I don’t know anyone that works at Meta, so I’m hoping that someone here could answer this for me-
What makes employees there feel good (or at least okay) about doing stuff like this? You're spying on people, no? Surveilling ordinary people, not enemy combatants or foreign militaries? Perhaps a friend of a friend or even a family member? This kind of thing is so creepy and disturbing to me, not that it’s anything new…
The sad reality is that this behavior gets normalized in the name of making money.
For employees it gets normalized at the first signal that your livelihood might be affected if you don't comply.
As someone who's privacy conscious, it's an uphill battle to convince co-workers to actually follow laws instead of trying to find loopholes.
I've worked at places who collect every possible data point and distributes it willy nilly in Excel spreadsheets posted in Slack. I raised it to a CISO and the response was "all that information is available for everyone anyway via the interface". I know a German company requires you to "accept" data collection and processing in order to settle a debt. I reported this to their legal department which I personally knew a person and they said they'd "look into it ASAP" two years ago.
In the end people just roll along with it. I know this is unpopular, but the only forward I see way to prevent this from happening seems to be using courts and tightened legislation.
It's not a complete answer but I've seen talking about the costs help. That's what's making them overlook things anyways.
What they see is dollars now but not dollars later. Often these data issues can rise to the level that it could destroy the entire business. You might be called a party pooper, but truth is people like this want to keep the party going. It's hard to understand that sometimes keeping the party going means saying no. But it's just the same dealing with drunk people, say no by saying yes to something else. Like presenting another solution. Though that's way easier said than done...
Just remember, everyone is on the same team. People don't say "no" because they don't want to make more money. A good engineer says "no" a lot because your job is to find solutions. It usually sounds like "I don't think that'll work but we might be about to...". If you stop listening without hearing the "but" you can't solve problems, you can only ignore them. Which *that* is not being a team player.
We're always rushing and the truth is that doing good is much harder than doing bad or "evil". I put it in quotes because it's very easy to do things that are obviously evil post hoc but was done by someone trying hard to do good. So I find this language to be a problem because it is easy to dismiss with "I'm not a bad person" and "I'm trying to do good". Truth is that's not enough. Truth is mistakes happen. We work with asymmetric information. It only becomes your fault when you recognize and don't take steps to fix it (or active ignorance).
Sometimes things take nuance. Sometimes it takes more than a few sentences to convey. But who reads longer anyways?
Yes. It was judged illegal a few years ago in several countries, and German courts recently ratified the decision.
I'm pretty sure if the debt itself ever goes to court, the debtor can argue that they can't even enter the website. On the other hand this company is a bit of a shitshow so good luck having the website work haha.
I don't care. I won't starve, live in my car or go hat-in-hand to my relatives to cover for rent. I did that for years while attending primary education and I will happily ruin whatever little middle-class pastiche you're so desperate to protect if it puts a roof over my head. I personally know dozens of people who would quit their job to subsume that compensation. The fact that it's all legal? I won't even remember who cares by the time my head hits the pillow. It's a problem for someone else.
You hate ads? Surveillance drives you nuts? This is the consequence of a dysfunctional government. You can protest the businesses all you want, it's their job to be apathetic. Make a big show of it, take off your flair and tell your AWS or Apple manager exactly how much all it sucks. They'll nod, write it all down on a legal pad, put it in a folder and refer to it when your next employer calls asking for cross-references. It would all make for a very touching scene of career suicide, and then your replacement can have a technical interview scheduled in by the end of the week. That is the sum of damages you can enjoy as the fruit of your protesting this company.
It's funny how much Americans care about their legacy while doing nothing worth remembering. A Microsoft employee who donates their disproportionate wage to an animal shelter is doing more to benefit the world than some shmuck who got mad at capitalism for the fly in his soup. John Carmack worked for Meta, and still has more of a legacy than every "hacker" on this site combined. If your identity is so shallow that it's defined by nothing other than the person who pays you, you have more serious issues than finding an ethical employer.
Meta or not, people don't like being fired or being threatened to. Period. They like the comfy job.
But don't ask me why. I'm a troublemaker. I bring up this stuff, I talk to CEOs, I refuse to do stuff that breaks the GDPR or other laws, I got people to scream at me for being stubborn. Other people aren't like that.
I agree with you. To clarify my comment a bit. I’m confused why a software engineer of Meta caliber would even APPLY at meta to begin with.
I suppose $400k comp instead of $350k (making up numbers here) is worth selling your soul for these days? These are people with options, that’s ill i’m saying.
If someone talked to me this way in the real world it would be the last time I would ever interact with them. It’s a Redditism used to express incredulity that the parent commenter could be so stupid as to have posted what they posted. It adds nothing to the conversation and doesn’t belong here.
You're reading a lot into two words there. And someone probably has said "um, what?" to you in the real world; but you wouldn't notice because it is a common pattern of speech.
The internet will be a remarkably combative place if that is the standard you set for when someone calls you stupid - it'd be a lot better to only read that into a statement if it actually gets explicitly said.
No, it's not, it's among the same vein as "huh?" - it's a thinly-veiled attempt to paint opposing view points as so stupid that you literally cannot comprehend them.
But you can comprehend them, we all can. So it's just abrasive and annoying. You can express a conversational tone without being an asshole. You don't need to act like your conversational opponents are super far out there or crazy or whatever.
it’s how i talk in real life when I'm completely confused by someone’s comment. The tone matters a lot - which is hard to express in a text medium. Emojis can help with this a bit but no emojis on hacker news. :)
Generally employees put the responsibility on management. As everyone has a higher up they answer to, no one feels personally responsible. From the top down, the concerns of how things are actually implemented are often too abstract. Combine these dynamics with institutional echochambers and group-think.
Employees just want to make it to the weekend. Execs want to hit their targets. Sales dept. needs their bonuses. The board wants to pump valuations.
Yes. Was my same first thought. Same thing that happened in Germany:
"The banality of evil" how Hannah Arendt described Adolf Eichmann's excuse that he didn't bare any responsibility since he was just doing his job...
Not Meta but I once got yelled at not by a real manager, but by a PM because I said I wouldn't let the team do something shady without legal signing off. I'm in Europe so it was GDPR related.
The PM tried shopping the task to other teams, but nobody took the bait after I raised it publicly, and both legal and the external law firm sided with me after about three months of delay.
In the meantime I raised the topic of yelling with HR but every step of the way the company made me feel like I was the one in the wrong for not complying.
I believe if I were meeker I would probably have complied right there.
Eh, software engineers throughout the ZIRP had the choice of working at plenty of companies. People chose to work at Facebook for the money disregarding all other concerns. That's it.
Money, it's just business. I think every big corp is morally bankrupt (otherwise they wouldn't be big). There are some exceptions, of course, if a company found a sustainable way to monetize their output.
This is basically it. There are a dozen ways to become huge, and they all are essnetially anti-humanity.
There's an expression: normalization of deviance.
This is where we are now. People idolize others because of their wealth, and that wealth is always gained by means which are ultimately harmful to the greater population. Even the wealthy philanthropistMS which will remain unnamed acquired their greatness by cheating and stealing. But as long as you make a great show and give it all away eventually (while living lavishly the entire time), you look good.
As a 90s teen growing up with Grunge and in a DYI punk scene, I remember my youth being a lot about authenticity, and it felt weird reading about how the 80s were all about money and fame and how selling out was ok.
To me that sounded absolutely absurd and a freaking caricature, something out of "American Psycho".
Today I was just discussing with a friend how we're perhaps even more materialistic and cut-throat...
A fear of mine is that we are speedrunning Cyberpunk 2077. And that’s not something to expire to. It’s a bleak no-hope hell.
Hope is about finding and using that moral compass. To change worse outcomes to better outcomes for everyone. The “I’ll take mine” or “My group needs to win” attitude is poison to yourself and to the world, and if you don’t see that your conscience is blind or broken.
This is nothing new, in numerous books on moral philosophy and people who have been in these situations have spoken out on it.
As an old-school leftist that feels politically orphaned, I feel like there's a huge group that is hating all the current bullshit. Even terminally online people.
I don't see a way out, though. I just hope we can leave a planet for the animals.
EDIT: On the other hand: the internet is already a dystopia if you look closely. Maybe it will prove to be a fad and people will go back to their lives. One can hope!
> There are a dozen ways to become huge, and they all are essnetially anti-humanity.
Offering customers lower prices is a way to gain more customers. Software allows for automation and efficiencies of scale. The end result will be a few big organizations that win, without cheating or stealing. (Although, there most likely is cheating or stealing due to other factors).
But I would not classify the success of most larger modern businesses solely due to cheating or stealing. It was simply being at the right place at the right time and executing correctly to take advantage of developing technologies to take advantage of economies of scale.
In this specific case, I know my family and friends benefit greatly from the “free” instant communication and file transfer capabilities that Meta offers (WhatsApp). There obviously might be costs, but international communications have been made far, far cheaper and higher quality due to WhatsApp.
The problem is that there aren't ethical ways to build a sustainable business, it's that unethical businesses have all those options and then also all the unethical ones so they will always come out ahead.
Its way less bad than some investors ie on Wall street or arms/military business, by huge margin. Folks scamming old people out of money or encrypting their HDDs for ransom should be shot in sight. But - this topic affects billions very directly, and its not about the effect now, but helping general direction which is outright evil by any moral standards.
I can pull out usual godwin's law plug but I guess we all know what would be there. People like to feel great about themselves, its subconscious. And if slightly tilting reality in their favor can achieve that then what's the problem, right. Again, this is not a conscious decision so most don't even notice that, and who would complain about feeling better about themselves.
Old enough, when you want to see such things like these biases in people around you, its very easy once you start looking for them. I guess we really are all heroes of our own stories (but what I mention is far from uniformly distributed, some folks are really stellar human beings and some opposite)
Buy they very actively push and lobby to end those peaceful times, ie second Iraq invasion for completely made up reasons, or stay in Afghanistan way beyond anything reasonable, when it was clear there is no winning possible.
Big companies are paperclip maximizers, for money instead of paperclips. It’s strange how many people can see the danger of a hypothetical nonhuman intelligence with a goal of making as many paperclips as possible, but not the danger of actual nonhuman intelligences with the goal of making as much money as possible.
In theory optimizing for money long term should align everyone's interests. The problem is that (for a number of reasons) public executives have far more incentive to be short sighted.
No, it doesn't. You're assuming that markets have a computational efficiency and smoothness that simply isn't there. P != NP.
Markets are a heuristic based around mediating between the interests of different parties precisely because the overall problem is computationally hard. If markets achieved the kind of optimality you're thinking, then top-down central planning would also be workable.
Sure, but the usual counterargument is that the air and water need to be made legible to the market (through private ownership or the correct externality taxes), and then everything will be perfect. While in reality that's demanding a level of computation from markets that they simply do not possess.
History suggests there is no shortage of people who will throw all semblance of morality away as long as they are surrounded by people who they believe have done the same. I almost think the people who are not willing to cave in this way are the rare ones.
I've heard people justify working there (often to themselves) by saying things like, "If I don't do it, someone else will. So, I may as well do it and make virtuous use of the money."
I think some people also tell themselves that they'll be agents of change and fix things from within but that almost always winds up being another self delusion at worst and impossibility at best. There was a certain amount of this on display in Careless People.
The snowflakes don't run the company. If you work somewhere that is designing a really big gun and the CEO uses it to commit an awful crime, you don't share the blame for one person's irresponsibility. It's not a satisfying answer, but it really is up to executives to decide where they draw the line. Nobody else in the business can say 'no'.
Likewise, when we blame IBM for supplying the Nazis during WWII, we're not decrying the enthusiastic early database workers. They aren't the problem; executives without morals are.
> we're not decrying the enthusiastic early database workers.
Well, you're not. However:
Black reports that every Nazi concentration camp maintained its own Hollerith-Abteilung (Hollerith Department), assigned with keeping tabs on inmates through use of IBM's punchcard technology.
suggest that a good number of these "early database workers" were working directly with Hollerith codes on human flesh and tasked with the identification of Jews, Roma, and other ethnic groups deemed undesirable by the regime, along with military logistics, ghetto statistics, train traffic management, and concentration camp capacity.
You might argue they are no more responsible for concentration camps than concentration camp guards, but these are the people punching holes in cards and filtering them with knitting needles while looking out the window at piles of shoes and gold teeth to tabulate.
With different executives, that might not have happened. With different tabulators I don't think anything would have changed. You're not really disproving my point by emphasizing that the end operators of these machines were typically Nazis.
There are many industries which are inherently hostile to users, insurance, betting, marketing, etc. If you ask people if they feel good about enabling the kind of things these companies tend to do, you probably won't get an answer. I don't think Meta is an outlier here nor are they the only one. Even across other industries you will find many questionable practices in usual operations. If pushing the boundaries of ethics gives a business an advantage, you can guarantee that someone will be doing it, and eventually most will be doing it. It's simply the natural tendency of any system with competing entities. The question we should rather be asking is, how do we tweak the system. What can be done to disincentivize pushing the boundary like this?
The question is how did a social media company end up so shitty it is now compared/it's behavior equated to insurance companies? Insurance companies are required to control payout, and people expect that. The level of stuff Meta does is not required, nor do people think/realize it is as hostile to them as an insurance company.
In the past, people aspired to work at cool tech companies. Devs aren't lining up to work at insurance companies. I never worked in the industry I went to school for because the only jobs when I got out of school were for weapons. At this point I feel the same way about social media, I would never work at such a 'make the world as bad as you can get away with' industry.
