development effort), try to convince the developers of Firefox (or of one of the derivatives) that the issues you point are indeed critical and ought to be addressed, despite the associated loss in functionalities.
[Trisquel-users] Re : Web Browser
Trisquel 7 now has Abrowser 58, based on the same version of Firefox, released two days ago.
[Trisquel-users] Re : Web Browser
I think the effort should be concentrated on top management of Mozilla (how? I don't know). As a developer yold heyjoe in his first bug report: Bugzilla is not the place to discuss these topics; the governance mailing list might be the right place for it: https://lists.mozilla.org/listinfo/governance https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c14
[Trisquel-users] Re : Web Browser
sloccount "only" finds 9.1 million lines of code in https://archive.mozilla.org/pub/firefox/releases/57.0.4/source/firefox-57.0.4.source.tar.xz : $ sloccount firefox/ (...) SLOCDirectory SLOC-by-Language (Sorted) 1455904 media cpp=721654,ansic=571438,asm=95277,python=40386,java=13344, sh=9841,perl=2410,objc=895,xml=384,lisp=258,sed=17 1112010 gfx cpp=875484,ansic=186829,asm=43360,python=3053,yacc=1737, lex=951,sh=329,objc=123,perl=112,xml=22,awk=10 890116 dom cpp=857389,python=27930,xml=4623,perl=89,sh=85 766429 security ansic=530818,cpp=155678,asm=48901,sh=17876,python=6211, xml=4679,perl=1856,lex=306,yacc=79,sed=15,csh=10 699234 js cpp=625919,ansic=38409,asm=12643,sh=12341,python=9018, exp=499,perl=376,xml=29 574349 third_party ansic=313892,python=83331,cpp=79774,xml=54230,asm=21179, sh=15902,perl=2317,ada=1681,pascal=1138,cs=879,exp=22,awk=4 471389 modules cpp=269920,ansic=189121,python=6774,sh=3957,xml=1132, perl=340,awk=142,sed=3 387225 layout cpp=378933,python=4561,xml=2717,perl=513,sh=501 325043 mobile java=296871,xml=26932,python=759,cpp=424,sh=57 324290 intlcpp=284757,ansic=30062,sh=3935,perl=3358,xml=1905, python=255,sed=18 300401 testing python=196969,xml=75531,cpp=19160,ansic=4495,perl=2959, sh=676,php=444,ruby=150,csh=17 299856 toolkit cpp=224818,xml=35203,ansic=21372,sh=11029,python=4056, objc=2799,asm=372,perl=204,ruby=3 267014 netwerk cpp=182180,ansic=84551,python=257,sh=26 126832 db ansic=126832 123144 xpcom cpp=114588,python=4058,asm=3027,ansic=1429,perl=42 122439 widget cpp=116317,ansic=6122 120401 nsprpub ansic=112756,sh=3474,cpp=2802,asm=826,perl=405,python=138 117148 ipc ansic=54399,cpp=53748,python=8466,sh=535 114541 browser cpp=85427,xml=23658,python=5402,sh=54 60582 parser cpp=36285,java=12610,ansic=11668,xml=19 58302 accessible cpp=57597,ansic=267,xml=255,python=183 52690 editor cpp=48291,python=4382,sh=17 50635 python python=49672,xml=895,sh=68 35605 image cpp=35452,ansic=153 32536 mfbtcpp=29541,ansic=2915,sh=80 32214 tools cpp=26016,python=3957,perl=1269,sh=972 28242 other-licenses cpp=22434,ansic=3083,python=2612,pascal=113 25167 extensions cpp=24951,sh=216 22581 build python=8529,cpp=8380,sh=3710,java=1637,ansic=317, perl=8 20683 docshellcpp=20660,perl=21,xml=2 18734 servo python=17854,sh=531,java=256,xml=67,ansic=26 16720 taskcluster python=13477,sh=2866,xml=377 14779 uriloader cpp=14779 10824 storage cpp=10824 10568 mozglue cpp=10251,ansic=303,python=14 9780memory cpp=7647,ansic=1214,python=919 9417rdf cpp=9417 8646xpfecpp=7316,xml=1330 4197capscpp=4197 3952config python=2852,ansic=659,perl=405,asm=34,xml=2 2980devtoolscpp=2883,python=78,sh=12,xml=7 2959hal cpp=2959 2214chrome cpp=2214 2043viewcpp=2043 1070startupcachecpp=1070 751 servicescpp=471,xml=200,python=80 397 top_dir python=226,sh=171 130 embedding objc=74,sh=37,cpp=19 9 probes python=9 0 gradle (none) Totals grouped by language (dominant language first): cpp:5434669 (59.48%) ansic: 2293130 (25.10%) python: 506468 (5.54%) java:324718 (3.55%) xml: 234199 (2.56%) asm: 225619 (2.47%) sh: 89298 (0.98%) perl: 16684 (0.18%) objc: 3891 (0.04%) yacc: 1816 (0.02%) ada: 1681 (0.02%) lex: 1257 (0.01%) pascal:1251 (0.01%) cs: 879 (0.01%) exp:521 (0.01%) php:444 (0.00%) lisp: 258 (0.00%) awk:156 (0.00%) ruby: 153 (0.00%) sed: 53 (0.00%) csh: 27 (0.00%) Total Physical Source Lines of Code (SLOC)= 9,137,172 Development Effort Estimate, Person-Years (Person-Months) = 2,883.25 (34,599.01) (Basic COCOMO model, Person-Months = 2.4 * (KSLOC**1.05)) Schedule Estimate, Years (Months) = 11.06 (132.67) (Basic COCOMO model, Months = 2.5 * (person-months**0.38)) Estimated Average Number of Developers (Effort/Schedule) = 260.78 Total Estimated Cost to Develop = $ 389,487,939 (average salary = $56,286/year, overhead = 2.40). SLOCCount, Copyright (C) 2001-2004 David A. Wheeler SLOCCount is Open Source Software/Free Software, licensed under the GNU GPL. SLOCCount comes with
[Trisquel-users] Re : Web Browser
