Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Sat, 2017-12-23 at 04:36 +0100, drago01 wrote:
> On Friday, December 22, 2017, Adam Williamson 
> wrote:
> 
> > On Fri, 2017-12-22 at 07:01 -0500, Solomon Peachy wrote:
> > > 
> > > Especially since Fedora's maintainers *already* compile it, including
> > > changing some of the defaults.  What's a couple more?
> > 
> > AIUI, Mozilla doesn't actually like downstreams changing too much in
> > Firefox. I don't know exactly where their 'lines' are, but they are
> > known to assert trademark rights against downstreams to prevent them
> > changing some things and still calling the result 'Firefox'. (This
> > policy is why Debian ships 'Iceweasel' or whatever instead - so they
> > can modify it how they like without Mozilla complaining).
> > --
> Same for fedora - if you want to use the trademark.

Well yes, that's exactly the point I was making - there was a
suggestion to make downstream changes to some upstream defaults as part
of a response to this, I was saying we don't have an entirely free hand
to do that.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Benjamin Berg wrote:
> Actually, Debian ships Firefox again these days as the policies
> apparently have been changed/clarified enough.

They ship it as Firefox again under exactly the same kind of informal 
agreement that they already had once and that already burned them once 
(because Mozilla suddenly revoked it unilaterally without notice and even 
tried to deny its existence). That move made no sense whatsoever.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Matthew Miller]

On Sat, Dec 23, 2017 at 04:36:37AM +0100, drago01 wrote:
> Same for fedora - if you want to use the trademark.

Yes. It's not an unreasonable request. (Although Fedora does offer the
secondary "Fedora Remix" mark, and Firefox doesn't have anything
equvalent that I'm aware of.)


-- 
Matthew Miller

Fedora Project Leader
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[drago01]

On Friday, December 22, 2017, Adam Williamson 
wrote:

> On Fri, 2017-12-22 at 07:01 -0500, Solomon Peachy wrote:
> >
> > Especially since Fedora's maintainers *already* compile it, including
> > changing some of the defaults.  What's a couple more?
>
> AIUI, Mozilla doesn't actually like downstreams changing too much in
> Firefox. I don't know exactly where their 'lines' are, but they are
> known to assert trademark rights against downstreams to prevent them
> changing some things and still calling the result 'Firefox'. (This
> policy is why Debian ships 'Iceweasel' or whatever instead - so they
> can modify it how they like without Mozilla complaining).
> --
>

Same for fedora - if you want to use the trademark.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Matthew Miller]

On Fri, Dec 22, 2017 at 09:17:27AM -0800, Adam Williamson wrote:
> > Especially since Fedora's maintainers *already* compile it, including 
> > changing some of the defaults.  What's a couple more?
> AIUI, Mozilla doesn't actually like downstreams changing too much in
> Firefox. I don't know exactly where their 'lines' are, but they are
> known to assert trademark rights against downstreams to prevent them
> changing some things and still calling the result 'Firefox'. (This
> policy is why Debian ships 'Iceweasel' or whatever instead - so they
> can modify it how they like without Mozilla complaining).

There's some definite irony here: this policy is there because there
were a number of unscrupulous actors taking Firefox, adding malware
toolbars, and offering it for download, thus harming users and tainting
their reputation.



-- 
Matthew Miller

Fedora Project Leader
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Benjamin Berg]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2017-12-22 at 09:17 -0800, Adam Williamson wrote:
> On Fri, 2017-12-22 at 07:01 -0500, Solomon Peachy wrote:
> > Especially since Fedora's maintainers *already* compile it, including 
> > changing some of the defaults.  What's a couple more?
> 
> AIUI, Mozilla doesn't actually like downstreams changing too much in
> Firefox. I don't know exactly where their 'lines' are, but they are
> known to assert trademark rights against downstreams to prevent them
> changing some things and still calling the result 'Firefox'. (This
> policy is why Debian ships 'Iceweasel' or whatever instead - so they
> can modify it how they like without Mozilla complaining).

Actually, Debian ships Firefox again these days as the policies
apparently have been changed/clarified enough.

https://lwn.net/Articles/676799/

AFAICT, there is still little indication as to what modifications may
be considered "significant functional changes" by Mozilla though.

Benjamin
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEED2NO4vMS33W8E4AFq6ZWhpmFY3AFAlo9RgkACgkQq6ZWhpmF
Y3CM6Q/+IoEDD21MGk2Q/GmH1lO6YOO+E214bhvquRmpR8sWZ1g6OSSHKrp/mrfd
HvOcMQLD12dCzMQo+VW7Bxlyr2LRBBUYwcWKYvY9e1ZYJ01QCmL5cEFQx554uqbR
X8SuPcNMUlBX5RCbt+Z/VCV4g4WlWfzCuc1tJZhcMJwyUFl0oP7h9HTZ9VZCrYwv
/ClPH75w1Ia4Iuo40kiJRrXTJUW4KH0z6UiXghXNgGS5qUYTqHvRppo71qqcK1n3
o7wbHMJhjI+f9Fhgkp6IwlK7aAHmaxhUKrtf7f14sEh8AAhLO6Wvy9VJIjgF+CLH
NhMJlYYMC2BeLhCTleuZUy/yipbQN/yFPIQQw9EtRmR78vggXfSI5gCQJrn1ceUU
OPg2AM3IWYKeJ6P+15bAJFDG+TmmYBqYMH1FsMDxp2jsoc5yLKXTXbeaAsoSdRZg
Iy6JhI3gwQ9B5ESeqwUzIUJzl9b7uO8IMWIgv1IbeemP+xqXKFHTnSRXI6HbZF1u
OfDJm6SCsSaXcNFjYDUge5W7+Uj5kBYBLIkJVd1l1w8iFCAkFZEmHJd1qsYHyKLa
9mV0qZ7O+cI7yj177NoyHzLcTC1j2epVRPAWPgXZuSGJOLL7oqBhXEivYLp1gxK0
GQoXpxVd62N3aCMRQsRMepOPZ6Cy8QxXWpT+KCeqXZuVSJOT3NY=
=s9Ek
-END PGP SIGNATURE-
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Fri, 2017-12-22 at 07:01 -0500, Solomon Peachy wrote:
> 
> Especially since Fedora's maintainers *already* compile it, including 
> changing some of the defaults.  What's a couple more?

AIUI, Mozilla doesn't actually like downstreams changing too much in
Firefox. I don't know exactly where their 'lines' are, but they are
known to assert trademark rights against downstreams to prevent them
changing some things and still calling the result 'Firefox'. (This
policy is why Debian ships 'Iceweasel' or whatever instead - so they
can modify it how they like without Mozilla complaining).
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Solomon Peachy]

On Fri, Dec 22, 2017 at 12:33:20AM +0100, Kevin Kofler wrote:
> The thing is, the question is whether Firefox even still qualifies as Free 
> Software at all. We disagree with those actions for a reason, i.e., because 
> they are attacks on users' freedom!

It's Free Software, under every definition of the term.

Meanwhile, this not-so-little rant comes to mind:

 https://caddy.community/t/the-realities-of-being-a-foss-maintainer/2728

"I do find it ironic that the open source community is so irate about 
 having to compile software from source to customize it the way they 
 want."

Especially since Fedora's maintainers *already* compile it, including 
changing some of the defaults.  What's a couple more?

(And I might add that yanking Firefox as the default browser 
 will accomplish little more than to increase Chrome's market share)

 - Solomon
-- 
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL  ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.


signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Solomon Peachy wrote:
> There is a ginormous difference between not being able to legally ship
> something and deliberately not shipping perhaps _the_ premium Free
> Software application because you don't agree with every action of its
> authors.

The thing is, the question is whether Firefox even still qualifies as Free 
Software at all. We disagree with those actions for a reason, i.e., because 
they are attacks on users' freedom!

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Sergio Durigan Junior wrote:
> Midori has been "revived" only recently.  It stayed dead for a while,
> without any activity on the codebase/IRC channel, and accumulating a few
> CVE's here and there.

Interesting. I'd expect the browser itself to not really be security-
critical, the underlying web engine is. I guess the CVEs are things such as 
missing warnings for invalid certificates?

> However, we shouldn't blindly adopt Midori as the default browser without
> seriously looking at the health of the project

Sure, that should be obvious. Though I am not proposing to make Midori THE 
default browser for all of Fedora, I am only proposing it as a default for 
those Spins where it fits the best technology-wise.

> (that goes for any other browser, FWIW).

The other two browsers in my list are active projects maintained by large 
trustworthy upstreams Fedora is already successfully working with: one 
(QupZilla/Falkon) is about to become the official browser of the KDE 
project, the other one (GNOME Web/Epiphany) is already the official browser 
of the GNOME project. So I don't think there is any need to worry about the 
health of those 2 projects.

