Remove Pocket Integration from Firefox

(Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. There =
are some comments on Hacker News at https://news.ycombinator.com/item?id=3D=
9667809).

Mozilla's recent integration with Pocket, a proprietary third-party service=
, is a mistake.

It is very exciting to see the ways in which Firefox continues to improve. =
And it's even more exciting to see the ways that Mozilla advances it's stat=
ed mission outside of the Firefox browser with new developments like Firefo=
x Accounts. Pocket now allows you to log in on their site using your Firefo=
x Account; being able to authenticate with a trusted third party like Mozil=
la is a huge win for online privacy advocates and the Mozilla community. Ho=
wever, adding Pocket as a built-in feature to Firefox should not have been =
done.

This is particularly surprising since it was Firefox that made browser exte=
nsions mainstream. Pocket should have been an extension (in fact, a Pocket =
extension used to exist). It could have even been bundled with the browser.=
 This distinction is important, since extensions can be removed entirely, w=
hereas currently Pocket can only be disabled.=20

The user experience of disabling Pocket is not good, either. It needs to be=
 disabled in about:config, which is not at all user friendly, and therefore=
 not in line with Mozilla's mission. In the past, Mozilla has been very goo=
d about showing the user what new features have been added to the interface=
 and explaining any privacy implications that may come with them. That is w=
hy I was so surprised when the Pocket icon suddenly appeared in Firefox Dev=
eloper Edition a couple days ago. It is so unlike Mozilla to introduce some=
thing like that, I ran a virus scan and checked what programs had been inst=
alled recently -- I assumed it had been put there in the same way that IE u=
sers used to get the Ask Toolbar installed.=20

It may also not be clear to some users that, even when signing in with your=
 Firefox account, you are still giving your email address to a third party =
whose privacy policy is different than Mozilla's. Many users would not assu=
me this, since it is a feature that is bundled with the browser.

Mozilla's recent blog post about the Pocket feature is titled "Firefox Puts=
 You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/06=
/02/firefox-puts-you-in-control-of-your-online-life/). Had this been coming=
 from a startup, that post would be humorously ironic. But given how much p=
eople care about Mozilla and it's stated mission, it is more painful than f=
unny.

Firefox should continue to add new features that benefit its users, but tho=
se features must be done in accordance with Mozilla's core values. This fea=
ture should've been done as an extension, which allows for greater user cho=
ice and avoids bloat. Most importantly, there was very little public discus=
sion about this inclusion of a proprietary, third-party service. It's a hug=
e departure from Mozilla's commitment to transparency. The existence of the=
 Pocket code in Firefox is a bug in the browser, and it does not adhere to =
Mozilla's core mission.
0
tucker
6/5/2015 9:59:49 PM
mozilla.governance 764 articles. 0 followers. Post Follow

229 Replies
1541 Views

Similar Articles

[PageSpeed] 58

I agree wholeheartedly with this. All other major browser vendors have bake=
d in integrations with non-free proprietary services. In these cases - like=
 Google Apps on Chrome - it makes a lot of sense. However, given Mozilla's =
mission, and the legacy of Firefox as promoting user privacy, I can't see h=
ow integrating this directly into the browser chrome was a good idea.

While I find Pocket useful, I would much rather see this distributed as an =
extension. Honestly, I'd have no objection were Mozilla themselves to distr=
ibute it as a first-party extension, or even feature it - but an extension =
nonetheless.
0
matt
6/5/2015 10:31:48 PM
On Friday, June 5, 2015 at 6:59:56 PM UTC-3, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.

I strongly agree with this removal. Integrating with third-party proprietar=
y technologies seems to go quite clearly against Mozilla's stance on open s=
ource.

Back in the day, Mozilla implemented Mozilla Weave (now Firefox Sync) exact=
ly because existing alternatives were proprietary. I believe that's the way=
 to go forward.

As a long time user of Firefox, I now suddenly feel that contributing and d=
onating to firefox wouldn't just promote freedom and open source, but also =
promote a third-party for-profit proprietary solution (Pocket).

On top of that: there's no reason to affiliate with pocket (or is there mon=
ey in the middle?), when implementing this sort of thing is pretty trivial.=
 It is, after all, basically a subset of the feature bookmarking includes, =
and bookmarks are already sync'd.
0
hugoosvaldobarrera
6/5/2015 11:04:39 PM
On Friday, June 5, 2015 at 5:59:56 PM UTC-4, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=1172126. There are some comments on Hacker News at https://news.ycombinator.com/item?id=9667809).
> 
> Mozilla's recent integration with Pocket, a proprietary third-party service, is a mistake.

+1. This bundleware/bloatware needs to, at the very least, be bundled as an easily removable extension (preferably removed completely and made an optional addon). Having to go to about:config to remove this is unacceptable.
0
jeevan
6/5/2015 11:17:24 PM
I agree wholeheartedly.

An early Mozilla and Firefox user, I switched to Chrome for some time but in the past year or two have primarily used FF because of privacy concerns and not wanting a browser built by a company who can make money by ignoring my privacy needs.
0
serial
6/5/2015 11:57:02 PM
I have mixed feelings about this, and I think it's good to have this discus=
sion.  I was surprised at the announcement, because it seemed sudden and un=
expected.  Did I miss something, or was the discussion entirely internal to=
 Mozilla (or on a bugzilla page, not something outsiders would typically di=
scover on their own)?

I was also surprised because it is a proprietary service integrated into a =
Free Software product.  There were blog posts talking about how "Save" need=
s to be integrated across products, devices, and the Internet.  But "Save" =
was not integrated here--Pocket was, a proprietary service, a single web si=
te.

It seems to me that an outcome more in-line with Mozilla's stated mission w=
ould be to publish a save-for-later API, integrate it into Firefox Sync, an=
d make it possible for Firefox users to point their browsers' built-in save=
-for-later list at third-party services that implement the API.  It could e=
ven become a federated API, potentially integrating the variety of incompat=
ible read-it-later-type services that exist.

There are, after all, already Free Software implementations of Pocket-like =
services (e.g. Poche).  It seems contrary to Mozilla's stated mission to ti=
e in to a proprietary service instead of furthering the creation of open AP=
Is and platforms.

Imagine a certain web site or service released a new, JSON-based protocol t=
hat combined HTTP, HTML, AJAX, maybe XUL or XSLT-type stuff, and released a=
 Firefox extension that let people access its site or services more quickly=
 than using HTTP/HTML/AJAX.  Now fast-forward a few years and it's very pop=
ular (maybe it's something like Netflix, and it lets them implement their U=
I more easily, or lock it down more than an HTML UI).  Would Mozilla then i=
ntegrate it directly into Firefox?  It seems like the principle is the same=
..

I write all this as a long-time Firefox user, and one who's used Pocket sin=
ce early in its Read-It-Later incarnation.  As much as I use it, it doesn't=
 seem appropriate to integrate it directly into Firefox. =20

And when viewed together with the EME situation, the trend toward integrati=
ng proprietary software and services is also concerning.  It can always be =
rationalized with lines like, "Our users are going to use it, one way or an=
other, so we might as well integrate it," but if that had been Mozilla's at=
titude from the beginning, I don't think we would be here using Firefox tod=
ay.  It seems like Mozilla is prioritizing users' short-term good over the =
long-term.
0
Adam
6/6/2015 12:10:41 AM
Would make sense to just publish it as an extension.  I don't see how it needs to be in the default app.
0
scottrfrost
6/6/2015 1:19:51 AM
> It seems to me that an outcome more in-line with Mozilla's stated mission=
 would be to publish a save-for-later API, integrate it into Firefox Sync, =
and make it possible for Firefox users to point their browsers' built-in sa=
ve-for-later list at third-party services that implement the API.  It could=
 even become a federated API, potentially integrating the variety of incomp=
atible read-it-later-type services that exist.


I agree.


> Imagine a certain web site or service released a new, JSON-based protocol=
 that combined HTTP, HTML, AJAX, maybe XUL or XSLT-type stuff, and released=
 a Firefox extension that let people access its site or services more quick=
ly than using HTTP/HTML/AJAX.  Now fast-forward a few years and it's very p=
opular (maybe it's something like Netflix, and it lets them implement their=
 UI more easily, or lock it down more than an HTML UI).  Would Mozilla then=
 integrate it directly into Firefox?  It seems like the principle is the sa=
me.


The rationale behind Pocket was "We're working on a 'save' feature anyway, =
why duplicate the work of something that already exists?". Intentions are i=
mportant; the intention protects us from the slippery slope argument you're=
 making.

> And when viewed together with the EME situation, the trend toward integra=
ting proprietary software and services is also concerning.=20

Let's not bring EME into this. EME was something which was standardized -- =
a battle Mozilla lost.



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


I'm also a tad annoyed by Pocket integration. I don't mind it shipping with=
 Firefox, but I'd rather prefer it be off by default. Even better would be =
a privileged addon. This is because Pocket is a third party service and not=
 everyone who uses Firefox because they trust Mozilla will check if it's a =
third party service before using it. By integrating Pocket, Mozilla effecti=
vely makes Pocket its weakest link in the trust scene; which isn't good.



Note that some of the arguments made about Pocket (and Hello) elsewhere on =
the Internet are fallacious:

 - There's no way to disable it: You can drag the button off using the Cust=
omize button. Firefox UI components are lazy loaded.
 - It adds to the bloat. Neither Pocket nor Hello are heavy. Pocket is a bu=
nch of HTTP calls; Hello is a wrapper around WebRTC -- an open protocol wit=
h an open implementation that all browsers are supposed to support. These a=
re really small droplets in the memory usage story.
0
manishsmail
6/6/2015 3:57:07 AM
For what it's worth. I personally do not see the need for Pocket and would not use it.
0
stevenselectronicmai
6/6/2015 4:03:58 AM
I'm writing this as a long-time Firefox user/supporter and also a Pocket pr=
emium (paying) user.=20

I think that Pocket is a very useful service, and one that I personally use=
 extensively. I've been happy using it through the Firefox extension, and I=
 do not see any need whatsoever for Pocket to be "integrated" into Firefox.=
 This development raises a few questions, that I think people in the commun=
ity would like to learn about.


1. On what basis was this decision taken? Was there any discussion on this?=
 I ask out of genuine ignorance, for this seems to have taken many people b=
y surprise. (I found out about this only when I got an email from Pocket)

2. On what basis did Firefox decide to integrate a proprietary product from=
 a particular for-profit entity? Why not team up with other services in the=
 same arena -- eg: Instapaper/Readability/Wallaby? More broadly, is it in t=
he user's best long-term interests for Mozilla/Firefox to promote one over =
the other, especially in a nascent field?

3. In the default setup (when this is enabled) I would like to know exactly=
 what details of one's browsing activity this makes available to Pocket.
0
ssivark007
6/6/2015 4:04:51 AM
One of the primary reasons why Netscape Navigator failed and Firefox took o=
ver was because Navigator was big, slow and had everything with a kitchen s=
ink that users couldn't get rid of. Meanwhile Firefox was lean, clean and f=
ast alternative with extensions that allowed users to add desired missing f=
unctionality.

Now is Firefox turning into that Navigator with more and more unnecessary j=
unk baked in.
First "Hello" was shoved down users' throats, now Pocket.
Neither are critical to browser's functionality and should not have been in=
tegrated into Firefox like this.

Both, Hello and Pocket should've had a "first launch wizard" that explained=
 functionality of both modules and *asked users if they wanted to use them!=
*
Both should've been shipped as extensions which users would've been able to=
 cleanly remove with no traces left behind!

Neither should've been part of the mandatory browser package update.

Whatever deal Mozilla has with Pocket with this integration should not have=
 come to detriment of user's experience.

Please re-open and address Bug 1172126.
0
Mxx
6/6/2015 4:56:38 AM
I'm just a regular user (and extension developer)

Seriously, guys. Make this an extension. I know you need to monetize the br=
owser - fine - bundle it, people who don't want it will remove it. Right no=
w even setting 'browser.pocket.enabled' to false does not remove the "View =
pocket list" item from the bookmarks menu.

It just feels like spam.
0
mcovey
6/6/2015 6:17:27 AM
On Saturday, June 6, 2015 at 5:57:14 AM UTC+2, manis...@gmail.com wrote:
> Note that some of the arguments made about Pocket (and Hello) elsewhere o=
n the Internet are fallacious:
>
>   - There's no way to disable it: You can drag the button off using the C=
ustomize button. Firefox UI components are lazy loaded.
>   - It adds to the bloat. Neither Pocket nor Hello are heavy. Pocket is a=
 bunch of HTTP calls; Hello is a wrapper around WebRTC -- an open protocol =
with an open implementation that all browsers are supposed to support. Thes=
e are really small droplets in the memory usage story.

I feel like setting 'browser.pocket.enabled;' to false in 'about:config'=20
is a better solution than just removing the UI component.
0
Kevin
6/6/2015 9:17:46 AM
There's one argument unmentioned here, and i suspect it wasn't mentioned yet because Tucker is too polite to do so. I however, having been burned many ways by Mozilla's "governance", have no reason to be polite about it.

The addition of things like Hello and Pocket in FF core* deserves only a single description:

Hypocrisy.

Mozilla removed features that were core in FF, and would've been core in *any* browser; while arguing those features could be re-added as extensions.

A group that holds that stance has no business adding features to FF core that look, feel, taste and smell like extensions.


* would've been fine as bundled extensions
0
walde
6/6/2015 11:49:40 AM
I completely agree. This is just another example in recent builds that are =
pushing me away from Firefox. First they change to Yahoo and in so doing th=
is the update changed your current default. Absolutely shady work. I could =
have understood on a new install but on an update it should have at least a=
sked you. Then you add the Hello button.. Why? Another thing to disable. No=
w lets integrate Pocket and make it not removable. Sure you can hide it sor=
t of and disable in about:config but most people do not know how to use abo=
ut:config. Shady again. What is next? Facebook integration we can't turn of=
f announcing every page we visit? Who comes up with these terrible "feature=
s"?


0
arkhamassailant
6/6/2015 3:20:16 PM
I really hope you will remove pocket and let the users choose if they want to install it.
0
aasonykk
6/6/2015 4:39:14 PM
My 2 cents, I think the original idea needs to be reviewed. A "save" feature, really? I don't think it's a feature that is needed, at all. Ok, if some people want it, fine. Maybe they can have an add-on if they want. 

I think more focus on security, privacy, performance, stability, and customizability are far more important than this discussion of a "save" feature. It just seems like a silly feature to even have a discussion about. FF doesn't need sprawl.
0
clickwir
6/6/2015 4:43:35 PM
Please reopen bug #1172126. Making a bug report dependent on a conversation=
 on external & proprietary Google Groups is against Mozilla Manifesto (#8, =
primacy of transparent community-based processes).=20

Moreover, it looks sinister because it will hide that bug from users, which=
 will cause unnecessary duplicate bugs and uproar.=20

The code that integrates Pocket goes against Mozilla Manifesto #7 (primacy =
of free and open source software) and should be reverted. It does so by vio=
lating #9 as it breaks the balance between commercial and free software off=
erings. It dismisses free software alternatives to Pocket before integratin=
g it into Firefox. The proprietary software integration further violates #8=
 (primacy of transparent community-based processes) since the codes was see=
mingly slipped in without asking for community feedback.=20

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126

Manifesto: https://www.mozilla.org/en-US/about/manifesto/

Thanks,
Mehmet.=20
0
mehmetaergun
6/6/2015 4:44:24 PM
On Friday, 5 June 2015 16:59:56 UTC-5, tucker....@gmail.com  wrote:
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20

In fact, extensions to add functionality instead of bundling a lot of bloat=
 into core is why I switched to Firefox in the first place all those years =
ago.

Bundle an extension if you must, but please stop adding bloat to core!
0
singpolyma
6/6/2015 4:47:41 PM
I'm a Firefox user and a Pocket user (since back when it was called Read It=
 Later). I love Pocket, its a very handy and effective service for me. But =
I do not think for a second that it should be bundled with Firefox by defau=
lt. If you want to do that, develop an open source tagging/saving service t=
hat provides the same functionality. Its a simple concept that would be eas=
y to re-create under an open source license. I'm a php/mysql dev and I woul=
d be happy to work on such a project, I've been considering doing it myself=
 because the more I depend on Pocket the more inclined I am to move away fr=
om it to a self-hosted or open source solution (which has been my plan all =
along but gosh darnit, Pocket has just been so easy & effective that I have=
n't gotten around to it).
0
devhen
6/6/2015 5:04:23 PM
On 06/06/2015 12:39 PM, aasonykk@gmail.com wrote:
> I really hope you will remove pocket and let the users choose if they want to install it.
>


The extension will still be used if the user has installed it. AIUI

See "What Happens If I Already Have the Pocket Extension in Firefox?" at 
[Pocket is Now Built Into Firefox! « Pocket 
Blog](http://getpocket.com/blog/2015/06/pocket-is-now-built-into-firefox/)
0
WaltS48
6/6/2015 6:10:17 PM
On Sat, Jun 6, 2015 at 4:49 AM, <walde.christian@gmail.com> wrote:

> There's one argument unmentioned here, and i suspect it wasn't mentioned
> yet because Tucker is too polite to do so. I however, having been burned
> many ways by Mozilla's "governance", have no reason to be polite about it.
>
> The addition of things like Hello and Pocket in FF core* deserves only a
> single description:
>
> Hypocrisy.
>
> Mozilla removed features that were core in FF, and would've been core in
> *any* browser; while arguing those features could be re-added as extensions.
>

I'm trying to figure out how you think this applies to Hello. The WebRTC
functionality in Firefox that Hello makes use of is still there and
continues
to be improved.

-Ekr
0
Eric
6/6/2015 6:22:34 PM
On Sat, 06 Jun 2015 20:22:34 +0200, Eric Rescorla <ekr@rtfm.com> wrote:

> On Sat, Jun 6, 2015 at 4:49 AM,  <walde.christian@gmail.com> wrote:
>> There's one argument unmentioned here, and i suspect it wasn't  
>> mentioned yet because Tucker is too polite to >>do so. I however,  
>> having been burned many ways by Mozilla's "governance", have no reason  
>> to be polite about >>it.
>>
>> The addition of things like Hello and Pocket in FF core* deserves only  
>> a single description:
>>
>> Hypocrisy.
>>
>> Mozilla removed features that were core in FF, and would've been core  
>> in *any* browser; while arguing those >>features could be re-added as  
>> extensions.
>
> I'm trying to figure out how you think this applies to Hello. The WebRTC
> functionality in Firefox that Hello makes use of is still there and  
> continues
> to be improved.

As far as i can tell:

WebRTC is an API, which of course belongs into core.

Hello is a user interface, which should've been an extension.

Or is it not be possible to implement an extension that duplicates Hello's  
functionality and makes use of the WebRTC api?

I might be wrong in the case of Hello and am open to being corrected.
0
Christian
6/6/2015 6:29:41 PM
On Sat, Jun 6, 2015 at 11:29 AM, Christian Walde <walde.christian@gmail.com>
wrote:

>  On Sat, 06 Jun 2015 20:22:34 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>
> On Sat, Jun 6, 2015 at 4:49 AM,  <walde.christian@gmail.com> wrote:
>
>> There's one argument unmentioned here, and i suspect it wasn't mentioned
>> yet because Tucker is too polite to do so. I however, having been burned
>> many ways by Mozilla's "governance", have no reason to be polite about it.
>>
>> The addition of things like Hello and Pocket in FF core* deserves only a
>> single description:
>>
>> Hypocrisy.
>>
>> Mozilla removed features that were core in FF, and would've been core in
>> *any* browser; while arguing those features could be re-added as extensions.
>>
>
> I'm trying to figure out how you think this applies to Hello. The WebRTC
> functionality in Firefox that Hello makes use of is still there and
> continues
> to be improved.
>
>
> As far as i can tell:
>
> WebRTC is an API, which of course belongs into core.
>
> Hello is a user interface, which should've been an extension.
>
> Or is it not be possible to implement an extension that duplicates Hello's
> functionality and makes use of the WebRTC api?
>

Yes, it is probably possible to implement an extension that duplicate's
Hello's functionality. I don't think it follows from that that it's not
appropriate
to ship it as part of Firefox.

-Ekr
0
Eric
6/6/2015 6:45:44 PM
On Sat, 06 Jun 2015 20:45:44 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
> On Sat, Jun 6, 2015 at 11:29 AM, Christian Walde  
> <walde.christian@gmail.com> wrote:
>> On Sat, 06 Jun 2015 20:22:34 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>>> On Sat, Jun 6, 2015 at 4:49 AM,  <walde.christian@gmail.com> wrote:
>>>> There's one argument unmentioned here, and i suspect it wasn't  
>>>> mentioned yet because Tucker is too polite >>>>to do so. I however,  
>>>> having been burned many ways by Mozilla's "governance", have no  
>>>> reason to be polite >>>>about it.
>>>>
>>>> The addition of things like Hello and Pocket in FF core* deserves  
>>>> only a single description:
>>>>
>>>> Hypocrisy.
>>>>
>>>> Mozilla removed features that were core in FF, and would've been core  
>>>> in *any* browser; while arguing those >>>>features could be re-added  
>>>> as extensions.
>>>
>>> I'm trying to figure out how you think this applies to Hello. The  
>>> WebRTC
>>> functionality in Firefox that Hello makes use of is still there and  
>>> continues
>>> to be improved.
>>
>> As far as i can tell:
>>
>> WebRTC is an API, which of course belongs into core.
>>
>> Hello is a user interface, which should've been an extension.
>>
>> Or is it not be possible to implement an extension that duplicates  
>> Hello's functionality and makes use of the >>WebRTC api?
>
> Yes, it is probably possible to implement an extension that duplicate's
> Hello's functionality. I don't think it follows from that that it's not  
> appropriate
> to ship it as part of Firefox.

Thanks for confirming that my line of thought is correct on the  
implementability of Hello as an extension.

That said, you may think it does not follow, but given that you do not  
explain why you think this, there is not much of a conversation to be had,  
and your ability to convince is zero as of now.

As i stated in my original email, given their explanation of earlier  
removals, it is hypocritical of Mozilla to implement functionality in core  
that could be implemented in an extension instead.

If there is special circumstance for either Hello or Pocket, there should  
be a very good reason for it, but so far none is obvious or has indeed  
been given.

-- 
With regards,
Christian Walde
0
Christian
6/6/2015 6:52:04 PM
On Sat, Jun 6, 2015 at 11:52 AM, Christian Walde <walde.christian@gmail.com>
wrote:

>  On Sat, 06 Jun 2015 20:45:44 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>
> On Sat, Jun 6, 2015 at 11:29 AM, Christian Walde <
> walde.christian@gmail.com> wrote:
>
>> On Sat, 06 Jun 2015 20:22:34 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>> On Sat, Jun 6, 2015 at 4:49 AM,  <walde.christian@gmail.com> wrote:
>>
>>> There's one argument unmentioned here, and i suspect it wasn't mentioned
>>> yet because Tucker is too polite to do so. I however, having been burned
>>> many ways by Mozilla's "governance", have no reason to be polite about it.
>>>
>>> The addition of things like Hello and Pocket in FF core* deserves only a
>>> single description:
>>>
>>> Hypocrisy.
>>>
>>> Mozilla removed features that were core in FF, and would've been core in
>>> *any* browser; while arguing those features could be re-added as extensions.
>>>
>>
>> I'm trying to figure out how you think this applies to Hello. The WebRTC
>> functionality in Firefox that Hello makes use of is still there and
>> continues
>> to be improved.
>>
>>
>> As far as i can tell:
>>
>> WebRTC is an API, which of course belongs into core.
>>
>> Hello is a user interface, which should've been an extension.
>>
>> Or is it not be possible to implement an extension that duplicates
>> Hello's functionality and makes use of the WebRTC api?
>>
>
> Yes, it is probably possible to implement an extension that duplicate's
> Hello's functionality. I don't think it follows from that that it's not
> appropriate
> to ship it as part of Firefox.
>
>
> Thanks for confirming that my line of thought is correct on the
> implementability of Hello as an extension.
>
> That said, you may think it does not follow, but given that you do not
> explain why you think this, there is not much of a conversation to be had,
> and your ability to convince is zero as of now.
>

I'm not trying to convince you. You made an assertion that I don't think is
convincing
and I said so.



> As i stated in my original email, given their explanation of earlier
> removals, it is hypocritical of Mozilla to implement functionality in core
> that could be implemented in an extension instead.
>

I'm not really sure what earlier removals you're referring to, but there's
absolutely
nothing contradictory about taking some features that could be implemented
in
extensions and putting them in the main product while requiring that other
features
to be implemented in extensions. Rather, it's a product judgement about
which
features are of the widest general interest and the best fit for being part
of the
main product as shipped.

-Ekr
0
Eric
6/6/2015 7:09:18 PM
On Sat, 06 Jun 2015 21:09:18 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
> On Sat, Jun 6, 2015 at 11:52 AM, Christian Walde  
> <walde.christian@gmail.com> wrote:
>> On Sat, 06 Jun 2015 20:45:44 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>>> On Sat, Jun 6, 2015 at 11:29 AM, Christian Walde  
>>> <walde.christian@gmail.com> wrote:
>>>> On Sat, 06 Jun 2015 20:22:34 +0200, Eric Rescorla <ekr@rtfm.com>  
>>>> wrote:
>>>>> On Sat, Jun 6, 2015 at 4:49 AM,  <walde.christian@gmail.com> wrote:
>>>>>> There's one argument unmentioned here, and i suspect it wasn't  
>>>>>> mentioned yet because Tucker is too >>>>>>polite to do so. I  
>>>>>> however, having been burned many ways by Mozilla's "governance",  
>>>>>> have no reason >>>>>>to be polite about it.
>>>>>>
>>>>>> The addition of things like Hello and Pocket in FF core* deserves  
>>>>>> only a single description:
>>>>>>
>>>>>> Hypocrisy.
>>>>>>
>>>>>> Mozilla removed features that were core in FF, and would've been  
>>>>>> core in *any* browser; while >>>>>>arguing those features could be  
>>>>>> re-added as extensions.
>>>>>
>>>>> I'm trying to figure out how you think this applies to Hello. The  
>>>>> WebRTC
>>>>> functionality in Firefox that Hello makes use of is still there and  
>>>>> continues
>>>>> to be improved.
>>>>
>>>> As far as i can tell:
>>>>
>>>> WebRTC is an API, which of course belongs into core.
>>>>
>>>> Hello is a user interface, which should've been an extension.
>>>>
>>>> Or is it not be possible to implement an extension that duplicates  
>>>> Hello's functionality and makes use of the >>>>WebRTC api?
>>>
>>> Yes, it is probably possible to implement an extension that duplicate's
>>> Hello's functionality. I don't think it follows from that that it's  
>>> not appropriate
>>> to ship it as part of Firefox.
>>
>> Thanks for confirming that my line of thought is correct on the  
>> implementability of Hello as an extension.
>>
>> That said, you may think it does not follow, but given that you do not  
>> explain why you think this, there is not >>much of a conversation to be  
>> had, and your ability to convince is zero as of now.
>
> I'm not trying to convince you. You made an assertion that I don't think  
> is convincing
> and I said so.

I'm describing a factual reality. The parameters of such i hope i made  
clear and obviously match the reality we live in. If there are parameters  
i have overlooked, it is up to you to state which ones. You've tried to do  
so in the following, and as such i will address:

> I'm not really sure what earlier removals you're referring to,

It is completely and entirely irrelevant, but to satisfy your curiosity:  
Take for example the very simple case of the RSS button.

> there's absolutely
> nothing contradictory about taking some features that could be  
> implemented in
> extensions and putting them in the main product while requiring that  
> other features
> to be implemented in extensions. Rather, it's a product judgement about  
> which
> features are of the widest general interest and the best fit for being  
> part of the
> main product as shipped.

If that is indeed the reason, then you might be correct. Such a reason  
can, if argued and explained publicly, honestly and in good faith, be  
exceptional circumstance.

However you're guessing about Mozilla's reasons.

As i've said, reasons might exist, but are both not obvious (the reasons  
you stated are entirely non-obvious, and especially for Pocket the  
"obvious" reason is wildly different from your guess) and have not been  
stated publicly by Mozilla. Or can you refer to such?

-- 
With regards,
Christian Walde
0
Christian
6/6/2015 7:21:13 PM
On Sat, Jun 6, 2015 at 12:21 PM, Christian Walde <walde.christian@gmail.com>
wrote:

>  On Sat, 06 Jun 2015 21:09:18 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>
> On Sat, Jun 6, 2015 at 11:52 AM, Christian Walde <
> walde.christian@gmail.com> wrote:
>
>> On Sat, 06 Jun 2015 20:45:44 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>> On Sat, Jun 6, 2015 at 11:29 AM, Christian Walde <
>> walde.christian@gmail.com> wrote:
>>
>>> On Sat, 06 Jun 2015 20:22:34 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>>>
>>> On Sat, Jun 6, 2015 at 4:49 AM,  <walde.christian@gmail.com> wrote:
>>>
>>>> There's one argument unmentioned here, and i suspect it wasn't
>>>> mentioned yet because Tucker is too polite to do so. I however, having been
>>>> burned many ways by Mozilla's "governance", have no reason to be polite
>>>> about it.
>>>>
>>>> The addition of things like Hello and Pocket in FF core* deserves only
>>>> a single description:
>>>>
>>>> Hypocrisy.
>>>>
>>>> Mozilla removed features that were core in FF, and would've been core
>>>> in *any* browser; while arguing those features could be re-added as
>>>> extensions.
>>>>
>>>
>>> I'm trying to figure out how you think this applies to Hello. The WebRTC
>>> functionality in Firefox that Hello makes use of is still there and
>>> continues
>>> to be improved.
>>>
>>>
>>> As far as i can tell:
>>>
>>> WebRTC is an API, which of course belongs into core.
>>>
>>> Hello is a user interface, which should've been an extension.
>>>
>>> Or is it not be possible to implement an extension that duplicates
>>> Hello's functionality and makes use of the WebRTC api?
>>>
>>
>> Yes, it is probably possible to implement an extension that duplicate's
>> Hello's functionality. I don't think it follows from that that it's not
>> appropriate
>> to ship it as part of Firefox.
>>
>>
>> Thanks for confirming that my line of thought is correct on the
>> implementability of Hello as an extension.
>>
>> That said, you may think it does not follow, but given that you do not
>> explain why you think this, there is not much of a conversation to be had,
>> and your ability to convince is zero as of now.
>>
>
> I'm not trying to convince you. You made an assertion that I don't think
> is convincing
> and I said so.
>
>
> I'm describing a factual reality. The parameters of such i hope i made
> clear and obviously match the reality we live in. If there are parameters i
> have overlooked, it is up to you to state which ones.
>

No, really, it's not. You made (and continue to make a categorical argument)
about hypocrisy. I think that argument is silly and gave you some potential
reasons why it's reasonable to make different decisions in different cases,
but I'm really not interested in debating the particulars of either of
these cases
or in trying to convince you. Feel free to continue to think what you want.

-Ekr
0
Eric
6/6/2015 7:29:09 PM
On Sat, 06 Jun 2015 21:29:09 +0200, Eric Rescorla <ekr@rtfm.com> wrote:

> On Sat, Jun 6, 2015 at 12:21 PM, Christian Walde  
> <walde.christian@gmail.com> wrote:
>> On Sat, 06 Jun 2015 21:09:18 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
>>> On Sat, Jun 6, 2015 at 11:52 AM, Christian Walde  
>>> <walde.christian@gmail.com> wrote:
>>>> On Sat, 06 Jun 2015 20:45:44 +0200, Eric Rescorla <ekr@rtfm.com>  
>>>> wrote:
>>>>> On Sat, Jun 6, 2015 at 11:29 AM, Christian Walde  
>>>>> <walde.christian@gmail.com> wrote:
>>>>>> On Sat, 06 Jun 2015 20:22:34 +0200, Eric Rescorla <ekr@rtfm.com>  
>>>>>> wrote:
>>>>>>> On Sat, Jun 6, 2015 at 4:49 AM,  <walde.christian@gmail.com> wrote:
>>>>>>>> There's one argument unmentioned here, and i suspect it wasn't  
>>>>>>>> mentioned yet because Tucker is >>>>>>>>too polite to do so. I  
>>>>>>>> however, having been burned many ways by Mozilla's "governance",  
>>>>>>>> have >>>>>>>>no reason to be polite about it.
>>>>>>>>
>>>>>>>> The addition of things like Hello and Pocket in FF core* deserves  
>>>>>>>> only a single description:
>>>>>>>>
>>>>>>>> Hypocrisy.
>>>>>>>>
>>>>>>>> Mozilla removed features that were core in FF, and would've been  
>>>>>>>> core in *any* browser; while >>>>>>>>arguing those features could  
>>>>>>>> be re-added as extensions.
>>>>>>>
>>>>>>> I'm trying to figure out how you think this applies to Hello. The  
>>>>>>> WebRTC
>>>>>>> functionality in Firefox that Hello makes use of is still there  
>>>>>>> and continues
>>>>>>> to be improved.
>>>>>>
>>>>>> As far as i can tell:
>>>>>>
>>>>>> WebRTC is an API, which of course belongs into core.
>>>>>>
>>>>>> Hello is a user interface, which should've been an extension.
>>>>>>
>>>>>> Or is it not be possible to implement an extension that duplicates  
>>>>>> Hello's functionality and makes use of >>>>>>the WebRTC api?
>>>>>
>>>>> Yes, it is probably possible to implement an extension that  
>>>>> duplicate's
>>>>> Hello's functionality. I don't think it follows from that that it's  
>>>>> not appropriate
>>>>> to ship it as part of Firefox.
>>>>
>>>> Thanks for confirming that my line of thought is correct on the  
>>>> implementability of Hello as an extension.
>>>>
>>>> That said, you may think it does not follow, but given that you do  
>>>> not explain why you think this, there is >>>>not much of a  
>>>> conversation to be had, and your ability to convince is zero as of  
>>>> now.
>>>
>>> I'm not trying to convince you. You made an assertion that I don't  
>>> think is convincing
>>> and I said so.
>>
>> I'm describing a factual reality. The parameters of such i hope i made  
>> clear and obviously match the reality we >>live in. If there are  
>> parameters i have overlooked, it is up to you to state which ones.
>
> No, really, it's not. You made (and continue to make a categorical  
> argument)
> about hypocrisy. I think that argument is silly and gave you some  
> potential
> reasons why it's reasonable to make different decisions in different  
> cases,
> but I'm really not interested in debating the particulars of either of  
> these cases
> or in trying to convince you. Feel free to continue to think what you  
> want.

"xxx is silly" is not an argument, it is an assertion that is up to you to  
prove.

You tried to do so with guesses, and i explained why guesses are  
insufficient.

As for the particulars, they are *exactly* what stands in question in this  
thread. Without further evidence there cannot be (especially in light past  
behavior of Mozilla, see the ad debacle) an assumption of reasonability of  
decisions of Mozilla that have obvious drawbacks and are in contradiction  
to their own statements.

-- 
With regards,
Christian Walde
0
Christian
6/6/2015 7:34:44 PM
For clarification: it is possible to reimplement most Firefox entirely
as an extension. For instance, Bookmarks, Find in Page, Save As, Tabbed
Browsing, Session Restore, etc. could all be implemented as extensions.
Not only that, but some of these features were initially implemented as
extensions and were then bundled with Firefox.

In other words, the questions that needs to be asked here are:
1. does it work well?
2. does it serve users?
3. does it hurt privacy or security?

I haven't checked 3., but the answer to questions 1. and 2. is very much
"yes". Of course, 1. could be improved, and I'm sure that it will.

Best regards,
 David

On 06/06/15 20:45, Eric Rescorla wrote:
> Yes, it is probably possible to implement an extension that duplicate's
> Hello's functionality. I don't think it follows from that that it's not
> appropriate
> to ship it as part of Firefox.
> 
> -Ekr
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
> 


-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/6/2015 7:36:50 PM
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Jbbi2iFS3EXfODb7fk4EO7C1CO2MH2shD
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Just to chime in my 2 cents here:

1) Click on the Pocket button -> Remove from Toolbar. Now you don't=20
have it in your GUI anymore. This is preferred way over
usingabout:config. All the associated menu items (Bookmarks menu and
Context Menu)  won't show up anymore. There is no interaction with
Pocket anymore since  all the interaction is only loaded when clicking
on the icon.

2) Firefox has a preferencein about:config which specifies the API=20
endpoint: browser.pocket.api . If somebody has a compatible API, feel=20
free to promote that as alternative. Yes, it needs to be compatible=20
though. If you think that the user should have other alternatives as a=20
choice: feel free to propose a patch adding the "choice" in a menu and=20
implement the alternative. A bonus point here for getting the=20
alternative to provide a login for Firefox Accounts as well.

3) There is no money involved in this as far as I can know from the
different blog posts by Mozilla.

Of course this is only my knowledge and could be wrong. On the other=20
hand I don't think just saying Mozilla should remove it without=20
providing any alternatives doesn't lead this discussion anywhere.=20
According to Mozilla studies have shown that people want to have a
"Read  Later" list. Mozilla might continue their own implementation, but
completing that feature takes some time.Maybe somebody could pick up the
work that has already  been done there and improve it so it works? Of
course there is no  guarantee that Mozilla would pick up a working
"Reader List"  implementation which works with Sync, but it could be
worth a try?

And a last note: Mozilla management is reading this list so I believe
we  don't need to spam this list with non-informative and only "me=20
too"-like comments. So please keep keep good input coming and express=20
your support with a vote on=20
https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126(but please don't=20
comment there to not spam people either). You can find the "vote"
button  in the left column.

Cheers,
Michael


--Jbbi2iFS3EXfODb7fk4EO7C1CO2MH2shD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVc0z5AAoJEALDj3mkYzlBVDYP/1SYtTqb67JB9BeYggD67WPF
9o6XM/Kb1UHICrp+rct54n/nWejdvWUb5l3aAzzHTmeXawWRDw9dKmTlEKHIjDE/
VsQmmBkt+c50Dkl11xfkPhYGwI7hjb5ystWULkCXq44I8lY+3d02PC7NrqjAdUfk
03hBbKueuZnDOdak+W75C45CtYwdZ8Bb85tW7xk0YJJbxVILv7wxWfIMlfOqwMWh
JHI1Bhk3BnNlQI24tnxXbpyr9LDXqLUha9OAPqnQINjUbsLVPQZM4e5ZfiRShGzL
UGp9HbpiP+GHa4VxgiUg4bVsQvxJqEt+aIUDZvdCS28iO09GXJoMJi6RZZFwhd94
wPYXtICjQSCGsk9o2mdlJsOOcGOnOdKCeI0RRxZdwyLx+OZ+xfAabaNr8yGDK4sb
tJAY5p92KkFKoPP8AMrzS2vkWIbahBIhP74OkRVyTytiMuApASrMtgEtHx9iVmP7
/obPnbF/adgeiR0bsBpQFEgRdY9lCLnKUXWntqgs46G7nhx0HVOmyMAI3znVc+hj
wPJK+AZQHdAcmxxBMxDZDZIn4O2jmuGG/8fffW6W+OCXPswf4hXBMiSxphr1l6ja
rGn98PhsYL7rcndm/k7OuLUF/tyQSp8shLMSZ8beH0lgL07j3hplVViudF3KnU2F
XreXjsWJFxMvNlHdA30j
=LqNK
-----END PGP SIGNATURE-----

--Jbbi2iFS3EXfODb7fk4EO7C1CO2MH2shD--
0
Michael
6/6/2015 7:41:44 PM
Is the answer to 2 "very much" yes? This isn't a feature I'm interested in.
I'm more interested in having a setting to use reader mode by default on
mobile so I don't waste data loading images etc unnecessarily. However I am
guessing that a "save to read later" feature is probably more desirable
outside North America. What is our understanding of who this will benefit
and how significant is the group we're expecting to use this?

On Sat, Jun 6, 2015 at 3:36 PM, David Rajchenbach-Teller <
dteller@mozilla.com> wrote:

> For clarification: it is possible to reimplement most Firefox entirely
> as an extension. For instance, Bookmarks, Find in Page, Save As, Tabbed
> Browsing, Session Restore, etc. could all be implemented as extensions.
> Not only that, but some of these features were initially implemented as
> extensions and were then bundled with Firefox.
>
> In other words, the questions that needs to be asked here are:
> 1. does it work well?
> 2. does it serve users?
> 3. does it hurt privacy or security?
>
> I haven't checked 3., but the answer to questions 1. and 2. is very much
> "yes". Of course, 1. could be improved, and I'm sure that it will.
>
> Best regards,
>  David
>
> On 06/06/15 20:45, Eric Rescorla wrote:
> > Yes, it is probably possible to implement an extension that duplicate's
> > Hello's functionality. I don't think it follows from that that it's not
> > appropriate
> > to ship it as part of Firefox.
> >
> > -Ekr
> > _______________________________________________
> > governance mailing list
> > governance@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/governance
> >
>
>
> --
> David Rajchenbach-Teller, PhD
>  Performance Team, Mozilla
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>
0
Majken
6/6/2015 7:41:48 PM
I judged 2. from the fact that I've been a user of Pocket since it was
called "Read It Later". Of course, YMMV.

On 06/06/15 21:41, Majken Connor wrote:
> Is the answer to 2 "very much" yes? This isn't a feature I'm interested
> in. I'm more interested in having a setting to use reader mode by
> default on mobile so I don't waste data loading images etc
> unnecessarily. However I am guessing that a "save to read later" feature
> is probably more desirable outside North America. What is our
> understanding of who this will benefit and how significant is the group
> we're expecting to use this?


-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/6/2015 7:47:37 PM
On Saturday, June 6, 2015 at 2:47:53 PM UTC-5, David Rajchenbach-Teller wro=
te:
> I judged 2. from the fact that I've been a user of Pocket since it was
> called "Read It Later". Of course, YMMV.
>=20

So because you use it, it serves users? There is a long time pocket user fu=
rther up that believes Pocket shouldn't be integrated and should be left as=
 a extension. Seems like Mozilla shouldn't be integrating things that are b=
est left as extensions as well as things no one will use (Hello).
0
Nic
6/6/2015 11:55:54 PM
My real problem with this is that you've handed a gigantic amount of free b=
usiness to Pocket while getting little in return other than dependence on P=
ocket. It's one thing for the browser to be _able_ to interact with various=
 proprietary websites; but it's quite another to implement an important-see=
ming new feature based on such a proprietary service. Now an important piec=
e of user-visible functionality won't be able to function without Pocket's =
proprietary service. This would be akin to introducing an email client that=
 could only interface with one particular provider.

The right way to do this: define a generic save-this-page-for-later protoco=
l, and let the user choose among multiple providers. Like is currently done=
 with search engines. Then auction off the default position to gain resourc=
es for further development of the browser.

In the meantime you're handing a bunch of free business to Pocket while gai=
ning little benefit, incurring a proprietary dependency in core browser fun=
ctionality, and burdening many users with a feature they didn't want in the=
 first place.

Of course, I don't really know what "users" want. Has there been any resear=
ch done on what percentage of users have save-for-later extensions installe=
d already? Or what percentage would rate that as highly desired functionali=
ty?
- Josh


On Saturday, June 6, 2015 at 1:47:53 PM UTC-6, David Rajchenbach-Teller wro=
te:
> I judged 2. from the fact that I've been a user of Pocket since it was
> called "Read It Later". Of course, YMMV.
>=20
> On 06/06/15 21:41, Majken Connor wrote:
> > Is the answer to 2 "very much" yes? This isn't a feature I'm interested
> > in. I'm more interested in having a setting to use reader mode by
> > default on mobile so I don't waste data loading images etc
> > unnecessarily. However I am guessing that a "save to read later" featur=
e
> > is probably more desirable outside North America. What is our
> > understanding of who this will benefit and how significant is the group
> > we're expecting to use this?
>=20
>=20
> --=20
> David Rajchenbach-Teller, PhD
>  Performance Team, Mozilla

0
hansen
6/7/2015 12:27:32 AM
On Friday, June 5, 2015 at 2:59:56 PM UTC-7, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.

Can someone from Mozilla chime in on two questions:

1) Was there any money exchanged for the inclusion of Hello and Pocket? Or =
other "kick-backs" (using that term loosely, I mean things like product pla=
cement of Firefox on Hello- or Pocket-related sites).

2) Where was the inclusion of Hello or Pocket discussed in the open, with a=
n option for the public to chime in? And if not, why?

Don't get me wrong, Mozilla doesn't "owe" anyone anything, but this whole k=
erfluffle seems to be contradictory to their mission, if not in letter, at =
least morally-speaking.
0
mark
6/7/2015 1:10:53 AM
On Saturday, June 6, 2015 at 3:42:13 PM UTC-4, Michael Kohler wrote:

> Of course this is only my knowledge and could be wrong. On the other 
> hand I don't think just saying Mozilla should remove it without 
> providing any alternatives doesn't lead this discussion anywhere. 

Save-to-Read

https://addons.mozilla.org/en-US/firefox/addon/save-to-read/

Uses bookmarks, so you can, of course, Sync them.
0
ronwilhoite
6/7/2015 1:58:30 AM
In <news:mailman.879.1433613054.30853.governance@lists.mozilla.org>,
mehmetaergun@gmail.com wrote:

> Please reopen bug #1172126. Making a bug report dependent on a
> conversation on external & proprietary Google Groups is against
> Mozilla Manifesto (#8, primacy of transparent community-based
> processes).

It need not depend on Google Groups -- this conversation is also
available via NNTP on news.mozilla.org and via mailing list at
<https://lists.mozilla.org/listinfo/governance>.  Giganews provides
the NNTP server, which I guess qualifies as external and proprietary,
but the ml option is a mailman instance on a Mozilla server, so
internal F/LOSS.

0
UTF
6/7/2015 2:53:32 AM
On Saturday, 6 June 2015 04:59:56 UTC+7, tucker....@gmail.com  wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.




Just Delete Pocket from Firefox! Make only option to install it! MOZILLA, y=
ou have a PROFITABLE PROJECT, like FIREFOXOS and OTHERS! Just don't MESS UP=
 with USER WEB BROWSER! WE REALLY HATES MOZILLA DOING THIS! JUST REMOVE IT =
lah!
0
blbenyamin9
6/7/2015 3:19:09 AM
On Sunday, 7 June 2015 05:37:00 UTC+10, David Rajchenbach-Teller  wrote:
> For clarification: it is possible to reimplement most Firefox entirely
> as an extension. For instance, Bookmarks, Find in Page, Save As, Tabbed
> Browsing, Session Restore, etc. could all be implemented as extensions.
> Not only that, but some of these features were initially implemented as
> extensions and were then bundled with Firefox.

I'd point out that none of the above require users to trust interaction wit=
h a 3rd party proprietary service. I think this is the line that Mozilla ha=
s crossed, arguably in the Hello case, repeated in the Yahoo case and now w=
ith Pocket.

I still don't see any reference to how, when or where this decision was mad=
e. This might help improve the transparency and arguments for Pocket's incl=
usion. I suspect that the reason many people use Mozilla software is for th=
is sort of transparency and to make their own decisions about who to trust =
on the internet.