I discuss _privacy_ issues. In the excerpt I quoted, https://libreplanet.org/wiki/Libre_Browsers_Libre_Formats#Browsers_that_might_seem_free.2C_but_are_not is not about privacy. At all. Just a precision in my post: not all Firefox derivatives do not suffer from the freedom issues that the link points out. But Abrowser and IceCat are OK: 100% free as in freedom.
[Trisquel-users] Re : Web Browser
Chromium seems just as non-free as Firefox considering the link shared by another poster (https://libreplanet.org/wiki/Libre_Browsers_Libre_Formats#Browsers_that_might_seem_free.2C_but_are_not) yet for some reason people mention it as free, prefer it, fork it and make browsers using the same flawed code which obviously leads to the same privacy issues in the forks. The forks do not have the (real) *freedom* issues that the link points out. Privacy issues are not freedom issues.
[Trisquel-users] Re : Web Browser
I don't know if you understand what I am saying. I do not. Since you are redefining words, it is not surprising. The definition of freedom you list match the one I gave you. They do not say "freedom means no limitation" (like you wrote). That is fortunate because your definition is useless: since you can always made up things nobody can do (go back in time, turn into a tomato, etc.), nobody is and can ever be "free" by your definition! Freedom has no opposite. Yes, it has: slavery. Freedom is having no master, "exempt from; not in bondage, acting of one's own will" (the definition you give!). It is not "being unlimited". It is the least worse for the moment. So, you now recognize that there are "levels of privacy respects". I mean if it was 0/1, like you pretended earlier, writing "the least worse for the moment" would make no sense. And that is due to the poor design. What? Why is "the poor design" (of what?) the reason people are more at risk of being duped by phishing? It is possible to have TOR-ed nodes which pull them and host them. That is against the Terms of Service (see my reply to SuperTramp83). Exactly. But nobody pulls the cord (except RMS perhaps). Contrary to you, RMS trusts the free software community. He believes in in the collective control of the software through freedom 3. He neither reads nor wants to read all the source code of the programs he uses. Still I don't claim to be no expert, technology moves too fast to follow every aspect of it. That is true for everybody. We are all limited, i.e., nobody is free and can be free by your useless definition of freedom. Yet you want the source code of every program to be understandable by everybody, even non-programmers. It is simply impossible. Where is the source code? In the hands of its only user, Google, that is in control, as it should: https://www.gnu.org/philosophy/network-services-arent-free-or-nonfree.html I think services can be privacy respecting without having to trust a mid-man. Yes, they can. But being privacy-preserving has nothing to do with being free/proprietary. They are two separate (and both important) issues. Then I am waiting to see the lines of code with explanation proving that it is incorrect, so that everyone can understand it. It is incorrect that "excercising the freedom 1 is a next to impossible effort which obviously nobody would waste time on" (as you wrote). Take https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/TelemetryScalar.cpp as a random example. Many different people edited it (they need to study it before doing so!) and there are certainly many more users who read it without proposing changes: https://hg.mozilla.org/mozilla-central/log/tip/toolkit/components/telemetry/TelemetryScalar.cpp You are mixing different things. My sentence was not clear: airports that force you to enter a body scanner (where you almost appear naked) are *more* invasive than those only requiring your ID. There are "levels of privacy respects". Trying to justify these privacy violating things by evaluating them through FSF's 4 freedoms is meaningless. Indeed. I repeat that since the beginning: privacy is a feature, not a freedom. That does not mean it is not important. It is just a separate issue. Software should always be free, controlled by its users. Any piece of software can be free. Its authors only have to distribute it under a free software license. In contrast, we cannot expect the software to be 100% secure + 100% privacy-respectful + 100% efficient + 100% user-friendly + 100% accessible + 100% localized + 100% [add here your favorite feature]. Not only it requires a lot of work but it usually is impossible to have all that. There are physical limitations. There are trade-offs too.
[Trisquel-users] Re : Web Browser
