Asa Dotzler: Firefox and more

Heh. I posted almost the same thing earlier today, if a bit less succinctly.

I think this is Steve's plan to take over his 15% of the web.

i think you're just being petty. apple has already made this latest - and i would say significant - concession to mozilla by separating its updates from new software. clearly, you want more than just for apple to uncheck the box; you want them to leave out the new software option entirely, don't you? well, it's a free market, so that's not gonna happen. give the end-users some credit, let them decide what they want or don't want to download. apple's just making it easier for them to discover new - and perhaps better - alternative applications to what they've been using.

The update process as proposed by Apple (old one or new one), let no the user choose what they want. Have the choice means: "Here you are, choose what you want". Apple's proposal is: "Here you are, choose what you don't want". Do you go to a supermarket where you have to say what you DON'T want? Do you agree if when you put gasoline on your car, you have to say: please, I don't want chewing gums?
Every time I get Apple software update, I have to see in depth to see if something has been added. I'm really sure that Apple's defenders would not be glad if Mozilla included in it's update process a default-checked checkbox to download Thunderbird.

@angstrid: Asa is just completely right here. I don't want to have to carefully uncheck the same boxes each time I install a security update for the pieces of Apple software I want to use on my machine. And it is a fact that many many less saffy users just click 'OK' on every box. and up with a bloated system. Until they get screwed over too often, then they start to press 'Cancel' on each box, so they end up with unpatched systems. The Thunderbird comparison is very apt BTW.

"Apple Software Update service (v2.1)" bundles iTunes with Safari3 (BETA),
Apple has copied from Micro$oft
(Windows bundled with M$ Internet Exploder)!!!!
And once more:
Quicktime is bundled with iTunes, I do not want iTunes automaticly,
when updating Quicktime, I WANT CHOOSE BY MYSELF !!!

I do NOT USE iTunes or Safari, I WANT use Quicktime ONLY!!!

I do not need Safari, I have a better browser (Opera) !

I do not hate FireFox, but I only use (and love) Opera.

I'm quite a big fan of many Apple products - they make some amazing devices (like my iPhone, and the entire OS X operating system).

But Asa's definitely right here. Kudos to Apple for the improvement, but I'll give them full credit when they stop putting icons on my desktop without my approval, and stop trying to make their processes auto-run on every install when I've specifically disabled them. Yes, I like my iPhone. No, I don't want their mobiledevices process running, or quicktime starting every time I start my computer. That's fine on my Mac, but not on my business (XP) laptop. Apple's behavior on Windows really is bordering on completely unacceptable, enough that I'm considering uninstalling all Apple products from my XP laptop.

So no, they should not check to install new junk (it's junk if the user hasn't asked for it) by default. It's a nice market grab technique, but people aren't quite as unsavvy as they used to be - and Apple could see a growing backlash if they become perceived as predatory on the Windows platform. I'd hate to see that when there is so much real merit to their products.

full disclosure: have an iPhone, use Firefox on both my Mac and my Windows system, also use Safari and IE in appropriate situations. Fan of beautiful products, not a fan of corporate greed.

I don't know why people seem shocked that a corporation trying to gain market share is acting like a corporation trying to gain market share. Yes, if Apple wants to be a good citizen it shouldn't have the box checked by default, but there are a million other examples of companies that default to installing crap you don't want along with the parts you DO want. I remember the last time I downloaded Yahoo Messenger, it had options checked by default to install the Yahoo Toolbar, change my homepage to Yahoo, and so on. So what does Apple gain by being a "good citizen" here? A pat on the back from a foundation with less than a fifth of the browser market? Does Apple really give a damn? Hell, no--Steve Jobs is looking at Safari usage going up and laughing maniacally in his sleek, brushed-aluminum subterranean lair. As long as they give me the choice, I can't say I really care--if iTunes REQUIRED Safari that'd be another matter, and honestly I'm shocked they haven't gone that route yet.

@MasterofOpera - So why not download just QuickTime? Apple Software Update has a handy "Ignore Selected Updates" menu item under Tools. Ignore iTunes. It's not that hard.

@sumisu - iTunes does require parts of Safari for rendering the iTMS. It's just that the parts have been built into the Windows version of iTunes for quite some time.

I'm a Mac user at home and deal with mostly UNIX servers at work. Yes, Apple does some weird things, but their products work together extremely well. QuickTime in particular is nothing short of brilliant on Mac OS X. I just wish it worked that well on Windows.

I still don't understand why people use Firefox on Mac OS. It doesn't make sense to me. It has its own widget set, its own text entry box without system services like the spelling checker, its own font smoothing method (or lack thereof), and just doesn't integrate in general. OmniWeb for me, thanks. Firefox on Windows or Linux is as better as QuickTime on Mac OS X.

So whats the big deal? Unchecking the box? How petty can you get. Just download safari and get on with life and stop the bytchin.......
Must be a Bush supporter

@MasterofOpera.. you WANT Quicktime? Wow.... I blogged about this awhile back, now admittedly, I work for Microsoft, so I will probably get smacked for being totally uncredible, but I do carry a Macbook Pro (even into MS meetings hehe) and I think that gives me a little credibility towards being unbiased.

