PSA (?): just got this popup in Firefox when i was on an amazon product page. looked into it a bit because it seemed weird and it turns out if you click the big “yes, try it” button, you agree to mandatory binding arbitration with Fakespot and you waive your right to bring a class action lawsuit against them. this is awesome thank you so much mozilla very cool

https://queer.party/@m04/112872517189786676

So, Mozilla adds an AI review features for products you view using Firefox. Other than being very useless, it’s T&C are as anti-consumer as it possibly can be. It’s like mozilla saying directly “we don’t care about your privacy”.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      101
      ·
      4 months ago

      Yeah, corporate dark patterns really don’t respect consent. When would you like to know more: Now, or Later?

      • Buddahriffic@lemmy.world
        link
        fedilink
        arrow-up
        25
        ·
        4 months ago

        Though I don’t mind the “accept, deny, ask me again later” for when something seems interesting but I don’t want to put the effort into looking into it right at the moment but don’t want to click yes without looking into it.

    • laughterlaughter@lemmy.world
      link
      fedilink
      arrow-up
      17
      ·
      4 months ago

      Best I can do is accepting three options: “Yes,” “No,” and “Remind me later.”

      “Not now” or “No, I don’t want this awesome feature” bullshit infuriates me.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        7
        ·
        4 months ago

        We had a whole generation of people that were taught that ‘no’ means ‘maybe later’ (the whole point of the ‘no means no’ ads about daterapes), and that same generation is now running these companies. What did we expect to happen?

  • nia_the_cat@lemmy.world
    link
    fedilink
    arrow-up
    129
    arrow-down
    9
    ·
    edit-2
    4 months ago

    Hot take and I can guarantee this will be downvoted but I think people are putting way too much blind trust into Mozilla for this. (edit: Apparently not here, pleasantly surprised at that)

    They just purchased an advertising company, they made the T&C waive your right to a class action lawsuit. They keep giving their CEO raises and laying off their workers. Mozilla is actively enshittifying but people don’t react until it’s too late because it’s a boiling frog situation.

    Whether you think the feature is useful or not, Firefox is unfortunately shifting away from being a privacy-focused user-focused browser. The saving grace is that it is open source and forks can be made of it, “Firefox” itself can survive anything as long as there’s enough interest to keep it alive.

    I think that Mozilla does great work, but they’ve lost sight of their goals, and are changing focus. This is not necessarily a bad thing, but this needs to be looked at objectively instead of with brand-loyalty. At the end of the day, they’re just another company with financial interests prioritized over user interests.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      55
      arrow-down
      4
      ·
      4 months ago

      Ohh, Good point, so the entire trust model is we are trusting Mozilla not to share data with Mozilla, because if Mozilla colludes with Mozilla then there is no privacy here at all.

  • davel [he/him]@lemmy.ml
    link
    fedilink
    English
    arrow-up
    82
    arrow-down
    4
    ·
    edit-2
    4 months ago

    Why not just be a web browser and leave stuff like this to browser extensions?
    Oh right, you enshittified yourself.

    Edit to add: Why give them money when they apparently already have too much of it from corporate inputs (most of it from Google)? I think they ask us for donations in order to retain their non-profit image, for PR purposes.

  • ZeroHora@lemmy.ml
    link
    fedilink
    English
    arrow-up
    62
    arrow-down
    17
    ·
    4 months ago

    Fakespot is from Mozilla, if you trust Mozilla, why don’t you trust Fakespot?

    And why is it useless? With the amount of fake AI reviews an AI to detect them is not completely useless.

    But the popup is annoying.

    • rtxn@lemmy.world
      link
      fedilink
      English
      arrow-up
      60
      arrow-down
      10
      ·
      4 months ago

      People shouldn’t trust Mozilla either. It’s a company that does company things. Just because it’s not as far-gone as Google doesn’t mean it’s incapable.

      • ZeroHora@lemmy.ml
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        2
        ·
        4 months ago

        I never said they should trust. But if they trust Mozilla with the telemetry/pockets/whatever they put on the browser this one is just like the others.

      • sudo@lemmy.today
        link
        fedilink
        arrow-up
        12
        arrow-down
        7
        ·
        4 months ago

        just because its not as far-gone as Google

        The fact that the Mozilla Foundation is non-profit, despite wherever controversy there may be around their decisions of late, is a pretty significant factor.

        • LWD@lemm.ee
          link
          fedilink
          arrow-up
          13
          ·
          4 months ago

          Mozilla Foundation has no members, it’s operated by the for-profit Corporation, and the Corporation is powered by its profit motive.