Like I wrote to heyjoe: Distributing the lists is not the hard part. Creating them is. It involves crawling the Web and processing every page (Google does so in parallel virtual machines): https://www.usenix.org/legacy/events/hotbots07/tech/full_papers/provos/provos.pdf You cannot just redistribute Google's data: Unless expressly permitted by the content owner or by applicable law, you will not, and will not permit your end users or others acting on your behalf to, do the following with content returned from the APIs: Scrape, build databases, or otherwise create permanent copies of such content, or keep cached copies longer than permitted by the cache header; https://developers.google.com/terms/
[Trisquel-users] Re : Web Browser
In any case, technically it is possible to get information without loosing privacy. Example: you turn on the radio and you listen to music. For Safe Browsing that would mean continuously broadcasting to to all online systems hundreds of thousands of unsafe URLs: https://support.google.com/transparencyreport/answer/7381518/#size-of-blacklist *That* (not adding noise) would be extremely inefficient. And why stopping there? By your logic, every website should continuously broadcast whatever they host to all online systems! Freedom means no limitations. No it does not. You are not less free because you cannot fly, for instance. Freedom means "exemption from *external* control, interference, regulation, etc." (emphasis is mine): www.dictionary.com/browse/freedom As I wrote: being in control of your *own* life. Same here. So you agree that the enhanced security your parents get is worth the privacy they give up? Don't you think most users are like your parents and less like you? The first thing that comes to mind - torrents, mirrors (like we have for FOSS). There are other means too perhaps. Example: encouraging ISPs to keep a local mirror on the gateways, proxies. It is possible. Distributing the lists is not the hard part. Creating them is. It involves crawling the Web and processing every page (Google does so in parallel virtual machines): https://www.usenix.org/legacy/events/hotbots07/tech/full_papers/provos/provos.pdf The problem is that trust implies faith which is not facts. Trusting nobody, not even free software communities, and not being a programmer, you should stop using software. All of it. Google's servers are not less proprietary. Google's server (the software they run on their side) is trivially free: there is one single user and it has all four freedoms. On the contrary, Windows is distributed to many users that do not have the control they deserve on it. Maybe you wanted to write "Google's services" but services cannot be said free/proprietary: https://www.gnu.org/philosophy/network-services-arent-free-or-nonfree.html I would be happy to see that sending my IP address periodically with "noise" to Mozilla, Amazon or whoever is worth it. You apparently think it is worth it on your parents' computer. which means that nobody (except Mozilla) really knows what is going on (even they needed time to check). So excercising the freedom 1 is a next to impossible effort which obviously nobody would waste time on. That is not correct. Telemetry means remote measuring. Measuring means getting the value of a physical quantity and comparing it to a standard value. You file a bug in the "telemetry" component of Firefox. Whether you like it or not, "telemetry" means something precise in this context: it is the component that collects usage information and sent it to Mozilla, the source code in toolkit/components/telemetry/. To argue for general policy changes, you were invited to write to https://lists.mozilla.org/listinfo/governance They give new meaning to the words and argue over them just for the sake of argumentation. How should Firefox's telemetry component be called? Which implies that there are levels of privacy respect. Of course there is. You may agree to show your ID to take a plane but you would not accept nude pictures of you to be taken and published. There are levels of security too. And of ease of use. And of performance. Etc. Often, trade-offs between those features (again: they are not freedoms) must be sought. 100% privacy would mean not interacting with anybody. Ever. One of the biggest issues we face (and RMS will agree to that) is mass surveillence. It is. But RMS would not agree, not in 2014 and not now, that the free software definition has anything to do with what the software does or does not. Neither that it should. Today we have a system in which not only imperfections are used as backdoors but even more - we see how that system deliberately creates imperfections to infect the computers at hardware level which even the perfect FOSS cannot fix. Free software developers are humans. They make errors. Sometimes bug that become security vulnerability. We cannot promise you to write bug-free programs. But we can respect your freedoms. Letting you control, individually and collectively, the software you use. Including to fix bugs. Also Mozilla's programmer clearly said that what I raised is not documented publicly. What matters for freedom 1 is access to the source code. Anyway, even when there is documentation (such as in Safe Browsing's case), you are not happy. You want to understand the source code by yourself without being a programmer. You want programmer to make bug-free program. You want 100% privacy + 100% security + 100% ease of use + 100% performance + etc. You want the impossible. Unless you think
