Firstly, many browsers are not your friends, so this is not a Mozilla is worse than X post.
So why bash Mozilla?Google get bashed, Microsoft get bashed and Apple do, but the alternative is not a saint. It boasts about privacy, but doesn't enable it for most users, it complains about tracking and then teaches web developers how to do it. It has had complaints for around a decade (since then there have been others, like 970092 ) that user privacy is being invaded because of browser features.
But Mozilla are just following a standard?Mozilla staff can often play a key role in changing the web, from work on drafting standards to work on demonstrating new ideas with new features that are yet to be fully standardised. Web standards are not legal requirements and there is nothing to stop Mozilla either breaking from them to fix privacy and security or providing a default alternative release or feature flags that protect users.
Fixing the design that would break everyone?So? Apple broke a lot when they stopped supporting Flash. Is Firefox incapable of leading beyond broken standards, to protect users when others have already demonstrated a precedent that it can be done? Firefox can even re-use the same security pattern adopted for SSL certificates that if you get into trouble you can opt-in to delegate to a less secure mode on a site.
So why does Mozilla have to lead?Because they boast of caring about privacy. Sites like https://advocacy.mozilla.org/en-US and https://www.mozilla.org/en-US/privacy/firefox/ boast of how they wish to defend privacy, but their flagship product fails most users. Sorry, but whatever you do to cure the minority, if the majority are still suffering, then boasting about the minority is a falsehood. It's like BP boasting about it's solar energy project... great job, but they're still mostly an oil company. Firefox is still mostly a web browser business for which most of their users have their privacy breached because of the insecure design of the flagship product.
But they have private browsing mode and tracking protection?
- Private browsing is designed primarily at local privacy from others users of a machine, don't confuse it. In doing so it achieved some mitigation of tracking cookies, but not saving history, searches, cookies, temporary files is quite an expensive feature set to lose that people typically would like to have because they trust their local machine, it's the remote ones they want to protect themselves from.
- Which brings us to tracking protection that when included blocks "many" trackers.... Many? That's not enough and on notable sites including health services I've found tracking still happens and referer urls are still sent.
- It isn't turned on by default, so for you to be beter protected, your first thought after installing Firefox has to be, I don't trust Firefox to protect my privacy by default, I need to configure that in and how many users think like that and then how many know what to do - (please at least install something like Privacy Badger from a very trusted source).
But it's not their fault websites include tracking, it's web developers who add this stuff?
- Mozilla even showcase tracking happening on their own site https://developer.mozilla.org/en-US/docs/Learn/HTML/Multimedia_and_embedding/Other_embedding_technologies ironically, whilst also describing it is a security problem
- You have to go out of your way to then find the pages on why you shouldn't do this if you need security https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Security_best_practices then from my experience and watching other developers, the time between learning how to add insecure features and learning how to spot and fix that is typically years... not one or two years, maybe 5-10 if you're a good developer.