Waterfox is sold out officially, it is part of the corporate world

We had dedicated much energy in the past,  2 years ago, to advocate for Palemoon and you should at least read the piece about the NoScript parody, and how we gave up on it for specific suspicious reasons (still holds unchanged, Palemoon has branded NoScript as “dangerous” because it breaks pages).  We had seeked refuge at Waterfox, retaining some old firefox functionality and ensuring us it is blocking all of Mozilla tactics of robbing you of private data and feeding it to “who knows who”.

Waterfox officially was sold by mr Alex Kontos to System1, a UK payperclick ad company, which it would be absurd to believe that it wouldn’t utilize the browser’s ability to feed their other interests with private data.  Or why else would they buy to promote their own browser, to make all others break while they are getting robbed?

Thank you Alex for your sincere efforts and sleepless nights of coding, all these years, it has been a great ride, and it is too bad it had to crash in such a bad time for browser variety and period.  Goodbye and good luck for all that you had done up to now.

Waterfox lost sound ability while playing videos when glibc 2.31 started hitting some distros.  It would automatically be fixed if you reverted to 2.30.xx but then most of your other software compiled with that new library “might” break.  There was a fix, and I quote:


In a terminal console:
tex@localhost ~]$ export MOZ_DISABLE_CONTENT_SANDBOX=1
tex@localhost ~]$ export MOZ_DISABLE_GMP_SANDBOX=1
[tex@localhost ~]$ waterfox

and after this was published Feb5 as a problem and nobody at Waterfox responded (usually the specific insider named below has been extremely helpful with any problems), for 2 weeks (2/19/2020 now), we get this response:

Venghan Contributor 55 minutes ago · edited 38 minutes ago

It’s rather temporary fix, disabling sandbox may decrease security.

Related => bugzilla.mozilla.org/show_bug.cgi?id=1600574


But why fix a MAJOR BUG while you are about to sign in and get some cash.  Too busy with lawyers and bankers to push a patch.  None of Alex’s business anymore, let the corporate team figure it out.

But it is the only fix for now, unless you know how to run a container with the previous stable glibc library and run waterfox in it.  Decreased security of disabling sandbox internally may mean the necessity of sandboxing (firejail …?) around waterfox.  But if we were to run to such measures to just use a browser we might as well sandbox the authentic Mozilla corporate/agency product, isolated tab by tab, and entering no personal information anywhere ever.

  –  Waterfox never run in musl, and I failed at all attempts to build it without glibc.


So, keep your 2020.02 version of waterfox as the last, broken, but not signed by a major corporation browser alternative to evil itself (chrome,firefox,explorer) or the weirdo palemoon.


So, where do we go from here?  Anybody knows?  I have been toying around with Brave (brave nightly to be exact – alpha/beta stuff) which when researched deep inside the “advanced” settings, it tunneled private information back to “their trustworthy” associate, themselves.  I was under the impression brave was created to avoid such tactics.  It run inside firejail fine, up until recently, then it couldn’t.  With brave-nightly you may get two updates a day, so whatever you set up the one morning maybe unset by after lunch time.  In a very Mozilla like fashion, where your “options” are no longer compatible and the new defaults are reversing your options.

Do you know how a common database works?  Fields, columns of data, for example:


so you enter:


If they change Name to Name0 and Lastname to Name1, then those 2 new fields can be set to a default value till you change it.  So whatever security options you set, once an upgrade comes through, they can be UNSET.  So, everytime you upgrade something, don’t expect your previous settings and configurations to last.