I think the thing is, it's not that Safari is a bad product, even though I won't use it even on the mac..... it's that it is a subversive way to try and install it. I had installed Safari for Windows on my main XP machine at home, and when I saw the update thing I wasn't surprised. Then I went to use my wife's computer for something and the update box was up with Safari, I thought maybe she had installed it and didn't think about it again until the 64 bit Vista machine I had just built from a clean install asked me to install it after installing iTunes. I was blown away. Stop taking the Apple fanboy side and ask yourself this.

What would happen to us (Microsoft) today if we tried to install IE8 with the Zune software for example. Me thinks we wouldn't get away with that one too well. So as far as I know, standards of computer etiquette are not unique to the company.

Anyone that pretends that MOST users don't just click next on those things is fooling themselves. My mom, sister, aunt, uncle, cousin, friend next door....all those guys probably would just go, "oh, it's an update...ok" Then they see a new icon on their desktop and go "What's that?" They click it, and another box comes up saying "Make this your default browser?" and they go, hmmm, ok, and click that.

I am not saying these are the brightest users on the planet, but it's a COMMON USER. Apple making this the default behavior, based on knowing research that this is a common user pattern, makes this NO different than the Browser Hijacking crap that went on 5 years ago. Seriously.

If you need an analogy to make it stick, Apple no more expects people to pay attention to that dialog as Best Buy expects you to mail in your rebates. That's just the facts ma'am.

"What would happen to us (Microsoft) today if we tried to install IE8 with the Zune software for example. Me thinks we wouldn't get away with that one too well."

--- Oh what's three more IE8 users going to hurt? Would anyone even notice?

This is so bogus. Mozilla just wants all browsers except Firefox to go away. What, you can't uncheck a box? Should we send out a social worker to do it for you? Sheesh.

Oh, and Zimmie, to answer your question: there is one reason to use Firefox over Safari. When it crashes, it allows you to restore all the windows that crashed. I wish Safari would do that, but it doesn't, even though I like it better otherwise.

Zimmie, you said "iTunes does require parts of Safari for rendering the iTMS. It's just that the parts have been built into the Windows version of iTunes for quite some time."

That's total bullshit and I don't know why people keep spreading that lie.

There is absolutely nothing Safari or WebKit in iTunes and the iTunes Music Store uses a proprietary format which is not HTML and does not require Safari's rendering code.

What iTunes does use is the QuickTime toolkit. All the chrome and the iTMS content are both rendered using that toolkit so it must be present for iTunes to exist (or any other Mac app on Windows -- they all use that toolkit, including Safari.)

That does not mean that they need the QuickTime media player application installed though. And it certainly doesn't mean they need the completely unrelated Safari installed.

Next time you want to tell people at my blog how software works, perhaps you should actually check to see that your hunch is correct.

From "the horse's mouth" so to speak. http://weblogs.mozillazine.org/hyatt/archives/2004_06.html#005666

(and in case you didn't know, Dave Hyatt, formerly of Firefox fame, is an original and lead developer for Safari.)

Susan,

Agreed! And unchecking that box is certainly less trouble than dealing with Firefox's ever annoying SOFTWARE UPDATE box EVERY 30 DAMN MINUTES. Get off my back already! Didn't I just update you like ... yesterday? Damn.... I did.

Sounds like someone is afraid Safari might eat away at Firefox's market share.

But.. but.. but Firefox 3 is gonna be awesomely awesome!!!!!!

>> "Do you go to a supermarket where you have to say what you DON'T want?"

No, but then again, a supermarket has hundreds of thousands of choices. I cant ever see the "new software" field containing more than five items at any given time.

If you go for a sandwich, and the guy says "hey! we now put avocado on all our sandwiches, cause we think it tastes awesome!" - but gives you the choice to leave it out, would you really demand that they make avocado a "by request only" item for everyone, or would you simply say "Ill have mine without, please!" -?

..and if a single person says "i probably wouldnt go back there," then god help you if you have to actually go out into the world and interact with it, cause i dont see it ending well.

To steal the quote from Darby Lines:

"Apparently Apple needs to also not check the box to install Safari by default. Again, the take home message here is that Windows users are so fucking confused by a checkbox that they can’t be trusted with the horrible responsibility of installing a browser."

You have a vested interest in having Firefox be "the" alternative to IE instead of any other browser.

@Jason Burns: You say that people would care if you put IE8 with the Zune, but the reality is that Windows user already has IE, and IE is not offered on Mac. Every WIndows user does not have Safari already so, therefore, it is new software, and not the same situation. Also, you sound a little hypocritical since Windows comes with a bunch of useless applications (including IE). Now that is FORCING you to have applications.

@Step: Apple is by no means FORCING you to download anything or PUTTING anything on your desktop without your permission. They are not stopping you from unchecking it.

It is the responsibility of the user to pay attention to what they are downloading. Apple is just trying to get more users, and considering that the Safari market share is so low, everyone is just scared that Safari is going to take market share from Firefox and Internet Explorer. It might be slightly annoying, but it is not worth biching and moaning about. Just uncheck it! That would save you time from complaining.

