Mozilla, Firefox 14 Misrepresents SSL

Firefox Browser Beefs Up Search Security
personalliberty.com
Mozilla says it has begun distributing its latest version of the Firefox browser with a new feature that will encrypt all Google searches by default. The security feature in Firefox 14, dubbed HTTPS Google Search, can shield users from advertisers or hackers that harvest data about users…

I can’t help but laugh at the premise. “Firefox is more secure because you can visit Google with SSL!”

Well actually, you can do that in any browser. And all the others support native SSL for all built-in search boxes. Firefox hasn’t done that yet? Tsk tsk tsk.

But more importantly, the claim is that it makes it more secure by not sharing your browsing trends with advertisers like, well, Google. Though, of course Google, being the biggest online advertising platform in the world, just happens to be the only one that would actually see your search terms under this fancy new security implementation. Sigh.

Mozilla is first major tech company to denounce CISPA

While I disagree with Mozilla’s ‘forced update’ cycle, I’m proud that they took a stance against CISPA. Way to go, Mozilla!

Learn more about CISPA and read the bill text here.

Every Six Weeks

Mozilla announced recently that they’ll be releasing a new major version of Firefox every six weeks. Let’s put that in perspective, shall we?

Like a Well-Aged Wine

After a multi-year gestation, Firefox was born from a series of Mozilla Foundation projects that culminated in the pre-adolescent Firebird, then Phoenix, and finally Firefox in 2004. Even so, it was almost a year later when Firefox finally earned 1.0 status.

After another year, Firefox 1.5 was released, which added a number of important bugfixes, privacy controls, and a much improved extension, update and control system. This was really the first time in it’s four year life that Firefox existed as a truly stable system.

A year later, Firefox 2.0 was released, adding significant improvements in JavaScript support and the UI.

Two years later, Firefox 3.0 was released. This version was the most significant progress to date, with unparalleled improvements in the rendering engine, performance and bug fixes. Firefox was, at this point, ready to take over as the most powerful browser in the world. This version was quite stable, and for the next several years, only relatively minor updates were released.

The usage share of web browsers. Source: Media...

Image via Wikipedia

A year later, Firefox 3.5 was released. This version was added a relatively small number of security and stability bug fixes, and finally surpassed Internet Explorer as the most popular browser.

Half a year later, Firefox 3.6 was released. This update incorporated a new rendering engine and significantly improved performance, stability and security for plugin processing.

Shortly over a year later, and only six months ago, Firefox 4.0 was released. This major update significantly overhauled the entire user interface, effectively recreating Firefox as more than a simply a viewport to the Internet, but a truly personalized visual interface of it’s own. This was the most significant update to Firefox in it’s nine year life, and “before the paint was dry”, as it were, Firefox 5.0 was released.

Getting Short-Changed

Less than three months after Firefox 4.0 was made available, Firefox 5.0 was released. This version sported updated standards compatibility, enhanced privacy controls and performance. While these are all important facets to the ongoing development and growth of the Internet, this was the shortest release of a major version in Mozilla history.

Then, six weeks later, Mozilla released Firefox 6.0. Aside from specific web development additions (and the common security and stability fixes), there really isn’t anything significant enough to be considered a vast difference in this “major” version. If anything, it’s essentially the same browser as 5.0 with a few developer-only additions under the hood, and a rather poor testing history. You see, in the four weeks since it was released, there have been more security issues discovered in this major version than in the same period of any previous version.

The new “rapid release” policy is essentially pushing unstable and insecure major versions out to the world. Up to this point, Firefox was quite stable and secure. Developers, home users and IT administrators used to be able to rely on the safety and security that was always Mozilla’s number one priority. Now, however, it’s little more a “late beta” than a full release, and by the time the users have worked through all the bugs, a new major version (read: bag of untested buggy software) is released.

Next week we will see Firefox 7.0. It’s expected to have better memory usage, improved performance, cosmetic changes, and bug fixes. Why can’t this be 6.1?

Why should you care?

Because users do. Users are already getting updates pushed at them from every direction. The biggest complaint users raise is that the interface is different. Adding a new interface or even interface elements, which are common traits of major versions in all software (and every major version of Firefox excepting maybe 5.0), confuses them. You want market share and ease of support? Make it last! Users can’t even get their Google Toolbar to work since the version numbers are changing so fast. According to some sources, Internet Explorer 6.0 (a browser that was released over a decade ago) still has over 16% market share!

Because developers do. I’ve never seen so many complaints from web developers about Firefox than I have over the last month. Firefox has become “the new pariah”, shooting well above Internet Explorer in the number – and ferocity – of public complaints. Former Fox-heads are now sharpening their swords and looking for alternatives. The big “solution” offered by many is to “don’t bother upgrading past Firefox 3.6.” Now that’s for web developers, how about plugin developers? Well, the extensibility layer used by toolbars and other plugins relies on version-safe checking. This is critical and I applaud Mozilla for incorporating this. Except…do they really expect small development shops and individual developers to be able to keep up if even Google can’t publish compatible versions of the Google Toolbar in a timely fashion? Yeah, I don’t think so.

Because IT administrators do. I manage a lot of computers for individual and business clients. Keeping up with operating system and primary software updates once per month is extremely time consuming. Training users on changes to their core software imposed by those updates is even more time consuming. Sure, removing the menu items is a huge space saver! But this was the worst possible thing Mozilla could have done for the vast majority of their users. They may as well have hidden all the user interface elements and only exposed them when the user recited the Lord’s Prayer in Latin! Yes, this is an exaggeration, but not too far off if you have any older clients. Sigh. The time to push this many updates on a large corporate network would have me dumping Firefox immediately. At least Internet Explorer is only updated on a reliable schedule, and Chrome is updated in the background so you don’t even need to worry about it if you reboot regularly.

I don’t understand why Mozilla is defending this new policy. It’s pretty simple: these major versions are causing problems for literally millions of their users. Is “catching up with Chrome” really that important to them? Do they realize that even though Google Chrome is version 13, I’d be surprised if they could find any actual users that even knew their version number?!

So, Now What?

My recommendation over the last couple months has been to Dump Firefox. It’s simply not worth the hassle. There are plenty of other browsers out there that don’t depend on an artificial release cycle. Use one of them! It could save you hours each week in updates and maintenance, and is far less likely to be the iDevice of the browser world – out of date before you open the shiny box.

Enhanced by Zemanta