0
benjamin
6/7/2015 4:24:42 AM
On 6/6/15 3:36 PM, David Rajchenbach-Teller wrote:
> For clarification: it is possible to reimplement most Firefox entirely
> as an extension. For instance, Bookmarks, Find in Page, Save As, Tabbed
> Browsing, Session Restore, etc. could all be implemented as extensions.
> Not only that, but some of these features were initially implemented as
> extensions and were then bundled with Firefox.
>
> In other words, the questions that needs to be asked here are:
> 1. does it work well?
> 2. does it serve users?
> 3. does it hurt privacy or security?
>
> I haven't checked 3., but the answer to questions 1. and 2. is very much
> "yes". Of course, 1. could be improved, and I'm sure that it will.

Well, it clears hurts privacy, right? It's a feature that sends browsing 
data to a VC-funded third-party company, which says in its privacy 
policy that if it's acquired " user information may be included among 
the transferred assets".

I have nothing against Pocket — from the comments I've seen on this list 
and on HN, it seems to be an exceptional tool and service. And I 
actually think Reading List functionality is entirely appropriate in a 
browser, a natural extension of the browsing process.

But Pocket's inclusion in Firefox as a default toolbar icon is 
mystifying to me, coming from an organization that values user privacy 
so highly that it designed a client-side-encrypted sync architecture to 
avoid collecting similar data.

Yes, Firefox has a search bar that sends queries to search engines, but 
that's unavoidable — Mozilla isn't in a position to build a search 
engine, and the privacy trade-off is clear. But it seems to me that 
Mozilla could absolutely build functionality like this (sans web access) 
on top of its existing, privacy-protecting sync architecture. 
Privileging a third-party service that doesn't have those same 
protections — a few icons down from the bookmark icon, which does — 
feels like an abdication of Mozilla's role and a betrayal of users who 
trust Mozilla but may not fully understand where their data is going 
when they use this feature that suddenly appeared in their toolbar.

So I fully support the decision to add this sort of functionality to 
Firefox, but I want it designed according to the principles that cause 
me to use Firefox in the first place. Until that time, I think Pocket 
integration should be treated like the services available via the Share 
button: as a clearly separate, third-party option with benefits that 
Mozilla can't provide but that may carry trade-offs that aren't in line 
with Mozilla's priorities.
0
Dan
6/7/2015 6:42:09 AM
Indeed, putting this somewhere in or around the Share button sounds like
a good idea.

On 07/06/15 08:42, Dan Stillman wrote:
> So I fully support the decision to add this sort of functionality to
> Firefox, but I want it designed according to the principles that cause
> me to use Firefox in the first place. Until that time, I think Pocket
> integration should be treated like the services available via the Share
> button: as a clearly separate, third-party option with benefits that
> Mozilla can't provide but that may carry trade-offs that aren't in line
> with Mozilla's priorities.
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance


-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/7/2015 7:53:01 AM
Eric Rescorla <ekr@rtfm.com> writes:

> I'm trying to figure out how you think this applies to Hello. The
> WebRTC functionality in Firefox that Hello makes use of is still there
> and continues to be improved.

>From what I can gather on Reddit and other forums there is a
misconception that Hello is a proprietary component provided by
Telefonica. This seems to come from the branding on the component. Is
there a post or some documentation to point people too when they think
this that shows what Telefonica's role is and that Hello is open source?

--
http://bluishcoder.co.nz
0
Chris
6/7/2015 7:58:28 AM
I think no matter whether this feature is good or bad, Mozilla devs should =
at least ask it's users before making such a radical change, so it does not=
 come at such a big surprise to the users, and the users can actually get t=
o know the rationale behind the decision before getting angry at Mozilla.

On Saturday, June 6, 2015 at 9:59:56 AM UTC+12, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.
0
llkiwi2006
6/7/2015 9:27:41 AM
On Sunday, June 7, 2015 at 9:59:04 AM UTC+2, Chris Double wrote:
> [...] there is a
> misconception that Hello is a proprietary component provided by
> Telefonica. This seems to come from the branding on the component. Is
> there a post or some documentation to point people too when they think
> this that shows what Telefonica's role is and that Hello is open source?

All other issues aside, this is something that also happened to me.
My first thought was "Oh no, what is this proprietary service doing in my browser?" and I tried to find a way to rip it out.
To be honest, I still haven't looked up what Hello is all about or how it works (especially in terms of what data gets sent where, why and when) and I feel like the latter should have been documented and presented to the end-user.

Seeing some people run around, yelling
> "Great, Mozilla, will [proprietary chat/voip service] be integrated, too?"
or
> "I wonder when they will build in [a popular social network that spies on its users] integration that nobody but power users knows how to disable."
is obviously a bad thing - and I've seen it happen a lot.
0
Kevin
6/7/2015 11:51:44 AM
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat.
I assume some of the German people at Mozilla have already seen this, but I=
'd just like to leave these comments from a German IT-news article here:
http://www.heise.de/forum/iX/News-Kommentare/Mozilla-nimmt-Reader-Software-=
Pocket-in-Webbrowser-Firefox-auf/forum-198500/page-2/

Translating a few subject lines, for those who are interested:
- "Sowas von =FCberfl=FCssig.." - "Totally unnecessary.."
  (the comment is about how Pocket should be extension)
- "Propriet=E4rer Cloud-Dreck!" - "Proprietary cloud-crap!"
  (the comment is about how Pocket is just another spy-/bloatware component=
 that got added to Firefox, and how you need to disable it in about:config =
to make it stop 'phoning home')
- "Zum Abschalten: about:config -> browser.pocket.enabled =3D false" - "To =
turn this off: [...]"
  (subcomments include things like "Wozu wohl der String "browser.pocket.oA=
uthConsumerKey" dient? Ein Schelm..." ("I wonder what the browser.pocket.oA=
uthConsumerKey option is for? Evil to him who evil thinks..."))
- "Und er wird immer fetter ..." - "And it [the Firefox core] is getting mo=
re and more bloated..."
- "Bitte noch Thunderbird und Sunbird integriegen..." - "Now please go on b=
y integrating Thunderbird and Sunbird..."
  (goes on about how we will end up at Netscape Naviagtor and/or a web suit=
e, being the primary reason why Firefox exists and that we have to to choos=
e between the devil (Chrome) and the deep blue sea (Firefox) these days)

Those are really sad to see. Unfortunately, they are getting more and more =
common these days.

> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's.
In my opinion this is particularly bad. Why should anyone expect core-compo=
nents to 'violate' your privacy by adhering to different rules (i.e. ones t=
hat you wouldn't expect, seeing as component X is part of the Firefox core)=
?

I hope somebody at Mozilla sees the need for a (few) change(s).
0
Kevin
6/7/2015 12:30:43 PM
On 6 Jun 2015, at 16:56, Mxx wrote:
> One of the primary reasons why Netscape Navigator failed and Firefox =
took over was because Navigator was big, slow and had everything with a =
kitchen sink that users couldn't get rid of. Meanwhile Firefox was lean, =
clean and fast alternative with extensions that allowed users to add =
desired missing functionality.=20
>=20
> Now is Firefox turning into that Navigator with more and more =
unnecessary junk baked in.=20
> First "Hello" was shoved down users' throats, now Pocket.=20
> Neither are critical to browser's functionality and should not have =
been integrated into Firefox like this.

This, so much this.
Generally, I=E2=80=99m not a huge fan of the direction Firefox is going =
into when it comes to the integration of non-browser functionality. =
It=E2=80=99s even worse in this case, as we=E2=80=99re talking about the =
active endorsement of one proprietary web service among many.=20

In related news: Why is such a major (maybe not technically, but at =
least in terms of the user interface) feature part of a dot-dot release?

Regards,
Felix=
0
Felix
6/7/2015 1:00:32 PM
I also want to ask that Pocket be removed entirely, made optional, or made =
an optional extension.  It's bloatware.  It's completely unnecessary.  It g=
oes against KISS engineering principles.  The fact that it was added takes =
us further down this trend in software design/control recently in the world=
 of "Apps" in which updates make significant and sudden changes to the user=
 experience without warning (for example the latest version of Android on m=
y smartphone banned colors from update icons- why? what does this add to th=
e user experience? In fact, it notably degraded the functionality of severa=
l of my apps.). =20

Please do not reinforce this mindset.  Firefox has one job.  If people want=
 it to do more than that, make it opt-in.
0
randomino
6/7/2015 3:27:52 PM
Also agreeing that Pocket's default integration should be removed.  I have =
been a long term user of Pocket myself since it was a small independent plu=
gin for Firefox.  I enjoy the service across several of my devices but the =
critical issue here is that I opted to use the product. This sort of defaul=
t third party integration into Firefox is the beginning of a very slippery =
slope. =20

This starts Mozilla on a whole in a direction counter to the core reasons I=
 choose to use their browser... namely choice, configuration options, and c=
ontrol.  It unfortunately puts a fair sized dent in my trust of Mozilla's d=
ecision making process.
0
sbrecht
6/7/2015 3:45:40 PM
On 2015-06-07 3:58 AM, Chris Double wrote:
> From what I can gather on Reddit and other forums there is a
> misconception that Hello is a proprietary component provided by
> Telefonica. This seems to come from the branding on the component. Is
> there a post or some documentation to point people too when they think
> this that shows what Telefonica's role is and that Hello is open source?

<https://support.mozilla.org/en-US/kb/firefox-hello-video-and-voice-conversations-online> 
mentions WebRTC, and links to 
<https://support.mozilla.org/en-US/kb/which-browsers-will-work-firefox-hello-video-chat>, 
which I think is a good one to point people to.
0
Chris
6/7/2015 5:38:49 PM
On Saturday, June 6, 2015 at 11:42:19 PM UTC-7, Dan Stillman wrote:
> 
> Well, it clears hurts privacy, right? It's a feature that sends browsing 
> data to a VC-funded third-party company, which says in its privacy 
> policy that if it's acquired " user information may be included among 
> the transferred assets".

Can someone at Mozilla explain under what circumstances Firefox will send data of any kind to Pocket?
0
ifphillips
6/7/2015 5:47:36 PM
On 6/6/2015 3:36 PM, David Rajchenbach-Teller wrote:
> For clarification: it is possible to reimplement most Firefox entirely
> as an extension. For instance, Bookmarks, Find in Page, Save As, Tabbed
> Browsing, Session Restore, etc. could all be implemented as extensions.
> Not only that, but some of these features were initially implemented as
> extensions and were then bundled with Firefox.
>
> In other words, the questions that needs to be asked here are:
> 1. does it work well?
> 2. does it serve users?
> 3. does it hurt privacy or security?
>
> I haven't checked 3., but the answer to questions 1. and 2. is very much
> "yes". Of course, 1. could be improved, and I'm sure that it will.
>
> Best regards,
>   David

I think what has upset many long term Firefox users is the lack of 
record of where these questions were answered and the surprise in which 
this was landed. (It showed up in Beta, I believe? What happened to 
having new features "ride the trains" from Nightly?)

I haven't really checked 3 either (well, I did do a packet capture and I 
was happy to see that no data was sent to Pocket until I actually 
interacted with the Pocket button!)

2 might "very much" be a "yes" for you, but it's never good to project 
your own needs as a developer on to what users want. Was there user 
research that went into this? Was that released? Was the user research 
asking for Pocket, in particular? I don't personally know a single 
person who uses Pocket (I actually only know one person who knew *what 
it was* when it was added to Firefox...doesn't seem like it's a hot 
feature people are asking for. [1])

In summary, I respectfully disagree with your assessment of the need for 
this feature.

--Patrick

[1] Yes, I'm projecting the small-ish group of people onto Firefox users 
in general. But I queried a pretty techie group of friends/coworkers. 
Many of who like to follow the hot trends in websites, etc.

0
Patrick
6/7/2015 9:07:19 PM
On 6/6/2015 3:41 PM, Michael Kohler wrote:
> Just to chime in my 2 cents here:
>
> 2) Firefox has a preferencein about:config which specifies the API
> endpoint: browser.pocket.api . If somebody has a compatible API, feel
> free to promote that as alternative. Yes, it needs to be compatible
> though. If you think that the user should have other alternatives as a
> choice: feel free to propose a patch adding the "choice" in a menu and
> implement the alternative. A bonus point here for getting the
> alternative to provide a login for Firefox Accounts as well.

And whenever that API changes even slightly than this 'alternate 
service' gets screwed and needs to update. Or Pocket could (without much 
forewarning) dramatically change the API in coordination with a Firefox 
update, to block competitors. Unless there's truly an open standard 
around it, I find the argument of "there's a documented API" to be weak. 
(See Twitter vs. identi.ca.)

> 3) There is no money involved in this as far as I can know from the
> different blog posts by Mozilla.

Frankly, I hope there's money involved. It's the only thing that makes 
*any* sense of why this was added.

> And a last note: Mozilla management is reading this list so I believe
> we  don't need to spam this list with non-informative and only "me
> too"-like comments.

It'd be nice if they responded and offered answers to resolve baseless 
speculation. :) Mozilla management has already been burnt a handful of 
times by being silent on matters.

> So please keep keep good input coming and express
> your support with a vote on
> https://bugzilla.mozilla.org/show_bug.cgi?id=1172126(but please don't
> comment there to not spam people either). You can find the "vote"
> button  in the left column.

Voting on a resolved bug is pretty useless, additionally votes on bugs 
aren't really taken into account.

--Patrick
0
Patrick
6/7/2015 9:07:21 PM
Just another Firefox user here to say how bad of an idea I think this is. T=
he only reason I am using Firefox now rather than Chrome or one of the othe=
r browsers is because it was the only one offering control to its users. Th=
e integrated non-removable pocket functionality is a breach of this trust. =
It is the same kind of moves that have driven me away from Google's service=
s where possible.

I will be looking for other browser options until this is dealt with, might=
 even go back to IE since they don't push any third party junk on their use=
rs.

0
zchrykng
6/8/2015 1:22:43 AM
On Friday, June 5, 2015 at 5:59:56 PM UTC-4, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.

I was very disappointed to see this integration. I've always looked to Fire=
fox as an example of uncompromising support for open standards and free sof=
tware.  If this integration has to happen, like bundling search providers, =
I think that it should be as an extension or a new API.
0
ryan
6/8/2015 3:41:16 AM
On 6/7/15 5:30 AM, Kevin.2@gmx.de wrote:
> - "Bitte noch Thunderbird und Sunbird integriegen..." - "Now please go on by integrating Thunderbird and Sunbird..."
>    (goes on about how we will end up at Netscape Naviagtor and/or a web suite, being the primary reason why Firefox exists and that we have to to choose between the devil (Chrome) and the deep blue sea (Firefox) these days)

I think that quote points to the heart of this debate:

What is a browser? Is it a simple window to the web? Or an integrated 
communications suite for online services?

What do users really want? If you look at the 20 most popular Firefox 
extensions downloaded this week [1], there are two clear trends:

1. Privacy (7 of the top 20)
2. Downloading videos (11 of the top 20)

Firefox can uniquely compete against Chrome on these two issues! 
Google's business model depends on users being tracked across websites 
(so no privacy) and watching video ads on YouTube (so no downloading 
because Google can't show you video ads offline).

Firefox (Phoenix) unseated the bloated Mozilla Application Suite. Chrome 
unseated the then bloated Firefox (though Chrome also benefited from 
Google's aggressive advertising on google.com and being bundled in the 
Adobe Flash Player's installer). Firefox is faster and slimmer than it 
was, but still can't shake its old reputation as a memory hog. Maybe 
it's time for Mozilla to rename/rebrand Firefox. Microsoft rebooted IE 
as Edge/Spartan and that was received positively.

Who will unseat Chrome? Microsoft's Edge/Spartan, Mozilla's 
Servo+browser.html, or some secret "Chrome NG" project inside Google?


chris


[1] https://addons.mozilla.org/en-US/firefox/extensions/?sort=popular

* Privacy extensions:
Adblock Plus
Adblock Plus Pop-up Addon
anonymoX
Ghostery
NoScript Security Suite
Adblock Edge
ZenMate Security & Privacy VPN

* Video downloader extensions:
Video DownloadHelper
Flash Video Downloader - YouTube HD Download
Download YouTube Videos as MP4
Ant Video Downloader
DownThemAll!
1-Click YouTube Video Download
YouTube Video and Audio Downloader
Download Flash and Video
YouTube Video Downloader
YouTube Flash Player
Easy Youtube Video Downloader Express

0
Chris
6/8/2015 8:04:35 AM
Le lundi 8 juin 2015 10:05:11 UTC-1, Chris Peterson a écrit :
> What do users really want?

If we were to follow trends, Mozilla should probably pivot to producing 
porn and pictures of cats.

> What is a browser? Is it a simple window to the web? Or an integrated
> communications suite for online services?

History tells us that trying to bundle everything is a bad, bad, idea.

Allowing people to keep track of what they've read/are willing to read 
later has always been one of the core functionality of modern web 
browsers. "Bookmarks" anyone?

Despite the fact that browsers UX have greatly improved over time (so 
have users' expectations), bookmarks have received little to no 
attention. One might consider that the type of services provided by 
pocket/instapaper/read-it-later/whatever are just drop-in fixes for 
something that has been neglected for too long: actually provide 
functionalities to "mark" things that want to be read/watched/looked at.

And in 2015, they want to be able to do it across devices. It's not an 
option, Safari does it. This is something that kept countless users I 
tried to convert to Firefox from switching, because Sync is broken [1].

[1] https://wiki.mozilla.org/User_Services/Sync

# Does it make sense to provide built-in services to improve webpages 
readability?

As much as much as, at some point, providing built-in pop-up blocking 
functionalities became necessary. As much as killing <blink> and 
<marquee>. Publishers/websites-owner are still learning about web 
typography, web publishing using modern technologies and/or have already 
transformed their websites into blinking Christmas trees. Maybe they 
will never learn but the need for reading was there ten years ago and is 
going to be there ten years from now.

So YES, it should be a core functionality. Money and time should be 
dedicated to this so that Firefox remains independent from third 
parties.

# Does it make sense to provide built-in services to store and organize 
contents?

YES, it is just how bookmarks should have been from the beginning 
(beyond the role of saving a link to a page). Users can already organize 
tabs, group them (panorama/tab groups), search though them, restore them 
when the browser starts,…

Browsers are already providing these kind of functionalities. The 
question isn't "do we want to do it?" but "do we want to keep on 
improving in that field?". It is already a core functionality and should 
not be outsourced.

# Finally, should Pocket/whatever be integrated into the browser?

YES, if Mozilla is going to buy the company. NO, otherwise, for all the 
reasons that have been repeated here countless times (privacy, free 
software, don't let Firefox become the new Lotus Notes,…).

# Is it enough?

NO, money and time should also be dedicated to Sync because these 
functionalities are complementary.


C.A.
0
commentsabout
6/8/2015 10:54:01 AM
Because I find it useful, I find it useful.

Cheers,
 David

On 07/06/15 01:55, Nic wrote:
> So because you use it, it serves users? There is a long time pocket user further up that believes Pocket shouldn't be integrated and should be left as a extension. Seems like Mozilla shouldn't be integrating things that are best left as extensions as well as things no one will use (Hello).
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
> 


-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/8/2015 1:10:08 PM
I realize that I wasn't clear: I replied "very much" to 2, because I, as
a user, find this useful. This was not me assessing a feature for users,
this was me, as a user, supporting a choice.

But yes, there has been market research. I do not remember the
specifics, but the lack of a "Read It Later" feature that could let
users save a bookmark on a device and reopen a snapshot on either the
same device or another one was among the top salient items (somewhere
around the same level as Flash crashes, I believe, and we are also
working on it).

I have no answer to give on the crash-landing, as I do not have any
information on the topic. I know that we are revisiting the "riding the
trains" process, and I assume that this is one of the growing pains
until we have figured out exactly what process we should adopt.

Best regards,
 David

On 07/06/15 23:07, Patrick Cloke wrote:
> I think what has upset many long term Firefox users is the lack of
> record of where these questions were answered and the surprise in which
> this was landed. (It showed up in Beta, I believe? What happened to
> having new features "ride the trains" from Nightly?)
> 
> I haven't really checked 3 either (well, I did do a packet capture and I
> was happy to see that no data was sent to Pocket until I actually
> interacted with the Pocket button!)
> 
> 2 might "very much" be a "yes" for you, but it's never good to project
> your own needs as a developer on to what users want. Was there user
> research that went into this? Was that released? Was the user research
> asking for Pocket, in particular? I don't personally know a single
> person who uses Pocket (I actually only know one person who knew *what
> it was* when it was added to Firefox...doesn't seem like it's a hot
> feature people are asking for. [1])
> 
> In summary, I respectfully disagree with your assessment of the need for
> this feature.
> 
> --Patrick
> 
> [1] Yes, I'm projecting the small-ish group of people onto Firefox users
> in general. But I queried a pretty techie group of friends/coworkers.
> Many of who like to follow the hot trends in websites, etc.
> 
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance


-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/8/2015 1:21:19 PM
Christian Walde schrieb:
> Or is it not be possible to implement an extension that duplicates
> Hello's functionality and makes use of the WebRTC api?

That's not an argument, as the Firefox add-on system is so powerful that 
*all* functionality in Firefox, including any APIs, can actually be 
implemented as add-ons.

KaiRo

0
Robert
6/8/2015 2:00:28 PM
On 06/06/2015 09:58 PM, ronwilhoite@gmail.com wrote:
> On Saturday, June 6, 2015 at 3:42:13 PM UTC-4, Michael Kohler wrote:
>
>> Of course this is only my knowledge and could be wrong. On the other
>> hand I don't think just saying Mozilla should remove it without
>> providing any alternatives doesn't lead this discussion anywhere.
>
> Save-to-Read
>
> https://addons.mozilla.org/en-US/firefox/addon/save-to-read/
>
> Uses bookmarks, so you can, of course, Sync them.
>

With your iOS device?

-- 
Kubuntu 15.04 | KDE 4.14.8 | Thunderbird 38.0b6 (Beta)
[Visit Pittsburgh](http://www.visitpittsburgh.com/)
[Dollar Bank Three Rivers Arts Festival](http://www.3riversartsfest.org/)
One users useless feature is a useful feature to other users.
Go Bucs!
0
WaltS48
6/8/2015 2:07:45 PM
Kevin.2@gmx.de schrieb:
>> Firefox should continue to add new features that benefit its users, but those features must be done in accordance with Mozilla's core values. This feature should've been done as an extension, which allows for greater user choice and avoids bloat.
> I assume some of the German people at Mozilla have already seen this, but I'd just like to leave these comments from a German IT-news article here:
> http://www.heise.de/forum/iX/News-Kommentare/Mozilla-nimmt-Reader-Software-Pocket-in-Webbrowser-Firefox-auf/forum-198500/page-2/

The Heise Forums are known to be full of trolls and not to be taken 
seriously. It's sad that that's the case there just like in most major 
news site comment sections, but it means that anything coming from there 
needs to be taken with a grain (or a whole package) of salt.

KaiRo
0
Robert
6/8/2015 2:08:46 PM
Felix Dreissig schrieb:
> In related news: Why is such a major (maybe not technically, but at least in terms of the user interface) feature part of a dot-dot release?

Because version numbers are both necessary and irrelevant. They are only 
for reference but their actual value doesn't have any value (pun intended).

KaiRo

0
Robert
6/8/2015 2:12:21 PM
ifphillips@gmail.com schrieb:
> On Saturday, June 6, 2015 at 11:42:19 PM UTC-7, Dan Stillman wrote:
>>
>> Well, it clears hurts privacy, right? It's a feature that sends browsing
>> data to a VC-funded third-party company, which says in its privacy
>> policy that if it's acquired " user information may be included among
>> the transferred assets".
>
> Can someone at Mozilla explain under what circumstances Firefox will send data of any kind to Pocket?

Read the code for details (I haven't), but from all I know, *only* data 
that you send to Pocket yourself is being sent there. That means, of 
course Pocket will be told who you are (your email address) when you log 
in there (even with a Firefox Account), of course the address of the 
page you save into Pocket is sent to them (would be pretty useless 
otherwise), and of course, Pocket makes entries in their logs when you 
visit their website.
I *think* that's all points that actually transfer data to them but I'm 
no expert (didn't read the code and am not involved in any dealing with 
them).

KaiRo

0
Robert
6/8/2015 2:15:56 PM
Hey -

I appreciate all the feedback.  I've tried to read all the message in this =
thread and respond to them here.  Firefox is a constantly evolving system t=
hat is always changing and never finished.

Pocket has been a popular Firefox Add-On for a long time and we've seen tha=
t users love to save interesting Web content to easily revisit it later, so=
 it was an easy choice to offer Pocket as a service in Firefox. and we've g=
otten lots of positive feedback about the integration from users.

All the code related to this integration within Firefox is open source and =
Pocket has licensed all the Firefox integration code under the MPLv2 licens=
e. On top of that, Pocket asked Mozilla for input on how to improve their p=
olicy, based on early comments from Mozillians. After that discussion, Pock=
et updated their privacy policy in early May to explain more precisely how =
they handle data. You can read Pocket's privacy policy here: https://getpoc=
ket.com/privacy.

Directly integrating Pocket into the browser was a choice we made to provid=
e this feature to our users in the best way possible. To disable Pocket, yo=
u can remove it from your toolbar or menu. If Pocket is removed from the to=
olbar or menu, then the feature is effectively disabled, though you can sti=
ll find it again by accessing it in the Customize Panel. You can find detai=
led instructions here: https://support.mozilla.org/kb/disable-pocket-on-fir=
efox

Feel free to reach out to me directly via email bclark@mozilla.com

Thanks,
~ Bryan

--
Product Manager, Firefox : Pocket=20

On Friday, June 5, 2015 at 2:59:56 PM UTC-7, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.

0
bclark
6/9/2015 2:41:48 AM
On Sun, Jun 7, 2015 at 8:27 AM,  <randomino@gmail.com> wrote:
>
> I also want to ask that Pocket be removed entirely, made optional, or made an optional extension.  It's bloatware.  It's completely unnecessary.  It goes against KISS engineering principles.

There are two arguments being made in this thread:

- Pocket integration is bad because Pocket is a commercial third-party service.

- Pocket integration is bad because the feature is not useful, or not
sufficiently useful to enough people.

The email I've quoted is a perfect example of the second argument. But
it's the first argument that's the important one here. If Mozilla had
implemented its own Pocket-like feature would there be a vehement
thread like this one? No. There might be some quibbling -- "maybe that
could just be an add-on" -- but the reaction would be much milder.

What I'm saying is this: don't mix up the two arguments above. If
you're really upset by the Pocket integration, it's almost certainly
because of the first argument above, so don't get side-tracked by the
second argument.

Nick
0
Nicholas
6/9/2015 3:22:26 AM
On 09/06/15 04:22, Nicholas Nethercote wrote:
> What I'm saying is this: don't mix up the two arguments above. If
> you're really upset by the Pocket integration, it's almost certainly
> because of the first argument above, so don't get side-tracked by the
> second argument.

Right. And the first argument is strange because this is not the first
time we've done this. Most of the bundled search engines, safe browsing
and (until recently) our location service are/were all commercial
third-party services with closed source back-ends.

I know there are people out there who don't want to use any website
whose code is closed source, but I think they are pretty rare, as 99.9%
of websites are closed source. Mozilla has, more than a decade ago, made
a policy decision that linking to or integrating with services whose
backend is closed-source is OK, and that decision is not under review.
Trying to do otherwise would, IMO, make our product seriously
uncompetitive, which would not be good for the mission. (Note that
Mozilla's mission is not to make the entire web open _source_ anyway.)

In creating any feature, Mozilla has to choose between partnering to get
it, or building it ourselves. And we can't build _everything_. A current
example is safe browsing, and a future example of something I think we'd
like to integrate that I doubt we can build is a translation service.

Gerv

0
Gervase
6/9/2015 9:03:04 AM
Well, deciding whether a feature should be part of Firefox or not is
part of the job of Product Management. So, by deciding that Hello or
Pocket should be bundled in, but that other features should not, they
have done exactly their job.

Whether or not you agree with these choices is up to you. But please
discuss them on their merits, not on a misunderstanding.

Best regards,
 David

On 06/06/15 20:52, Christian Walde wrote:
> Thanks for confirming that my line of thought is correct on the
> implementability of Hello as an extension.
> 
> That said, you may think it does not follow, but given that you do not
> explain why you think this, there is not much of a conversation to be
> had, and your ability to convince is zero as of now.
> 
> As i stated in my original email, given their explanation of earlier
> removals, it is hypocritical of Mozilla to implement functionality in
> core that could be implemented in an extension instead.
> 
> If there is special circumstance for either Hello or Pocket, there
> should be a very good reason for it, but so far none is obvious or has
> indeed been given.
> 


-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/9/2015 10:01:06 AM
On 6/9/15 5:03 AM, Gervase Markham wrote:
> On 09/06/15 04:22, Nicholas Nethercote wrote:
>> What I'm saying is this: don't mix up the two arguments above. If
>> you're really upset by the Pocket integration, it's almost certainly
>> because of the first argument above, so don't get side-tracked by the
>> second argument.
> Right. And the first argument is strange because this is not the first
> time we've done this. Most of the bundled search engines, safe browsing
> and (until recently) our location service are/were all commercial
> third-party services with closed source back-ends.

I touched on the search engine comparison in my earlier post. I think 
the difference is that nobody expects Mozilla to build a search engine, 
and the privacy implications of using a search engine are clear. But 
Mozilla designed a sync architecture that encrypts bookmark data 
client-side explicitly to avoid collecting it, and now has rolled out a 
high-profile feature that causes that data to be collected by a 
VC-funded third-party company, without even particularly framing it as a 
service external to Mozilla. The Share button and the search bar both 
make it very clear that you're choosing among third-party services. The 
Pocket integration seems almost purposely designed to blur the 
distinction between Mozilla and Pocket. (As Pocket's CEO put it, "With 
the exception of search, it’s rare for companies to be integrated this 
deeply into the browser." [1])

Safe Browsing is a slightly better parallel, but does Firefox actually 
share browsing data for that? The documentation appears to claim that, 
at least in most cases, Firefox downloads a list and compares URLs 
locally: "No information about you or the sites you visit is 
communicated during list updates." [2] (In any case, I think Safe 
Browsing more or less qualifies as a search-engine-scale problem.)

> I know there are people out there who don't want to use any website
> whose code is closed source

I think this is a red herring, or at least isn't even vaguely the issue 
for me. A website's being open source doesn't have any bearing on its 
having access to people's private data. Mozilla software is open source 
and Mozilla is a widely trusted organization, but even Mozilla chose not 
to collect people's private bookmark data when it designed its sync system.

> In creating any feature, Mozilla has to choose between partnering to get
> it, or building it ourselves. And we can't build _everything_.

Mozilla can't build everything, but it clearly can build 
bookmark-syncing services, and it can build them in a way that protects 
people's privacy. To roll out a very similar feature in prime toolbar 
space that treats that same data in such a different manner from the 
existing functionality strikes me as a bizarre and worrying choice.


[1] 
https://medium.com/@nateweiner/the-internet-needs-a-save-button-db6c8c416038
[2] 
https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
0
Dan
6/9/2015 11:04:10 AM
Oh hey, an @mozilla address.

Frankly, I have no idea what you are trying to say here.

I never said it was not their job to do this nor that they did not do  
their job. Please do not insinuate i said things i did not say.

I am however indeed saying that there is no demonstrated merit to their  
decision, and that is objectionable in a number of ways. Note that this  
does not necessarily mean that they must be removed, just that they should  
put public a very good point for keeping them if they do so. Right now due  
to lack of such the public has a hard time of discussing any merit in the  
first place, since the reasons for the decision can only be guessed at and  
the only thing that relates to this (as far as i am aware) in public  
communication, was a justification to remove features that can be  
implemented as extensions.

As for what you consider to be a misunderstanding, i cannot even begin to  
guess. Maybe it would behoove you to reread my previous replies to make  
sure you did not misunderstand me, or if you are sure that you did not, to  
clarify what you are saying, so it cannot be misunderstood. Don't feel  
afraid to be a little bit wordy. I'm not afraid of reading and would  
rather have clarity in communication than careless brevity.

On Tue, 09 Jun 2015 12:01:06 +0200, David Rajchenbach-Teller  
<dteller@mozilla.com> wrote:

> Well, deciding whether a feature should be part of Firefox or not is
> part of the job of Product Management. So, by deciding that Hello or
> Pocket should be bundled in, but that other features should not, they
> have done exactly their job.
>
> Whether or not you agree with these choices is up to you. But please
> discuss them on their merits, not on a misunderstanding.
>
> On 06/06/15 20:52, Christian Walde wrote:
>> Thanks for confirming that my line of thought is correct on the
>> implementability of Hello as an extension.
>>
>> That said, you may think it does not follow, but given that you do not
>> explain why you think this, there is not much of a conversation to be
>> had, and your ability to convince is zero as of now.
>>
>> As i stated in my original email, given their explanation of earlier
>> removals, it is hypocritical of Mozilla to implement functionality in
>> core that could be implemented in an extension instead.
>>
>> If there is special circumstance for either Hello or Pocket, there
>> should be a very good reason for it, but so far none is obvious or has
>> indeed been given.
>>
>
0
Christian
6/9/2015 11:29:15 AM
On 6/9/2015 5:03 AM, Gervase Markham wrote:
> On 09/06/15 04:22, Nicholas Nethercote wrote:
>> What I'm saying is this: don't mix up the two arguments above. If
>> you're really upset by the Pocket integration, it's almost certainly
>> because of the first argument above, so don't get side-tracked by the
>> second argument.
>
> Right. And the first argument is strange because this is not the first
> time we've done this. Most of the bundled search engines, safe browsing
> and (until recently) our location service are/were all commercial
> third-party services with closed source back-ends.

Nicholas, that is a nice point that there seems to be two separate 
reasons people are upset. Personally, I'm upset by both arguments [0], 
but agree with you that the first is more important. (I can get over 
there being a feature I don't use...[1]).

Gerv brings up a good point of "how is this different"? This shouldn't 
be used as an argument for brushing this point away! (And I'm not 
suggesting anyone is trying to do that.) But we must dig deeper into 
what is different about this that is upsetting people whereas search 
engines, safe browsing, etc. don't! I'd suggest there are a few components:

  - User facing component: Pocket is a MUCH more user facing feature 
than, e.g. safe browsing is. Frankly, I'd suggest many non-power users 
don't know that safe browsing is a thing...and if they do know, they 
probably have no idea how it works. Search engines obviously have quite 
a bit of clout in the UI, but the utility of them is probably

  - Openness of it: there's an open format for search engines, I can go 
use Google, Yahoo, Bing, Duck Duck Go, or make my own. I'm not being 
locked into a specific vendor. (And no, having a public API does not 
make it open. The control is from the wrong side: for it to be open the 
browser vendors and services need to agree upon an API. It cannot be 
controlled by the services.)

  - Privacy implications: Just a little extra point in the comparison to 
search engines; search engines have "always" been part of the browser, 
even before "privacy" was the "crisis" that it is now. I'd suggest that 
users will put new features that have any sort of privacy implication 
under significant more scrutiny now than 5 - 10 years ago.

  - Utility: And to tie back into Nicholas argument, I'd also suggest 
the use case is important. For search engines it is clear that users are 
using a third party service, and (I hope) understand there is privacy 
implications. But frankly, you can't use the Internet effectively 
without a search engine, there is a *clear* utility for (almost?) all 
users. I'd suggest some of the backlash has been due to people feeling 
the trade-off is not worth it for using Pocket *or* don't see a use-case 
for it. But yes, this is a weaker argument.

--Patrick

[0] I also have other issues with it, such as how it landed (on beta, 
really?) How it was integrated in a point release...and I don't care 
about the argument "version numbers don't mean anything", that's a delusion.

[1] Although it seems that every new feature added to Firefox recently 
is one that I don't use...and have no interest in using. :)

0
Patrick
6/9/2015 11:44:31 AM
On 2015-06-09 02:41, bclark@mozilla.com wrote:
> After that discussion, Pocket updated their privacy policy in early
> May to explain more precisely how they handle data. You can read
> Pocket's privacy policy here: https://getpocket.com/privacy.

 From the Pocket ToS: “[...] our Privacy Policy is not a legal agreement, 
and creates no contractual obligations [...]” [0]

[0] https://getpocket.com/tos

And given that you're referring to the privacy policy: “In the event 
that we or certain of our assets are acquired, user information may be 
included among the transferred assets.” [1]

[1] https://getpocket.com/privacy

On 2015-06-09 09:03, Gervase Markham wrote:
> Right. And the first argument is strange because this is not the first
> time we've done this. Most of the bundled search engines, safe browsing
> and (until recently) our location service are/were all commercial
> third-party services with closed source back-ends.

First of, it seems like you do not remember how “safe browsing” and the 
now gone “location service” were welcomed back at the time. Mozilla was 
highly criticized and there's still reason to do so regarding “safe 
browsing” when you know that “[...] existing cookies you have from 
google.com, our list provider, may also be sent.” [2]

[2] 
https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work

Anyway, let's not digress, the only reason why I mentioned it is that it 
invalidates your argument. These are example of Mozilla failures (now 
fixed for the “location service”), not something you should brag about 
or refer to as something positive that was already done in the past.

As for the integrated search engines, several of them are bundled, the 
user can chose freely which one to use and – to join what you are saying 
below – this is not a service that can easily be replicated on mozilla's 
side. You do not build a search engine by snapping fingers. On the other 
hand, the services provided by a search engine fundamentally differ from 
the ones provided by pocket: among other things (see my previous mail) 
pocket is meant to store data.

Storing data is something that Firefox has been capable of doing for 
years.

> In creating any feature, Mozilla has to choose between partnering to 
> get
> it, or building it ourselves. And we can't build _everything_.

Any computer science student can put a pocket clone together in a 
weekend. There's nothing fancy, challenging nor complicated. There's 
already a series of free softwares that does the exact same thing 
(“wallabag” [3] among tens of others).

[3] https://wallabag.org

> I know there are people out there who don't want to use any website
> whose code is closed source, but I think they are pretty rare, as 99.9%
> of websites are closed source.

Nobody's talking about this. This is irrelevant, there are also people 
who prefer to eat bananas over apples, this brings nothing to the 
discussion.

> Mozilla has, more than a decade ago, made a policy decision that 
> linking
> to or integrating with services whose backend is closed-source is OK,
> and that decision is not under review.

Mozilla also made the decision to put the respect for the privacy and 
the independence of its users above anything else. “When it’s personal, 
choose Firefox.” [4]

[4] http://getfirefox.com
0
commentsabout
6/9/2015 1:05:29 PM
On 09/06/15 12:44, Patrick Cloke wrote:
>  - User facing component: Pocket is a MUCH more user facing feature
> than, e.g. safe browsing is. Frankly, I'd suggest many non-power users
> don't know that safe browsing is a thing...and if they do know, they
> probably have no idea how it works. Search engines obviously have quite
> a bit of clout in the UI, but the utility of them is probably

I agree this is a difference, but I'm not sure how it's relevant if
people are making an argument based on principle.

>  - Openness of it: there's an open format for search engines, I can go
> use Google, Yahoo, Bing, Duck Duck Go, or make my own. I'm not being
> locked into a specific vendor. (And no, having a public API does not
> make it open. The control is from the wrong side: for it to be open the
> browser vendors and services need to agree upon an API. It cannot be
> controlled by the services.)

It is a good question as to whether, if Pocket came back to us and said
"actually, we need to change this API", and there were 3rd party
implementations of it, whether Mozilla would say Yes. I hope we would
say "no, not without notice and a transition period". But perhaps it is
worth investigating how Mozilla and Pocket view this API and its stability.

>  - Privacy implications: Just a little extra point in the comparison to
> search engines; search engines have "always" been part of the browser,
> even before "privacy" was the "crisis" that it is now. I'd suggest that
> users will put new features that have any sort of privacy implication
> under significant more scrutiny now than 5 - 10 years ago.

Perhaps, although I've not see anyone say "I've read Pocket's privacy
policy, the one that applies to this feature (as amended in consultation
with the Mozilla privacy team) and I object to X, Y and Z."

>  - Utility: And to tie back into Nicholas argument, I'd also suggest the
> use case is important. For search engines it is clear that users are
> using a third party service, and (I hope) understand there is privacy
> implications. 

I think "it's not sufficiently clear that Pocket is a third party
service" may actually be a reasonable objection. If people have
specifics on this, they would be worth discussing.

> [0] I also have other issues with it, such as how it landed (on beta,
> really?) How it was integrated in a point release...and I don't care
> about the argument "version numbers don't mean anything", that's a
> delusion.

I have concerns about that too, but I think they are out of scope for
the current discussion.

> [1] Although it seems that every new feature added to Firefox recently
> is one that I don't use...and have no interest in using. :)

Have you tried Hello? It really is rather nice. Surely you would want to
use it, even if only for reasons of competitive research :-)

Gerv

0
Gervase
6/9/2015 1:08:53 PM
How many times we saw Firefox rightly state:

"No, we're not implementing this feature. There aren't enough users for it =
to warrant having to maintain the code. If you want this functionality, the=
re are already add-ons for it available."

~some time later~

"Yes, we're including this other feature now and thus are going to have to =
maintain its code despite there being only a few users who are going to use=
 that feature. Also, it's irrelevant that there are already add-ons providi=
ng the same functionality."

I have been a Firefox loyalist for almost a decade and am fed up with its d=
irection. If you're losing market share, lose it gracefully. Quit trying to=
 gain market share by turning your back on your principles. It makes you se=
em desperate and shady. I will likely be leaving FF soon.
0
snafumatthew
6/9/2015 1:21:22 PM
On 09/06/15 14:21, snafumatthew@gmail.com wrote:
> "Yes, we're including this other feature now and thus are going to
> have to maintain its code despite there being only a few users who
> are going to use that feature.

Do you have telemetry or metrics which show that few people use Pocket?
One of the reasons we went for this feature is that the addon is very
popular, which suggests that it's a feature a lot of people use. And
indeed, my understanding is that early numbers show that the integrated
version is also becoming very popular.

> I have been a Firefox loyalist for almost a decade and am fed up with
> its direction. If you're losing market share, lose it gracefully.
> Quit trying to gain market share by turning your back on your
> principles. 

If you feel there is an issue of principle about including Pocket, then
it would be better to articulate it, rather than inventing user numbers.

Gerv

0
Gervase
6/9/2015 1:26:11 PM
Adblock plus and ublock origin are by far the most popular add-ons for Fire=
fox. Will you be implementing those by default, too?

Firefox has always been about empowering the user. You never dumb things do=
wn for them, you give them a choice. If there's an add-on we want, we find =
it or we create it. The add-ons should not be implemented into Firefox outr=
ight, because then you're removing that "choice" by providing it to people =
who never asked for it in the first place.

-1
snafumatthew
6/9/2015 1:47:53 PM
On 09/06/2015 14:47, snafumatthew@gmail.com wrote:
> Adblock plus and ublock origin are by far the most popular add-ons for Firefox. Will you be implementing those by default, too?

Part of the effect of these add-ons (in terms of not being tracked and 
pageload improvements) is currently (being) implemented in Firefox 
Nightly, yes.

> Firefox has always been about empowering the user. You never dumb things down for them, you give them a choice. If there's an add-on we want, we find it or we create it. The add-ons should not be implemented into Firefox outright, because then you're removing that "choice" by providing it to people who never asked for it in the first place.

We give people a choice, but we do make a "what's the default" choice, 
no matter which feature or add-on is concerned. We pick defaults that we 
think make sense. Implementing things that add-ons provide as default 
doesn't remove choice (assuming things can be overridden or turned off, 
like with pocket, and/or don't seriously interfere with a large number 
of users' usecases (I don't think we need a built-in "off" switch for 
bookmarks or tabs, for instance)). It changes the default behaviour. I 
would contend that it is fully part of Firefox being Firefox (and indeed 
probably any good product/browser) that it continues to try to have sane 
and useful defaults.

In this case we decided that including Pocket by default was a good way 
of achieving our aims in the required timeframe. There are arguments for 
and against that decision, for sure, but I don't think "Firefox should 
never do anything that remotely resembles what an add-on does or could 
do" is one of them.

~ Gijs
0
Gijs
6/9/2015 2:24:31 PM
On Tuesday, June 9, 2015 at 5:25:09 PM UTC+3, Gijs Kruitbosch wrote:
> > Firefox has always been about empowering the user. You never dumb thing=
s down for them, you give them a choice. If there's an add-on we want, we f=
ind it or we create it. The add-ons should not be implemented into Firefox =
outright, because then you're removing that "choice" by providing it to peo=
ple who never asked for it in the first place.
>=20
> We give people a choice, but we do make a "what's the default" choice,=20
> no matter which feature or add-on is concerned. We pick defaults that we=
=20
> think make sense. Implementing things that add-ons provide as default=20
> doesn't remove choice (assuming things can be overridden or turned off,=
=20
> like with pocket, and/or don't seriously interfere with a large number=20
> of users' usecases (I don't think we need a built-in "off" switch for=20
> bookmarks or tabs, for instance)). It changes the default behaviour. I=20
> would contend that it is fully part of Firefox being Firefox (and indeed=
=20
> probably any good product/browser) that it continues to try to have sane=
=20
> and useful defaults.

1. There is a difference between blessing an option and making an option th=
e default.
Including Pocket by default would have meant preinstalling a Pocket addon.
What has been done here is privileging Pocket over alternative solutions.
Is is not the same as providing a default search engine.
The only advantage a search engine gets by being provided by default is bei=
ng the one available right after installation and nothing more. It can be r=
eplaced by the user at any time with any alternative and the behavior remai=
ns the same.
On the other hand you can not replace Pocket. You can disable it and instal=
l an addon for an alternative but Pocket will still be there (not loaded in=
 memory, but still there). You can point browser.pocket.api somewhere else =
but alternatives would have to follow the Pocket API. But things are not eq=
ual.
There is nothing to say that after a radical update like FF28 ->FF29, Pocke=
t wouldn't magically be enabled back.In doing so, you are endorsing Pocket =
more than just offering it as a default option would have. This is made wor=
se by points 2 and 3.=20

2. Pocket is a Software as a Service provided by a for-profit company. It i=
s SaaS and by definition the user can not control it. It is not freedom res=
pecting because:
A) there is no self-hostable FLOSS Pocket Server available for anyone to us=
e instead and
B) Read it Later Inc. controls the API.
(that comment about non-free Javascript was an attempt to derail the discus=
sion)

3. To make the above points worse, Read it Later Inc. gets access to privat=
e data (email address, reading list, timestamps, etc). If this was done usi=
ng a locally encrypted file and synchronized using a blessed (as in point 1=
) file hosting SaaS provider (let's say Dropbox), the situation would not h=
ave been as bad because the list itself would have been protected by a laye=
r of encryption and only the user would have access. The SaaS provider woul=
d only get timestamps and maybe an email address.


As someone above already said, endorsing a non-free SaaS solution by blessi=
ng it and in doing so encouraging users to give private information to a fo=
r-profit company goes against the Mozilla Manifesto.=20

There is more to say about Mozilla betraying users trust with previous move=
s but that can get off topic quickly.
0
alexvoda
6/9/2015 4:23:58 PM
What was Mozilla thinking on this? It was already an extension. This is mad=
ness. I have spent the week removing all traces of firefox from dozens of w=
orkstations. The about:config disable is not an acceptable solution. As the=
re is still a for-profit api/system sitting on the machine. We left Navigat=
or way back in the day for the same reason. It seems it is time to abandon =
this ship too.