When you say "discreet" in the second sentence, you mean "discrete". Discreet means careful and circumspect, and discrete means individually separate.

The fact that Firefox, by default, wants to be my default browser and will continually warn me if it is not is as suspect if not more than Apple checking the option to install Safari by default.

If Asa wants to put his money where his mouth is, Firefox will, by default, disable the "Always check to see if Firefox is the default browser on startup" preference.

Thanks, Rory. Corrected.

@Zimmie: Unless the behavior has changed in the 2.1 release, "Ignore Selected Updates" only applies to the current version. So the next time iTunes (or Safari, or whatever it is that you don't have on your machine) releases an update, it pops up the "New software!!!" message all over again, and you have to tell it to ignore that update.

"What would happen to us (Microsoft) today if we tried to install IE8 with the Zune software for example. Me thinks we wouldn't get away with that one too well. So as far as I know, standards of computer etiquette are not unique to the company."

@Jason Burns

Well, the last time I looked, Microsoft requires you to have Internet Explorer 6 or above to use a Zune so I don't think you're in a position to start pointing fingers. You don't have to have Safari to have an iPod, iPhone or iTunes...

Franklin H. Carr III, Firefox's update is there to patch security vulnerabilities. More annoying than the update would be having your online credentials stolen, your bank accounts raided, and your machine turned into an attack bot to do the same to others. If you're not using Firefox, you won't see that update and if you are using Firefox, you'd better get that update (and the updates offered to you by all of your other Internet connected software) or you could find yourself a lot more annoyed.

This sounds suspiciously like a petty marketshare grudge wrapped in irrelevant criticism.

Users are not as stupid as you're making them seem -- Software Update, even with the new box, is very cleanly designed, making very clear that Safari will be installed. In the interest of full disclosure, it's this very same attention to detail that makes me use Safari.

Eric, nowhere have I said that users are stupid. The overwhelming majority of users aren't stupid. They're busy. They're distracted. They're in a hurry. They're afraid of being insecure. There are a million reasons why people might click OK when prompted with a Software Update dialog without supposing they'll find themselves with entirely new software.

It's just a bad practice, made somewhat better by the update from Apple that at least clearly labels Safari as a new software offer.

If, as I think we both agree, most users are actually quite smart, then why not make "install a new program you didn't ask for" something the user has to opt in for rather than opt out. It shouldn't be terribly difficult for smart users to understand that if they do want to take advantage of Apple's offer to install new programs on their machine, they check a box and say "OK". At the same time, it makes things just a bit easier for the majority of people who really just want a security update for their already installed software and don't want to have to read the fine print before accepting that security update.

- A

Petty, indeed. Apple only makes three products for Windows, anyway. This is unlikely to require scanning through a long list anytime soon. Besides, Adobe and Google have me well trained in the art of un-checking pointless updates and installs.

@Susan Just to let you know -- Safari actually *does* save your open windows and tabs. It just doesn't restore them without asking (ironically, given this current criticism). To restore Safari windows and tabs, just choose the menu item "Reopen All Windows from Last Session" under the "History" menu. I'm hoping that the Safari team implements a preference option to have this automatically happen at the beginning of each new session á la Firefox.

Scott, isn't that a tacit admission that you'd rather not be un-checking boxes and the the common case, for you at least, is to interrupt the install process to engage in a defensive activity to prevent something you don't want from happening?

Do you suppose that every person who has installed QuickTime because some website required it or installed iTunes because their iPod required it, is also as "well trained" as you in un-checking boxes to avoid software they didn't ask for?

Or are you suggesting that they should and will over time themselves become well trained in the practice of interrupting a desired process to avoid something undesirable happening.

And you consider this a good state of things? That the common use case is the one not catered to by the installer? That people must train themselves to avoid having unrequested software installed on their systems.

Wow. You're a lot more forgiving than I am. I expect software makers to build the best products they can and to make them as usable as possible. I expect software makers to optimize for the most common use case and to avoid putting obstacles in the way of users accomplishing the task they set out to accomplish.

I guess because I make software for a living, I expect a little more from software vendors. I have some friends that are like that about movies. Because they're in the industry, it's kinda difficult for them to enjoy watching movies because all of flaws and shortcuts are so immediately obvious that it's just difficult to find pleasure in watching.

- A

Interesting. I was told that "total bullshit" by several Apple employees myself. Maybe it changed between when I was told and when that post was made. Or maybe the people who told me didn't know what they were talking about.

In any case, thanks for being rather a dick pointing it out. I've been supporting Firefox/Firebird/Phoenix since the 0.3 days. Apparently it's time for me to move on.

I take it Asa that you are leading the push at Mozilla to have the "Make this the default browser" option unchecked by default? Right now you guys are doing something even WORSE. With Apple you might get unwanted software that won't do anything. With Firefox you launch the browser once, don't unclick the button and suddenly every time you click a link Firefox is launching instead of IE. Personally i think you are being really nit-picky about this part of the argument (I agree that the Updated/New software sections should be seperate and that Apple WAS in the wrong there).

It sounds like too much and unnecessary envy...

