There’s Mozilla Monitor: https://monitor.mozilla.org
Corporate lawyers tend to be …optimistic. And then management will put a risk calculation on top of that. As a result, most larger companies violate the GDPR. See the popular use of Google Analytics or Microsoft 365, for example, which are illegal in the EU, if you ask a DPA¹. Giving them a reality check is never a bad idea.
¹) https://www.imy.se/en/news/four-companies-must-stop-using-google-analytics/
https://news.itsfoss.com/microsoft-office-365-illegal-germany/
Mozilla pays for a premium subscription to Google Analytics, which allows them to opt out of data usage by Google. So, obviously Google still aggregates the data, but only for providing reports to Mozilla. Google may not use the data for their own user analysis/tracking, as they would do without the premium subscription. Otherwise, Google would be in breach of contract, which would be an easy lawsuit with high punishment for Google.
You can find a detailed description about Firefox Sync’s design in regards to privacy here: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/
They did not say that there’s no relation to politics at all. But we do not need to hold a particular political position to agree that the government should not censor people’s opinions.
It only starts to become a right-wing talking point when liberally applied to everything else. When even government officials argue your opinion should be censored, because it is critical of their opinion. That has nothing to do with the actual free speech principle. Quite the contrary.
The JVM languages (Scala, Java, Kotlin) usually have decent-quality libraries and tooling. The Rust community loves to pump out high-quality stuff. And well, a bit more unusual, but I would have high confidence in Haskell or OCaml libraries, too.
It’s mainly JavaScript and Python where the whole ecosystem is built from the ground up with a “good enough for my script”-attitude. Oh, and C is out for manually managing memory.
I considered whether you can fault them for that, but I do think, I’ll fault them for using Python in a security-relevant context.
You get so little assistance from the language tooling and a lot of Python libraries have low code-quality. Especially the whole asyncio system is so tricky to use, it’s extremely hard to produce correct code.
@rhymepurple@lemmy.ml did specifically ask about hardened Firefox, which literally means Firefox with configuration changes to make it more secure.
Having said that, personally I do think Firefox’s default experience is close to the best you can do for people that really just want to install without thinking about it.
Going beyond that quickly results in broken webpages. And broken webpages require that you know what you’re doing, so you can unbreak them, if needed.
From what I’ve heard in the past, Mozilla is doing a good job upstreaming work from the Tor Browser devs and putting it behind an about:config value, if they don’t use it in Firefox. So, assuming your hardened Firefox uses the right config values and browser extensions, there should be relatively few differences…
Oh wow, I had seen some people talking about telemetry in Go and thought this was about their proxying bullshit again, and even thinking that, I told someone it’s basically unheard of for programming languages to behave this badly.
And now you’re telling me, Google is actually behaving significantly worse still? 🙃
Possibly sacrilegious question, but what difference does it make here? The JavaScript that’s delivered to users is essentially a binary, and the source code to compile that binary is available. That’s how it’s done in other software, too.
And with PeerTube being under the AGPLv3, this also holds even when someone modifies the version of PeerTube that they host, as they have to make those changes available.
Love that that’s part of the quote…