I think that's an unfair framing. No one is paying Waterfox to allow ads - it's a revenue share from the default search engine (which I've always been transparent about)[1], same as every other independent browser that has a search partner. It's not an "acceptable ads" programme where advertisers pay to be whitelisted.
On the Cookie Banner Reduction page[1] the section titled "Turn Cookie Banner Reduction on or off" talks about settings which don't exist (at least in the latest portable version 6.6.7 from Portapps.io). There is no option to block cookie banners in all windows.
Well, the default search engine is definitely your business partner, no? So they are getting a different tratment: default search engine (like in most other browsers, nothing fancy here) and their ads in their SERP are not blocked - at least by default - by the embedded ad-blocking engine of WaterFox. Isn't that correct? Happy to stand corrected, if it's the case.
Yes, that's correct. Startpage is the default search partner, and their search ads aren't blocked by default. Users can enable blocking on that page too with a single toggle in settings. That's why I laid it all out in this post, to let users know - it's about keeping Waterfox sustainable (paying bills, putting food on the table) as it's my only source of income currently.
I've mentioned in another comment, that I've tried other ways such as with subscription paid services, but unfortunately there's nowhere near enough traction for it to be sustainable.
Also bare in mind Waterfox currently comes with nothing, so this is just an extra layer of protection.
>I think that's an unfair framing. No one is paying Waterfox to allow ads
...
>Yes, that's correct. Startpage is the default search partner, and their search ads aren't blocked by default.
The framing seems fair to me. Certainly not more unfair than those who criticize Firefox for having a search deal that defaults to Google while allowing the user to change it (which some people do)
The distinction I'm drawing is between a revenue share from a search partnership and something like an acceptable ads programme where individual advertisers pay to bypass the blocker - those are different things.
"For how it works in practice: by default, text ads will remain visible on our default search partner’s page - currently Startpage. The idea is that this is what will keep the lights on."
I've tried a few ways - people are generous with donations, but you can't really live off of it and I have a subscription based search service, but people just aren't willing to pay.
This is basically the only potential way I can keep this going, even then there may not be much uptake, but it's a hail Mary.
I came across Waterfox a number of times over the years, but I think it will be difficult to get a similar amount of reach for your search engine. In particular, on the home page of Waterfox, there is nothing even hinting at the existence of the search service. Maybe this is intentional, as it is in public beta for now, but I think it would help to at least note its existence there, or near the `donate` section (as a means of support, rather than direct donation). Also make sure that this directly exists as one of the search engine options for Waterfox, if it isn't already, every click involved in the setup will make it easier for people to try out.
But charging $5 / $10 for basically what StartPage does (to the best of my understanding) is going to be a tough pitch either way. Out of interest, what would the pricing for the Google API look like, if you had no other costs involved?
Librewolf and Waterfox have always had different goals. Waterfox has always had a more opinionated take on defaults and privacy. Essentially the goal has been keep the web as private as possible without breaking it (I know Librewolf is more aggressive there and that sometimes leads to website breakages) and I think I've managed that well, especially with the implementation of Oblivious DNS by default.
The upside of Librewolf being a community project is also IMO its downside - there isn't any accountability and with the current climate around the world becoming more hostile to online services, I think governance is hugely important, which is why I've tried to collate everything as much as I can: https://www.waterfox.com/docs/policies/company-information/
At the end of the day, if something goes wrong, at least with Waterfox I can be held accountable.
There was a recent comment: "if you don't know: any browser extension can read input/password fields across all site(s) you gave it access to (yeah, it's crazy but unfortunately true)."
Nothing to "fix" per se - webextensions need to interact with website data, otherwise they wouldn't be much use. Any extension with content script access can read page content including form fields.
The only real mitigation is being selective about which extensions you install and what permissions you grant them (even then, ownership of extensions change hands, updates can change what they do... it's a never ending battle really).
My naive fix would be to disable extensions from accessing form field data without explicit approval. Hell, add different approval boxes for read, write, and hidden-text.
Say you have an ad-blocker and you don't allow it to touch your forms. Five years later, the ads have moved all into form fields.
Never mind the technical challenge to allow doing anything with the DOM but disallow reading the forms. Like, prevent the forms leaking its text when you do funny things like testing character width via line breaking or font changes.
Sounds like the answer is just not to install any extensions. But there are a few browsers out there including DDG and Midori v9.0 & older (Classic) that disable them altogether. Maybe GNOME web is the answer. Thanks.
I get the scepticism but IMO the reaction at the time was rough and I partially get why.