I previously commented but I have some more things to say... First of all, Asa needs to stop deleting peoples' comments. There has been at least 3 deleted already. People should be entitled to free speech, even though you can do whatever you want since its your blog. You should allow people who say not-so-nice things about you also comment. Plus, Asa responds to people in an extremely condescending manner. I just want to say that Firefox 2 sucked for Mac, but at least Firefox 3 is better... Also, there's nothing to forgive (as you said in your comment at 3:28). Safari is a great browser and they are just allowing (not FORCING) people to experience it. Just like you can remove comments from YOUR blog, Apple can check whatever the hell they want on THEIR program! You have wasted your time complaining and I am only commenting because I want to refute the claims that people have made, and enlighten people to things that they may not know...

"And you consider this a good state of things? That the common use case is the one not catered to by the installer? That people must train themselves to avoid having unrequested software installed on their systems."

Absolutely. I think it's far worse to blindly auto-update. I think it's far worse to push tens of updates because of minor tweaks. Yes, I want to be able to ignore Firefox updates that concern phishing because it interrupts my browsing but I don't go to unsafe sites, but I can't: it's install now or later with no explanation of what the update is.

Let's not pretend that the user is not overtly selecting to update/install. This isn't happening with no warning (particularly now). There is no littering with unnecessary and unwanted software unless you are completely ignorant.

The entire notion that update apps should only work one way, they should always be trusted and applied immediately, and that's it is a huge mistake. It is the product of Microsoft's poor security prior to Vista. That does not mean everyone should behave this way. Each software developer has its own level of trust. I really don't need Mozilla to be the software developer that dictates those terms to everyone else.

You can pretend this is an independent issue from having default browser checked and packaging apps through deals with Google and others, but it is not.

I think it's funny you say you may be able to allow Apple SOftware Update back on your computer, but it's not that you aren't smart enough. So it is solely politics. I may have to uninstall Firefox because of your bundling partnerships.

Meh.

Sorry, I can manage to click the little checkbox if I don't want it. Not a big deal. And I'm on Tim F.'s side with the whole auto-update Firefox thing too. I'll take a DOUBLE HELPING OF SAFARI thanks.

Brandon, when people come here and call me or others names, I'll delete their comments and ban them from returning. I've done it lots before and I'll continue to do it in the future. As you've correctly acknowledged, this is my weblog and I'll decide what's acceptable and what's not. Name-calling and racial, misogynistic, or other bigoted slurs aren't welcome here and neither are their producers.

I've banned two people today and deleted their comments. I'm clearly not doing it to people for having a contrary opinion or position, or most of the comments in this post would be gone. But when people decide that it's OK to come here and troll, I'll happily show them the door.

- A

Tim, I disagree with you about Software Updates installing new software and requested and installed software asking to become the default handler for it's content types. You won't see me complaining about Apple's iTunes, QuickTime, or Safari all engaging in that practice. I rather appreciate that those programs, when I've requested them, offer to do what I explicitly installed them to do. (possibly with one exception out of the hundreds of file type handlers that are swtiched -- and that's QuickTime grabbing a couple of my PhotoShop file types but that's not a big deal and it's definitely a very small minority case.)

I think you're conflating two very different use cases here, either because you and I just see things differently or because you're trying to confuse the discussion or score debate points.

As for allowing Apple Software Update back on my Windows machines, that has nothing to do with intelligence or smarts. It's about inconvenience. I've got more important things to do than fight with unwanted software.

Yes, I am sure that Mozilla Firefox would never sink to these levels (sarcasm).

Unless things have changed in the past three weeks, here's my experience with Firefox on Windows:

I launch Firefox.
-> Firefox says "Hey, there's a Firefox update! Do you want to install it?"
-> I click in the negative. (Didn't notice if there were any checkboxes.)
-> Firefox says "OK no problem, we'll install them the next time you launch Firefox."
-> I'm like, what? Hopefully I'll just be able to decline the install on next launch.
-> Launch Firefox again.
-> Firefox says "Hold up, I'm installing those updates, remember?"
-> I'm like, screw you, I need my browser now, not after you do the crap that I didn't want you to do. Dammit!

You may think Apple is wrong with this whole Safari vs. Software Update "debacle", but damned if Firefox isn't completely ass-backwards. I tell it that I don't want any updates, and it installs them anyway. There may have been a checkbox during the process above that I missed, but the fact remains that I told it "NO," and it didn't respect my choice.

Compare to Software Update (original behavior). It offers Safari, I say "NO" by unchecking the checkbox (as opposed to pressing a button, in Firefox's update case). Guess what happens? Software Updates DOESN'T INSTALL IT.

[Seriously, what if there was a Firefox update that, after being in the wild for a few days, people reported to cause all manner of issue with Windows? I'd read about it, launch Firefox, remember that "no, that latest update is funky," tell it "NO, don't update," and it'd install it anyway on next launch.]

So when is Firefox going to change *its* behavior?

"I think you're conflating two very different use cases here, either because you and I just see things differently or because you're trying to confuse the discussion or score debate points."