This also means that each of them is really the most suitable browser choice 
for the respective desktop environment, in the interest of providing an 
integrated user experience. The browser needs to return to being viewed as 
an integral part of the desktop environment, as it was in the Konqueror era. 
Firefox sticks out like a sore thumb on all of them.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Fenzi]

On 12/20/2017 03:37 PM, Kevin Kofler wrote:
> Kevin Fenzi wrote:
>> midori is dead upstream. Likely it should be retired, but I keep holding
>> out hope they will revive development. I definitely would not suggest
>> more widespread usage of it.
> 
> https://code.launchpad.net/~midori/midori/ doesn't look that dead. The 
> webKitTwoOnly branch you are currently packaging is dead, but it was 
> apparently replaced by a new webKit2Gtk3only branch.

Sure, which has had 6 non translation commits in the last year, and even
fewer before that. I wouldn't really call that active.

>> We shipped midori on the Xfce spin for a while, but people asked for
>> firefox.
> 
> People also ask for patent-encumbered codecs, Flash, etc. It is not always 
> the right decision to ship what some people ask for.

They were installing firefox post install and telling us that they
wanted us to save them time and just ship it on the spin. It really
didn't have anything to do with forbidden items.

kevin




signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Solomon Peachy]

On Thu, Dec 21, 2017 at 12:37:48AM +0100, Kevin Kofler wrote:
> People also ask for patent-encumbered codecs, Flash, etc. It is not always 
> the right decision to ship what some people ask for.

The phrase "cutting off our nose to spite our face" seems relevant here.

There is a ginormous difference between not being able to legally ship 
something and deliberately not shipping perhaps _the_ premium Free 
Software application because you don't agree with every action of its 
authors.

 - Solomon
-- 
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL  ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.


signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Sergio Durigan Junior]

On Wednesday, December 20 2017, Kevin Kofler wrote:

> Kevin Fenzi wrote:
>> midori is dead upstream. Likely it should be retired, but I keep holding
>> out hope they will revive development. I definitely would not suggest
>> more widespread usage of it.
>
> https://code.launchpad.net/~midori/midori/ doesn't look that dead. The 
> webKitTwoOnly branch you are currently packaging is dead, but it was 
> apparently replaced by a new webKit2Gtk3only branch.

Midori has been "revived" only recently.  It stayed dead for a while,
without any activity on the codebase/IRC channel, and accumulating a few
CVE's here and there.  I was Debian's Midori maintainer, and I decided
to retire the package because of these issues.  But apparently upstream
is slowly coming back to life, which is good news.  However, we
shouldn't blindly adopt Midori as the default browser without seriously
looking at the health of the project (that goes for any other browser,
FWIW).

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Kevin Fenzi wrote:
> midori is dead upstream. Likely it should be retired, but I keep holding
> out hope they will revive development. I definitely would not suggest
> more widespread usage of it.

https://code.launchpad.net/~midori/midori/ doesn't look that dead. The 
webKitTwoOnly branch you are currently packaging is dead, but it was 
apparently replaced by a new webKit2Gtk3only branch.

> We shipped midori on the Xfce spin for a while, but people asked for
> firefox.

People also ask for patent-encumbered codecs, Flash, etc. It is not always 
the right decision to ship what some people ask for.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Fenzi]

On 12/19/2017 03:24 AM, Kevin Kofler wrote:
> Chris Adams wrote:
>> I thought that this was actually a violation of the packaging policies,
>> but I can't seem to find it now; I only see the restriction on software
>> the requires downloads to be useful.  I think simply requiring Mozilla
>> to change their policies is unacceptable, as this still depends on a
>> third party to properly enforce such policies (and not have any security
>> issue that could result in untrusted addons being installed).
>>
>> IMHO such behavior needs to be disabled by default in any packages
>> shipped by Fedora for Fedora to remain a trustworthy distribution.
> 
> This is the very least that Fedora ought to do, and it has to be done 
> immediately!
> 
> In addition, for future Fedora releases, the default browser ought to be 
> changed to one with a more trustworthy upstream, e.g.:
> * QupZilla (soon to be Falkon) [https://www.qupzilla.com/],
> * GNOME Web / Epiphany [https://wiki.gnome.org/Apps/Web],
> * Midori [http://midori-browser.org/] (the WebKit2 branch snapshots that are
>   already in Fedora).

midori is dead upstream. Likely it should be retired, but I keep holding
out hope they will revive development. I definitely would not suggest
more widespread usage of it.

> In the interest of desktop integration, I would actually suggest using a 
> different browser on different Spins, matching the shipped desktop 
> environment (QupZilla on KDE and LXQt, GNOME Web on GNOME/Workstation, 
> Midori on the others).

We shipped midori on the Xfce spin for a while, but people asked for
firefox.

kevin



signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Ralf Corsepius]

On 12/18/2017 09:42 PM, Gerald B. Cox wrote:

Mozilla has already admitted they made a mistake and removed Looking 
Glass from the
Fx Studies.  I believe they understand the situation quite well.  It's 
not helpful to beat

a dead horse.


Do you think it's a dead horse? I don't.

Actually, I think Mozilla's management finally has unhidden their real 
face. Time for changes at Mozilla and for personal changes in their 
management - Period.


Ralf


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Greg Evenden]

> Chris Adams wrote:
> 
> This is the very least that Fedora ought to do, and it has to be done 
> immediately!
> 
> In addition, for future Fedora releases, the default browser ought to be 
> changed to one with a more trustworthy upstream, e.g.:
> * QupZilla (soon to be Falkon) [https://www.qupzilla.com/],
> * GNOME Web / Epiphany [https://wiki.gnome.org/Apps/Web],
> * Midori [http://midori-browser.org/] (the WebKit2 branch snapshots that are
>   already in Fedora).
> 
> In the interest of desktop integration, I would actually suggest using a 
> different browser on different Spins, matching the shipped desktop 
> environment (QupZilla on KDE and LXQt, GNOME Web on GNOME/Workstation, 
> Midori on the others).
> 
> That said, QupZilla, while being a Qt application, actually has better GNOME 
> integration than Firefox: It uses the system icon theme out of the box, it 
> has native look and native file dialogs thanks to QGnomePlatform, and 
> there is even an optional plugin to make it use GNOME Keyring.
> 
> In addition, using a browser adapted to the desktop would also provide a 
> much more integrated experience to our users:
> https://wiki.gnome.org/Apps/Web/Docs/FrequentlyAskedQuestions#Mozilla_and...
> https://www.spinics.net/linux/fedora/fedora-kde/msg13235.html
> 
> Kevin Kofler
IMO Going Back to SeaMonkey would be a Better Bet than any of the following 
Browsers you mentioned . 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Gerald B. Cox]

On Tue, Dec 19, 2017 at 3:19 AM, Daniel P. Berrange 
wrote:

>
> None the less, if we consider Fedora maintainers to be adding value via the
> packaging process, over having users get their browser direct from Mozilla,
> then I do still think it is desirable to be able to opt-out of this feature
> in Fedora builds.
>

Being pragmatic, I doubt that is going to happen for various reasons:
1.  Mozilla would have to agree to it
2.  You'd have to find a maintainer willing to do it - packaging is not
hacking
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Tue, 2017-12-19 at 09:47 -0500, John Florian wrote:
> On Mon, 2017-12-18 at 11:16 -0800, Adam Williamson wrote:
> > Well, not quite. I installed Firefox rather a long time ago on this
> > system. Again I can't prove it, but at that time I believe this
> > question and preference referred *only* to 'data collection'. However,
> > since then, a new sub-preference seems to have appeared, labelled
> > 'Allow Firefox to install and run studies'. It appears, so far as I can
> > tell, that they are claiming this promotional tie-in constituted a
> > "study". That's a weak claim to start with, but more importantly, I am
> > fairly sure this "Allow Firefox to install and run studies" preference
> > was simply set to 'true' when it was *added* to Firefox. I was not
> > asked. If I had been, I'm pretty sure I would've said no.
> 
> Count me in the same boat.  I hadn't noticed that option until now.  
> 
> However, before I toggled it off, I noticed the setting "Prevent
> accessibility services from accessing your browser".  I briefly read
> the "Learn more" for that feature and upon deciding that I have no need
> for accessibility services at all, it was just better to toggle that
> off.  Fx then wanted to restart for that change.  Much to my surprise,
> when I got back to the security/privacy settings, the one for "Allow Fx
> to install and run studies" had vanished ... and yes, the "Allow Fx to
> send technical and interaction data to Moz" is still enabled.