          • rtxn@lemmy.world
            link
            fedilink
            English
            arrow-up
            8
            ·
            4 months ago

            Even worse, the majority of its revenue comes from Google for making it the default search engine.

    • lone_faerie@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      1
      ·
      4 months ago

      Using AI to detect AI is completely useless. It’s been a big issue in academics, where a professor will plug your essay into an AI detector and then you get dinged for plagiarism because your entirely handwritten essay gets marked as AI. It’s just glorified pattern matching, it has no concept of real or fake.

      • Laurentide@pawb.social
        link
        fedilink
        English
        arrow-up
        12
        ·
        4 months ago

        If the AI could really detect any discrepancies between human and AI-generated text, it would stop making them.

    • LWD@lemm.ee
      link
      fedilink
      arrow-up
      22
      arrow-down
      1
      ·
      4 months ago

      I trust Mozilla to do what they promise with my private data

    • laughterlaughter@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      4 months ago

      And why is it useless?

      It’s not useless. It’s just that it’s bloatware that’s unnecessary for many.

      Like a car with a bright orange “Order Bird Food” button in the middle of the dashboard. If you don’t own any birds, then it sucks.

      • ZeroHora@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        5
        ·
        4 months ago

        Nothing new in the helm of browsers. Pockets is a extension baked into the browser.

        Many browsers have VPN/Ad Block native to the browser. Opera GX have all that bullshit that surprising can deceive a lot of normies to use it.

        Sadly this type of bloat sells as “features” to some people and Mozilla gains users with it. Btw I’m not defending this practice I just seeing for what it is, marketing.

        • laughterlaughter@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          4 months ago

          Sure, sure, other browsers do it. But I expected more of Mozilla.

          Pocket was already bad enough, but it was kiiiiinda related to browsing anyway - it was a glorified bookmarking tool. It had a nice purpose too - save pages for online reading - but they seem to have gotten rid of that and I’m mad about it.

  • Napain@lemmy.ml
    link
    fedilink
    arrow-up
    41
    ·
    4 months ago

    didn’t the Firefox management say they would focus on their core product rather than random little services like this

    • laughterlaughter@lemmy.world
      link
      fedilink
      arrow-up
      8
      arrow-down
      2
      ·
      4 months ago

      At this point, I’m glad I switched to Mull on my phone. It took a bit of overcoming the resistance of using Firefox for decades (Stockholm syndrome), but I don’t miss Firefox one bit.

      Now I need to do that on my desktop, but I’m still shopping. Librewolf? Palemoon? Ice Weasel? What are folks here trying out these days?

      • astro_ray@lemdro.idOP
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        4 months ago

        On Android I am using Waterfox. Still looking for alternatives on desktop.

      • Firestorm Druid@lemmy.zip
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        4 months ago

        Isn’t Mull basicslly Firefox since it’s just a Firefox-based fork? The UI seems to be identical to me - don’t notice any other differences on my phone

        • laughterlaughter@lemmy.world
          link
          fedilink
          arrow-up
          9
          ·
          4 months ago

          Yes, it’s Firefox without the bullshit.

          It’s ironic that Firefox started the same way, actually.

          When Netscape open sourced its browser and then fucked it up, some folks took the source code and built “Phoenix,” much, much later becoming Firefox.

        • CileTheSane@lemmy.ca
          link
          fedilink
          arrow-up
          4
          ·
          4 months ago

          Isn’t Mull basicslly Firefox since it’s just a Firefox-based fork?

          I don’t understand why that would be a bad thing. If Firefox starts to enshittify then a fork from before the enshittification is exactly what I want.

          • Firestorm Druid@lemmy.zip
            link
            fedilink
            English
            arrow-up
            6
            ·
            4 months ago

            It’s not - quite the contrary. I was just wondering what the commenter that I replied to meant when they said that it took them some getting used to. For me, it’s just a slight change in design and a different icon

    • Carighan Maconar@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      4 months ago

      Yeah but to be fair they bought this years ago. Just took them forever to integrated. I suspect any changes in direction will truly show in 3-4 years, once the current backlog (no don’t look at my company’s Jira, TYVM! 😑 ) is cleared.

  • LWD@lemm.ee
    link
    fedilink
    arrow-up
    43
    arrow-down
    4
    ·
    4 months ago

    FakeSpot is a hilarious company run by trend chasers, “crypto enthusiasts and web3 believers.”

    If Mozilla chasing the AI trend isn’t bad enough, and their privacy policy doesn’t hurt your soul, FakeSpot also only works on the biggest and most predatory platforms (Walmart and Amazon).