On Tuesday, June 9, 2015 at 10:25:09 AM UTC-4, Gijs Kruitbosch wrote:
> On 09/06/2015 14:47, snafumatthew@gmail.com wrote:
> > Adblock plus and ublock origin are by far the most popular add-ons for =
Firefox. Will you be implementing those by default, too?
>=20
> Part of the effect of these add-ons (in terms of not being tracked and=20
> pageload improvements) is currently (being) implemented in Firefox=20
> Nightly, yes.
>=20
> > Firefox has always been about empowering the user. You never dumb thing=
s down for them, you give them a choice. If there's an add-on we want, we f=
ind it or we create it. The add-ons should not be implemented into Firefox =
outright, because then you're removing that "choice" by providing it to peo=
ple who never asked for it in the first place.
>=20
> We give people a choice, but we do make a "what's the default" choice,=20
> no matter which feature or add-on is concerned. We pick defaults that we=
=20
> think make sense. Implementing things that add-ons provide as default=20
> doesn't remove choice (assuming things can be overridden or turned off,=
=20
> like with pocket, and/or don't seriously interfere with a large number=20
> of users' usecases (I don't think we need a built-in "off" switch for=20
> bookmarks or tabs, for instance)). It changes the default behaviour. I=20
> would contend that it is fully part of Firefox being Firefox (and indeed=
=20
> probably any good product/browser) that it continues to try to have sane=
=20
> and useful defaults.
>=20
> In this case we decided that including Pocket by default was a good way=
=20
> of achieving our aims in the required timeframe. There are arguments for=
=20
> and against that decision, for sure, but I don't think "Firefox should=20
> never do anything that remotely resembles what an add-on does or could=20
> do" is one of them.
>=20
> ~ Gijs

0
southard
6/9/2015 6:57:07 PM
On 9 June 2015 at 07:04, Dan Stillman <dstillman@gmail.com> wrote:

>
> The Pocket integration seems almost purposely designed to blur the
> distinction between Mozilla and Pocket. (As Pocket's CEO put it, "With th=
e
> exception of search, it=E2=80=99s rare for companies to be integrated thi=
s deeply
> into the browser." [1])
>

At least to some extent, that's true of any good integration of a third
party service.  It's certainly true for search as well. Painting something
as foreign and possibly scary would be directly counter to the goal of
helping users make use of a valuable feature/service.  If we don't think
it's something we can recommend/promote to our users, we simply shouldn't
include it.  Same goes for if we don't believe our users can or should
trust a partner.


> Safe Browsing is a slightly better parallel, but does Firefox actually
> share browsing data for that? The documentation appears to claim that, at
> least in most cases, Firefox downloads a list and compares URLs locally:
> "No information about you or the sites you visit is communicated during
> list updates." [2] (In any case, I think Safe Browsing more or less
> qualifies as a search-engine-scale problem.)


Where's the arbitrary line for "that's too big for Mozilla to do?"  The
reality is that Mozilla is still a relatively small company, and all of our
major competitors have a couple of orders of magnitude more people and
money to back their efforts.  To compete with those companies we need to
maximize leverage, and make pragmatic decisions on whether to
buy/build/partner for each problem we want to solve.

 I know there are people out there who don't want to use any website
>> whose code is closed source
>>
>
> I think this is a red herring, or at least isn't even vaguely the issue
> for me. A website's being open source doesn't have any bearing on its
> having access to people's private data. Mozilla software is open source a=
nd
> Mozilla is a widely trusted organization, but even Mozilla chose not to
> collect people's private bookmark data when it designed its sync system.


It's clearly not the issue if you're using Gmail, indeed!  It's a tradeoff,
and we believe that for the significant majority of users this is an
acceptable one.

 In creating any feature, Mozilla has to choose between partnering to get
>> it, or building it ourselves. And we can't build _everything_.
>>
>
> Mozilla can't build everything, but it clearly can build bookmark-syncing
> services, and it can build them in a way that protects people's privacy. =
To
> roll out a very similar feature in prime toolbar space that treats that
> same data in such a different manner from the existing functionality
> strikes me as a bizarre and worrying choice.
>

The question to ask is not whether we can build it, but whether we can
build it as well and as quickly, and what we would be giving up if we
committed to competing with the existing services.  Pocket's a market
leader in this space, and focused entirely on this space.  Playing
catch-up, and investing enough in development to match their user value
proposition (especially their mobile coverage) would be prohibitively
expensive.

-- Mike
0
Mike
6/9/2015 7:19:03 PM
On 9/06/2015 15:05, commentsabout@riseup.net wrote:
> Mozilla was
> highly criticized and there's still reason to do so regarding “safe
> browsing” when you know that “[...] existing cookies you have from
> google.com, our list provider, may also be sent.” [2]
> 
> [2]
> https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work

I couldn't find that statement on the linked page. If it is there, it
should be removed because it's no longer accurate. We sandbox the
SafeBrowsing cookie so any pre-existing google.com cookie will *not* be
sent.

-- 
GCP
0
Gian
6/9/2015 8:00:11 PM
On 9/06/2015 16:24, Gijs Kruitbosch wrote:
> On 09/06/2015 14:47, snafumatthew@gmail.com wrote:
>> Adblock plus and ublock origin are by far the most popular add-ons for
>> Firefox. Will you be implementing those by default, too?
> 
> Part of the effect of these add-ons (in terms of not being tracked and
> pageload improvements) is currently (being) implemented in Firefox
> Nightly, yes.

We've already shipped Tracking Protection (and the resulting pageload
speedup). It just wasn't enabled by default.

That isn't ad blocking, though. My impression is that we're unlikely to
ship full ad blocking by default (until better alternatives are in
place) because of the impact on the web ecosystem.

That is, those add-ons are popular, but as they become more popular,
more sites are adding countermeasures, and we don't want to this to get
into an arms race.

(Well that was wildly offtopic)

-- 
GCP
0
Gian
6/9/2015 8:07:57 PM
On 6/9/15 3:19 PM, Mike Connor wrote:
>
> On 9 June 2015 at 07:04, Dan Stillman <dstillman@gmail.com 
> <mailto:dstillman@gmail.com>> wrote:
>
>
>     The Pocket integration seems almost purposely designed to blur the
>     distinction between Mozilla and Pocket. (As Pocket's CEO put it,
>     "With the exception of search, it’s rare for companies to be
>     integrated this deeply into the browser." [1])
>
>
> At least to some extent, that's true of any good integration of a 
> third party service.  It's certainly true for search as well. Painting 
> something as foreign and possibly scary would be directly counter to 
> the goal of helping users make use of a valuable feature/service.  If 
> we don't think it's something we can recommend/promote to our users, 
> we simply shouldn't include it.  Same goes for if we don't believe our 
> users can or should trust a partner.

With search you can switch to DuckDuckGo with a couple clicks. With 
Share you choose from many different services. Pocket is integrated as a 
sole provider for a core feature.

The issue for me is the combination of the privileged integration with 
how different it is from Firefox's own bookmarks architecture a few 
icons over. If Mozilla hadn't previously deemed user bookmark data so 
sensitive that it merited client-side encryption, this wouldn't strike 
me as so odd.

And it's not a matter of trust. Again, Pocket seems like a great 
company. But sensitive user data is being sent, and Mozilla and users 
have no control over what's done with it, now or in the future.

>         I know there are people out there who don't want to use any
>         website
>         whose code is closed source
>
>
>     I think this is a red herring, or at least isn't even vaguely the
>     issue for me. A website's being open source doesn't have any
>     bearing on its having access to people's private data. Mozilla
>     software is open source and Mozilla is a widely trusted
>     organization, but even Mozilla chose not to collect people's
>     private bookmark data when it designed its sync system.
>
>
> It's clearly not the issue if you're using Gmail, indeed!  It's a 
> tradeoff, and we believe that for the significant majority of users 
> this is an acceptable one.

I think the significant majority of users don't think about where their 
data is going, which is why it's up to privacy-focused organizations 
like Mozilla to do it for them. We should at at least acknowledge that 
Mozilla's position on what is acceptable with regard to users' data has 
changed dramatically from when Firefox Sync was designed. I imagine 
there were third-party, unencrypted bookmark sync providers that Mozilla 
could have partnered with to speed development of Firefox Sync, offer 
more features, and avoid having to maintain a sync architecture. For 
that matter, I imagine an unencrypted version of Firefox Sync that was 
still run by Mozilla would have been significantly easier to develop, 
but that's not what Mozilla chose to do.

>
>         In creating any feature, Mozilla has to choose between
>         partnering to get
>         it, or building it ourselves. And we can't build _everything_.
>
>
>     Mozilla can't build everything, but it clearly can build
>     bookmark-syncing services, and it can build them in a way that
>     protects people's privacy. To roll out a very similar feature in
>     prime toolbar space that treats that same data in such a different
>     manner from the existing functionality strikes me as a bizarre and
>     worrying choice.
>
>
> The question to ask is not whether we can build it, but whether we can 
> build it as well and as quickly, and what we would be giving up if we 
> committed to competing with the existing services.  Pocket's a market 
> leader in this space, and focused entirely on this space.  Playing 
> catch-up, and investing enough in development to match their user 
> value proposition (especially their mobile coverage) would be 
> prohibitively expensive.

I think this is a false dichotomy. A version of this that piggybacked on 
Firefox Sync, with its inherent data protections, wouldn't need to — and 
couldn't, by definition — offer all of the features of Pocket. But it 
would maintain Mozilla's position of protecting bookmark data by default 
instead of shrugging and shipping that data off to a third-party company 
without public discussion.
0
Dan
6/9/2015 8:13:07 PM
On 9 June 2015 at 16:13, Dan Stillman <dstillman@gmail.com> wrote:

> On 6/9/15 3:19 PM, Mike Connor wrote:
>
>>
>> On 9 June 2015 at 07:04, Dan Stillman <dstillman@gmail.com <mailto:
>> dstillman@gmail.com>> wrote:
>>
>>
>>     The Pocket integration seems almost purposely designed to blur the
>>     distinction between Mozilla and Pocket. (As Pocket's CEO put it,
>>     "With the exception of search, it=E2=80=99s rare for companies to be
>>     integrated this deeply into the browser." [1])
>>
>>
>> At least to some extent, that's true of any good integration of a third
>> party service.  It's certainly true for search as well. Painting somethi=
ng
>> as foreign and possibly scary would be directly counter to the goal of
>> helping users make use of a valuable feature/service.  If we don't think
>> it's something we can recommend/promote to our users, we simply shouldn'=
t
>> include it.  Same goes for if we don't believe our users can or should
>> trust a partner.
>>
>
> With search you can switch to DuckDuckGo with a couple clicks. With Share
> you choose from many different services. Pocket is integrated as a sole
> provider for a core feature.
>

For now, yes. I don't believe that to be the long term plan.  Until 1.0
Firefox only shipped with Google. The first version of the Social API was
Facebook only.  Something has to go first, and it's way easier to do that
with a single partner for a v1.

The issue for me is the combination of the privileged integration with how
> different it is from Firefox's own bookmarks architecture a few icons ove=
r.
> If Mozilla hadn't previously deemed user bookmark data so sensitive that =
it
> merited client-side encryption, this wouldn't strike me as so odd.
>

Let's get this one out there. The original, strong-crypto-despite-bad-UX
Firefox Sync didn't resonate with a lot of users. I know, I led work on it
for years. It resonated with some (many of whom didn't even trust Mozilla
with the encrypted data!) but the vast majority of users didn't understand
or care about the added security. It was more of a liability than an asset.
Firefox Accounts make a different tradeoff as a result, and it's
unsurprisingly more popular (and _useful_) as a result. We still encrypt
data, however it's derived from a username and password, not a fully random
key.


> And it's not a matter of trust. Again, Pocket seems like a great company.
> But sensitive user data is being sent, and Mozilla and users have no
> control over what's done with it, now or in the future.


I don't believe it's viable to try to build everything ourselves, or limit
the usefulness of our products out of concern for what _might_ happen.
That's missing out on the best the Web has to offer, and the best product
experience for our users.

I think the significant majority of users don't think about where their
> data is going, which is why it's up to privacy-focused organizations like
> Mozilla to do it for them. We should at at least acknowledge that Mozilla=
's
> position on what is acceptable with regard to users' data has changed
> dramatically from when Firefox Sync was designed. I imagine there were
> third-party, unencrypted bookmark sync providers that Mozilla could have
> partnered with to speed development of Firefox Sync, offer more features,
> and avoid having to maintain a sync architecture. For that matter, I
> imagine an unencrypted version of Firefox Sync that was still run by
> Mozilla would have been significantly easier to develop, but that's not
> what Mozilla chose to do.


We made a very different decision in 2008 than we'd make today.  That said,
I don't believe the use case of a reading list is the same as a bookmark
provider.  Bookmarks are a browser feature, while reading lists/apps are a
very specialized case that isn't constrained to browsers. There are apps,
e-reader integrations, web sites, and more capable of consuming articles
saved to these services.  Pocket in particular has a much bigger reach than
Firefox in terms of mobile devices (e.g. platforms we don't support), and
that's one of the major advantages of working with an established partner.


> The question to ask is not whether we can build it, but whether we can
>> build it as well and as quickly, and what we would be giving up if we
>> committed to competing with the existing services.  Pocket's a market
>> leader in this space, and focused entirely on this space.  Playing
>> catch-up, and investing enough in development to match their user value
>> proposition (especially their mobile coverage) would be prohibitively
>> expensive.
>>
>
> I think this is a false dichotomy. A version of this that piggybacked on
> Firefox Sync, with its inherent data protections, wouldn't need to =E2=80=
=94 and
> couldn't, by definition =E2=80=94 offer all of the features of Pocket. Bu=
t it would
> maintain Mozilla's position of protecting bookmark data by default instea=
d
> of shrugging and shipping that data off to a third-party company without
> public discussion.


I don't think "build a less useful product" is in line with what is good
for Firefox or our users.  We actually did build this, and chose to go with
Pocket integration instead as it was considered a much more usable product
for our users.  There are tradeoffs both ways, we chose to ship the better
product.

-- Mike
0
Mike
6/9/2015 11:02:01 PM
> >
> > With search you can switch to DuckDuckGo with a couple clicks. With Share
> > you choose from many different services. Pocket is integrated as a sole
> > provider for a core feature.
> >
> 
> For now, yes. I don't believe that to be the long term plan.  Until 1.0
> Firefox only shipped with Google. The first version of the Social API was
> Facebook only.  Something has to go first, and it's way easier to do that
> with a single partner for a v1.

Then why the pocket branding and terminology?

It would be one thing if this was marketed as a general way to save things
for later and Pocket just happened to be the only provider at launch with
a published goal/process for adding more services (Instapaper for example).
That is an entirely different message than "Here is Pocket (a completely
independent, profit driven, third party) now integrated into core Firefox.

Having a dialog where you could add/remove/edit "save for later" providers
would go a long, way in my opinion, to curbing the anger about this. Some
of us use Firefox for the primary reason of them giving us choice. To be
totally frank, I prefer Chrome, but find Google as a whole kind of creepy.
I would like to think that there is still at least one browser I can still trust.

-Zach
0
Zachary
6/9/2015 11:48:02 PM
On Friday, June 5, 2015 at 6:59:56 PM UTC-3, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.

Seems like it's time to uninstall Firefox and hope a good fork is made (all=
 current forks are lacking in some respect). Even if Mozilla "changes their=
 mind" on this one, it's clear what their intentions are for Firefox, and t=
hey'll keep trying to shove more 3rd-party datamining bloat whenever they g=
et the chance.

0
ignacio
6/10/2015 3:03:36 AM
On 6/6/15 9:44 AM, mehmetaergun@gmail.com wrote:
> Making a bug report dependent on a conversation on external &
> proprietary Google Groups is against Mozilla Manifesto (#8, primacy
> of transparent community-based processes).

The governance group, along with many of our other fora, are primarily
Mozilla-hosted mailing lists which are mirrored as newsgroups and on
Google Groups for the convenience of people who have different needs or
preferences.

https://www.mozilla.org/en-US/about/forums/#governance

-Dan Veditz
0
Daniel
6/10/2015 3:23:23 AM
No one from the Mozilla Foundation must have bothered to read the Terms of =
Service for use Pocket(TM) Technologies.

This is critical because it has become clear from Oracle's handling of Java=
 that just because software is released under an open source license doesn'=
t mean that derived works will not result in a lawsuit.  While Nate Weiner =
may not be the ass that Larry Ellison is, any company that has obligations =
to investors tends to do whatever they can to "protect" their "intellectual=
 property" and I expect Pocket(TM) to be no exception.

There are several red flags regarding Pocket(TM)'s Terms of Service and Pri=
vacy Policy.  In fact, there are so many that they go beyond the scope of m=
y reply.  I will just focus on the ones I find the most alarming.

(1) The Terms of Service and Privacy Policy claim to go into effect by inst=
alling their software.  By Mozilla Foundation including it as part of the F=
irefox install, the Pocket(TM) documents claim to require adherence even if=
 the user never uses Pocket(TM).  Hence, the documents put the user into a =
locked opt-in even if the disable Pocket(TM) from the config since they hav=
e still installed it.  By it being left an add-on, the user was given a def=
ault opt-out.  Despite this, the Pocket(TM) Terms of Service and Privacy Po=
licy don't seem to be provided as part of the Firefox "know your rights."

(2) The Terms of Service License Restrictions clearly *prohibits* redistrib=
ution.  While Pocket(TM) has made it clear they intends the Mozilla Foundat=
ion to distribute the Pocket(TM) Technology application but does this excep=
tion to the Pocket(TM) Terms of Service extend to any other form of redistr=
ibution?  Is this yet another way the Mozilla Foundation is trying to make =
life harder for groups like Debian?  Is this a trend of ToS encumbered code=
 which could lead to a potential lawsuit if left included in IceWeasel?

(3) Pocket(TM) does not appear to provide any protocol description for prov=
iding a compatible service.  Also, the Terms of Service prohibits writing o=
ne.  More specifically, users that install the Pocket(TM) Technologies appl=
ication can not "determine or attempt to determine any ... methods or techn=
iques embodied in the Pocket application or any portion thereof."

(4) Pocket(TM)'s Terms of Service also prohibits any modification or to cre=
ate any derivative works based on the Pocket(TM) Technologies application. =
 So, if you get around the previous issue and somehow create your own servi=
ce compatible with the pocket-protocol, you can't modify the application to=
 configure it to use an alternative server.

Overall, everything about the Pocket(TM) Terms of Service goes against any =
claim that Pocket(TM) truly intends the included Pocket(TM) Technologies ap=
plication under the spirit of the MPL.  Any attempt to by users to leverage=
 their rights under the MPL in regards to this code intermixed into Firefox=
 will but the user in a legally precarious position.

If Pocket(TM) did intend to honor the freedoms the Firefox community has co=
me to expect, they would have done the following:

(A) Clearly state in the Privacy Policy and Terms of Service that agreement=
 only takes place at *USE* instead of claiming user agreement for installin=
g.

(B) Clearly state in the Terms of Service that the ToS License Restrictions=
 do not apply to MPL covered code provided by Pocket(TM).

(C) Provide a clear protocol description document to assist in third-partie=
s maintaining or modify the code.

(D) Provide a reference implementation of the server side of the pocket-pro=
tocol to assist in third parties maintaining or modifying the code and for =
users to setup their own private servers without having to accept the Pocke=
t(TM) Privacy Policy.  They would be under no obligation to provide support=
 and could even make providing support only available via payment.

Pocket(TM) has decided to do none of the things above.

Instead, the bottom line is everything that MPL should allow are things the=
 Pocket(TM) Terms of Service clearly indicates that Pocket(TM) is prepared =
to take legal action against doing.  Mozilla's inclusion of this seems to b=
e a bait and switch on their open source mission statement.  This is not so=
mething that can just be "fixed" by providing instruction to "disable."
0
bgallia
6/10/2015 5:21:37 AM
Well, we have to start somewhere.
But yes, I believe that liberating the service from its single source
would be a very good step.

Best regards,
 David

On 10/06/15 01:48, Zachary King wrote:
> Then why the pocket branding and terminology?
> 
> It would be one thing if this was marketed as a general way to save things
> for later and Pocket just happened to be the only provider at launch with
> a published goal/process for adding more services (Instapaper for example).
> That is an entirely different message than "Here is Pocket (a completely
> independent, profit driven, third party) now integrated into core Firefox.
> 
> Having a dialog where you could add/remove/edit "save for later" providers
> would go a long, way in my opinion, to curbing the anger about this. Some
> of us use Firefox for the primary reason of them giving us choice. To be
> totally frank, I prefer Chrome, but find Google as a whole kind of creepy.
> I would like to think that there is still at least one browser I can still trust.
> 
> -Zach
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
> 


-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/10/2015 8:33:50 AM
Gerv & DavidRaj... @mozilla

This is a long and popular thread. Perhaps it is worth starting a moderated adjacent thread just for the official  mozilla answers to this and loosely related Pocket questions.

This thread is heading for 100 posts and 5k views. 
You may already be aware that Mozilla staff at support.mozilla (sumo) rule much of this Pocket related discussion as off topic on Sumo and direct people to this governance list. 

Specifically also note a sumo staff member filed a bug [1171569] after saying   
Why can't the Pocket integration be fully removed? 
>I believe the intention for the "browser.pocket.enabled" config option 
>is to allow complete removal of Pocket integration from all menus. 
>It has become apparent that this is not the current behavior. 
>This is definitely a bug, which I will be filing shortly.

I am sure users will be aware of the Mozilla Feedback option,but many will be looking for somewhere to get a response and explanation of perceived problems or unfathamable decisions.
0
john99
6/10/2015 12:44:55 PM
Gervase Markham schrieb:
> On 09/06/15 04:22, Nicholas Nethercote wrote:
>> What I'm saying is this: don't mix up the two arguments above. If
>> you're really upset by the Pocket integration, it's almost certainly
>> because of the first argument above, so don't get side-tracked by the
>> second argument.
>
> Right. And the first argument is strange because this is not the first
> time we've done this.

Most notably, when we introduced the Social API, we had a Facebook 
button appear automatically in primary UI (which I found bad because of 
what Facebook represents, but that's a slightly different topic).

The big difference is that in that case, we had defined a vendor-neutral 
API and didn't just use whatever their API is and make ourselves 
dependent on the partner (as we have with Pocket), we did not import 
unreviewed code drops from the partner (as we did with Pocket, even 
though we required them to open-source that code), and we didn't ship 
their icon as part of the actual installed product but downloaded it 
afterwards (unlike what we do with Pocket).

I think we should look into correcting those things, with the necessary 
diligence (and not with another rushed effort) though.
I still wonder if shipping their product in our downloads is a trademark 
issue esp. for people doing rebuilds of our code, where we intentionally 
remove our own branding, but the Pocket icon remains.
Also, if you replace the URL in the prefs with a different service that 
uses the same API, you now have the Pocket icon and Pocket-branded 
strings refer to a completely different service, which I think is 
problematic in the long run.

This may be OK for this initial release (even though I'm unhappy with 
the quality decisions we made there in general), but we should IMHO 
improve upon those things in further work and future releases (and the 
proper release train testing of the changes).

KaiRo
0
Robert
6/10/2015 2:27:04 PM
On 10/06/15 06:21, bgallia@gmail.com wrote:
> (1) The Terms of Service and Privacy Policy claim to go into effect
> by installing their software.

Whoa, there. Pocket's Privacy Policy applies if you use the
Firefox-integrated Pocket, sure. But are you sure their ToS apply? The
ToS from which you quote seem like they are designed for a proprietary
product; all Pocket-integration code in Firefox is open source.

What is the URL for these Terms of Service, and what makes you think
they apply to Firefox Pocket?

> By Mozilla Foundation including it as
> part of the Firefox install, the Pocket(TM) documents claim to
> require adherence even if the user never uses Pocket(TM).  

I'm pretty darn sure that's not true.

> (2) The Terms of Service License Restrictions clearly *prohibits*
> redistribution.  While Pocket(TM) has made it clear they intends the
> Mozilla Foundation to distribute the Pocket(TM) Technology
> application but does this exception to the Pocket(TM) Terms of
> Service extend to any other form of redistribution?  Is this yet
> another way the Mozilla Foundation is trying to make life harder for
> groups like Debian?  Is this a trend of ToS encumbered code which
> could lead to a potential lawsuit if left included in IceWeasel?

All Pocket code in Firefox is open source, full stop.

> (3) Pocket(TM) does not appear to provide any protocol description
> for providing a compatible service.  Also, the Terms of Service
> prohibits writing one.  More specifically, users that install the
> Pocket(TM) Technologies application can not "determine or attempt to
> determine any ... methods or techniques embodied in the Pocket
> application or any portion thereof."

Again, not sure if that actually applies to Pocket-in-Firefox; but I
would fall over backwards in astonishment if someone who installed
Firefox was thereby legally prevented from writing a server compatible
with the Firefox Pocket API.

Gerv
0
Gervase
6/10/2015 4:06:43 PM
Hello Gervase,

In response to:

    Perhaps, although I've not see anyone say "I've read Pocket's privacy
    policy, the one that applies to this feature (as amended in consultation
    with the Mozilla privacy team) and I object to X, Y and Z."


I'm assuming that this privacy policy is the correct one:
https://getpocket.com/privacy accessed 2015-06-09T17:06:00Z.

I normally don't get into these kinds of conversations and I'm not exactly
a stakeholder with firefox (I use it exclusively, but I don't donate to
mozilla or anything) but I thought I'd fill in some detail here. There
have been people complaining specifically about the privacy policy, but I
think they were drowned out by the other arguments. Recently (after the
quoted comment by you, I believe) commentsabout@riseup.net had a more
coherent privacy policy related argument, and I will reiterate some of
their argument here.

I am not a lawyer, but this line in the privacy policy is the biggest
problem to me:

    In the event that we or certain of our assets are acquired, user
information may be included among the transferred assets.


I'd rather not have some big investment bank get a hold of my personal
information + URLs I've saved and be able to sell that to someone/do
whatever with it. If I understand privacy policies properly (which is by
no means guaranteed) this is a perfectly plausible scenario since the new
company would not be bound by it's terms.

Another thing I dislike about the policy, specifically because it appears
that all the information is stored unencrypted on the servers, are these
pretty standard lines:

    Although we strive to protect the personal information of our users,
we will release personal information if required by law or in the
good-faith belief that such action is necessary. We follow the law
whenever we receive requests about you from a government or related to
a lawsuit. We will notify you when we are asked to hand over your
personally identifiable information in this way unless we are legally
prohibited from doing so. When we receive requests like this, we will
only release your personally identifiable information if we have a
good faith belief that disclosure is necessary or appropriate under
applicable law. Nothing in this policy is intended to limit any legal
defenses or objections that you may have to a third party's request to
disclose your information.


Basically no one better store links on articles about anything illegal!
Since all the URLs you saved are stored plain text, that could be used
against you if the law decides to ask for it.

Compare this to part of the non-legal part of the firefox sync privacy
policy(it's easier than the legalese):

    Firefox Sync on your computer encrypts your data before sending it to
us so the data isn�t sitting around on our servers in a usable form.


Basically, I think any service that is this integrated into firefox should
live up to the type of privacy policy that firefox sync has. I don't even
care if they(pocket) store the URLs I store in an anonymized way but then
encrypt the part that says which URLs I have saved (so that they can still
make money of the anonymized information). I would prefer their server
software to be open source, but the privacy concerns are a much bigger
problem.

Basically, if they would make it to where the law nor businesses that
acquire pocket can easily figure out what URLs I have saved then that
would fix my biggest objection with the service being integrated (Though I
also have concerns about them controlling the "standardized" API for other
backends to be integrated). As it stands, I find the integration of pocket
unacceptable.

Another acceptable option for me would be for mozilla to put the effort
forth to integrate with another backend for this functionality that does
meet my privacy concerns above, and make that default while keeping pocket
as an easily accessible option. Similar to the existing search engine
functionality, but with a privacy conscious choice being the default.

Finally, a barely acceptable option for me would be to do all of the above
but keep pocket the default. I'd feel better about this if pocket paid for
the privilege like yahoo did to be the default search engine.

Thank you,
Christopher Carpenter

P.S. I apologize if this doesn't properly make it into everyone's threaded
view. I subscribed to this topic with my work email but didn't want to
send this from that email as my views do not represent my employer. I had
to manually recreate the subject/to and am not entirely sure I did it
properly.



0
Christopher
6/10/2015 4:07:15 PM
On Wednesday, June 10, 2015 at 11:07:22 AM UTC-5, Gervase Markham wrote:
> On 10/06/15 06:21, bgallia@gmail.com wrote:
> > (1) The Terms of Service and Privacy Policy claim to go into effect
> > by installing their software.
>=20
> Whoa, there. Pocket's Privacy Policy applies if you use the
> Firefox-integrated Pocket, sure. But are you sure their ToS apply? The
> ToS from which you quote seem like they are designed for a proprietary
> product; all Pocket-integration code in Firefox is open source.
>=20
> What is the URL for these Terms of Service, and what makes you think
> they apply to Firefox Pocket?

The *ONLY* Terms of Service related to Pocket(TM) software seems to be at:
https://getpocket.com/tos

There is no exclusions listed for Pocket(TM) application in open source for=
m.  If you have a different Pocket(TM) ToS that applies to the open source =
version, please let us know.  Currently, the *ONLY* ToS that I can find cle=
arly states:

"By installing the Pocket(tm) application, visiting our website or installi=
ng or using any of the Pocket Technologies, you are accepting these terms o=
f service. If you do not agree to these terms, please do not install our ap=
plication, access our website or use any of our products or services."

So, since Pocket(TM) application is now part of Firefox, if you don't agree=
 to the ToS then you are told not to install the application where due to t=
he integration means users can't install *ANY* of Firefox without agreeing.=
  There is nothing in the ToS that disabling the Pocket(TM) application rel=
eases the Firefox user from the ToS.  The wording of the Pocket(TM) ToS req=
uires *UNINSTALLING* the application (Firefox with Pocket integration) if t=
he user doesn't agree.  This should put obligations on Mozilla Foundation t=
o update the "Know Your (lack of) Rights" document accordingly.

> > By Mozilla Foundation including it as
> > part of the Firefox install, the Pocket(TM) documents claim to
> > require adherence even if the user never uses Pocket(TM). =20
>=20
> I'm pretty darn sure that's not true.

I am pretty darn sure that is what the only terms of service document that =
Pocket(TM) provides says given it claims to apply simply by *INSTALLING* it=
..  If you are pretty darn sure there is an exclusion, please quote the excl=
usion.

> > (2) The Terms of Service License Restrictions clearly *prohibits*
> > redistribution.  While Pocket(TM) has made it clear they intends the
> > Mozilla Foundation to distribute the Pocket(TM) Technology
> > application but does this exception to the Pocket(TM) Terms of
> > Service extend to any other form of redistribution?  Is this yet
> > another way the Mozilla Foundation is trying to make life harder for
> > groups like Debian?  Is this a trend of ToS encumbered code which
> > could lead to a potential lawsuit if left included in IceWeasel?
>=20
> All Pocket code in Firefox is open source, full stop.

There is applying the letter of open source (such as OpenJDK) and then ther=
e is adhering to the spirit of open source.  The only Terms of Service docu=
ment that Pocket(TM) makes available seems to make clear they have no inten=
tion of adhering to the spirit of open source.  This is a rubber stamp job.

> > (3) Pocket(TM) does not appear to provide any protocol description
> > for providing a compatible service.  Also, the Terms of Service
> > prohibits writing one.  More specifically, users that install the
> > Pocket(TM) Technologies application can not "determine or attempt to
> > determine any ... methods or techniques embodied in the Pocket
> > application or any portion thereof."
>=20
> Again, not sure if that actually applies to Pocket-in-Firefox; but I
> would fall over backwards in astonishment if someone who installed
> Firefox was thereby legally prevented from writing a server compatible
> with the Firefox Pocket API.

If they intended to allow people to write a compatible server, why are they=
 use an undocumented API call of "/v3/firefox/save"?  Can you find anyplace=
 at http://getpocket.com/developer/ which fully documents or even directly =
references what that API call does?

If you are so sure of the legal basis that Firefox users are permitted by P=
ocket(TM), why don't you try supplying the documentation on that undocument=
ed API call or a reference server implementation of it?

Why is Mozilla now including code designed for a closed source API from a s=
ingle vendor??  While it is similar in functionality to CEPH or OpenStack S=
WIFT, it is also enough different that anyone attempting to port the Firefo=
x Pocket(TM) code to either of those might as just rewrite the code again f=
rom scratch.

Mozilla Foundation should have done a better job of reviewing the Terms of =
Service before including this and attacking their own "Known Your Rights" d=
ocument.  They should not have done such a poor job of code review as to al=
low code that claims to follow the "Public API Documentation [at] http://ge=
tpocket.com/developer/" and then later in the same code make API calls that=
 are undocumented.

Once this Pocket(TM) application integration is forced by the Mozilla Found=
ation on Firefox stable users, I will honor the requirements give to user n=
ot accepting of the ToS and perform the required uninstall of the Firefox/P=
ocket(TM) application.  It isn't that I want to stop using Firefox, I just =
can't accept the Terms of Service that Firefox is now integrated into regar=
dless of what features are enabled/disabled because of *INSTALL* time provi=
sions being issued.
0
B
6/10/2015 4:41:10 PM
On 09/06/15 14:05, commentsabout@riseup.net wrote:
> First of, it seems like you do not remember how “safe browsing” and the
> now gone “location service” were welcomed back at the time. Mozilla was
> highly criticized and there's still reason to do so regarding “safe
> browsing” when you know that “[...] existing cookies you have from
> google.com, our list provider, may also be sent.” [2]

I think Safe Browsing is a critical part of making a browser competitive
in 2015. Perhaps we simply disagree on this.

> the ones provided by pocket: among other things (see my previous mail)
> pocket is meant to store data.
> 
> Storing data is something that Firefox has been capable of doing for years.

I think you underestimate the amount of effort it would take to build a
service competitive with Pocket. See Mike Connor's posts for why Mozilla
would need to invest a great deal of time and energy to get feature
parity with Pocket. Being able to retrieve and read the content on
pretty much every platform under the sun from Blackberry to Kindle is a
significant advantage.

> Any computer science student can put a pocket clone together in a
> weekend. There's nothing fancy, challenging nor complicated. There's
> already a series of free softwares that does the exact same thing
> (“wallabag” [3] among tens of others).

How would that work? When you click the "Save for Later" icon, it pops
up a box saying "Please give the API endpoint and login details for your
personal Wallabag server"?

Gerv


0
Gervase
6/10/2015 5:08:06 PM
On 10/06/15 17:41, B Galliart wrote:
>> What is the URL for these Terms of Service, and what makes you
>> think they apply to Firefox Pocket?
> 
> The *ONLY* Terms of Service related to Pocket(TM) software seems to
> be at: https://getpocket.com/tos

Right. I take back this implied criticism of your position. I'm seeking
clarification on this. I'm pretty sure the sections you mention don't
apply (and are not intended to apply) to the Pocket code in Firefox, but
I entirely agree it's very unclear.

I will come back to this group when I hear more.

> If they intended to allow people to write a compatible server, why
> are they use an undocumented API call of "/v3/firefox/save"?  Can you
> find anyplace at http://getpocket.com/developer/ which fully
> documents or even directly references what that API call does?

The API Firefox uses is documented in the Firefox codebase:

https://mxr.mozilla.org/mozilla-central/source/browser/components/pocket/pktApi.js

It's not a particularly complicated API AFAICS.

Gerv
0
Gervase
6/10/2015 5:11:03 PM
I switched back to FireFox (from Chrome) due to privacy concerns (with Google).  Since Mozilla has now abandoned any pretense of caring about end-user privacy, is there some other alternative, privacy-preserving browser (esp. for Linux)?  

This betrayal by Mozilla is heart-breaking.  I never thought I'd see the day.  DARN!  
0
shulegaa
6/10/2015 5:24:08 PM
On 6/9/15 7:02 PM, Mike Connor wrote:
>
> On 9 June 2015 at 16:13, Dan Stillman <dstillman@gmail.com 
> <mailto:dstillman@gmail.com>> wrote:
>
>
>     The issue for me is the combination of the privileged integration
>     with how different it is from Firefox's own bookmarks architecture
>     a few icons over. If Mozilla hadn't previously deemed user
>     bookmark data so sensitive that it merited client-side encryption,
>     this wouldn't strike me as so odd.
>
>
> Let's get this one out there. The original, 
> strong-crypto-despite-bad-UX Firefox Sync didn't resonate with a lot 
> of users. I know, I led work on it for years. It resonated with some 
> (many of whom didn't even trust Mozilla with the encrypted data!) but 
> the vast majority of users didn't understand or care about the added 
> security. It was more of a liability than an asset. Firefox Accounts 
> make a different tradeoff as a result, and it's unsurprisingly more 
> popular (and _useful_) as a result. We still encrypt data, however 
> it's derived from a username and password, not a fully random key.

Firefox Accounts is indeed a reasonable trade-off. But the point is that 
ordinary Firefox users can still Firefox Sync and have their data 
encrypted end-to-end. And given the events of the past two years, and 
the extent to which even companies like Apple are touting the (more or 
less) client-side-encrypted nature of some of their products, it's 
disappointing to see Mozilla moving in the opposite direction.

>     And it's not a matter of trust. Again, Pocket seems like a great
>     company. But sensitive user data is being sent, and Mozilla and
>     users have no control over what's done with it, now or in the future.
>
>
> I don't believe it's viable to try to build everything ourselves, or 
> limit the usefulness of our products out of concern for what _might_ 
> happen.  That's missing out on the best the Web has to offer, and the 
> best product experience for our users.

It's not really "might". Pocket is a VC-backed company. Short of an IPO, 
the point is to sell themselves to another company, and when they do, 
Firefox user data will go with them. Nothing nefarious might ever happen 
with that data, but unless there's some sort of contract between Mozilla 
and Pocket that says otherwise, that's not up to Mozilla.

And as Christopher Carpenter points out, in the meantime, it's sitting 
on their servers, open to government requests (or hacks, or...).

But as for "might", there's also the other possibility, which I don't 
believe anyone has mentioned: the service could be shut down. I can rest 
assured that as long as I can run Firefox (and even after, since the 
data is easy to export), I'll have access to my bookmarks and history, 
whether or not they still sync with Mozilla's servers. If Pocket is 
acquired and shut down, that's the end of years of saved user data. 
That's the web, and people can make that choice when they decide whether 
to use a service, but it doesn't strike me as a good default position on 
Firefox users' data.

>
>     I think the significant majority of users don't think about where
>     their data is going, which is why it's up to privacy-focused
>     organizations like Mozilla to do it for them. We should at at
>     least acknowledge that Mozilla's position on what is acceptable
>     with regard to users' data has changed dramatically from when
>     Firefox Sync was designed. I imagine there were third-party,
>     unencrypted bookmark sync providers that Mozilla could have
>     partnered with to speed development of Firefox Sync, offer more
>     features, and avoid having to maintain a sync architecture. For
>     that matter, I imagine an unencrypted version of Firefox Sync that
>     was still run by Mozilla would have been significantly easier to
>     develop, but that's not what Mozilla chose to do.
>
>
> We made a very different decision in 2008 than we'd make today.  That 
> said, I don't believe the use case of a reading list is the same as a 
> bookmark provider. Bookmarks are a browser feature, while reading 
> lists/apps are a very specialized case that isn't constrained to 
> browsers. There are apps, e-reader integrations, web sites, and more 
> capable of consuming articles saved to these services.  Pocket in 
> particular has a much bigger reach than Firefox in terms of mobile 
> devices (e.g. platforms we don't support), and that's one of the major 
> advantages of working with an established partner.

Well, when we start talking about e-reader integration, the arguments 
that a service of this scope maybe needn't be a core Firefox feature 
start to sound more reasonable. (iOS is important, but Firefox for iOS 
is coming, as I understand it.) As far as I know, mobile versions of 
Firefox have a reading mode, and they have bookmark syncing. Optionally 
sending along the cached, cleaned page content seems like a natural 
extension of that.

Beyond that, apparently there used to be a great Firefox extension 
called Pocket that you could use if you needed to sync with a wider 
array of apps and devices.

>         The question to ask is not whether we can build it, but
>         whether we can build it as well and as quickly, and what we
>         would be giving up if we committed to competing with the
>         existing services.  Pocket's a market leader in this space,
>         and focused entirely on this space.  Playing catch-up, and
>         investing enough in development to match their user value
>         proposition (especially their mobile coverage) would be
>         prohibitively expensive.
>
>
>     I think this is a false dichotomy. A version of this that
>     piggybacked on Firefox Sync, with its inherent data protections,
>     wouldn't need to — and couldn't, by definition — offer all of the
>     features of Pocket. But it would maintain Mozilla's position of
>     protecting bookmark data by default instead of shrugging and
>     shipping that data off to a third-party company without public
>     discussion.
>
>
> I don't think "build a less useful product" is in line with what is 
> good for Firefox or our users.  We actually did build this, and chose 
> to go with Pocket integration instead as it was considered a much more 
> usable product for our users.  There are tradeoffs both ways, we chose 
> to ship the better product.

That's fair, but "useful" and "better" are open to debate. A reading 
list that people can save to without worrying who will have access to 
that data and that's guaranteed to preserve that data in perpetuity is 
arguably the better product in some important ways.
0
Dan
6/10/2015 6:18:58 PM
I haven't followed the entirety of this thread, but I believe that Dan's
arguments make sense. Perhaps we should file bugs and discuss the future
of Pocket integration with Product Management?

On 10/06/15 20:18, Dan Stillman wrote:
> That's fair, but "useful" and "better" are open to debate. A reading
> list that people can save to without worrying who will have access to
> that data and that's guaranteed to preserve that data in perpetuity is
> arguably the better product in some important ways.
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance


-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/10/2015 6:44:54 PM
On Wednesday, June 10, 2015 at 11:11:39 PM UTC+6, Gervase Markham wrote:
> The API Firefox uses is documented in the Firefox codebase:
> 
> https://mxr.mozilla.org/mozilla-central/source/browser/components/pocket/pktApi.js
> 
> It's not a particularly complicated API AFAICS.
> 
> Gerv

I wonder which part of Pocket(tm) code was made open-source, as some @mozilla claimed itt. Correct me if I'm wrong, but AFAICS Firefox utilizes Pocket(tm) API (and so-called "Pocket Marks") only.
0
l1aqus
6/10/2015 7:34:20 PM
On Wednesday, June 10, 2015 at 1:45:09 PM UTC-5, David Rajchenbach-Teller w=
rote:
> I haven't followed the entirety of this thread, but I believe that Dan's
> arguments make sense. Perhaps we should file bugs and discuss the future
> of Pocket integration with Product Management?
>=20

We have done that.  It was bug #1172126 [1].

According to the bug's history[2], it took less than 90 minutes for Tyler D=
owner, Project Manager for the User Advocacy team, to determine the bug was=
 INVALID and "RESOLVED."  It was then suggested the discussion by taken ove=
r here instead.

It feel to me like we are being swept under the run (and by the User Advoca=
cy team no less).  In the mean time, Pocket(TM) is not providing any clarif=
ication on their agreement at *install* Terms of Service and Privacy Policy=
..  My guess is they don't feel the need to respond since they already are b=
eing fast tracked.

This whole situation reminds me of the late 1980's "shrink-wrap" licenses w=
here a sticker notified you that you agreed to the license inside the box b=
y breaking the shrink wrap to open the box.  Only now it is that you agree =
by installing an integrated Pocket(TM) platform software when you may not e=
ven be aware of (and it's terms) until it is already installed.  And I love=
 the part about a Privacy Policy that can be completely changed to whatever=
 Pocket(TM) wants just by silently posting a new one online and waiting 30 =
days (including new terms applied to data already previously collected).  R=
aise your hand if you want to re-visit the Pocket(TM) Privacy Policy web pa=
ge every 30 days to check if you still agree to having the software install=
ed (it doesn't even matter if you are using it)!  There is literally not a =
single irrevocable term provided on the user's behalf.

Good job "User Advocacy" on getting this "RESOLVED!"

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126
[2] https://bugzilla.mozilla.org/show_activity.cgi?id=3D1172126
0
B
6/11/2015 1:05:23 AM
On 11/06/15 03:05, B Galliart wrote:
> On Wednesday, June 10, 2015 at 1:45:09 PM UTC-5, David Rajchenbach-Teller wrote:
>> I haven't followed the entirety of this thread, but I believe that Dan's
>> arguments make sense. Perhaps we should file bugs and discuss the future
>> of Pocket integration with Product Management?
>>
> 
> We have done that.  It was bug #1172126 [1].

Apparently, we do not understand Dan's arguments in the same manner. The
bug you quote is about removing Pocket Integration. As we can see from
the current thread, well, this deserves at the very least an open
discussion, and Bugzilla is an awful medium for that.

What I read of Dan's arguments is that we should open the feature. This
could be translated, for instance, as the following set of bugs:
- Provide a simple way to erase user data forever from Pocket's servers
[for instance as an item of the "Clear History" button];
- Give users the ability to use Sync instead of Pocket's servers for
storing their bookmarks [note that this might be tricky, because
providing disk space for hundreds of millions of users is quite expensive];
- Give users the ability to store/recover their bookmarks using a
variety of protocols (ftp server, dropbox, google drive, ...);
- Publish specifications on the communications between Firefox and
Pocket's servers as an open protocol;
- ...

Did I misread Dan's comments? If so, apologies.

> 
> According to the bug's history[2], it took less than 90 minutes for Tyler Downer, Project Manager for the User Advocacy team, to determine the bug was INVALID and "RESOLVED."  It was then suggested the discussion by taken over here instead.
> 
> It feel to me like we are being swept under the run (and by the User Advocacy team no less).  In the mean time, Pocket(TM) is not providing any clarification on their agreement at *install* Terms of Service and Privacy Policy.  My guess is they don't feel the need to respond since they already are being fast tracked.
> 
> This whole situation reminds me of the late 1980's "shrink-wrap" licenses where a sticker notified you that you agreed to the license inside the box by breaking the shrink wrap to open the box.  Only now it is that you agree by installing an integrated Pocket(TM) platform software when you may not even be aware of (and it's terms) until it is already installed.  And I love the part about a Privacy Policy that can be completely changed to whatever Pocket(TM) wants just by silently posting a new one online and waiting 30 days (including new terms applied to data already previously collected).  Raise your hand if you want to re-visit the Pocket(TM) Privacy Policy web page every 30 days to check if you still agree to having the software installed (it doesn't even matter if you are using it)!  There is literally not a single irrevocable term provided on the user's behalf.

[...]

I can understand why you feel that way. I am personally not very happy
about the fast-tracking involved. But I believe that the best way
forward right now is to take this as an opportunity to:
1. improve Firefox further;
2. determine if/where we have made any mistakes and how to not make them
again.

The possible bugs above are examples on how we could do 1., and a few of
us have proposals in the pipe that may improve 2 (not ready for
prime-time yet, though).

Best regards,
 David

-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla
0
David
6/11/2015 10:00:22 AM
On 10/06/15 17:07, Christopher Carpenter wrote:
>     In the event that we or certain of our assets are acquired, user
> information may be included among the transferred assets.

I don't think that's a problem /per se/, if any restrictions Mozilla has
placed on how that data is to be used continue to be binding. And
(certainly unless the company goes into liquidation) I would expect that
to continue to be true.

The alternative is that user information _can't_ be transferred, which
means that if Pocket is ever acquired, everyone's saved list of URLs is
lost and they can no longer log in. Doesn't sound great to me.