Sounds related to the issue someone else mentioned about the setting
not showing up in languages other than English, perhaps...
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[John Florian]

On Mon, 2017-12-18 at 11:16 -0800, Adam Williamson wrote:
> Well, not quite. I installed Firefox rather a long time ago on this
> system. Again I can't prove it, but at that time I believe this
> question and preference referred *only* to 'data collection'. However,
> since then, a new sub-preference seems to have appeared, labelled
> 'Allow Firefox to install and run studies'. It appears, so far as I can
> tell, that they are claiming this promotional tie-in constituted a
> "study". That's a weak claim to start with, but more importantly, I am
> fairly sure this "Allow Firefox to install and run studies" preference
> was simply set to 'true' when it was *added* to Firefox. I was not
> asked. If I had been, I'm pretty sure I would've said no.

Count me in the same boat.  I hadn't noticed that option until now.  

However, before I toggled it off, I noticed the setting "Prevent
accessibility services from accessing your browser".  I briefly read
the "Learn more" for that feature and upon deciding that I have no need
for accessibility services at all, it was just better to toggle that
off.  Fx then wanted to restart for that change.  Much to my surprise,
when I got back to the security/privacy settings, the one for "Allow Fx
to install and run studies" had vanished ... and yes, the "Allow Fx to
send technical and interaction data to Moz" is still enabled.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Daniel P. Berrange wrote:
> Conversely though in a Flatpak world though, we would be moving much
> closer the model of Windows/OS-X/Android where Mozilla has a more direct
> way to push software to users, without a OS vendor arbitrarily rebuilding
> & repackaging stuff.

And that is one big reason why the Flatpak world is not the world we want to 
be in!

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Chris Adams wrote:
> I thought that this was actually a violation of the packaging policies,
> but I can't seem to find it now; I only see the restriction on software
> the requires downloads to be useful.  I think simply requiring Mozilla
> to change their policies is unacceptable, as this still depends on a
> third party to properly enforce such policies (and not have any security
> issue that could result in untrusted addons being installed).
> 
> IMHO such behavior needs to be disabled by default in any packages
> shipped by Fedora for Fedora to remain a trustworthy distribution.

This is the very least that Fedora ought to do, and it has to be done 
immediately!

In addition, for future Fedora releases, the default browser ought to be 
changed to one with a more trustworthy upstream, e.g.:
* QupZilla (soon to be Falkon) [https://www.qupzilla.com/],
* GNOME Web / Epiphany [https://wiki.gnome.org/Apps/Web],
* Midori [http://midori-browser.org/] (the WebKit2 branch snapshots that are
  already in Fedora).

In the interest of desktop integration, I would actually suggest using a 
different browser on different Spins, matching the shipped desktop 
environment (QupZilla on KDE and LXQt, GNOME Web on GNOME/Workstation, 
Midori on the others).

That said, QupZilla, while being a Qt application, actually has better GNOME 
integration than Firefox: It uses the system icon theme out of the box, it 
has native look and native file dialogs thanks to QGnomePlatform, and 
there is even an optional plugin to make it use GNOME Keyring.

In addition, using a browser adapted to the desktop would also provide a 
much more integrated experience to our users:
https://wiki.gnome.org/Apps/Web/Docs/FrequentlyAskedQuestions#Mozilla_and_Firefox
https://www.spinics.net/linux/fedora/fedora-kde/msg13235.html

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Daniel P. Berrange]

On Mon, Dec 18, 2017 at 01:19:26PM -0500, Stephen John Smoogen wrote:
> On 18 December 2017 at 13:08, Matthew Miller  wrote:
> > On Mon, Dec 18, 2017 at 09:55:26AM -0800, Adam Williamson wrote:
> >> I think we should be concerned by this kind of behaviour on the part of
> >> the supplier of our default desktop browser, and we should express that
> >> concern to them. Assuming Fedora-as-a-project shares my concern, do we
> >> have a channel to communicate with them about this, and request
> >> assurances that they understand the seriousness of this, and that they
> >> have changed policies so that nothing like it will happen in future?
> >
> > Is there a fundamental difference between this and, if, say, similar
> > functionality were in the FF 57 release itself?
> >
> >
> 
> I am not sure I understand your question enough to formulate what
> difference you are wanting. Since the addon was distributed POST
> install without user intervention, it would seem yes there is a big
> difference. If it were installed in FF57 then I wouldn't
> install/update to that version. If it is 'pushed' post install then it
> means that just using the software means that Mozilla can push addons
> to my desktop without my intervention or knowledge. This takes the
> browser from being my software to always being 'their' software which
> I am just using for their pleasure.

It occurred to me that Mozilla's view of this service is probably biased
the way they support non-Linux desktop platforms (Windows, OS-X, Android,
etc) where 95%+ of their users are. There the users have a direct interaction
with Mozilla as the distributor. Once they have downloaded Firefox for windows
from Mozilla's website, Mozilla can push out updates to their browser on
the fly, and for a large % of users this requires no intervention/approval.
There is no middle man "OS vendor" as you get with Linux distros (ok app
stores are a middle man, but that's more about rubber stamping the release,
not re-packaging & rebuilding firefox). So in this world, the ability to
push out code as add-ons without user intervention, doesn't feel significantly
different than their ability to push out the entire new browser verson
releases to users, largely without intervention.

None the less, if we consider Fedora maintainers to be adding value via the
packaging process, over having users get their browser direct from Mozilla,
then I do still think it is desirable to be able to opt-out of this feature
in Fedora builds.

Conversely though in a Flatpak world though, we would be moving much closer
the model of Windows/OS-X/Android where Mozilla has a more direct way to
push software to users, without a OS vendor arbitrarily rebuilding & repackaging
stuff.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Adam Williamson wrote:
> Well, not quite. I installed Firefox rather a long time ago on this
> system. Again I can't prove it, but at that time I believe this
> question and preference referred *only* to 'data collection'. However,
> since then, a new sub-preference seems to have appeared, labelled
> 'Allow Firefox to install and run studies'. It appears, so far as I can
> tell, that they are claiming this promotional tie-in constituted a
> "study". That's a weak claim to start with, but more importantly, I am
> fairly sure this "Allow Firefox to install and run studies" preference
> was simply set to 'true' when it was *added* to Firefox. I was not
> asked. If I had been, I'm pretty sure I would've said no.

IMHO, the fact that telemetry exists and is enabled by default is already an 
unacceptable privacy invasion. And the misfeature to abuse users as guinea 
pigs is even more unacceptable.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Daniel P. Berrange wrote:
> It was brought up elsewhere that Chrome/Chromium in the past has done
> something worse in scope, silently downloading an add-on to that turns
> on & listens to your microphone. Ostensibly to detect the "ok google"
> keyword, but since its a closed source add-on can you be sure that's all
> it does...
> 
>  
> https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/
> 
> Fortunately, the Fedora builds of Chromium have explicitly disabled this
> feature (enable_hotwording=false in chromium.spec)

Note that enable_hotwording is off by default in Chromium (not Chrome) 
builds (has been since Chromium 45). Only Chromium 43 and 44 are affected 
(because this "feature" was added in Chromium 43).

Also note that this implies that QtWebEngine was never affected, because 
there is no QtWebEngine branch based on Chromium 43 or 44. (QtWebEngine 5.5 
shipped Chromium 40, QtWebEngine 5.6 LTS started on Chromium 45.) In 
addition, QtWebEngine is not built with NaCl support, so there is no way 
that plugin could have run to begin with even if it had been downloaded.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Kofler]

Matthew Miller wrote:
> Is there a fundamental difference between this and, if, say, similar
> functionality were in the FF 57 release itself?

If Firefox itself contained such adware, that would make the entire browser 
unusable.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Tom Hughes]

On 19/12/17 01:11, Thomas Daede wrote:

On 12/18/2017 03:00 PM, Sam Varshavchik wrote:

Does anyone read this as Mozilla admitting that they messed up?


This was published today:
https://blog.mozilla.org/firefox/update-looking-glass-add/


It's certainly an improvement on their previous efforts though it still 
rather skates around some of the most important points.


They still seem to be concentrating on the details of what this specific 
addon did or didn't do rather than on the abuse of the "shield studies" 
mechanism. To remind ourselves 
https://support.mozilla.org/en-US/kb/shield describes them as:


  SHIELD studies let you try out different features and ideas before
  they are released to all Firefox users. Using your feedback, we
  can make more informed decisions based on what you actually need.

So they are about testing new browser features, and yet in that blog 
post they are described as "our auto-install mechanism for add-ons" 
which while it might be what shield studies amount to technically shows 
that internally they are viewed (at least by some people) much more broadly.


I realise it goes on to say they are conducting a review, which will 
presumably cover the approval process for shield studies and why it 
seems that marketing was able to push this through - indeed why 
marketing even had access to a channel designed for feature testing.


Just the fact that response to this still seems to be led by their 
marketing department (with all response coming from the chief marketing 
officer) and not by security/privacy teams says quite a lot really.


It seems obvious that either people with responsibility for security and 
privacy issues didn't have visibility of what was happening here, which 
would suggest a seriously broken process for approving shield studies, 
or they didn't have the political power to overrule the marketing 
department which is many ways an even bigger problem because that is a 
cultural issue at the heart of the organisation that will be hard to fix.


Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Thomas Daede]

On 12/18/2017 03:00 PM, Sam Varshavchik wrote:
> Does anyone read this as Mozilla admitting that they messed up?

This was published today:
https://blog.mozilla.org/firefox/update-looking-glass-add/



signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Gerald B. Cox]

On Mon, Dec 18, 2017 at 3:00 PM, Sam Varshavchik 
wrote:

>
> Can you point out to me which part indicates that Mozilla admits that they
> made a mistake. Sounds to me like they're just blaming the dumb users for
> not understanding how wonderful was "the experience [they] created".
>

Keeping with the Mr. Robot motif, it is a riddle, wrapped in a mystery,
inside an enigma.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Sam Varshavchik]

Gerald B. Cox writes:

Everyone makes mistakes - this wasn't the first by Mozilla and won't be the  
last.  I don't believe
they are acting out of malice.  As long as they admit and correct mistakes as  
they go along

that is fine with me.


Here's the most complete statement from Mozilla that I could find regarding  
this:




"Our goal with the custom experience we created with Mr. Robot was to engage  
our users in a fun and unique way," Mozilla's chief marketing officer,  
Jascha Kaykas-Wolff, told Gizmodo. "Real engagement also means listening to  
feedback. And so while the web extension/add-on that was sent out to Firefox  
users never collected any data, and had to be explicitly enabled by users  
playing the game before it would affect any web content, we heard from some  
of our users that the experience we created caused confusion."


"As a result we will be moving the Looking Glass Add-on to our Add-On store  
within the next 24 hours so Mr. Robot fans can continue to solve the puzzle  
and the source can be viewed in a public repository," Kaykas-Wolff added.




Can you point out to me which part indicates that Mozilla admits that  
they made a mistake. Sounds to me like they're just blaming the dumb users  
for not understanding how wonderful was "the experience [they] created".


Does anyone read this as Mozilla admitting that they messed up?



pgpaDMipRPWer.pgp
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Björn Persson]

Daniel P. Berrange wrote:
> IMHO requesting support for a build flag to disable this ability to
> remotely push executable code out to user's browser is not unreasonable,

I agree. There should be a single, properly documented build-time option to 
disable all current and future features that download and execute code without 
asking the user for explicit permission. If such an option doesn't exist, then 
I think the Fedora project should request one – and then use it. Any such 
feature should be strictly opt-in if it must exist at all (except for 
Javascript from the website being visited, because as much as I would like to 
make Javascript optional there's no chance of that happening at this point).

Björn Persson


signature.asc
Description: This is a digitally signed message part.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Björn Persson]

Chris Adams wrote:
> Are
> there any other packages that can silently download and run non-Fedora
> code?

The other web browsers. They'll silently download and run Javascript code from 
pretty much every website. It's a crazy dangerous practice, but that genie 
isn't going to go back into the bottle. But perhaps you meant "download and 
run without even trying to sandbox it"?

Björn Persson


signature.asc
Description: This is a digitally signed message part.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[nicolas . mailhot]

- Mail original -
De: "Adam Williamson" 

> My mail is based on a belief that Mozilla is still one of the better
> actors we have to work with in the category of desktop browser
> suppliers,

Adam, I agree it's still one of the better actors, but the better actor bar 
keeps lowering every year.

Mozilla has progressively redefined its "protect users of the internet" goal to 
"protect the communication between users and websites", and given how powerful 
javascript is nowadays that actually means "protect the right of websites to 
abuse users as they wish". They will lobby for any web standard extension 
pushed by cloud giants on the grounds it makes the internet better, without any 
thought for the effects of those extensions on protection of users from abusive 
websites.

Looking Glass is typical of this mindset: the server/cloud-side defines the 
rules, in that case server/cloud-side == Mozilla marketing, why should it 
constrain itself when it fights all year long to give the same power to any 
random website?

Regards,

-- 
Nicolas Mailhot
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Björn Persson]

Florian Weimer wrote:
> On 12/18/2017 08:31 PM, Chris Murphy wrote:
> > I don't remember being actively asked about such data collection, and
> > I've recently installed on a clean system, nightly on Fedora, and then
> > final releases of 57 on Windows and macOS. Does anyone have a screen
> > shot or description of what this "ask" looks like, and when it
> > appears?
> 
> It keeps changing.  Currently, it's a pop-under tab shown once if you 
> open a new profile,

A background tab where the only visible words are "Firefox by default shares" 
does not match my understanding of what the word "ask" means.

And if I actually notice the tab and read the page, I don't see anything about 
silently installing additional software.

Björn Persson


signature.asc
Description: This is a digitally signed message part.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Mon, 2017-12-18 at 22:36 +0100, nicolas.mail...@laposte.net wrote:
> Is it surprising that the Mozilla foundation, that decided long ago
> that users were idiots that didn't know what they wanted, and
> reoriented itself to serve the cloud industry

I don't share this opinion at all. If Fedora as a project does, then
the obvious course of action would be to find an alternative default
browser.

My mail is based on a belief that Mozilla is still one of the better
actors we have to work with in the category of desktop browser
suppliers, but that it's reasonable to believe that a message to them
from a relatively significant downstream along the lines of "hey,
folks, we kinda need you to demonstrate that you really understand why
this was a bad idea and be clear about how you plan to pull your socks
up" might have positive results.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Björn Persson]

Adam Williamson wrote:
> since then, a new sub-preference seems to have appeared, labelled
> 'Allow Firefox to install and run studies'.

In the Swedish translation the sub-preference doesn't even exist. There is no 
second checkbox under the translation of "Allow Firefox to send technical and 
interaction data to Mozilla".

I was going to ask where this sub-preference was supposed to be as I couldn't 
find it. I restarted Firefox with "LANG=C firefox" to get the exact English 
wording of "Allow Firefox to send technical and interaction data to Mozilla", 
and only then did "Allow Firefox to install and run studies" appear. And it's 
turned on by default.

So now the question is: Do speakers of other languages have to periodically 
start Firefox in English mode and look for new misfeatures that they might 
want to opt out of, or are these so-called studies only inflicted on speakers 
of certain languages? Or did the option get turned on automatically now that I 
started Firefox in the C locale, and remains enabled henceforth unless I 
explicitly disable it?

Björn Persson


signature.asc
Description: This is a digitally signed message part.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Gerald B. Cox]

On Mon, Dec 18, 2017 at 1:03 PM, Adam Williamson  wrote:

>
> Again, this is something I covered in my original mail. We distribute
> Firefox as the default browser to a large number of people who trust us
> to provide them with software. This gives us both a responsibility to
> our users and, presumably, some level of organized clout with Mozilla:
> I believe they will treat the concerns of the Fedora project with
> somewhat more interest than they would treat the concerns of...me.
>
> Raising it with upstream is exactly what I am suggesting, but I am
> suggesting that *the Fedora project* raises it with upstream. Not me.
>

If the Fedora project wants to do a "me too" that's fine - it's not going
to hurt anything - my point
was I believe they got the message loud and clear:

https://support.mozilla.org/en-US/questions/1194583#question-reply

and as you'll see, I was a bit blunt with them on the 13th:
"Folks this is really unacceptable. Reddit is losing their mind about it.
It's fine if this is associated with Shields studies - but you need use a
meaningful description - not some random quote that you think might be
cute.
It's not amusing to the millions of users who are thinking WTF."
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[nicolas . mailhot]

De: "Adam Williamson"
> I think we should be concerned by this kind of behaviour on the part of
> the supplier of our default desktop browser, and we should express that
> concern to them.

Adam,

We should understand that there is a whole software ecosystem that grew on the 
Internet and free software, but emphatically does *not* share Fedora values.

For them free software is at best an absurdity and at worst an abomination, and 
open source is acceptable insofar it offers a ramp to open core or cloud 
services (which are really the same thing under different guises).

They are here to monetize users one way or another, will collect as much data 
as possible in the hope of selling it so someone, will make as much a PITA as 
possible the rebuilding of their software because free software that can only 
be rebuilt sanely by one org has all the properties of proprietary software 
without the associated user rejection. They will lobby for 'open source' and 
'bundling' and 'container images' because that reduces the actual chance their 
software can be industrialized by others (ie that severely reduces the SHARE 
property). Linux distributions in particular are their enemy both because they 
reduce the cost of deploying their software to zero, and have the capability to 
remove antifeatures at will.

Those people look closely at how Google managed to build android from open 
source bricks without letting it escape from its control and dearly wish to 
emulate that.

They are the same people that thought AIX and Solaris were crushing Linux, 
because their indicator was the amount of money paid for each system, not how 
useful it was for the society in general.

A few years ago their indicator switched to the number of users (when people 
were paying ridiculous amounts of money for websites based on their user 
count), now the indicator is moving to the amount of data that can be extracted 
from users (because big data and AI and get rich quick magic), next year it 
will be something else that will have no relationship with Fedora values.

