Re: Re: Connection at browser first run or update

[chippy]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, 2024-06-11 at 13:53 -0400, Mark H Weaver wrote:
> Earlier, I wrote:
> 
> > In general, I'd prefer for IceCat to only generate network activity
> > that's needed to perform the actions explicitly asked for by the
> > user,
> > or called for by the web sites that the user explicitly visits.
This is exactly how every software (Operating Systems included) should
work.

But everybody is having this user data frenzy. ¯\_(ツ)_/¯ 
They don't care what use is made of the data.

Take those so-called privacy oriented browsers, even tor-project went
that direction with their clearnet browser.
Just run it within a network namespace and sniff the traffic you will
see how discrete they are.
Not to mention the other ones (WF LW etc), where they change the user-
agent so perhaps they can prove the amount of users to potential buyers
(?).

BUT THEY ARE OPEN SOURCE... SO LET'S TRUST THEM(?)

it reminds me of subseven, do you remember that? they would swap the
controller with the virus itself, so if you tried to run it you would
get the RAT instead.

> I forgot to mention one important exception to this general
> preference:
> 
> In its default configuration, IceCat transparently redirects requests
> to
> certain popular websites that would require running nontrivial
> nonfree
> Javascript code on the user's machine.  Note that this redirection
> behavior can be easily disabled, if desired.
> 
> In most cases, it should be possible to work around nonfree
> Javascript
> code via the use of free extensions running entirely on the user's
> machine, without redirecting to third-party websites such as
> Invidious
> instances.  I would be glad to move IceCat in the direction of fewer
> redirections and more workarounds implemented within browser
> extensions,
> provided that the user experience is reasonably good.

I've been reading around that, according to first time users, Icecat is
"unusable" and "it breaks all websites". 
Well we know that it is not entirely correct but my question here is:
Do we want to promote Icecat to new user? 
If so why can't I use ebay with a fresh installed Icecat without
whitelisting lots of stuff? 

Unfortunately this happens because of the combined effects of the
bundled extensions.
This almost relegates Icecat to be used only by it professionals or at
least by people who can tell bank.com from bank.scams.co

On top of that users cannot remove extensions...
...I made a build with no extensions (with a different name and
branding) to be used by selenium and without advertising about it
anywhere except a readme on a project on codeberg, is getting more
downloads than Icecat Itself.
This says a lot.

The point here is that we want users to run free software, but the
underliyng reason for this is that we don't want users to get trapped
or spied upon by the software. 

So wouldn't be awesome if a user could install Icecat and buy something
off ebay without sending telemetry to mozilla and some other
advertisers? Isn't this already a huge step forward? 

> 
> The motivation here is that IceCat aims to enable users to use the
> world
> wide web without running nonfree software on their machines.
> 
> What do you think?

I would say: but why do we want that?

The ultimate reason is not just running Free Software per se, because,
friends, I spot a lot of Free Software that comes with trackers and
more, just take a look to the "Buffalo" mozzarella I made
https://icecatbrowser.org/mozzarella (thanks to the initial project!)
and check if your favorite extensions send out data (and to who!). You
will be surprised. And that's just a very superficial analysis.
So, for me Free Software is not at all enough, I'm afraid.
For me programs should not contain in their code anything that phones-
home or track and report users activities.
Also there is no guarantee that released binaries from a given Free
Software project are built with a certain free software code.
Should everybody compile their software? of course not, otherwise with
this attitude we should build our cpus by ourselves.

Aren't we near-missing the point? If we only want free software then
what about tracking the users by only using free software? Is that
okay?
I don't think so.
Why focus only on the License like free software couldn't contain
malicious instruction? why assuming that people will check? We can't
check them all.   

So far I even found some FF extensions that claim to have a Free
Software License, but then their code is nowhere to be found nor they
have such license on their websites.
(https://icecatbrowser.org/mozzarella/extension.php?id=323621 ) This is
a nasty one.
Also there is another one that downloads a windows executable and tries
to run it...(the magic of javascript: it can do anything the user can
do) (still have to find which one, needs some work on the logic of the
spider I guess...).


Am I gone too far already?
Thank you for your patience.
> 
>     Regards,
>       Mark
Chip

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHjsOxo2lYlkBceyyzUfEn4QpaccFAmZqw44ACgkQzUfEn4Qp
aceSLw/9HKwSl5QQ0I2MLOgq6YZryFer0yJiEOTdWtCh9sT4Wv1OuF9FBt5To7iS
htukExbLiGOmoICNq2XozTtuxVm3C9KT2iwnMDe3/bjn+M/3s9K5AiaxRHuBmqXG
Yn0/4/3mxBPcD8Dq5hqo5w6SfJfI6csU+KtcVo57H/OW/5D6J8L7tgY/u4ZRAULk
LQ1N8/TMWvM42cdjLuCgdsWaSPNOE7UkInh6hj/f1lR8ak8qMG78s7AdMXwxFpWS
nlx/Kkqrzi13V8Al+KZpw5Yu9FD0807OFEwc3b1RrWvA+R4IQXIs+3/B1LuI8PoY
kpmoZhU78JVkMQW4PSnxISO8bhRmCehx94Niz8rp9Uf/Ihcc4YXzKZYUxuQLzeEo
M1Jyh//vNJ1dJNpdpy0PqngoXMA1jzAc9F4BDifWgh/7p9MuXSKuSSo+lpTzKUzn
m78QOVE7tr/p+4JJ6tJNnLlVueG2bIHdflNRavdIdUH03Vb+uhP5FQgYlWURWjoR
jdr/HWSTtSf2dDfEzUUpGrAR0st5JGS20PqnExd2B6VU0aabqe98R1qk+Ap8WfGX
PR1EJrfEKO4qslE4WrBSopJoWxTfHogXGthdBbPkgfVVKFiEjpAnM7W+vwKqZf3H
jFuOnkqsy432iFMiGtZ3DtVLvf7WfE1aQkdHUsCUJErboqcqlIY=
=mKO+
-----END PGP SIGNATURE-----