    • Blisterexe@lemmy.zip
      link
      fedilink
      arrow-up
      30
      arrow-down
      1
      ·
      4 months ago

      FakeSpot also only works on the biggest and most predatory platforms (Walmart and Amazon).

      that also happen to be by far the most popular, and also where you are the mos likely to see fake reviews

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        19
        arrow-down
        6
        ·
        4 months ago

        “If the privacy invasion and corporate trend chasing doesn’t hurt your soul”?

        Did you miss the privacy invasion where Mozilla now sells private data to advertising companies directly?

  • thegreenguy@sopuli.xyz
    link
    fedilink
    arrow-up
    28
    ·
    4 months ago

    AI shit alone, I never understood the urge to build a whole OS in the browser. I want my browser to view websites. If I want more, then I can install extensions. I’d rather them release this as some sort of “official” extension. Might switch to LibreWolf (do you have any other suggestions?)

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    edit-2
    4 months ago

    “strategic partnerships”

    https://support.mozilla.org/en-US/kb/review-checker-review-quality

    Protect your privacy

    Firefox is committed to empowering you with information about review reliability while respecting your privacy. We use Oblivious HTTP (OHTTP) for Review Checker.

    When Review Checker is turned on, we use information about the products you visit on Amazon, Best Buy and Walmart to analyze the reviews, but by using OHTTP we ensure Mozilla cannot link you or your device to the products you have viewed. OHTTP uses encryption and a third party intermediary server to offer a technical guarantee that this is the case: all Mozilla learns from this network request is that someone, somewhere, looked at a given product.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      28
      arrow-down
      1
      ·
      edit-2
      4 months ago

      Here is a talk on OHTTP (OHAI) https://www.youtube.com/watch?v=_HEzpnktAwY

      and a OHTTP recap https://www.youtube.com/watch?v=qjLwo4Ufp8s

      Basically, if you trust the OHTTP Proxy (mozilla) and the OHTTP service provider (fakespot) to not collude, then OHTTP protects your data.

      If you think Mozilla and fakespot might collude, then this doesn’t give you any privacy. (Update - Someone pointed out Mozilla has purchased fakespot, so this comes down to Trusting mozilla with 100% of your data for their privacy promise and OHTTP is totally pointless here)

      Depends on your threat model.

      If they actually cared about privacy they would have the OHTTP model, sure, but also a TOR hidden service endpoint that anyone could use as well ; Removing all the links between the user and the service shouldn’t be a problem, since they are not monitizing user behavior, right? RIGHT?!?!?

      • GenderNeutralBro@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        1
        ·
        edit-2
        4 months ago

        Mozilla says they use a third-party OHTTP intermediary. In the blog post linked above, they name Fastly as their partner. So it’s not as bad as Mozilla + Mozilla-wearing-funny-glasses.

        Personally, I still think this is the wrong approach to privacy, even though I’ve used Fakespot on my own many times over the years. Largely because I don’t think any of this needs to be built into a web browser.

        I would prefer my web browser to minimize information leakage by default, to the greatest degree that it can while still remaining useful as a web browser. Mozilla keeps adding bloat to Firefox, and bloat always comes at a cost. I’d much prefer these to be browser extensions that people can download if they want them, rather than built in by default. The baseline Firefox should be lean. Less “stuff” = smaller attack surface. Simplicity is best.

        I mean, the Fakespot browser extension has existed for a long time, and I’ve never seriously considered installing it. I’d much rather just take an extra three seconds to load their web site and paste in a URL than have it constantly monitoring my activity and doing god-knows-what with it. That way I have better knowledge and control of what is happening with my data. Even if I trust their intentions, I don’t implicitly trust their competence (all software has bugs) and I don’t trust that they will never go rogue in the future.

        And also, I just don’t find this claim all that compelling in principle:

        By processing the data jointly across two independent parties, they ensure neither party holds the information required to reveal sensitive information about someone.

        I mean…sure. That’s fair. Buuuuuut handing half the data to your “partner” doesn’t give me a whole lot of confidence. Especially since literally nobody reads all of the privacy policies they are subject to. See:

        https://www.theatlantic.com/technology/archive/2012/03/reading-the-privacy-policies-you-encounter-in-a-year-would-take-76-work-days/253851/

        https://www.npr.org/sections/alltechconsidered/2012/04/19/150905465/to-read-all-those-web-privacy-policies-just-take-a-month-off-work

        https://www.techradar.com/computing/cyber-security/you-need-a-whole-workweek-every-month-to-read-privacy-policiesand-thats-bad-news

        Minimizing privacy policies should be a high-priority goal for any organization that claims to value privacy.