No, I think it is the same issue. Not trying to win brownie points, this is what I really think. (As I said, I prefer Updater introducing new methods of delivering software, I have a different level of trust in Apple than I do in others, and I am consistently happy with companies marketing their products as long as I have the option to deselect -- I am for informed computing, not encouraging ignorant behavior.) That's why I can consistently see this situation as exactly the same as file association check marks and default apps and not have a problem with it. But your view isn't and can't be consistent. I think you only disagree because one practice your company doesn't do and the other it does do.

Firstly, you say you are installing an application to do just that. I don't. Rarely do I install software to take over functions. I frequently have two or more apps that work with the same files; I never want a new app to change what I've already set. That explanation simply won't hold water with most of us. I could just as well say I installed Software Updater to install new software so there's nothing wrong with that. Same weak explanation.

Second, separating the issue of how you believe all updaters should function the same way -- clearly, we disagree on that -- you've said that keeping it checked it's just a subversive attempt to propragate stuff you don't want, that the user shouldn't have to think, shouldn't have to stop to consider what they are doing. How is that any different from leaving default browser or changing file associations? It's not.

Well I am glad that you are not deleting comments with opinions converse to yours, but you still have not acknowledged some major comparisons that other users here have brought up here such as the comparison to the annoying Firefox default dialog box. If you want to make such a big deal about the difficulty of unchecking a box, then in interest of fairness, also address the issue of people who do the same thing as in the Safari situation and click OK without reading what it it that they are agreeing to, and Firefox the default browser (See post on 3:11). There is a very similar connection here, and I think you should address that. Also, you said that software makers should "avoid putting obstacles in the way of users accomplishing the task they set out to accomplish." How is Apple, by any means, putting obstacles in the way of users using iTunes. Adding another program is unrelated, and not an obstacle in the way of the task of using or downloading iTunes.

So does it really make that big of a difference if its auto checked or not? If was left un-checked people would complain that they had tried to download the update 10 times and it never worked (when in reality they just hadn't marked the checkbox). Additionally, I have to say that I'm not surprised that a Mozilla blog would rather a competing browser be harder to install.

I want to also say that it is absolutely ridiculous that people "have lost trust in Apple" and even more ridiculous that people "have uninstalled iTunes and Software Update." Is it really that big of a deal that feel they have to uninstall iTunes too, especially since they can expect Safari to be Software Update in the future and can uncheck it [and not end up surprised with Safari]? I am getting this is from the comments here and elsewhere. If people are commenting then obviously they have read the post, so they can expect Safari to be there in the future and uncheck it. 1 second. Seriously people!

Is leaving the checkbox checked any worse than Sun having Google products automatically checked during Java updates?

I don't hear any screaming about Google Toolbar being installed because someone didn't notice they had something new to uncheck... at least you can close Safari, Toolbar just eats your system resources up...

"With that change, I think I'd be pretty happy to let the Apple Software Update service back on my Windows machine."

Forgetting the companies and competition involved here, and speaking as a developer, this is exactly the kind of user I don't want. Someone who takes the attitude that "You're lucky I'm using the software you provided for free" kind. You shouldn't write software to please the people who think *they* are doing *you* a favor.

Consider this: Microsoft offers Silverlight through its Microsoft update system, but it's unchecked by default and clearly labeled as something new, not something that's already on your machine. In many ways, Silverlight is a greater threat to Mozilla than Safari, because it represents an attempt to take an open system for web applications (HTML+CSS+DOM+JavaScript) that can potentially work with all browsers -- including Safari -- and replace it with a closed system under Microsoft's control.

And yet never once have I seen Asa, or John Lilly, or any other official Mozilla rep complain about the fact that Silverlight is offered through Microsoft Update.

Maybe I've missed those posts. Or maybe it isn't just fear of competition.

I think it's that, for once, Apple got it wrong and Microsoft got it right. Sure, it's a man bites dog story, which is part of why it's gotten so much attention.

Hmm. I just let Safari install. And you know what? It sat there, completely harmless. It didn't set itself as the default browser. It didn't automatically run. It simply sat there.

Oh, what a huge security risk that was! What a huge loss in trust! Blah, blah, blah.

So, anyway, my next step was to download Firefox. And guess what? The first step of that was to run a custom executable! Oh my! Of course, the Firefox installer can do whatever it likes at this point.

Then I got through the Firefox installer. And right there, a checkbox, defaulted to on: Launch Firefox now.

Next step: Import from Microsoft Internet Explorer? No. Stay out of my data. Oh, look! The default is also on.

Next step: Change your homepage? No, stay out of my settings. Oh, look! The default is also on.

Click a couple times, and Firefox is asking me if it should become my default browser. Oh, look! The default answer is YES.

Fix your own defaults first.

@Andy, I've heard people mention this before, but I don't recall ever seeing, much less having to uncheck, an "Install Google Toolbar" box when updating Java. This is running the auto-updater on several Windows 2000 and XP machines. Are you doing something different from me, or has my subconscious been unchecking the box every time without it even registering in my brain?

The most I remember is seeing an offer on the JRE installer (not the auto-update) to download OpenOffice, but it was something where if you just kept clicking Next it would leave it behind. I don't even remember whether there was anything to click on, or whether it was just an ad early in the wizard.

