[Dev] Let's revert and move changes introduced by bugs #645 and #677 on Iceweasel

[Fabio Pesari]

On 11/01/2015 05:04 AM, Jorge Araya Navarro wrote:
> But there is no fundamental difference between partnering or not partnering, the issue is the same,
> there is a use of a "nonfree service" (or whatever that phrase wants to mean) being promoted and its
> "nonfreeness" (to put it in some way) of the service doesn't not change because developers did no
> partnering with the Big Brother, adding the fact that no free software have been installed in my
> laptop in order to use Firefox Hello or the social directory (or whatever its name is), the thing
> done to remove this so-called "nonfree" feature was changing some javascript in a file called
> vendor.js.

I agree with you that saying "nonfree service" was very stupid (and I
apologize for that but in my defense, it was night here!) but you get
what I meant - who knows what the hell TokBox is? (I just think it's
funny that they call their proprietary platform "OpenTok").

The only way we can trust a server is to inspect its memory as it is
running, because otherwise even if it's running a free program it might
as well run other programs (even free ones) that collect user data from
logs (or even memory) and send them somewhere.

And even if we were able to do that, we would have to be able to
disassemble the programs in memory to make sure they are what we think
they are and without physical access to the physical hardware, it still
would be easy to trick users.

Moral of the story: on the web, you are going to trust someone
eventually. It's either other people in peer-to-peer or some server in
client-server.

All we can ask is to choose what services to trust, and Firefox Hello
does not offer that option because it's sneaked in a completely
unrelated program, a web browser.

I'm not against programs like Pidgin, because the choice is left
entirely to the user and it doesn't actively recommend any protocol over
the other.

Pidgin claims to be a "universal chat client" and what they do is
reasonable. Is Firefox a video conferencing program?

> Using the same logic, we should blacklist half Internet (or shipping EFF's Privacy Badger by default
> with Iceweasel and IceCat, at least) because they promote "nonfree services" like Facebook and
> Twitter as content-sharing platforms, but no, we had to ban a feature that works as an excellent and
> more practical alternative to Skype.

That doesn't sound like the same logic to me. Users should have the
freedom to make their choices.

If Firefox Hello were the only way to replace Skype, I would agree with
you, but it isn't.

Trying to replace Skype is noble and all but I call bullshit on the
nobility of their efforts - they saw a chance to partner with a big
company and they took it.

If they really wanted to replace Skype, they would have collaborated
with the community and let a trusted entity (like the EFF or the FSF)
run the service.

> If the feature don't require proprietary software to run on user's machine, but it may rise a
> privacy concern, then the feature should be disabled in a package put on Nonprism repo, is that
> simple, otherwise we may fall in the slippery slope.

I think that in this case there might be another solution: explain to
users in the post-install message that the browser optionally relies on
an external service which might violate user privacy, and if it's
possible during the first time the program is launched as well.