        Furthermore, how many additional parties have access (legally or otherwise) to both Mozilla and Fastly? 🤷

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          1
          ·
          4 months ago

          i would like to see mozilla making all of these features as full fledged browser extensions (installed by default, sure why not, but uninstallable at user request)

        • jqubed@lemmy.world
          link
          fedilink
          arrow-up
          7
          ·
          4 months ago

          I remember when Firefox was brand new over 20 years ago and one of the reasons for creating it was the main Mozilla browser had too much feature bloat so it was stripped down to just a browser and if you wanted more features you could add them in as extensions, putting just what you wanted in the browser and leaving out what you didn’t. It was great! Eventually Firefox became more popular so Mozilla switched their efforts to it and they’ve been jamming more things that used to be extensions in as features and bloating it full of features I don’t want. It’s one of the reasons I started using Chrome in the early days of Chrome but then of course that and Google started getting worse so I switched back to Firefox, but it still has its problems.

      • 𝘋𝘪𝘳𝘬@lemmy.ml
        link
        fedilink
        arrow-up
        9
        arrow-down
        3
        ·
        4 months ago

        I don’t trust Mozilla one single bit with my data as long as they have an advertising network enabled by default and use pingback telemetry for ALL actions you do in the browser by default that can only be turned off by changing multiple “hidden” about:config settings.

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          4 months ago

          It doesn’t, but when modeling threats we have to go be capabilities and not intentions.

          • Vincent@feddit.nl
            link
            fedilink
            arrow-up
            11
            arrow-down
            2
            ·
            4 months ago

            If we’re going by capabilities, then your browser maker can already see everything you do in that browser.

  • 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    English
    arrow-up
    26
    ·
    4 months ago

    I actually use fakespot a lot, but will never install an add-on for this.

    I got that notice a few months ago, but I didn’t use either button on the bottom. I used the X on the top, and haven’t seen it since.

    <rant>I thought we were done with the age of Toolbars, but here we are, back there. An app or add-on for every damn thing. No, I don’t want this integrated into my browser. No, I don’t need your HTML5 app on my phone to do less than the webpage does. No, I don’t want your spyware app to view the one-off Twitter, Facebook, or Instagram link a friend sends me. No, I don’t mean ‘maybe later’, I mean ‘no forever’.</rant>

    • dejected_warp_core@lemmy.world
      link
      fedilink
      arrow-up
      13
      ·
      4 months ago

      but here we are, back there.

      The upside is that if you’re ever prompted to install a thing to your browser to use a site’s features, it’s because the built-in sandbox is too restrictive for what they want. It’s an immediate red flag.

      I also view prompts to “use our (phone) app” the same way. I’m already seeing your site, in my browser, with ten different kinds of adblock and tampermonkey scripts running. I already have what I want, and I’m not letting you anywhere near my data plan.

      Clearly, it’s time for a “no means no” extension.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        But the thing is, most people don’t think twice about it, and just go, “meh, why not, what’s the harm?” and install it, which tells those scummy summersons that “we” want this, and they keep pushing it, and making their site more and more useless without it, to the point, where ‘desktop view’ no longer works (I’m looking at you, Facebook, Twitter, Instagram, Google, to name a few).

          • 𝕸𝖔𝖘𝖘@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            I never explain exactly why. I skirt. “my phone isn’t compatible with your app”, “I don’t have a modern smartphone that works with your app”, “I don’t install apps on my phone”, “I don’t have space on my phone for your app”, “I only a work phone, and I’m not allowed to install anything”, and so on. They don’t care about your privacy, so don’t give it as a reason. “it’s not about privacy, I’m just poor”.

  • ssm@lemmy.sdf.org
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    edit-2
    4 months ago

    The real reason people want to revoke the second amendment is so Mozilla will stop constantly pointing guns at their own feet.

  • z3rOR0ne@lemmy.ml
    link
    fedilink
    arrow-up
    19
    arrow-down
    1
    ·
    4 months ago

    Please tell me there’s an about:config setting to turn this bs off.

      • z3rOR0ne@lemmy.ml
        link
        fedilink
        arrow-up
        20
        ·
        edit-2
        4 months ago

        Nice. Thank you. For those who don’t click the link, it appears you can disable by setting these flags:

        browser.shopping.experience2023.active

        and:

        browser.shopping.experience2023.survey.enabled

        To false.

        EDIT: On finally getting back to my desktop and disabling these, it looks like there’s a bunch of these browser.shopping.experience2023 flags. Some of them set to true, others false, I just set them all to false.