@andrew, you said "Yes, I am sure that Mozilla Firefox would never sink to these levels (sarcasm)." so am I to assume you think that Appple has sunk to some level here?

@Just in D, If you're not going to accept Firefox security updates, I recommend you switch to a browser whose security updates you will accept. You're not only taking serious risks with your own data by running a browser that's out of date, but you're potentially contributing to the spam and malware epidemic if your machine is compromised. Security updates are not meant to be easily dismissed. (Though you can turn them off from your Firefox preferences.) That's a very different thing from new software installs.

@Tim F. I just disagree. When a user installs a new browser or a new media player, (or a new image editing package or a dvd player or just about any program) the expectation for the overwhelming majority of people is that the new program will be invoked when the user goes to open a set of file types or protocols. It cannot do that if it isn't registered with the OS to handle that set of file types or protocols.

When a user installs a browser or a media player, it is not the expectation of the overwhelming majority of people that when it updates it will default to installing entirely new programs on their machine.

The checkbox direction should not be motivated by politics or revenue or any other outside factor. It should be motivated by "what does the user expect from this interaction."

I didn't install iTunes so that WMP could continue opening all of my mp3 files. It's really just a matter of figuring out what the real user expectation is for the transaction.

You said, "I think you only disagree because one practice your company doesn't do and the other it does do. " I can say that without a doubt if Firefox becomes a platform for advertising other Mozilla programs (something we're doing in a slightly different way with add-ons) that it won't be checking the options by default. When you open Firefox 3's add-ons manager today and the initial view displays a handful of recommended add-ons, none of them are going to be installed without an explicit opt-in.

@Brandon, see above for my addressing the default browser checkbox.

@Andy, I've never installed Java so I hadn't seen the opt out Google Toolbar but let me say here and now and on the record, I denounce that behavior 100%. Opt out installs for items that the user didn't request or didn't have a reasonable expectation of getting are wrong. Also, while you can close Safari, what about those folks that didn't notice their QuickTime updater just gave them a new background networking service (Bonjour) when they accidentally installed Safari?

@Kelson, you're absolutely right. This isn't about market share, revenue, or competition. This is about (though less so since Apple's improved things somewhat) doing the right thing by users and not making the software acquisition, install and update process even more confusing than it has to be in order to eek out a few extra installs. Labeling an entirely new program as an update to an existing program, including it, checked by default, with critical security updates for an installed program, is just plain wrong.

@Steven Fisher, you said "Oh, what a huge security risk that was!" Actually, as I said above, for people that didn't agree to and didn't already have Bonjour installed and running full-time as a background system process, this does increase their security attack surface. Now they have to worry about potential security holes in a new networking service running on their machine (if they notice it at all). Not to mention the much less severe, but no less annoying "one more system process running in the background on my machine."

If you're in the tiny, tiny minority of people who install a new Web browser and don't want to actually use that Web browser for, you know, browsing the Web, yes, you have a few more boxes to un-tick. But that's not the common case and Firefox is optimized for the common case and to meet user expectations. Apple's Software Update service was not optimized for the common case and to meet user expectations. There's a difference here that you are either simply failing to understand or that you're willfully ignoring because it doesn't suit your argument.

Ignoring user expectations and how they relate to the actual user interaction and software transaction, the whole point of this entire kerfuffle, makes it easy to construct all kinds of wild arguments that sound real good, but it's a dishonest kind of debate and one I'm not really interested in pursuing much further.

- A

That giant sucking sound is Firefox losing marketshare.

Heh, missed one.

@Stephen Washburn, you said "If was left un-checked people would complain that they had tried to download the update 10 times and it never worked (when in reality they just hadn't marked the checkbox)."

Actually, no. Most users do not have an expectation that along with updating existing software to fix critical security bugs (which reasonably should be checked by default) that new software will be installed. The _update_ is and should be checked by default. That's not what I'm arguing against. It's the "new software I didn't ask for" that should not be checked by default. If I want it, then I'll ask for it by checking the box. If I don't want to keep my computer secure, protecting my self and the rest of the Web, I can jump through a couple of extra hoops. They're just two very different examples with entirely different expectations and outcomes.

As for me wanting it to be harder to install competing software, that's just not the case. I work for Mozilla because I want computing and the Internet to suck less and to be easier for the hundreds of millions of people for whom it's difficult or impossible today. If that wasn't my goal, if my goal was seeing lots of people use my personally favorite product, I'd be somewhere else making a lot more money.

Here's an example of what I mean. I wish that Microsoft would have made IE 7 a critical security update to IE 6 and moved every single user they had from IE 6 to IE 7 because it has security features unavailable in 6. The benefits would have been two-fold. First, users would be more secure (their own personal data and credentials would be safer and they'd be less likely to be an unwitting participant in a botnet spreading spam or malware) and that would be a great thing. Second, there'd be one less non-standard browser out there that the entire Web development community has to waste billions of dollars in manpower supporting.

Unfortunately, Microsoft wanted to use IE 7 to try to get more people upgraded to Vista and to police pirated installs so they made it difficult for millions of XP users to get it and now we have an even more fragmented browser marked which increases the security and support matrix for Microsoft, for users, and for Web and application developers. That's bad for the Web and that's bad for computing in general.