Let us get back to Mozilla now, the dear friend and associate of this other “character”, tor-browser.  Ever since those two enemies (tor-browser used to have a gnu version of firefox, also carried by debian long ago, under the tags ice-xxxx but hacked that one too) got married and keeps up with mozilla’s -esr version, the partnership left us scratching our heads.  Not for the M, that was a given for years, but for the tor team as well.  If your comrade marries a cop, it is obvious she/he is not a comrade anymore.  No offense, but there are choices in life.  TorBirdy, also utilized in tails, was an addon to thunderbird ensuring all communication goes through a proxy.  Mozilla made sure it wouldn’t work anymore, and the tor-team left it unmaintained.  What time is it now?  It was 2018 when they last touched it.  You can still set proxy manually, but do you really trust it?  If you do, and it is working, then why can’t it resolve .onion servers but only sees “official” net addressing?

There is no way out of all this.  You think you can trust tails and run some VM from inside tails and you are anonymous and secure?  If tails wanted security they would be eager to get rid of security threat No1, systemd.  But Nooo…  tails and torteam has been bedfellows with debian and fedora for so long it would be unheard of to expect them to separate.


Faw getta boud it!  You can’t escape, your best friend coder will sell out at his/her best opportunity to cash in the expertise.  When they do, no heart feelings, they decided not to be your friend any more and there are better things in life than friendship;  like an 11s car or a 9s bike, or a 25s bicycle, but you can’t really buy legs, even for a 25s run.


Keep swimming, upstream like a trout, we’ll get there.


PS  It was similar reasons and topics that made us scratch our heads about Devuan, and how they dealt with onion.repositories and how did they identify onion connections, separated them, and forwarded them through a different route to debian, without alerting users of beta-testing their crap for 3-4 months.  Then when it came time to answer and explain they felt it was better to ban people than have to give a public explanation.   Keep swimming, don’t forget.  Don’t forgive even though they think you forgot.

PS2  https://www.waterfox.net/blog/waterfox-has-joined-system1/  What a piece of work, we should cry and feel sorry about this UK “based” alternative to big browsers being engineered in California and bound by UK/EEC law.  Retroactively you may find out it also moved to the US, where it is not bound not to be spyware-browser at the same time.  He says it almost himself, it is privacy and security minded, that doesn’t make it either private or secure.  And his 5c worth of advice “if you want privacy go to tor” it is just that, 5c to tor-browser 4c for waterfox.  Under what authority would someone be able to advise that tor-browser is secure?

He is right and telling an important truth about browsing, if you want security and privacy you can’t have browsing fluff.  If telemetry is turned off (100%, even to the browser developer) and scripts turned off, with the exception of really trustworthy sites, then you have nothing to worry about.  And who can you really trust with your browsing history and habbits and why are they using scripts in the first place?  To make stuff pretty and functional.  Things can be pretty and functional with html alone and html video plays just fine.

Selling out fans and users to corporate (and who know what other interests) and making money is a major motive in the industry.  Let’s not cry about it calling you on the very act you aimed for.

10 thoughts on “Waterfox is sold out officially, it is part of the corporate world

  1. You know how car guys, like fast and furious, talk of 10s cars, they are talking about 1/4mi or 0-400m drag race. It takes an expensive car to go that fast. On a motorcycle you can go 10s with most sport bikes, but to go faster than that you really have to know how to ride.
    Now on bicycle you can run around a track for 400m in 25 seconds, which is not really that big of a difference than spending all this money and gas, and make so much noise. You should check 1hr records on bicycle and 24hr records. It might actually cost more because food is a much more expensive carbohydrate than fuel, but the body is a much more efficient engine.

    If you take size and average power of the human body and compare it to other living organisms, humans are one of the most inefficient beings on the planet. They can’t walk, run, or swim anywhere as fast as animals, birds, insects. You give those humans a bicycle, as a tool to move around, and they become one of the most efficient animals on the planet.


  2. A System1 subsidiary also bought Startpage : http://daemonforums.org/showthread.php?t=11206

    Regarding Waterfox and Palemoon – I’ve never used them. In that I have always been suspicious of these rebranded, supposedly performance or retro or privacy focused forks of web browsers – where there is one “benevolent developer” and a personality cult surrounding them and lots of drooling users – who largely contribute nothing, but will run about the WWW recommending it and advising others to use it… they all use the end “product” freely with lots of blind trust – then eventually a big fat sell out happens and then lots of wailing and wringing of hands from those same end users (who had contributed nothing in the first place). I consider them “snake oil” – one should certainly smell a rat or two. I consider that the person providing them for “free” wanted to gain exposure first, build userbase and then… work it out. I can’t blame them – there’s gullible fools, there’s money to be made and they might get on the payroll of some tech company for their efforts – it happens.

