4

Dot Browser – privacy-conscious web browser

 2 years ago
source link: https://news.ycombinator.com/item?id=28584630
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
Dot Browser – privacy-conscious web browser
I am super amazed to see a Gecko based browser. People always told me that Mozilla makes it virtually impossible to use the Gecko engine in other browsers.

Does it support extensions?

Also, what does this mean?

  > Protect your mailbox

  > We will offer to mask your email address when you sign up for sites or services.
s.gif
Historically, it was relatively easy to use Gecko to build other apps including other browsers; what has hard was embedding it inside of something else as just one component among many (i.e. you had to build the whole app using XUL). However, recent-ish (~2015?) changes in Gecko made this harder to do, so many apps that used to do this have switched to the Goanna/UXP fork of Gecko that retains that ease.
s.gif
XUL Runner was a relatively easy way to build apps, or at least their UIs, from markup. It's interesting that the approach has lived on, albiet through other implementations like Electron.
s.gif
AFAIK no one claimed it was "virtually impossible". Just more cumbersome than Chromium since it wasn't designed with embedding in mind from get go.
s.gif
Maybe a proxy service a la Firefox Relay
Holy cow, another Gecko browser!? I thought I'd never see the day. I commend the authors for that if nothing else.
I just checked out their Discord, they're panicking because the last published build is super old and looks bad. Probably best to wait a bit before trying it out.
s.gif
Open source projects using Discord for their community is sort of a red flag in itself.
s.gif
> We also have a Matrix room

Thank you!

s.gif
My apologies... as long as you have Matrix or some open source standard and a bridge to IRC or whatever, then it doesn't really matter that much to me. However, I would like to see true believers of "open" promote open standards as much as possible.
s.gif
"Privacy-conscious" and using Discord, quite a bit of cognitive dissonance. We need better messengers, not browsers imho.
s.gif
wow, the people here really like to shit on others when they're just offering their hard work FOR FREE.
s.gif
I love using Discord for my open source app [0] because instant messaging and low entrance friction makes it easy for me to find out what's wrong with the app when an user comes with a problem. Previously I only did email when users had a problem and it took ages to fix issues that I could not reproduce.

Why is Discord a red flag in your opinion?

It is indeed not very searchable, but I think there's always Github and the official website for more persistent information.

[0] https://lunar.fyi

s.gif
Whenever I use Discord, I use it reluctantly.

- no native clients, you have to run the official client either in a browser or as an electron app and using either of them consume too much resources and make my laptop run much hotter than it normally does

- conversations are locked inside discord, you can't search them outside of Discord, imagine if all StackExchange websites including StackOverflow just became another Discord server and the disaster that would be for people everywhere

So yeah, if a project or community I care about uses Discord, I guess I will use it, but reluctantly and with displeasure.

s.gif
Yes, the browser-based clients is something I don’t like either. I loved when Slack used to provide an IRC interface so you can use whatever simple client you want.

But the syntax highlighting is so good on Discord, that it makes it really easy to discuss technical stuff.

I would jump on a chat alternative that:

    • is Google searchable (like Gitter)
    • has good syntax highlighting (like Discord and Slack)
    • has CLI clients (like Mattermost)
    • has a low barrier entry for non-technical users 
        • sign in with Google
        • state your issue
        • get solution in a few messages
        • forget about it if you don’t need to be part of that community
s.gif
Conversations are locked inside Discord the same way conversations are locked inside IRC, it's a community chat rather than a knowledge base/QA like stackexchange.
s.gif
My major qualm with with Discord is the lack of multiple identities, and the anti-spam techniques being used by many "servers" that essentially require you share your profile and channel data. Also, if you add a phone number (some servers require this) then Discord won't let you remove it. I can only imagine the amount of data collection and telemetry they are doing as well.
I especially like the fact that it is based on Firefox.
s.gif
One of the biggest issues with a web browser is how to keep it updated with security updates. It's not mentioned how they are planning to accomplish this?

Also how are they performing ad blocking? Are they just shipping it with u-block origin or their own technology?

Not to put anyone down, but I don't think people realise how hard it is to deliver a secure and working web browser. They are basically OS scale.

s.gif
Moreover, I don't understand how having a built-in adblocker is seen as a selling point. Wouldn't it be more powerful to rely on a third-party add-on like uBlock Origin?
s.gif
At some point it's nice to stop tracking which browser addon has not yet sold out to sketchy third party and just let the browser do it.

Only one "purchasing" decision to make at that point.

s.gif
I know I can consistently rely on uBlock Origin, and they have established a pretty good reputation. Plus I really like the "block element" feature, an opinion I've seen mentioned here before.
s.gif
You could have made this same argument for AdBlock Plus a few years ago.

It was trustworthy, until it wasn't.

s.gif
To be fair, the same could be said of a browser fork.
s.gif
I trust Gorhill more than I trust Mozilla... let alone makers of a Firefox fork. Of all of them he is the only one with years of proof that he explicitly doesn't want money involved in the work. This project is already promoting sponsorship and Firefox is an entire organization that lives on selling their userbase.