[Trisquel-users] Re : Web Browser
The problem with this statement is that you know (or rather can check) only what happens on the sending side. That is correct. But there is no magic: if you send little information, then little information is received on the other side. If you add noise, the receiver can exploit it even less. That is a basic test which shows if there is a communication or not. Too basic. Looking at what is communicated is relevant. If there is communication and it is not anonymized through TOR (it is not) - that obviously is a privacy issue. That is quite simple. If you consider that having the receiver know your Web browser is opened, then yes. And you should be able to disable the service it provides to stop that communication... but if that service is useful and cannot be achieved on your own computer (it is not SaaSS), then it does require communication and you may decide it is worth giving the information required to get the service. Are privacy and security 2 incompatible mutually exclusive concepts? Or rather because someone has designed a program in a way in which you must sacrifice one for the other? It is physically impossible to request information from a third party without communication. For example, you cannot ask whether a site is phishing without communication. You have to either choose choose privacy (no communication) over security (no warning about phishing) or the opposite (communicating the relevant information to receive the warnings). To make that choice, looking at what is actually communicated (how much privacy is sacrificed) is relevant to most users. If you consider that no service is worth communicating your IP address, then, really, there is no need to look at what is communicated... and you should stay offline (when you access this forum, Trisquel knows about it, your ISP too). Since you are online, you actually accept to send the relevant information (lose some privacy) to do whatever you do online. If you seek for compromise what happens is giving up freedom in exchange for convenience? You need not compromise on freedom. You should always stay in control of your own life. In computing, that means only using free software. There is no physical impossibility here (whereas requesting information without communication is impossible): every piece of software can be and should be free software. Meanwhile Intel ME can be sending data to organization X "User N, located ... is currently admiring the source code of Hello world". Yes. Intel ME, like any piece of software, can be and should be free software. There are organizations which consider that censoring entire geographic regions from accessing particular websites is a useful feature for the safety of the region. Should we agree to that too? No. And that has absolutely nothing to do with our conversation. There is enough evidence that the price people pay for using all kinds of "useful features" is pretty high. "All kinds of useful features" is too general to state anything about them. Again: details matter. I explained you the price of receiving warnings about phishing. You can consider that price too high. Other users, most users I believe, consider it is not. I have Safe Browsing disabled because I do not think I need it. However, I let it enabled on my parents' computer (that I administrate). I disagree to the centralized nature of it held in the hands of a single entity which can control it. There is a performance compromise too. I do not think (I may be wrong) anybody knows how to have a distributed Safe Browsing system that would not significantly slow down page loading. Do you know? As long as we cannot check for ourselves what exactly is happening on the other side of the wire it is all wishful thinking. There is no magic: if you send little information, then little information is received on the other side. If you add noise (like Firefox does with Safe Browsing), the receiver can exploit it even less. uppose I am the victim. I (a layman) don't know. I (a non-programmer) have not checked the source code. I (an average user) am forced to trust because there is a huge mountain of information which I need to dig in order to find out the truth, it is growing every day and a lifetime wouldn't suffice for it. But still I refuse to trust articles and want truth, not words, because I don't want to depend on another. I don't want my child (if I have one) to be tracked, logged, turned into a cog of a huge machine. What am I to do? You trust the community. Even if you were a programmer, it is impossible to read all the software you run: a life time is not enough. Exercising a collective control over the software is the reason for freedom 3. If you do not want to trust the community, then you should stop using software. I see no other possibility. The four freedoms do not solve