System1 is a search syndication company. Their business is contextual ads on search results - no PII, no tracking profiles, no behavioural targeting. It's functionally the same model as DuckDuckGo. If I'd sold to DDG, I don't think anyone would've batted an eyelid.
I get it, the timing (privacy browser sold to company with "ad" in its description) looked terrible in a headline and I take responsibility for not communicating it better at the time, which I feel like wouldn't have led to such a massive furor.
The hard fork was "Waterfox Classic", which just became unsustainable to maintain.
Rather than support for XPI (which is just the packaging for Firefox webextensions), the current version of Waterfox does still support bootstrapped extensions - in theory anyone can still write one, with access to all the privileged JavaScript APIs typically not accessible to MV2/MV3 webextensions.
It's not widely used though, there are two repos I'm aware of that take advantage of this:
I’ve found Scaleway really good, I’m surprised it doesn’t come up more often here.
If it matters, I didn’t go to them because they were specifically an EU org either - when Packet became Equinix Metal and then that got shut down, SCW were the most equivalent in terms of cost / hardware specifications and I often used them in parallel when Packet was still around so as to not have all my eggs in one basket.
I really like Scaleway too ! I went with them because Linode got bought and I thought, since I was moving my things anyway, let's go to a French provider. And I got a bad experience with OVH, so Scaleway it was.
But really, I wonder why it's not used more ? Price are maybe a bit high for some things ?
I asked myself the same thing, trustpilot is pretty rough on them and a lot of people tell you online to stay away from them. I also had very good support experience so far. Their shared TEM IP had some deliverability issues at times, but they seem to have cracked down on this recently. I am on dedicated IP now, so I can't really judge if there have been improvements.
They used to have competitive prices for a while, with their dedibox line.
I think they are not as well known. It’s a bit of a side project of the parent company, Iliad. They could benefit from heavy investments and some more aggressive marketing, but perhaps it’s not worth the risk and a slow but steady growth is what they prefer.
+1 for bad experience with OVH, their control panel is a mess (only the Italian provider Aruba is probably worse) and their backend is riddled with bugs. If something is broken in the control panel, the support team candidly invites you to do it via their APIs instead.
Another bad experience with OVH here. In fact not bad but catastrophic. They enabled 2FA without my consent and then demanded a signed letter on paper by post to let me back into my account. Their online customer service was beyond useless and the nightmare took weeks to resolve. This after I had been a loyal customer for years. Just when I was preparing to punish them by moving, my VPS went up in smoke at that fire in their Strasbourg datacenter. "Oops, our bad", went the email. Beyond parody. It's almost a surprise to me that this company is still in business.
With Hetzner now for several years without incident.
Am I being too cynical, or does anyone else envision a future where you ask Chrome to buy you something, anything, online and instead of it actually buying you the “best” item, you end up with items it “prefers” where Google make money from suggestions and/or completion of sale?
I know it calls out that there’ll need to be user confirmation before the final purchase, but if you’re already not expending the effort to find the product or service yourself, are you really going to sit and research what it’s given you? If you are, then what’s the point of using the agent?
Just seems like the next evolution in Google’s ad revenue generation.
> lags behind upstream Firefox in terms of security fixes
I’m not sure why this has become a thing - usually I either release Waterfox the week before ESR releases (the week the code freeze happens and new version gets tagged) or, if I’m actively working on features and they need to coincide with the next update I push, I will release on the same Tuesday the ESR releases.
You can check the GitHub tag history for Waterfox to see it’s been that way for a good while :)
Looking back with fresh eyes, I definitely think I could’ve presented what I’m trying to say better.
On a purely technical play, you’re right that I’m drawing a distinction that may not hold up purely on technical grounds. Maybe the better framing is: I trust constrained, single purpose models with somewhat verifiable outputs (seeing text go in, translated text go out, compare its consistency) more than I trust general purpose models with broad access to my browsing context, regardless of whether they’re both neural networks under the hood.
WRT to the “scope”, maybe I have picked up the wrong end of the stick with what Mozilla are planning to do - but they’ve already picked all the low hanging fruit with AI integration with the features you’ve mentioned and the fact they seem to want to dig their heels in further, at least to me, signals that they want deeper integration? Although who knows, the post from the new CEO may also be a litmus test to see what the response to that post elicits, and then go from there.
I still don’t understand what you mean by “what they do with your data” - because it sounds like exfiltration fear mongering, whereas LLMs are a static series of weights. If you don’t explicitly call your “send_data_to_bad_actor” function with the user’s I/O, nothing can happen.