> I'd rather not have some big investment bank get a hold of my personal
> information + URLs I've saved and be able to sell that to someone/do
> whatever with it. If I understand privacy policies properly (which is by
> no means guaranteed) this is a perfectly plausible scenario since the new
> company would not be bound by it's terms.

I think it would; if company A buys company B, they are still bound by
contracts signed by company B. That's why there's a lot of what's called
"due diligence" before an acquisition, as the acquiring company checks
that the target has not signed any dumb contracts that will cost them.

> Another thing I dislike about the policy, specifically because it appears
> that all the information is stored unencrypted on the servers, are these
> pretty standard lines:
> 
>     Although we strive to protect the personal information of our users,
> we will release personal information if required by law or in the
> good-faith belief that such action is necessary. We follow the law
> whenever we receive requests about you from a government or related to
> a lawsuit. We will notify you when we are asked to hand over your
> personally identifiable information in this way unless we are legally
> prohibited from doing so. When we receive requests like this, we will
> only release your personally identifiable information if we have a
> good faith belief that disclosure is necessary or appropriate under
> applicable law. Nothing in this policy is intended to limit any legal
> defenses or objections that you may have to a third party's request to
> disclose your information.

I agree these are fairly standard, although the notification of pending
release is optional, and important. But I'm not sure what else it could
say, given unencrypted storage. "We will defy the government until they
shut us down?"

The question of whether Pocket should encrypt the data server-side is a
different question. I know, from Mozilla's experiences with Sync, that
this can complicate matters (particularly when adding new devices), and
moreover it's now how Pocket works now.

It would be reasonable to say (and file a bug to the effect) that users
need to be informed that their data is being stored in the clear on
Pocket's servers under US jurisdiction.

Gerv

0
Gervase
6/11/2015 12:42:26 PM
Mostly I'm annoyed by the UI clutter.  There's this extra *thing* in my
Bookmarks menu and on my address/search bar.  I've since figured out how to
remove them, but in the future I would prefer these kinds of things to be
opt-in rather than just put there whether I asked for it or not.  Firefox
does everything I need it to do.  If there was some huge push for Pocket,
sure, I could understand; but I don't even really get what Pocket does.  It
lets me save pages for later?  Okay, isn't that what Bookmarks are for?  I
just don't see the justification.

On Tue, Jun 9, 2015 at 4:03 AM, Gervase Markham <gerv@mozilla.org> wrote:

> On 09/06/15 04:22, Nicholas Nethercote wrote:
> > What I'm saying is this: don't mix up the two arguments above. If
> > you're really upset by the Pocket integration, it's almost certainly
> > because of the first argument above, so don't get side-tracked by the
> > second argument.
>
> Right. And the first argument is strange because this is not the first
> time we've done this. Most of the bundled search engines, safe browsing
> and (until recently) our location service are/were all commercial
> third-party services with closed source back-ends.
>
> I know there are people out there who don't want to use any website
> whose code is closed source, but I think they are pretty rare, as 99.9%
> of websites are closed source. Mozilla has, more than a decade ago, made
> a policy decision that linking to or integrating with services whose
> backend is closed-source is OK, and that decision is not under review.
> Trying to do otherwise would, IMO, make our product seriously
> uncompetitive, which would not be good for the mission. (Note that
> Mozilla's mission is not to make the entire web open _source_ anyway.)
>
> In creating any feature, Mozilla has to choose between partnering to get
> it, or building it ourselves. And we can't build _everything_. A current
> example is safe browsing, and a future example of something I think we'd
> like to integrate that I doubt we can build is a translation service.
>
> Gerv
>
>


-- 
This has been a message from Pope Sir RanDomino Nickelmaster KSC, Master
Logistician, The Rail Gun of Sweet Reason, Schizophrenic Pragmatist,
Dialectical Psychic, Fonz of Chaos, Disco Philosopher, Ranger of the
Apocalypse
0
RanDomino
6/11/2015 1:59:08 PM
On Thursday, June 11, 2015 at 5:00:32 AM UTC-5, David Rajchenbach-Teller wr=
ote:
> On 11/06/15 03:05, B Galliart wrote:

> > We have done that.  It was bug #1172126 [1].
>=20
> Apparently, we do not understand Dan's arguments in the same manner. The
> bug you quote is about removing Pocket Integration. As we can see from
> the current thread, well, this deserves at the very least an open
> discussion, and Bugzilla is an awful medium for that.
>=20
> What I read of Dan's arguments is that we should open the feature. This
> could be translated, for instance, as the following set of bugs:
> - Provide a simple way to erase user data forever from Pocket's servers
> [for instance as an item of the "Clear History" button];
> - Give users the ability to use Sync instead of Pocket's servers for
> storing their bookmarks [note that this might be tricky, because
> providing disk space for hundreds of millions of users is quite expensive=
];
> - Give users the ability to store/recover their bookmarks using a
> variety of protocols (ftp server, dropbox, google drive, ...);
> - Publish specifications on the communications between Firefox and
> Pocket's servers as an open protocol;
> - ...
>=20
> Did I misread Dan's comments? If so, apologies.

I don't think you misread Dan's comments.  That wasn't the point I was tryi=
ng to make at all.  My point is that a product manager of the "user" advoca=
cy group was so quickly dismissive that I doubt if it matter if the initial=
 ticket was about removal or modification.  It is was not as if he responde=
d with something like "before discussing removal, lets talk about what can =
be done differently."  The answer was to completely ignore any point being =
made in the ticket and declare the issue "resolved."  If anything can illus=
trate the degree to which the "welcome to firefox" videos have become empty=
 rhetoric, it would be the handling of that ticket.  How is "welcome to per=
sonal freedom on the web" at all consistent with a forced opt-in agreement =
at install to the Pocket(TM) Privacy policy??
=20
If you really think it will do any good to discuss Dan's points, I am happy=
 to do that but I'm not going to bother trying to open a ticket with those =
points as long as Tyler Downer continues to be a member of the Mozilla Foun=
dation.

In terms of the point you brought up:

(1) Providing a easy way to erase user data forever (a "Clear History")

"Clear History" would not be hard to do with the existing API.  However, it=
 may be a lengthy process depending on how many items have been saved.  Poc=
ket(TM) requests that the items be pulled in fixed size batches rather than=
 all at once.  Also, the API seems to provide all or none, to get the list =
of item IDs required to delete requires requesting the full item data and n=
ot just the item IDs.  For the most part, the process of getting the item l=
ist for a full clear history would use the same bandwidth as performing a f=
ull backup of all the items.

The other important thing to keep in mind is the API delete call only promi=
ses to remove access to the item from the account.  This doesn't claim to d=
o any form of secure wipe on the data from the servers.  The Privacy Policy=
 seems to current indicate that the information may get rolled into aggrega=
ted data.  As such, providing a clear history button may be misleading and =
imply to a customer that it is providing a greater degree of privacy than a=
ctually takes place on the server side.  If a feature like this is importan=
t, then instead of Pocket(TM), a system which only stores encrypted blobs t=
o the server should probably be used.  That way a "clear history" can provi=
de better guarantees to the user by simply throwing away the encryption key=
 and rendering the server side data useless.

(2) Give users the ability to use Sync instead of Pocket's servers

I think this goes beyond the scope of the Sync 1.5 protocol.  It might be n=
ice to discuss how a feature like this could fit into a Sync 2.0 protocol b=
ut that seems like a long term goal.

(3) Give users the ability to store/recover their bookmarks using a
variety of protocols (ftp server, dropbox, google drive, ...)

I would prefer this as well except for FTP.  FTP over TLS does not always w=
ork well over NAT and we should not be encouraging continued use of FTP une=
ncrypted.  Not only should the data be encrypted, but the authentication sh=
ould be as well.  I would recommend WebDAV instead of FTP.

Given the growing number of free/cheap storage services that have a REST AP=
I (even Microsoft OneDrive supports a REST API), it seems that much more da=
mning the built-in method with the browser that brings "freedom" can only w=
ork with a single storage provider.

(4) Publish specifications on the communications between Firefox and
Pocket's servers as an open protocol

Pocket(TM) has provided documentation for the majority of the protocol used=
 by Firefox with the exception of the "/firefox/save" call.  A contacted Po=
cket(TM) support for clarification regarding it and got the follow back:

"If an endpoint is not on our Developer documentation, it's considered priv=
ate."

This suggests to me that Pocket(TM) is not intending Firefox to use a stric=
tly openly documented API but the use of undocumented calls is by design.  =
That would mean you will have a hard time getting Pocket(TM) to come to the=
 table to discuss a published specification.  It also means that future ver=
sions of Firefox may use additional undocumented calls which would break an=
y pocket API clones.  Unlike Firefox Sync where being able to run a private=
 server was part of the goal, it seem like trying to support Firefox Pocket=
(TM) will be a moving target of playing catch-up to the API changes each ti=
me Firefox puts out an update.  How that is consistent with a mission state=
ment of promoting an open web through open standards makes no sense to me. =
=20

> I can understand why you feel that way. I am personally not very happy
> about the fast-tracking involved. But I believe that the best way
> forward right now is to take this as an opportunity to:
> 1. improve Firefox further;
> 2. determine if/where we have made any mistakes and how to not make them
> again.
>=20
> The possible bugs above are examples on how we could do 1., and a few of
> us have proposals in the pipe that may improve 2 (not ready for
> prime-time yet, though).

This is assuming the Mozilla Foundation is ready to have a two way conversa=
tion about this.  I think at the very least that Tyler Downer has made it c=
lear through his actions how the user advocacy team feels about having a tw=
o way conversation about this.

Mozilla Foundation also thumb their nose at the Pocket(TM) Terms of Service=
 requiring agreement at *install* regardless of use by releasing the follow=
ing statement:

"Directly integrating Pocket into the browser was a choice we made to provi=
de this feature to our users in the best way possible. To disable Pocket, y=
ou can remove it from your toolbar or menu. If Pocket is removed from the t=
oolbar or menu, then the feature is effectively disabled, though you can st=
ill find it again by accessing it in the Customize Panel."

While it is true the disabling is an option, the Terms of Service and Priva=
cy Policy both claim to still apply as long as the feature is *installed*. =
 This Mozilla Foundation work-around does nothing to address that.  And the=
se actions aren't consistent with the ideals that are promoted in the promo=
tional videos for Firefox.
0
B
6/12/2015 3:28:30 AM
I completely agree with this statement and most of the replies on this list=
.. Pocket is a surprising and unwanted addition. I believe that the masses w=
ould not care for this feature. Some may be tricked into using it, thinking=
 it is a Mozilla service and follows its guidelines (and is free).

I found the change when I was using Firefox Developer Edition.
This change, alongside with the new Firefox Tiles (which are ad-based, coll=
ect personal information*, and analytics regarding your usage of them), has=
 pushed me to temporarily stop using it and switch to my default Safari bro=
wser (I use a Mac).

Below is the feedback that I have sent to Mozilla today:
"
The forced, unannounced, and aesthetically displeasing integration of the p=
roprietary Pocket "extension" breaks the Mozilla mission statement and unde=
rmines the Firefox free software base.

Pocket cannot be removed, uses different policies (including the privacy po=
licy that Mozilla prides itself over), and potentially leads a free softwar=
e user to pay for third-party services.

The integration of Pocket is hypocrisy on Mozilla's side. There has been no=
 prior announcement or transparency.
Pocket may potentially work with the US Government. This breaks a concerned=
 user's trust ties to Mozilla's actions.

Below are the parts of the Mozilla Manifesto that Pocket violates blatantly=
:
4: "Individuals' security and privacy on the Internet are fundamental and m=
ust not be treated as optional."
6: "The effectiveness of the Internet as a public resource depends upon int=
eroperability (protocols, data formats, content), innovation and decentrali=
zed participation worldwide."
7: "Free and open source software promotes the development of the Internet =
as a public resource."
Pocket is not open source at all!

tl;dr: Pocket integration shows the value of convenience and partnership ov=
er transparency, freedom, free (stuff), openness, privacy, decentralization=
, and other aspects of the Mozilla mission. It should be removed.
"

Thank you for reading!

*I consider IP addresses to be personal information. Is a user has a static=
 IP address, it is definitely personal information and may be traced throug=
h his or her respective ISP.

On Friday, June 5, 2015 at 5:59:56 PM UTC-4, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.
0
Brian
6/14/2015 3:06:17 AM
On Sunday, June 14, 2015 at 5:31:06 AM UTC-5, Angly Cat wrote:
> On Wednesday, June 10, 2015 at 11:11:39 PM UTC+6, Gervase Markham wrote:
> > The API Firefox uses is documented in the Firefox codebase:
> >=20
> > https://mxr.mozilla.org/mozilla-central/source/browser/components/pocke=
t/pktApi.js
> >=20
> > It's not a particularly complicated API AFAICS.
> >=20
> > Gerv
>=20
> I wonder which part of Pocket(tm) code was made open-source, as some @moz=
illa claimed itt. Correct me if I'm wrong, but AFAICS Firefox utilizes Pock=
et(tm) API (and so-called "Pocket Marks") only.

According to the code included in Firefox, all of it is under open-source t=
erms except for the trademark/brand pictures (the "Pocket(TM) marks").

According to Pocket(TM)'s terms of service, none of the Pocket(TM) applicat=
ion provides the rights required to satisfy the open source definition.  So=
, it appear the provide the source code as if it is open source and then re=
voke the rights as soon as it is installed/used based on the terms of servi=
ce.  At the very least, this should put a chilling effect on actually treat=
ing it as open source.


In terms of it only utilizing the Pocket(TM) API, it depends on what you co=
nsider to be the Pocket(TM) API.  If that just means it only accesses RPC s=
tyle calls to Pocket(TM)'s website then you are correct.

If, however, you consider the Pocket(TM) API only the calls documented at t=
he Pocket(TM) developer's website then you are very wrong.  The Firefox int=
egration currently already uses a private (as confirmed by Pocket(TM) suppo=
rt) call of "/v3/firefox/save" which they have no intention of providing th=
e documentation for.

It really doesn't matter how simple this call is as the trend of using priv=
ate undocumented calls means that future updates to Firefox may use additio=
nal private calls such that the "/v3/firefox/*" namespace will continue to =
grow over time.  This will also puts a chilling effect on third-party invol=
vement in maintaining the code since contributors will have to reverse engi=
neer from the code what the new private calls do.

The use of a private undocumented namespace will also make a mess of trying=
 to provide compatible private servers.  It is possible future updates of F=
irefox by calling new private namespace or undocumented extensions to the "=
save" call will break when going to a private protocol-clone server authore=
d by someone that couldn't possibly know what additional calls would need t=
o be supported.

So, while doing everything to give the illusion of following open source to=
 the letter, Pocket(TM) is far from following the spirit of open source.
0
B
6/15/2015 12:25:48 AM
On Monday, June 15, 2015 at 6:25:54 AM UTC+6, B Galliart wrote:
> contributors will have to reverse engineer from the code what the new pri=
vate calls do.

I just want to point that according to the Pocket(tm) Terms of Service[1]:

> LICENSE RESTRICTIONS
>
> Your access to and use of the Pocket Technologies is subject to this Agre=
ement and all applicable laws and regulations. You may not: (1) modify, tra=
nslate, reverse engineer, decompile, disassemble, or create any derivative =
works based on the Pocket Technologies

So it's even forbidden to create private servers if that private servers wi=
ll utilize API integrated in Firefox (because that API is under Pocket(tm) =
ToS, isn't is?).

[1] https://getpocket.com/tos
0
Angly
6/15/2015 12:33:46 AM
On Sunday, June 14, 2015 at 7:33:51 PM UTC-5, Angly Cat wrote:
> On Monday, June 15, 2015 at 6:25:54 AM UTC+6, B Galliart wrote:
> > contributors will have to reverse engineer from the code what the new p=
rivate calls do.
>=20
> I just want to point that according to the Pocket(tm) Terms of Service[1]=
:
>=20
> > LICENSE RESTRICTIONS
> >
> > Your access to and use of the Pocket Technologies is subject to this Ag=
reement and all applicable laws and regulations. You may not: (1) modify, t=
ranslate, reverse engineer, decompile, disassemble, or create any derivativ=
e works based on the Pocket Technologies
>=20
> So it's even forbidden to create private servers if that private servers =
will utilize API integrated in Firefox (because that API is under Pocket(tm=
) ToS, isn't is?).
>=20
> [1] https://getpocket.com/tos

Yes, that is my understanding under the Terms of Service as well.

Only clarification that Pocket(TM) has gotten back to me on is that the "/v=
3/firefox/save" call is private/undocumented by design.  So far they haven'=
t clarified the conflict between contributing to an open source project and=
 their Terms of Service.  It seems like they could clear up a lot of contro=
versy just by stating how much of the ToS actually applies to their firefox=
 integration and how much does not.  The fact they won't provide any such c=
larification makes me assume the worst.
0
B
6/15/2015 4:32:52 AM
Bryan,

It was good of you to respond on this thread. =20

However, you completely neglected to address even a single one of the core =
complaints raised on this thread, such as those about the Pocket ToS (not t=
heir privacy policy), the loss of the extension, the integration of proprie=
tary services as opposed to published, open APIs, the conflict with the Moz=
illa Manifesto, etc.  Your message nearly reads as a press release, filtere=
d through a PR department, devoid of any mention of the actual controversy.

What are we--the community of Firefox users, many of whom have used Firefox=
 for longer than most of Mozilla's employees have worked there--left to thi=
nk? =20

It feels like Mozilla is becoming less interested in its community and its =
stated mission.  This concerns me as an "Internet citizen," considering Moz=
illa's historical roles in advocating for a free and open Internet.  It als=
o concerns me as a user of software which seems less user-focused than ever=
..  I feel the need to prepare for a departure from Firefox, looking toward =
more user-focused web browser projects.

I am beginning to wonder if Mozilla has become too big for its own good.  I=
s Mozilla now an end unto itself?  Are Mozilla's leaders beginning to feel =
pressure to make deals to simply survive?  Is it time for Mozilla to downsi=
ze?  Does it need to be split up into separate organizations?  Should Firef=
ox be tied to other projects like the Firefox OS and mobile projects?  Is F=
irefox being used as a kind of "cash cow" to fund these other projects?

I don't know what's really going on behind the scenes, but it's starting to=
 look that way.
0
Adam
6/16/2015 5:17:43 AM
My problem is that this feature integrates a specific proprietary commercia=
l service into the Firefox -- not to mention third party. I am not a purist=
 that decries anything proprietary or commercial, however I don't believe i=
t is appropriate to include into the core of Firefox.

The last time I checked, the Mozilia Manifesto is about openness of the web=
.. Mozilla is not promoting openness by integrating a specific third party s=
ervice. This is objectively wrong; whereas Mozilla's view that it is the 'b=
est' service is subjective. An analogy is like Firefox building a facebook =
like button into browser chrome -- not a share button, but specifically a l=
ike button while ignoring Twitter, Google+, etc.

I also question the utility of this function, but _even_ if this function i=
s very useful, the way to integrate it is not to bake in a proprietary serv=
ice. Change it "read it later" button with default highlighting and 1 click=
 installing of Pocket if you must, but the current way of "opt-out of 3rd p=
arty service" is very unmozilla.

Do note that:

- My concerns are not with the integration of something that _could_ be imp=
lemented as an extension. My concerns are with the integration of something=
 that _should_ be implemented as an extension.
0
gladoscc
6/17/2015 1:29:30 AM
This is entirely unacceptable.

The Pocket Privacy Policy completely compromises the user's rights and priv=
acies that should be expected when using a Mozilla product, and hiding bugs=
 and feedback from the community is tyrannical and dishonest.

What the hell is going on up at Mozilla HQ? I'm honestly just considering s=
witching over to Midori permanently seeing as how Mozilla's decision-makers=
 don't seem to care about their users or the community.

Christ, even the recent announcement made about Pocket really rubs me the w=
rong way. I mean, seriously? The community agrees that the feature is a bad=
 idea and says that they don't want it and Mozilla's official response is "=
Actually, yes, you do want it. Everyone wants it and it's okay because the =
wrapper code is Open Source. :^) Don't worry about their privacy policy or =
proprietary services, guys. We're just selling you out! It's fine!"

Then, they have the gall to disable Sync's Reading List feature so that peo=
ple will use Pocket instead. Basically, what I see here is that they're rem=
oving an already-existing open feature of Firefox that works great to imple=
ment proprietary bloatware that's practically impossible to completely get =
rid of that compromises the user's privacy and goes against everything writ=
ten in the Mozilla Manifesto. I wouldn't be surprised if the page for the M=
anifesto got deleted in the coming weeks and an announcement was made along=
 the lines of "Those were old policies. We've changed for the better of our=
 users now. :^) Don't worry! You guys want this!"

I am so unbelievably done with whoever is making these decisions. Mozilla i=
s alienating their core userbase, their developers, and their community con=
tributors. Everyone is obviously fed up with the arrival of this feature an=
d they want it to stop, me included.

Stop.
0
hobbabobba
6/17/2015 4:05:52 PM
On Friday, June 5, 2015 at 5:59:56 PM UTC-4, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.

---

well all this talk about why it should be include and why it should not be =
included.

Simple is that can't that be choice of user weather they want this extensio=
n or not ?

It's not about why we should, it's about why we should not.
 - because if you need it, have it as addon or extension.
 - that gives choice of which services you want not just pocket.
 - because integrating it to firefox you provide your approval indirectly.


Did you gave me option to choose weather i wanted or not ?
Why you can not install it as extension or addon ?=20
-- that raise the quesion thre must be money involved.
-- becuase you choose something proprietory to place it in your browser, ju=
st like google search. ( they pay you hefty money )... so that should be it=
..
-- else give me one good reason why you need it to be integrated other then=
 money.

Well it seems like time to explore options....
0
ketan
6/17/2015 5:31:14 PM
Mike Connor, I really appreciate your replies.

> The reality is that Mozilla is still a relatively small company,
> and all of our major competitors have a couple of orders of
> magnitude more people and money to back their efforts.  To compete
> with those companies we need to maximize leverage, and make
> pragmatic decisions on whether to buy/build/partner for each
> problem we want to solve.

I understand that this was a pragmatic decision. And I get that Firefox nee=
ds to have great features in order to attract users. I see the conflict her=
e: Firefox needs users to accomplish its goal, but its goal is to promote a=
n open and non-proprietary web. It seems like the goal with this feature wa=
s to attract users, which it does at the expense of Firefox's "master goal.=
" That master goal is inherently difficult, but that's why Mozilla exists. =
Overtaking IE6 was difficult; creating a new programming language is diffic=
ult; launching an HTML5 operating system is difficult; and as a software de=
veloper myself, I understand that creating a Pocket-like service is certain=
ly also difficult. We are all hoping that this is a stop-gap to reach featu=
re parity with other browsers until Mozilla implements a more, well, "Mozil=
lian" solution.

> For now, yes. I don't believe that to be the long term plan.  Until
> 1.0 Firefox only shipped with Google. The first version of the
> Social API was Facebook only.  Something has to go first, and
> it's way easier to do that with a single partner for a v1.

I am so glad to hear this. But I think this highlights what has been most f=
rustrating for many of us here: the lack of communication. Where is the roa=
dmap for v2? If a reading list feature is to be part of the core browser fe=
ature set, then let's make it a generic reading list feature that isn't Poc=
ket-exclusive. If Pocket is the single provider for v1, what's the plan for=
 allowing other providers? I didn't see any discussion about that before th=
is feature landed.=20

Now that we've all expressed our concern about this, let's start addressing=
 it. To do that, we need better communication from Mozilla. I think it's ti=
me for an official mailing list thread and meta-bug.
0
tucker
6/17/2015 5:37:06 PM
I too think adding Pocket, Hello and whatever else Mozilla may be planning =
is a terrible idea. Firefox is a web browser, and one that's supposed to pu=
t the user first, treat them right without letting greedy corporate ideas g=
et in the way.

If I want voice/cam chat, I will use a dedicated client designed specifical=
ly for that which already has a good userbase and lots of development matur=
ity. Hello is just another worthless app nobody will adopt because there ar=
e better choices out there and Mozilla is wasting time and resources develo=
ping it.

If I want to save stuff for later, I'll make a damn bookmark. If (!) I want=
ed functionality like Pocket, I'd get the damn Pocket *addon*.

Services that are not essential to web browsing and are not completely mana=
ged by Mozilla or made available through open APIs with providers to choose=
 from, have no place in Firefox!

These features are the very definition of bloatware, feature creep and unwa=
nted functionality that would be better added through extensions. I don't c=
are if it can be disabled entirely, the fact that it's there in Firefox's c=
ore is wrong in and of itself.

Meanwhile, hilariously enough, Mozilla removes simple core features like a =
simple bottom-fixed toolbar or page loading progress bars because they're "=
too much work to maintain". If *that* is too much work to maintain (which I=
'm sure as hell it isn't), then why the hell are you adding things like Hel=
lo and Pocket that nobody even wants? Could Mozilla be any more hypocritica=
l and user-defiant?
0
marnick
6/17/2015 6:53:00 PM
On 17 June 2015 at 13:37, <tucker.mcknight@gmail.com> wrote:

> Mike Connor, I really appreciate your replies.
>
> > The reality is that Mozilla is still a relatively small company,
> > and all of our major competitors have a couple of orders of
> > magnitude more people and money to back their efforts.  To compete
> > with those companies we need to maximize leverage, and make
> > pragmatic decisions on whether to buy/build/partner for each
> > problem we want to solve.
>
> I understand that this was a pragmatic decision. And I get that Firefox
> needs to have great features in order to attract users. I see the conflict
> here: Firefox needs users to accomplish its goal, but its goal is to
> promote an open and non-proprietary web. It seems like the goal with this
> feature was to attract users, which it does at the expense of Firefox's
> "master goal." That master goal is inherently difficult, but that's why
> Mozilla exists. Overtaking IE6 was difficult; creating a new programming
> language is difficult; launching an HTML5 operating system is difficult;
> and as a software developer myself, I understand that creating a
> Pocket-like service is certainly also difficult. We are all hoping that
> this is a stop-gap to reach feature parity with other browsers until
> Mozilla implements a more, well, "Mozillian" solution.
>

The master goal requires Mozilla to attract and retain users. Without our
users we don't have the same influence over standards, public policy, or
the direction of how the Web evolves.  The master goal is not about every
service being open source, but about keeping the Internet open for all, and
that explicitly includes for commercial entities.  The Mozilla Manifesto
[1] even calls this out in Principle 9:

> Commercial involvement in the development of the Internet brings many
benefits; a balance between commercial profit and public benefit is
critical.

Nowhere in the Manifesto does it say proprietary services are inherently
bad, or that commercial entities can't innovate in useful ways for users.
Nor is it our mission to make open source versions of everything that we
could possibly build. We don't have unlimited time or resources, so we have
to pick our battles.  If a market segment is effectively contended (i.e.
there are a number of competitors competing effectively and providing real
choice) then the system is working. Users have choices, and there's room
for new, better entrants to come in with better offerings.

Moving forward, I expect us to continue to balance partnering and building
things ourselves.  Some things we need to own. In other cases we will serve
our users better by partnering with some of the best services out there and
leveraging their existing technology and knowledge.  I'm not going to
promise we'll be 100% open, that's just the nature of negotiations with
potential partners, but I think we can and should do better.

-- Mike

[1] https://www.mozilla.org/en-US/about/manifesto/details/
0
Mike
6/17/2015 7:56:03 PM
I think a large problem with this conversation is that people speaking for
Mozilla have already clearly made up their minds, which is true otherwise
the feature wouldn't have shipped. However it would be great to get more
info on how this decision was made. It's all sort of piecemeal.

There is a question of whether or not this feature was in demand. I think
someone said it was, but it wasn't as fully formed an answer as the one
Mike just gave about partnerships vs open. Also there seems to be an open
question of what the ToS actually mean for Firefox users.

I think both of these questions are more important to answer over whether
or not a partnership makes sense, because even people who aren't opposed to
partnerships will be opposed to this particular idea if a) there isn't
enough demand to justify adding a feature and b) if the ToS don't align
with what people expect from Mozilla.


Our values set us apart. If we can't include features while maintaining our
values (choice, privacy, user first), then we don't have an edge and we'll
end up in an arms race. If we're in an arms race but people no longer trust
us to protect their privacy (which is a big part of our marketing efforts
now) then we lose.

On Wed, Jun 17, 2015 at 3:56 PM, Mike Connor <mconnor@mozilla.com> wrote:

> On 17 June 2015 at 13:37, <tucker.mcknight@gmail.com> wrote:
>
> > Mike Connor, I really appreciate your replies.
> >
> > > The reality is that Mozilla is still a relatively small company,
> > > and all of our major competitors have a couple of orders of
> > > magnitude more people and money to back their efforts.  To compete
> > > with those companies we need to maximize leverage, and make
> > > pragmatic decisions on whether to buy/build/partner for each
> > > problem we want to solve.
> >
> > I understand that this was a pragmatic decision. And I get that Firefox
> > needs to have great features in order to attract users. I see the
> conflict
> > here: Firefox needs users to accomplish its goal, but its goal is to
> > promote an open and non-proprietary web. It seems like the goal with this
> > feature was to attract users, which it does at the expense of Firefox's
> > "master goal." That master goal is inherently difficult, but that's why
> > Mozilla exists. Overtaking IE6 was difficult; creating a new programming
> > language is difficult; launching an HTML5 operating system is difficult;
> > and as a software developer myself, I understand that creating a
> > Pocket-like service is certainly also difficult. We are all hoping that
> > this is a stop-gap to reach feature parity with other browsers until
> > Mozilla implements a more, well, "Mozillian" solution.
> >
>
> The master goal requires Mozilla to attract and retain users. Without our
> users we don't have the same influence over standards, public policy, or
> the direction of how the Web evolves.  The master goal is not about every
> service being open source, but about keeping the Internet open for all, and
> that explicitly includes for commercial entities.  The Mozilla Manifesto
> [1] even calls this out in Principle 9:
>
> > Commercial involvement in the development of the Internet brings many
> benefits; a balance between commercial profit and public benefit is
> critical.
>
> Nowhere in the Manifesto does it say proprietary services are inherently
> bad, or that commercial entities can't innovate in useful ways for users.
> Nor is it our mission to make open source versions of everything that we
> could possibly build. We don't have unlimited time or resources, so we have
> to pick our battles.  If a market segment is effectively contended (i.e.
> there are a number of competitors competing effectively and providing real
> choice) then the system is working. Users have choices, and there's room
> for new, better entrants to come in with better offerings.
>
> Moving forward, I expect us to continue to balance partnering and building
> things ourselves.  Some things we need to own. In other cases we will serve
> our users better by partnering with some of the best services out there and
> leveraging their existing technology and knowledge.  I'm not going to
> promise we'll be 100% open, that's just the nature of negotiations with
> potential partners, but I think we can and should do better.
>
> -- Mike
>
> [1] https://www.mozilla.org/en-US/about/manifesto/details/
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>
0
Majken
6/17/2015 8:12:24 PM
On Wednesday, June 17, 2015 at 1:56:26 PM UTC-6, Mike Connor wrote:
> The master goal requires Mozilla to attract and retain users. Without our
> users we don't have the same influence over standards, public policy, or
> the direction of how the Web evolves.  The master goal is not about every
> service being open source, but about keeping the Internet open for all, a=
nd
> that explicitly includes for commercial entities.  The Mozilla Manifesto
> [1] even calls this out in Principle 9:
>=20
> > Commercial involvement in the development of the Internet brings many
> benefits; a balance between commercial profit and public benefit is
> critical.
>=20
> Nowhere in the Manifesto does it say proprietary services are inherently
> bad, or that commercial entities can't innovate in useful ways for users.
> Nor is it our mission to make open source versions of everything that we
> could possibly build. We don't have unlimited time or resources, so we ha=
ve
> to pick our battles.  If a market segment is effectively contended (i.e.
> there are a number of competitors competing effectively and providing rea=
l
> choice) then the system is working. Users have choices, and there's room
> for new, better entrants to come in with better offerings.
>=20
> Moving forward, I expect us to continue to balance partnering and buildin=
g
> things ourselves.  Some things we need to own. In other cases we will ser=
ve
> our users better by partnering with some of the best services out there a=
nd
> leveraging their existing technology and knowledge.  I'm not going to
> promise we'll be 100% open, that's just the nature of negotiations with
> potential partners, but I think we can and should do better.
>=20
> -- Mike
>=20
> [1] https://www.mozilla.org/en-US/about/manifesto/details/

I know that the goal is not for every service to be open source, and person=
ally I'm not an open source purist. But in that same sentence you said that=
 the goal is to keep the internet open for all, and yet we still haven't he=
ard anything about being able to integrate other services besides Pocket.=
=20

I don't think that proprietary services are inherently bad. I think it does=
n't make sense to have a user-facing core feature provided by a single thir=
d party. It's harder to justify when that third-party is non-free (in both =
speech and beer).

You say that "users have choices, and there's room for new, better entrants=
 to come in with better offerings." But that is more difficult when one of =
the major browsers exclusively partners with one company. It'll be harder f=
or the read-it-later market to be effectively contended if Mozilla keeps th=
is exclusivity. It's counter to the mission of promoting an open web, and p=
rinciple 9 shouldn't be used to justify that. Rather, if Mozilla isn't goin=
g to develop their own read-it-later service, then allowing multiple servic=
e providers (thereby allowing competition) is more in line with principle 9=
..

The undertones of your last paragraph are very concerning; anyone who suppo=
rts Mozilla should read it.
0
tucker
6/17/2015 11:03:00 PM
On Wed, Jun 17, 2015 at 4:03 PM, <tucker.mcknight@gmail.com> wrote:

>
> You say that "users have choices, and there's room for new, better
> entrants to come in with better offerings." But that is more difficult when
> one of the major browsers exclusively partners with one company. It'll be
> harder for the read-it-later market to be effectively contended if Mozilla
> keeps this exclusivity.
>

This is absolutely untrue.

As Mike already stated:
> For now, yes. I don't believe that to be the long term plan.  Until
> 1.0 Firefox only shipped with Google. The first version of the
> Social API was Facebook only.  Something has to go first, and
> it's way easier to do that with a single partner for a v1.

So you saying that it's more difficult runs contrary to what Mozilla has
done historically, and successfully.

-- 
-Sheeri Cabral
Manager, Data Team at Mozilla

File a bug for the Data Team -
https://bugzilla.mozilla.org/enter_bug.cgi?product=Data%20%26%20BI%20Services%20Team
Find the Data team on #data on irc.mozilla.org
0
Sheeri
6/17/2015 11:13:31 PM
Sheeri, that is why I asked about seeing a timeline for when other provider=
s will be allowed, like they are with search providers and the social API. =
With the social API, that was the plan from the beginning, and Mozilla was =
very transparent about that. That is not at all the case here.
0
tucker
6/17/2015 11:40:34 PM
On 6/17/15 7:40 PM, tucker.mcknight@gmail.com wrote:
> Sheeri, that is why I asked about seeing a timeline for when other providers will be allowed, like they are with search providers and the social API. With the social API, that was the plan from the beginning, and Mozilla was very transparent about that. That is not at all the case here.

Given that the preferences for this feature were implemented with a 
trademark in the name — browser.pocket.* — I suspect that the claim that 
this was intended to be just the first of an open set of providers just 
isn't true. (Even in Firefox 0.8, the Google icon and search parameters 
were distributed in a "searchplugins" folder, and presumably when the 
Social API was launched there wasn't a preference with "facebook" in the 
name.) This certainly looks like it's intended to be an exclusive 
partnership — and, in fact, no one has stated authoritatively that 
that's not the case.

So from the looks of it, Sheeri, no, this is not at all what Mozilla has 
done historically. If someone from Mozilla cares to set the record 
straight, with concrete plans for how this feature will be opened up, 
that'd be helpful, but Mike's saying "I don't believe that to be the 
long term plan" is not such a statement.
0
Dan
6/18/2015 12:17:18 AM
On Wed, Jun 17, 2015 at 5:17 PM, Dan Stillman <dstillman@gmail.com> wrote:

> Given that the preferences for this feature were implemented with a
> trademark in the name =E2=80=94 browser.pocket.* =E2=80=94 I suspect that=
 the claim that
> this was intended to be just the first of an open set of providers just
> isn't true.


I suspect that preferences for one piece of software are going to be
different for preferences for another, even though both pieces of software
may do the same thing.

It's like you're just looking for evidence to back your claim, when there's
very clear and innocent reasons for these.

Could this be a terrible horrible thing that Mozilla is doing? Sure. Is it
likely that Mozilla has suddenly turned on its mission and the hundreds of
employees and volunteers that aren't weighing in are OK with this and
turning a blind eye?

No, it's not likely. What *is* likely is that teams of experienced people
got together and spent *hours* making this decision, that some folks are
reacting to after thinking about it for maybe half an hour.

Do you know the conditions Mozilla is in, such that in this case, "buy" won
out over "build"? Did you gather requirements and test the options in the
available software, and figure out the optimal solution? Are you a
marketing whiz? Did you sit in negotiations with different companies to see
where they would and would not bend for Mozilla?

Because you know what? The people who made those decisions ARE experienced,
they are whizzes, and I trust they DID all that. These decisions are NOT
made lightly.

Now, even experts make mistakes, or miscalculations. But it seems from the
length of this discussion, that even upon reflection after complaints are
being heard, that folks are saying, "yes, this is the right move".

Mozilla employees work really hard to provide the best product available,
and sometimes that means doing unexpected and different things. They are
guided by metrics, so they will have *facts* available to see if this
change helps, hurts, or stays neutral.

I jumped into this discussion because this type of armchair quarterbacking =
(
http://dictionary.reference.com/browse/armchair+quarterback) is extremely
frustrating to witness, and it universally happens with non-tech
(Marketing, HR, etc) decisions. Give it a rest and let the experts handle
their jobs, until they actually give you a concrete reason not to trust
them....all you have now is speculation.

--=20
-Sheeri Cabral
Manager, Data Team at Mozilla

File a bug for the Data Team -
https://bugzilla.mozilla.org/enter_bug.cgi?product=3DData%20%26%20BI%20Serv=
ices%20Team
Find the Data team on #data on irc.mozilla.org
0
Sheeri
6/18/2015 12:33:54 AM
On 6/17/15 8:33 PM, Sheeri Cabral wrote:
> Give it a rest and let the experts handle their jobs, until they 
> actually give you a concrete reason not to trust them....all you have 
> now is speculation.

What a bizarre, disrespectful response. Sheeri, perhaps you've spent 
"maybe half an hour" thinking about this, but the rest of us have been 
discussing this for a couple weeks now, sharing very specific concerns, 
highlighting specific ways that this differs from past Mozilla 
decisions, and asking for specific information regarding a proprietary 
integration that was developed in secret. I'm grateful to Mike Connor 
and others from Mozilla for actually engaging with those points as best 
as they can. (As far as I can tell, Mike isn't actually in a position to 
share the long-term plans here.) Your response, in comparison, is simply 
offensive.

Mozilla is both a company and one of the world's most successful 
open-source projects. It's nice that you work for the former, but the 
rest of us are trying to contribute to the latter. Mozilla the company 
obviously has the right to make final product decisions — it controls 
the trademark, the purse strings, and the distribution channels — but 
the rest of us have every right to share our concerns with decisions and 
to ask for more information, and to use that information to decide 
whether to continue to participate in the project, both as developers 
and as users. Patronizingly suggesting that we "let the experts handle 
their jobs" and to call participation in an open-source project 
"armchair quarterbacking" shows shocking disregard for a decade and a 
half of community participation, and honestly I can't believe someone 
from Mozilla would say such a thing.
0
Dan
6/18/2015 1:10:39 AM
Let's talk about other principle of The Mozilla Manifesto - number 8[1]:
> Transparent community-based processes promote participation, accountabili=
ty and trust.

On Thursday, June 18, 2015 at 6:34:01 AM UTC+6, Sheeri Cabral wrote:
> Do you know the conditions Mozilla is in, such that in this case, "buy" w=
on
> out over "build"? Did you gather requirements and test the options in the
> available software, and figure out the optimal solution? Are you a
> marketing whiz? Did you sit in negotiations with different companies to s=
ee
> where they would and would not bend for Mozilla?

Do YOU know the condition Mozilla is in? Did YOU gather requirements etc.? =
Why don't you enlighten us with this info then?

> Because you know what? The people who made those decisions ARE experience=
d,
> they are whizzes, and I trust they DID all that. These decisions are NOT
> made lightly.

Mozilla isn't a cult or some sort of religion. The logic behind their decis=
ions needs to be explained to the community. Can it be explained though?
Even now I don't know why this non-transparent non-community based decision=
 was made.
To demonstrate how it should have be done, let's compare Pocket(tm) integra=
tion with any other "tough" Mozilla decision, for example, extension signin=
g. There were discussions for about half a year (which I was able to partic=
ipated in), several blog posts explaining why it has to be done, when and h=
ow it will be done etc. And that feature isn't even landed yet.
But what about Pocket(tm) integration? It just - *pomf* - all of a sudden a=
ppeared in our browsers, in nightly and stable versions simultaneously (cor=
rect me if I'm wrong) without slightest explanation. And even now there's n=
o explanation. And I doubt there ever will be. That's the problem.
Many questions were asked here. For example, why we - Firefox users - were =
forced to agree with Pocket(tm) ToS[2]:

> By installing the Pocket(tm) application, visiting our website or install=
ing or using any of the Pocket Technologies, you are accepting these terms =
of service.

Pocket Technology was installed in our browsers, you can't argue with this.=
 There's no way to just delete Pocket(tm) integration from the browser. So =
the only way to disagree with Pocket(tm) ToS is to delete it's product (i.e=
.. along with Firefox).

I can't see any clarification about this matter. And just about any other m=
atter concerning Pocket(tm). And that's a bad sign.

> Give it a rest and let the experts handle
> their jobs, until they actually give you a concrete reason not to trust
> them....all you have now is speculation.

This non-transparency is a concrete reason to not trust them.

[1] https://www.mozilla.org/en-US/about/manifesto/details/
[2] https://getpocket.com/tos
0
Angly
6/18/2015 2:39:03 AM
> On Jun 17, 2015, at 7:39 PM, Angly Cat <l1aqus@gmail.com> wrote:

> Mozilla isn't a cult or some sort of religion. The logic behind their deci=
sions needs to be explained to the community. Can it be explained though?

It *was* explained over replies in the past few weeks, but not accepted as g=
ood enough explanations.=20

> Even now I don't know why this non-transparent non-community based decisio=
n was made.
> To demonstrate how it should have be done, let's compare Pocket(tm) integr=
ation with any other "tough" Mozilla decision, for example, extension signin=
g. There were discussions for about half a year (which I was able to partici=
pated in), several blog posts explaining why it has to be done, when and how=
 it will be done etc. And that feature isn't even landed yet.
> But what about Pocket(tm) integration? It just - *pomf* - all of a sudden a=
ppeared in our browsers, in nightly and stable versions simultaneously (corr=
ect me if I'm wrong) without slightest explanation. And even now there's no e=
xplanation. And I doubt there ever will be. That's the problem.
> Many questions were asked here.

Many answers were given. To say there's been no explanation feels to me like=
 there's been a lot of talking and not a lot of listening to the responses.

-Sheeri=
0
Sheeri
6/18/2015 3:30:16 AM
On Wednesday, June 17, 2015 at 2:56:26 PM UTC-5, Mike Connor wrote:
=20
> The master goal requires Mozilla to attract and retain users. Without our
> users we don't have the same influence over standards, public policy, or
> the direction of how the Web evolves.  The master goal is not about every
> service being open source, but about keeping the Internet open for all, a=
nd
> that explicitly includes for commercial entities.  The Mozilla Manifesto
> [1] even calls this out in Principle 9:
>=20
> > Commercial involvement in the development of the Internet brings many
> benefits; a balance between commercial profit and public benefit is
> critical.
>=20
> Nowhere in the Manifesto does it say proprietary services are inherently
> bad, or that commercial entities can't innovate in useful ways for users.
> Nor is it our mission to make open source versions of everything that we
> could possibly build. We don't have unlimited time or resources, so we ha=
ve
> to pick our battles.  If a market segment is effectively contended (i.e.
> there are a number of competitors competing effectively and providing rea=
l
> choice) then the system is working. Users have choices, and there's room
> for new, better entrants to come in with better offerings.
>
> [1] https://www.mozilla.org/en-US/about/manifesto/details/

What you are saying is true if you want to pull one single principle from t=
he manifesto and treat it in a vacuum from everything else.  However, you a=
dd back in the manifesto principles #7 ("Free and open source software prom=
otes the development of the Internet as a public resource") and #8 ("Transp=
arent community-based processes promote participation, accountability and t=
rust"), then adding an undocumented private "/v3/firefox/save" API call ver=
y much goes against the manifesto.  I can't meaningfully maximize the poten=
tial for the remote bookmark storage system integrated into firefox when th=
e full scope of the "/v3/firefox/*" API is only known to the employees of a=
 company that I don't work for.  This is not a transparent community-based =
process.

I will acknowledge that the Mozilla Foundation does not have unlimited time=
 or resources.  That is why when the Mozilla Foundation makes videos and bl=
og posts to clarify their missions, they should be kept consistent with wha=
t they intend as being the master plan.  To expend resources on something t=
hat directly contradicts the is a waste of resources.  So, Mozilla Foundati=
on has expended resources creating and publishing a "The Web We Want: An Op=
en Letter" video which starts off "I am not a data point to be bought and s=
old."

Let take just that one piece of clarification of the Mozilla Foundation mis=
sion and compare it with what you are saying.  You claim Pocket(TM) being i=
ntegrated into the core of Firefox to be pre-installed is justified because=
 "the master goal requires Mozilla to attract and retain users."  As such, =
Firefox is by extension a Pocket(TM) application.  According to Pocket(TM)'=
s Terms of Service, merely by installing a Pocket(TM) application the user =
should have both read and agreed to the Pocket(TM) Terms of Service and Pri=
vacy Policy.  According to Pocket(TM) Privacy Policy, the users are a data =
point to be sold in the form of aggregated information.

Why was the resources wasted on this video?  Why didn't start off a stateme=
nt of the master goal?

Another example (I could go on a great deal further giving example but I wi=
ll just stick with one more for now), for some reason the Mozilla Foundatio=
n felt it needed to write blog posts about "Reconciling Mozilla's Mission a=
nd W3C EME."  They explain that while the EME would be closed source, the A=
PI would be openly documented and the EME would be optional to *install*.  =
Then two different Firefox installers were made available where one install=
s the EME and the other doesn't.  So, not only was it optional to install t=
he EME but it was even optional on if the EME was even downloaded as part o=
f the installer.

I doubt many people would debate that being able to watch Netflix would be =
consistent with a master goal that "requires Mozilla to attract and retain =
users."  So why would the openness or the option require any reconciling at=
 all?  Based on your stated master goal, the API could have been kept priva=
te/undocumented and instructions on how to disable the EME after a forced i=
nstallation could be provided.  However, instead, it was important to state=
 that Mozilla's Mission did require reconciling.  The API had to be openly =
documented, download the EME would be optional and agreeing to Adobe's term=
s of service and privacy policy is also optional.

So why are we picking and choosing when Mozilla's Mission need to be reconc=
iled and when we can choose to ignore manifesto principles #7/#8, the Web W=
e Want campaign and many others forms of communication from Mozilla Foundat=
ion about it's mission statement?