Microsoft is Mozilla's only real competition on the Web today and I'd be thrilled to see their users having a much easier time moving from IE 5 and 6 to IE 7 (and all of them, please God, move to IE 8 the minute it's released.)

- A

With Firefox getting slower and slower and sloooower, I don't mind Apple (or Opera) pushing new and more reliable software.

Oooh, missed another.

@Garret, you said "Forgetting the companies and competition involved here, and speaking as a developer, this is exactly the kind of user I don't want."

I'm really confused by that statement. You're saying that if you produce a piece of software I like (perhaps even love) that you don't want me as a user if I don't also want some or all of your other software products advertising themselves to me at regular intervals? Am I misunderstanding you here?

Sofware producers should only cater to users who are willing to accept whatever the software producer wants to throw at them? What's the lesson you're suggesting we take away from your comment? I'm genuinely confused by your comment and would love it if you'd reply with a few more words on what you mean.

Or maybe your comment is spot on but you misunderstood me. To clear it up, and put the previous hypothetical into more concrete terms, I like (perhaps even love) iTunes. I use it for my several iPods, for playing lots of local MP3s, for making regular purchases at the iTMS, and even for playing CDs.

But I don't like dealing with an advertisement for Safari popping up every time iTunes needs a security update. I would accept that advertisement, though, because I like iTunes that much, and enjoy being able to keep it secure with critical security updates, if it wasn't an opt-out install.

See, I can keep iTunes up to date two ways. I can leave the Apple Software updater on my system and when it throws that pop-up, I can curse at the advertisment, uncheck the box next to Safari, then click OK.

Alternatively, I can be a little less safe and just grab the new version of iTunes from Apple.com when I hear it's been released and not have to worry about the advertisment or the occasional problem with the updater failing and requiring a full install anyway (about 1/3rd of the time, in my experience)

If Apple defaulted to the box unchecked, or preserved my unchecked state each time that iTunes update happened, I'd opt for the first mechanism for keeping iTunes safe and secure. But, because they don't, I've decided that I'm going to update my iTunes manually and avoid the confusing and annoying ASU service.

So, I like (maybe even love) iTunes. And by your argument, Apple shouldn't want me as a customer because I don't like Safari or the Apple Software Update service making me un-check the Safari box every time my iTunes needs an update. Am I getting your meaning here? Apple shouldn't want me purchasing a 2 new iPods from them every year? They shouldn't want my family purchasing hundreds of dollars of new music and movies from the iTMS each year?

Can you see where I'm confused by your statement?

- A

@Mark Miller, contrary to your claim, Firefox market share has been growing at a consistent pace for nearly it's entire lifetime and has been showing a rather pronounced uptick in growth over the last 6 months or so.

We're seeing approximately 700,000 downloads each day and we're over 160 million Firefox 2 users accounting for about 20% of the global internet usage.

But, in case you weren't aware, Mozilla is a public-benefit organization with a mission to promote choice (yes, promote choice) innovation, and participation on the Internet; so Firefox market share, isolated from that mission, isn't really very interesting.

It happens to be a great mechanism to promote our mission, probably the best lever we have to move that dial today, but there are lots of other ways that Mozilla is working to promote choice, innovation and participation and I can't see any of our activities, including spreading Firefox, being in conflict with more browser vendors gaining more market share at the expense of what was a Microsoft exclusive monopoly until Firefox came along.

- A

About 3/4 of those authors of the links don't agree" with you. They merely stated that the items are checked by default, and didn't pass judgement upon whether that's good or bad.

@Gomi said "With Firefox getting slower and slower and sloooower, I don't mind Apple (or Opera) pushing new and more reliable software."

Firefox 3 is actually quite fast. Unless Safari ships an update with serious performance work and unless Opera 9.5 gets a lot faster and ships really quick, Firefox 3 will be the fastest shipping browser, based on Apple's own SunSpider JS performance tests, when it ships in about a month.

In addition to that, Firefox is still well ahead of Safari and Opera in web compatibility (though trailing IE 6,) and based on the testing we've done it looks like Firefox will also be the most memory efficient browser shipping this year. http://www.flickr.com/photos/stuartp/2328802961/

But, Gomi, your point is an excellent one. Competition is awesome. Remember when there was only IE 5 and 6? That was from early 1999 through 2001, when Microsoft dissolved the IE team, until Firefox started to make a dent in 2005. What a long and painful period of no competition, no innovation, no choice.

Now we have IE 7, Firefox (almost) 3, Opera 9.x, and Safari 3.1 all competing and offering users a choice while improving the entire Web landscape and taking on some of the biggest security challenges with features like EV Certificates, Phishing Protection, Malware Protection, and a couple of really functional security update systems that are saving literally hundreds of millions of users from virus/trojan/worm/other nasty infestations.

Competition rocks! We should all be competing to be the fastest, most stable, most secure, most efficient, most compatible, most powerful user experiences possible and we should all be pushing each other on every one of those items. And we are!! Cool, huh? Competition is good.

You do make an excellent point. Thanks for contributing to the discussion.

- A

@jimothy (really? jimothy spitzer?)