Is it surprising that the Mozilla foundation, that decided long ago that users 
were idiots that didn't know what they wanted, and reoriented itself to serve 
the cloud industry, is increasingly sharing the values of this cloud industry, 
and only caring about user needs as defined by this industry? I'm sure the 
people that invented "looking glass" didn't realize (and do not realize today) 
there was any problem with it. I'm sure they are fuming at the injustice of 
getting hung high and dry when they were just doing business as usual as 
defined in those not-really-free-software circles.

This is only the first of many similar incidents, if we continue to think that 
any one professing "open source" is our friend. Many are not. Free software won 
the development story but free software values are no less marginal than a 
decade ago. Maybe even more so, now that the water is severely muddied.

Regards,

-- 
Nicolas Mailhot
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Florian Weimer]

On 12/18/2017 09:59 PM, Gerald B. Cox wrote:

Everyone makes mistakes - this wasn't the first by Mozilla and won't be the
last.  I don't believe they are acting out of malice.


Of course not.  But at some level, there is a deception involved: 
Mozilla present a strong privacy focus for Firefox, but clearly lacks 
the processes to systematically prevent such blunders.


Of course, you can dismiss this as the usual tension between marketing 
and technical reality.  It's a bit like the reputation of Linux as a 
secure system vs the actual development procedures.


Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Mon, 2017-12-18 at 12:59 -0800, Gerald B. Cox wrote:
> On Mon, Dec 18, 2017 at 12:51 PM, Adam Williamson <
> adamw...@fedoraproject.org> wrote:
> 
> > 
> > > The only reason we are beating a dead horse is because you keep
> > > telling us that we shouldn't have beaten a dead horse in a way that
> > > requires us to explain why we are doing so. Look we understand.. you
> > > think we should all be friends again. Some of us however are on the
> > > "Play a trick on me once, shame on you.. Play a trick on me twice..
> > > shame on me" and this is number 3 or 4..
> > 
> > Right. As my original mail should have made clear to you but apparently
> > didn't, the point where I disagree with you is the idea that Mozilla
> > has "learnt its lesson". Nothing in any Mozilla statement I've seen so
> > far makes me believe that Mozilla has actually learned the right
> > lesson, and as Smooge points out, it is beginning to build up a track
> > record which makes me less willing to just trust that they have without
> > them explicitly stating it and outlining exactly what they have changed
> > in order to ensure that more things like this don't happen in future.
> > 
> 
> Everyone makes mistakes - this wasn't the first by Mozilla and won't be the
> last.  I don't believe
> they are acting out of malice.  As long as they admit and correct mistakes
> as they go along
> that is fine with me.  In any event, I don't believe this is a Fedora issue
> - it's an upstream issue.
> If you're unhappy with a particular direction or decision regarding Fx, it
> would be better to air those
> concerns upstream.

Again, this is something I covered in my original mail. We distribute
Firefox as the default browser to a large number of people who trust us
to provide them with software. This gives us both a responsibility to
our users and, presumably, some level of organized clout with Mozilla:
I believe they will treat the concerns of the Fedora project with
somewhat more interest than they would treat the concerns of...me.

Raising it with upstream is exactly what I am suggesting, but I am
suggesting that *the Fedora project* raises it with upstream. Not me.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Gerald B. Cox]

On Mon, Dec 18, 2017 at 12:51 PM, Adam Williamson <
adamw...@fedoraproject.org> wrote:

>
> > The only reason we are beating a dead horse is because you keep
> > telling us that we shouldn't have beaten a dead horse in a way that
> > requires us to explain why we are doing so. Look we understand.. you
> > think we should all be friends again. Some of us however are on the
> > "Play a trick on me once, shame on you.. Play a trick on me twice..
> > shame on me" and this is number 3 or 4..
>
> Right. As my original mail should have made clear to you but apparently
> didn't, the point where I disagree with you is the idea that Mozilla
> has "learnt its lesson". Nothing in any Mozilla statement I've seen so
> far makes me believe that Mozilla has actually learned the right
> lesson, and as Smooge points out, it is beginning to build up a track
> record which makes me less willing to just trust that they have without
> them explicitly stating it and outlining exactly what they have changed
> in order to ensure that more things like this don't happen in future.
>

Everyone makes mistakes - this wasn't the first by Mozilla and won't be the
last.  I don't believe
they are acting out of malice.  As long as they admit and correct mistakes
as they go along
that is fine with me.  In any event, I don't believe this is a Fedora issue
- it's an upstream issue.
If you're unhappy with a particular direction or decision regarding Fx, it
would be better to air those
concerns upstream.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Mon, 2017-12-18 at 15:48 -0500, Stephen John Smoogen wrote:
> On 18 December 2017 at 15:42, Gerald B. Cox  wrote:
> 
> > > And in any case, a tie-in with a television-show related game is
> > > clearly neither telemetry nor some kind of user interaction study. Yet
> > > to me, Mozilla's response does not seem to convey understanding of this
> > > at all. It basically just says "oh don't worry it didn't do anything by
> > > default", which is sort of grandly missing the point.
> > > 
> > 
> > Mozilla has already admitted they made a mistake and removed Looking Glass
> > from the
> > Fx Studies.  I believe they understand the situation quite well.  It's not
> > helpful to beat
> > a dead horse.
> > 
> 
> The only reason we are beating a dead horse is because you keep
> telling us that we shouldn't have beaten a dead horse in a way that
> requires us to explain why we are doing so. Look we understand.. you
> think we should all be friends again. Some of us however are on the
> "Play a trick on me once, shame on you.. Play a trick on me twice..
> shame on me" and this is number 3 or 4..

Right. As my original mail should have made clear to you but apparently
didn't, the point where I disagree with you is the idea that Mozilla
has "learnt its lesson". Nothing in any Mozilla statement I've seen so
far makes me believe that Mozilla has actually learned the right
lesson, and as Smooge points out, it is beginning to build up a track
record which makes me less willing to just trust that they have without
them explicitly stating it and outlining exactly what they have changed
in order to ensure that more things like this don't happen in future.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Stephen John Smoogen]

On 18 December 2017 at 15:42, Gerald B. Cox  wrote:

>> And in any case, a tie-in with a television-show related game is
>> clearly neither telemetry nor some kind of user interaction study. Yet
>> to me, Mozilla's response does not seem to convey understanding of this
>> at all. It basically just says "oh don't worry it didn't do anything by
>> default", which is sort of grandly missing the point.
>>
> Mozilla has already admitted they made a mistake and removed Looking Glass
> from the
> Fx Studies.  I believe they understand the situation quite well.  It's not
> helpful to beat
> a dead horse.
>

The only reason we are beating a dead horse is because you keep
telling us that we shouldn't have beaten a dead horse in a way that
requires us to explain why we are doing so. Look we understand.. you
think we should all be friends again. Some of us however are on the
"Play a trick on me once, shame on you.. Play a trick on me twice..
shame on me" and this is number 3 or 4..


> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
>



-- 
Stephen J Smoogen.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[R P Herrold]

On Mon, 18 Dec 2017, Chris Adams wrote:

> the requires downloads to be useful.  I think simply requiring Mozilla
> to change their policies is unacceptable, as this still depends on a
> third party to properly enforce such policies (and not have any security
> issue that could result in untrusted addons being installed).
> 
> IMHO such behavior needs to be disabled by default in any packages
> shipped by Fedora for Fedora to remain a trustworthy distribution.

'Electrolysis' was a Mozilla.org codeword for a sub-project 
enabling in an A:B sample, 'telemetry' -- that is keystroke 
logging, click monitoring, timing, and more, largely without 
prominent external notice.

I had a performance issue related to inter-tab communication 
in a restrictive environment I run Firefox in, along with 
SElinux denials, and spent some time 'running down' several 
problems, in the early summer

see:

https://support.ant.com/hc/en-us/articles/115000513446-Firefox-51-Multi-Process

see my bug: 
https://bugzilla.redhat.com/show_bug.cgi?id=1473754
upstream as well

https://bugzilla.mozilla.org/show_bug.cgi?id=1383141
closed into:

https://bugzilla.mozilla.org/show_bug.cgi?id=1376559



https://bugzilla.mozilla.org/show_bug.cgi?id=1129492

because SysV shared memory follows Unix's “same uid policy” 
and can't be restricted/brokered like file access.  (It was 
observed when the initial attempt at a desktop content system 
call whitelist was made, but that was long enough ago that 
there could have been significant changes to how graphics work 
that might make this not a problem, so this should be 
double-checked.)  There's a not-well-specified revision to use 
memory-mapped files 
(http://patchwork.freedesktop.org/patch/15082/) but I don't 
know what would need to happen to make it work — Ubuntu 14.04 
has a new enough X server and should (I think?) have new 
enough libraries, but X clients still empirically use SysV 
(including the Firefox parent process).


see also this:

https://mjg59.dreamwidth.org/42320.html

which implies a shm IPC privacy approach exists, but is not 
implemented.  It ignores adding SELinux constexts, and so the 
unhopeful conculsion he draws may have been overtaken by 
events


https://bugzilla.redhat.com/show_bug.cgi?id=1188290#c1

There was a related SELinux / no '--no-xshm IPC' filing 
upstream as well, which I cannot lay hands upon atm.  It looks 
like others have noticed the 100 pct usage, and IPC problems 
as well

https://bugzilla.redhat.com/show_bug.cgi?id=1471149


One had to notice such exfiltration of data, and go looking 
for how to turn it off.  I did by watching squid logs of 
queries, seeing expected domains, and then going looking.  