These things don't make them inherently evil, the world isn't black and white and people doing good still need money, but it flips your idea about singularizing trust in the browser maker on it's head.

s.gif
That’s a weird argument when the browser project has multiple orders of magnitude less backing than the add-on.
s.gif
In this case sure, I was just making the argument for integrating ad blocking into the browser in general.

I would prefer a world where all browsers have integrated ad blocking, in which case I only have to make a decision on browser, not browser + ad blocking extension.

s.gif
Which makes me wonder... how is it any different?

Firefox itself already has some features to protect your privacy. Why go through the trouble of creating a whole new browser where a combination of tweaks in settings and maybe a plugin for FF would yield similar results?

s.gif
A great many users won't install plug-ins or alter settings. They deserve privacy too. (This is why Brave is proving popular, when FireFox + uBlock Origin has offered the same benefits for longer.)
s.gif
And for many people, Firefox (or Chrome, or Edge) will be the default browser.

Seeking out a different browser to use takes similar, if not greater effort than just installing uBlock Origin (or a similar extension, or a few) and possibly altering some browser settings.

Plus, there's the issue of trust - how many people can vouch for a particular browser, or an extension? If a malicious piece of code would get into a niche browser or extension, how long would it take for someone to notice and bring that to the attention of the wider community? Would there even be such a community? Or maybe if they'd sell out and the product would change ownership?

The more eyes there are looking at code and how it runs, the safer it is, or at least i'd argue so. Therefore, sticking with the popular options is probably better, in general. In this case, that would probably (hopefully) be Firefox with some addons.

I though all browsers and webviews are based on blink/chromium because that engine is embed-able, unlike Gecko.

This guy made a brwoser based on Gecko tho, props to him.

s.gif
I vaguely remember that Gecko-based browsers used to be more common.
s.gif
This brings memories of Camino in the Mac space and K-Meleon in Windows.
s.gif
That’s essentially because the leg work hasn’t been done to make it embeddable on most platforms, with the exception of Android (https://GeckoView.dev)
Love to see this. Just curious why I would use something like this over brave? I don't pay too much attention to my browser honestly. I am ready to be convinced to switch though :-)
s.gif
It doesn't have the arguably sketchy crypto, it doesn't inject affiliate links into URLs, it doesn't use an engine built by Google, and it supports the open Web.

The reason it supports the open Web is that Brave uses the Chromium engine used in Chrome, Edge, Opera, and basically everything but Firefox.

Firefox doesn't, and is the only thing stopping Google being the sole arbitrator of Web standards (and they do not have your best interests at heart.) Google is already abusing their near-monopoly; keeping Firefox market share high is helping stop it, though.

This browser is Firefox based, so it has all of those advantages.

s.gif
If there is not an extreme pivot in Firefox's adoption in the next 5 years, I believe it will be a dead browser. One thing I have noticed is that developers have slowly been forgetting or not motivated to work on ensuring Firefox users have same level features. For example, there are browser extensions for chrome that do not exist on Firefox.

These can range from popular extensions to smaller, more specific productivity extensions. As a specific example, there is a Zendesk extension that can help load all links you click load in a single instance rather than having multiple tabs. It uses Zendesk's built in tabbing system for tickets and is very helpful for workflow.

The problem is this is only a chrome extension, and no such thing exists for Firefox. This is one example but there are so many more, and more of those situations are happening over time.

That is a worrying trend. It means that the chrome browser has such a massive market share, that in a lot of cases worrying about Firefox compatibility isn't even a productive concern anymore. This will eventually end in life support compatibility such as developers putting up splash pages or in-page notifications for users to switch to a more compatible browser. I have already seen extremely rare instances of this, but not enough where I would consider it a concern yet, just an asshole move.

s.gif
I totally get this. It's worrying what Mozilla are doing, and since they're putting in little to no effort to get Firefox back on track I decided I had to help out.

Google's massive market share is seriously worrying for Mozilla and other browser vendors.

I switched to Firefox from Chrome over 4 years ago and I was disappointed to find some of my favourite Chrome extensions weren't available. I plan to add support for those Chrome extensions in Dot Browser by implementing those APIs and making them work in Gecko/Firefox environment.

s.gif
Sick. I think Dot has a real chance if Mozilla isn't willing to step up to the plate.
s.gif
No interest in landing those APIs upstream?
s.gif
> the only thing stopping Google being the sole arbitrator of Web standards

In addition to Mozilla, Apple (Safari) and Microsoft (Edge) also have significant participation in web standards. I'm really glad Firefox exists, and they definitely punch above their weight in the standardization process, but Microsoft and Apple are also serious participants.