Finding a company less bad for the world than Meta isn't very hard. They pay really well to compensate, so people will rationalise working there of course, but "everyone does it" is just a way to dodge responsibility for your own choices
If you value money over other people, it's a great place to work though
It should be noted that no ethically -trained software engineer would ever consent to write a DestroyBaghdad procedure. Basic professional ethics would instead require him to write a DestroyCity procedure, to which Baghdad could be given as a parameter.
In principle, I think most people believe their morals would prevent them from working at a company like Meta.
On the flip side, how much are morals worth if you have the opportunity to be financially free?
There's also the opportunity to work on interesting problems.
Anecdotally, of course, I know a Meta engineer at the L7 level (generally staff engineer in these large tech companies). He makes over seven figures a year, 75% of that being from stocks. The money is there.
I am not even sure most people could articulate their morals. It's not just about never having heard about things as moral absolutism or consequentialism. Similar to how atrophied people's understanding of sympathy and empathy is as well.
Are the people working on the interesting problems doing most of the spying?
I'm sure there's overlap like people working on AR scraping images of people's homes to build better models but they also do a ton of research where they use open datasets.
I'm curious what this distribution is.
I'm also curious what the answer is for just average programmers. Meta has like 70k employees. Surely a lot of them aren't doing interesting stuff
Sure. There were also a lot of very normal people. There were people trying to take down Nazi from the inside. And there were people that were genocidal maniacs.
It's not like one day all of Germany turned evil then a few years later turned good again. Framing things like that is unhelpful. It makes evil seem cut and dry. Trivial to identify. That's what authoritarians thrive on: oversimplification. Everything is easy, it's not your fault, "it's so simple, you just..."
All that accomplishes is letting evil flourish. Gives it time to grow and set root. You're just being dehumanizing yourself.
I know it's not so hip here but the answer is money. You go to work for money. It's not to socialize, not for personal growth, and not for charity. If I want those things I have hobbies (including hobby programming.)
Most people would say no if they were offered a full time salary to spy on their friends, steal their data and act in a overtly unethical way every day. But these companies give them an abstraction layer.
There are plenty of things you can do for money that are not (or are significantly less) unethical.
> What makes employees there feel good (or at least okay) about doing stuff like this?
I got this exact thought IMMEDIATLY (yet again) and posted on it here as well, putting my two cents in.
This is totally unacceptable for a software engineer to implement features like this simply because their company told them to, doing what the company tells them to makes them money, so they do it.
No apparent thought into whether they are creating is harmful, or caring about it.
I've given up on any anger directed towards the company itself. They will make money any way they can. Now, the engineers who actually implement it bothers me, because it is clearly not something that should be built.
To me, I don't care how much I'm being paid or how bad it would be to lose my job at that time.
I would resign before working on features like this and deal with the consequences.
Optimization with the objectives we have today, and more generally financialism are all about splitting up end-to-end tasks into pieces and removing redundant common work. This is obviously good...upto a point. It gets bad because morals and a bunch of other stuff also gets split up.
Like someone mentioned below, it's unrealistic to expect people to think about second or third or nth order effects of their job. Heck, those effects are not even visible in 90% of cases.
To answer your question, the engineer at meta is just building a graph database. It takes a `void* node_data` as argument. Another is just building a kafka-clickhouse data pipeline that can transfer so many millions of `void* message`s a minute. The android engineer is just improving the percentage of requests without location data by using wifi ssids as fallback. The CEO just sees "advertising revenue WoW" in his dashboard. And so on. That it is actually being used for spying is many steps away from each of them -- OK, in the case of meta I'm sure the employees know to an extent. But it's still very different from the feeling they would get if they were doing the end-to-end task themselves.
It's the same thing with other questionable products. It's split up sufficiently across the supply chain that no one is actually aware enough of the task end-to-end.
In some cases, the same participant in the supply chain will be a supplier for something really good and necessary..but they will also be a supplier for something despicable. In this case, it is easy for everyone involved to sweep the latter under the rug.
As far as I have thought about it, there is no way to get rid of this larger problem without also losing the (unfathomably massive) benefits.
It is the same process whereby websites deploy Google Analytics. They are getting value by harming their users. They easily rationalize and justify it.
Meta pays a lot. Most people there don’t work on the shady stuff and don’t pay attention to what else is going on.
That’s generally the case for everyone I know who works there.
Many of them are even quite liberal and will join protests for things that Meta has actively and negatively played a part in, so they’re in effect protesting their own workplace indirectly. But will continue to work there because they can compartmentalize this.
> What makes employees there feel good (or at least okay) about doing stuff like this?
Would someone explain in plain language what is wrong with an app listening on a port for messages from the browser? It seems like a helpful asynchronous method to maintain state between browser and app.
The same reason people eat meat. The reality of what happens behind the scenes to produce meat or their paycheck is carefully hidden from their sight, and when it's hidden, it's easy to convince ourselves that we aren't some monsters who run concentration camps with cows and pigs in them, but decent humans who have taste for medium rare steaks.
What Meta does to society is more insidious: it gets people addicted to content so it can make them eat a poison for their minds, so-called ads. Surveillance is just method of making the ads more invasive, tailored to each user individually.
Nobody is stopping you from making whatever you want and putting it out there in the world. If you believe strongly in a different order of things, go for it!
Same thing at Google or Apple. Google has everyone’s email
and browsing history, Apple has the complete copy of everyone’s iMessage and SMS history (in the non-e2ee iCloud backups, readable by Apple).
Anything these companies know, the FBI and CIA can know, without a warrant thanks to FAA702 (did we all forget about PRISM?).
The state now has leverage over almost every normal citizen, thanks to what these companies have built.
+1 for “money”. how many years until AI makes everyone’s job obsolete? do you really think countries like the US have their citizens’ best interests in mind? i’m guessing Forced Meaningless Labor (like the cartoon prisoners hammering rocks) is more probable than Universal Basic Income.
Getting privacy advice from an adtech funded outlet sounds like reading democracy advice from the Chinese ruling party or vegetarianism advice from lions to be honest.
It might be correct-and-incomplete but they just have no credibility on the topic.
WaPo is dependent on subscription revenue, which is more than 2/3rd of their revenue.
Advertising revenue is less than a 1/3rd of their revenue, and dropping fast. Ad revenue from more than 50 million visitors is less than subscription revenue from 2.5 million subscribers.
If WaPo was dependent on ads, they would have taken steps to increase accessibility to articles, but they didn't and haven't. Instead, they're restricting more and more content to subscribers, because ultimately subscribers are the ones that keep the lights on.
In no world is a third of revenue a "small fraction", especially with such big losses, so you won't be able to argue out of this simple fact that it's dependent on ads.
> and dropping fast,
Just like the number of subscribers and subscription revenue?
"But their omission of Adblock in this article means they can't be credible."
But adblockers do not fully solve the problem that the article is focused on. Namely, the use, e.g., by Meta and Yandex, of websockets in closed source mobile apps to listen on a loopback address for requests by mobile browsers, e.g., for tracking pixels.
There are approaches to prevent such tracking that do not necessarily require adblockers running in browsers. If the article mentioned Adblock but omitted other approaches, then does that mean the publisher is not credible.
You’re not wrong, but there was a time many of olds remember when editorial content and commercial concerns were firewalled. It used to be outrageous, and usually wrong, to suggest an editorial position was contingent upon a business benefit for the media outlet.
They're more tightly bound than that. They're dependent on Google Display Ads. Which really makes their whole diatribe that much more pathetic.
Any media company that decided to traffic the ads themselves, from their own servers, and inline with their own content, would effectively be immune from ad blocking.
> Ditching these deeply invasive products remains a good idea
While still allowing random third party javascript to run unchecked on a parent website.
> While still allowing random third party javascript to run unchecked on a parent website.
Lol, why are you commenting as if somehow allowing it to run negates the other good ideas in some way? Obviously some is better than none, and all is better than some, but each step takes more effort.
It’s odd that orgs like NYT don’t run their own ad services. I’m sure they have a dedicated department for ad sales for physical copies. They’re large enough that companies would work directly with them. And they would have at least some editorial control on what is displayed on their site.
I've worked for a few companies that had ad placements. I wasn't too deep into that side of things, and it was a long time ago, but as I recall, at reddit there was an in house ad auction platform. If there wasn't any ads sold for the period, we'd either show in house ads (think the old reddit merch store, pics of animals, a pic of one of the reddit staff with a paper tube on his forehead to resemble a narwhal, etc) or ads from a network like AdSense. Once upon a time this actually caused issues because there was malware being served from one of those and networks
Hosting the ads on the same server as the content is done in some cases, but doesn’t result in any immunity. If the ads are sufficiently annoying, it only leads to a merry little game with the adblocker annoyance list community, where they figure out new regexen to block the content, deploying daily. Bypass the blocks too effectively, and the adblocker will accidentally start blocking website content. Users will assume the website itself is broken, and visit less.
Self-hosting ads is not really a winning game unless your ads are non-animated, non-modal static text and images.
But I am glad they are pushing people toward other browsers because that is the biggest step. Once you have taken that step, installing the most popular extensions is trivial.
Does the ad blocker prevent leaks of your information?
I know it blocks a use of your information against you (targeted ads). And any external source is a potential leak (e.g. the kinds of things that CORS is supposed to reduce).
But does an ad blocker specifically leak more, or just reduce the incentive to collect that information?
A full-featured ad blocker (uBlock Origin original, not the neutered Lite version that runs on Chrome now) will intercept requests at the network level and prevent your browser from requesting the advertisers' JavaScript code. Your browser not only won't show the ads, it won't run the code that was supposed to show them or even send a request to the advertisers' servers.
This blocks most existing tracking methods. The only thing you're not protected from is first-party tracking by the site you're actually visiting, which is impossible to fully protect against.
>prevent your browser from requesting the advertisers' JavaScript code. Your browser not only won't show the ads, it won't run the code that was supposed to show them or even send a request to the advertisers' servers.
Incidentally, just blocking JavaScript with NoScript kills quite a lot of ads (obviously, not first-party ones if you've white-listed their JavaScript for site functionality; but I try to avoid that when there isn't real demonstrated value) without any need for an explicit ad blocker.
NoScript is indeed very effective at blocking tracking, but it also breaks a lot of websites.
If that is an acceptable compromise, you could also try ditching the Internet altogether, as that not only blocks all online tracking, it also blocks a lot of fraud, misinformation and all kinds of harmful content.
Except for non-negotiables (eg: bill paying, government websites, etc.) a website that fully breaks when blocking js is just a worthless site which is not worth my time.
Anubis (https://anubis.techaro.lol) requires Javascript and is required to view some otherwise static websites now because AI scrapers are ruining the internet for small websites.
That’s always my problem with NoScript being suggested. For some people who consume stuff off RSS feeds or static sites and Wikipedia that probably works. But for literally anything more than that you can’t do that.
> NoScript is indeed very effective at blocking tracking, but it also breaks a lot of websites.
Sure, images may no be present without JS lazy-loading them. Accidentaly, NoScript also fixes a lot of websites. Publishers are often paywalling posts via JS and initial HTML is served with full articles.
> A full-featured ad blocker (uBlock Origin original, not the neutered Lite version that runs on Chrome now) will intercept requests at the network level and prevent your browser from requesting the advertisers' JavaScript code.
You're trying to imply that ublock lite doesn't do that. It does, including javascript files. The full uBlock does more things to prevent tracking that lite cannot do. But "intercept requests at the network level" isn't one of those things.
1st-party would likely be prevented by disabling cookies? Obviously they could fingerprint every visitor on every request, but most just set an ID cookie and check it on subsequent pages I think, since that's good enough for tracking most people (who aren't actively trying not to be tracked). Of course, that breaks things that need a session (like a cart), but depending on what you want from a site, it could be fine.
Those things help, yes. I say that it's impossible to fully block first party tracking because you must interact with the server in order to accomplish anything and those interactions can be tracked. But a third party can be cut entirely out of the loop.
I think there was a Defcon where they showed that some ad networks let the advertiser themselves provide the image/video. By targeting only people who first visited a given website, they know who you are. And by adding selectors on the ad, they extract your characteristics, including location.
It looks very stretched, but the real magic happens when this data is sold in bulk. It allows recouping who is where. Your target person may or may not be in each dataset, their location isn’t known like clockwork, but that allows determining where they work, where they sleep and who they’re with. One ad is useless as a datapoint, but recouping shows reliable patterns. And remember most people on iPhone still don’t have an adblocker.
they don't load up the ads at all so they can't know your information in the first place at least from the ads themselves. if the website is sharing information directly there's nothing you can do outside of some kind of vpn and never logging on to any services.
That may not be viable for many non-technical users, which is their audience. On HN, it would be an error to omit ad blockers; the Washington Post has a different audience. I expect that most would find installing and learning a new browser to be too much effort and too hard to understand.
I would bet money that the techie they asked to put the list together included "use an adblocker." And then the higher-up who approves articles like this said "shit! wait... no, no, no, delete that one!!" These corporations are deeply deceptive.
MSN used to be this special variation of Internet Explorer on Windows during the early era of the internet. My grandmother used it and the rebranded browser was packaged with other software products (if I recall correctly, I could be conflating it with preinstalled trash back in the day). It had a different color theme and allowed you to log into your hotmail account. I think at one point it became an IE addon.
I remember it revolved around giving you the news and maybe even loading hotmail with a special ui button. I have a foggy memory of it, but this MSN forum thread confirms the MSN Explorer existed[0].
You could even build a personal home page of sorts with the weather.
Any ways it had a following of people who got their news and it still exists in some form today. I know the website msn.com always catered to news stories, but I don’t know if they were always reposted if they once had writers. I think it’s always been some sort of data harvesting/media credibility facade news-focused branch of Microsoft.
Well the truth is Microsoft branding is totally incoherent, and MSN has been anything and everything MS thought they could put their name on. Like there is a cable network called MSNBC which now has nothing to do with either MS or NBC.
Originally, like Bill Gates wrote about it in a book completely ignoring web browsers, MSN was a proprietary Windows client like AOL. Later on it became a 'web portal' like Yahoo. Then a 'content' site. At one point, it was even a social media site. Somehow, when my parents got cable internet, they were funneled into a @MSN.com account. It had this fake "dialer" which pretended it was "connecting", even though the internet was always on.
For many years since, MSN has just been the tabloid news to remind you that Microsoft shit is low class.
What about the other app ? Now that this trick is known, either it’s completely fixed, including in system webview, or all the other usual spyware ,that the play store is full of, are going to use it to track their user.
Google still hasn’t fixed the issue of app being able to list all other installed app on your phone without requiring permission despite having been reported months ago. They didn’t even provide an answer.
I believe Google isn’t interested in Android user privacy in any way, even when it’s to their own benefit.
At this point either use iPhone, grapheneos or no phone at all.
> Google still hasn’t fixed the issue of app being able to list all other installed app on your phone without requiring permission despite having been reported months ago. They didn’t even provide an answer.
Since the first release of Android it has been possible to query for installed applications on the device, and since Android 11 those results have started to be filtered[0] (with some exceptions[1]).
They make something people want. Most people I know thah use it, including me, just don't really see that big a downside to using it.
I'm not even slightly considering removing any Meta app, and let's face it, Firefox is over as a project because their priorities are all out of wack.
So Chrome and meta apps all the way for me, but I'm sure to listen to the Amazon Washington Post as to how I should treat Amazon competitors in the future.
This is such a foreign perspective to me that I legitimately cannot even conceptualize it.
I've used Facebook products. Even just barring the privacy concerns, there's been one constant - the products are bad. They're not good. They actively make my life worse. They're not fun, they're not enjoyable, they're not performant, they're not... anything.
Even if I was a complete 100% sellout and I didn't give a single fuck about privacy, I wouldn't use Facebook products. Because they're just that bad.
Also Firefox is "over" as a project? Legitimately, what the fuck are you talking about? Firefox works fine and has been working fine for as long as I've used it. The browser works, and for all intents and purposes, I can't tell the difference from Chrome. Really, I can't. Are there differences? Probably. I've never encountered any, so for my money Firefox is fine.
Yeah actually maybe a year ago I got rid of Insta, too. It was the most tame one but it just got so annoying over the years. Why am I being shown reels over and over again? I just want to see my friend's wedding!
For most people in the west, using yandex and chinese alternatives would be better than local ones, because neither china nor russia has any auhority over you, while your local agencies do.
Yes. Especially on Android, FF with uBlock Origin is the superpower.
For this particular issue: Three dots > Extensions > uBlock Origin > Open dashboard > Filter list > Privacy, enable "Block Outsider Intrusion into LAN".
If any software engineers out there are working on things like this I can only pray they STOP and think about why what they are doing. Implementing features by having to jump through hoops, just so that their employer can better spy on people and make more money.
That is so wrong, on so many levels ... I personally couldn't do it.
I hate this even more than NSO Group's Pegasys, which could easily get people killed. I'm ok with my reasoning, and I really hate that one as well.
Here, with Meta and Yandex, you see what you always see.
As soon as people catch on, they immediately remove it. But they will keep using it until that day comes.
For money, while trying to hide it from the users they are spying on.
It's greedy and evil and whoever in these companies think up these ideas should be let go. Immediately, in a perfect world.
Instead they'll just try another approach.
While everyone else has to clean up this latest one.
"Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse."
Zen Browser (FF) on Win and Firefox on iOS (for sync) works well for me. Edge for all M365 related stuff. Still use Chrome for web dev. Not sure what to move on in that regard...
I'm a relatively new web dev and I've been quite happy with Firefox's Web Dev tools. What does Chrome's dev tools give someone that Firefox's doesn't? I can edit css on the fly, see where a css rule is being overwritten, debug javascript, etc.
I use FF but Chrome's dev tools have a lot more going for it including memory profiling and performance tools. On the other hand, Chrome's network panel is awful and it's a chore to see the domains and full URLs involved.
What I wonder is (from someone who has been in a room like that, not speculation), how do these decisions go down?
My other favorite example is un-disabling telemetry, resetting default browser, etc. Some PM or VP is in a meeting saying we are going to do this shady user hostile thing and everyone just nods? What is the amount and type of euphemisation?
I'd love to be a fly on the wall in one of these..
You can create a work profile on Android and install Whatsapp in it, this way it won't have access to your main environment and contacts. For the f-droid loving crowd, try the Shelter app to set up the separate area.
The question may need a little more context - it's easy to avoid by simply uninstalling it. If you're actually asking how to minimize its presence, consider using an app like Island which isolates the apps into a separate profile which can't see anything in your main profile.
Remove lock-ins that forces people to use a specific chat app. Move private communication away from "platforms" to interoperable protocols. That is the only way for us to regain control over our own private communications.
I believe it is good form to keep work and personal machines completely separate, including phones. If you ever have to hand over your devices for discovery in a law suit I think you will come to the same conclusion.
I very much agree. Retired now but I used to have a separate phone for each major client for HIPAA compliance but it's good advice everywhere (and $50 year-old android phones and $15/month Tracfone accounts aren't just for criminals!)
If we truly lived in a democracy which 'obeyed' the overwhelming will of the people, there would be laws with 'horrific' penalties for any effort to track devices or people online.
I've noticed that recent Chrome version does not allow me to download the pdf I'm viewing. I had to open it in Firefox. The Chrome browser only allowed me to save it to drive (cloud)
You can absolutely download PDFs on the all Chrome versions including the most recent. You need to do is set chrome to download them instead of open them.
I am a developer but have to deal with questions on this regularly from people's at my company due to the IT department being small.
I mean once you get into a pdf. Sometimes web page opens it instead of allowing download. The built-in pdf browser of chrome has no option to save it locally on android phone. I have not been not precise in explaining, because I find Google and Android constantly reducing my ownership of my own phone and that's another brick in the wall here
I have the opposite problem: I want to simply render the pdfs so I can, you know, read them. not download them like they are data to be fed into another app.
""
Millions of websites contain a string of computer code from Meta that compiles your web activity. It might capture the income you report to the government, your application for a student loan and your online shopping.
""
If I read that correctly then they are capturing all https web content you
access in clear text and uploads it all to Meta? Then Meta
I thought the exploit was used to track where you visited,
not the full data of each webpage.
It does sound fantastical. A piece of code that can violate the same origin policy would be a huge vulnerability. Meta could be working with other sites to share data on users via code running on both sites, but snooping on tax data without the IRS helping? Unlikely.
I can only assume they're suggesting that companies like Intuit and H&R Block are sharing this data with Meta, but that seems like a huge violation of privacy and with tax data it might even be illegal.
Basically, they created a channel between the browser and a localhost webserver running in their native apps, by abusing the ability to set arbitrary metadata on WebRTC connections. That way, they were able to exfiltrate tracking cookies out of the browser's sandbox to the native app, where they could be associated with your logged-in user identity.
You are implying Meta and others were able to just siphon data from any website via WebRTC using their native apps, but this was not the case. They were only able to track which websites you visited if that website already embedded the company tracking. Many websites do, but not all.
> Know, too, that even if you don't have Meta apps on your phone, and even if you don't use Facebook or Instagram at all, Meta might still harvest information on your activity across the web.
A bit wishy washy. They are still tracking you, just not as effectively as before.
Maybe even a "start using Internet Explorer again" movement ;-)
For all the hate it got, IE was nowhere near as privacy-invasive as any of the "modern" browsers now, even Firefox. If you configured it to open with a blank page, it would quietly do so and make zero unsolicited network requests.
The future of Google as Chrome’s owner is genuinely in question now due to Google’s antitrust losses, in case you weren’t aware.
There’s a few different cases, one recent one Google has lost and is now in the “remedy” phase. Meaning the court has officially decided Google did bad, and is now considering what to make Google do about it. And splitting up Google into separate Chrome, search, etc companies is completely on the table.
No, that was Firefox. Chrome's spread was fueled by literal malware or spyware bundling it to get some of Google's sweet money and some of the most aggressive advertisement campaigns for any online product ever.
Was it Firefox? I remember Firefox existing at the time but I don't think it's ever really had dominant market share, perhaps when it was Netscape? I do remember the IE campaign went on quite a long time to where eventually Chrome showed up to the party and people shifted over as well as shifted their family and friends over. You don't see that kind of active effort for Firefox ever.
Yes, FF was revelatory (features and performance) and, relatively, very popular for a time. 31% was a massive share considering it was up against a browser that was the default for the vast majority of people using computers.
Mozilla have had so many chances to position themselves as the privacy-preserving alternative in current years but just can't get out of its own way in any sense (e.g. corporate greed or being hostile towards users). There's still dim hope for FF and some of its forks, like Librewolf, but hopefully forward thinking projects like Servo and Ladybird can fill the void.
It's sort of interesting that Brave was not affected by this because they already blocked the technique used by the Yandex app. I wonder if Brave devs were aware of that specific abuse, or if they just thought that localhost traffic was distasteful categorically.
Never used Chrome, and don't use Meta apps... and when I did, I did not give them any real information.
I'm disgusted by the number of people giving real personal information to these assholes. "Open"AI insisted that you give them a real, functioning phone number to use ChatGPT. No goddamned way.
That's irrelevant to how private something is. Closed-source is a reason to be suspicious of privacy claims, especially without third-party privacy audits, I'll grant.
WaPo’s reputation so tarnished they have other outlets reporting for them? I don’t understand why a slashdot article has WaPo in the headline. Are they some authority on privacy?
That's one opinion from one columnist. Also, the full phase was "dirty war," by which they seem to mean one dominated by covert operations by intelligence services rather than conventional forces, on both sides.
Full time Firefox user. I run hundreds of tabs for days on end and need to restart it every week or so. Well worth it to not use Chrome. Need to open a site in Chrome about once a month
Firefox? Weird question. I haven't even installed Chrome in the past 7 years. Firefox is fast (but I obviously don't know if Chrome is faster) and it never crashes.
Chrome does feel faster to me; I remember someone here saying that was because of some kind of procedural loading shenanigans or something.
But the main hook for me is how websites look. I do a lot of reading on the browser, and fonts on Chrome always look better than on Firefox. I would switch to Firefox in a heartbeat if only things started looking the same on it.
I often hear that claim, but for me it was always the opposite. Firefox being fast while Chrome being a slow monster and memory hog. Also when I was using an RPi2b full-time, Firefox was working even though sometimes annoying, while Chrome was a no-go and would led to the OS being unusable.
I mean those aren't real controversies though, it's more like "we added a VPN feature and included the VPN, but have now removed it". A real controversy would be like Mozilla who was pushing for censorship and silencing "bad actors" in the years after the first Trump election.
"This includes bringing new users to Binance & other exchanges via opt-in trading widgets/other UX that preserves privacy prior to opt-in. It includes search revenue deals, as all major browsers do."
Seems pretty relevant to the current topic and not part of the VPN controversy.
Zen Browser works well for me. It's a Firefox fork but privacy-focused whereas Mozilla recently became an ad company and published hostile TOS changes. No issues I had when I was evaluating LibreWolf.
JavaScript Chrome developers did a good job of convincing people that Safari is the new IE.
I love Safari on macOS. I love the pinch/zoom with the tabs. I love that private browsing mode, at least seems to, keep things contained to the tab they started with. e.g. if I open facebook in a private tab then open new tab and go to facebook, it’s going to make me login.
Chrome’s developers didn’t have to say anything. Anyone who’s been trying to build on the latest web features (for me, particularly WebGL, WebRTC, WebGPU and IndexedDB) over the past decade has been bitten by Safari over and over again. They usually come around after being raked over the coals by the web dev community, but they’re still usually years behind.
When “Safari is the new IE” was first published, they absolutely were. They’ve gotten a bit better since then, but all the same it was hilarious to see people who used to rail against IE for flaunting web standards (cough John Gruber cough) suddenly start saying that web standards were a bogus racket once Apple decided to stop keeping up with them.
Safari is far from perfect, but I’m glad they don’t implement everything Chrome does. Many of the complaints come down to “Safari doesn’t even support RunBitcoinMinerInBackground.js. It sucks!”
And on the plus side, it’s vastly better at power efficiency, meaning I can use my laptop longer without being plugged in.
sure if you want to live a life stuck in the App Store and Play Store walled gardens... having a decent web browser is the way towards a truly open web
Safari is the new IE not because they refuse to implement questionable new web “standards”, but because
- It has all sorts of random quirks in their supposedly supported features;
- Mobile Safari has even more quirks;
- No other major browser introduces random serious bugs like Safari does (remember the IndexedDB one?);
- Version updates are tied to OS updates meaning it’s the only major browsers that’s not evergreen, and coupled with the previous points you have to carry workarounds for bugs forever, and of course can’t use new features;
- Extensions are 10x harder to develop and more than 10x more expensive to publish since they’re tied to Xcode, Apple Developer Program and MAS, because fuck you;
- Like another commenter said, it’s the only browser that crashes on me (random “this page has experienced a problem and reloaded” or something like that);
- PWA is another kind of hell in Safari but opinions are divided so whatever. At the very least it’s not conducive to an open web.
It’s a piece of hot garbage, like a lot of other Apple software these days. Sure, maybe it’s battery efficient or something. I don’t give a shit because I work plugged in.
Oh and developer tools in Safari are crap but who cares.
Developers don't convince anyone of anything! They just build stuff according to standards (which are inevitably set not by standards orgs, but by the most popular browsers), and then they expect all browsers to follow those standards and "just work".
When a browser like Safari fails to adhere to those standards, sites will break ... but you can't expect developers (of most sites; I'm not talking about the top 100 or anything) to test in every possible browser ... and then change their code to accommodate them. Certainly not in ones with single-digit percentages of market share, that require their own OS to test (like Safari).
If Apple wanted more web devs to support Safari they should port it to Linux and Windows. The web is supposed to be an open standard, you shouldn't need a devices and software from a specific manufacturer to develop for it (I say that posting from a Mac).
But there isn't anymore, so there's no way for a web developer to ensure Safari compatibility (unless you expect every dev shop in the world to buy a Mac just for that purpose).
I continually try, but Safari is the only browser where I routinely experience crashes once or twice a month. There are also some random incompatibilities with certain websites (related to the CORS issue as mentioned in another comment) that force me back into another browser anyway.
I tend to use Safari on my mac, but I will say that it evaluates CORS slightly differently than other browsers so that sometimes I have to disable CORS protection to get a site to work that works fine in Chrome or Firefox, and it's the only browser I've used where I expect to have it crash hard with a SEGFAULT or something every once in a while.
I use Chrome for Google workspace, Firefox for ongoing personal logins, and Brave incognito for other browsing (restarting completely for a new session when changing gears).
Last week's discussion on a profile management tool offered several insights into how others a bit further down this path use their browsers of choice: https://news.ycombinator.com/item?id=44132752
Is it easier to build a browser for MacOS? Arc was Mac only for the longest time, until they released a crippled Windows version. DuckDuckGo browser started Mac only.
I'm pretty worried about the security of Brave and stopped using it. I'd like to be wrong. But years old patches missing in Chromium not ported over until recently makes me nervous (referring to a recently addressed long time websocket bug in Brave). What else is missing? It just seems to risky to use for me.
Web browsers should become outmoded soon. It was fine for bootstrapping the web, but now to keep up a browser must emulate the operating system and more in a single app. This pressure is the centralizing factor in browser dominance. Ditch the features, drop the spy protocol (http), just get the files.
Turn what off? HTTP is how you receive the web page in the first place. It is not, in itself, causing data to be sent from your computer to others. That happens either because of a script on the page or because you request a web page (i.e. the browser sends headers).
I can't speak for the user who you are responding to, but an AI maxi might believe that an AI powered interface will take over all information retrieval.
It's CREEPY to imagine the Internet is under a mandate to protect your privacy.
Don't be CREEPY.
The EU cookie fiasco is just that. All of a sudden, your every day experience was derailed extremely in a way that 'broke' HTML standards and sites at first in hundreds of ways. All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning. Ironically, they will remember your cookie settings if you 'sign up'. Meanwhile nothing became more secure or private. It was just a way for the EU to virtue signal out loud and be annoying. It throws the user into sitespace to navigate the site's own cookie settings. It's theater.
Meanwhile, advanced fingerprinting is, well uhm, advanced. If the EU cared about cookie privacy a better course of action would have been to see whether browsers were locked down with best anti-fingerprinting possible and local cookie dialogues... and certify the ones that were. Educate users, harass them one time.
> All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning.
How is this true? You don't need a cookie warning if you're not tracking or doing other nastiness. A cookie banner is not required for functions like user sessions or keeping track of a shopping art.
> All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning.
If the site never tracked the user, they wouldn't need to show the cookie banner in the first place.
The 'fiasco' is for your benefit. If you don't like the banners, get a blocker or don't visit sites that track you.
It's a pissy thing to add, but do you also get upset with places that have "This area is under video surveillance for your [cough] security"?
I don’t know anyone that works at Meta, so I’m hoping that someone here could answer this for me-
What makes employees there feel good (or at least okay) about doing stuff like this? You're spying on people, no? Surveilling ordinary people, not enemy combatants or foreign militaries? Perhaps a friend of a friend or even a family member? This kind of thing is so creepy and disturbing to me, not that it’s anything new…
The sad reality is that this behavior gets normalized in the name of making money.
For employees it gets normalized at the first signal that your livelihood might be affected if you don't comply.
As someone who's privacy conscious, it's an uphill battle to convince co-workers to actually follow laws instead of trying to find loopholes.
I've worked at places who collect every possible data point and distributes it willy nilly in Excel spreadsheets posted in Slack. I raised it to a CISO and the response was "all that information is available for everyone anyway via the interface". I know a German company requires you to "accept" data collection and processing in order to settle a debt. I reported this to their legal department which I personally knew a person and they said they'd "look into it ASAP" two years ago.
In the end people just roll along with it. I know this is unpopular, but the only forward I see way to prevent this from happening seems to be using courts and tightened legislation.
Instead of reporting it to their legal department, report it to an EU data privacy regulator.
(I know this wasn't your main point.)
You are 200% correct.
It's not a complete answer but I've seen talking about the costs help. That's what's making them overlook things anyways.
What they see is dollars now but not dollars later. Often these data issues can rise to the level that it could destroy the entire business. You might be called a party pooper, but truth is people like this want to keep the party going. It's hard to understand that sometimes keeping the party going means saying no. But it's just the same dealing with drunk people, say no by saying yes to something else. Like presenting another solution. Though that's way easier said than done...
Just remember, everyone is on the same team. People don't say "no" because they don't want to make more money. A good engineer says "no" a lot because your job is to find solutions. It usually sounds like "I don't think that'll work but we might be about to...". If you stop listening without hearing the "but" you can't solve problems, you can only ignore them. Which *that* is not being a team player.
We're always rushing and the truth is that doing good is much harder than doing bad or "evil". I put it in quotes because it's very easy to do things that are obviously evil post hoc but was done by someone trying hard to do good. So I find this language to be a problem because it is easy to dismiss with "I'm not a bad person" and "I'm trying to do good". Truth is that's not enough. Truth is mistakes happen. We work with asymmetric information. It only becomes your fault when you recognize and don't take steps to fix it (or active ignorance).
Sometimes things take nuance. Sometimes it takes more than a few sentences to convey. But who reads longer anyways?
> I know a German company requires you to "accept" data collection and processing in order to settle a debt.
Pretty sure this is illegal, and probably a liability e.g. if it came up in court.
Yes. It was judged illegal a few years ago in several countries, and German courts recently ratified the decision.
I'm pretty sure if the debt itself ever goes to court, the debtor can argue that they can't even enter the website. On the other hand this company is a bit of a shitshow so good luck having the website work haha.
> behavior gets normalized in the name of making money
If Pavlov's dog gets a big fat steak everytime it bites someone ...
[flagged]
> I can only hope enough people wake up and grow a spine
If that's all you can do, then I might as well go apply at Meta right now.
[flagged]
I don't care. I won't starve, live in my car or go hat-in-hand to my relatives to cover for rent. I did that for years while attending primary education and I will happily ruin whatever little middle-class pastiche you're so desperate to protect if it puts a roof over my head. I personally know dozens of people who would quit their job to subsume that compensation. The fact that it's all legal? I won't even remember who cares by the time my head hits the pillow. It's a problem for someone else.
You hate ads? Surveillance drives you nuts? This is the consequence of a dysfunctional government. You can protest the businesses all you want, it's their job to be apathetic. Make a big show of it, take off your flair and tell your AWS or Apple manager exactly how much all it sucks. They'll nod, write it all down on a legal pad, put it in a folder and refer to it when your next employer calls asking for cross-references. It would all make for a very touching scene of career suicide, and then your replacement can have a technical interview scheduled in by the end of the week. That is the sum of damages you can enjoy as the fruit of your protesting this company.
It's funny how much Americans care about their legacy while doing nothing worth remembering. A Microsoft employee who donates their disproportionate wage to an animal shelter is doing more to benefit the world than some shmuck who got mad at capitalism for the fly in his soup. John Carmack worked for Meta, and still has more of a legacy than every "hacker" on this site combined. If your identity is so shallow that it's defined by nothing other than the person who pays you, you have more serious issues than finding an ethical employer.
“It is difficult to get a man to understand something, when his salary depends upon his not understanding it!”
If understanding that it’s wrong to invade people’s privacy is incompatible with keeping your job, you probably won’t understand it.
[flagged]
The fact that most people don't care about the second order implications of their work on a daily basis makes your point irrelevant.
Meta or not, people don't like being fired or being threatened to. Period. They like the comfy job.
But don't ask me why. I'm a troublemaker. I bring up this stuff, I talk to CEOs, I refuse to do stuff that breaks the GDPR or other laws, I got people to scream at me for being stubborn. Other people aren't like that.
I agree with you. To clarify my comment a bit. I’m confused why a software engineer of Meta caliber would even APPLY at meta to begin with.
I suppose $400k comp instead of $350k (making up numbers here) is worth selling your soul for these days? These are people with options, that’s ill i’m saying.
i’ll never understand…
> um, what?
This is obnoxious.
It's conversational, emotive, and expressive. I'm sure you hear it all the time out in the real world.
If someone talked to me this way in the real world it would be the last time I would ever interact with them. It’s a Redditism used to express incredulity that the parent commenter could be so stupid as to have posted what they posted. It adds nothing to the conversation and doesn’t belong here.
You're reading a lot into two words there. And someone probably has said "um, what?" to you in the real world; but you wouldn't notice because it is a common pattern of speech.
The internet will be a remarkably combative place if that is the standard you set for when someone calls you stupid - it'd be a lot better to only read that into a statement if it actually gets explicitly said.
The passive-aggressive equivalent of "your opinion is dumb".
No, it's not, it's among the same vein as "huh?" - it's a thinly-veiled attempt to paint opposing view points as so stupid that you literally cannot comprehend them.
But you can comprehend them, we all can. So it's just abrasive and annoying. You can express a conversational tone without being an asshole. You don't need to act like your conversational opponents are super far out there or crazy or whatever.
it’s how i talk in real life when I'm completely confused by someone’s comment. The tone matters a lot - which is hard to express in a text medium. Emojis can help with this a bit but no emojis on hacker news. :)
Apologies if it came across as obnoxious.
Generally employees put the responsibility on management. As everyone has a higher up they answer to, no one feels personally responsible. From the top down, the concerns of how things are actually implemented are often too abstract. Combine these dynamics with institutional echochambers and group-think.
Employees just want to make it to the weekend. Execs want to hit their targets. Sales dept. needs their bonuses. The board wants to pump valuations.
Yes. Was my same first thought. Same thing that happened in Germany: "The banality of evil" how Hannah Arendt described Adolf Eichmann's excuse that he didn't bare any responsibility since he was just doing his job...
Not Meta but I once got yelled at not by a real manager, but by a PM because I said I wouldn't let the team do something shady without legal signing off. I'm in Europe so it was GDPR related.
The PM tried shopping the task to other teams, but nobody took the bait after I raised it publicly, and both legal and the external law firm sided with me after about three months of delay.
In the meantime I raised the topic of yelling with HR but every step of the way the company made me feel like I was the one in the wrong for not complying.
I believe if I were meeker I would probably have complied right there.
Eh, software engineers throughout the ZIRP had the choice of working at plenty of companies. People chose to work at Facebook for the money disregarding all other concerns. That's it.
Money, it's just business. I think every big corp is morally bankrupt (otherwise they wouldn't be big). There are some exceptions, of course, if a company found a sustainable way to monetize their output.
But the baseline is really bad.
This is basically it. There are a dozen ways to become huge, and they all are essnetially anti-humanity.
There's an expression: normalization of deviance.
This is where we are now. People idolize others because of their wealth, and that wealth is always gained by means which are ultimately harmful to the greater population. Even the wealthy philanthropistMS which will remain unnamed acquired their greatness by cheating and stealing. But as long as you make a great show and give it all away eventually (while living lavishly the entire time), you look good.
As a 90s teen growing up with Grunge and in a DYI punk scene, I remember my youth being a lot about authenticity, and it felt weird reading about how the 80s were all about money and fame and how selling out was ok.
To me that sounded absolutely absurd and a freaking caricature, something out of "American Psycho".
Today I was just discussing with a friend how we're perhaps even more materialistic and cut-throat...
A fear of mine is that we are speedrunning Cyberpunk 2077. And that’s not something to expire to. It’s a bleak no-hope hell.
Hope is about finding and using that moral compass. To change worse outcomes to better outcomes for everyone. The “I’ll take mine” or “My group needs to win” attitude is poison to yourself and to the world, and if you don’t see that your conscience is blind or broken.
This is nothing new, in numerous books on moral philosophy and people who have been in these situations have spoken out on it.
As an old-school leftist that feels politically orphaned, I feel like there's a huge group that is hating all the current bullshit. Even terminally online people.
I don't see a way out, though. I just hope we can leave a planet for the animals.
EDIT: On the other hand: the internet is already a dystopia if you look closely. Maybe it will prove to be a fad and people will go back to their lives. One can hope!
> And that’s not something to expire to.
Corporations disagree, as long as your death will be profitable.
Musicians used to not let their songs be used in commercials.
For music I blame poptimism.
An entire generation of critics tried to appeal to a new market and money suddenly became synonymous with quality.
Naturally artists stopped caring about authenticity, sharing their beliefs. And also about the critics.
Just as music was replaced by reality shows in MTV, music journalism was entirely replaced by gossip and tabloids.
https://en.wikipedia.org/wiki/Rockism_and_poptimism
They also used to have income from selling records.
> There are a dozen ways to become huge, and they all are essnetially anti-humanity.
Offering customers lower prices is a way to gain more customers. Software allows for automation and efficiencies of scale. The end result will be a few big organizations that win, without cheating or stealing. (Although, there most likely is cheating or stealing due to other factors).
But I would not classify the success of most larger modern businesses solely due to cheating or stealing. It was simply being at the right place at the right time and executing correctly to take advantage of developing technologies to take advantage of economies of scale.
In this specific case, I know my family and friends benefit greatly from the “free” instant communication and file transfer capabilities that Meta offers (WhatsApp). There obviously might be costs, but international communications have been made far, far cheaper and higher quality due to WhatsApp.
The problem is that there aren't ethical ways to build a sustainable business, it's that unethical businesses have all those options and then also all the unethical ones so they will always come out ahead.
Its way less bad than some investors ie on Wall street or arms/military business, by huge margin. Folks scamming old people out of money or encrypting their HDDs for ransom should be shot in sight. But - this topic affects billions very directly, and its not about the effect now, but helping general direction which is outright evil by any moral standards.
I can pull out usual godwin's law plug but I guess we all know what would be there. People like to feel great about themselves, its subconscious. And if slightly tilting reality in their favor can achieve that then what's the problem, right. Again, this is not a conscious decision so most don't even notice that, and who would complain about feeling better about themselves.
Old enough, when you want to see such things like these biases in people around you, its very easy once you start looking for them. I guess we really are all heroes of our own stories (but what I mention is far from uniformly distributed, some folks are really stellar human beings and some opposite)
I would say some scammers targetting single persons/companies are doing less harm then the once building the next Hollerith machines (like Meta).
The arms business seems more honest really, and arguably hurts society less, especially in peace time.
Buy they very actively push and lobby to end those peaceful times, ie second Iraq invasion for completely made up reasons, or stay in Afghanistan way beyond anything reasonable, when it was clear there is no winning possible.
Big companies are paperclip maximizers, for money instead of paperclips. It’s strange how many people can see the danger of a hypothetical nonhuman intelligence with a goal of making as many paperclips as possible, but not the danger of actual nonhuman intelligences with the goal of making as much money as possible.
In theory optimizing for money long term should align everyone's interests. The problem is that (for a number of reasons) public executives have far more incentive to be short sighted.
No, it doesn't. You're assuming that markets have a computational efficiency and smoothness that simply isn't there. P != NP.
Markets are a heuristic based around mediating between the interests of different parties precisely because the overall problem is computationally hard. If markets achieved the kind of optimality you're thinking, then top-down central planning would also be workable.
Even if markets were perfect, they’re not involved when a company decides to dump toxins into the air or water to save a buck.
Sure, but the usual counterargument is that the air and water need to be made legible to the market (through private ownership or the correct externality taxes), and then everything will be perfect. While in reality that's demanding a level of computation from markets that they simply do not possess.
How’s that? I can see that being the case in a world where all interactions are voluntary, but that’s not reality.
History suggests there is no shortage of people who will throw all semblance of morality away as long as they are surrounded by people who they believe have done the same. I almost think the people who are not willing to cave in this way are the rare ones.
I've heard people justify working there (often to themselves) by saying things like, "If I don't do it, someone else will. So, I may as well do it and make virtuous use of the money."
I think some people also tell themselves that they'll be agents of change and fix things from within but that almost always winds up being another self delusion at worst and impossibility at best. There was a certain amount of this on display in Careless People.
No snowflake feels responsible for the avalanche
- "I didn't write it, I just had the idea"
- "I didn't implement it, I just made the prototype"
- "It wasn't my product, I just fixed some bugs with it"
- "I can't track everything in these implementation updates, I just work with what I am given"
- "I didn't collect the data, I just deal with what is in the dataset"
The snowflakes don't run the company. If you work somewhere that is designing a really big gun and the CEO uses it to commit an awful crime, you don't share the blame for one person's irresponsibility. It's not a satisfying answer, but it really is up to executives to decide where they draw the line. Nobody else in the business can say 'no'.
Likewise, when we blame IBM for supplying the Nazis during WWII, we're not decrying the enthusiastic early database workers. They aren't the problem; executives without morals are.
> we're not decrying the enthusiastic early database workers.
Well, you're not. However:
from: https://en.wikipedia.org/wiki/IBM_and_the_Holocaustsuggest that a good number of these "early database workers" were working directly with Hollerith codes on human flesh and tasked with the identification of Jews, Roma, and other ethnic groups deemed undesirable by the regime, along with military logistics, ghetto statistics, train traffic management, and concentration camp capacity.
You might argue they are no more responsible for concentration camps than concentration camp guards, but these are the people punching holes in cards and filtering them with knitting needles while looking out the window at piles of shoes and gold teeth to tabulate.
With different executives, that might not have happened. With different tabulators I don't think anything would have changed. You're not really disproving my point by emphasizing that the end operators of these machines were typically Nazis.
with different tabulators, it wouldnt have happened, because they would have refused, and protested to make sure no scabs went in to do that work.
workers, especially professionals, have a duty to not do that bad work, and to make sure that that bad work doesnt happen
There are many industries which are inherently hostile to users, insurance, betting, marketing, etc. If you ask people if they feel good about enabling the kind of things these companies tend to do, you probably won't get an answer. I don't think Meta is an outlier here nor are they the only one. Even across other industries you will find many questionable practices in usual operations. If pushing the boundaries of ethics gives a business an advantage, you can guarantee that someone will be doing it, and eventually most will be doing it. It's simply the natural tendency of any system with competing entities. The question we should rather be asking is, how do we tweak the system. What can be done to disincentivize pushing the boundary like this?
The question is how did a social media company end up so shitty it is now compared/it's behavior equated to insurance companies? Insurance companies are required to control payout, and people expect that. The level of stuff Meta does is not required, nor do people think/realize it is as hostile to them as an insurance company.
In the past, people aspired to work at cool tech companies. Devs aren't lining up to work at insurance companies. I never worked in the industry I went to school for because the only jobs when I got out of school were for weapons. At this point I feel the same way about social media, I would never work at such a 'make the world as bad as you can get away with' industry.
> What makes employees there feel good (or at least okay) about doing stuff like this?
A big house, a fast car, more money.
Where else in SV are you going to go anyway? Every company does the same thing.
Finding a company less bad for the world than Meta isn't very hard. They pay really well to compensate, so people will rationalise working there of course, but "everyone does it" is just a way to dodge responsibility for your own choices
If you value money over other people, it's a great place to work though
Smearing shit on your face every morning is "less bad" than smearing shit all over your whole body every morning.
"Everyone does it" is as much of a cope as "less bad". You are still covered in shit.
That argument could be made against any improvement that isn't an immediate leap to perfection. It's not very useful
> Where else in SV are you going to go anyway? Every company does the same thing.
That's like saying mechanical engineers can only work at Raytheon or Lockheed Martin. Or biotech people can only work at Purdue Pharma.
There are companies in SV who are making products for actual users. Just look outside adtech.
It should be noted that no ethically -trained software engineer would ever consent to write a DestroyBaghdad procedure. Basic professional ethics would instead require him to write a DestroyCity procedure, to which Baghdad could be given as a parameter.
In principle, I think most people believe their morals would prevent them from working at a company like Meta.
On the flip side, how much are morals worth if you have the opportunity to be financially free?
There's also the opportunity to work on interesting problems.
Anecdotally, of course, I know a Meta engineer at the L7 level (generally staff engineer in these large tech companies). He makes over seven figures a year, 75% of that being from stocks. The money is there.
I am not even sure most people could articulate their morals. It's not just about never having heard about things as moral absolutism or consequentialism. Similar to how atrophied people's understanding of sympathy and empathy is as well.
Are the people working on the interesting problems doing most of the spying?
I'm sure there's overlap like people working on AR scraping images of people's homes to build better models but they also do a ton of research where they use open datasets.
I'm curious what this distribution is.
I'm also curious what the answer is for just average programmers. Meta has like 70k employees. Surely a lot of them aren't doing interesting stuff
Nazis too worked on lot of interesting problems.
Sure. There were also a lot of very normal people. There were people trying to take down Nazi from the inside. And there were people that were genocidal maniacs.
It's not like one day all of Germany turned evil then a few years later turned good again. Framing things like that is unhelpful. It makes evil seem cut and dry. Trivial to identify. That's what authoritarians thrive on: oversimplification. Everything is easy, it's not your fault, "it's so simple, you just..."
All that accomplishes is letting evil flourish. Gives it time to grow and set root. You're just being dehumanizing yourself.
Don't help your enemies.
Don't emulate your enemies.
I know it's not so hip here but the answer is money. You go to work for money. It's not to socialize, not for personal growth, and not for charity. If I want those things I have hobbies (including hobby programming.)
Most people would say no if they were offered a full time salary to spy on their friends, steal their data and act in a overtly unethical way every day. But these companies give them an abstraction layer.
There are plenty of things you can do for money that are not (or are significantly less) unethical.
Pretty sure, that if they use a Meta product, they are also deploying the spyware to themselves.
> What makes employees there feel good (or at least okay) about doing stuff like this?
I got this exact thought IMMEDIATLY (yet again) and posted on it here as well, putting my two cents in.
This is totally unacceptable for a software engineer to implement features like this simply because their company told them to, doing what the company tells them to makes them money, so they do it.
No apparent thought into whether they are creating is harmful, or caring about it.
I've given up on any anger directed towards the company itself. They will make money any way they can. Now, the engineers who actually implement it bothers me, because it is clearly not something that should be built.
To me, I don't care how much I'm being paid or how bad it would be to lose my job at that time.
I would resign before working on features like this and deal with the consequences.
Optimization with the objectives we have today, and more generally financialism are all about splitting up end-to-end tasks into pieces and removing redundant common work. This is obviously good...upto a point. It gets bad because morals and a bunch of other stuff also gets split up.
Like someone mentioned below, it's unrealistic to expect people to think about second or third or nth order effects of their job. Heck, those effects are not even visible in 90% of cases.
To answer your question, the engineer at meta is just building a graph database. It takes a `void* node_data` as argument. Another is just building a kafka-clickhouse data pipeline that can transfer so many millions of `void* message`s a minute. The android engineer is just improving the percentage of requests without location data by using wifi ssids as fallback. The CEO just sees "advertising revenue WoW" in his dashboard. And so on. That it is actually being used for spying is many steps away from each of them -- OK, in the case of meta I'm sure the employees know to an extent. But it's still very different from the feeling they would get if they were doing the end-to-end task themselves.
It's the same thing with other questionable products. It's split up sufficiently across the supply chain that no one is actually aware enough of the task end-to-end.
In some cases, the same participant in the supply chain will be a supplier for something really good and necessary..but they will also be a supplier for something despicable. In this case, it is easy for everyone involved to sweep the latter under the rug.
As far as I have thought about it, there is no way to get rid of this larger problem without also losing the (unfathomably massive) benefits.
It is the same process whereby websites deploy Google Analytics. They are getting value by harming their users. They easily rationalize and justify it.
Meta pays a lot. Most people there don’t work on the shady stuff and don’t pay attention to what else is going on.
That’s generally the case for everyone I know who works there.
Many of them are even quite liberal and will join protests for things that Meta has actively and negatively played a part in, so they’re in effect protesting their own workplace indirectly. But will continue to work there because they can compartmentalize this.
I'm nearly certain it's the dopamine response of "solving problems" coupled with the fear of losing a paycheck.
Morality isn't a consideration.
It's hard to feel you're doing something wrong when the people are literally handing you their private data to sift through.
That's the onramp to normalization: "If the users didn't like this, they'd stop us."
> What makes employees there feel good (or at least okay) about doing stuff like this?
Would someone explain in plain language what is wrong with an app listening on a port for messages from the browser? It seems like a helpful asynchronous method to maintain state between browser and app.
Here's a senior ex-Facebook exec detailing how the company would betray users in the US to the CCP to help gain access to the Chinese market:-
https://youtu.be/f3DAnORfgB8
amongst other things...
You start with small moral compromises. That prepares you for big ones.
The same reason people eat meat. The reality of what happens behind the scenes to produce meat or their paycheck is carefully hidden from their sight, and when it's hidden, it's easy to convince ourselves that we aren't some monsters who run concentration camps with cows and pigs in them, but decent humans who have taste for medium rare steaks.
What Meta does to society is more insidious: it gets people addicted to content so it can make them eat a poison for their minds, so-called ads. Surveillance is just method of making the ads more invasive, tailored to each user individually.
Nobody is stopping you from making whatever you want and putting it out there in the world. If you believe strongly in a different order of things, go for it!
You may find the book Careless People a good read. The culture there is...troubling. From the top down.
Some engineers do anything for money. Check out teamblind.com to know the evil side of engineers
Same thing at Google or Apple. Google has everyone’s email and browsing history, Apple has the complete copy of everyone’s iMessage and SMS history (in the non-e2ee iCloud backups, readable by Apple).
Anything these companies know, the FBI and CIA can know, without a warrant thanks to FAA702 (did we all forget about PRISM?).
The state now has leverage over almost every normal citizen, thanks to what these companies have built.
Turnkey tyranny. Built by silicon valley.
Doubtful someone from Meta would admit to anything.
+1 for “money”. how many years until AI makes everyone’s job obsolete? do you really think countries like the US have their citizens’ best interests in mind? i’m guessing Forced Meaningless Labor (like the cartoon prisoners hammering rocks) is more probable than Universal Basic Income.
[dead]
[flagged]
Without the suggestion to install an adblocker, this is not credible advice.
A media outlet which depends on ad revenue as a primary income source is unlikely to suggest this.
Ditching these deeply invasive products remains a good idea, independent on any decision to use ad blockers or not.
The Meta/Yandex incident in particular is straight-up malware and everyone should remove their apps.
Getting privacy advice from an adtech funded outlet sounds like reading democracy advice from the Chinese ruling party or vegetarianism advice from lions to be honest.
It might be correct-and-incomplete but they just have no credibility on the topic.
WaPo is dependent on subscription revenue, not ads. They limit the number of articles non subscribers can read.
They're also owned by one of the richest men in the world...
Maybe, but they they refused to offer an ad-free subscription tier last time I asked. NYT and Chicago Sun Times also refused.
Of course it's dependent on ads, what are you talking about, nothing prevents showing ads to subscribers to the tune of 180 mil/year
https://cbsaustin.com/news/nation-world/washington-post-lost...
WaPo is dependent on subscription revenue, which is more than 2/3rd of their revenue.
Advertising revenue is less than a 1/3rd of their revenue, and dropping fast. Ad revenue from more than 50 million visitors is less than subscription revenue from 2.5 million subscribers.
If WaPo was dependent on ads, they would have taken steps to increase accessibility to articles, but they didn't and haven't. Instead, they're restricting more and more content to subscribers, because ultimately subscribers are the ones that keep the lights on.
In no world is a third of revenue a "small fraction", especially with such big losses, so you won't be able to argue out of this simple fact that it's dependent on ads.
> and dropping fast,
Just like the number of subscribers and subscription revenue?
Many HN commenters work for "adtech funded outlets". Do they have any credibility on the issue of privacy.
Depends on their stance on the issue but individuals don’t necessarily share the views of their employers.
WaPo is by no means worst here. But their omission of Adblock in this article means they can’t be credible.
"But their omission of Adblock in this article means they can't be credible."
But adblockers do not fully solve the problem that the article is focused on. Namely, the use, e.g., by Meta and Yandex, of websockets in closed source mobile apps to listen on a loopback address for requests by mobile browsers, e.g., for tracking pixels.
There are approaches to prevent such tracking that do not necessarily require adblockers running in browsers. If the article mentioned Adblock but omitted other approaches, then does that mean the publisher is not credible.
Ad blockers can and do also block connections that aren't strictly "ads" themselves.
Is it true that, individually, Washington Post "tech" journalists might be credibie but their employers would not be credible.
Individually they might, but I wouldn't take advice from their employers.
You’re not wrong, but there was a time many of olds remember when editorial content and commercial concerns were firewalled. It used to be outrageous, and usually wrong, to suggest an editorial position was contingent upon a business benefit for the media outlet.
I miss those days.
It was always naive to believe that business interests do not influence the content.
You can't firewall a journalist's understanding that their job depends on certain things.
> A media outlet which depends on ad revenue as a primary income source is unlikely to suggest this.
That's a problem for the media outlet to solve. Ad-supported tech "news" can never be trustworthy.
> which depends on ad revenue
They're more tightly bound than that. They're dependent on Google Display Ads. Which really makes their whole diatribe that much more pathetic.
Any media company that decided to traffic the ads themselves, from their own servers, and inline with their own content, would effectively be immune from ad blocking.
> Ditching these deeply invasive products remains a good idea
While still allowing random third party javascript to run unchecked on a parent website.
> While still allowing random third party javascript to run unchecked on a parent website.
Lol, why are you commenting as if somehow allowing it to run negates the other good ideas in some way? Obviously some is better than none, and all is better than some, but each step takes more effort.
lol, because ads pay for the content you're reading. it pays salaries.
what I _don't_ want is to be _tracked_. show me ads all day if you want.
They'd like to show you personalised ads, for more effective manipulation, which implies tracking.
I have bad news for you about how ads work. Also, you didn’t really answer my question, you just dodged it.
I’m not asking what you think makes for a successful ad campaign, I’m asking why you’re letting perfect be the enemy of good
It’s odd that orgs like NYT don’t run their own ad services. I’m sure they have a dedicated department for ad sales for physical copies. They’re large enough that companies would work directly with them. And they would have at least some editorial control on what is displayed on their site.
I've worked for a few companies that had ad placements. I wasn't too deep into that side of things, and it was a long time ago, but as I recall, at reddit there was an in house ad auction platform. If there wasn't any ads sold for the period, we'd either show in house ads (think the old reddit merch store, pics of animals, a pic of one of the reddit staff with a paper tube on his forehead to resemble a narwhal, etc) or ads from a network like AdSense. Once upon a time this actually caused issues because there was malware being served from one of those and networks
The NYT does have a direct-sold ads business and first-party data platform for targeting them: https://open.nytimes.com/to-serve-better-ads-we-built-our-ow...
Targeted ads based on extensive data harvesting are just soo much more juicy though.
That used to be how print newspapers worked.
Hosting the ads on the same server as the content is done in some cases, but doesn’t result in any immunity. If the ads are sufficiently annoying, it only leads to a merry little game with the adblocker annoyance list community, where they figure out new regexen to block the content, deploying daily. Bypass the blocks too effectively, and the adblocker will accidentally start blocking website content. Users will assume the website itself is broken, and visit less.
Self-hosting ads is not really a winning game unless your ads are non-animated, non-modal static text and images.
The advice is fine, just incomplete.
It is better than nothing and definitely for the more "normies" advice. Let's start there and then we can get them onto adblock and other stuff.
Btw, the ArsTechnica article they link offers more advice[0]
[0] https://arstechnica.com/security/2025/06/meta-and-yandex-are...
The FBI recommends using an adblocker: https://news.ycombinator.com/item?id=41483581
They will not bite the hand that feeds them.
But I am glad they are pushing people toward other browsers because that is the biggest step. Once you have taken that step, installing the most popular extensions is trivial.
Guess what the highest rated extensions are?
Does the ad blocker prevent leaks of your information?
I know it blocks a use of your information against you (targeted ads). And any external source is a potential leak (e.g. the kinds of things that CORS is supposed to reduce).
But does an ad blocker specifically leak more, or just reduce the incentive to collect that information?
A full-featured ad blocker (uBlock Origin original, not the neutered Lite version that runs on Chrome now) will intercept requests at the network level and prevent your browser from requesting the advertisers' JavaScript code. Your browser not only won't show the ads, it won't run the code that was supposed to show them or even send a request to the advertisers' servers.
This blocks most existing tracking methods. The only thing you're not protected from is first-party tracking by the site you're actually visiting, which is impossible to fully protect against.
>prevent your browser from requesting the advertisers' JavaScript code. Your browser not only won't show the ads, it won't run the code that was supposed to show them or even send a request to the advertisers' servers.
Incidentally, just blocking JavaScript with NoScript kills quite a lot of ads (obviously, not first-party ones if you've white-listed their JavaScript for site functionality; but I try to avoid that when there isn't real demonstrated value) without any need for an explicit ad blocker.
NoScript is indeed very effective at blocking tracking, but it also breaks a lot of websites.
If that is an acceptable compromise, you could also try ditching the Internet altogether, as that not only blocks all online tracking, it also blocks a lot of fraud, misinformation and all kinds of harmful content.
Except for non-negotiables (eg: bill paying, government websites, etc.) a website that fully breaks when blocking js is just a worthless site which is not worth my time.
Anubis (https://anubis.techaro.lol) requires Javascript and is required to view some otherwise static websites now because AI scrapers are ruining the internet for small websites.
Next release will have a no-JS check: https://anubis.techaro.lol/docs/admin/configuration/challeng...
AI scrapers are a weak excuse for slapping on malware on your website.
That’s always my problem with NoScript being suggested. For some people who consume stuff off RSS feeds or static sites and Wikipedia that probably works. But for literally anything more than that you can’t do that.
It's not about living like a caveman. You can enable 1st party JS without JS from 20 ad/tracking hosts.
> But for literally anything more than that you can’t do that.
You literally (actually literally) can.
> NoScript is indeed very effective at blocking tracking, but it also breaks a lot of websites.
Sure, images may no be present without JS lazy-loading them. Accidentaly, NoScript also fixes a lot of websites. Publishers are often paywalling posts via JS and initial HTML is served with full articles.
> A full-featured ad blocker (uBlock Origin original, not the neutered Lite version that runs on Chrome now) will intercept requests at the network level and prevent your browser from requesting the advertisers' JavaScript code.
You're trying to imply that ublock lite doesn't do that. It does, including javascript files. The full uBlock does more things to prevent tracking that lite cannot do. But "intercept requests at the network level" isn't one of those things.
1st-party would likely be prevented by disabling cookies? Obviously they could fingerprint every visitor on every request, but most just set an ID cookie and check it on subsequent pages I think, since that's good enough for tracking most people (who aren't actively trying not to be tracked). Of course, that breaks things that need a session (like a cart), but depending on what you want from a site, it could be fine.
Those things help, yes. I say that it's impossible to fully block first party tracking because you must interact with the server in order to accomplish anything and those interactions can be tracked. But a third party can be cut entirely out of the loop.
There are ways to maintain a session without a cookie, but cookie is very convenient so that is mostly what is used.
I think there was a Defcon where they showed that some ad networks let the advertiser themselves provide the image/video. By targeting only people who first visited a given website, they know who you are. And by adding selectors on the ad, they extract your characteristics, including location.
It looks very stretched, but the real magic happens when this data is sold in bulk. It allows recouping who is where. Your target person may or may not be in each dataset, their location isn’t known like clockwork, but that allows determining where they work, where they sleep and who they’re with. One ad is useless as a datapoint, but recouping shows reliable patterns. And remember most people on iPhone still don’t have an adblocker.
they don't load up the ads at all so they can't know your information in the first place at least from the ads themselves. if the website is sharing information directly there's nothing you can do outside of some kind of vpn and never logging on to any services.
Yes they block tracking
They suggest Brave browser, which has an adblocker built in and on by default.
That may not be viable for many non-technical users, which is their audience. On HN, it would be an error to omit ad blockers; the Washington Post has a different audience. I expect that most would find installing and learning a new browser to be too much effort and too hard to understand.
This is provably wrong since Google has been pushing Chrome installs for over a decade.
Good point.
It’s still good advice
I would bet money that the techie they asked to put the list together included "use an adblocker." And then the higher-up who approves articles like this said "shit! wait... no, no, no, delete that one!!" These corporations are deeply deceptive.
Source article: https://www.washingtonpost.com/technology/2025/06/06/meta-pr...
> Source article
Thx. Even the source in the slashdot article links to msn...
Written by the same person who wrote Washington Post article.
All very confusing.
MSN is all rehosted articles I believe. Several times I've searched major paper headlines to read the full story on MSN.
No idea what kind of deal these places have with Microsoft.
I like the MSN articles. My ad blocker cleans them up nicely, and they never ask me to subscribe.
Unfortunately MSN has a history of publishing AI hallucinations as fact.
How Microsoft is making a mess of the news after replacing staff with AI https://edition.cnn.com/2023/11/02/tech/microsoft-ai-news
MSN used to be this special variation of Internet Explorer on Windows during the early era of the internet. My grandmother used it and the rebranded browser was packaged with other software products (if I recall correctly, I could be conflating it with preinstalled trash back in the day). It had a different color theme and allowed you to log into your hotmail account. I think at one point it became an IE addon.
I remember it revolved around giving you the news and maybe even loading hotmail with a special ui button. I have a foggy memory of it, but this MSN forum thread confirms the MSN Explorer existed[0].
You could even build a personal home page of sorts with the weather.
[0] https://answers.msn.com/thread.aspx?threadid=2fa8c100-ed43-4...
Any ways it had a following of people who got their news and it still exists in some form today. I know the website msn.com always catered to news stories, but I don’t know if they were always reposted if they once had writers. I think it’s always been some sort of data harvesting/media credibility facade news-focused branch of Microsoft.
Here is a screenshot:
https://img.informer.com/screenshots/53/53675_1.jpg
From the screenshot it appears the news has always been reposted and FUD based. It probably worked well (for Microsoft) in the golden age of RSS.
Well the truth is Microsoft branding is totally incoherent, and MSN has been anything and everything MS thought they could put their name on. Like there is a cable network called MSNBC which now has nothing to do with either MS or NBC.
Originally, like Bill Gates wrote about it in a book completely ignoring web browsers, MSN was a proprietary Windows client like AOL. Later on it became a 'web portal' like Yahoo. Then a 'content' site. At one point, it was even a social media site. Somehow, when my parents got cable internet, they were funneled into a @MSN.com account. It had this fake "dialer" which pretended it was "connecting", even though the internet was always on.
For many years since, MSN has just been the tabloid news to remind you that Microsoft shit is low class.
What about the other app ? Now that this trick is known, either it’s completely fixed, including in system webview, or all the other usual spyware ,that the play store is full of, are going to use it to track their user.
Google still hasn’t fixed the issue of app being able to list all other installed app on your phone without requiring permission despite having been reported months ago. They didn’t even provide an answer.
I believe Google isn’t interested in Android user privacy in any way, even when it’s to their own benefit.
At this point either use iPhone, grapheneos or no phone at all.
> Google still hasn’t fixed the issue of app being able to list all other installed app on your phone without requiring permission despite having been reported months ago. They didn’t even provide an answer.
Since the first release of Android it has been possible to query for installed applications on the device, and since Android 11 those results have started to be filtered[0] (with some exceptions[1]).
So which issue exactly are you talking about?
[0]: https://medium.com/androiddevelopers/package-visibility-in-a...
[1]: https://developer.android.com/training/package-visibility/au...
https://support.google.com/googleplay/android-developer/thre...
Basically no answer but an a.i generated one and someone promising to get back in touch since 24 of march.
Who are they kidding ?
Always funny how nearly universally Meta employees are quiet and never defend their companies practices..
The silence says a lot.
They make something people want. Most people I know thah use it, including me, just don't really see that big a downside to using it.
I'm not even slightly considering removing any Meta app, and let's face it, Firefox is over as a project because their priorities are all out of wack.
So Chrome and meta apps all the way for me, but I'm sure to listen to the Amazon Washington Post as to how I should treat Amazon competitors in the future.
This is such a foreign perspective to me that I legitimately cannot even conceptualize it.
I've used Facebook products. Even just barring the privacy concerns, there's been one constant - the products are bad. They're not good. They actively make my life worse. They're not fun, they're not enjoyable, they're not performant, they're not... anything.
Even if I was a complete 100% sellout and I didn't give a single fuck about privacy, I wouldn't use Facebook products. Because they're just that bad.
Also Firefox is "over" as a project? Legitimately, what the fuck are you talking about? Firefox works fine and has been working fine for as long as I've used it. The browser works, and for all intents and purposes, I can't tell the difference from Chrome. Really, I can't. Are there differences? Probably. I've never encountered any, so for my money Firefox is fine.
Even instagram? I tend to agree with your point but I like insta.
Yeah actually maybe a year ago I got rid of Insta, too. It was the most tame one but it just got so annoying over the years. Why am I being shown reels over and over again? I just want to see my friend's wedding!
Silence keeps food on the table.
Why would they say anything ? and how are they any different from Google employees, weapon manufacturer employees, 3 letter agency employees, etc?
Everything can be justified given enough money. There is no such thing as objective morality.
For most people in the west, using yandex and chinese alternatives would be better than local ones, because neither china nor russia has any auhority over you, while your local agencies do.
This. Separation of concerns is a good thing. In this case "people who spy on you" and "people who kick your door in and shoot your dog".
https://getfirefox.com
Yes. Especially on Android, FF with uBlock Origin is the superpower.
For this particular issue: Three dots > Extensions > uBlock Origin > Open dashboard > Filter list > Privacy, enable "Block Outsider Intrusion into LAN".
If any software engineers out there are working on things like this I can only pray they STOP and think about why what they are doing. Implementing features by having to jump through hoops, just so that their employer can better spy on people and make more money.
That is so wrong, on so many levels ... I personally couldn't do it.
I hate this even more than NSO Group's Pegasys, which could easily get people killed. I'm ok with my reasoning, and I really hate that one as well.
Here, with Meta and Yandex, you see what you always see.
As soon as people catch on, they immediately remove it. But they will keep using it until that day comes.
For money, while trying to hide it from the users they are spying on.
It's greedy and evil and whoever in these companies think up these ideas should be let go. Immediately, in a perfect world.
Instead they'll just try another approach.
While everyone else has to clean up this latest one.
"Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse."
Zen Browser (FF) on Win and Firefox on iOS (for sync) works well for me. Edge for all M365 related stuff. Still use Chrome for web dev. Not sure what to move on in that regard...
I'm a relatively new web dev and I've been quite happy with Firefox's Web Dev tools. What does Chrome's dev tools give someone that Firefox's doesn't? I can edit css on the fly, see where a css rule is being overwritten, debug javascript, etc.
FF dev tools just don’t work sometimes, notably with iframes, sometimes with source maps, and other edge case types things.
I use FF for 99% of dev, open Chrome maybe once a quarter. It’s a better browser.
Funny, I find Chrome Dev tools doesn't save some response bodies, while Firefox consistently does.
I use FF but Chrome's dev tools have a lot more going for it including memory profiling and performance tools. On the other hand, Chrome's network panel is awful and it's a chore to see the domains and full URLs involved.
One an develop in FF, but has to test in Chrome. (Same with developing in Chrome and also testing in FF.)
firefox doesnt have Workspaces. I do 100% of my CSS in Chrome Workspaces
What do Chrome Workspaces have, that Firefox Profiles don't have?
I use vite, so I think I get that functionality without needing Chrome? ... if I understand what Workspaces are?
Brave?
I like the succinctness of it. Reminded me of "Eat food, not too much, mostly plants" as Michael Pollan says about dieting.
[flagged]
What do you suggest as an alternative to food?
What I wonder is (from someone who has been in a room like that, not speculation), how do these decisions go down?
My other favorite example is un-disabling telemetry, resetting default browser, etc. Some PM or VP is in a meeting saying we are going to do this shady user hostile thing and everyone just nods? What is the amount and type of euphemisation?
I'd love to be a fly on the wall in one of these..
Anyone have tips on how to avoid having the WhatsApp app on your phone?
Give your WA contacts alternative contact method. Uninstall. Stop using WhatsApp.
Try having kids in Europe, everything they do is organized through WhatsApp group chats. I had to get a separate burner phone just for that.
You can create a work profile on Android and install Whatsapp in it, this way it won't have access to your main environment and contacts. For the f-droid loving crowd, try the Shelter app to set up the separate area.
Yeah, people in the US can choose not to have WhatsApp. In the rest of the world you have to be opt out of lots of stuff to not have WhatsApp.
The question may need a little more context - it's easy to avoid by simply uninstalling it. If you're actually asking how to minimize its presence, consider using an app like Island which isolates the apps into a separate profile which can't see anything in your main profile.
I hadn't heard of that one, thanks: https://play.google.com/store/apps/details
Remove lock-ins that forces people to use a specific chat app. Move private communication away from "platforms" to interoperable protocols. That is the only way for us to regain control over our own private communications.
Use telegram
Telegram is a privacy downgrade from WhatsApp. WA is at least end to end encrypted; Telegram is not.
Telegram is not a downgrade in this instance.
It's not encrypted by default, WhatsApp is.
It doesn't blatantly spy on things you do outside of it
yes it is.
it does not do the e2e hat-trick thou
Encryption without E2EE is completely worthless for the threat model discussed here.
That’s right. It’s either E2EE, or it’s not encrypted IMHO.
The app you have to pay premium to prevent them from selling your details to advertisers and scammers? Ha yes I totally trust them.
Why telegram instead of signal?
Hmm how can I use being forced to use Chrome for work, for me tax wise…
If I’m a contractor forced to use Chrome and mobile devices, can I deduct a separate work phone?
I really hate having it my iPhone, at least maybe I can claw something back this way?
I believe it is good form to keep work and personal machines completely separate, including phones. If you ever have to hand over your devices for discovery in a law suit I think you will come to the same conclusion.
I very much agree. Retired now but I used to have a separate phone for each major client for HIPAA compliance but it's good advice everywhere (and $50 year-old android phones and $15/month Tracfone accounts aren't just for criminals!)
Source: https://www.washingtonpost.com/technology/2025/06/06/meta-pr...
Related discussion: https://news.ycombinator.com/item?id=44169115
And stop using Alexa (of course Bezos' paper wouldn't say that!)
Text-only, no Javascript:
https://assets.msn.com/content/view/v2/Detail/en-in/AA1GecPs
unformatted html with sugar is not really helpful to humans, is it?
If the response is JSON where the JSON values contain HTML, then is the response "JSON" or "HTML".
I would call this response "JSON" not "HTML".
The JSON is unformatted, i.e., no "prettyPrint".
The text-only browser I use to read HTML works with this JSON, it is easy to read, because the JSON values contain HTML tags.
If we truly lived in a democracy which 'obeyed' the overwhelming will of the people, there would be laws with 'horrific' penalties for any effort to track devices or people online.
I've noticed that recent Chrome version does not allow me to download the pdf I'm viewing. I had to open it in Firefox. The Chrome browser only allowed me to save it to drive (cloud)
I downloaded a PDF within updated Chrome earlier this morning without problems. I would be looking at your setup to see what makes it unique.
You can absolutely download PDFs on the all Chrome versions including the most recent. You need to do is set chrome to download them instead of open them.
I am a developer but have to deal with questions on this regularly from people's at my company due to the IT department being small.
Seems weird. I'm in Chrome right now and I can right-click on PDFs and click save as.
I mean once you get into a pdf. Sometimes web page opens it instead of allowing download. The built-in pdf browser of chrome has no option to save it locally on android phone. I have not been not precise in explaining, because I find Google and Android constantly reducing my ownership of my own phone and that's another brick in the wall here
Click on the three dots top right.
There is now a bar of 5 icons at the top. The middle icon, "download", saves the PDF.
Edit: Long-pressing each icon will show you small pop-up text for the icon/action.
What does C-S do?
I have the opposite problem: I want to simply render the pdfs so I can, you know, read them. not download them like they are data to be fed into another app.
Did you try finding a print button?
To… save? I get that you can print to a file and it’ll save it that way of course, but damn that strikes me as really confusing for non-techies
Save or export would make more sense but printing to pdf has been the way to do it forever.
This is how I get around that same issue, but it truly is a hacky workaround.
right-click save-as?
I dont yet understand this attack.
The WP article says:
"" Millions of websites contain a string of computer code from Meta that compiles your web activity. It might capture the income you report to the government, your application for a student loan and your online shopping. ""
If I read that correctly then they are capturing all https web content you access in clear text and uploads it all to Meta? Then Meta
I thought the exploit was used to track where you visited, not the full data of each webpage.
It does sound fantastical. A piece of code that can violate the same origin policy would be a huge vulnerability. Meta could be working with other sites to share data on users via code running on both sites, but snooping on tax data without the IRS helping? Unlikely.
I can only assume they're suggesting that companies like Intuit and H&R Block are sharing this data with Meta, but that seems like a huge violation of privacy and with tax data it might even be illegal.
It's effectively malware—this article has some more detail: https://arstechnica.com/security/2025/06/meta-and-yandex-are...
Basically, they created a channel between the browser and a localhost webserver running in their native apps, by abusing the ability to set arbitrary metadata on WebRTC connections. That way, they were able to exfiltrate tracking cookies out of the browser's sandbox to the native app, where they could be associated with your logged-in user identity.
You are implying Meta and others were able to just siphon data from any website via WebRTC using their native apps, but this was not the case. They were only able to track which websites you visited if that website already embedded the company tracking. Many websites do, but not all.
Is there any way to fix it within Android? damn...
Yes, don't install their native apps.
that's great but cheaper android phones come with built-in Meta apps/services which cant even be uninstalled.
> Know, too, that even if you don't have Meta apps on your phone, and even if you don't use Facebook or Instagram at all, Meta might still harvest information on your activity across the web.
A bit wishy washy. They are still tracking you, just not as effectively as before.
I hope people can get a "Stop Using Chrome" movement going, like we did with Internet Explorer long ago.
Maybe even a "start using Internet Explorer again" movement ;-)
For all the hate it got, IE was nowhere near as privacy-invasive as any of the "modern" browsers now, even Firefox. If you configured it to open with a blank page, it would quietly do so and make zero unsolicited network requests.
Well IE (Edge) is Chrome now under the covers.
Your mixing things up Edge and IE are two completely different things
Chrome is fine.
Letting an advertising company own it is not.
I feel like that's like saying "it's fine, except for the bad part that you can't avoid" ;)
The DOJ could literally order their separation. So there's no part of this that's "unavoidable." Ask Ma Bell.
The future of Google as Chrome’s owner is genuinely in question now due to Google’s antitrust losses, in case you weren’t aware.
There’s a few different cases, one recent one Google has lost and is now in the “remedy” phase. Meaning the court has officially decided Google did bad, and is now considering what to make Google do about it. And splitting up Google into separate Chrome, search, etc companies is completely on the table.
Some reading:
https://www.theverge.com/23869483/us-v-google-search-antitru...
https://www.thebignewsletter.com/p/google-found-guilty-of-mo...
I'm aware, but it doesn't change day to day choices for now.
I'm also completely at a loss to imagine how chrome becomes someone else's play thing and is somehow less prone to serving advertisers.
Idk, isn't that how we got Chrome? Isn't this inviting someone else to be the new Internet abuse daddy?
No, that was Firefox. Chrome's spread was fueled by literal malware or spyware bundling it to get some of Google's sweet money and some of the most aggressive advertisement campaigns for any online product ever.
Was it Firefox? I remember Firefox existing at the time but I don't think it's ever really had dominant market share, perhaps when it was Netscape? I do remember the IE campaign went on quite a long time to where eventually Chrome showed up to the party and people shifted over as well as shifted their family and friends over. You don't see that kind of active effort for Firefox ever.
According to Wikipedia, Firefox share peaked around 31%. It was very much taking over and gaining share from IE before chrome appeared.
https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#Ol...
Yes, FF was revelatory (features and performance) and, relatively, very popular for a time. 31% was a massive share considering it was up against a browser that was the default for the vast majority of people using computers.
Mozilla have had so many chances to position themselves as the privacy-preserving alternative in current years but just can't get out of its own way in any sense (e.g. corporate greed or being hostile towards users). There's still dim hope for FF and some of its forks, like Librewolf, but hopefully forward thinking projects like Servo and Ladybird can fill the void.
Sounds like something written by a Google employee. Mozilla is a non-profit
Might want to look at who provides most of the funds for Mozilla.
Not for long
Thirty months old but I'm guessing they haven't improved! https://www.techradar.com/news/nearly-half-of-all-online-tra...
supermium --ungoogled-supermium
https://win32subsystem.live/supermium/
https://github.com/win32ss/supermium
First time reading about this, thank you!
It's sort of interesting that Brave was not affected by this because they already blocked the technique used by the Yandex app. I wonder if Brave devs were aware of that specific abuse, or if they just thought that localhost traffic was distasteful categorically.
I really wish I was ok, morally, with using Brave.
One of the few that seem to have their shit together
Firefox in strict mode should be unaffected?
All boils down to Chrome leveraging localhost for its location.
Never used Chrome, and don't use Meta apps... and when I did, I did not give them any real information.
I'm disgusted by the number of people giving real personal information to these assholes. "Open"AI insisted that you give them a real, functioning phone number to use ChatGPT. No goddamned way.
I didn't give open ai my number...because i wouldn't have. Works fine for me (though i do use deepseek more, nowadays.
That is a recent change. Originally I tried various workarounds, including Google Voice and burner apps... but "Open"AI rejected them.
Gmail should be at the top of the list
Safari reports that it blocked 16 trackers on WaPos home page. So it’s probably best to avoid them for privacy too.
I wouldn't be using Safari if I were concerned about privacy. Privacy is more than just blocking trackers.
How is Safari anything but strong on privacy?
It's closed-source.
That's irrelevant to how private something is. Closed-source is a reason to be suspicious of privacy claims, especially without third-party privacy audits, I'll grant.
There is a data pipe directly into the PNNL from Meta. Do your research!
I don’t want to. You do it for me: post a link to what you’re talking about.
WaPo’s reputation so tarnished they have other outlets reporting for them? I don’t understand why a slashdot article has WaPo in the headline. Are they some authority on privacy?
There is a data pipe directly into the PNNL from Meta. Do your research!
[dead]
Washington Post also called Ukraines attack on russian bombers "dirty"
That's one opinion from one columnist. Also, the full phase was "dirty war," by which they seem to mean one dominated by covert operations by intelligence services rather than conventional forces, on both sides.
Can you elaborate?
What is the alternative to chrome that doesn’t crash or is not noticeably slower?
Full time Firefox user. I run hundreds of tabs for days on end and need to restart it every week or so. Well worth it to not use Chrome. Need to open a site in Chrome about once a month
I've used Firefox for years and it very rarely crashes. Individual tabs will crash occasionally, but rarely the entire browser.
The upcoming version has "Unload tabs" built in to the context menu. That should result in restarts limited to updates.
I use the Auto Discard Tabs plug-in, just lets tabs time-out after a set amount of time
Firefox? Weird question. I haven't even installed Chrome in the past 7 years. Firefox is fast (but I obviously don't know if Chrome is faster) and it never crashes.
Chrome does feel faster to me; I remember someone here saying that was because of some kind of procedural loading shenanigans or something.
But the main hook for me is how websites look. I do a lot of reading on the browser, and fonts on Chrome always look better than on Firefox. I would switch to Firefox in a heartbeat if only things started looking the same on it.
I often hear that claim, but for me it was always the opposite. Firefox being fast while Chrome being a slow monster and memory hog. Also when I was using an RPi2b full-time, Firefox was working even though sometimes annoying, while Chrome was a no-go and would led to the OS being unusable.
What's wrong with FireFox?
And if you're not a fan of FireFox, Ladybird is becoming a thing in 2026
[flagged]
Brave Browser: https://brave.com/
Brave has some controversies: https://en.wikipedia.org/wiki/Brave_(web_browser)#Controvers...
I mean those aren't real controversies though, it's more like "we added a VPN feature and included the VPN, but have now removed it". A real controversy would be like Mozilla who was pushing for censorship and silencing "bad actors" in the years after the first Trump election.
What?
"This includes bringing new users to Binance & other exchanges via opt-in trading widgets/other UX that preserves privacy prior to opt-in. It includes search revenue deals, as all major browsers do."
Seems pretty relevant to the current topic and not part of the VPN controversy.
I use Vivaldi[1]. Also has built-in ad-blocker although I'm not sure how good it is compared to Ublock or others.
[1] https://vivaldi.com/
seconded. been loving vivaldi since i switched.
I use firefox full time, it works great for me.
Firefox. It's been my default browser for years but now I'm noticing sites that don't work properly with it. I'm not sure why.
It also has a really annoying 'feature' that its update process will sometimes force you to restart the browser.
Zen Browser works well for me. It's a Firefox fork but privacy-focused whereas Mozilla recently became an ad company and published hostile TOS changes. No issues I had when I was evaluating LibreWolf.
I feel like people sleep on safari, especially on Macs.
JavaScript Chrome developers did a good job of convincing people that Safari is the new IE.
I love Safari on macOS. I love the pinch/zoom with the tabs. I love that private browsing mode, at least seems to, keep things contained to the tab they started with. e.g. if I open facebook in a private tab then open new tab and go to facebook, it’s going to make me login.
Chrome’s developers didn’t have to say anything. Anyone who’s been trying to build on the latest web features (for me, particularly WebGL, WebRTC, WebGPU and IndexedDB) over the past decade has been bitten by Safari over and over again. They usually come around after being raked over the coals by the web dev community, but they’re still usually years behind.
When “Safari is the new IE” was first published, they absolutely were. They’ve gotten a bit better since then, but all the same it was hilarious to see people who used to rail against IE for flaunting web standards (cough John Gruber cough) suddenly start saying that web standards were a bogus racket once Apple decided to stop keeping up with them.
You're drinking Apple kool-aid if you think Safari isn't holding web back.
Lots of anti-google people dislike Safari. Safari isn't the only non-google option you know.
Safari is far from perfect, but I’m glad they don’t implement everything Chrome does. Many of the complaints come down to “Safari doesn’t even support RunBitcoinMinerInBackground.js. It sucks!”
And on the plus side, it’s vastly better at power efficiency, meaning I can use my laptop longer without being plugged in.
sure if you want to live a life stuck in the App Store and Play Store walled gardens... having a decent web browser is the way towards a truly open web
Apple is slow to adopt new features, sure but Google bulldozes features to be first to market so it can implemented the way they want it implemented.
>Google bulldozes features to be first to market so it can implemented the way they want it implemented
Can you give an example of this?
Safari is the new IE not because they refuse to implement questionable new web “standards”, but because
- It has all sorts of random quirks in their supposedly supported features;
- Mobile Safari has even more quirks;
- No other major browser introduces random serious bugs like Safari does (remember the IndexedDB one?);
- Version updates are tied to OS updates meaning it’s the only major browsers that’s not evergreen, and coupled with the previous points you have to carry workarounds for bugs forever, and of course can’t use new features;
- Extensions are 10x harder to develop and more than 10x more expensive to publish since they’re tied to Xcode, Apple Developer Program and MAS, because fuck you;
- Like another commenter said, it’s the only browser that crashes on me (random “this page has experienced a problem and reloaded” or something like that);
- PWA is another kind of hell in Safari but opinions are divided so whatever. At the very least it’s not conducive to an open web.
It’s a piece of hot garbage, like a lot of other Apple software these days. Sure, maybe it’s battery efficient or something. I don’t give a shit because I work plugged in.
Oh and developer tools in Safari are crap but who cares.
Significantly better battery life too. Like hours.
Developers don't convince anyone of anything! They just build stuff according to standards (which are inevitably set not by standards orgs, but by the most popular browsers), and then they expect all browsers to follow those standards and "just work".
When a browser like Safari fails to adhere to those standards, sites will break ... but you can't expect developers (of most sites; I'm not talking about the top 100 or anything) to test in every possible browser ... and then change their code to accommodate them. Certainly not in ones with single-digit percentages of market share, that require their own OS to test (like Safari).
Wikipedia says Safari’s their #2 browser, with 17% traffic share: https://en.wikipedia.org/wiki/Usage_share_of_web_browsers
Web devs ignore Safari at their own risk, lest 100% of iPhone users be unable to use their site.
If Apple wanted more web devs to support Safari they should port it to Linux and Windows. The web is supposed to be an open standard, you shouldn't need a devices and software from a specific manufacturer to develop for it (I say that posting from a Mac).
At some point there was a Safari for Windows.
But there isn't anymore, so there's no way for a web developer to ensure Safari compatibility (unless you expect every dev shop in the world to buy a Mac just for that purpose).
I continually try, but Safari is the only browser where I routinely experience crashes once or twice a month. There are also some random incompatibilities with certain websites (related to the CORS issue as mentioned in another comment) that force me back into another browser anyway.
I tend to use Safari on my mac, but I will say that it evaluates CORS slightly differently than other browsers so that sometimes I have to disable CORS protection to get a site to work that works fine in Chrome or Firefox, and it's the only browser I've used where I expect to have it crash hard with a SEGFAULT or something every once in a while.
Safari lags on implementing key web tech
I use Chrome for Google workspace, Firefox for ongoing personal logins, and Brave incognito for other browsing (restarting completely for a new session when changing gears).
Last week's discussion on a profile management tool offered several insights into how others a bit further down this path use their browsers of choice: https://news.ycombinator.com/item?id=44132752
Well, for the past twenty years, Firefox has been a good alternative browser to Chrome, IE, etc.
What experiences have you had with crashing, noticeably slower browsers? I haven't seen that in any modern browsers.
Firefox + uBlock Origin
I’m using Firefox and Kagi’s Orion browser [1] on my Mac and Safari on iOS.
[1] https://kagi.com/orion/
Is it easier to build a browser for MacOS? Arc was Mac only for the longest time, until they released a crippled Windows version. DuckDuckGo browser started Mac only.
> Is it easier to build a browser for MacOS?
Financially, probably. Apple customers represent a disproportionate share of global consumer disposable income.
Technically, I guess Unix-like, BrowserEngineKit and WebKit (Orion uses this) help. Good question, hope someone knowledgeable chimes in!
Firefox.
Any browser that lets you block javascript? It is weird how we now call browsers fast because they can quickly render the most cancerous content.
In Firefox: about:config -> javascript.enabled = false
Doesn't crash? Firefox/Mullvad Browser is fine.
Not slower? Safari or Orion.
I like Vivaldi myself.
I really like Brave, blocks youtube ads and generally just works where other chrome alternatives don't https://brave.com/download/
I'm pretty worried about the security of Brave and stopped using it. I'd like to be wrong. But years old patches missing in Chromium not ported over until recently makes me nervous (referring to a recently addressed long time websocket bug in Brave). What else is missing? It just seems to risky to use for me.
Web browsers should become outmoded soon. It was fine for bootstrapping the web, but now to keep up a browser must emulate the operating system and more in a single app. This pressure is the centralizing factor in browser dominance. Ditch the features, drop the spy protocol (http), just get the files.
> the spy protocol (http)
I'm afraid I can't guess your reasoning.
How do i turn it off?
Turn what off? HTTP is how you receive the web page in the first place. It is not, in itself, causing data to be sent from your computer to others. That happens either because of a script on the page or because you request a web page (i.e. the browser sends headers).
block port 80
Then go full Walden and live your best life out in the woods!
What will the alternative to web browsers be after they become "outmoded"?
I can't speak for the user who you are responding to, but an AI maxi might believe that an AI powered interface will take over all information retrieval.
It's CREEPY to imagine the Internet is under a mandate to protect your privacy. Don't be CREEPY.
The EU cookie fiasco is just that. All of a sudden, your every day experience was derailed extremely in a way that 'broke' HTML standards and sites at first in hundreds of ways. All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning. Ironically, they will remember your cookie settings if you 'sign up'. Meanwhile nothing became more secure or private. It was just a way for the EU to virtue signal out loud and be annoying. It throws the user into sitespace to navigate the site's own cookie settings. It's theater.
Meanwhile, advanced fingerprinting is, well uhm, advanced. If the EU cared about cookie privacy a better course of action would have been to see whether browsers were locked down with best anti-fingerprinting possible and local cookie dialogues... and certify the ones that were. Educate users, harass them one time.
> All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning.
How is this true? You don't need a cookie warning if you're not tracking or doing other nastiness. A cookie banner is not required for functions like user sessions or keeping track of a shopping art.
> All of a sudden sites that never did track users were forced to start tracking them -- in order to set the flag to suppress the harassing cookie warning.
If the site never tracked the user, they wouldn't need to show the cookie banner in the first place.
The 'fiasco' is for your benefit. If you don't like the banners, get a blocker or don't visit sites that track you. It's a pissy thing to add, but do you also get upset with places that have "This area is under video surveillance for your [cough] security"?
Yes if the EU’s aim was to just throw sand in the machine that is called society, then it seems they did a splendid job.