I disagree that it’s fear mongering. Have we not had numerous articles on HN about data exfiltration in recent memory? Why would an LLM that is in the drivers seat of a browser (not talking about current feature status in Firefox wrt to sanitised data being interacted with) not have the same pitfalls?
Seems as if we’d be 3 for 3 in the “agents rule of 2” in the context of the web and a browser?
> [A] An agent can process untrustworthy inputs
> [B] An agent can have access to sensitive systems or private data
> [C] An agent can change state or communicate externally
Even if we weren’t talking about such malicious hypotheticals, hallucinations are a common occurrence as are CLI agents doing things it thinks best, sometimes to the detriment of the data it interacts with. I personally wouldn’t want my history being modified or deleted, same goes with passwords and the like.
It is a bit doomerist, I doubt it’ll have such broad permissions but it just doesn’t sit well which I suppose is the spirit of the article and the stance Waterfox takes.
> Have we not had numerous articles on HN about data exfiltration in recent memory?
there’s also an article on the front page of HN right now claiming LLMs are black boxes and we don’t know how they work, which is plainly false. this point is hardly evidence of anything and equivalent to “people are saying”
This is true though. While we know what they do on a mechanistic level, we cannot reliably analyze why the model outputs any particular answer in functional terms without a heroic effort at the "arxiv paper" level.
In the digital world, we should be able to go back from output to input unless the intention of the function is to "not do that". Like hashing.
Llms not being able to go from output back to input deterministically and for us to understand why is very important, most of our issues with llms stem from this issue. Its why mechanistic interpretabilty research is so hot right now.
The car analogy is not good because models are digital components and a car is a real world thing. They are not comparable.
I mean, fluid dynamics is an unsolved issue. But even so we know *considerably* less about how LLMs work in functional terms than about how combustion engines work.
We know how neural nets work. We don't know how a specific combination of weights in the net is capable of coherently asking questions asked in a natural language, though. If we did, we could replicate what it does without training it.
> We know how neural nets work. We don't know how a specific combination of weights in the net is capable of coherently asking questions asked in a natural language, though.
these are the same thing. the neural network is trained to predict the most likely next word (rather token, etc.) — that’s how it works. that’s it. you train a neural network on data, it learns the function you trained it to, it “acts” like the data. have you actually studied neural networks? do you know how they work? I’m confused why you and so many others are seemingly so confused by this. what fundamentally are you asking for to meet the criteria of knowing how LLMs work? some algorithm that can look at weights and predict if the net will output “coherent” text?
> If we did, we could replicate what it does without training it.
It's like you're describing a compression program as "it takes a big file and returns a smaller file by exploiting regularities in the data." Like, you have accurately described what it does, but you have in no way answered the question of how it does that.
If you then explain the function of a CPU and how ELF binaries work (which is the equivalent of trying to answer the question by explaining how neural networks work), you then have still not answered the actually important question! Which is "what are the algorithms that LLMs have learnt that allow them to (apparently) converse and somewhat reason like humans?"
Yes, in the analogy it's equivalent to saying you know "what" every instruction in the compression program is doing. push decrements rsp, xor rax, rax zeroes out the register. You know every step. But you don't know the algorithm that those instructions are implementing, and that's the same situation we're in with LLMs. We can describe their actions numerically, but we cannot describe them behaviorally, and they're doing things that we don't know how to otherwise do with numerical methods. They've clearly learnt algorithms but we cannot yet formalize what they are. The universal approximation theorem actually works against your argument here, because it's too powerful- they could be implementing anything.
edit: We know the data that their function outputs, it's a "blurry jpeg of the internet" because that's what they're trained on. But we do not know what the function is, and being able to blurrily compress the internet into a tb or whatever is utterly beyond any other compression algorithm known to man.
I believe you are conflating multiple concepts to prove a flaky point.
Again, unless your agent has access to a function that exfiltrates data, it is impossible for it to do so. Literally!
You do not need to provide any tools to an LLM that summarizes or translates websites, manages your open tabs, etc. This can be done fully locally in a sandbox.
Linking to simonw does not make your argument valid. He makes some great points, but he does not assert what you are claiming at any point.
Please stop with this unnecessary fear mongering and make a better argument.
Thinking aloud, but couldn't someone create a website with some malicious text that, when quoted in a prompt, convinces the LLM to expose certain private data to the web page, and couldn't the webpage send that data to a third party, without the need for the LLM to do so?
This is probably possible to mitigate, but I fear what people more creative, motivated and technically adept could come up with.
[1] https://www.waterfox.com/docs/policies/revenue-model/
reply