    I prefer to take the “poisoned” product and work out how to remove the poison for myself and/or live with whatever compromise. Or if I do decide to use the “snake oil”, I’ll just accept it as that and adjust my expectations accordingly.


  3. A developer can write the worst or the best code in the world, it is convincing “users” to try it that lets the developer know whether his code works or doesn’t. Otherwise neither sharing or licensing code would have any meaning. It is users of code that critically use others’ code that leads them to become coder themselves. If a coder knew of the bugs ahead of time why would he release code? He releases code and publishes it so bugs or suggestions for improvement can improve the effort. So I disagree in such an elitist separation that developers are gods and users are recyclable garbage.

    The hypocrisy of nearly all open and free code producers is that they don’t owe anyone anything but they usually beg and expect funding. In today’s neoliberal universe it is more advantageous to beg and expect funds as a legal entity, a private corporation or a non-profit, than to ask for it as an individual. Since people can’t legally be sold outright as real estate their products as material possessions of a legal entity can be sold in their entirety easier by just transferring stock. So all those good people who work hard, night and day, for the benefit of humanity, and allow all their work to be owned by a legal entity, at some point they cash in all their input for a good sum of money. How is this measured for them? The amount of users relying on their product, nothing else. Those sad romantics who believe that cash is paid on technical/scientific merit they can keep washing dishes to pay for their repository and keep developing the perfect code. Unfortunately it is the crap that users like that make a piece of software successful.

    Now what do you do with a browsers 30million lines of code? Do you audit it line by line? No, you test what its claiming against a contained system where input and output can be measured. You can simulate the internet by copying some common servers’ content, isolate it and see what this piece of software does. Is it trying to communicate with anyone the simulated internet is allowing it to see? With who,and how. If after all this criticism hadn’t accumulated around mozilla’s false promises and suspicious sharing of data, all they had to do was to come out and commit that they are not doing what they are accused of. Well, they didn’t, they continued like they were deaf and sold the same old myth about how users and developers are one and protect themselves from third parties. When GWBush spoke of “us” and the “evil doers”, he meant us common people together with the industrial military complex, the bio-medical-pharmaceutical complex, the oil inustry cartel, against all others “evil doers”. To google, facebook, and mozilla, us includes the NSA, and them include evil doers such as Asange or Snowden. What did palemoon and waterfox do? Took the mozilla code and just shut off some of its hidden (or less visible) communication channels. They didn’t pretend to rewrite the code. In some cases they took security features from new editions of FF and backported them to older editions that were more known and trusted.

    In the spirit of open and free software mozilla found a technical excuse of an “improved feature” to change the structure of addons. If addon creators wanted to stay with mozilla they had to adapt. If they didn’t they got the boot from their server. The new server can verify that you are using their current product and not some outdated clone. Palemoon in their restricted vision they thought that users would be happy with addons produced by palemoon fans. Waterfox took it up to themselves to host all legacy addons and called it the Classic Archive of all the removed addons from Mozilla. Even PM users would subscribe to this server to get old firefox addons.

    Although in principle I agree with you in the last paragraph, the factory original firefox felt like a slug compared to the two others I have tried in recent years. Why? I don’t know exactly, but it appears as it is too busy doing other things than browsing webpages like it is expected. Even -esr felt like an overloaded truck compared to its clones.

    Like Figosdev said on his parody, to me a browser is something I can use noscript with. Brave appears to do something similar internally but it is like a big on/off switch, “all on” or “all off”. The micromanagement of NoScript is irreplaceable.