Adding a
prefs.js

with

//
browser.tabs.remote.autostart = false  
browser.tabs.remote.autostart.2 = false
//
// ... above silently set itself true again  2017 08 29
//  52.2.0 (64-bit) ESR
//  Centos 7, 2017 09 update is: 52.3.0 (64-bit)

was supposed to work, but it turned out that some process 
inside FF was able to over-ride and un-restrict such even when 
explicitly turned on.  I had to change ownershop of the 
configuration file to root.root from userid.blah to stop that 
nonesense


I start ff inside a 'ssh to a unpriv'd uid' localhost X  
forwarding tunnel -- it breaks sound and video, but ... *
shrug *   I'd rather not have data I care about being
exfiltrated


I believe Jan Horak inside RH does something similar

https://bugzilla.mozilla.org/show_bug.cgi?id=1129492

'it looks like the Firefox over ssh is not used by masses'


-- Russ herrold

===

PEFF -- Privacy Enhanced Firefox invocation 
 ... privacy enhanced, isolated userid firefox invocation 
 
startup PATH: 
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/herrold/bin
reduced path PATH: 
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/herrold/bin
current id: uid=500(herrold) gid=500(herrold) 
groups=500(herrold),10(wheel),135(mock),498(pulse-access) 
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
PEFF: ghola
note: ghola is a non-priv'd user on localhost, [H/T: Frank 
Herbert] 
  which we access via a keyed SSH connection 
  to try to avoid some content exfiltration by 
  hostile web browser applications: Firefox, Flash, etc 
THISHOST: centos-7.first.owlriver.net
start: Mon Dec 18 09:45:31 EST 2017
Command: ssh -X  -4   -l ghola centos-7.first.owlriver.net  
export ` dbus-launch ` ;   firefox  --no-remote   --  
 
now down in the limited, privacy enhanced firefox userid 
reduced path PATH: 
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/ghola/bin
current id: uid=606(ghola) gid=606(ghola) 
groups=606(ghola),498(pulse-access) 
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Command: umask 022 ; /usr/bin/firefox  --no-remote   --  
___
devel mailing list -- 

Re: Firefox "Looking Glass" fiasco

[Gerald B. Cox]

On Mon, Dec 18, 2017 at 12:23 PM, Adam Williamson <
adamw...@fedoraproject.org> wrote:

> On Mon, 2017-12-18 at 20:52 +0100, Florian Weimer wrote:
> 
>
> So I just booted Firefox 27 Workstation live and opened Firefox.
> Indeed, a pop-under tab appears with this URL (so you can close it
> without even seeing it).
>

If you're concerned about security and privacy, you have to read.  It's not
fair to cast aspersions
because you weren't paying attention.

The relevant text reads:
>
> 
>
> I would suggest that nothing in this text reasonably covers "shield
> studies"; it was clearly written to cover old-school telemetry, not
> this later and more extensive capability to install custom-written add-
> ons to perform additional data collection. Yet the "Allow Firefox to
> install and run studies" checkbox is checked by default.
>

If you read the page, you'll see where there is a highlighted phrase that
says:
"Choose how you want to share this data in Firefox" following by a
selection button.
You are then taken to a page where you can opt-out and read more about the
Fx Studies.

>
> And in any case, a tie-in with a television-show related game is
> clearly neither telemetry nor some kind of user interaction study. Yet
> to me, Mozilla's response does not seem to convey understanding of this
> at all. It basically just says "oh don't worry it didn't do anything by
> default", which is sort of grandly missing the point.
>
> Mozilla has already admitted they made a mistake and removed Looking Glass
from the
Fx Studies.  I believe they understand the situation quite well.  It's not
helpful to beat
a dead horse.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Mon, 2017-12-18 at 20:52 +0100, Florian Weimer wrote:
> On 12/18/2017 08:31 PM, Chris Murphy wrote:
> > I don't remember being actively asked about such data collection, and
> > I've recently installed on a clean system, nightly on Fedora, and then
> > final releases of 57 on Windows and macOS. Does anyone have a screen
> > shot or description of what this "ask" looks like, and when it
> > appears?
> 
> It keeps changing.  Currently, it's a pop-under tab shown once if you 
> open a new profile, using this URL:
> 
> 

So I just booted Firefox 27 Workstation live and opened Firefox.
Indeed, a pop-under tab appears with this URL (so you can close it
without even seeing it). The relevant text reads:

"Firefox by default shares data to:
Improve performance and stability for users everywhere

Interaction data: Firefox sends data about your interactions with
Firefox to us (such as number of open tabs and windows; number of
webpages visited; number and type of installed Firefox Add-ons; and
session length) and Firefox features offered by Mozilla or our partners
(such as interaction with Firefox search features and search partner
referrals).

Technical data: Firefox sends data about your Firefox version and
language; device operating system and hardware configuration; memory,
basic information about crashes and errors; outcome of automated
processes like updates, safebrowsing, and activation to us. When
Firefox sends data to us, your IP address is temporarily collected as
part of our server logs."

I would suggest that nothing in this text reasonably covers "shield
studies"; it was clearly written to cover old-school telemetry, not
this later and more extensive capability to install custom-written add-
ons to perform additional data collection. Yet the "Allow Firefox to
install and run studies" checkbox is checked by default.

And in any case, a tie-in with a television-show related game is
clearly neither telemetry nor some kind of user interaction study. Yet
to me, Mozilla's response does not seem to convey understanding of this
at all. It basically just says "oh don't worry it didn't do anything by
default", which is sort of grandly missing the point.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Gerald B. Cox]

On Mon, Dec 18, 2017 at 12:06 PM, Chris Adams  wrote:

> Once upon a time, Gerald B. Cox  said:
> > First of all, when you install Fx, it asks you specifically if you want
> to
> > participate in Fx Data Collection - you can opt out at that point.
>
> AFAIK, not when you install from an RPM.
>
> See the reply from Florian Weimer - he did a good job in explaining it.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Chris Adams]

Once upon a time, Gerald B. Cox  said:
> First of all, when you install Fx, it asks you specifically if you want to
> participate in Fx Data Collection - you can opt out at that point.

AFAIK, not when you install from an RPM.

-- 
Chris Adams 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Florian Weimer]

On 12/18/2017 08:31 PM, Chris Murphy wrote:

I don't remember being actively asked about such data collection, and
I've recently installed on a clean system, nightly on Fedora, and then
final releases of 57 on Windows and macOS. Does anyone have a screen
shot or description of what this "ask" looks like, and when it
appears?


It keeps changing.  Currently, it's a pop-under tab shown once if you 
open a new profile, using this URL:




You can run “firefox -P” and create a new profile if you want to play 
with this.  So far, there seems to be little cross-talk between those 
profiles, if there is any at all.


I found another odd thing: about:home network traffic is no longer 
logged by the web developer console. 8-(


Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Chris Murphy]

On Mon, Dec 18, 2017 at 12:16 PM, Adam Williamson
 wrote:
> On Mon, 2017-12-18 at 11:09 -0800, Gerald B. Cox wrote:
>>
>> First of all, when you install Fx, it asks you specifically if you want to
>> participate in Fx Data Collection - you can opt out at that point.
>
> Well, not quite. I installed Firefox rather a long time ago on this
> system. Again I can't prove it, but at that time I believe this
> question and preference referred *only* to 'data collection'. However,
> since then, a new sub-preference seems to have appeared, labelled
> 'Allow Firefox to install and run studies'. It appears, so far as I can
> tell, that they are claiming this promotional tie-in constituted a
> "study". That's a weak claim to start with, but more importantly, I am
> fairly sure this "Allow Firefox to install and run studies" preference
> was simply set to 'true' when it was *added* to Firefox. I was not
> asked. If I had been, I'm pretty sure I would've said no.

I don't remember being actively asked about such data collection, and
I've recently installed on a clean system, nightly on Fedora, and then
final releases of 57 on Windows and macOS. Does anyone have a screen
shot or description of what this "ask" looks like, and when it
appears?