[Trisquel-users] Re : Web Browser
Yeah, as I said a truly libre and privacy friendly browser would not come with a ton of antiprivacy nonsense and a user should not have to do such a hard work to 'clean it up'. Taking a look at outgoing connections is not enough to deem how privacy-respectful a feature is. And that feature has advantages too. A compromise has to be sought. What I am saying is: details matter. Take Safe Browsing for example. The feature you manually disable after copying pyllyukko's user.js. That feature aims to warn a user who is about to access a page that is known for phishing or about to download known malware. Let us agree it is a useful feature. Now, you know Google is actually managing the lists of pages known for phishing or of known malware. If you stop your investigation at that point, you may believe that every URL that ends up in your address bar is sent to Google along with your IP address. *That* would be a privacy nightmare not worth the enhanced security... but SafeBrowsing, in Firefox, does not work that way. https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ explains how it works. And anybody can check whether it is true, thanks to freedom 1. In the case of phishing: Every 30 minutes, Firefox downloads, from a Safe Browsing server, a list of 4-byte hashes of URLs, which were deemed unsafe since the last update; Whenever the user is about to visit a page, the hash of its URL (excluding what is following a possible "?" in the URL) is compared with those in the local lists (no outgoing connection here); If it is not found, the page is displayed; otherwise the 4-byte hash is sent to a Safe Browsing server which returns all unsafe URLs matching the hash (there may be several: hashes suffer from collisions) and Firefox locally checks whether one of them is the URL to be accessed (if so, the warning is displayed; otherwise the page); To enhance privacy, Firefox requests, from time to time, the URLs of random hashes taken in the list. So, through Safe Browsing, Google only knows: every 30 minutes, that an IP address has a Web browser opened; that the user may (or not: because Firefox adds noise) have visited a URL whose hash was sent: it may be one of the unsafe pages having this hash or a safe page with the same hash. Not the privacy nightmare a naive implementation would yield. Safe Browsing's protection against malware is more intrusive. To block malware, even if it comes from unlisted pages, metadata about all binaries Firefox is about to download are sent to a Safe Browsing server. The risk of installing malware for GNU/Linux is probably not worth the privacy loss. That is why Abrowser disables that part of Safe Browsing by default. You see: a compromise is sought between security, privacy, performance and ease of use (Firefox's preferences only propose a global switch to disable Safe Browsing as a whole). The balance between those features (again: security, privacy, performance, ease of use, ... are features/capabilities, not freedoms) cannot suit every user. But it not "antiprivacy nonsense": for most users, being warned that a page is phishing (maybe imitating the page of your bank) is worth having Google know every 30 minutes that they have a Web browser opened and having it possibly guess (with a rather small probability) that they visited some specific pages. Especially when Google has many more reliable ways to do profile users (i.e., I very much doubt Google uses Safe Browsing to so): the advertisement it displays on most of the Web, the Google+ buttons, the Google fonts most of the Web pages download from Google, Google Analytics, which dominates the market, etc. In Firefox's preferences, the check box "Allow Firefox to send technical and interaction data to Mozilla" globally enables/disables Mozilla's telemetry. heyjoe's bug, filed against the "telemetry" component, pretended the opposite. He had not understood that the settings in about:config depend on each other: if datareporting.healthreport.uploadEnabled (the setting that can be set from the preferences) is false, no telemetry is sent, whatever the values of other entries in about:config that stands for more specific tunings of the telemetry component. That is why the bug was closed with the status "WORKSFORME". Telemetry allows the developers to discover bugs and know how the browser is used. They can then make it evolve the way the community wants it to evolve. https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c4 says "[Mozilla] only collect[s] anonymous usage statistics like how often Firefox crashes and how quickly the javascript garbage collector runs". It continues: But you don't have to trust us, you can check: If you enjoy reading bugs, please browse "Toolkit::Telemetry" for bugs about preferences and what they do. If you enjoy reading C++ and JavaScript,