If you really believe using private/undocumented API calls is the long term=
 solution to attract and retain users, then strip the multiple search engin=
e (and the open API) support out of the Awesome Bar.  Just have it be an pr=
ivate/undocumented API call to Yahoo search.  Because that is what is happe=
ning with Pocket(TM).  There is no interface outside of about:config to cho=
ose alternative hosts and even if an alternative host is selected, what fut=
ure private API calls the Firefox integration will make use of is unknown.

What is even worse is choose a single vendor storage solution is just wrong=
 for the end user.  Companies fail and change strategies.  Yahoo's flagship=
 product was a manually curated indexing of the web.  Where is that flagshi=
p product today?  If you need, I can give several other examples where a co=
mpany's initial flagship product or service failed or stop being provided. =
 Who are you to claim Firefox best way to retain users will be if all of th=
eir remotely stored bookmarks go dark when a single storage vendor solution=
 disappears?  Why even justify such a gamble?  How is this the "best way?"

So I'm going to BS on any claim that Manifesto #9 is proper justification f=
or any of the following issues:

(1) An undocumented/private "/v3/firefox/*" API namespace

(2) Lacking any convenient end-user way to select alternative or multiple s=
torage sources (doesn't have to support multiple APIs, just has to allow fo=
r other supporters of the same API)

(3) Non-optional install when the Terms of Service requires a ToS/Privacy P=
olicy agreement merely for installing (without even having to use it)

There is "commercial involvement" and there is betraying what has been repe=
atedly the mission statement.  It should be possible to accomplish commerci=
al involvement without any of those three above issues.
0
B
6/18/2015 3:56:10 AM
On Wed, Jun 17, 2015 at 6:10 PM, Dan Stillman <dstillman@gmail.com> wrote:

> On 6/17/15 8:33 PM, Sheeri Cabral wrote:
> Mozilla is both a company and one of the world's most successful
> open-source projects. It's nice that you work for the former, but the rest
> of us are trying to contribute to the latter.


Let me clarify, speaking as someone who has been a longtime contributor of
countless hours to a different open source community, with a product owned
by a company much larger than 1,000 employees - saying that Mozilla
employees work hard and are experts *in no way* is trying to say that
volunteers are lesser.

Volunteers to open source also work hard, and with no compensation. It's
often a thankless job, with little external incentive. Open source
volunteers are driven by passion, and it's awesome to be a part of an
ecosystem with so many awesome volunteers.

There's respectfully asking "why was this decision made?" and "sharing
concerns" and then there's aggressively hounding with a never-ending stream
of questions. I feel like, at this point, as explanations have been given,
this conversation is tipping into the latter.

Saying, "hey, these people are experts, are you an expert in this
particular field?" is NOT an insult. My specialty is databases, and if I
started hounding Finance, it's perfectly reasonable for someone to point
out that hey, I'm not a Finance expert, maybe those people know just a bit
more than I do, and I should accept what they're saying, even if I don't
agree with it or 100% understand it. In fact, it's someone pointing out
that perhaps I should have compassion and respect. Asking me to respect
others is not an insult to me.

-- 
-Sheeri Cabral
Manager, Data Team at Mozilla

File a bug for the Data Team -
https://bugzilla.mozilla.org/enter_bug.cgi?product=Data%20%26%20BI%20Services%20Team
Find the Data team on #data on irc.mozilla.org
0
Sheeri
6/18/2015 4:38:39 AM
On 18/06/2015 13:56, B Galliart wrote:
> You claim Pocket(TM) being integrated into the core of Firefox to be pre-installed is justified because "the master goal requires Mozilla to attract and retain users."  As such, Firefox is by extension a Pocket(TM) application.

Asserting this as fact does not make it so.

"Firefox is now a pocket application" is IMHO a completely unreasonable
conclusion to jump to, unless one is deliberately looking for gotchas
with which to hate on this integration.

As Gerv already pointed out earlier in the thread, all of the pocket
code shipping with firefox is open-source and is clearly licensed for
use without agreeing to any terms-of-service.  It's declared right here
at the top of the source file:


https://hg.mozilla.org/mozilla-central/file/a3f280b6f8d5/browser/components/pocket/pktApi.js

> According to Pocket(TM)'s Terms of Service, merely by installing a Pocket(TM) application the user should have both read and agreed to the Pocket(TM) Terms of Service and Privacy Policy.  According to Pocket(TM) Privacy Policy, the users are a data point to be sold in the form of aggregated information.

I'm not a lawyer, but I've shipped code under the watchful eye of
Mozilla's laywers, and ToS acceptance is something they take very
seriously.  My team recently had to remove a feature from an (unrelated)
project because we were not appropriately surfacing agreement to the
terms of a third-party service.

I am in broad agreement that there's a lot about this integration that
could have been communicated better, coordinated better, and generally
made more transparent.

But to suggest that this integration suddenly springs unrelated and
unsurfaced ToS on our unsuspecting users seems like a fanciful overreach
to me.


  Ryan
0
Ryan
6/18/2015 4:52:30 AM
On Thursday, June 18, 2015 at 9:30:24 AM UTC+6, Sheeri Cabral wrote:
> Many answers were given. To say there's been no explanation feels to me l=
ike there's been a lot of talking and not a lot of listening to the respons=
es.
> It *was* explained over replies in the past few weeks, but not accepted a=
s good enough explanations.

Ok. Maybe you're right. Maybe I'm not attentive enough. Could you please su=
mmarize for me those explanations just one more time please? I believe the =
explanation you mentioned was like "There were many users who had Pocket(tm=
) add-on installed, so we decided to implement this read-it-later feature s=
omehow", no?
0
Angly
6/18/2015 5:24:01 AM
On 6/18/15 12:38 AM, Sheeri Cabral wrote:
> There's respectfully asking "why was this decision made?" and "sharing 
> concerns" and then there's aggressively hounding with a never-ending 
> stream of questions. I feel like, at this point, as explanations have 
> been given, this conversation is tipping into the latter.

I'm not sure if you've read all the comments in this thread, but if you 
do you'll see that some basic questions haven't been answered:

- Is the plan actually to open this feature up with a documented API and 
in a way that doesn't privilege a single proprietary service?

- If so:

   - When?

   - How can we reconcile that with the way this feature has been 
developed so far (in secret, not on the normal release track, neither 
with a public API nor positioned as one, and with trademarks in the pref 
and the toolbar)?

   - What can we do to help move the process along?

If you have answers for these questions, please share them. If not, I'm 
not sure why you're trying to derail the conversation before they're 
answered.

> Saying, "hey, these people are experts, are you an expert in this 
> particular field?" is NOT an insult. My specialty is databases, and if 
> I started hounding Finance, it's perfectly reasonable for someone to 
> point out that hey, I'm not a Finance expert, maybe those people know 
> just a bit more than I do, and I should accept what they're saying, 
> even if I don't agree with it or 100% understand it. In fact, it's 
> someone pointing out that perhaps I should have compassion and 
> respect. Asking me to respect others is not an insult to me.

I think your previous message [1] was grossly inappropriate coming from 
a Mozilla employee and deserves an apology, not a clarification. We're 
not discussing database design or tax law. The concepts here — 
transparency, privacy, software freedom, interoperability, the 
commercial/non-commercial balance  — are central to the Mozilla mission 
and basic principles of FOSS development, and to suggest that the people 
posting here haven't thought about or don't understand those issues 
simply because they don't work for Mozilla is offensive. Beyond that, 
this was by and large a perfectly respectful discussion on both sides 
(with a few exceptions, of which you're now one) before you showed up 
and told a community of open-source contributors to "Give it a rest and 
let the experts handle their jobs".


[1] 
https://groups.google.com/d/msg/mozilla.governance/2PYq2w8tejs/24XlPXQddTgJ
0
Dan
6/18/2015 6:44:33 AM
As a Mozilla engineer who worked on / reviewed some of the pocket and 
reader mode stuff:

On 18/06/2015 07:44, Dan Stillman wrote:
> - Is the plan actually to open this feature up with a documented API and
> in a way that doesn't privilege a single proprietary service?

This is certainly what I've been hearing, yes. We're gathering telemetry 
& other data to see how this integration works out before deciding how 
to move forward, AIUI. Note that I'm an engineer, not a decision maker, 
so...

> - If so:
>
>    - When?

..... I have not heard a concrete timeline yet (could be I missed it - 
there's a lot going on). Also not my decision. I trust the people making 
it, though, and I wish you would too.

For evidence that we are serious with continuing to develop this stuff, 
I guess I can point to https://kinto.readthedocs.org/ and 
https://github.com/mozilla-services/cliquetis for now, in case that 
helps you trust me...

>    - How can we reconcile that with the way this feature has been
> developed so far (in secret, not on the normal release track, neither
> with a public API nor positioned as one, and with trademarks in the pref
> and the toolbar)?

All the bugs for the implementation that I've seen were open and never 
moco-confidential or whatever, so I strongly disagree with "secret".

Release track: because we had a ship-by date for 38.0.5 and the pocket 
integration was finalized after 38 left m-c, and so having it ride the 
train was simply not possible. We are working to improve both process 
and product (ie Firefox internals) so we don't have to do this again in 
future. We will be talking about this in Whistler as well.

As people have said before now, we ship stuff with trademarks all the 
time, including but not limited to the search engines, safebrowsing, the 
facebook integration, etc. etc. etc. That by itself isn't really at 
issue here.

Why are the prefs so specific: again, timeline. We did not have the time 
to implement the first attempt here in a beautifully abstracted fashion 
prepared for yet-unknown-specifications-for-other-services, so we 
didn't. We implemented the initial desired functionality as quickly and 
efficiently as possible.

(searchplugins as mentioned in a reply upthread is a false analogy 
considering that had been implemented in suite for a long time and a 
good part of the implementation was just copied/reused.)


>    - What can we do to help move the process along?

Right now, nothing specific that I'm aware of.

Constructive ideas regarding API requirements, UX flow (how does a user 
pick a service) and what alternative services should be considered, 
maybe, but I don't know if it isn't too early for some of those, either. 
If you want to take a stab at that, it'd probably be good to start a new 
thread, on firefox-dev ( https://wiki.mozilla.org/Firefox/firefox-dev ); 
this one has run its course.

> If you have answers for these questions, please share them. If not, I'm
> not sure why you're trying to derail the conversation before they're
> answered.

At least half of what I've said above, and probably more, had already 
been said. People are just reluctant to believe words without 
implementation to show for it. As an engineer, I sympathise with that 
feeling, but it does mean I don't really understand why people keep 
asking the same questions.

>> Saying, "hey, these people are experts, are you an expert in this
>> particular field?" is NOT an insult.

> We're
> not discussing database design or tax law. The concepts here —
> transparency, privacy, software freedom, interoperability, the
> commercial/non-commercial balance

There are some items missing from this list, such as:
- market research/competitiveness
- marketing plans/campaigns
- usability
- user research
- implementation/engineering constraints

which are also all important when you're implementing a new feature in a 
web browser. Sheeri's implication was that a lot of commenters seem to 
not have considered any/some of these factors, or considered the fact 
that the people who made decisions about them might be more experienced 
than the commenters - maybe because they think they ought not to be as 
important as any of the ones you listed.

(Aside/example: as an engineer reading this thread, it's been 
excruciating to see the number of times people suggest that building 
something like the pocket service is "easy". Codswallop.)

Mozilla is a weird org because it uses software to advance a mission. We 
are not strictly a lobbying organization (though we do that), an 
education org (though we do that), or a software vendor (though we do 
make software).

 From your list of concepts it sounds like you want the FSF or the EFF. 
That's fine, they're great organisations and we partner with them on 
some things. But please don't let's pretend Firefox is operating in a 
vacuum, that we can *only* focus on the values you listed, and that the 
aspects I listed don't matter at all.

You can't ship software without considering engineering constraints. You 
can't ship usable software without some degree of UX/UI care and user 
research. You can't compete in a market with multi-billion-budgeted 
competitors without doing market research and staying focused on 
building something that works in/with that market. You can't compete 
against billion-dollar marketing campaigns by not doing any marketing 
yourself.

All of those concerns helped guide this decision in addition to the ones 
you listed, and if you do not take them into account it is going to be 
hard to understand Mozilla's decision.

~ Gijs
0
Gijs
6/18/2015 10:21:19 AM
> You can't ship software without considering engineering constraints. You 
> can't ship usable software without some degree of UX/UI care and user 
> research. You can't compete in a market with multi-billion-budgeted 
> competitors without doing market research and staying focused on 
> building something that works in/with that market. You can't compete 
> against billion-dollar marketing campaigns by not doing any marketing 
> yourself.
> 
> All of those concerns helped guide this decision in addition to the ones 
> you listed, and if you do not take them into account it is going to be 
> hard to understand Mozilla's decision.
> 
> ~ Gijs

I'm not a browser programmer, or a web developer or anything. I'm just a user of firefox. 
But I'm sitting here watching Mozilla go down the rabbit hole trying to fight Microsoft and Google on their terms. New features! Flashy advertisement! Condescending 'we know what you want in a browser' blog posts!

What I want in a browser is fast, small, reliable, and trustworthy.  If you give up those qualities in an attempt to beat people a hundred times your size... Well, I suspect you're going to bleed offended users faster than you're going to pick up new ones.

To me, this isn't just about Pocket, though having yet another new icon appear on my toolbar out of the blue pissed me off. Pocket is just a symptom of the 'what-the-hell-are-you-doing' that mozilla has been sitting in for a couple years now. 
0
automated
6/18/2015 1:54:48 PM
Dear Mozilla Governance,

I already posted my thoughts about the pocket integration itself. Per Gijs,=
 which from my memory is the only person who has directly addressed the que=
stions he did despite his assertion that that wasn't true, it sounds like M=
ozilla is going forward with one of the paths I was okay with so I'm decent=
ly happy with that.

That being said, as people in Mozilla have acknowledged multiple times, thi=
s was handled very very badly from an openness/PR standpoint.

It got worse when when Sheeri chipped in because, regardless of intentions,=
 their comments sounded extremely condescending and dismissive. Perhaps cer=
tain people should be encouraged not to participate directly in public disc=
ussions for the good of Mozilla's reputation. I know that sounds awful, but=
 some people just aren't good at talking to communities. I'm one of them, a=
nd I generally keep quiet.

In any case, from what I'm hearing it would improve things to have an offic=
ial (i.e. not a random statement on the mailing list from a random Mozilla =
employee) statement from Mozilla announcing future intentions for this "Poc=
ket API"(What's the official name for this since it isn't just for Pocket?)=
.. Preferably a roadmap/rough timeline would be included.

By the way, why the hell are there hard ship dates for features at Mozilla?=
 Part of what makes open source software great is that people generally get=
 to work on things until they feel it is good before releasing it, unlike i=
n most proprietary software. Personally, I feel it would have been a better=
 decision to delay the "Pocket API" feature until it was generalized to wor=
k with other providers but, as Mozilla employees have pointed out, there ar=
e a lot of factors involved with such a decision.

In any case, this whole thing has left a bad taste in my mouth about Mozill=
a. I actually did use to consider Mozilla on a similar level as the FSF and=
 EFF(obviously from ignorance). I no longer do, and this makes me sad. I us=
ed to be hardcore dedicated to using Firefox and recommend it to everyone w=
ho listens based on the philosophy behind it. It looks like the philosophy =
wasn't what I thought it was, so I will now only be able to recommend Firef=
ox on technical merits.=20

Thanks,
Christopher Carpenter=20
0
mordocai
6/18/2015 3:24:26 PM
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--LxwNgKG9kdXQOclQ9vfe8x3aOOvhw8pHM
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

While I personally want a browser that is fast, small, reliable and
trustworthy, we have market research that shows us that you and I are a
minority. More precisely, we have market numbers that shows that users
want a Pocket-like feature and are not going to bother checking if there
are add-ons that implement it.

Now, we are still trying to find a good strategy in a world in which
every competitor can afford to put at least 2x more developers than us
to work on a feature and 20x more money than us in marketing and
evangelizing everything they do and attracting add-on developers. I
believe that this is what you cal the "what-the-hell-are-you-doing".

Not everybody inside Mozilla likes partnering with third-parties to
bring in features that we cannot afford to develop, but at the moment,
people who have actually studied the issue and the market believe that
this is our best strategy, and I am willing to give them a chance to
prove it.

If this strategy doesn't work for our users (including you or I, but
also people who have very different views on what a browser should be),
we will adapt.

Best regards,
 David

On 18/06/15 15:54, automated.reckoning@gmail.com wrote:
> I'm not a browser programmer, or a web developer or anything. I'm just =
a user of firefox.=20
> But I'm sitting here watching Mozilla go down the rabbit hole trying to=
 fight Microsoft and Google on their terms. New features! Flashy advertis=
ement! Condescending 'we know what you want in a browser' blog posts!
>=20
> What I want in a browser is fast, small, reliable, and trustworthy.  If=
 you give up those qualities in an attempt to beat people a hundred times=
 your size... Well, I suspect you're going to bleed offended users faster=
 than you're going to pick up new ones.
>=20
> To me, this isn't just about Pocket, though having yet another new icon=
 appear on my toolbar out of the blue pissed me off. Pocket is just a sym=
ptom of the 'what-the-hell-are-you-doing' that mozilla has been sitting i=
n for a couple years now.=20
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>=20


--=20
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla


--LxwNgKG9kdXQOclQ9vfe8x3aOOvhw8pHM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVgurjAAoJED+FkPgNe9W+BnIH/jDF8sR2wEdn4E72CEm83Hti
fw5a7ecy/fNX69e35+OwzDNO80e+ivSQuBrSbudW9I4aPcUbw4wsvBPdaluwMECZ
Qqp3mXzx2x08GAB7rgO/izuiY/pd+aNvA1PXuq3nHjxpNzy/pLpuOOc4V0NpHyiD
qpKAkp6vynAnCbLeXdBIAi4P9X/uWw/7t4XBOOsF2BTHVRCr5Z5ukgLl8weg/DHK
dd4MaC9RH6xNDApWiEGZUnvl/G8Y8KDsOzxR0Nn8iG6lRdkeC1Teqd4AElVvhRhv
0IDrxYSJykDLX3bc/N4cl/EdKDFKQyWfMDmQKYZVpBQ/rlY4IOain9f8vYiAIpI=
=Kg7f
-----END PGP SIGNATURE-----

--LxwNgKG9kdXQOclQ9vfe8x3aOOvhw8pHM--
0
David
6/18/2015 3:59:27 PM
I am sympathetic to your position, but every time people use 'market resear=
ch' to justify changes, or talk about how a user increase proves they were =
right, I feel the need to point out a simple fact. The Daily Mail is one of=
 the most popular websites in the world, with a huge user base.=20

Does this mean that the DM is a good publication?
0
automated
6/18/2015 4:14:22 PM
I am sympathetic to your position, but every time people use 'market resear=
ch' to justify changes, or talk about how a user increase proves they were =
right, I feel the need to point out a simple fact. The Daily Mail is one of=
 the most popular websites in the world, with a huge user base.=20

Does this mean that the DM is a good publication?
0
automated
6/18/2015 4:18:11 PM
I am sympathetic to your position, but every time people use 'market resear=
ch' to justify changes, or talk about how a user increase proves they were =
right, I feel the need to point out a simple fact. The Daily Mail is one of=
 the most popular websites in the world, with a huge user base.=20

Does this mean that the DM is a good publication?
0
automated
6/18/2015 4:18:13 PM
Let's not get to reductio ad absurdum please.

Improving products effectively involves research, testing, and measuring
engagement.  If a new feature is popular and significantly improves user
satisfaction and retention, we're doing good things.  Users get to vote
with their feet here, if we build a product that works better for more
users, surely that's a good thing?

There are risks, we will make mistakes along the way, and that's okay.
That's part of building a great product.

-- Mike

On 18 June 2015 at 12:14, <automated.reckoning@gmail.com> wrote:

> I am sympathetic to your position, but every time people use 'market
> research' to justify changes, or talk about how a user increase proves they
> were right, I feel the need to point out a simple fact. The Daily Mail is
> one of the most popular websites in the world, with a huge user base.
>
> Does this mean that the DM is a good publication?
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>
0
Mike
6/18/2015 4:25:28 PM
It is reduction to the absurd, but that is my point. Getting more users is
great, if it doesn't destroy what made your product interesting in the
first place.

As to voting with my feet: I'd much rather vote with my voice before it
gets that far. But if Mozilla isn't interested, eventually feet are all
that will be left.
On 18 Jun 2015 12:25 pm, "Mike Connor" <mconnor@mozilla.com> wrote:

> Let's not get to reductio ad absurdum please.
>
> Improving products effectively involves research, testing, and measuring
> engagement.  If a new feature is popular and significantly improves user
> satisfaction and retention, we're doing good things.  Users get to vote
> with their feet here, if we build a product that works better for more
> users, surely that's a good thing?
>
> There are risks, we will make mistakes along the way, and that's okay.
> That's part of building a great product.
>
> -- Mike
>
> On 18 June 2015 at 12:14, <automated.reckoning@gmail.com> wrote:
>
>> I am sympathetic to your position, but every time people use 'market
>> research' to justify changes, or talk about how a user increase proves they
>> were right, I feel the need to point out a simple fact. The Daily Mail is
>> one of the most popular websites in the world, with a huge user base.
>>
>> Does this mean that the DM is a good publication?
>> _______________________________________________
>> governance mailing list
>> governance@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/governance
>>
>
>
0
John
6/18/2015 4:32:48 PM
I'll mention that "voting with your feet" doesn't have to mean choosing a
different browser in this context. Merely not using Pocket will suffice.

You can, after all, right click that button and choose to remove it from
the menu bar without ever having sent so much as a single byte towards
Pocket's servers.

Usage numbers across the user base (vocal and silent users) will guide
future decisions regarding this and most other feathers.

~F

-- 
Sent from my phone. Please excuse my brevity.
On Jun 18, 2015 9:33 AM, "John Doe" <automated.reckoning@gmail.com> wrote:

> It is reduction to the absurd, but that is my point. Getting more users is
> great, if it doesn't destroy what made your product interesting in the
> first place.
>
> As to voting with my feet: I'd much rather vote with my voice before it
> gets that far. But if Mozilla isn't interested, eventually feet are all
> that will be left.
> On 18 Jun 2015 12:25 pm, "Mike Connor" <mconnor@mozilla.com> wrote:
>
> > Let's not get to reductio ad absurdum please.
> >
> > Improving products effectively involves research, testing, and measuring
> > engagement.  If a new feature is popular and significantly improves user
> > satisfaction and retention, we're doing good things.  Users get to vote
> > with their feet here, if we build a product that works better for more
> > users, surely that's a good thing?
> >
> > There are risks, we will make mistakes along the way, and that's okay.
> > That's part of building a great product.
> >
> > -- Mike
> >
> > On 18 June 2015 at 12:14, <automated.reckoning@gmail.com> wrote:
> >
> >> I am sympathetic to your position, but every time people use 'market
> >> research' to justify changes, or talk about how a user increase proves
> they
> >> were right, I feel the need to point out a simple fact. The Daily Mail
> is
> >> one of the most popular websites in the world, with a huge user base.
> >>
> >> Does this mean that the DM is a good publication?
> >> _______________________________________________
> >> governance mailing list
> >> governance@lists.mozilla.org
> >> https://lists.mozilla.org/listinfo/governance
> >>
> >
> >
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>
0
Fred
6/18/2015 4:39:28 PM
Gijs,

I really appreciate the reply. And I'd echo Christopher Carpenter — from 
my recollection, having read every post in this thread, you are indeed 
the first to directly address these questions with any suggestion of 
authority, which is really all that some of us have been asking for 
(though I do appreciate the engagement from Mike and a couple others as 
well). To be clear, this isn't an issue of trust or a referendum on the 
expertise of Mozilla employees — just an attempt to get some basic 
answers on the record to clarify (what I think there's general agreement 
was) a less-than-perfect roll-out. Without such statements, all we have 
is what's in front of us in the implementation, and there's literally 
nothing there to suggest that a more open feature is planned.

Thanks for the links to Kinto/Cliquet, which seem very promising. Not 
sure how to square those with Mike's earlier statement that a 
Mozilla-produced version of this sort of thing was ruled out in favor of 
the Pocket integration, but I'm happy to see active development on them 
nonetheless.

Re: "secret", I'm not sure 
https://bugzilla.mozilla.org/show_bug.cgi?id=pocket entirely disputes 
that characterization, but you're right that the bugs were not private, 
so "secret" isn't fair. (And 
https://bugzilla.mozilla.org/show_bug.cgi?id=1155515 is a little more 
instructive.) I also don't want to imply that every product decision 
requires a public hearing, but I guess a thread like this is the risk 
when a major one isn't given it.


On 6/18/15 6:21 AM, Gijs Kruitbosch wrote:
>>> Saying, "hey, these people are experts, are you an expert in this
>>> particular field?" is NOT an insult.
>
>> We're
>> not discussing database design or tax law. The concepts here —
>> transparency, privacy, software freedom, interoperability, the
>> commercial/non-commercial balance
>
> From your list of concepts it sounds like you want the FSF or the EFF. 
> That's fine, they're great organisations and we partner with them on 
> some things. But please don't let's pretend Firefox is operating in a 
> vacuum, that we can *only* focus on the values you listed, and that 
> the aspects I listed don't matter at all.

Well, I actually just got that list from the Mozilla Manifesto... The 
rest of what you say is true, and I'd never suggest that engineering 
constraints or market competitiveness aren't critical factors, but 
arguably it's the greater community's role to voice its concerns when it 
feels the guiding principles aren't being given sufficient weight.

In any case, I really do appreciate the specific answers, and I'd be 
happy to participate in discussion of the more open implementation on 
firefox-dev. I agree with others that a public timeline/roadmap would be 
helpful, but for the moment I'm happy to give further development some 
time, now that we have a (slightly) clearer understanding of the plan.

- Dan
0
Dan
6/18/2015 5:43:10 PM
On Wednesday, June 17, 2015 at 11:52:37 PM UTC-5, Ryan Kelly wrote:
> On 18/06/2015 13:56, B Galliart wrote:
> > You claim Pocket(TM) being integrated into the core of Firefox to be pr=
e-installed is justified because "the master goal requires Mozilla to attra=
ct and retain users."  As such, Firefox is by extension a Pocket(TM) applic=
ation.
>=20
> Asserting this as fact does not make it so.

The only place in the Terms of Service which seems to define the term "Pock=
et(TM) application" is here:

"The pocket software application, supporting files and accompanying documen=
tation (referred to collectively herein as the 'Pocket application') is pro=
vided solely for your personal, noncommercial use."

My understanding is pktApi.js is a supporting file provided by Read It Late=
r, Inc.  Based on the wording, the Terms of Service is claiming Firefox now=
 fits what it defines to be a "Pocket(TM) application" and as such the user=
 is requested to read and agree to Pocket(TM)'s ToS and Privacy Policy "bef=
ore [they] install."

> "Firefox is now a pocket application" is IMHO a completely unreasonable
> conclusion to jump to, unless one is deliberately looking for gotchas
> with which to hate on this integration.

I am completely open to an employee of Pocket(TM) providing clarification o=
n the definition and have even requested it from them.  So far, I have hear=
d nothing back.

Feel free to explain in your own words what exactly the Pocket(TM) Terms of=
 Service is defining and how it applies now that Pocket(TM) is a non-option=
al install part of the core of Firefox.

It is true that I am deliberately looking for gotchas.  I believe the Mozil=
la Foundation's campaign for The Web We Want put obligations on us to look =
for gotchas.  If I am misunderstanding the Terms of Service in a way that y=
ou can have a lawyer explain on this mailing list, then great.  If this is =
an out of date Terms of Service that includes language that will no longer =
apply, then that is also great.  But until then, I believe the "gotchas" ar=
e still there.

Another gotchas in that definition is the restriction for personal and nonc=
ommercial use.  I believe this is the first time Firefox has directly integ=
rated a feature with such terms.  Even if a company's own data regulation p=
olicies doesn't conflict with Pocket(TM)'s Privacy Policy, that may still b=
e in violation of the ToS by attempting to roll out Pocket(TM) use to all e=
mployees.  This is yet another reason why allowing for a pocket-compatible =
privately run server is needed and why it is problematic that a private/und=
ocumented "/v3/firefox/*" API namespace exists.

This is not out of hate.  The gotchas appear regardless of if you love or h=
ate the integration.  It is just the nature of how the ToS is currently wri=
tten.

> As Gerv already pointed out earlier in the thread, all of the pocket
> code shipping with firefox is open-source and is clearly licensed for
> use without agreeing to any terms-of-service.  It's declared right here
> at the top of the source file:
>=20
>=20
> https://hg.mozilla.org/mozilla-central/file/a3f280b6f8d5/browser/componen=
ts/pocket/pktApi.js

Yes, Gervase Markham did say the above.  Later he also said the following:

"Right. I take back this implied criticism of your position. I'm seeking=20
clarification on this. I'm pretty sure the sections you mention don't=20
apply (and are not intended to apply) to the Pocket code in Firefox, but=20
I entirely agree it's very unclear."

"I will come back to this group when I hear more."

I asked Pocket(TM) for clarification back on June 6th and I am assuming he =
also asked around June 10th.  If there is a misunderstanding, I believe Poc=
ket(TM) could easily clear it up by responding to the pending requests.  So=
 far, I have not heard anything and over a week has passed.
=20
> > According to Pocket(TM)'s Terms of Service, merely by installing a Pock=
et(TM) application the user should have both read and agreed to the Pocket(=
TM) Terms of Service and Privacy Policy.  According to Pocket(TM) Privacy P=
olicy, the users are a data point to be sold in the form of aggregated info=
rmation.
>
> I'm not a lawyer, but I've shipped code under the watchful eye of
> Mozilla's laywers, and ToS acceptance is something they take very
> seriously.  My team recently had to remove a feature from an (unrelated)
> project because we were not appropriately surfacing agreement to the
> terms of a third-party service.

That is good to know.  Is there anyplace as part of Mozilla's effort to be =
transparent where Mozilla's lawyers provide the details or synopsis of the =
Terms of Service documents the reviewed?

Also, how does Mozilla lawyers take into account the impact of a new curren=
tly unpublished Privacy Policy that goes into effect 30 days after publicat=
ion?  Are they continually monitoring and reviewing the documents as they a=
re updated?  Are they able to always accomplish a full review in less than =
30 days?  What is Mozilla's stated policy/method for giving notice to the i=
mpacted users when a change no longer adheres to Mozilla's mission?
=20
> I am in broad agreement that there's a lot about this integration that
> could have been communicated better, coordinated better, and generally
> made more transparent.

I glad we are both in agreement on this.  I wish you could see that this is=
 not a result of hate of integration of feature but instead out of respect =
for Mozilla's previously stated mission.

> But to suggest that this integration suddenly springs unrelated and
> unsurfaced ToS on our unsuspecting users seems like a fanciful overreach
> to me.

Not only do I claim that this integration based on the wording of Pocket(TM=
)'s ToS springs itself on unsuspecting users, it also springs itself on uns=
uspecting developers as well.

Putting pktApi.js under an open source license is a good first step but is =
not a reasonable replacement for a statement of intent regarding treating t=
he API and service as open.  Currently, the closest to a statement of inten=
t is the Terms of Service which *revoke* rights instead of giving them.  Th=
ere are at least two major problems with this in terms of how the USA legal=
 system works:

(1) The court finding in Oracle vs Google show it is possible to put a spec=
ific implementation of an API under open source while still treating the AP=
I itself as being under additional restrictions.  The fact "/v3/firefox/*" =
API namespace is undocumented and stated to be private indicates that attem=
pting to create a pocket-protocol compatible server may still result in leg=
al action for violating Pocket(TM)'s intellectual property.  So far, only a=
n implementation of the client has been put under the open source.  The API=
 is not stated to be an open standard for free use.

(2) The lack of being able to create a private or test API server service b=
ring us to another of USA worst laws, the Computer Fraud and Abuse Act.  Cu=
rrently, the only Pocket(TM) API service available is the *production* one =
provided under Pocket(TM)'s Terms of Service.  If a developer does anything=
 not explicitly permitted by the Terms of Service and even unintentionally =
disrupting service, the developer can be charged criminally.  Also, under t=
he CFAA, it is up to District Attorney, not up to the company (in this case=
 Pocket(TM)) on if charges are to be filed.  The fact that the CFAA takes t=
he concept of a ToS being related to civil damages and make it a criminal o=
ffense make it that much more problematic when companies use the strictest =
restrictive language possible.  In the case of the Pocket(TM) "LICENSE REST=
RICTIONS" section, the language is extremely damning.  It leaves no room fo=
r error in modifying the code which uses the service.

I still understand that you probably still believe I am saying this out of =
same hate of Pocket(TM).  I doubt I can change your mind about that.  I don=
't blame Pocket(TM) for the actions of Oracle and I don't blame Pocket(TM) =
for the CFAA.  But it is still part of the world Americans live in.  If Poc=
ket(TM) is part of a transparent "Web We Want" then is it really an act of =
"hate" to expect better clarification?!

There has to be some common ground that can be reached where looking for go=
tchas is acceptable instead of "hate."  Everything about the Web We Want op=
en letter was statements of common web "gotchas."  Was Mozilla operating on=
 the basis of hate then?
0
B
6/19/2015 4:00:25 AM
On 17/06/15 21:12, Majken Connor wrote:
> Mike just gave about partnerships vs open. Also there seems to be an open
> question of what the ToS actually mean for Firefox users.

I am attempting to get more clarity on this specific question.

Gerv


0
Gervase
6/19/2015 2:17:58 PM
On 17/06/15 21:12, Majken Connor wrote:
> Mike just gave about partnerships vs open. Also there seems to be an open
> question of what the ToS actually mean for Firefox users.

I am attempting to get more clarity on this specific question.

Gerv


0
Gervase
6/19/2015 2:17:58 PM
On Thursday, June 18, 2015 at 11:39:35 AM UTC-5, Fred Wenzel wrote:
> I'll mention that "voting with your feet" doesn't have to mean choosing a
> different browser in this context. Merely not using Pocket will suffice.
>=20
> You can, after all, right click that button and choose to remove it from
> the menu bar without ever having sent so much as a single byte towards
> Pocket's servers.
>=20
> Usage numbers across the user base (vocal and silent users) will guide
> future decisions regarding this and most other feathers.

It depends what someone is trying to accomplish with "voting with your feet=
.."

For example, I have friends that have voted with their feet by not using Ch=
rome at all.  One reason that I keep hearing seems to be related to the RLZ=
 tracking ID which helps monitor where/when Chrome was downloaded and insta=
lled from.  I will admit they rarely explicitly say "RLZ tracking ID" is th=
e reason but what they describe seems to fit that.  And usually when I pull=
 up information about the RLZ tracking, they indicate that is what they whe=
re talking about.

It appears to be true that the Pocket(TM) integration code for Firefox v38 =
does not send anything to Pocket(TM) until *use*.  For this specific versio=
n, it does appear to be true you can "vote with your feet" merely by not us=
ing it.

However, nothing promises that it will always be the behavior of the Pocket=
(TM) integration that it will never send anything on first startup of the b=
rowser.  In fact, a careful reading of the Pocket(TM) Terms of Service indi=
cates that merely *install* an application that contains their "supporting =
files" is enough to give them rights under their ToS/Privacy Policy.

In addition, even the existing code has written in it use of a Firefox spec=
ific API key.  It is possible that in the future Pocket(TM) will hand down =
a policy that each rebranded version of Firefox requires it's own unique AP=
I key and may even require the API key to be refreshed periodically.  If yo=
u combine code the fires off on first use with unique API keys, you are ess=
entially back to a browser that has something similar to a "RLZ tracking ID=
.."

I am not claiming that Pocket(TM) will actually do any of this or that Pock=
et(TM) is in anyway a malicious company.  However, nothing in their Terms o=
f Service/Privacy Policy promises that they won't do it.  Instead, Pocket(T=
M) has granted itself "agreement" rights at *install* based on their Terms =
of Service.  And so far, Pocket(TM) has refused to clarify that part of the=
 ToS for me.

Just please read carefully the ToS before advising people that disabling is=
 sufficient.  In the first paragraph of the ToS, Pocket(TM) themselves reco=
mmends to "not install" rather than just to disable the feature.  If the be=
havior of future version of Firefox does change based on the rights Pocket(=
TM) has already given itself such that new install, re-installs, new Firefo=
x profiles, etc. result in a first start execution of some Pocket(TM) integ=
ration code, then contributing to an internet searchable archive of claims =
that disabling the feature is sufficient will be misleading.

Ironically, if RLZ-style tracking does come to Firefox either as part of Po=
cket(TM) or a different future third-party integration, it seems like Chrom=
ium (the open source version of Chrome which excludes several features such=
 as third-party Flash integration) could be a potential "solution" to "vote=
 with your feet."

0
B
6/19/2015 7:24:19 PM
On 19/06/2015 14:00, B Galliart wrote:
> On Wednesday, June 17, 2015 at 11:52:37 PM UTC-5, Ryan Kelly wrote:
>> On 18/06/2015 13:56, B Galliart wrote:
>>
>> "Firefox is now a pocket application" is IMHO a completely unreasonable
>> conclusion to jump to, unless one is deliberately looking for gotchas
>> with which to hate on this integration.
> 
> This is not out of hate.  The gotchas appear regardless of if you love or hate the integration.  It is just the nature of how the ToS is currently written.
> [...]
> I glad we are both in agreement on this.  I wish you could see that this is not a result of hate of integration of feature but instead out of respect for Mozilla's previously stated mission.
> [...]
> I still understand that you probably still believe I am saying this out of same hate of Pocket(TM).  I doubt I can change your mind about that.
> [...]
> There has to be some common ground that can be reached where looking for gotchas is acceptable instead of "hate."  Everything about the Web We Want open letter was statements of common web "gotchas."  Was Mozilla operating on the basis of hate then?

FWIW, I apologize for my choice of words with "hate on this integration"
above.  I'm sure you're "deliberately looking for gotchas" because you
want Mozilla to succeed in its stated mission, not because you're hoping
for us to fail.

> The only place in the Terms of Service which seems to define the term "Pocket(TM) application" is here:
> "The pocket software application, supporting files and accompanying documentation (referred to collectively herein as the 'Pocket application') is provided solely for your personal, noncommercial use."
> My understanding is pktApi.js is a supporting file provided by Read It Later, Inc.  Based on the wording, the Terms of Service is claiming Firefox now fits what it defines to be a "Pocket(TM) application" and as such the user is requested to read and agree to Pocket(TM)'s ToS and Privacy Policy "before [they] install."
> [...]
> Feel free to explain in your own words what exactly the Pocket(TM) Terms of Service is defining and how it applies now that Pocket(TM) is a non-optional install part of the core of Firefox.

I don't have any deep thoughts on what the Pocket(TM) Terms of Service
do or do not define.  I'm sure there are things downstream of ToS
agreement that it would be great to get clarification on.

My question is simply: by what mechanism would these ToS come to apply
to a user just because they have installed Firefox?

If "the ToS themselves say that they apply" is all it takes, then AFAICT
we've discovered a meta-circular licensing mechanism of unprecedented
virality, strong enough to override the pretty clear open-source
licensing applied to the code you claim will trigger it.

> That is good to know.  Is there anyplace as part of Mozilla's effort to be transparent where Mozilla's lawyers provide the details or synopsis of the Terms of Service documents the reviewed?
> 
> Also, how does Mozilla lawyers take into account the impact of a new currently unpublished Privacy Policy that goes into effect 30 days after publication?  Are they continually monitoring and reviewing the documents as they are updated?  Are they able to always accomplish a full review in less than 30 days?  What is Mozilla's stated policy/method for giving notice to the impacted users when a change no longer adheres to Mozilla's mission?

And just to be clear, I'm not ignoring the rest of the questions you
asked in your reply - I just won't pretend I'm able to speak to them
with any semblance of authority.


  Cheers,

     Ryan
0
Ryan
6/20/2015 2:39:46 AM
On Friday, June 19, 2015 at 9:39:55 PM UTC-5, Ryan Kelly wrote:
> I don't have any deep thoughts on what the Pocket(TM) Terms of Service
> do or do not define.  I'm sure there are things downstream of ToS
> agreement that it would be great to get clarification on.
>=20
> My question is simply: by what mechanism would these ToS come to apply
> to a user just because they have installed Firefox?

I tried to touch on some of the problems for users/developers in my recentl=
y reply to Fred Wenzel.  But I will try to go into more details.

Mozilla Foundation's position seems to be based on being able to disable th=
e Pocket from the bar is enough to keep it from ever transmitting data to P=
ocket.  I am more than willing to admit that seems to be the behavior of th=
e current integration.

However, lets say, just for the sake of argument, that Pocket decides it wa=
nt a web site popularity/rank feature.  Something similar to Google PageRan=
k or Alexa add-ons.  As part of this (again for the sake of argument), the =
Pocket integration links into the http/https submissions such a log of webs=
ites visited is periodically compressed and transmitted to Pocket.

I'm not claiming I have proof Pocket intends to do this.  What I am claimin=
g is the current Terms of Service give themselves the permission to add thi=
s type of behavior even if the user never clicks on the Pocket icon and dis=
ables the icon from the bar.

I also am claiming there is little transparency into what Pocket is plannin=
g for the future of this integration.  The full functionality of the "/v3/f=
irefox/*" namespace or even the full set of options available as part of "/=
v3/firefox/save" are not documented.  According to a reply from Pocket, tha=
t is not by accident but by design that it is private.

Even worse, the Firefox user is expected to visit Pocket's Privacy Policy e=
very 30 days to see if it has been updated to discover what new provisions =
may apply to the data collected.

Compare this situation with "Reconciling Mozilla's Mission and W3C EME."  H=
ere, the EME's API is clearly documented and not only the behavior of the c=
urrent EME code but all future EME code are sandboxed such that transmittin=
g logs back can not take place.  As such, if for example Adobe is providing=
 the EME, the user does not need to check Adobe to see what their privacy p=
olicy is since the EME will not collected any information.

If the Terms of Service was based on *use* instead of claiming rights due t=
o being *installed* then Pocket wouldn't be entitled to anything until the =
user uses Pocket.  If it is Mozilla's position that disabling Pocket is suf=
ficient, then just like with the EME sandbox, this position should protect =
the rights of the user not only for the current version of Firefox but for =
all future versions.  The user shouldn't have to worry about current and fu=
ture Pocket privacy policies when they don't make use of the feature even i=
f the data is being stored in aggregate.

> If "the ToS themselves say that they apply" is all it takes, then AFAICT
> we've discovered a meta-circular licensing mechanism of unprecedented
> virality, strong enough to override the pretty clear open-source
> licensing applied to the code you claim will trigger it.

There is a couple ways in which the Pocket integration is able to apply the=
 *letter* of an open source license while possibly not following the *spiri=
t* of open source.

According to the Open Source definition item #6, commercial use must be all=
owed.  Currently, the only servers that support the Pocket integration prot=
ocol used by Firefox is under a Terms of Service that prohibits commercial =
use.  Unless another pro-commercial server is made available, the code is n=
ot practical for commercial use despite being "open source."

So, that brings me to my next point, can there be a pocket-protocol clone s=
erver under different terms?  This is the area where a statement of intent =
from Pocket would go a long long way.

Under the current situation, the only way to clone Firefox's use of the pri=
vate/undocumented "/v3/firefox/save" call is to first figure it out.  Based=
 on the case of Oracle v. Google, even when an implementation is open sourc=
e does not make the API open for use outside the scope of that implementati=
on.  So, the open source section of Firefox provides the scope of the API c=
all for client use.  And reading/modifying the code in the context of a cli=
ent is clearly intended use of the open source contribution.  However, a ju=
ry may still find that reading the code for purposes of writing a server wh=
ich honors the private "/v3/firefox/save" call constitutes an act of prohib=
ited reverse-engineering of Pocket's intellectual property.  Further, Blizz=
ard v BNETD shows that even monitoring the network to figure out the protoc=
ol may also be prohibited reverse-engineering.

If Pocket has no intention of taking legal action for creating third party =
servers which honor the private "/v3/firefox/*" namespace of calls then the=
y lose nothing by providing clarification of that fact.  Otherwise, there i=
s a chilling legal environment where "/v3/firefox/save" could be considered=
 a vendor lock-in giving Pocket a monopoly on Firefox's use of the protocol=
..  Under such a lock-in, the only server used by the code again prohibits t=
he commercial use that OSD #6 required.

> > That is good to know.  Is there anyplace as part of Mozilla's effort to=
 be transparent where Mozilla's lawyers provide the details or synopsis of =
the Terms of Service documents the reviewed?
> >=20
> > Also, how does Mozilla lawyers take into account the impact of a new cu=
rrently unpublished Privacy Policy that goes into effect 30 days after publ=
ication?  Are they continually monitoring and reviewing the documents as th=
ey are updated?  Are they able to always accomplish a full review in less t=
han 30 days?  What is Mozilla's stated policy/method for giving notice to t=
he impacted users when a change no longer adheres to Mozilla's mission?
>=20
> And just to be clear, I'm not ignoring the rest of the questions you
> asked in your reply - I just won't pretend I'm able to speak to them
> with any semblance of authority.

I understand--thank you for specifying you aren't ignoring them.  I wasn't =
expecting you specifically would be able to but rather you might be able to=
 get the right person involved in this thread.

Ultimately, clarification really needs to come from Pocket and they are pro=
bably the only ones that can clear up my issues of install-time activation =
of the ToS and use of private/undocumented API calls.  If those two things =
were addressed, I would feel much more comfortable than I do now about this=
 integration.
0
B
6/23/2015 5:46:09 AM
On 18/06/2015 18:39, Fred Wenzel wrote:

> I'll mention that "voting with your feet" doesn't have to mean choosing a
> different browser in this context. Merely not using Pocket will suffice.
> 
> You can, after all, right click that button and choose to remove it from
> the menu bar without ever having sent so much as a single byte towards
> Pocket's servers.
> 
> Usage numbers across the user base (vocal and silent users) will guide
> future decisions regarding this and most other feathers.

Let me bring a dinosaur's point of view (more than 15 years old
mozillian), a FOSS developer's point of view (BlueGriffon) and a user's
point of view:

1. I am using Pocket at least 50 times a day, and I find it fast,
   reliable, and often better than other solutions including ones
   available inside other browsers. I am rather happy it's integrated
   to FF.
2. all the people around me (not developers) use it all the time
3. I'm not afraid at all but yes, I'm a geek and able to protect my
   data if I need it
4. I removed the Pocket button from the toolbar in seconds
5. I have shown all people around me how to do the same
6. I trust Mozilla to make the right decision if, in the future, Pocket
   does something that is not in line with users' interests.
7. yes, I think integrating a commercial product is not the best thing
   ever in the FF world but, after observing Pocket, certainly not
   the worst thing ever in the current case
8. yes, the plusses of Pocket easily balance the minusses of Pocket,
   from a user's perspective
9. I think FF has much more important issues on its radar. Its user base
   is decreasing and integrating Pocket was an absolute must, from a
   strategic point of view.

In summary, not such a big deal. My opinion only, of course.

</Daniel>

0
Daniel
6/23/2015 6:15:24 AM
On Tuesday, June 23, 2015 at 1:15:59 AM UTC-5, Daniel Glazman wrote:
> Let me bring a dinosaur's point of view (more than 15 years old
> mozillian), a FOSS developer's point of view (BlueGriffon) and a user's
> point of view:

It is nice to find another long term mozillian.  Most people don't consider=
 themselves to be a Mozillian previous to the Mozilla Foundation being crea=
ted in 2003.  But I am also a long enough user to remember the "README" fil=
e which indicated that Mozilla was the correct way to pronounce the browser=
..  On that basis, I guess I will be a Mozillian for 20 years starting somet=
ime next year.

I would like to stay away from the term dinosaur.  I don't want any meteors=
 getting the wrong idea and there is few enough as it is.

> 7. yes, I think integrating a commercial product is not the best thing
>    ever in the FF world but, after observing Pocket, certainly not
>    the worst thing ever in the current case

As a 15+ mozillian, you should remember this isn't this first time a commer=
cial product has been integrated/used in the open source browser.  It used =
to be that it wouldn't even compile without Motif.  One key difference was =
100% of the Motif calls made where openly documented.  Another key differen=
ce is install browser didn't imply any privacy policy with the OSF/Motif.

Another commercial integration discussed during your 15+ years was Tamarin =
from Adobe.  Again, the API was 100% openly documented and no privacy polic=
y was implied with the contribution.

Several open source projects benefit from commercial contributions to the c=
ode.  I don't think that really should be the issue.  Rather, it is should =
be how the contribution adheres to being open and transparent than fixating=
 on the author of the code.

> 1. I am using Pocket at least 50 times a day, and I find it fast,
>    reliable, and often better than other solutions including ones
>    available inside other browsers. I am rather happy it's integrated
>    to FF.
> 2. all the people around me (not developers) use it all the time

I don't think anyone is debating if it is useful to people.

Reading back through the thread, it seem more like people are debating if i=
t's usefulness to most should mean it can't be individually uninstalled by =
some.  Again, based on the wording of the ToS, disabling/removing the butto=
n does not achieve the same thing as uninstalling.

Also, given how useful it is, wouldn't it be nice if an employer could prov=
ide it immediately to all new hires?  Currently, the terms of service of pr=
ohibit this.

> 4. I removed the Pocket button from the toolbar in seconds
> 5. I have shown all people around me how to do the same

I don't think anyone is debating how easy it is to hide the button.  Howeve=
r, this is not the same as not installing as stated in the Pocket Terms of =
Service.

> 6. I trust Mozilla to make the right decision if, in the future, Pocket
>    does something that is not in line with users' interests.

My point is that by including an at *install* activated Terms of Service an=
d undocumented/private API calls that they already are not in line with use=
rs' interest.  The ideals that have been promoted in the past should prohib=
it the current integration.  Hopefully Pocket is willing to work towards so=
mething that adheres to those ideals but currently they have remained silen=
t.

> 8. yes, the plusses of Pocket easily balance the minusses of Pocket,
>    from a user's perspective
> 9. I think FF has much more important issues on its radar. Its user base
>    is decreasing and integrating Pocket was an absolute must, from a
>    strategic point of view.
>
> In summary, not such a big deal. My opinion only, of course.

I agree it's user base is decreasing.  I also agree a remote bookmark stora=
ge system was a must-have item.  I still think this type of feature should =
have been achievable with a ToS that only activates at *use* instead of at =
install and uses a 100% openly documented API instead of private API calls.

If we reached the point that growing the user base now must be done at any =
cost, then here are some thing that Mozilla Foundation could also do but as=
 far as I know rejected:

(1) Chrome installs Adobe Flash and Mozilla Foundation has a pre-existing r=
elationship with Adobe, why not just do the same?

(2) Chrome will play back h.264 via the HTML5 video tag regardless of if th=
e platform/OS supports it.  Cisco has made clear with it's OpenH264 project=
 it is willing to help open source projects do the same.  Why not just thro=
w that into Firefox?

(3) Chrome uses PPAPI which makes it easier for plugin authors to write plu=
gins which generate audio and also makes it easier for the user to see whic=
h tab is causes sound to be played.  Why not just throw in PPAPI support?

(4) Opera announced that with limited resources it isn't worth maintaining =
their own HTML rendering engine and went with Blink.  Should Firefox do the=
 same?

Right now most browser market share data providers show Chrome as the domin=
ate browser.  If getting users is so critical, maybe Firefox needs to just =
be more "Chrome" and less Firefox?

But then the question is, how much of Firefox a product and how much of Fir=
efox a set of ideals?  How much of the ideals and mission statement can be =
thrown out to get users and Firefox still remain Firefox?  At what point do=
es it become a big deal?
0
B
6/24/2015 1:52:00 AM
On Tue, Jun 23, 2015 at 6:52 PM, B Galliart <bgallia@gmail.com> wrote:
>
> (2) Chrome will play back h.264 via the HTML5 video tag regardless of if
> the platform/OS supports it.  Cisco has made clear with it's OpenH264
> project it is willing to help open source projects do the same.  Why not
> just throw that into Firefox?
>

I don't think this has been rejected. However, presently OpenH264 doesn't
support
High Profile which means it's not a substitute for native platform support.
Firefox
does support H.264 for WebRTC via OpenH264

-Ekr
0
Eric
6/24/2015 5:43:00 AM
On 23/06/2015 18:52, B Galliart wrote:
> As a 15+ mozillian, you should remember this isn't this first time a commercial product has been integrated/used in the open source browser.  It used to be that it wouldn't even compile without Motif.  One key difference was 100% of the Motif calls made where openly documented.  Another key difference is install browser didn't imply any privacy policy with the OSF/Motif.
> 
> Another commercial integration discussed during your 15+ years was Tamarin from Adobe.  Again, the API was 100% openly documented and no privacy policy was implied with the contribution.
> 
> Several open source projects benefit from commercial contributions to the code.  I don't think that really should be the issue.  Rather, it is should be how the contribution adheres to being open and transparent than fixating on the author of the code.
> 
> [..]
>
> Reading back through the thread, it seem more like people are debating if it's usefulness to most should mean it can't be individually uninstalled by some.  Again, based on the wording of the ToS, disabling/removing the button does not achieve the same thing as uninstalling.
> 
> [..]
>
> I don't think anyone is debating how easy it is to hide the button.  However, this is not the same as not installing as stated in the Pocket Terms of Service.
> 
> [..]
>
> My point is that by including an at *install* activated Terms of Service and undocumented/private API calls that they already are not in line with users' interest.  The ideals that have been promoted in the past should prohibit the current integration.  Hopefully Pocket is willing to work towards something that adheres to those ideals but currently they have remained silent.

Seriously?

I directly challenged you to explain how the Pocket Terms of Service are
supposedly activated at install time, how they supposedly apply to every
Firefox user regardless of whether they interacted with the Pocket
button at all.  You were not able to do so.

You raised interesting points about what the terms might imply for users
and developers after they agreed to them, and interesting points about
the legal status of third-party re-implementations of the Pocket API.
But none of it explained how these ToS might come to override the very
clear open-source license under which the Pocket code inside Firefox is
distributed.

That the Terms themselves appear to claim they're activated at install
time is a nonsensical circular argument, powerless until you actually do
something that would require agreement to the terms in the first place.

I'm not a lawyer.  If there were even a hint of a problem here, you
would not have to work hard to convince me of the possibility.

But the closest you offered was this:

> However, lets say, just for the sake of argument, that Pocket decides it want a web site popularity/rank feature.  Something similar to Google PageRank or Alexa add-ons.  As part of this (again for the sake of argument), the Pocket integration links into the http/https submissions such a log of websites visited is periodically compressed and transmitted to Pocket.
> 
> I'm not claiming I have proof Pocket intends to do this.  What I am claiming is the current Terms of Service give themselves the permission to add this type of behavior even if the user never clicks on the Pocket icon and disables the icon from the bar.

This is a meaningless hypothetical because *Pocket does not have the
ability to do this even if they wanted to*.

Nothing here has given Pocket the ability to make arbitrary changes to
the code shipping in Firefox, and their own ToS are certainly not
powerful enough to grant them that by fiat.  Mozilla would have to
accept accept such a change through our normal review procedures and
include it in a normal Firefox release.

The day such code shipped in Firefox would be the day I handed in my
resignation, and I'm pretty confident I'm not alone in that regard.

If you're really raising these points because you care about Mozilla and
its mission, please either:

1) Explain exactly where the problem is, so we can fix this incredibly
serious betrayal of our users sovereignty and trust; or

2) Stop spreading this unsubstantiated FUD.

I'm completely serious about (1).  If what you describe above really is
happening to our users when they install this release, IMHO that's a
chemspill of the highest order and we need to scramble all our resources
to fix it.  It's a serious enough allegation that I just can't bring
myself to leave the claims above unchallenged.

But I haven't seen any meaningful attempt to explain how that's actually
happening.  You just keep asserting it as though it were fact.

Of course, the alternative is:

3) Continue trolling us with vague claims of automagic Terms of Service

At which point I will attempt to just let this thread die...


  Ryan

0
Ryan
6/24/2015 6:39:39 AM
On Wednesday, June 24, 2015 at 12:39:38 PM UTC+6, Ryan Kelly wrote:
> I directly challenged you to explain how the Pocket Terms of Service are
> supposedly activated at install time, how they supposedly apply to every
> Firefox user regardless of whether they interacted with the Pocket
> button at all.  You were not able to do so.

> That the Terms themselves appear to claim they're activated at install
> time is a nonsensical circular argument, powerless until you actually do
> something that would require agreement to the terms in the first place.

> 1) Explain exactly where the problem is, so we can fix this incredibly
> serious betrayal of our users sovereignty and trust; or

I accept the challenge. I will do my best trying to explain this as simple =
as possible.

According to the first paragraph of the Pocket(tm) ToS[1]:

> By installing the Pocket(tm) application, visiting our website or install=
ing or using any of the Pocket Technologies, you are accepting these terms =
of service. If you do not agree to these terms, please do not install our a=
pplication, access our website or use any of our products or services.

It is UNCLEAR whether Pocket(tm) integration in Firefox counts as so-called=
 "Pocket Technologies". We suppose the worst: that is does. Therefore the f=
act the one's Firefox contains Pocket(tm) integration implies that the one =
agreed to Pocket(tm) ToS. That's the problem.

Was my explanation of one of the problems with Pocket(tm) integrations good=
 enough for you to understand?

I think that you, Ryan, acting as a mozillian, are being too aggressive and=
 owe us an apology. I suspect that you didn't even tried to read Pocket(tm)=
 ToS in the first place, because the problem we're talking about is written=
 in THE FIRST PARAGRAPH of that ToS. And it seems to me that you're acting =
all like "lalala I'm not listening there's no problem you were unable to ex=
plain that to me you trolls therefore there's no problem" - as troll, in ot=
her words.

[1] https://getpocket.com/tos
0
Angly
6/24/2015 1:52:20 PM
We might also wait to see what Gerv comes back with. As I say to my kids,
there's no point arguing about it, look it up. Gerv is currently "looking
it up" or at least trying to. Everything in between is conjecture and will
become irrelevant once we hear from him.

It would be nice, though, to hear from anyone who dealt with the legal side
of this to find out whether this was already taken into consideration
during the planning stages. However employees are mostly all at the work
week right now so we shouldn't expect to hear for a week (unless someone
made following up on this one of their items for the week).

On Wed, Jun 24, 2015 at 9:52 AM, Angly Cat <l1aqus@gmail.com> wrote:

> On Wednesday, June 24, 2015 at 12:39:38 PM UTC+6, Ryan Kelly wrote:
> > I directly challenged you to explain how the Pocket Terms of Service are
> > supposedly activated at install time, how they supposedly apply to every
> > Firefox user regardless of whether they interacted with the Pocket
> > button at all.  You were not able to do so.
>
> > That the Terms themselves appear to claim they're activated at install
> > time is a nonsensical circular argument, powerless until you actually do
> > something that would require agreement to the terms in the first place.
>
> > 1) Explain exactly where the problem is, so we can fix this incredibly
> > serious betrayal of our users sovereignty and trust; or
>
> I accept the challenge. I will do my best trying to explain this as simple
> as possible.
>
> According to the first paragraph of the Pocket(tm) ToS[1]:
>
> > By installing the Pocket(tm) application, visiting our website or
> installing or using any of the Pocket Technologies, you are accepting these
> terms of service. If you do not agree to these terms, please do not install
> our application, access our website or use any of our products or services.
>
> It is UNCLEAR whether Pocket(tm) integration in Firefox counts as
> so-called "Pocket Technologies". We suppose the worst: that is does.
> Therefore the fact the one's Firefox contains Pocket(tm) integration
> implies that the one agreed to Pocket(tm) ToS. That's the problem.
>
> Was my explanation of one of the problems with Pocket(tm) integrations
> good enough for you to understand?
>
> I think that you, Ryan, acting as a mozillian, are being too aggressive
> and owe us an apology. I suspect that you didn't even tried to read
> Pocket(tm) ToS in the first place, because the problem we're talking about
> is written in THE FIRST PARAGRAPH of that ToS. And it seems to me that
> you're acting all like "lalala I'm not listening there's no problem you
> were unable to explain that to me you trolls therefore there's no problem"
> - as troll, in other words.
>
> [1] https://getpocket.com/tos
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>
0
Majken
6/24/2015 3:21:25 PM
On 24/06/15 08:21, Majken Connor wrote:
> We might also wait to see what Gerv comes back with. As I say to my kids,
> there's no point arguing about it, look it up. Gerv is currently "looking
> it up" or at least trying to. Everything in between is conjecture and will
> become irrelevant once we hear from him.

Trying to; Marshall Erwin is the person I need to talk to. He's here at
Whistler, but super-busy. I was just in a meeting with him, but it
wasn't on this topic. I am trying to get a few minutes of his time.

Gerv

0
Gervase
6/24/2015 9:35:14 PM
On 24/06/2015 06:52, Angly Cat wrote:
> I think that you, Ryan, acting as a mozillian, are being too aggressive

In which case, it seems I'm failing badly at two things that are very
important to me:

  1)  Communicating my thoughts and questions clearly
  2)  Not coming off as a jerk

Sorry.  I will avoid participating further in this thread, and look
forward to Gerv coming back with something concrete on the matter.


  Ryan
0
Ryan
6/25/2015 1:14:49 AM
On Wednesday, June 24, 2015 at 1:39:38 AM UTC-5, Ryan Kelly wrote:
>
> Seriously?

Wow, I am having a hard time figuring out how to respond to this.
=20
> I directly challenged you to explain how the Pocket Terms of Service are
> supposedly activated at install time, how they supposedly apply to every
> Firefox user regardless of whether they interacted with the Pocket
> button at all.  You were not able to do so.

I have directly quoted from Pocket's own Terms of Service.
=20
> You raised interesting points about what the terms might imply for users
> and developers after they agreed to them, and interesting points about
> the legal status of third-party re-implementations of the Pocket API.
> But none of it explained how these ToS might come to override the very
> clear open-source license under which the Pocket code inside Firefox is
> distributed.

I have explained already how Pocket already has an override on the spirit i=
n which the Open Source Definition #6 is stated.  There is no practical way=
 today to commercially use the code without violating the Terms of Service.

If this comes down to if a license stamped on a file is OSI approved.  Then=
 you are perfectly right to say the rubber stamp has made it open source ba=
sed on the letter of the law.

If Firefox core integrations is just about following open source to the let=
ter and ignoring the spirit of it then it isn't the browser I thought it wa=
s.  And, also, if that is the case, I really strongly feel the features whi=
ch are only available for non-commercial/personal use should be made clear =
in "about:rights#webservices"
=20
> That the Terms themselves appear to claim they're activated at install
> time is a nonsensical circular argument, powerless until you actually do
> something that would require agreement to the terms in the first place.
>=20
> I'm not a lawyer.  If there were even a hint of a problem here, you
> would not have to work hard to convince me of the possibility.

I get the feeling based on this reply that you clearly ignored my direct qu=
otes of the Terms of Service and probably ignored the majority of everythin=
g else I wrote.  Even when there is a hint of a problem, once you firewalle=
d off what is being said then it will go from hard work to *impossible* to =
convince you of anything.
=20
> But the closest you offered was this:
>=20
> > However, lets say, just for the sake of argument, that Pocket decides i=
t want a web site popularity/rank feature.  Something similar to Google Pag=
eRank or Alexa add-ons.  As part of this (again for the sake of argument), =
the Pocket integration links into the http/https submissions such a log of =
websites visited is periodically compressed and transmitted to Pocket.
> >=20
> > I'm not claiming I have proof Pocket intends to do this.  What I am cla=
iming is the current Terms of Service give themselves the permission to add=
 this type of behavior even if the user never clicks on the Pocket icon and=
 disables the icon from the bar.
>=20
> This is a meaningless hypothetical because *Pocket does not have the
> ability to do this even if they wanted to*.
>
> Nothing here has given Pocket the ability to make arbitrary changes to
> the code shipping in Firefox, and their own ToS are certainly not
> powerful enough to grant them that by fiat.  Mozilla would have to
> accept accept such a change through our normal review procedures and
> include it in a normal Firefox release.

I was demanded to give an example of what could happen and I gave one.  Any=
 such example of what the future has in store for us will be hypothetical. =
=20

The idea that RealNetworks would ever have spyware-like activity included i=
n RealPlayer remains hypothetical until they actually do it.

The idea that RSA BSAFE would use a known weak random generator by default =
remains hypothetical until they actually do it.

The idea that Lenovo would pre-install a Certificate Authority record and a=
lso distribute the private signing key associated remains hypothetical unti=
l they actually do it.

Each of these companies help make the environment of how the web was formed=
 and operated.  Each of these companies are largely good companies that pro=
duce good results for both direct and indirect users.  Each have stumbled a=
t one point and done something that hurts an aspect about the type of web w=
e want.  For how we are building the web of the future, what a company is p=
lanning to do is as important as what it is currently doing.

> The day such code shipped in Firefox would be the day I handed in my
> resignation, and I'm pretty confident I'm not alone in that regard.

It does help me that you are willing to say that.  I'm sure there are other=
s at Mozilla Foundation that feel the same way.  I still don't think code r=
eview should ever be the *first* line of defense.  As part of transparency,=
 code submitters should make an effort to make it clear they are also commi=
tted to the stated mission of Firefox such that the submitter themselves ar=
e the first line of defense.
=20
> If you're really raising these points because you care about Mozilla and
> its mission, please either:
>=20
> 1) Explain exactly where the problem is, so we can fix this incredibly
> serious betrayal of our users sovereignty and trust; or

The problems is the lack of transparency about what is intended for the fut=
ure of this integration.

I am having trouble finding anything statement of intent regarding a roadma=
p from Pocket.

So, normally, with open protocols and APIs, I look to those to determine th=
e limits of what a company will collect.  At first glance, it looks like Po=
cket's API is open as one of the first code comments say where to go get th=
e public API documentation.  However, the actual API calls made in the code=
 itself don't restrict themselves to that.

Ok, the next tier I can look for transparency is what else is stated on the=
 website.  From what I can tell, the closest that Pocket has ever published=
 to a statement of intent for future releases is the Terms of Service.  I w=
ill admit that I'm stuck reading between the lines on what their intent mus=
t be.  However, the only thing they have gotten back to me on is that the A=
PI call is *private* by design.=20

If they would have provided a roadmap or gotten back to me about clarificat=
ion (going on over two weeks now) or provided an actually open API then I w=
ouldn't be resorting to reading between the lines of a ToS.  It isn't just =
the legal aspects to the ToS as much as it also gives insight into the mind=
set of the authors.
=20
> 2) Stop spreading this unsubstantiated FUD.

You are right, I shouldn't have given examples of how things could play out=
 in the future.  Lets just stick with the facts of why I find the current s=
ituation alarming:

(1) Mozilla Foundation's code review has let through code which lacks trans=
parency in the API calls it makes.  Instead it introduces an private "/v3/f=
irefox/*" namespace they have no intention of providing documentation for.

(2) Pocket has no clearly written roadmap or statement of intent for future=
 releases of Pocket integration.

(3) Tyler Downer of Mozilla Foundation is able to "RESOLVE" a bug submissio=
n regarding the Pocket integration in less than 90 minutes (the "INVALID" f=
lag I agree with but the "RESOLVE" sends a very different message)

(4) Mike Connor has made some alarming statements in this thread about the =
future of transparency of Mozilla Foundation.

(5) Ryan Kelly wants me to just shut up about the ToS because the code has =
a license that is OSI approved (and honoring OSD #6 in a practical way just=
 doesn't matter--I guess?)

> I'm completely serious about (1).  If what you describe above really is
> happening to our users when they install this release, IMHO that's a
> chemspill of the highest order and we need to scramble all our resources
> to fix it.  It's a serious enough allegation that I just can't bring
> myself to leave the claims above unchallenged.
>=20
> But I haven't seen any meaningful attempt to explain how that's actually
> happening.  You just keep asserting it as though it were fact.

I'm asserting that the mixture of all of things lay out dots that when conn=
ected produce a drawing of a big red flag.  If you want to dissect that the=
n you will be left scrutinizing a mere set of dots.  I will have a hard tim=
e defending a mere dot as being alarming, it is the whole picture I'm askin=
g to be looked into.

Just as staying under budget requires looking at the sum of expenses, I was=
 expecting to be able to look at the sum of what Pocket has published (and =
what they have kept secret/private).  Does that sum add up to the "best way=
" of getting this feature for a browser built around transparency?
=20
> Of course, the alternative is:
>=20
> 3) Continue trolling us with vague claims of automagic Terms of Service
>=20
> At which point I will attempt to just let this thread die...

Great.  Fine.  I give up.  This clearly has all been about trolling because=
 I really just want to sabotage this wonderful contribution that could not =
have been done in any other better way.  There is actually no red flags to =
see here.  Everything is wonderfully transparently done.  Terms of Service =
can't possibly apply to non-users of Pocket in any country that Firefox is =
used.  No one deserves any type of clarification since Pocket seems to not =
want to give it and even asking for clarification is just "trolling" anyway=
s.  I get it.
0
B
6/25/2015 4:10:14 AM
On 22/06/15 22:46, B Galliart wrote:
> However, lets say, just for the sake of argument, that Pocket decides
> it want a web site popularity/rank feature.  Something similar to
> Google PageRank or Alexa add-ons.  As part of this (again for the
> sake of argument), the Pocket integration links into the http/https
> submissions such a log of websites visited is periodically compressed
> and transmitted to Pocket.

OK, now you have a seriously large tinfoil hat on. What makes you think
that, even if the Pocket engineers decided to write the code for such a
feature, Mozilla would consider integrating it for even a second?

> I'm not claiming I have proof Pocket intends to do this.  What I am
> claiming is the current Terms of Service give themselves the
> permission to add this type of behavior even if the user never clicks
> on the Pocket icon and disables the icon from the bar.

Pocket engineers do not have unrestricted and unbackoutable checkin
rights to the Firefox source code tree.

Gerv
0
Gervase
6/26/2015 3:03:46 PM
On 25/06/2015 03:14, Ryan Kelly wrote:

> On 24/06/2015 06:52, Angly Cat wrote:
>> I think that you, Ryan, acting as a mozillian, are being too aggressive
> 
> In which case, it seems I'm failing badly at two things that are very
> important to me:
> 
>   1)  Communicating my thoughts and questions clearly
>   2)  Not coming off as a jerk
> 
> Sorry.  I will avoid participating further in this thread, and look
> forward to Gerv coming back with something concrete on the matter.

I don't see why a heated discussion on a controversial topic should
make you flee. Were you a little bit aggressive? Probably. Were some
others a little bit aggressive? Probably too. Were you offending? I
don't think so. Were you off-limits? IMHO, no.

Stay please. Real engineers give their opinion when they have one
and good engineers are passionnate, hence the potential heat. Just
another day at the office ;-)

</Daniel>

0
Daniel
6/26/2015 3:15:19 PM
On Friday, June 26, 2015 at 10:04:19 AM UTC-5, Gervase Markham wrote:
> On 22/06/15 22:46, B Galliart wrote:
> > However, lets say, just for the sake of argument, that Pocket decides
> > it want a web site popularity/rank feature.  Something similar to
> > Google PageRank or Alexa add-ons.  As part of this (again for the
> > sake of argument), the Pocket integration links into the http/https
> > submissions such a log of websites visited is periodically compressed
> > and transmitted to Pocket.
>=20
> OK, now you have a seriously large tinfoil hat on. What makes you think
> that, even if the Pocket engineers decided to write the code for such a
> feature, Mozilla would consider integrating it for even a second?

Again, that was an example of how the *language of the ToS* is alarming and=
 not a statement about Mozilla code review.  If that type of language was j=
ust thrown in as boiler plate and not part of how Pocket will operate in th=
e future, then what is the harm in removing it?

It should also be noted that Firefox is now promoting a brand and ecosystem=
 that is not fully under it's full control.  Not all changes to that ecosys=
tem go through the Firefox code review process.  I don't have proof that Po=
cket will do anything malicious and would like to believe they are a good a=
ddition to Firefox.  However, it seems dangerous to start a trend of introd=
ucing brands into Firefox that greatly lack transparency and has as this ty=
pe of ToS language.  If we are to expect further integrations of this natur=
e, the it may reach a critical mass where one of the companies involved doe=
s something to erode the concept of the web we want.  Using code review as =
the first line of defense means only the actions that directly impact Firef=
ox get caught instead of the full environment.  Just the fact they would wr=
ite anything that claims it in their rights to submit such code to me deser=
ves clarification.  I just want to understand the reasoning for this langua=
ge in their ToS and what the intend to do with it.

However, I will admit that based on how the Mozilla Foundation is run today=
, that such a code would not last a full 1000 milliseconds of consideration=
 and also never reach a nightly release.  I understand why anyone would get=
 upset about discussing how the install-time activation of the ToS would ha=
ve any practical harm.

But, I still have yet to hear from anyone on a how this integration adheres=
 to the Open Source Definition #6 criterial in a practical way.  How can th=
ere be an *legal* commercial use of this integration *today*?  If core func=
tionality integrated from Firefox is deviating from practical application o=
f OSD, then should the Know Your Right document be updated accordingly?
=20
> > I'm not claiming I have proof Pocket intends to do this.  What I am
> > claiming is the current Terms of Service give themselves the
> > permission to add this type of behavior even if the user never clicks
> > on the Pocket icon and disables the icon from the bar.
>=20
> Pocket engineers do not have unrestricted and unbackoutable checkin
> rights to the Firefox source code tree.

I was not trying to claim they did.  I believed that I was asked for an exa=
mple of what actions the *ToS* permits and why I find that language alarmin=
g.  At least that is the question I attempted to answer.

If I offended anyone by implying that Pocket somehow now has unrestricted a=
ccess to what will appear in the next nightly, I am sorry.  That wasn't wha=
t I was trying to say at all.

If you want to claim the tinfoil hat has come out in relation to my request=
 for clarification, then I am fine with that.  It seems lately that nitpick=
ing any criticism has become more important than getting them resolved.  Bu=
t the funny thing about privacy is it is much easier to lose than it is to =
keep and once it is out, there is really no getting it back.

I will admit that is at least easy to clear up the "who" of Pocket as there=
 are interviews and articles available about Nate Weiner.  Overall the inte=
nt of Pocket appear to be neither evil or malicious.  But there are still h=
ow/why items that they seem to be refusing to answer:

- What is on the roadmap for this integration?

- Why is this aggressive language needed in the ToS?

- Why is a private/undocumented API needed and used?

- Why is the only server currently compatible with the Firefox integration =
of Pocket available only for non-commercial use?

- Do they plan to take any legal action against compatible servers which cl=
one the protocol?

If tomorrow (or any other day in the near future) Pocket started clarifying=
 the issues and it turned out all of these secrets where just oversight in =
them being transparent/open then I will be a lot happier.  But I don't thin=
k we are even to the point of an ETA on reaching that.  So far Pocket has n=
ot been very open.

0
B
6/27/2015 5:51:51 AM
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Kjp1GIw0hUU8XABN4n7mbaCWmM45qMm19
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 26/06/15 22:51, B Galliart wrote:
> - Why is a private/undocumented API needed and used?

At a quick glance, it seems pretty well documented:
http://getpocket.com/developer/docs/overview

> - Why is the only server currently compatible with the Firefox integrat=
ion of Pocket available only for non-commercial use?
>=20
> - Do they plan to take any legal action against compatible servers whic=
h clone the protocol?
>=20
> If tomorrow (or any other day in the near future) Pocket started clarif=
ying the issues and it turned out all of these secrets where just oversig=
ht in them being transparent/open then I will be a lot happier.  But I do=
n't think we are even to the point of an ETA on reaching that.  So far Po=
cket has not been very open.

Have you attempted to contact them?

Cheers,
 David


--=20
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla


--Kjp1GIw0hUU8XABN4n7mbaCWmM45qMm19
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVjkpKAAoJED+FkPgNe9W+qUMIAIDtDL5fvAGBiyAF6XqfPNwW
pq9Cflo/8rEgtkZQ9IM3KFyDuE4wsO8BMBtRjqqP7ZBJ/Ar8M1mQe7zZeNfvN91B
Ej31pE+6NO+GaOcVCyYvRgp6qmmhZIYCSPCiQNgy7uEBNWaF24p+TYwVfJijeZgN
w9m8QOTjmJ0TrVEj8KcbcjxnHuY3AwUuRJHZIqZ+9sJODVWTtOrPgpyxeROJDjct
mX5ofLgRRqsnTZYq5X4oVnIeu1BG+xEtbfRJb7IAy1f8h+fmOuiChYjJF+R0/Us3
9dU4qtIkQE7xDW4mcLcxN+Kj9E7nxOx3ht7Lj9H3Gg+yMuIwlgZXICgpGjRrbX0=
=REqL
-----END PGP SIGNATURE-----

--Kjp1GIw0hUU8XABN4n7mbaCWmM45qMm19--
0
David
6/27/2015 7:01:25 AM
On Saturday, June 27, 2015 at 2:01:40 AM UTC-5, David Rajchenbach-Teller wr=
ote:
> On 26/06/15 22:51, B Galliart wrote:
> > - Why is a private/undocumented API needed and used?
>=20
> At a quick glance, it seems pretty well documented:
> http://getpocket.com/developer/docs/overview

Great, can you provide a link to the document that documents "/v3/firefox/s=
ave" since that is one of the API calls used by the Firefox integration.

> > - Why is the only server currently compatible with the Firefox integrat=
ion of Pocket available only for non-commercial use?
> >=20
> > - Do they plan to take any legal action against compatible servers whic=
h clone the protocol?
> >=20
> > If tomorrow (or any other day in the near future) Pocket started clarif=
ying the issues and it turned out all of these secrets where just oversight=
 in them being transparent/open then I will be a lot happier.  But I don't =
think we are even to the point of an ETA on reaching that.  So far Pocket h=
as not been very open.
>=20
> Have you attempted to contact them?

I have.  So far the only thing they have gotten back to me on is that "/v3/=
firefox/save" is a "private end-point."
0
B
6/27/2015 7:50:00 AM
On Friday, June 5, 2015 at 2:59:56 PM UTC-7, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.

Agreed
0
andrew
6/30/2015 10:22:26 PM
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hrsmxnCxUerglXvedE1xNTBqcdr1JqfiT
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 27/06/15 09:50, B Galliart wrote:
> On Saturday, June 27, 2015 at 2:01:40 AM UTC-5, David Rajchenbach-Telle=
r wrote:
>> On 26/06/15 22:51, B Galliart wrote:
>>> - Why is a private/undocumented API needed and used?
>>
>> At a quick glance, it seems pretty well documented:
>> http://getpocket.com/developer/docs/overview
>=20
> Great, can you provide a link to the document that documents "/v3/firef=
ox/save" since that is one of the API calls used by the Firefox integrati=
on.

Filed bug 1179699 to get it documented.

Cheers,
 David

--=20
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla


--hrsmxnCxUerglXvedE1xNTBqcdr1JqfiT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVlQnwAAoJED+FkPgNe9W+Oj0IALxWzvC57d7N4hq+J30Syit8
8INaBnFcddj+WT8giQ8JpVB8y7C9Dq/P1D9c3P7/Z1o1p+vD3ocgbX/wedDWT90X
3y2TSILFBZ3FHwPgti3Z6/SSQXAnjHJkLa6+sW8PBBCsr15L+GltcBlJ5IWSvjYW
nvrHBPmiF2Dg6xcD3KxHebRakxNfTiL63Gp1HNvjFix4Byo31eXv5tED3wgyBgCv
UbWQIlBgjAGA5y6XSixnb1YdFYFoFHpmvqDHdv70zQTVQ624wN8HXai8yw6V1FOw
5+Cpx1E6zT42vlswfNx6fvsBu/hFKkX5i6l1F5QSGkfuoWlOd2qs+pm14Rey4Ss=
=LmFs
-----END PGP SIGNATURE-----

--hrsmxnCxUerglXvedE1xNTBqcdr1JqfiT--
0
David
7/2/2015 9:52:44 AM
On Thursday, July 2, 2015 at 4:52:58 AM UTC-5, David Rajchenbach-Teller wro=
te:
> On 27/06/15 09:50, B Galliart wrote:
> > On Saturday, June 27, 2015 at 2:01:40 AM UTC-5, David Rajchenbach-Telle=
r wrote:
> >> On 26/06/15 22:51, B Galliart wrote:
> >>> - Why is a private/undocumented API needed and used?
> >>
> >> At a quick glance, it seems pretty well documented:
> >> http://getpocket.com/developer/docs/overview
> >=20
> > Great, can you provide a link to the document that documents "/v3/firef=
ox/save" since that is one of the API calls used by the Firefox integration=
..
>=20
> Filed bug 1179699 to get it documented.

Thanks for that.

I was losing faith in the Firefox bug track system accomplishing anything. =
 I had tried commenting that the integration should require an update to th=
e "About Your Rights" document.  Justin Dolske marked my comment hidden and=
 closed the bug.

To date, no one from the Mozilla Foundation has been able to explain a prac=
tical method to legally use this integration commercially (as required by t=
he Open Source Definition #6).  If the best way to keep Firefox relevant re=
quires integration of web services which violate OSD #6, I will learn to li=
ve with that.  But I still think it the deviation should be at least stated=
 in the service terms section of About Your Rights.
0
B
7/3/2015 12:55:31 AM
On 03/07/15 01:55, B Galliart wrote:
> To date, no one from the Mozilla Foundation has been able to explain
> a practical method to legally use this integration commercially (as
> required by the Open Source Definition #6). 

You can accept my assurance that the Pocket TOS do not prevent you using
Pocket in a commercial environment; or you can wait for what I hope will
be a more formal reply to the points raised in this thread in a few days.

Gerv
0
Gervase
7/6/2015 4:22:45 PM
On Monday, July 6, 2015 at 10:23:22 PM UTC+6, Gervase Markham wrote:
> You can accept my assurance that the Pocket TOS do not prevent you using
> Pocket in a commercial environment; or you can wait for what I hope will
> be a more formal reply to the points raised in this thread in a few days.
>=20
> Gerv

Disclaimer: I'm a bit confused with your wording. Therefore disregard my me=
ssage if "Pocket TOS do not prevent you using Pocket in a commercial enviro=
nment" means "Pocket TOS do not prevent you using Firefox (except integrate=
d Pocket) in commercial way" rather than "Pocket TOS do not prevent you usi=
ng Pocket (integrated in Firefox) in commercial way".

I searched the word "commercial" in Pocket(tm) ToS (Posted May 28, 2014)[1]=
 and found 6 matches:
3 (three) matches are about personal, non-commercial use;
1 (one) match is about them granting a user personal non-commercial rights;
1 (one) match is about them explicitly prohibiting any use of the Pocket Te=
chnologies in commercial way;
And the last 1 (one) match is about the only way to use the Pocket Technolo=
gies in commercial way:

> If you want to make commercial use of any of the Pocket Technologies, you=
 must enter into a separate written agreement with us in advance.

Feel free to verify my words. So, sadly, unless you're officially from "Rea=
d It Later, Inc.", your assurance means nothing.

[1] https://getpocket.com/tos
0
Angly
7/6/2015 4:59:29 PM
On Monday, July 6, 2015 at 11:59:35 AM UTC-5, Angly Cat wrote:

> Disclaimer: I'm a bit confused with your wording. Therefore disregard my =
message if "Pocket TOS do not prevent you using Pocket in a commercial envi=
ronment" means "Pocket TOS do not prevent you using Firefox (except integra=
ted Pocket) in commercial way" rather than "Pocket TOS do not prevent you u=
sing Pocket (integrated in Firefox) in commercial way".
>=20
> I searched the word "commercial" in Pocket(tm) ToS (Posted May 28, 2014)[=
1] and found 6 matches:
> 3 (three) matches are about personal, non-commercial use;
> 1 (one) match is about them granting a user personal non-commercial right=
s;
> 1 (one) match is about them explicitly prohibiting any use of the Pocket =
Technologies in commercial way;
> And the last 1 (one) match is about the only way to use the Pocket Techno=
logies in commercial way:
>=20
> > If you want to make commercial use of any of the Pocket Technologies, y=
ou must enter into a separate written agreement with us in advance.
>=20
> Feel free to verify my words. So, sadly, unless you're officially from "R=
ead It Later, Inc.", your assurance means nothing.
>=20
> [1] https://getpocket.com/tos

I am also confused about the wording.  However, in-between the lines this r=
eads like it is coming from someone that knows something more but is unable=
 to talk about it publically at the moment.

I think we both agree that to address issues like the USA's CFAA requires t=
he ToS itself to be updated.  Also, requiring permission in writing is stil=
l a form of "discrimination against a field of endeavor" which OSD #6 would=
 prohibit.  But it might be implied that eventually that a ToS update is ex=
actly what will happen.

The big picture question is why has it reached this point of having to disc=
uss this at all on the mailing list?  Why didn't Mozilla Manifesto #7 resul=
t in a check-list for the integration that required OSD #6 compliance to be=
 part of the integration process?  The answer to that seems to be provided =
in two places:

(1) Mike Connor's post in this thread on June 17th makes it clear the Mozil=
la Foundation's "master goal" puts Mozilla Manifesto Principle #9 as the on=
ly priority and throws out the rest.

(2) Mike Connor's statements seem to be backed by Justin Dolske's actions o=
f marking the issue related to OSD compliance as hidden due to "advocacy" a=
nd then close the integration process as completed.  This would seem to vio=
late Mozilla Manifesto #7 and Manifesto #8 if those still mattered.

But don't degrade the assurance now given to the status of meaning nothing.=
  It is probably a baby step forward.  The bigger question is if overall ar=
e we taking steps forward in the grand scheme towards re-affirming the enti=
re Mozilla Manifesto for all integrations to come or just putting a medical=
 wrap on the current issue.  For that, I guess only time will tell but I wi=
ll take every little "win" that we can get.

However, if there is now Mozilla Foundation employees that have framed prin=
ciple #9 in gold and have the rest printed on toilet paper much like Mike C=
onnor and Justin Dolske seem to, then I think we will be stuck taking two s=
teps back for every step forward.  Even then, I would not go as far as to s=
ay the Mozilla Foundation or Firefox mean nothing, they just will mean some=
thing very different than what the Mozilla Manifesto says.
0
B
7/6/2015 11:34:56 PM
This thread hasn't been going anywhere productive for a while. Posts are
getting longer, and carry increasing amounts of heavily stretched
assertions and what feel like attacks on the integrity and good faith of
those involved. I think Gerv has an action to follow up on issues with the
Pocket TOS, Other than that it's mostly opinion and differing
interpretations of the Manifesto, so we're not going to get anywhere.

That said, I _really_ don't like character attacks, so I'm going to address
some of those below.

On 6 July 2015 at 19:34, B Galliart <bgallia@gmail.com> wrote:

>
> (1) Mike Connor's post in this thread on June 17th makes it clear the
> Mozilla Foundation's "master goal" puts Mozilla Manifesto Principle #9 as
> the only priority and throws out the rest.
>

This is a willful and absurd misreading of my statements. My statement is
that we don't have an obligation to build an open version of every service
on the internet. And that partnering with commercial interests is something
to be balanced against openness, but explicitly not forbidden.  If you know
my history with the project, I hope you can understand where this sort of
rhetoric and characterization is actually deeply offensive.


> (2) Mike Connor's statements seem to be backed by Justin Dolske's actions
> of marking the issue related to OSD compliance as hidden due to "advocacy"
> and then close the integration process as completed.  This would seem to
> violate Mozilla Manifesto #7 and Manifesto #8 if those still mattered.
>

I'm not sure where OSD compliance came into the picture. To the best of my
knowledge, the OSD has never been viewed as an obligation.  (The first time
I had this argument was in 2005 or so, if we've made public statements to
the contrary I must have missed them.)  We believe openness and
transparency win, but we've always balanced that against pragmatism.

On the specific issue of #6, and what I assume is your concern around the
TOS, I'm reasonably certain that "personal, non-commercial use" doesn't
quite mean what you think it means, and is meant to exclude commercial
services from using Pocket as the backend for their own products. I'll let
Gerv track that with the legal folks, as it'd be absurd to ship a feature
that can't be used inside of a commercial environment. OSD or not, that'd
simply be a terrible idea.

However, if there is now Mozilla Foundation employees that have framed
> principle #9 in gold and have the rest printed on toilet paper much like
> Mike Connor and Justin Dolske seem to, then I think we will be stuck taking
> two steps back for every step forward.  Even then, I would not go as far as
> to say the Mozilla Foundation or Firefox mean nothing, they just will mean
> something very different than what the Mozilla Manifesto says.


I'm not going to reply to this type of baseless attack directly, except to
say that making personal attacks against my integrity is a _really_ bad way
to change my mind, and detracts from your legitimate concerns.  If you
actually want to help, I'd recommend starting by reassessing your tendency
to assume bad faith. As I've explained recently to a friend and Mozillian,
it's one of the most toxic things you can do if you want to be a force for
good. Your heart seems to be in the right place, but your words are not.

-- Mike
0
Mike
7/7/2015 1:26:26 AM
On Monday, July 6, 2015 at 8:26:34 PM UTC-5, Mike Connor wrote:
> On 6 July 2015 at 19:34, B Galliart <bgallia@gmail.com> wrote:
>=20
> >
> > (1) Mike Connor's post in this thread on June 17th makes it clear the
> > Mozilla Foundation's "master goal" puts Mozilla Manifesto Principle #9 =
as
> > the only priority and throws out the rest.
> >
>=20
> This is a willful and absurd misreading of my statements. My statement is
> that we don't have an obligation to build an open version of every servic=
e
> on the internet. And that partnering with commercial interests is somethi=
ng
> to be balanced against openness, but explicitly not forbidden.  If you kn=
ow
> my history with the project, I hope you can understand where this sort of
> rhetoric and characterization is actually deeply offensive.

I'm sorry, you are right that I don't know enough about your history with t=
he project.  I should have let your words from June 17th speak for themselv=
es rather than try to provide my own summary.

> > (2) Mike Connor's statements seem to be backed by Justin Dolske's actio=
ns
> > of marking the issue related to OSD compliance as hidden due to "advoca=
cy"
> > and then close the integration process as completed.  This would seem t=
o
> > violate Mozilla Manifesto #7 and Manifesto #8 if those still mattered.
> >
>=20
> I'm not sure where OSD compliance came into the picture. To the best of m=
y
> knowledge, the OSD has never been viewed as an obligation.  (The first ti=
me
> I had this argument was in 2005 or so, if we've made public statements to
> the contrary I must have missed them.)  We believe openness and
> transparency win, but we've always balanced that against pragmatism.

Maybe that is part of the problem then.  I thought OSD was implied by Mozil=
la Manifesto Principle #7 ("Free and open source software promotes the deve=
lopment of the Internet as a public resource").  "Open Source" is more than=
 just publishing the source code, it has a strict set of 10 rules that must=
 all apply.  Once one rule is thrown out, what you are left with is "Source=
 Code Available" software rather than Open Source.  If Manifesto #7 really =
means Source Available instead of Open Source, then just modify it accordin=
gly.  It is also confusing what parts of the Mozilla Manifesto still hold u=
nder the rule of pragmatism and which are just published now for show.

> On the specific issue of #6, and what I assume is your concern around the
> TOS, I'm reasonably certain that "personal, non-commercial use" doesn't
> quite mean what you think it means, and is meant to exclude commercial
> services from using Pocket as the backend for their own products. I'll le=
t
> Gerv track that with the legal folks, as it'd be absurd to ship a feature
> that can't be used inside of a commercial environment. OSD or not, that'd
> simply be a terrible idea.

Starting with your last point, I don't know if I agree with that shipping a=
 feature that can't be used inside a commercial environment is completely a=
 terrible idea.  I don't want HR signing up employees for an integrated dat=
ing system (if such an integration comes to pass).  My point isn't if OSD #=
6 needs to always apply as much as if Mozilla Manifesto #7 implies OSD #6 t=
hen any deviation should be clearly stated in the About Your Rights under t=
he web based information services.  I have been upset because neither a cla=
rification on OSD #6 or an update to the document has been performed.  Inst=
ead, the integration gets a rubber stamp of complete without any considerat=
ion to the issue.  It shouldn't be that issues that come up regarding the m=
anifesto should just be marked hidden for advocacy and closed.

As far as what I think "personal/non-commercial" means, I have considered t=
hat to also mean the exclusion of alternative servers.  That seems to be ex=
actly the reason why the integration API is made up of "private end-points"=
 rather than the documented ones.  Bust just like with the client, OSD #6 m=
eans for there to be any open source implementation of the server side, it =
must allow for commercial use of the software.  As such, by prohibiting com=
mercial use of Firefox integration protocol compatible servers is also proh=
ibiting any practical method to provide open source servers as well.

So then how does the Mozilla Manifesto #6 ("The effectiveness of the Intern=
et as a public resource depends upon interoperability (protocols, data form=
ats, content), innovation and decentralized participation worldwide.") stil=
l play any role with an integration that depends on a single vendor's serve=
rs?

I think (if I am not misreading your June 17th post incorrrectly again) tha=
t you were stating that Pocket integration is key to attract and retain use=
rs.  But if it is that important, then where is the redundancy in keeping t=
hese users?  What if Pocket changes the ToS or privacy policy in a way that=
 a large portion of users don't agree to?  How do they continue to use the =
integration?  Or what if Pocket get bought out the same way OnLive was and =
the service shuts down in 30 days?  I don't see a protocol for a single ven=
dor as promoting interoperability or being decentralized.  It seem like clo=
sing off other Firefox integration compatible servers (including open sourc=
e servers) goes even farther in the realm of terrible ideas.
=20
> I'm not going to reply to this type of baseless attack directly, except t=
o
> say that making personal attacks against my integrity is a _really_ bad w=
ay
> to change my mind, and detracts from your legitimate concerns.  If you
> actually want to help, I'd recommend starting by reassessing your tendenc=
y
> to assume bad faith. As I've explained recently to a friend and Mozillian=
,
> it's one of the most toxic things you can do if you want to be a force fo=
r
> good. Your heart seems to be in the right place, but your words are not.

You are correct, I have gotten toxic and I am sorry.  I have a hard time be=
lieving people see the concerns as legitimate in a world where "advocacy" i=
s just marked hidden and disregarded.
0
B
7/7/2015 5:44:56 AM
On 06/07/15 17:59, Angly Cat wrote:
> Disclaimer: I'm a bit confused with your wording. Therefore disregard
> my message if "Pocket TOS do not prevent you using Pocket in a
> commercial environment" means "Pocket TOS do not prevent you using
> Firefox (except integrated Pocket) in commercial way" rather than
> "Pocket TOS do not prevent you using Pocket (integrated in Firefox)
> in commercial way".

I mean "Pocket TOS does not prevent you from using Pocket (integrated
into Firefox) in a commercial environment.

>> If you want to make commercial use of any of the Pocket
>> Technologies, you must enter into a separate written agreement with
>> us in advance.

"Commercial use" in this context basically means "selling the service".
It does not mean "using it as an individual user in the course of your
business". As I said, all Firefox users can use Pocket in any context.

Like I said, I hope to have a more formal reply on this topic from
someone at Mozilla soon.

Gerv
0
Gervase
7/7/2015 12:07:49 PM
On Tuesday, July 7, 2015 at 6:08:25 PM UTC+6, Gervase Markham wrote:
> "Commercial use" in this context basically means "selling the service".
> It does not mean "using it as an individual user in the course of your
> business".

Disclaimer: once again I'm confused by your wording, Gerv. (It's like you d=
o it intentionally to confuse us, haha).
I wrote the following message in assumption that by "selling the service" y=
ou meant "sub-licensing THE Pocket(tm) service" and not "making money by pr=
oviding any other profitable service (as activity) that includes any use of=
 Pocket(tm)". If so...

I'm sorry, Gerv, but I don't buy it. "Selling the service" (aka "sub-licens=
ing") is indeed included in "commercial use" activity variations, but "comm=
ercial use" is not limited to just "sub-licensing". Unless it defined expli=
citly in Pocket(tm) ToS, I see no reason to not think of "commercial use" d=
efinition in general way as "any use that is a part of revenue generating a=
ctivity, that is, making money".=20

> As I said, all Firefox users can use Pocket in any context.

So you're basically saying that any Firefox user is allowed to, for example=
:
(1) teach other people how to use Pocket(tm) and take money for this;
(2) get paid for showing to someone their list of pages saved in Pocket(tm)=
;
(3) get paid for just using Pocket(tm);
and so on.
Am I wrong?

P.S.: Please don't think of me as of some kind of troll, I'm just confused =
in the whole situation and eager to find out the truth.
0
Angly
7/7/2015 1:28:33 PM
On 07/07/15 14:28, Angly Cat wrote:
> I'm sorry, Gerv, but I don't buy it. "Selling the service" (aka
> "sub-licensing") is indeed included in "commercial use" activity
> variations, but "commercial use" is not limited to just
> "sub-licensing". Unless it defined explicitly in Pocket(tm) ToS, I
> see no reason to not think of "commercial use" definition in general
> way as "any use that is a part of revenue generating activity, that
> is, making money".

The reason not to think of it that way is because I'm telling you that
it's not intended that way, and that Mozilla and Pocket don't understand
it that way. But again, there's no point in continuing this discussion.
I hope to have a more formal reply for you soon. If you don't believe
that statement, then I can't help you.

>> As I said, all Firefox users can use Pocket in any context.
> 
> So you're basically saying that any Firefox user is allowed to, for
> example: (1) teach other people how to use Pocket(tm) and take money
> for this; 

Yes.

> (2) get paid for showing to someone their list of pages
> saved in Pocket(tm); 

I'm not sure why anyone would ever pay for that...

> (3) get paid for just using Pocket(tm); 

Why would someone (apart from Pocket, Inc., perhaps) ever pay for that?

Gerv
0
Gervase
7/8/2015 9:24:22 AM
On 07/07/2015 06:44, B Galliart wrote:
> I have a hard time believing people see the concerns as legitimate in a world where "advocacy" is just marked hidden and disregarded.

I considered responding to this point earlier and didn't, because I 
didn't want to fan the flames of this thread. Seeing as it's brought up 
again:

You commented on an engineering "implement all this stuff" tracker bug. 
Your comment was based on your interpretation of the ToS and without any 
checks with anyone like our or Pocket's legal department, and made some 
very concrete and user-hostile UI/UX suggestions, not just "hey, maybe 
we should be thinking about this".

Bugzilla, as far as the engineering products are concerned (there are 
also Legal and Marketing and goodness-knows-what in bugzilla, but 
nevermind that for now), really really sucks as a discussion forum for 
"why" or "what should/shouldn't we do" questions, rather than "here's an 
issue and we should fix it in this way / that way".

You commented on an engineering bug and the engineers involved didn't 
think your comment was helping the bug in question get resolved 
correctly. We tag comments in cases like that (including our own, e.g. 
if our understanding of the "how are we fixing this issue" or "what is 
the root cause of this issue" changes, sometimes older comments get 
tagged "obsolete", which also causes them to be hidden).

We do this because that way a bug page is more readable and we can get 
work done effectively. It's not a value judgment on the intent of the 
comment (which is almost always good) or the person making the comment. 
Context is important, and this bug was not the right context for your 
comment. That doesn't mean people don't think it's a legitimate concern, 
but it does mean that it wasn't contributing to the bug in question.

Really, this thread was a better way to engage with the issue, but if 
you would have wanted to use bugzilla, filing a separate bug in the 
legal product would probably have been the "right" way to do so; at this 
point I'm confident Gerv has contacted the relevant people already and 
they will hopefully respond here soon (ie filing a legal bug right now 
is unlikely to accomplish anything apart from confusion as to the best 
place to reply etc.).

~ Gijs
0
Gijs
7/8/2015 10:03:16 AM
Still no "more formal reply"...  I'm kinda on tenterhooks here, wondering if I'll have to switch (after, OMG, 16 years) to SRWare Iron or something.

I wonder if EFF will switch for TorBrowser?  RMS must be biting his feet over this.
0
stephen
7/10/2015 4:22:03 PM
I can't believe this crap is still being bundled with Firefox with this much "dicussion" as to whether this should be bundled or not.

The simple answer is: REMOVE POCKET FROM FIREFOX. If I want Pocket I'll install an extension like everything else.

I am tired of waiting so as of today, I'm removing Firefox from my computer and no longer recommending it to friends.

On Friday, June 5, 2015 at 5:59:56 PM UTC-4, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=1172126. There are some comments on Hacker News at https://news.ycombinator.com/item?id=9667809).
> 
> Mozilla's recent integration with Pocket, a proprietary third-party service, is a mistake.
0
jeevan
7/13/2015 4:40:28 AM
I don't usually get involved in these sorts of discussions, but I have to v=
oice my objection to this decision. There was no consultation that I could =
tell. I only started using Pocket a few months ago, so I didn't really noti=
ce when the icon moved on my toolbar. But now it's no longer a removable ad=
d-on (heck, the Service set-up was bad enough), I am concerned for my priva=
cy. Baking this into the core code raises a lot of questions - is it sandbo=
xed correctly, like a conventional add-on? Can it be exploited if it's incl=
uded by default with millions of browsers? With the current state of online=
 security, these questions should have been at the top of everyone's lists =
when the deal was on the table.

I write this as a very long-term Firefox user (since version 1). Firefox ha=
s always been what I wanted from a browser - infinitely customisable. By ad=
ding what was a 'customisation' into core code, this is betraying one of Fi=
refox's core principals.

I get that Mozilla has to make money to continue to develop (what used to b=
e) a great browser, but I'll echo other people - this could have been a bun=
dled add-on. Give people the choice. That's what Firefox was always about. =
Otherwise, Mozilla is going to alienate many thousands of loyal users by be=
coming what they always stood against.
0
quantumparticleresea
7/13/2015 9:23:31 AM
On Friday, June 5, 2015 at 10:59:56 PM UTC+1, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Ther=
e are some comments on Hacker News at https://news.ycombinator.com/item?id=
=3D9667809).
>=20
> Mozilla's recent integration with Pocket, a proprietary third-party servi=
ce, is a mistake.
>=20
> It is very exciting to see the ways in which Firefox continues to improve=
.. And it's even more exciting to see the ways that Mozilla advances it's st=
ated mission outside of the Firefox browser with new developments like Fire=
fox Accounts. Pocket now allows you to log in on their site using your Fire=
fox Account; being able to authenticate with a trusted third party like Moz=
illa is a huge win for online privacy advocates and the Mozilla community. =
However, adding Pocket as a built-in feature to Firefox should not have bee=
n done.
>=20
> This is particularly surprising since it was Firefox that made browser ex=
tensions mainstream. Pocket should have been an extension (in fact, a Pocke=
t extension used to exist). It could have even been bundled with the browse=
r. This distinction is important, since extensions can be removed entirely,=
 whereas currently Pocket can only be disabled.=20
>=20
> The user experience of disabling Pocket is not good, either. It needs to =
be disabled in about:config, which is not at all user friendly, and therefo=
re not in line with Mozilla's mission. In the past, Mozilla has been very g=
ood about showing the user what new features have been added to the interfa=
ce and explaining any privacy implications that may come with them. That is=
 why I was so surprised when the Pocket icon suddenly appeared in Firefox D=
eveloper Edition a couple days ago. It is so unlike Mozilla to introduce so=
mething like that, I ran a virus scan and checked what programs had been in=
stalled recently -- I assumed it had been put there in the same way that IE=
 users used to get the Ask Toolbar installed.=20
>=20
> It may also not be clear to some users that, even when signing in with yo=
ur Firefox account, you are still giving your email address to a third part=
y whose privacy policy is different than Mozilla's. Many users would not as=
sume this, since it is a feature that is bundled with the browser.
>=20
> Mozilla's recent blog post about the Pocket feature is titled "Firefox Pu=
ts You in Control of Your Online Life" (https://blog.mozilla.org/blog/2015/=
06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been comi=
ng from a startup, that post would be humorously ironic. But given how much=
 people care about Mozilla and it's stated mission, it is more painful than=
 funny.
>=20
> Firefox should continue to add new features that benefit its users, but t=
hose features must be done in accordance with Mozilla's core values. This f=
eature should've been done as an extension, which allows for greater user c=
hoice and avoids bloat. Most importantly, there was very little public disc=
ussion about this inclusion of a proprietary, third-party service. It's a h=
uge departure from Mozilla's commitment to transparency. The existence of t=
he Pocket code in Firefox is a bug in the browser, and it does not adhere t=
o Mozilla's core mission.

I also vote to remove pocket from the main product. As an extension the use=
r can avoid using it.=20

As part of the main product it leaks information without the user understan=
ding the risks of using a third party application.
0
merrua
7/13/2015 10:27:49 AM
I've been reading this thread for more than a week now, and I decided to th=
row my tuppenny bit in. =20

* The original start was posted June 5th. =20
* There was a Bugzilla report posted on July 2nd, about the fact that the A=
PI is using undocumented (aka proprietary) calls.  This has not been claime=
d or posted to.=20
* There have been posts from people who have contacted Pocket, and been tol=
d that they won't release information on the API. =20
* There are some rather pointed questions about the Pocket TOS, and how it =
could poison the Firefox platform's Open Source viewpoint. =20
* There have been posts from Mozilla developers who have said they are tryi=
ng to get clarification from Pocket. =20
* It's been 7 business days since the bugzilla report was posted. For somet=
hing this important, that's reprehensible on the part of Pocket.=20
* There have been a number of pointed questions about how opaque the decisi=
on was to insert a proprietary protocol into Firefox, while there was a sat=
isfactory add-on already present. =20

It really seems that with all of the questions about the TOS and proprietar=
y technology, Mozilla Manefesto number 04 comes into play here, and 08 has =
been completely ignored. =20

With all of the above, my personal belief is that it is time to roll back t=
he change to Firefox, removing the Pocket integration, and go back to the a=
dd-on.  Until all of the above questions are answered, especially by the la=
wyers, this will continue to polarize the community.   Right now, it appear=
s to be an indeterminate number of developers vs everyone else.  Developers=
 get to make the decision, but this kind of argumentation means they don't =
have time to continue working on the product.  That means that the initial =
decision was a bad one, for now.

Remove it for now, get the answers to the questions, bring it up in transpa=
rent discussion, then put it back if the questions are answered in a way th=
at won't violate the Manifesto and the community traditions.

(Using Mozilla since Netscape Navigator)=20

0
tbelding
7/13/2015 4:38:55 PM
On Monday, July 13, 2015 at 10:11:20 AM UTC-5, quantumpart...@gmail.com wro=
te:
> I don't usually get involved in these sorts of discussions, but I have to=
 voice my objection to this decision. There was no consultation that I coul=
d tell. I only started using Pocket a few months ago, so I didn't really no=
tice when the icon moved on my toolbar. But now it's no longer a removable =
add-on (heck, the Service set-up was bad enough), I am concerned for my pri=
vacy. Baking this into the core code raises a lot of questions - is it sand=
boxed correctly, like a conventional add-on? Can it be exploited if it's in=
cluded by default with millions of browsers? With the current state of onli=
ne security, these questions should have been at the top of everyone's list=
s when the deal was on the table.

This thread has gotten long so it is understandable that new contributors w=
ould not have gone through the entire thread yet.  Some of the concerns bro=
ught back up regarding privacy and third-party integration has, at least in=
 part, been addressed to some extent.

Regarding no consultation before third-party integration--as far as I can t=
ell, this isn't the first time third-party code has been contributed into t=
he core of Firefox.  The major difference with this is the Pocket integrati=
on is the first one to have prominent branding included.  That being said, =
there have been some key members of the Mozilla Foundation that seem to hav=
e indicated that things probably will be handled differently for any future=
 integrations.

Regarding sandboxing of the code--the Pocket code appears to be all done in=
 cleanly written javascript code which only hooks in (and is activated) whe=
n the button is pressed.

Regarding if it is sandboxed like a conventional add-on--since being integr=
ated with Firefox, the code is probably more peer reviewed than most conven=
tional add-ons.  Also, if you are concern about privacy, you may want to be=
 careful what add-ons you use since they are given an awful lot of power.  =
Just ask anyone that has played with the Greasemonkey add-on what degree of=
 access an add-on has.

Regarding privacy--since the client code is now under a license that allows=
 for open review, it is much easier to review the code used with Firefox no=
w.  This integration has probably improved the privacy situation rather tha=
n made it worse.  However, it should be kept in mind that the Mozilla Found=
ation can only review the code integrated into Firefox.  Any other related =
software for accessing the data (such as the phone apps or extensions for o=
ther browsers) fall outside of the scope of their control.

Regarding Pocket no longer being a removable add-on, the code currently is =
designed to only load in use (lazy load), if the icon to activate the integ=
ration is removed from the UI then it should never load making it removed f=
rom a practical stand-point.

I agree that it still provides an additional level of comfort when somethin=
g is put in the add-ons list and can be truly removed.  That will hopefully=
 be considered with future integrations such that they become bundled add-o=
ns instead of uninstallable integrations, but I don't think they will be re=
verting this specific integration back into an add-on form.
0
B
7/14/2015 2:37:39 AM
On Tuesday, July 14, 2015 at 5:05:47 PM UTC+6, tbel...@gmail.com wrote:
> It really seems that with all of the questions about the TOS and propriet=
ary technology, Mozilla Manefesto number 04 comes into play here, and 08 ha=
s been completely ignored. =20
>=20
> Remove it for now, get the answers to the questions, bring it up in trans=
parent discussion, then put it back if the questions are answered in a way =
that won't violate the Manifesto and the community traditions.

As stated earlier by certain mozillians in this thread, the Principles in t=
he Mozilla Manifesto don't oblige Mozilla developers to follow it. They're =
not strict rules, it's more like "success guide", but not a declaration. An=
d nowhere to be said the opposite indeed.
So, despite the community's reaction, if Mozilla aren't following it's Prin=
ciples too strictly - that's "acceptable". At least I buy it.

On the other hand, AFAIR no one mentioned the Mozilla Mission[1], so let me=
 remind you about it:

> Our mission is to promote openness, innovation & opportunity on the Web.

I believe that (unlike the Principles) the declared Mission DOES oblige Moz=
illa to not go against it. And this integration goes against the Mozilla Mi=
ssion.
But hey, one can object "but of course you can't promote these three things=
 altogether simultaneously, so Pocket integration promotes innovation and/o=
r opportunity at the cost prejudicing openness".
I can retort to that. I honestly tried to discover some killer-feature that=
 Pocket(tm) has (that made Pocket(tm) so "popular" in the first place that =
Mozilla decided to bring it to the core, but I dare to say that less than e=
very hundredth user had it before the integration, comparing Pocket(tm)'s ~=
250k users count to Adblock Plus's ~20kk) and Firefox didn't have. And I fa=
iled.
You can save YouTube videos to watch it later? Why not use "Watch later" bu=
tton on YouTube or just bookmark it and then sync bookmarks at another devi=
ce?
You can save scaled pictures? What's the point of that? You can't see an im=
age full-sized without following an original link, so there's no difference=
 with just the regular bookmarks, again.
You can save a text of any page? No, actually you can't. With Pocket(tm) yo=
u can't save a text of pages that require authentication. So, again, you ca=
n just use the regular bookmarks, sync it with another device and then go i=
nto Reading Mode built in Firefox.
Except the opportunity of Mozilla bloating Firefox with other third-party s=
ervices in the future after this precedent, I fail to see where are "innova=
tion" and/or "opportunity" in this integration.

[1] https://www.mozilla.org/en-US/mission/
0
Angly
7/14/2015 4:21:22 PM
Hi everyone,

This is Mika from Mozilla's legal team.  Some concerns have been raised her=
e around the scope and application of Pocket's ToS and Privacy Policy in co=
nnection with Firefox.  I'm writing to provide more information. =20

Firefox users are not automatically subject to Pocket's ToS.  Pocket's ToS =
and Privacy Policy govern only Pocket's service -- they don't extend to Fir=
efox.  The only people who are subject to these documents are Pocket users =
who wanted to use the Pocket service and expressly signed up to use it.  If=
 you chose not to use Pocket, they don't apply to you. =20

When we discussed issues we had with Pocket's practices with Pocket (as we =
do with each partner we work with), Pocket was responsive to our requests f=
or general improvement of their practices and policies -  for example, they=
 clarified portions of their Privacy Policy (which is a legally required do=
cument) and changed UX to be more upfront with users about email practices.=
 =20

Here are some clarifications to questions raised on this thread:

(1) Pocket's ToS is generalized for their whole offering. Some terms like t=
he "Pocket Application" and "install" refer to their mobile applications an=
d plugins. The terms do not refer to Mozilla products. Pocket's customer se=
rvice group should help with inquiries about further clarifying language in=
 their terms and information about their service: http://help.getpocket.com=
/.  It sounds like some people have contacted Pocket with more questions bu=
t not heard back a response, if that's the case, I'll certainly reach out a=
nd let them know.

(2) You can create your own service to save documents for later viewing and=
 can modify our open source code to integrate with that service. If you hav=
e an idea for a service integration or feature in the main build of Firefox=
, dev-planning is the right place to discuss it.   =20

(3) Our relationship with Pocket allows us to integrate their service in of=
ficial branded versions of Firefox released by us. If you would like to dis=
tribute Pocket using Mozilla code you've modified, you would have to enter =
into an agreement with them separately. You can contact them at this page: =
http://help.getpocket.com/customer/portal/emails/new=20

Best,
Mika
0
Urmika
7/14/2015 6:29:59 PM
On Wednesday, July 15, 2015 at 12:30:08 AM UTC+6, Urmika Devi wrote:
> Hi everyone,
> 
> This is Mika from Mozilla's legal team.  Some concerns have been raised here around the scope and application of Pocket's ToS and Privacy Policy in connection with Firefox.  I'm writing to provide more information.  

Thanks you for the clarifications, Mika. That diminishes at least my concerns regarding Pocket(tm) ToS applicability.

> It sounds like some people have contacted Pocket with more questions but not heard back a response, if that's the case, I'll certainly reach out and let them know.

Please do. I wrote to Pocket(tm) twice.

For the first time I wrote them about this thread via support form asking for a clarification, and to date all I got is an automatic response. That was at June 11 (a month ago).

For the second time I wrote some questions regarding Pocket(tm) ToS to their legal e-mail address I've found in their ToS[1]:

> If you have questions or concerns regarding this Agreement, you should contact us at legal[at]getpocket.com.

That was 7 days ago. I didn't receive any response since then.

Both of my messages weren't aggressive/offensive (I can quote them if you want). But it seems that both of them were completely ignored.

[1] https://getpocket.com/tos
0
Angly
7/14/2015 7:04:47 PM
On Monday, July 13, 2015 at 10:37:44 PM UTC-4, B Galliart wrote:
>=20
> I agree that it still provides an additional level of comfort when someth=
ing is put in the add-ons list and can be truly removed.  That will hopeful=
ly be considered with future integrations such that they become bundled add=
-ons instead of uninstallable integrations, but I don't think they will be =
reverting this specific integration back into an add-on form.


Well, that seems pretty final.  You might want to google "remove pocket fro=
m firefox," though; as of today, that returns 867,000 hits.

Thanks for posting my earlier, non-member reply.  FF remains my favorite br=
owser, so I'll keep checking to see if this has been cleaned up.
0
stephen
7/15/2015 4:57:23 AM
Hi everyone,=20

This is Mika from legal again.  Just wanted to follow-up that we spoke with=
 Pocket.  They've actually been very diligent with user requests: for aroun=
d 779 Firefox-related emails that came into their support, the average resp=
onse time was less than 24 hours.  Emails that went to their legal email ad=
dress are responded to by different folks, some of whom were out of the off=
ice, hence the delay.  They've changed this so that requests will be seen a=
nd responded to sooner. =20

As I mentioned before, Pocket's been a very good partner when it comes to l=
istening to our concerns and improving practices.  This allows us to share =
our core values with other companies, which is a plus for the online commun=
ity.

Best,
Mika =20


0
Urmika
7/17/2015 1:47:53 PM
On Tue, Jul 14, 2015 at 11:59 PM, Urmika Devi <udevi@mozilla.com> wrote:
> (3) Our relationship with Pocket allows us to integrate their service in =
official branded versions of Firefox released by us. If you would like to d=
istribute Pocket using Mozilla code you've modified, you would have to ente=
r into an agreement with them separately. You can contact them at this page=
: http://help.getpocket.com/customer/portal/emails/new

Pocket add-on has been removed from addons.mozilla.org [0]

Earlier, if I was releasing a modified firefox version (branded
firewolf) my users could install pocket from amo. But if I've
understood this correctly, this will no longer be possible.

So I'll be forced to enter into an agreement with pocket separately or
ship a firewolf that can never have pocket in it.

Since pocket is already very popular according to the assumptions when
it was included in our code, I wouldn't want my users to miss out on
the pocket add-on. But when I try to go into an agreement with Pocket,
what if they ask me for a huge sum of money or something?

This will effectively become a vendor lock in. What will happens to
other projects, like say IceWeasel?

  0: https://addons.mozilla.org/en-US/firefox/addon/read-it-later/
0
Akshay
7/17/2015 2:21:22 PM
I was shocked today to see that Pocket was hard-coded into Firefox. It has a stench to it, much like Ubuntu adding Amazon suggestions to search. Should be Add-on territory.

Since there are so many options out there it shows favoritism, which I don't think is fair to other services. Firefox should be fair to all of the Web and should give users the choice.
0
aubreypwd
7/19/2015 6:50:08 PM
On Friday, June 5, 2015 at 5:59:56 PM UTC-4, tucker....@gmail.com wrote:
> (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=1172126. There are some comments on Hacker News at https://news.ycombinator.com/item?id=9667809).

+1 for removal of Pocket from Firefox.

I'm switching to a different browser until this is resolved.
0
contact
7/25/2015 1:55:24 AM
On Tuesday, July 14, 2015 at 2:04:52 PM UTC-5, Angly Cat wrote:
> > It sounds like some people have contacted Pocket with more questions but not heard back a response, if that's the case, I'll certainly reach out and let them know.
> 
> Please do. I wrote to Pocket(tm) twice.

Has anyone gotten an email address that Pocket is responsive to?

I haven't heard back in seven weeks.  I am fairly sure they are just blowing me off at this point.

Also, Bug #1179699 is still sitting untouched for the last three weeks.

There is no open forum hosted by Pocket to encourage community discussion around the service.

I hope future Firefox integrations will take into consideration how community friendly/responsive the group behind the integration is.
0
B
7/25/2015 4:57:40 AM
On Sat, Jul 25, 2015 at 11:55 AM,  <contact@sanjeevan.com> wrote:
>
> +1 for removal of Pocket from Firefox.
>
> I'm switching to a different browser until this is resolved.

Out of curiosity: which browser are you switching to?  Thanks.

Nick
0
Nicholas
7/28/2015 9:03:11 AM
On Tuesday, July 14, 2015 at 7:30:08 PM UTC+1, Urmika Devi wrote:
> Hi everyone,
>=20
> This is Mika from Mozilla's legal team.  Some concerns have been raised h=
ere around the scope and application of Pocket's ToS and Privacy Policy in =
connection with Firefox.  I'm writing to provide more information. =20
>=20
> Firefox users are not automatically subject to Pocket's ToS.  Pocket's To=
S and Privacy Policy govern only Pocket's service -- they don't extend to F=
irefox.  The only people who are subject to these documents are Pocket user=
s who wanted to use the Pocket service and expressly signed up to use it.  =
If you chose not to use Pocket, they don't apply to you. =20
>=20
> When we discussed issues we had with Pocket's practices with Pocket (as w=
e do with each partner we work with), Pocket was responsive to our requests=
 for general improvement of their practices and policies -  for example, th=
ey clarified portions of their Privacy Policy (which is a legally required =
document) and changed UX to be more upfront with users about email practice=
s. =20
>=20
> Here are some clarifications to questions raised on this thread:
>=20
> (1) Pocket's ToS is generalized for their whole offering. Some terms like=
 the "Pocket Application" and "install" refer to their mobile applications =
and plugins. The terms do not refer to Mozilla products. Pocket's customer =
service group should help with inquiries about further clarifying language =
in their terms and information about their service: http://help.getpocket.c=
om/.  It sounds like some people have contacted Pocket with more questions =
but not heard back a response, if that's the case, I'll certainly reach out=
 and let them know.
>=20
> (2) You can create your own service to save documents for later viewing a=
nd can modify our open source code to integrate with that service. If you h=
ave an idea for a service integration or feature in the main build of Firef=
ox, dev-planning is the right place to discuss it.   =20
>=20
> (3) Our relationship with Pocket allows us to integrate their service in =
official branded versions of Firefox released by us. If you would like to d=
istribute Pocket using Mozilla code you've modified, you would have to ente=
r into an agreement with them separately. You can contact them at this page=
: http://help.getpocket.com/customer/portal/emails/new=20
>=20
> Best,
> Mika

Hi Mika,
Please can you clarify: "If you would like to distribute Pocket using Mozil=
la code you've modified, you would have to enter into an agreement with the=
m separately".
Does this mean that if you distribute the current FF code you are bound by =
terms that Mozilla agreed with Pocket ? If so it would seem somewhat contra=
ry to the FF license.
Thanks
0
dan
7/31/2015 4:09:05 PM
On Saturday, 6 June 2015 05:57:14 UTC+2, manis...@gmail.com  wrote:
> The rationale behind Pocket was "We're working on a 'save' feature anyway, why duplicate the work of something that already exists?". Intentions are important; the intention protects us from the slippery slope argument you're making.

For the same reason Mozilla is still working on Firefox despite most browsers being mostly standards-compliant noawadays - because there should be an open, non-proprietary alternative.
0
admin
8/18/2015 6:20:20 PM
On Friday, July 31, 2015 at 11:36:09 AM UTC-5, d...@kanzi.co.uk wrote:

> Hi Mika,
> Please can you clarify: "If you would like to distribute Pocket using Moz=
illa code you've modified, you would have to enter into an agreement with t=
hem separately".
> Does this mean that if you distribute the current FF code you are bound b=
y terms that Mozilla agreed with Pocket ? If so it would seem somewhat cont=
rary to the FF license.
> Thanks

I don't think Mika normally reads this mailing list so you might want to tr=
y contacting directly.

As far as being able to redistribute Firefox (in binary or source code form=
), if it is unmodified then you probably already are satisfying the terms o=
f redistribution.  If they are modified then the modification may no longer=
 fall under the terms for us of the brand.

This is a pre-existing issue for third-parties that modify the code (such a=
s the Debian group) which pre-dates the addition of Pocket.  You can only b=
e sure that the Firefox brand can be used if the code has not been modified=
..  If you want to be sure that the branding included can still be kept afte=
r modification, either submit the modification for inclusion in the mainstr=
eam build or ask each of the holders of the brands to review the change (in=
 this case, both Mozilla Foundation and Pocket).

In the case of Debian, they were making changes that were specific to their=
 distribution and where not the type of changes that would be accepted into=
 the mainstream build.  Also, since submitting changes for review did not f=
it in their timeline, they decided to remove the Firefox branding and use t=
he name IceWeasel instead.  They don't seem to be modifying any of the code=
 involving the Pocket integration so it might be that Pocket is fine with t=
hem redistributing Pocket as part of IceWeasel or that the Debian group has=
 gotten their own agreement.  However, if Debian does make any changes that=
 Pocket feels hurts their brand, it is well within their right to protect t=
he brand.

I don't see anything about the integration that is contrary to the Firefox =
license.  Instead, I see how it is continued to be handled as contrary to t=
he Mozilla principles.  I am not against commercial integration.  A web bro=
wser is inherently a set of defaults where alternatives could have been pro=
vided but key functionality is already built-in.  Very few people want a we=
b browser that looks like a lego set.  Who would want to install Gecko and =
then get something that says "congratulations on installing the Gecko rende=
ring engine, we recommend you now install an URL/location bar add-on, TLS a=
dd-on, etc."

Having a remote bookmarking system was determine to be key functionality ex=
pected by new users just the same as having TLS built-in is just expected. =
 On this point, I agree with the Mozilla Foundation and it is silly that so=
me users are taking a vote to get commercial integration removed.

What makes me upset isn't as much specific to Pocket as much as Mozilla Fou=
ndation's handling of it which is problematic not only for this integration=
 but any future integrations as well.  There seems to be nothing enforcing =
that integrations live up to the same level of transparency and security th=
at should be expected of a "take back the web" browser.

To date, there is still no progress on documenting the function call of "/v=
3/firefox/save" other than to claim it as a "private endpoint."  As far as =
I can tell, this is the first time that Firefox has directly called a priva=
te endpoint.  It has always been possible that a web page's javascript may =
make calls which are privately documented.  But for calls directly built in=
to Firefox, the function is always documented publicly either in the OS SDK=
, in a protocol description or someplace else.

By having a private endpoint that is specific to Firefox, it is unlikely to=
 have the same level of security review as the mainstream and publicly docu=
mented endpoints.  Despite that, bug #1779699 has still made no progress ot=
her than to indicate at least one Mozillian think expecting transparency is=
 an "entitlement" that rubs him the wrong way and that the "burden of proof=
" is on those expecting transparency.

Well, for Gravin Sharp, please let me explain what rubs me the wrong way.  =
It is a Privacy Policy that claims "[Pocket uses] industry standard practic=
es to protect your privacy" without actually following industry standard pr=
actices as explained in Clint Ruoho security disclosure available at:

https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/

Apache had released a security update to v2.2 of v2.2.31 on July 17 and acc=
ording to this disclosure it appears they still hadn't applied the update o=
ver a week later.  But the best part of the disclosure is that Apache is co=
nfigured to run as root.  It is an industry standard practice to *start* Ap=
ache as root.  But in terms of configuring it to remain as root, well, I'll=
 let Apache's documentation speak for the industry standard practice: "the =
user should have no privileges that result in it being able to access files=
 that are not intended to be visible to the outside world"

Another industry standard practice, after it is discovered that a third-par=
ty can read any arbitrary file on the system is to get the SSL/TLS certific=
ates re-issued based on a new private key.  This is such a industry standar=
d practice that some certificate authorities will even re-issue the certifi=
cate for *free*.  But even today, Pocket is still using the certificate (an=
d associated private key) issued back in April.  This issue still isn't res=
olved despite Clint Ruoho giving them a month to fix it!

Any of these should have come up in any security audit or penetration testi=
ng.  But I am guessing that one wasn't performed by either Pocket or the Mo=
zilla Foundation.  In fact, it appears the security issues with the Pocket =
service have no security bug bounty.  So while some may use Firefox because=
 Mozilla provides a bug bounty to help close up Firefox security issues, in=
 this case that doesn't seem to apply.  And while the Pocket integration us=
es a Firefox specific endpoint which may someday result in a security issue=
 that only impacts Firefox users, it still seems to be the case the Mozilla=
 Foundation's bug bounty won't apply even which the service issue is only i=
mpacts Firefox.  And there also appears to be no requirement passed on by t=
he Mozilla Foundation that Pocket match their bug bounty offer.

If "the web we want" has security and transparency as key points, then the =
commercial integrations that Mozilla puts into Firefox needs to have these =
as key points as well.  Not be a service of private end-points and not be a=
 service that over-states a claim to be following industry standard practic=
es.

Otherwise, what is the point of protecting the Firefox "brand?"  If the Moz=
illa Foundation is going to endorse a service that configures Apache to run=
 as root and leaves a compromised private key still in use then the biggest=
 threat to the Firefox brand is the Mozilla Foundation.

Pocket seems to be cutting corners and it appears refusing to document the =
calls made by the Firefox integration is just the tip of the iceberg.
0
B
8/20/2015 4:49:25 AM
Please don't include proprietary service integration in Firefox core. Thing=
s like this and Encrypted Media Extensions should be Firefox extensions, pr=
esumably bundled with the browser but completely removable. The reading lis=
t feature worked great, I want it back. Pocket is visually ugly, and just d=
isplays a blank screen when I click on the button. I don't need more button=
s, for goodness' sake. And, you're basically making the browser an advert f=
or Pocket premium. That's bad in the same way that having a default search =
engine is bad. I install ad blocker for a reason. And, why the H--L am I ha=
ving to complain on Google Groups, instead of something open source? I'm no=
t exactly going to quit using Firefox because all the other options suck ve=
ry very hard, but, AAARRGH.
0
a
9/2/2015 9:30:16 PM
You don't have to complain on Google Groups. The mailing list is
powered by GNU Mailman and other free software. Google Groups is only
used as a web frontend, but you can also browse the archives elsewhere,
for example on Gmane: 
http://news.gmane.org/gmane.comp.mozilla.governance.

However, I agree about the Pocket integration.

worldpeacehaven@gmail.com wrote:
> Please don't include proprietary service integration in Firefox core.
> Things like this and Encrypted Media Extensions should be Firefox
> extensions, presumably bundled with the browser but completely
> removable. The reading list feature worked great, I want it back.
> Pocket is visually ugly, and just displays a blank screen when I
> click on the button. I don't need more buttons, for goodness' sake.
> And, you're basically making the browser an advert for Pocket
> premium. That's bad in the same way that having a default search
> engine is bad. I install ad blocker for a reason. And, why the H--L
> am I having to complain on Google Groups, instead of something open
> source? I'm not exactly going to quit using Firefox because all the
> other options suck very very hard, but, AAARRGH.
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
0
Rastus
9/4/2015 12:07:12 AM
Nothing to add except I agree that Pocket should not be integrated into Firefox.
0
dustinsherrill
12/14/2015 9:21:45 PM
People on this thread may want to know that work is in place (and almost
landed) to move Pocket to an add-on:
https://bugzilla.mozilla.org/show_bug.cgi?id=1215694

-- 
Ian Bicking | Engineering Manager | Hello | Mozilla
0
Ian
12/15/2015 5:03:03 PM
I agree and it's disappointing when the first thread on Pocket was
discussed here Mozilla said there was no money deal to integrate pocket but
recently a VP at Mozilla admitted Mozilla is getting paid to integrate
Pocket.

That's a breach of trust to the users and Mozillians to publicly not state
the truth on why a feature was added.

We already saw tiles was a bad mistake so how many months until Mozilla
realizes Pocket was too?







--
Benjamin Kerensa
http://benjaminkerensa.com | @bkerensa on Twitter

On Thu, Sep 3, 2015 at 1:47 AM a <worldpeacehaven@gmail.com> wrote:

> Please don't include proprietary service integration in Firefox core.
> Things like this and Encrypted Media Extensions should be Firefox
> extensions, presumably bundled with the browser but completely removable.
> The reading list feature worked great, I want it back. Pocket is visually
> ugly, and just displays a blank screen when I click on the button. I don't
> need more buttons, for goodness' sake. And, you're basically making the
> browser an advert for Pocket premium. That's bad in the same way that
> having a default search engine is bad. I install ad blocker for a reason.
> And, why the H--L am I having to complain on Google Groups, instead of
> something open source? I'm not exactly going to quit using Firefox because
> all the other options suck very very hard, but, AAARRGH.
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>
0
Benjamin
12/15/2015 5:27:44 PM

On 15/12/15 18:27, Benjamin Kerensa wrote:
> I agree and it's disappointing when the first thread on Pocket was
> discussed here Mozilla said there was no money deal to integrate pocket but
> recently a VP at Mozilla admitted Mozilla is getting paid to integrate
> Pocket.

Wait, who did what when?

0
David
12/15/2015 5:28:55 PM
Denelle recently talked to Wired and supposedly told them Mozilla's pocket
feature is also a revenue sharing deal:
http://www.wired.com/2015/12/mozilla-is-flailing-when-the-web-needs-it-the-most/

Chad Weiner has previously in defending the feature said there was no money
involved.


On Tue, Dec 15, 2015 at 9:28 AM David Rajchenbach-Teller <
dteller@mozilla.com> wrote:

>
>
> On 15/12/15 18:27, Benjamin Kerensa wrote:
> > I agree and it's disappointing when the first thread on Pocket was
> > discussed here Mozilla said there was no money deal to integrate pocket
> but
> > recently a VP at Mozilla admitted Mozilla is getting paid to integrate
> > Pocket.
>
> Wait, who did what when?
>
>
0
Benjamin
12/15/2015 5:31:46 PM
In <news:mailman.38.1450200542.21136.governance@lists.mozilla.org>,
David Rajchenbach-Teller <dteller@mozilla.com> wrote:

> On 15/12/15 18:27, Benjamin Kerensa wrote:
> > I agree and it's disappointing when the first thread on Pocket was
> > discussed here Mozilla said there was no money deal to integrate
> > pocket but recently a VP at Mozilla admitted Mozilla is getting
> > paid to integrate Pocket.  
> 
> Wait, who did what when?

Maybe Benjamin has more info, but there is this:

<http://www.wired.com/2015/12/mozilla-is-flailing-when-the-web-needs-it-the-most/>

   Although the company emphasizes that Pocket and Telefonica didn’t
   pay for placement in the Firefox browser, Mozilla Corp. chief legal
   and business officer Denelle Dixon-Thayer told WIRED that Mozilla
   has revenue sharing arrangements with both companies.
0
UTF
12/15/2015 5:37:45 PM
On 12/15/15 11:03, Ian Bicking wrote:
> People on this thread may want to know that work is in place (and almost
> landed) to move Pocket to an add-on:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1215694
>

By my understanding, Pocket is being moved to a "system add-on" -- which 
I would probably call something more like a "Go Faster component.[1]" 
This is not at all the same thing as what users think of when they read 
"add-on."

As designed, the fact that "Go Faster components" are in any way 
different than features shipped as part of the Firefox monolith is to be 
completely invisible from users. There's some discussion on this front, 
but I think we need to be careful not to imply that Bug 1215694 will 
result in the ability for users to remove Pocket code.

There's some interesting related discussion on the go-faster email list 
("allowing users to disable system add-ons"):

https://mail.mozilla.org/pipermail/gofaster/2015-November/thread.html#191

However, as things stand at the moment, moving of Pocket to a Go Faster 
component will not be a user-visible change, and will not grant any 
ability to disable it any more strongly than they can right now (e.g., 
by removing it from the toolbar).


____
[1] Thanks to Kev Needham for suggesting this term as a less-confusing 
replacement for "system add-on".

-- 
Adam Roach
Principal Platform Engineer
abr@mozilla.com
+1 650 903 0800 x863
0
Adam
12/15/2015 5:49:59 PM
First time I hear about that. Internal info is still that there is *no*
revenue.

On 15/12/15 18:31, Benjamin Kerensa wrote:
> Denelle recently talked to Wired and supposedly told them Mozilla's
> pocket feature is also a revenue sharing deal:
> http://www.wired.com/2015/12/mozilla-is-flailing-when-the-web-needs-it-the-most/
> 
> Chad Weiner has previously in defending the feature said there was no
> money involved.
> 
> 
> On Tue, Dec 15, 2015 at 9:28 AM David Rajchenbach-Teller
> <dteller@mozilla.com <mailto:dteller@mozilla.com>> wrote:
> 
> 
> 
>     On 15/12/15 18:27, Benjamin Kerensa wrote:
>     > I agree and it's disappointing when the first thread on Pocket was
>     > discussed here Mozilla said there was no money deal to integrate
>     pocket but
>     > recently a VP at Mozilla admitted Mozilla is getting paid to integrate
>     > Pocket.
> 
>     Wait, who did what when?
> 
0
David
12/15/2015 5:50:05 PM
Hum. Apparently, _someone_ in bizdev thought that "revenue sharing"
doesn't involve money, and spread information inside Mozilla
accordingly. :rolling eyes:

It seems that we do have a revenue sharing agreement with Pocket. If I
understand correctly, we did not receive money for integrating it (which
makes the earlier affirmation of "no money" technically true), but we
received some money as a result from the integration (which makes that
same information much less true in my book).

My apologies for spreading false information.

Best regards,
 David

On 15/12/15 18:37, »Q« wrote:
> In <news:mailman.38.1450200542.21136.governance@lists.mozilla.org>,
> David Rajchenbach-Teller <dteller@mozilla.com> wrote:
> 
>> On 15/12/15 18:27, Benjamin Kerensa wrote:
>>> I agree and it's disappointing when the first thread on Pocket was
>>> discussed here Mozilla said there was no money deal to integrate
>>> pocket but recently a VP at Mozilla admitted Mozilla is getting
>>> paid to integrate Pocket.  
>>
>> Wait, who did what when?
> 
> Maybe Benjamin has more info, but there is this:
> 
> <http://www.wired.com/2015/12/mozilla-is-flailing-when-the-web-needs-it-the-most/>
> 
>    Although the company emphasizes that Pocket and Telefonica didn’t
>    pay for placement in the Firefox browser, Mozilla Corp. chief legal
>    and business officer Denelle Dixon-Thayer told WIRED that Mozilla
>    has revenue sharing arrangements with both companies.
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
> 
0
David
12/17/2015 9:00:54 PM
Would you agree though that while you were not paid to integrate
that it was probably known that there was a revenue sharing deal
going into this and that roughly translates to incentivizing
the integration?

I'm sure someone on the Firefox Team didn't wake up one morning
and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
this was not on any long term roadmap.

So I can only assume that this was a money versus something that
Mozilla that users wanted.

On Thu, Dec 17, 2015 at 1:00 PM, David Rajchenbach-Teller <
dteller@mozilla.com> wrote:

> Hum. Apparently, _someone_ in bizdev thought that "revenue sharing"
> doesn't involve money, and spread information inside Mozilla
> accordingly. :rolling eyes:
>
> It seems that we do have a revenue sharing agreement with Pocket. If I
> understand correctly, we did not receive money for integrating it (which
> makes the earlier affirmation of "no money" technically true), but we
> received some money as a result from the integration (which makes that
> same information much less true in my book).
>
> My apologies for spreading false information.
>
> Best regards,
>  David
>
> On 15/12/15 18:37, =C2=BBQ=C2=AB wrote:
> > In <news:mailman.38.1450200542.21136.governance@lists.mozilla.org>,
> > David Rajchenbach-Teller <dteller@mozilla.com> wrote:
> >
> >> On 15/12/15 18:27, Benjamin Kerensa wrote:
> >>> I agree and it's disappointing when the first thread on Pocket was
> >>> discussed here Mozilla said there was no money deal to integrate
> >>> pocket but recently a VP at Mozilla admitted Mozilla is getting
> >>> paid to integrate Pocket.
> >>
> >> Wait, who did what when?
> >
> > Maybe Benjamin has more info, but there is this:
> >
> > <
> http://www.wired.com/2015/12/mozilla-is-flailing-when-the-web-needs-it-th=
e-most/
> >
> >
> >    Although the company emphasizes that Pocket and Telefonica didn=E2=
=80=99t
> >    pay for placement in the Firefox browser, Mozilla Corp. chief legal
> >    and business officer Denelle Dixon-Thayer told WIRED that Mozilla
> >    has revenue sharing arrangements with both companies.
> > _______________________________________________
> > governance mailing list
> > governance@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/governance
> >
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>



--=20
Benjamin Kerensa
0
Benjamin
12/17/2015 9:08:24 PM
I don't have details, but I can only imagine that yes, someone in the
leadership team or just below pushed for this integration based on this
deal. If my memory serves all of this happened with the previous
leadership team, so I can only hope that this piece of history won't
repeat itself.

On 17/12/15 22:08, Benjamin Kerensa wrote:
> Would you agree though that while you were not paid to integrate
> that it was probably known that there was a revenue sharing deal
> going into this and that roughly translates to incentivizing
> the integration?
> 
> I'm sure someone on the Firefox Team didn't wake up one morning
> and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
> this was not on any long term roadmap.
> 
> So I can only assume that this was a money versus something that
> Mozilla that users wanted.
0
David
12/17/2015 9:12:09 PM
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


I personally would just like to thank David for being candid about the
situation.

While I agree with Benjamin that someone probably knew I also have been
in large enough organizations to understand that it is very likely that
David did indeed not know.

Thank you David for letting us know what you found out. While the whole
situation has been an example of how to have communication problems, lots of
organizations/people would try to sweep this under the rug/ignore it
rather than communicate.

I imagine David will know to keep an eye out for this kind of thing in
the future.

Christopher Carpenter

Benjamin Kerensa <bkerensa@gmail.com> writes:

> Would you agree though that while you were not paid to integrate
> that it was probably known that there was a revenue sharing deal
> going into this and that roughly translates to incentivizing
> the integration?
>
> I'm sure someone on the Firefox Team didn't wake up one morning
> and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
> this was not on any long term roadmap.
>
> So I can only assume that this was a money versus something that
> Mozilla that users wanted.
>
> On Thu, Dec 17, 2015 at 1:00 PM, David Rajchenbach-Teller <
> dteller@mozilla.com> wrote:
>
>> Hum. Apparently, _someone_ in bizdev thought that "revenue sharing"
>> doesn't involve money, and spread information inside Mozilla
>> accordingly. :rolling eyes:
>>
>> It seems that we do have a revenue sharing agreement with Pocket. If I
>> understand correctly, we did not receive money for integrating it (which
>> makes the earlier affirmation of "no money" technically true), but we
>> received some money as a result from the integration (which makes that
>> same information much less true in my book).
>>
>> My apologies for spreading false information.
>>
>> Best regards,
>>  David
>>
>> On 15/12/15 18:37, =C2=BBQ=C2=AB wrote:
>> > In <news:mailman.38.1450200542.21136.governance@lists.mozilla.org>,
>> > David Rajchenbach-Teller <dteller@mozilla.com> wrote:
>> >
>> >> On 15/12/15 18:27, Benjamin Kerensa wrote:
>> >>> I agree and it's disappointing when the first thread on Pocket was
>> >>> discussed here Mozilla said there was no money deal to integrate
>> >>> pocket but recently a VP at Mozilla admitted Mozilla is getting
>> >>> paid to integrate Pocket.
>> >>
>> >> Wait, who did what when?
>> >
>> > Maybe Benjamin has more info, but there is this:
>> >
>> > <
>> http://www.wired.com/2015/12/mozilla-is-flailing-when-the-web-needs-it-t=
he-most/
>> >
>> >
>> >    Although the company emphasizes that Pocket and Telefonica didn=E2=
=80=99t
>> >    pay for placement in the Firefox browser, Mozilla Corp. chief legal
>> >    and business officer Denelle Dixon-Thayer told WIRED that Mozilla
>> >    has revenue sharing arrangements with both companies.
>> > _______________________________________________
>> > governance mailing list
>> > governance@lists.mozilla.org
>> > https://lists.mozilla.org/listinfo/governance
>> >
>> _______________________________________________
>> governance mailing list
>> governance@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/governance
>>

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWcyXIAAoJEFJw6mniKuelx6MP/0F7vTkBXl+TrA7WafV1cJeS
DzB19MvMP2r8QqbqM7eooiDVAh8yTrmOD4NqydnhnXrADYV7FV1n0rkpRNAvdA6h
YVhbxOfw2sR3EqxF7MjZx27A0X/HRXc4Zz65Jr7JcFPQWcqSRXlUDqc5GbCkddSe
ZiH/WxBoV2QwZ9JLMu//5CDJyqX2AEt6t0w9oynJPPVy5aedFKx6ulSe7FoANzLl
7VK//mYxuiwS7UGe76ED8McntkAZ9Iiwj0iq719zbtflGeQf2oaSUZSe/CCKnEFB
AzK1fKvaJw28We05CfGIMBSmwplB0jglPqHcR48uzMUnqIW/mW2kRQv1QC7EHryP
JCIoscoBrGg5N9mkiePx0BZT/Vh6w74IoTj5JXjU48+49MDdaZSMfdkDAiBnl61s
DYds71GPz3anPV8nI7wn7wklRNUnhfdfz4N4NlZ94rU1kaa2Cn4xHGhPKWJBGYT+
5xzbnAFCzyGWKjdleZsR9eFLkEk90KOdAML43lW3t02oYus86ZqlP3WIaIfI6T2E
GSdvD0rYkutP+zSR7BK0Djq1WxXQMeVb1AF1yzeNtv2JGpOaLFZaXASQiM7/8gKA
93kndlheRtbLH50qLN5YtcH5n5x+MXgdiueU+N0z5gWBmrz30jQJ9BHrLOafp964
wc3AKVxSRcN+pOy9k6nt
=WQzX
-----END PGP SIGNATURE-----
--=-=-=--
0
Christopher
12/17/2015 9:14:48 PM
I should add that this was not a case of "money versus something that
Mozilla users wanted", but rather a case of "the core Mozilla Community
clearly doesn't want it but User Research suggests that most Mozilla
users actually do". I remember that we had numbers at the time, although
I don't quite remember these numbers.

While it is quite possible that money may have subtly influenced
perception and pushed us towards overconfidence, the intention has
always been to serve our users.

Best regards,
 David

On 17/12/15 22:12, David Rajchenbach-Teller wrote:
> I don't have details, but I can only imagine that yes, someone in the
> leadership team or just below pushed for this integration based on this
> deal. If my memory serves all of this happened with the previous
> leadership team, so I can only hope that this piece of history won't
> repeat itself.
> 
> On 17/12/15 22:08, Benjamin Kerensa wrote:
>> Would you agree though that while you were not paid to integrate
>> that it was probably known that there was a revenue sharing deal
>> going into this and that roughly translates to incentivizing
>> the integration?
>>
>> I'm sure someone on the Firefox Team didn't wake up one morning
>> and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
>> this was not on any long term roadmap.
>>
>> So I can only assume that this was a money versus something that
>> Mozilla that users wanted.
0
David
12/17/2015 9:24:45 PM
On 12/17/15 15:08, Benjamin Kerensa wrote:
> I'm sure someone on the Firefox Team didn't wake up one morning
> and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
> this was not on any long term roadmap.

Having a reading list was, in fact, plotted out as a desired Firefox 
feature. Before Pocket came into the picture, Mozilla was working on its 
own implementation of such a feature:

http://www.myce.com/news/mozilla-releases-firefox-38-beta-with-reading-list-mode-75635/

I wasn't privy to the decision making process involved in swapping 
Reading List out for Pocket. However, as a general principle, there 
seems to be a certain kind of wisdom in accepting an offer from a third 
party to support an operationally expensive feature.

-- 
Adam Roach
Principal Platform Engineer
abr@mozilla.com
+1 650 903 0800 x863
0
Adam
12/17/2015 10:17:05 PM
Hi all,

Let's be perfectly clear here: the decision to integrate (and continue
shipping) Pocket in Firefox did not, and does not, have anything to do with
money. I can understand how people can fear the worst, so I'd like to set
the record straight as much as I can.

On Thu, Dec 17, 2015 at 4:08 PM, Benjamin Kerensa <bkerensa@gmail.com>
wrote:

> Would you agree though that while you were not paid to integrate
> that it was probably known that there was a revenue sharing deal
> going into this and that roughly translates to incentivizing
> the integration?
>

Frankly, I don't know if revenue sharing was widely discussed, but I would
be somewhat surprised.  I know that the focus of the Firefox team was
entirely on getting a great feature into the product, and the idea to
bundle Pocket instead of Reading List came from that product team.  That we
negotiated a revenue sharing arrangement was more about getting to share in
what a for-profit entity would potentially gain from inclusion.  (Much like
our various search deals!)  It wasn't a priority or driving factor at all.

I'm sure someone on the Firefox Team didn't wake up one morning
> and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
> this was not on any long term roadmap.
>

If you look at the history (as Adam just linked), we'd been working on
Reading List as a Firefox feature/service for months, with various pieces
landed across products and deployed on our infrastructure, even shipped in
a beta.  There was considerable research that suggested that this was a
core use-case for browser users that we were not meeting ourselves, which
is why we were making significant investments into the feature.  The
decision to partner with Pocket instead of building our own service was a
shift in strategy, based on the belief that they offered a significantly
better feature and service than we were going to be able to deliver in a
timely fashion, and (as a bonus) at significantly less cost to Mozilla.

So I can only assume that this was a money versus something that
> Mozilla that users wanted.


Even if your other assumptions were correct, revenue sharing requires
generating revenue, which really requires a lot of usage (especially in a
freemium business model like Pocket's).  If users didn't want the feature,
it'd be silly to ship it, let alone try to profit from it after the cost of
making the deal, building, shipping and promoting the product, and
maintaining the code long term.  The _only_ way for us to even
theoretically profit from an integration like this is for it to be
successful with users, which means we have to give users something they
want and need.

Happily, we're actually doing all of this for the right reasons, and with
no revenue pressure.

-- Mike
0
Mike
12/17/2015 11:24:08 PM
On Thu, Dec 17, 2015 at 3:24 PM, Mike Connor <mconnor@mozilla.com> wrote:

> Hi all,
>
> Let's be perfectly clear here: the decision to integrate (and continue
> shipping) Pocket in Firefox did not, and does not, have anything to do wi=
th
> money. I can understand how people can fear the worst, so I'd like to set
> the record straight as much as I can.
>
> On Thu, Dec 17, 2015 at 4:08 PM, Benjamin Kerensa <bkerensa@gmail.com>
> wrote:
>
>> Would you agree though that while you were not paid to integrate
>> that it was probably known that there was a revenue sharing deal
>> going into this and that roughly translates to incentivizing
>> the integration?
>>
>
> Frankly, I don't know if revenue sharing was widely discussed, but I woul=
d
> be somewhat surprised.  I know that the focus of the Firefox team was
> entirely on getting a great feature into the product, and the idea to
> bundle Pocket instead of Reading List came from that product team.  That =
we
> negotiated a revenue sharing arrangement was more about getting to share =
in
> what a for-profit entity would potentially gain from inclusion.  (Much li=
ke
> our various search deals!)  It wasn't a priority or driving factor at all=
..
>
> I'm sure someone on the Firefox Team didn't wake up one morning
>> and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
>> this was not on any long term roadmap.
>>
>
> If you look at the history (as Adam just linked), we'd been working on
> Reading List as a Firefox feature/service for months, with various pieces
> landed across products and deployed on our infrastructure, even shipped i=
n
> a beta.  There was considerable research that suggested that this was a
> core use-case for browser users that we were not meeting ourselves, which
> is why we were making significant investments into the feature.  The
> decision to partner with Pocket instead of building our own service was a
> shift in strategy, based on the belief that they offered a significantly
> better feature and service than we were going to be able to deliver in a
> timely fashion, and (as a bonus) at significantly less cost to Mozilla.
>
> So I can only assume that this was a money versus something that
>> Mozilla that users wanted.
>
>
> Even if your other assumptions were correct, revenue sharing requires
> generating revenue, which really requires a lot of usage (especially in a
> freemium business model like Pocket's).  If users didn't want the feature=
,
> it'd be silly to ship it, let alone try to profit from it after the cost =
of
> making the deal, building, shipping and promoting the product, and
> maintaining the code long term.  The _only_ way for us to even
> theoretically profit from an integration like this is for it to be
> successful with users, which means we have to give users something they
> want and need.
>
> Happily, we're actually doing all of this for the right reasons, and with
> no revenue pressure.
>

Have you even looked at Input? Because the feedback about Pocket continues
to be overwhelmingly
negative.

https://input.mozilla.org/en-US/?q=3Dpocket&date_start=3D2015-09-18&selecte=
d=3D90d

Let me share some feedback from users:

"unable to remove Pocket from menu. it does not show up in bookmarks or
bookmark toolbar. and generally such 3rd party items are unwanted."

"I really don't like you force things upon users. You remove innovative
unique features like tab grouping that I use and you add vendor specific
addons like pocket which I don't use. Why there's no feature voting system
already? You asks for donation while forcing ideas upon users. I regret my
donation."

"How do i remove pocket from the browser? WIll be using chrome until this
is fixed."

"Fuck DRM, Pocket, Hello and all of that bullshit. Fuck Yahoo too."

"Because you integrate Pocket. It hurts the web!!! And Mozilla Foundation
is against this!! WE ARE AGAINST THIS. That's the reason i choose Firefox."

"Please remove pocket and hello from Firefox and make a separate plugin
instead"

"
=E7=8E=B0=E5=9C=A8=E7=AE=80=E4=BD=93=E4=B8=AD=E6=96=87=E7=89=88=E7=9A=84=E7=
=81=AB=E7=8B=9042.0=E4=B8=8D=E8=83=BD=E7=94=A8pocket=EF=BC=81=E6=97=A2=E6=
=B2=A1=E6=9C=89=E9=9B=86=E6=88=90=E5=9C=A8=E7=81=AB=E7=8B=90=E8=BD=AF=E4=BB=
=B6=E4=B8=AD=EF=BC=8C=E5=8F=88=E5=9C=A8=E6=B7=BB=E5=8A=A0=E9=99=84=E5=8A=A0=
=E7=BB=84=E4=BB=B6=E4=B8=AD=E8=A2=AB=E5=88=A0=E6=8E=89=E4=BA=86=EF=BC=88=E6=
=97=A0=E6=B3=95=E6=90=9C=E7=B4=A2=E5=88=B0=EF=BC=89=EF=BC=8C=E6=B5=8F=E8=A7=
=88=E5=99=A8=E9=87=8D=E8=A3=85=E5=90=8E=E5=B0=B1=E6=B2=A1=E6=B3=95=E7=94=A8=
pocket=E4=BA=86=EF=BC=81=EF=BC=81=EF=BC=81=EF=BC=81=E5=B8=8C=E6=9C=9B=E8=83=
=BD=E8=A7=A3=E5=86=B3=EF=BC=81=EF=BC=81=EF=BC=81"


There are hundreds of other pieces of feedback about Pocket including new
comments left daily and I would encourage Mozilla to really look at whether
this feature serves users and is what they want.

We cannot keep taking risks and making mistakes if we want Firefox to be
around in the future and I am of the opinion this was a mistake and to be
utterly honest I think this feature will be gone in a year or two when
Mozilla realizes it.
0
Benjamin
12/17/2015 11:37:55 PM
Benjamin Kerensa wrote:
> There are hundreds of other pieces of feedback about Pocket including new
> comments left daily and I would encourage Mozilla to really look at whether
> this feature serves users and is what they want.
This is quite interesting; I for one find it remarkably convenient. That
said, however, I was already a Pocket user before this integration occurred.


-- 

Eric Shepherd
Senior Technical Writer
Mozilla <https://www.mozilla.org/>
Blog: http://www.bitstampede.com/
Twitter: http://twitter.com/sheppy
Check my Availability <https://freebusy.io/eshepherd@mozilla.com>
0
Eric
12/18/2015 4:05:48 AM
On Friday, December 18, 2015 at 10:06:03 AM UTC+6, Eric Shepherd wrote:
> This is quite interesting; I for one find it remarkably convenient. That
> said, however, I was already a Pocket user before this integration occurred.
You're biased, aren't you? Your opinion barely could be extrapolated to all Firefox users.
0
Angly
12/18/2015 6:31:53 AM
I don't think looking at 90 days is fair. Let's look at 7 days, at least 
there's something manageable
https://input.mozilla.org/en-US/?q=pocket&date_start=2015-12-10&selected=7d

9 'pocket' feedback entries, out of 3893 results (I'm counting only 
'Firefox', that's about 39% of the entire 7 days feedback).

1 is completely unrelated (donations), 1 is a 'full-spectrum-rant'. It 
leaves us with 7, and only 4 of them are actually complaining about 
Pocket's integration.

4 out of almost 4k people who took the time to use input to give 
feedback (and we all know that people rarely take the time to give 
positive comments). Would you define this as 'overwhelmingly negative'? 
I don't.

I also expect people to bring up Pocket every time they complain about 
the removal of a feature: "hey, you're removing awesome feature X but 
you ship **** like Pocket in the browser?".

And just to be clear: I don't use Pocket, I didn't even know it existed 
before 38.0.5, and I'm really unhappy on how the integration was done 
from a technical point of view (note: you can still disable it from 
about:config, if you know what you're doing). I just learned to deal 
with the fact that my point of view is not that of the majority of 
Firefox users.

Francesco

P.S. the Chinese feedback you reported seems to complain about the fact 
that he can't use Pocket anymore from China




0
Francesco
12/18/2015 7:37:13 AM
On Friday, December 18, 2015 at 1:37:22 PM UTC+6, Francesco Lodolo [:flod] =
wrote:
> I don't think looking at 90 days is fair. Let's look at 7 days, at least=
=20
> there's something manageable
> https://input.mozilla.org/en-US/?q=3Dpocket&date_start=3D2015-12-10&selec=
ted=3D7d
This is not how statistics works. To get a representative statistical sampl=
ing, you should be widening time range, not narrowing it. Pocket was shippe=
d with Firefox 38.0.5 at 2nd of June, more than 6 month ago. So basically w=
e should look at all feedbacks within this time (minus month or two in orde=
r to filter 0-day rage feedbacks).

> 4 out of almost 4k people who took the time to use input to give=20
> feedback (and we all know that people rarely take the time to give=20
> positive comments). Would you define this as 'overwhelmingly negative'?=
=20
> I don't.
I'm sorry, but you're really not good in statistics. Regarding this matter =
we don't and shouldn't care about feedbacks that are not about Pocket. E.g.=
 if there would be a hundred negative feedbacks about Pocket and a billion =
positive feedbacks about anything but Pocket - that's 'overwhelmingly negat=
ive' Pocket feedback.
0
Angly
12/18/2015 8:04:11 AM
Il 18/12/15 09:04, Angly Cat ha scritto:
> This is not how statistics works. To get a representative statistical 
> sampling, you should be widening time range, not narrowing it. Pocket 
> was shipped with Firefox 38.0.5 at 2nd of June, more than 6 month ago. 
> So basically we should look at all feedbacks within this time (minus 
> month or two in order to filter 0-day rage feedbacks). 
Not trying to provide a statistically relevant analysis on 9 entries. 
And, thanks, pretty aware of my limits every day, you don't need to be 
worried or sorry :-)

If you have time and resources to do such an analysis, excluding false 
positives and extrapolating tendency over time, please do, I would be 
really interested in the results. I only picked en-US, that's 56140 
entries: 
https://input.mozilla.org/en-US/?q=&date_end=2015-12-18&date_start=2015-06-04&locale=en-US&product=Firefox

> m sorry, but you're really not good in statistics. Regarding this matter we don't and shouldn't care about feedbacks that are not about Pocket. E.g. if there would be a hundred negative feedbacks about Pocket and a billion positive feedbacks about anything but Pocket - that's 'overwhelmingly negative' Pocket feedback.
That assumes you're interested in feedback about Pocket, I'm not. I'm 
more interested in knowing how many people complain about Firefox, and 
do it because of Pocket.

Francesco

0
Francesco
12/18/2015 8:32:29 AM
I'd be careful about trying to claim any sort of statistical validity for
the feedback button. It is hidden in a menu most users will never see, much
less use; by definition the people who find and use it are not
representative. The only valid data you'll get on Pocket is by actually
measuring use.

Luis (nightly user since '99 who loves the Pocket integration)

On Fri, Dec 18, 2015, 12:04 AM Angly Cat <l1aqus@gmail.com> wrote:

> On Friday, December 18, 2015 at 1:37:22 PM UTC+6, Francesco Lodolo [:flod]
> wrote:
> > I don't think looking at 90 days is fair. Let's look at 7 days, at least
> > there's something manageable
> >
> https://input.mozilla.org/en-US/?q=pocket&date_start=2015-12-10&selected=7d
> This is not how statistics works. To get a representative statistical
> sampling, you should be widening time range, not narrowing it. Pocket was
> shipped with Firefox 38.0.5 at 2nd of June, more than 6 month ago. So
> basically we should look at all feedbacks within this time (minus month or
> two in order to filter 0-day rage feedbacks).
>
> > 4 out of almost 4k people who took the time to use input to give
> > feedback (and we all know that people rarely take the time to give
> > positive comments). Would you define this as 'overwhelmingly negative'?
> > I don't.
> I'm sorry, but you're really not good in statistics. Regarding this matter
> we don't and shouldn't care about feedbacks that are not about Pocket. E.g.
> if there would be a hundred negative feedbacks about Pocket and a billion
> positive feedbacks about anything but Pocket - that's 'overwhelmingly
> negative' Pocket feedback.
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>
0
Luis
12/18/2015 3:25:48 PM
Hi Benjamin,

I'm going to assume the issue of Mozilla "doing it for the money" is now
settled, based on your change of subject.  That's a subject worth
addressing on governance, and the reason I chimed in on the thread.
Product feature discussions are another story, so I'm going to suggest you
take those concerns to firefox-dev, where the discussion really belongs
(and the right folks are following along).

-- Mike

On Thu, Dec 17, 2015 at 6:37 PM, Benjamin Kerensa <bkerensa@gmail.com>
wrote:

> On Thu, Dec 17, 2015 at 3:24 PM, Mike Connor <mconnor@mozilla.com> wrote:
>
>> Hi all,
>>
>> Let's be perfectly clear here: the decision to integrate (and continue
>> shipping) Pocket in Firefox did not, and does not, have anything to do w=
ith
>> money. I can understand how people can fear the worst, so I'd like to se=
t
>> the record straight as much as I can.
>>
>> On Thu, Dec 17, 2015 at 4:08 PM, Benjamin Kerensa <bkerensa@gmail.com>
>> wrote:
>>
>>> Would you agree though that while you were not paid to integrate
>>> that it was probably known that there was a revenue sharing deal
>>> going into this and that roughly translates to incentivizing
>>> the integration?
>>>
>>
>> Frankly, I don't know if revenue sharing was widely discussed, but I
>> would be somewhat surprised.  I know that the focus of the Firefox team =
was
>> entirely on getting a great feature into the product, and the idea to
>> bundle Pocket instead of Reading List came from that product team.  That=
 we
>> negotiated a revenue sharing arrangement was more about getting to share=
 in
>> what a for-profit entity would potentially gain from inclusion.  (Much l=
ike
>> our various search deals!)  It wasn't a priority or driving factor at al=
l.
>>
>> I'm sure someone on the Firefox Team didn't wake up one morning
>>> and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
>>> this was not on any long term roadmap.
>>>
>>
>> If you look at the history (as Adam just linked), we'd been working on
>> Reading List as a Firefox feature/service for months, with various piece=
s
>> landed across products and deployed on our infrastructure, even shipped =
in
>> a beta.  There was considerable research that suggested that this was a
>> core use-case for browser users that we were not meeting ourselves, whic=
h
>> is why we were making significant investments into the feature.  The
>> decision to partner with Pocket instead of building our own service was =
a
>> shift in strategy, based on the belief that they offered a significantly
>> better feature and service than we were going to be able to deliver in a
>> timely fashion, and (as a bonus) at significantly less cost to Mozilla.
>>
>> So I can only assume that this was a money versus something that
>>> Mozilla that users wanted.
>>
>>
>> Even if your other assumptions were correct, revenue sharing requires
>> generating revenue, which really requires a lot of usage (especially in =
a
>> freemium business model like Pocket's).  If users didn't want the featur=
e,
>> it'd be silly to ship it, let alone try to profit from it after the cost=
 of
>> making the deal, building, shipping and promoting the product, and
>> maintaining the code long term.  The _only_ way for us to even
>> theoretically profit from an integration like this is for it to be
>> successful with users, which means we have to give users something they
>> want and need.
>>
>> Happily, we're actually doing all of this for the right reasons, and wit=
h
>> no revenue pressure.
>>
>
> Have you even looked at Input? Because the feedback about Pocket continue=
s
> to be overwhelmingly
> negative.
>
>
> https://input.mozilla.org/en-US/?q=3Dpocket&date_start=3D2015-09-18&selec=
ted=3D90d
>
> Let me share some feedback from users:
>
> "unable to remove Pocket from menu. it does not show up in bookmarks or
> bookmark toolbar. and generally such 3rd party items are unwanted."
>
> "I really don't like you force things upon users. You remove innovative
> unique features like tab grouping that I use and you add vendor specific
> addons like pocket which I don't use. Why there's no feature voting syste=
m
> already? You asks for donation while forcing ideas upon users. I regret m=
y
> donation."
>
> "How do i remove pocket from the browser? WIll be using chrome until this
> is fixed."
>
> "Fuck DRM, Pocket, Hello and all of that bullshit. Fuck Yahoo too."
>
> "Because you integrate Pocket. It hurts the web!!! And Mozilla Foundation
> is against this!! WE ARE AGAINST THIS. That's the reason i choose Firefox=
.."
>
> "Please remove pocket and hello from Firefox and make a separate plugin
> instead"
>
> "
> =E7=8E=B0=E5=9C=A8=E7=AE=80=E4=BD=93=E4=B8=AD=E6=96=87=E7=89=88=E7=9A=84=
=E7=81=AB=E7=8B=9042.0=E4=B8=8D=E8=83=BD=E7=94=A8pocket=EF=BC=81=E6=97=A2=
=E6=B2=A1=E6=9C=89=E9=9B=86=E6=88=90=E5=9C=A8=E7=81=AB=E7=8B=90=E8=BD=AF=E4=
=BB=B6=E4=B8=AD=EF=BC=8C=E5=8F=88=E5=9C=A8=E6=B7=BB=E5=8A=A0=E9=99=84=E5=8A=
=A0=E7=BB=84=E4=BB=B6=E4=B8=AD=E8=A2=AB=E5=88=A0=E6=8E=89=E4=BA=86=EF=BC=88=
=E6=97=A0=E6=B3=95=E6=90=9C=E7=B4=A2=E5=88=B0=EF=BC=89=EF=BC=8C=E6=B5=8F=E8=
=A7=88=E5=99=A8=E9=87=8D=E8=A3=85=E5=90=8E=E5=B0=B1=E6=B2=A1=E6=B3=95=E7=94=
=A8pocket=E4=BA=86=EF=BC=81=EF=BC=81=EF=BC=81=EF=BC=81=E5=B8=8C=E6=9C=9B=E8=
=83=BD=E8=A7=A3=E5=86=B3=EF=BC=81=EF=BC=81=EF=BC=81"
>
>
> There are hundreds of other pieces of feedback about Pocket including new
> comments left daily and I would encourage Mozilla to really look at wheth=
er
> this feature serves users and is what they want.
>
> We cannot keep taking risks and making mistakes if we want Firefox to be
> around in the future and I am of the opinion this was a mistake and to be
> utterly honest I think this feature will be gone in a year or two when
> Mozilla realizes it.
>
0
Mike
12/18/2015 4:07:57 PM
Indeed, the people who use Input are not representative of Firefox users in
general. Heartbeat is a much more accurate tool for general sentiment since
it's not as obviously self-selected.

Those who remember Gregg's speech from Whistler know that Input denotes
passion and not necessarily sentiment of the general population. Additional
context from Matt Grimes who heads up the User Advocacy team:

"We do know that when we first launched Pocket there were complaints on
Input and the press picked up on this. So we ran a Heartbeat study to find
out if this was the general sentiment or indeed showing a very passionate
subset of users. You can see the results here:
https://useradvocacy.mozilla.org/reports/Desktop/PocketSurvey/

Basically the general population finds Pocket to be neutral to positive.
Many users had not heard of it and actually rated it MORE positive after we
had informed them of the existence of Pocket."

Thanks,
David
On Dec 18, 2015 4:26 PM, "Luis Villa" <luis@lu.is> wrote:

> I'd be careful about trying to claim any sort of statistical validity for
> the feedback button. It is hidden in a menu most users will never see, much
> less use; by definition the people who find and use it are not
> representative. The only valid data you'll get on Pocket is by actually
> measuring use.
>
> Luis (nightly user since '99 who loves the Pocket integration)
>
> On Fri, Dec 18, 2015, 12:04 AM Angly Cat <l1aqus@gmail.com> wrote:
>
> > On Friday, December 18, 2015 at 1:37:22 PM UTC+6, Francesco Lodolo
> [:flod]
> > wrote:
> > > I don't think looking at 90 days is fair. Let's look at 7 days, at
> least
> > > there's something manageable
> > >
> >
> https://input.mozilla.org/en-US/?q=pocket&date_start=2015-12-10&selected=7d
> > This is not how statistics works. To get a representative statistical
> > sampling, you should be widening time range, not narrowing it. Pocket was
> > shipped with Firefox 38.0.5 at 2nd of June, more than 6 month ago. So
> > basically we should look at all feedbacks within this time (minus month
> or
> > two in order to filter 0-day rage feedbacks).
> >
> > > 4 out of almost 4k people who took the time to use input to give
> > > feedback (and we all know that people rarely take the time to give
> > > positive comments). Would you define this as 'overwhelmingly negative'?
> > > I don't.
> > I'm sorry, but you're really not good in statistics. Regarding this
> matter
> > we don't and shouldn't care about feedbacks that are not about Pocket.
> E.g.
> > if there would be a hundred negative feedbacks about Pocket and a billion
> > positive feedbacks about anything but Pocket - that's 'overwhelmingly
> > negative' Pocket feedback.
> > _______________________________________________
> > governance mailing list
> > governance@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/governance
> >
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>
0
David
12/18/2015 6:57:56 PM
On Saturday, June 6, 2015 at 7:56:43 AM UTC-7, hugoosval...@gmail.com wrote=
:
> On Friday, June 5, 2015 at 6:59:56 PM UTC-3, tucker....@gmail.com wrote:
> > (Pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=3D1172126. Th=
ere are some comments on Hacker News at https://news.ycombinator.com/item?i=
d=3D9667809).
> >=20
> > Mozilla's recent integration with Pocket, a proprietary third-party ser=
vice, is a mistake.
> >=20
> > It is very exciting to see the ways in which Firefox continues to impro=
ve. And it's even more exciting to see the ways that Mozilla advances it's =
stated mission outside of the Firefox browser with new developments like Fi=
refox Accounts. Pocket now allows you to log in on their site using your Fi=
refox Account; being able to authenticate with a trusted third party like M=
ozilla is a huge win for online privacy advocates and the Mozilla community=
.. However, adding Pocket as a built-in feature to Firefox should not have b=
een done.
> >=20
> > This is particularly surprising since it was Firefox that made browser =
extensions mainstream. Pocket should have been an extension (in fact, a Poc=
ket extension used to exist). It could have even been bundled with the brow=
ser. This distinction is important, since extensions can be removed entirel=
y, whereas currently Pocket can only be disabled.=20
> >=20
> > The user experience of disabling Pocket is not good, either. It needs t=
o be disabled in about:config, which is not at all user friendly, and there=
fore not in line with Mozilla's mission. In the past, Mozilla has been very=
 good about showing the user what new features have been added to the inter=
face and explaining any privacy implications that may come with them. That =
is why I was so surprised when the Pocket icon suddenly appeared in Firefox=
 Developer Edition a couple days ago. It is so unlike Mozilla to introduce =
something like that, I ran a virus scan and checked what programs had been =
installed recently -- I assumed it had been put there in the same way that =
IE users used to get the Ask Toolbar installed.=20
> >=20
> > It may also not be clear to some users that, even when signing in with =
your Firefox account, you are still giving your email address to a third pa=
rty whose privacy policy is different than Mozilla's. Many users would not =
assume this, since it is a feature that is bundled with the browser.
> >=20
> > Mozilla's recent blog post about the Pocket feature is titled "Firefox =
Puts You in Control of Your Online Life" (https://blog.mozilla.org/blog/201=
5/06/02/firefox-puts-you-in-control-of-your-online-life/). Had this been co=
ming from a startup, that post would be humorously ironic. But given how mu=
ch people care about Mozilla and it's stated mission, it is more painful th=
an funny.
> >=20
> > Firefox should continue to add new features that benefit its users, but=
 those features must be done in accordance with Mozilla's core values. This=
 feature should've been done as an extension, which allows for greater user=
 choice and avoids bloat. Most importantly, there was very little public di=
scussion about this inclusion of a proprietary, third-party service. It's a=
 huge departure from Mozilla's commitment to transparency. The existence of=
 the Pocket code in Firefox is a bug in the browser, and it does not adhere=
 to Mozilla's core mission.
>=20
> I strongly agree with this removal. Integrating with third-party propriet=
ary technologies seems to go quite clearly against Mozilla's stance on open=
 source.
>=20
> Back in the day, Mozilla implemented Mozilla Weave (now Firefox Sync) exa=
ctly because existing alternatives were proprietary. I believe that's the w=
ay to go forward.
>=20
> As a long time user of Firefox, I now suddenly feel that contributing and=
 donating to firefox wouldn't just promote freedom and open source, but als=
o promote a third-party for-profit proprietary solution (Pocket).
>=20
> On top of that: there's no reason to affiliate with pocket (or is there m=
oney in the middle?), when implementing this sort of thing is pretty trivia=
l. It is, after all, basically a subset of the feature bookmarking includes=
, and bookmarks are already sync'd.



I was going to sign up for Pocket until I carefully looked at the link in m=
y email tag. It stated  my email in part was via richard@eigbox.net. Doing =
a bit of searching "eigbox" seems to be associated with the EIG group. I ha=
d some bad spam related experiences with BlueHost hosting's "Mojo" which is=
 owned by EIG. That was enough to make me remove it from my Firefox toolbar=
..=20

0
rkarlson78
12/18/2015 11:31:27 PM
On 17/12/15 21:08, Benjamin Kerensa wrote:
> I'm sure someone on the Firefox Team didn't wake up one morning
> and say "Great Scotts we are missing Pocket in Firefox!" and AFAIK
> this was not on any long term roadmap.

That's not correct; this was so much on the roadmap that a team was busy
building our own version. However, the decision was taken that we could
provide a better user experience and get the feature to market faster by
partnering with Pocket (that is my understanding of the rationale,
anyway), so we did that instead.

This feature is not just about the code in the browser; one supposed
benefit of this sort of feature is that you can take your reading list
anywhere, and that involves having apps for lots of different platforms.
Pocket has that; our version didn't.

Gerv

0
Gervase
12/23/2015 11:30:38 AM
Pocket and Hello are completely against what Firefox stands for. I am not against the features, I am against the implementation. Forcing a single provider for a feature is forcing a monopoly onto the users.

I used to donate to Firefox, but not this year. Fed up of the spam of lies where I'm told Mozilla is for an open and fairer internet, yet forces the complete opposite.
0
benjaminsproule
12/29/2015 12:36:34 AM
I agree, Firefox (the technology) has been made first to stand for our
manifesto principles. Putting user first shouldn't be short termed by
putting technology first.
We can make numbers say anything one's which (with hypotheses,
representation, axiom, ...) but we should keep our way going forward :
our principles are our (first and final) aims.

It seems to me that Mozilla avoided monopoly in others area where users
wanted a good experience.
For social network (social web), we build the social API and then build
on top of it some services. The user have a choice on the best provider
to choose (or disable/remove all) and always have the feature.
For search, we built a search manager, improve discovery of
alternatives, integrated then in a marketplace...
And yes, there should be pro and coins, cost and benefit (not only about
money) about these choices that we shouldn't idealize. But the way was go=
od.

Why reading list didn't took / don't take the same way ?
Has our 'decision system' failed at the start (only Pocket) ? On the way
(finally, no next provider) ?
What about ours other principles ? Regarding to them (and not only the
technology) is that the same to achieve them with proprietary and
third-party service or by building our service (or part of it, like the
login), advocate + support + help build an alternative ? Which one, at
which moment give us free hands to make our way forward for long ?

At the end, it's all about the open web.

Le 29/12/2015 01:36, benjaminsproule@gmail.com a =E9crit :
> Pocket and Hello are completely against what Firefox stands for. I am n=
ot against the features, I am against the implementation. Forcing a singl=
e provider for a feature is forcing a monopoly onto the users.
>
> I used to donate to Firefox, but not this year. Fed up of the spam of l=
ies where I'm told Mozilla is for an open and fairer internet, yet forces=
 the complete opposite.
> _______________________________________________
> governance mailing list
> governance@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance

0
Nicolas
12/29/2015 2:29:42 PM
On Mon, Dec 28, 2015 at 7:36 PM, <benjaminsproule@gmail.com> wrote:

> Pocket and Hello are completely against what Firefox stands for. I am not
> against the features, I am against the implementation. Forcing a single
> provider for a feature is forcing a monopoly onto the users.
>

I understand your objection to Pocket, but what is the objection to Hello?
I thought everyone would assume that Mozilla would give preferential
treatment to features developed *by* Mozilla.  I also don't know what an
alternate provider for Hello would mean.

-- 
Ian Bicking | Engineering Manager | Hello | Mozilla
0
Ian
12/29/2015 5:12:53 PM
Sorry, that's my fault. Was meaning to remove hello but got distracted and didn't notice when I posted 
0
benjaminsproule
12/29/2015 5:25:41 PM
On Wed, Dec 30, 2015 at 4:12 AM, Ian Bicking <ibicking@mozilla.com> wrote:
>
> I understand your objection to Pocket, but what is the objection to Hello?

I've seen objections to Hello on multiple occasions, though not as
often as Pocket.

I think the "powered by Telefonica" description is the issue. AIUI
Telefonica (or their subsidiary, TokBox) provided some of the relevant
code underlying Hello, and Telefonica also runs some servers that get
used somehow when Hello connections are created... but I'm not at all
certain about that and would be happy to hear details.

Anyway, I suspect people see/hear "powered by Telefonica" and assume
the worst -- that Telefonica has full access to all your Hello
communications, or something like that, which I'm fairly sure isn't
true. Clarifications would be welcome!

Nick
0
Nicholas
12/31/2015 9:45:16 AM
When I last looked into this, the plan seemed to be to change Pocket into a=
 "super-extension" that's not visible in the UI, cannot be disabled and whi=
ch can be updated at any time, without any notification to the user and out=
side of the release cycle of Firefox.

Is this correct?
0
UTF
4/15/2016 7:19:31 AM
On 4/15/16 12:19 AM, Laurențiu Nicola wrote:
> When I last looked into this, the plan seemed to be to change Pocket into a "super-extension" that's not visible in the UI, cannot be disabled and which can be updated at any time, without any notification to the user and outside of the release cycle of Firefox.
>
> Is this correct?

Pocket will be moved to a system add-on in Firefox 46. I don't know 
whether system add-ons show up in the Add-ons Manager or can be 
disabled. The Pocket add-on work was completed in bug 1215694:

https://bugzilla.mozilla.org/show_bug.cgi?id=1215694

0
Chris
4/15/2016 5:48:32 PM
I was very surprised to be looking through my Pocket bookmarks to find advertising there. I was totally unaware that this was a non-open source for profit application that was bundled with Firefox.

I don't know about you, but I believe that a non-profit organization has no business including adware with their main product.
0
aclsid2016
6/15/2016 6:39:18 PM
On Wed, Jun 15, 2016 at 11:39 AM,  <aclsid2016@gmail.com> wrote:
> I was very surprised to be looking through my Pocket bookmarks to find advertising there. I was totally unaware that this was a non-open source for profit application that was bundled with Firefox.
>
> I don't know about you, but I believe that a non-profit organization has no business including adware with their main product.

Does that include features like Yahoo/Google search, both of which are
also include ads in their products?

/ Jonas
0
Jonas
6/16/2016 10:44:33 PM
Well, if you are suggesting that Pocket is so essential to Firefox as the
major search engines out there, then there is a bigger governance problem
here. But ask yourself why most of the open source projects have actually
switched to DuckDuckGo while Firefox continues to stick with Google or
whoever paid the bill that year. Just like in politics, with money comes
responsibility towards the entity that gave you funding.

Pocket is hardly an indispensable thing and more importantly, it is a very
simple piece of technology that could probably be serviced by an open
source project eventually. People could still install it as an extension if
they like, but money is corrupting the decision making process of Mozilla,
so that instead of watching out for the user, as pretty much your mission
states, the money received has become part of the equation.
On Thu, Jun 16, 2016 at 6:45 PM Jonas Sicking <jonas@sicking.cc> wrote:

> On Wed, Jun 15, 2016 at 11:39 AM,  <aclsid2016@gmail.com> wrote:
> > I was very surprised to be looking through my Pocket bookmarks to find
> advertising there. I was totally unaware that this was a non-open source
> for profit application that was bundled with Firefox.
> >
> > I don't know about you, but I believe that a non-profit organization has
> no business including adware with their main product.
>
> Does that include features like Yahoo/Google search, both of which are
> also include ads in their products?
>
> / Jonas
>
0
UTF
6/19/2016 10:13:13 PM
Reply:

Similar Artilces:

Integrate Firefox - Remove Konqueror - Network setup
Hi there, I am kinda new to linux and openSUSE. I have installed version 11 x64 on a Intel Q9300, asus mobo, 4GBs of ram and nvidia8800GTX. I've used Ubuntu before at home which was OK, nicely done, easy friendly but seemed to be fragile at times and didn't look that professional compared to openSUSE. I've used RHEL4 at work which made me to hate my life! After installation everything worked smoothly, well nearly, because I had problems playing .mp3 and .avi files. All that is sorted though. Anyhow, I am a firefox user, so I want to use Firefox as the main brows...

Don't Like Removal of Thunderbird Integration from Firefox 2.0.
Name: Louise Email: louisedotgilmouratgmail.com Product: Firefox Summary: Don't Like Removal of Thunderbird Integration from Firefox 2.0. Comments: Hi. I've just now downloaded Firefox 2.0, clicked on "Tools" to get into Thunderbird and discovered that this tie-in has been removed from the menu (along with the "new mail message" option). This is almost enough to make me uninstall this version right now even though it'll no longer be supported by April, as having these two programs intertwined was really helpful and an important part of why I ...

Remove all firefox certificate authorities from firefox
I'd like to remove all ca's from a profile in firefox and then enable each one I need by and (case by case), how can I do that (without interfering with other profiles I use for general browsing) and without having to do it by hand? thei're many! Any advice? Aquarina wrote: > I'd like to remove all ca's from a profile in firefox and then enable > each one I need by and (case by case), how can I do that (without > interfering with other profiles I use for general browsing) and without > having to do it by hand? thei're many! > Any advice? ...

superreview cancelled: [Bug 308862] Remove unused preference "browser.tabs.opentabfor.urlbar" from firefox : [Attachment 196362] Remove preference "browser.tabs.opentabfor.urlbar" from firefox.js
Asaf Romano (use mozilla.mano@ for email) <bugs.mano@sent.com> has cancelled Hans-Andreas Engel <Hans-A.Engel@unibas.ch>'s request for superreview: Bug 308862: Remove unused preference "browser.tabs.opentabfor.urlbar" from firefox https://bugzilla.mozilla.org/show_bug.cgi?id=308862 Attachment 196362: Remove preference "browser.tabs.opentabfor.urlbar" from firefox.js https://bugzilla.mozilla.org/attachment.cgi?id=196362&action=edit ------- Additional Comments from Asaf Romano (use mozilla.mano@ for email) <bugs.mano@sent.com> Genreally...

superreview requested: [Bug 308862] Remove unused preference "browser.tabs.opentabfor.urlbar" from firefox : [Attachment 196362] Remove preference "browser.tabs.opentabfor.urlbar" from firefox.js
Hans-Andreas Engel <Hans-A.Engel@unibas.ch> has asked Brendan Eich <brendan@mozilla.org> for superreview: Bug 308862: Remove unused preference "browser.tabs.opentabfor.urlbar" from firefox https://bugzilla.mozilla.org/show_bug.cgi?id=308862 Attachment 196362: Remove preference "browser.tabs.opentabfor.urlbar" from firefox.js https://bugzilla.mozilla.org/attachment.cgi?id=196362&action=edit ...

Remove Firefox
Name: Sam Lehman Email: slhmnathotmaildotcom Product: Firefox Summary: Remove Firefox Comments: How do I Remove Firefox from my computer? Firefox would be great if it didn't keep locking up, and causing me to have to reboot. I am running Windows Vista and it caries a lot of extra baggage,most of which is probably unnecessary. But that is neither here nor there, the fact is I am stuck with Vista, so I can't use Firefox under present conditions. This is most regrettable because Firefox is, in my opinion, far superior to Internet Explorer. Browser Details: Mozilla/5....

Removing Pocket
I tried it and I realized that Pocket is useless for someone that uses FF only on his computer. Such a user can have a folder on the Bookmarks Toolbar, and add and remove webpage links there. Following directions in earlier thread, I toggled 2 config values and removed the button from the toolbar. Now, how can I remove the Bookmarks > View Pocket List item? What, however, would be interesting for off-line users would be a similar add-on that with the click of a button would save a webpage in a folder in the computer, access the webpage from a dropdown list (or from a br...

Removed Firefox
Name: Brent Healy Email: cmbhealyatgmaildotcom Product: Firefox Summary: Removed Firefox Comments: Alas, after championing Firefox for many years, I have been forced to remove it, as I have had too many issues with redirects and other backdoor issues that Mozilla has apparently been unable to contend with. Please get it fixed Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this fee...

Firefox was removed!
Name: Sarah Email: spiraluzumakiatgmaildotcom Product: Firefox Summary: Firefox was removed! Comments: I received notice that 3.5.5 was ready, so I updated it and it removed Firefox 3.5.3 but didn't install the new version. And now I can't uninstall 3.5.3 manually. What happened? Windows Vista Home HP Pavilion laptop Browser Details: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618) From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation ...

Firefox or not Firefox
Name: M B Fletcher Email: mf38794atntlworlddotcom Product: Firefox Summary: Firefox or not Firefox Comments: You asked why I took it off but did not ask more than the basics. I put security but in fact I put on Fire fox today and found a GOOGLE front page for searching when I had nothing there before. I wondered if I had been hijacked or you had done a very stupid update. I still do not know for sure. I do not ever use Google that I know of. The biggest spy on computers in the world and you should know better. If I find it is correct on Firefox I will go back to IE. At...

Integration into Firefox
Name: Robert Email: rhm1942atcomcastdotnet Product: Thunderbird Summary: Integration into Firefox Comments: The email used to be integrated into the browser. That is a feature I like with Opra. Why did you change it? My desktop has an old version and the email is integrated. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 ...

Firefox integration in MacOS : context menu in dock Firefox icon
Name: Clem Product: Firefox Summary: Firefox integration in MacOS : context menu in dock Firefox icon Comments: Hi, I would like to suggest you to add a simple feature to improve Firefox integration in MacOS. Indeed, when only the download window is open, we can't open a Firefox window by right-clicking on the dock firefox icon, that is rather boring. It would be very good to add in the context menu the option to open a new Firefox window, all the more in Safari this option already exists... Thank you very much. Clem. Browser Details: Mozilla/5.0 (Macintosh; U; Intel M...

customize firefox
Hi, Just starting with Firefox. I've got my closing X's for each tab now, have the active tab highlighted. I would like to remove the icons that appear in front of web addresses in location box and other places and remove the search box. Thanks, Jim Jim wrote: > Hi, > Just starting with Firefox. I've got my closing X's for each tab now, > have the active tab highlighted. > > I would like to remove the icons that appear in front of web addresses > in location box and other places and remove the search box. > > Thanks, > Jim ...

Old Firefox 2 icon desktop not removed when upgrading to Firefox 3
Name: Enrique Palacios Email: epalaciosferreratgmaildotcom Product: Firefox Release Candidate Summary: Old Firefox 2 icon desktop not removed when upgrading to Firefox 3 Comments: When I install the new Firefox 3 Release Candidate, I come up with two Firefox desktop icons. Both of them point to Firefox 3 Release Candidate. I think the correct behavior should be to end the installation with just one icon. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 From URL: http://hendrix.mozilla.org/ ...

Web resources about - Remove Pocket Integration from Firefox - mozilla.governance

Artificial hair integrations - Wikipedia, the free encyclopedia
Artificial hair integrations , more commonly known as hair extensions (rarely referred to as a hair hat ), add length and/or fullness to human ...

Pixelmator for iPhone and iPad adds Apple Pencil integration, 3D Touch Peek and Pop, home screen quick ...
... more about iOS Devices , Apps , and iPhone at 9to5Mac . What do you think? Discuss "Pixelmator for iPhone and iPad adds Apple Pencil integration, ...

Scripps Networks Sees All-Time High in Demand for Branded Integrations
Scripps Networks has a long history in brand integrations, but CEO Ken Lowe said the company is witnessing an all-time high in demand for such ...

Readdle’s Scanner Pro updated with smart renaming, Box integration and more
... buttons in the bottom toolbar after making your document selection. All Box-ed up The new version of Scanner Pro also introduces integration ...

"Various Paths" of UK Subservience to Full EU Integration; Cameron's Brexit Appeasement Bluff
... from the EU’s mantra of “ever-closer union”, Mr Tusk diplomatically noted that the treaties already allowed for “ various paths of integration ...

Integration Can Break The Social Media Obsession
OK, I have to be honest. I had never heard of R3. Apparently in its day job R3 helps companies maximize their agency reviews, remunerations and ...

Cisco Partners: 'We Want Tighter Integration' With Microsoft
Cisco Partners: 'We Want Tighter Integration' With Microsoft CRN Partners are calling for tighter integration between Cisco and Microsoft as ...

Salesforce Connect Simplifies Enterprise App Data Integration
DAILY VIDEO: Salesforce Connect improves data integration for enterprise apps; VTech admits lack of database security opened door to hack; Microsoft's ...

Twitter Chirping Louder OnTweet Integration
There are reasons to both 'integrate to' and 'integrate from' Twitter, so how is the company making sure its software proposition lives up to ...

Innovation and integration for better cities (part 2)
Humanity's move to the city is accelerating, so how do you make its citizens feel at home? From Paris to Lagos, François Picard's panel looks ...

Resources last updated: 1/3/2016 8:34:10 PM