-- 
Chris Murphy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Gerald B. Cox]

On Mon, Dec 18, 2017 at 11:16 AM, Adam Williamson <
adamw...@fedoraproject.org> wrote:

> On Mon, 2017-12-18 at 11:09 -0800, Gerald B. Cox wrote:
> >
> > First of all, when you install Fx, it asks you specifically if you want
> to
> > participate in Fx Data Collection - you can opt out at that point.
>
> Well, not quite. I installed Firefox rather a long time ago on this
> system. Again I can't prove it, but at that time I believe this
> question and preference referred *only* to 'data collection'. However,
> since then, a new sub-preference seems to have appeared, labelled
> 'Allow Firefox to install and run studies'. It appears, so far as I can
> tell, that they are claiming this promotional tie-in constituted a
> "study". That's a weak claim to start with, but more importantly, I am
> fairly sure this "Allow Firefox to install and run studies" preference
> was simply set to 'true' when it was *added* to Firefox. I was not
> asked. If I had been, I'm pretty sure I would've said no.
>

You are correct that it is a sub-preference - and IF you allowed data
collection it was also allowed - because it
is in the same category.  As far as Looking Glass - they made a mistake,
and they admitted they made a mistake,
and have removed Looking Glass from studies

Personally, I have no issue with the shield studies and this episode didn't
cause me to opt out.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Mon, 2017-12-18 at 11:09 -0800, Gerald B. Cox wrote:
> 
> First of all, when you install Fx, it asks you specifically if you want to
> participate in Fx Data Collection - you can opt out at that point.

Well, not quite. I installed Firefox rather a long time ago on this
system. Again I can't prove it, but at that time I believe this
question and preference referred *only* to 'data collection'. However,
since then, a new sub-preference seems to have appeared, labelled
'Allow Firefox to install and run studies'. It appears, so far as I can
tell, that they are claiming this promotional tie-in constituted a
"study". That's a weak claim to start with, but more importantly, I am
fairly sure this "Allow Firefox to install and run studies" preference
was simply set to 'true' when it was *added* to Firefox. I was not
asked. If I had been, I'm pretty sure I would've said no.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Gerald B. Cox]

On Mon, Dec 18, 2017 at 10:36 AM, Kevin Fenzi  wrote:

>
>
> Additionally, can we turn the "Allow firefox to install and run studies"
> preference to off/false by default in Fedora packages. It seems odd that
> this is now opt-out.
>
>
I don't know.  I personally tend to side with upstream on their decisions -
and I don't believe Mozilla is acting in bad faith.

First of all, when you install Fx, it asks you specifically if you want to
participate in Fx Data Collection - you can opt out at that point.
If you change your mind later, you can go into preferences and security and
either disable or enable it.

It was quickly and forcefully pointed out to Mozilla that the automatic
installation of a game was something that most considered part
of that category.  They have since removed it.

Yes, it was a poor decision - but it has been corrected and hopefully they
learned their lesson.  Everyone needs to just move on.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Daniel P. Berrange]

On Mon, Dec 18, 2017 at 10:42:17AM -0800, Adam Williamson wrote:
> On Mon, 2017-12-18 at 12:34 -0600, Chris Adams wrote:
> > Once upon a time, Adam Williamson  said:
> > > As part of a tie-in with an American TV show, Mozilla thought it'd be a
> > > great idea to silently install a cryptically-named addon in all(?)
> > > Firefox deployments. Which can't be turned off.
> > 
> > I thought that this was actually a violation of the packaging policies,
> > but I can't seem to find it now; I only see the restriction on software
> > the requires downloads to be useful.
> 
> IIRC there used to be a stricter policy that was relaxed as it had
> become kinda untenable with the widespread acceptance of addons and
> extensions for things like browsers and desktops. I could be wrong,
> though.
> 
> >   I think simply requiring Mozilla
> > to change their policies is unacceptable, as this still depends on a
> > third party to properly enforce such policies (and not have any security
> > issue that could result in untrusted addons being installed).
> 
> Well, practically speaking we do have to have *some* degree of trust in
> our suppliers for apps as large and complex as a web browser or, say,
> an office app. Let's face it, practically speaking we're not really
> equipped to handle an adversarial relationship there. Even if we say
> "we're going to patch out this mechanism", that only really works if we
> trust the vendor at least to the degree that we don't believe they'd
> insert a harder-to-detect back channel to do the same thing, because
> practically speaking we just don't have the resources to audit the
> entire Firefox codebase (or even audit changes from some point in time
> we consider 'trustworthy' onwards) to ensure they haven't done this.

IMHO requesting support for a build flag to disable this ability to
remotely push executable code out to user's browser is not unreasonable,
and shouldn't make Fedora seem "adversarial", unless there's bigger
trust issues at play here.

> > IMHO such behavior needs to be disabled by default in any packages
> > shipped by Fedora for Fedora to remain a trustworthy distribution.  Are
> > there any other packages that can silently download and run non-Fedora
> > code?
> 
> I dunno about 'silently', but there are certainly other cases of this,
> yes. GNOME Software can install GNOME Shell extensions (which are code,
> and can do anything with the privileges of the user account running the
> shell) from a non-Fedora source (extensions.gnome.org), for instance.

It won't install random new extensions without the user having asked for
them. At most it would update previously installed extensions to newer
versions. Though if someone did compromise the GNOME extensions service,
that distinction is fairly academic from a security POV. IOW, a security
concious person would not want to allow an communication to the
extensions.gnome.org service at all to protect themselves.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Daniel P. Berrange]

On Mon, Dec 18, 2017 at 12:34:46PM -0600, Chris Adams wrote:
> Once upon a time, Adam Williamson  said:
> > As part of a tie-in with an American TV show, Mozilla thought it'd be a
> > great idea to silently install a cryptically-named addon in all(?)
> > Firefox deployments. Which can't be turned off.
> 
> I thought that this was actually a violation of the packaging policies,
> but I can't seem to find it now; I only see the restriction on software
> the requires downloads to be useful.  I think simply requiring Mozilla
> to change their policies is unacceptable, as this still depends on a
> third party to properly enforce such policies (and not have any security
> issue that could result in untrusted addons being installed).
>
> IMHO such behavior needs to be disabled by default in any packages
> shipped by Fedora for Fedora to remain a trustworthy distribution.  Are
> there any other packages that can silently download and run non-Fedora
> code?

It was brought up elsewhere that Chrome/Chromium in the past has done
something worse in scope, silently downloading an add-on to that turns
on & listens to your microphone. Ostensibly to detect the "ok google"
keyword, but since its a closed source add-on can you be sure that's all
it does...

 
https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/

Fortunately, the Fedora builds of Chromium have explicitly disabled this
feature (enable_hotwording=false in chromium.spec)

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Chris Adams]

Once upon a time, Adam Williamson  said:
> Well, practically speaking we do have to have *some* degree of trust in
> our suppliers for apps as large and complex as a web browser or, say,
> an office app.

True, but I do think there's a difference between trusting code we get
and trusting that they will properly secure/won't abuse an additional
install channel.

> I dunno about 'silently', but there are certainly other cases of this,
> yes. GNOME Software can install GNOME Shell extensions (which are code,
> and can do anything with the privileges of the user account running the
> shell) from a non-Fedora source (extensions.gnome.org), for instance.

So, I guess it is in policy somewhere, but... what's the difference
between that and Fedora having RPMs that install yum repo files for
other repositories?
-- 
Chris Adams 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Mon, 2017-12-18 at 12:34 -0600, Chris Adams wrote:
> Once upon a time, Adam Williamson  said:
> > As part of a tie-in with an American TV show, Mozilla thought it'd be a
> > great idea to silently install a cryptically-named addon in all(?)
> > Firefox deployments. Which can't be turned off.
> 
> I thought that this was actually a violation of the packaging policies,
> but I can't seem to find it now; I only see the restriction on software
> the requires downloads to be useful.

IIRC there used to be a stricter policy that was relaxed as it had
become kinda untenable with the widespread acceptance of addons and
extensions for things like browsers and desktops. I could be wrong,
though.

>   I think simply requiring Mozilla
> to change their policies is unacceptable, as this still depends on a
> third party to properly enforce such policies (and not have any security
> issue that could result in untrusted addons being installed).

Well, practically speaking we do have to have *some* degree of trust in
our suppliers for apps as large and complex as a web browser or, say,
an office app. Let's face it, practically speaking we're not really
equipped to handle an adversarial relationship there. Even if we say
"we're going to patch out this mechanism", that only really works if we
trust the vendor at least to the degree that we don't believe they'd
insert a harder-to-detect back channel to do the same thing, because
practically speaking we just don't have the resources to audit the
entire Firefox codebase (or even audit changes from some point in time
we consider 'trustworthy' onwards) to ensure they haven't done this.

> IMHO such behavior needs to be disabled by default in any packages
> shipped by Fedora for Fedora to remain a trustworthy distribution.  Are
> there any other packages that can silently download and run non-Fedora
> code?