[Trisquel-users] Re : Web Browser
There are two claims in there, as freedom (in the software sense) and privacy are to important but separate issues. I agree that Firefox does not adequately respect privacy, but it is free software which is why it is possible to create Firefox derivatives that improve the software with respect to privacy. Well said. heyjoe raises interesting privacy concerns. It is unfortunate he pretends they are freedom issues. They are not. That makes his arguments look bad, including on Mozilla's bug tracker: It is a shame that generally a useful technical investigation is made all but useless by waving "freedom 0" around here. Your freedom is about the user using the program in any way you like - not having the program or the vendor DO exactly what YOU what. Hence the other freedoms to achieve that. https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c16 https://www.gnu.org/philosophy/imperfection-isnt-oppression.html starts with: When a free program lacks capabilities that users want, that is unfortunate; we urge people to add what is missing. Some would go further and claim that a program is not even free software if it lacks certain functionality — that it denies freedom 0 (the freedom to run the program as you wish) to users or uses that it does not support. This argument is misguided because it is based on identifying capacity with freedom, and imperfection with oppression. The issues heyjoe raises are not lacks of capabilities but undesired capabilities or, to be more precise, capabilities whose side effects (potential spying) makes them undesirable. Yet, the same rationale applies. Ubuntu's spyware was a similar issue (although worse imho: even the main goal of the capability was not laudable) as those heyjoe points. The conclusion of https://www.gnu.org/philosophy/ubuntu-spyware is not that freedom 0 is tainted. Not at all. It is: What's at stake is whether our community can effectively use the argument based on proprietary spyware. If we can only say, “free software won't spy on you, unless it's Ubuntu,” that's much less powerful than saying, “free software won't spy on you.” Another problem, that https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c14 clearly states, is that Firefox/Chromium's bug tracker is not the place where policies are discussed. They are places for specific technical issues. And heyjoe does not seem to understand even simple technical explanations (e.g., that the check box "Allow Firefox to send technical and interaction data to Mozilla" switches datareporting.healthreport.uploadEnabled and that, once "false", all "telemetry" configs become moot: no telemetry is sent). Finally, I do not understand heyjoe's conclusion, in this thread: Mozilla seems not to care at all. Chromium developers replied much more sanely and as a whole Chromium so far seems the most privacy respecting browser On Mozilla's side he got an invitation to argue for policy changes in https://lists.mozilla.org/listinfo/governance and several statements like: No user should ever have to go into about:config to do anything as important as preserve their privacy. We take user control and user privacy too seriously to hide it away. It's the reason we have such rigorous review on the data we _do_ ask to collect, and the reason we only collect anonymous usage statistics https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c4 On Chromium's side: I guess your feature request boils down to "Create a setup in Chrome such that not network communication happens in the background." I acknowledge this feature request but don't think that it is very likely to become a priority soon. https://bugs.chromium.org/p/chromium/issues/detail?id=795526#c2
[Trisquel-users] Re : Web Browser
Indeed. And using the same source, here is the free software status of Chromium (the original question): Chromium might or might not be free. During the last review, the copyright or license of some code was unclear. It also has a similiar problem to Iceweasel and Firefox in which it links to proprietary plugins. (Chromium should NOT be confused with Google Chrome, which shares a codebase with Chromium but is not free software.) For details on the license issues, see the "Blocked on" list on the left of https://bugs.chromium.org/p/chromium/issues/detail?id=28291