  4. Hail to yee all,

    You may want to check this resource:


    Here is a short summing up:
    – Opera – Spyware Level: extremely high
    – SRWare Iron – Spyware Level: extremely high
    – Slimjet – Spyware Level: extremely high
    – Brave Browser – Spyware Level: high
    – Waterfox – Spyware Level: high



  5. “The micromanagement of NoScript is irreplaceable.”

    umatrix is better (for the time being) in my opinion. Who knows, in the future that developer might also sell out like noscript’s did.

    Browser privacy add ons are all about trusting a third party with privacy, which is much like trusting the browser with privacy.

    You touched on “performance” and “feel” and with respect fungal, that’s just the kind of wishy-washy chatter you see on fan forums for these various browser forks – i.e. no hard data, just “trust” our benevolent browser “developer” friend with his rebranded firefox/chrome to look after you. One may as well have said “oh but Waterfox felt so much more private…”.

    “Privacy” is a market like any other. There are well know issues with firefox and chrome and most other major browsers. The man selling bottles of “privacy” from the back of the van, to the masses is reacting to a gap in the market, in particular to hysteria and has vested interests in doing so. I compare it to the “virus industry” – that was a license to print money, due to MS dodgy practices, modern browsers, complete with their telemetry and tracking “features” are another fertile hunting ground for the same kind of thing – but 90% of the problem is in the cesspool called “the web” itself.

    Pale Moon for example had a data breach undetected for 18 months. Security is often overlooked when it comes to these forks, where performance, offering a retro UI or some pre-configuration of privacy settings is the main selling point.

    Waterfox is a great example of how money talks and how even a browser which bragged about “no data collection” will sell out to an ad company. If it’s anything like similar things I’ve seen elsewhere it will be a case of “allow us nice gentlemen to spy on you, act as middlemen and send our ads and in return you can avoid all of the tracking and data mining from the major players”.

    Brave browser comes with two EFF add ons, preinstalled and enabled and whether or not that’s a good thing, really depends on if you trust EFF… they’re also a company who are in the ad business, now following the noscript model of “acceptable ads”.


  6. Pingback: Which browser to choose for privacy and anonymity and which “free” email? | systemd-free linux community

  7. @cynwulf1 Who knows, in the future that developer might also sell out like noscript’s did.

    It seems I am missing a detail? How did they sell out? When they switched to Mozilla’s webkit crap quantum, instead of sticking to legacy 5.xx which is still updated and maintained for those that liked it better. I’ll give umatrix a spin.


  8. I started looking for alternatives soon after he introduced a default whitelist, this is what I term “acceptable ads”…

    This includes common Microsoft and google domains, among others and also allows their subdomains by default. I cleared these and tolerated it, but got rid for good when he switched to “that” terrible UI

    But it was I believe “adblock plus” who pioneered “acceptable ads” – I use that term here loosely for similar functionality – he certainly used that exact phrasing.

    Again it’s painfully obvious as to what the objectives are – proliferate the add on, hold the ad industry to ransom and then monetise. While supposedly blocking ads, they also profit from them… once again exactly as per the “virus industry”…


  9. I’m using mostly https://www.netsurf-browser.org (I’m writing this comment with netsurf), without support for javascript. Proper websites with actually some interesting content should work with it.

    Other crappy website full of js malware, privacyless and co, if you have a need to connect on it, an easy, “safe” and convenient way to use some huge factory code, aka Firefox or Chrome -> https://g3ngr33n.github.io/qemusandbox/index.html

    Never install Firefox, Chrome, Brave, Seamonkey or any other modern browser on your main system, doing this will open instantly a backdoor to your machine


If your comment is considered off-topic a new topic will be created with your comment to continue a different discussion. This community is based on open and free communication, meaning we must all respect all in minimizing the exercise of freedom to disrupt such communication. Feel free to post what you think but keep in mind the subject matter discussed. It is just as easy to start a new topic as it is to dilute the content of an existing discussion.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.