I dunno about 'silently', but there are certainly other cases of this,
yes. GNOME Software can install GNOME Shell extensions (which are code,
and can do anything with the privileges of the user account running the
shell) from a non-Fedora source (extensions.gnome.org), for instance.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Florian Weimer]

On 12/18/2017 07:29 PM, Adam Williamson wrote:

Sure. A new release coming out affords many people in the pipeline many
chances to notice changes in it. The packager has the opportunity to
notice significant changes while updating the package. Users of
updates-testing have the opportunity to notice any significant changes
before the update goes out to the broader user base. And users, unless
they have manually set up some sort of non-notifying automated update
script, either make a conscious choice to install the update or are at
least notified that it has taken place, both of which provide them with
the opportunity to examine changes and decide if they wish to accept
them.

Silently deploying an addon to existing installations of Firefox
bypasses absolutely all of the above.


On the other hand, when it comes to privacy settings, if Firefox 
developers make changes to the settings themselves (not their defaults, 
but how they are encoded in profiles), they usually do not make an 
attempt to inform the user or preserve the intent as closely as 
possible.  Two examples come to my mind:


When the “Ask me every time” cookie setting was abolished, it was 
silently changed to “Keep [them] until they expire”, so people were now 
tracked without their consent, until they realized what had happened.


When the New tab page was redesigned, major redesigns discard previous 
settings to offer a blank page and not to capture thumbnails.


In either case, I wasn't aware of proper communication.  With the 
complexity of the code base and the widespread use of extensions, there 
is little anything any downstream can do.  (This is also the reason why 
I'm wary of privacy-enhanced downstreams because they surely can remove 
only the obvious stuff.)


Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Kevin Fenzi]

On 12/18/2017 09:55 AM, Adam Williamson wrote:
...snip...
> 
> “Our goal with the custom experience we created with Mr. Robot was to
> engage our users in a fun and unique way,” a Mozilla representative
> said in a statement. “Real engagement also means listening to feedback.
> And so while the web extension/add-on that was sent out to Firefox
> users never collected any data, and had to be explicitly enabled by
> users playing the game before it would affect any web content, we heard
> from some of our users that the experience we created caused
> confusion.”
> 
> (FWIW I don't think that statement is even factually correct; I can't
> prove it with screenshots, but I'm pretty sure that when the addon
> appeared in my Firefox install, it was enabled, not disabled).

I think even when the extension was 'enabled' you had to do something
further to cause it to do anything. But it's not very clear...

> I think we should be concerned by this kind of behaviour on the part of
> the supplier of our default desktop browser, and we should express that
> concern to them. Assuming Fedora-as-a-project shares my concern, do we
> have a channel to communicate with them about this, and request
> assurances that they understand the seriousness of this, and that they
> have changed policies so that nothing like it will happen in future?

That would be good (I don't know if we have such a channel or not).

Additionally, can we turn the "Allow firefox to install and run studies"
preference to off/false by default in Fedora packages. It seems odd that
this is now opt-out.

kevin




signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Chris Adams]

Once upon a time, Adam Williamson  said:
> As part of a tie-in with an American TV show, Mozilla thought it'd be a
> great idea to silently install a cryptically-named addon in all(?)
> Firefox deployments. Which can't be turned off.

I thought that this was actually a violation of the packaging policies,
but I can't seem to find it now; I only see the restriction on software
the requires downloads to be useful.  I think simply requiring Mozilla
to change their policies is unacceptable, as this still depends on a
third party to properly enforce such policies (and not have any security
issue that could result in untrusted addons being installed).

IMHO such behavior needs to be disabled by default in any packages
shipped by Fedora for Fedora to remain a trustworthy distribution.  Are
there any other packages that can silently download and run non-Fedora
code?

-- 
Chris Adams 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Adam Williamson]

On Mon, 2017-12-18 at 13:08 -0500, Matthew Miller wrote:
> On Mon, Dec 18, 2017 at 09:55:26AM -0800, Adam Williamson wrote:
> > I think we should be concerned by this kind of behaviour on the part of
> > the supplier of our default desktop browser, and we should express that
> > concern to them. Assuming Fedora-as-a-project shares my concern, do we
> > have a channel to communicate with them about this, and request
> > assurances that they understand the seriousness of this, and that they
> > have changed policies so that nothing like it will happen in future?
> 
> Is there a fundamental difference between this and, if, say, similar
> functionality were in the FF 57 release itself?

Sure. A new release coming out affords many people in the pipeline many
chances to notice changes in it. The packager has the opportunity to
notice significant changes while updating the package. Users of
updates-testing have the opportunity to notice any significant changes
before the update goes out to the broader user base. And users, unless
they have manually set up some sort of non-notifying automated update
script, either make a conscious choice to install the update or are at
least notified that it has taken place, both of which provide them with
the opportunity to examine changes and decide if they wish to accept
them.

Silently deploying an addon to existing installations of Firefox
bypasses absolutely all of the above.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Stephen John Smoogen]

On 18 December 2017 at 13:08, Matthew Miller  wrote:
> On Mon, Dec 18, 2017 at 09:55:26AM -0800, Adam Williamson wrote:
>> I think we should be concerned by this kind of behaviour on the part of
>> the supplier of our default desktop browser, and we should express that
>> concern to them. Assuming Fedora-as-a-project shares my concern, do we
>> have a channel to communicate with them about this, and request
>> assurances that they understand the seriousness of this, and that they
>> have changed policies so that nothing like it will happen in future?
>
> Is there a fundamental difference between this and, if, say, similar
> functionality were in the FF 57 release itself?
>
>

I am not sure I understand your question enough to formulate what
difference you are wanting. Since the addon was distributed POST
install without user intervention, it would seem yes there is a big
difference. If it were installed in FF57 then I wouldn't
install/update to that version. If it is 'pushed' post install then it
means that just using the software means that Mozilla can push addons
to my desktop without my intervention or knowledge. This takes the
browser from being my software to always being 'their' software which
I am just using for their pleasure.

It also brings up questions of what value add does Fedora have in
actually distributing it if we can't 'stop' them from doing so.


>
> --
> Matthew Miller
> 
> Fedora Project Leader
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org



-- 
Stephen J Smoogen.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Firefox "Looking Glass" fiasco

[Matthew Miller]

On Mon, Dec 18, 2017 at 09:55:26AM -0800, Adam Williamson wrote:
> I think we should be concerned by this kind of behaviour on the part of
> the supplier of our default desktop browser, and we should express that
> concern to them. Assuming Fedora-as-a-project shares my concern, do we
> have a channel to communicate with them about this, and request
> assurances that they understand the seriousness of this, and that they
> have changed policies so that nothing like it will happen in future?

Is there a fundamental difference between this and, if, say, similar
functionality were in the FF 57 release itself?



-- 
Matthew Miller

Fedora Project Leader
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Firefox "Looking Glass" fiasco

[Adam Williamson]

So in case you haven't heard of it (or noticed about it), there was a
kerfuffle in Firefox land recently about this:

https://www.theverge.com/2017/12/16/16784628/mozilla-mr-robot-arg-plugin-firefox-looking-glass

As part of a tie-in with an American TV show, Mozilla thought it'd be a
great idea to silently install a cryptically-named addon in all(?)
Firefox deployments. Which can't be turned off.

This is concerning enough - a Random Internet Person quoted in the
article has a solid explanation as to why:

"There are several scary things about this:

- Unknown Mozilla developers can distribute addons to users without
their permission

- Mozilla developers can distribute addons to users without their
knowledge

- Mozilla developers themselves don't realise the consequences of doing
this

- Experiments are not explicitly enabled by users

- Opening the addons window reverts configuration changes which disable
experiments

- The only way to properly disable this requires fairly arcane
knowledge Firefox preferences (lockpref(), which I'd never heard of
until today)"

Mozilla's response is also, IMHO, rather worrying, because it seems to
fail entirely to grasp how concerning this kind of action is, and seems
concerned instead with self-justification and downplaying:

“Our goal with the custom experience we created with Mr. Robot was to
engage our users in a fun and unique way,” a Mozilla representative
said in a statement. “Real engagement also means listening to feedback.
And so while the web extension/add-on that was sent out to Firefox
users never collected any data, and had to be explicitly enabled by
users playing the game before it would affect any web content, we heard
from some of our users that the experience we created caused
confusion.”

(FWIW I don't think that statement is even factually correct; I can't
prove it with screenshots, but I'm pretty sure that when the addon
appeared in my Firefox install, it was enabled, not disabled).

I think we should be concerned by this kind of behaviour on the part of
the supplier of our default desktop browser, and we should express that
concern to them. Assuming Fedora-as-a-project shares my concern, do we
have a channel to communicate with them about this, and request
assurances that they understand the seriousness of this, and that they
have changed policies so that nothing like it will happen in future?

Thanks.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org