(Disclosure: I work at Google, speaking only for myself)

s.gif
Google, Apple and MS are huge businesses who only care about their respective browsers as something that will help them reach some pretty unrelated goals. Mozilla's business, however, is closely related to the browser itself, which makes their incentives.. less misaligned. :) While they have made some questionable moves in the past, I still trust them a whole lot more than any of the bigtech.
s.gif
The crypto token seems like a way for someone who knows nothing about crypto to get dip their toes, with zero risk.
s.gif
It is evidence to me that Brave does not have the end user in mind and there is deeper malicious intent. If anyone isn't current on bitcoin, then the jist of it is Brave's entire BAT use case can be built on bitcoin, using lightning or things such as the liquid network side chain. They are aware of this.
s.gif
Really interested to see the mental gymnastics it takes to argue that implementing new features for the Web Platform--in open, freely-available standards that are negotiated with all the major stakeholders, including Mozilla, who is allowed to implement them whenever they feel like stopping chasing after shiny baubles and get back to developing Web browsers--is "abusing [Google's] near-monoply", versus Apple not implementing standards to push developers off the Web and into the App Store.

But sure, yeah, let's keep the Web Platform at early 2000s standards. Let's make everyone download apps from a small set of walled garden app stores. Let's force developers to submit to those app store review processes and potentially have their content blocked for whatever opaque whims the store has today (ever changing, with little chance for appeal!). And then they can just snoop on their users through the local, natively installed app, that has all the permissions granted under the sun because users don't read installation prompts. That's so much better for privacy.

s.gif
As someone working at Mozilla on web compatibility, I'm tired of people excusing Google like this.

I personally spend most of my time figuring out the Chrome-specific quirks that pages rely on which are non-standard, and the Chrome devs almost never fix before conjuring up some new, ill-defined "standard" that they ship to production before others have even had a chance to figure out the last three.

It's maddening, especially when you look at Google's not-so-sterling track record just with major new "standards" like Web Components, WebRTC and Pointer/Touch events, not to mention how often they ignore Chrome's spec bugs until the web is reliant on them, and other vendors have to change their behavior and the spec to match them. Folks always seem to ignore all of the trouble Google causes, and just think "ooh, shiny new toy! Google good!"

Just imagine trying to implement all of those "standards" while Google is constantly changing them, under-documenting everything, have no reference implementation aside from the one they ship that's deeply tied to Chrome, and expect you to work on their time frame. All while not fixing bugs in the last two new APIs they pushed out, while pushing out two more at the same time. You wonder if they're doing it on purpose so no matter what the "standards" say, they just wait for the web to become reliant on their bugs, and then everyone else has to figure the whole mess out for them, like glorified janitors.

And then you look at the backlog of things you'd like to have fixed instead of figuring out the latest interop issue with some quirk that has a crbug open for three years, and the new privacy APIs and features you'd like to push and you start to feel a bit burned out. So you hop onto HN only to see yet another comment like yours, acting like we're doing nothing at all except "chasing shiny baubles". It's enough to make me wonder whether people like you actually care about the web at all or just want more half-broken new APIs to complain about.

s.gif
Thanks for writing this. 100%
s.gif
I occasionally read the Brave Blog:

https://brave.com/blog/

The technical requirements and research that needs to go into a web browser to ensure it's secure & private makes me skeptical that Dot Browser or any open source browser is going to be able to achieve those things without serious financial backing.

Happy to be proven wrong though

s.gif
that's kinds stupid. They wouldnt tell you about the negative side. Brave used to farm cryptocurrency from their users. look up their wikipedia page if u wanna read more about it, u probably not gonna find it on their "blog"
s.gif
because Brave may inject your browser to farm cryptocurrency. Read their wikipedia page to learn more
I’m happy to see that my suspicion seeing the screenshot is correct! A Firefox-based browser, what a miracle!

This may be worth it for the UI overhaul alone, but someone fix Mozilla‘s piling up bad decisions is also badly needed.

Is there anywhere that info about the adblocking and email masking has been published? The idea of this browser looks amazing. I hope it has good support for adding vim style keyboard shortcuts via extension or otherwise.
would be nice to:

1. explain what is email masking on the website (I had to google it). 2. indicate whether you plant o create a driver and/or whether the browser is compatible with the already existing gecko driver

I admire the work that has been put into this browser. Seems nice so far and am looking forward to where it goes in the future.
Looks like LibreWolf with email masking.
It's not clear how it is different from Firefox. What features does it have that Firefox doesn't?
s.gif
Looks like built in ad blocker, email masking, and no telemetry
Most recent nightly build is from 2021-07-24: is this an active project?
I remember hearing about this a while ago, but back then it was based on Electron for some reason.

Looks like it has been completely rewritten since then?

Edit: https://medium.com/dot-blog/saying-goodbye-to-the-electron-v...

s.gif
Yes, it used to be based on Electron. Although the date on the blog posts is off because we migrated our old blog posts to Medium back in June.
As a Firefox user I'll never really consider a Chromium-based browser, but this is interesting!
s.gif
Correct me if I'm wrong but isn't Dot Gecko/Firefox based, not Chromium based?
s.gif
Sorry, guess my sentence wasn't clear. I meant that _because_ it isn't Chromium based, I find it interesting.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK