Notices by Sarah Jamie Lewis (sarahjamielewis@mastodon.social)

Really, what I would love to see is a project with a vision and principles.

Where is the browser with activity pub integration? Where is the browser with rss feeds? Where is the browser that doesn't have to disable the tracking crap, because it simply doesn't exist in the first place?

If we want a web that works for the people, we need to build a browser that takes responsibility for those values.

While understanding that that is a damn expensive thing to ask.

That or the dozen+ firefox forks agree to combine their efforts and maintain a shared hard-forked base.

That could work, but it might be a bigger ask.

I think Tor Project are probably best placed to do it - they are already as close to maintaining a hard fork of firefox you can be without actually maintaining a hard fork. I understand why they don't - but, if anyone has a shot of making that path work, I think it's them.

There is clearly a lot of effort fractured over a lot of projects, perhaps enough to actually take on the task, but I'm not aware of any project committed to a hard fork of firefox, with everything that entails (and if you had the resources to go that route, I'm not convinced that is the best path to take either)

I can only really think of a handful of groups I think have a chance at success, but I don't think any of them are currently considering it.

Many people are in my mentions talking about and/or promoting various firefox forks.

Look, if Mozilla can't afford to keep developing/maintaining firefox without resorting to the sad path, then the question that needs to be asked is how any other organization can? What about the approach is different?

It's one thing to package firefox with some of the bad things turned off. It's another to take on the responsibility of maintaining that codebase sans-mozilla.

Firefox, or at least the ideal of Firefox - an open browser that serves the interests of people rather than corporations is so important.

It's also an incredibly expensive proposition (in part because of how the web has evolved complexity, thanks in part to how corporations have driven, and ultimately practically captured various standards)

I deeply understand Mozilla's desire to continue existing to serve that mission...but it can't be like this.

There is no such thing as privacy-respecting advertising. At least not for any sane definition of "respect"

The arguments are technically nuanced, but I went into it a little a while back: https://mastodon.social/@sarahjamielewis/113199184170538484

Raising money is pointless if doing so compromises the values you claim to stand for.

Really sad to see Mozilla committed to such a dystopian vision of the future of the web.

"While Firefox remains the core of what we do, we also need to take steps to diversify: investing in privacy-respecting advertising to grow new revenue in the near term; developing trustworthy, open source AI to ensure technical and product relevance in the mid term"

source: https://blog.mozilla.org/en/mozilla/mozilla-leadership-growth-planning-updates/

One thing I do want to do is write some more about the motivations behind senary (which I outline a little here: https://mastodon.social/@sarahjamielewis/113992174035936111)

I do think starting a fresh, thinking about how to balance anonymous/drive-by contributions with the general influx of spam that all repos see these days is going to make a big difference as the project evolves.

Thanks everyone for the questions and feedback on senary (my new lightweight, self hosted code forge)

Applied a few new updates this morning, including:

- syntax highlighting and css changes to make things look and feel a little better
- a new index page (https://senary.lopeos.org/) that starts to answer questions like "what is indie auth?" and "why senary?"

I'm implementing something and it needs an authentication layer, and I'd prefer not to have a user database.

Is there any consensus emerging on a fediverse sso standard?

I know indieauth exists, and there is some discussion about general oauth2 support for various fediverse mainstays, but I've not looked into this all that deep.

What I really want in a software forge is static hosting of pretty much everything, with a very small online-app for receiving issues/pull requests, with an approval flow for anonymous/new contributors.

I prototyped this a few years back, my inbox this morning makes me want to revisit it.

The github model that pretty much all modern forges are based around doesn't map nicely to smaller projects and it causes so many problems.

I think the actual self-hosting of code management/issue tracking/CI is important, I want more projects to do it - but currently it is a pain and more expensive than it needs to be.

It's one of the projects on my list of projects that I wish people would steal (https://sarahjamielewis.com/entry/privacy-projects.html)

At @openprivacy we've hosted our own gitea (formally gogs) instance for the last 7 years and while it's helped us get a lot of work done - it's a constant maintenance headache.

Having every new contribution be public by default incentivizes spam.

Forcing users to create account to make issues/pull requests limits accessibility.

Dynamically generating every single commit tree means mass scraping campaigns require identification and siloing..

On the one hand I really want to encourage nuance when it comes to privacy and security - systems are complex and multi-faceted and risks both overlap and counter each other.

On the other hand, with all the various news of the last few weeks...I'm not sure nuance is all that useful.

The thing that was bad about "client side scanning" wasn't the client side content classification, it was the co-opting of the device to send "maybe crime" reports to third parties.

There are plenty of interesting and maybe valuable applications of actual client side scanning of content though I don't trust any of them to be done by companies who align themselves with authoritarians and bigots...

Ultimately, the main questions you really need to ask yourself are:

- "What are you trying to protect"
- "Why?"
- "For how long?"

Privacy itself is a technology, a powerful one, and you should learn to wield it effectively to accomplish the goals you have.

Some nuanced privacy advice:

- Signal is good, and you should use it because it strikes an effective balance in the optimization problem that is getting people to use secure technology.

- You should think really, really hard before using any technology whose entire threat model depends on centrally operated infrastructure remaining trusted and uncompromised. Especially ones based in jurisdictions without effective democratic institutions.

If you want actual free feeds, liberated from billionaire control and algorithmic meddling, where you can run your own filtering and sorting as much as you please - we had that, it was called rss - it scaled really well.

"Let's aggregate everything through a small number of very expensive relays" is not going to serve that goal, especially not given any current or future form of at-proto.

Just want to throw it out there that for 30 million dollars you could probably build something good instead.