Yeah, some are neutral and others are in strong agreement. Making links is hard, I've got a bunch more to add that will further the skew that's supportive :-)

- A

"Go further"

Why? Firefox gets pushed down my throat when I download so many software packages. How about you guys don't push Firefox with google desktop!/

Jeez, does anyone associated with Mozilla/Firefox do anything OTHER than bitch incessantly nowadays?

@Andy
"Is leaving the checkbox checked any worse than Sun having Google products automatically checked during Java updates?

I don't hear any screaming about Google Toolbar being installed because someone didn't notice they had something new to uncheck... at least you can close Safari, Toolbar just eats your system resources up..."

No, you're never going to hear any complaining from Asa about that, since Google funnels massive amounts of revenue to the Mozilla foundation. We wouldn't want to bite the hand that feeds us, would we. BTW, Apple has the same relationship with Google, and I'm none too pleased about it either.

"When a user installs a new browser or a new media player, (or a new image editing package or a dvd player or just about any program) the expectation for the overwhelming majority of people is that the new program will be invoked when the user goes to open a set of file types or protocols."

I cannot in any way believe you actually believe this. I have VLC, Quicktime, Real Player, DivX player and 3 other apps that can play most media files, that doesn't mean I want the last one I installed to play every filetype it can play. I have Camino, Firefox, Safari, and Opera as web browsers, I didn't install the last one to be my default browser. Admit it, you worked yourself into a hole. You did not disagree with the idea that, according to you, this is deceptive, you went with: this is desired. That's an absurd rationalization.

You have a notion of how an updater app should work. I and others have already expressed the sentiment that Firefox's behaves undesirably: you have no choice. Even if you postpone it, on relaunch it will invoke automatically -- no choice. Zero. This you think is laudable.

You've chosen to make Apple's choice a crusade. I won't make the connection to being concerned about Safari rising as a legitimate rival on Windows, but the fact remains... if you wanted to choose a crusade, it should have been 5 years ago and it should have involved Quicktime installing a systray object and so on. Or the pairing of iTunes with Quicktime via the Software Updater. A checked box next to Safari is not a legitimate beef.

I would seriously hope there is real discussion about Firefox FORCING -- and rarely do I think that word is used legitimately, but in this case it is true -- updates. WHY? Because I shouldn't be able to review and judge updates? You've chosen what is best for me? All updater software should operate exclusively for security purposes and should be applied without user intervention? Hell no!

Rather than moaning about a practice by Apple that pales in comparison to other practices by them that have been in place for years (QT installs with an icon on desktop, systray, (and sometimes unnecessary services)), this should be an opportunity to discuss Mozilla's practices as well. Unfortunately, I haven't seen that from you whatsoever. So, even though I won't mention it, yes, it does cause, for me, cynical thoughts about your motivation.

Darby, Firefox doesn't ship a browser with the Google Toolbar and because apparently you didn't read any of the comments above, I'll repeat myself:

@Andy, I've never installed Java so I hadn't seen the opt out Google Toolbar but let me say here and now and on the record, I denounce that behavior 100%. Opt out installs for items that the user didn't request or didn't have a reasonable expectation of getting are wrong.

Nope, you're never going to hear me complaining about the Google Toolbar. You certainly won't hear me denouncing opt out installs of the Google Toolbar just 6 inches up the page.

Try harder next time. Thanks.

- A

@Tim F, you said "I have VLC, Quicktime, Real Player, DivX player and 3 other apps that can play most media files....have Camino, Firefox, Safari, and Opera as web browsers"

I think that makes my point even more clearly than I had before. Thanks. You're a minority case, an extreme minority case and software vendors absolutely should not be setting their defaults for your use case at the expense of the ridiculously larger audience out there who aren't overloaded with overlapping programs like you.

Most people don't have 7 or more media players installed and in use. Most have 1 media player they use regularly and a decent minority might have two if you split audio and video. When it comes to browsers, most people use one browser as their primary browser and a decent minority might go to a secondary browser on the rare occasion that a page doesn't work in their primary.

Your use case is not at all representative of any significant number of computer users and it certainly shouldn't be the measure for desktop software vendors. You and I and very nearly everyone even paying attention to this Apple Software Update issue are far from "normal" and building products to satisfy this audience would most likely make them completely unusable or extremely difficult to the other 99% of the computer using population.

Thanks for reminding me about how out of the norm we all are. It really reinforces how much worse this Apple Software Update confusion is for "normal" people who aren't running half a dozen media players and a large handful of browsers.

- A

"Can you see where I'm confused by your statement?"

No, I can't. Should we really care that you really do love Apple and are probably blowing smoke? Sorry, I don't. Apple won't miss you, individually, as a customer if you need to make such a crusade that you no longer purchase products you love. Should we care that if you wanted to continue that love that a few times a year you'd have to take a half a second to uncheck a box? Because I don't. Because let's be honest, that's all it takes -- a few brain cells and half a second.

That's what Garrett meant: who wants a user without the few brain cells to be patient enough to consider what they are clicking on? I would imagine the time you've wasted on this issue already equals the amount of labor and effort that will be required of 5 years of Quicktime, iTunes, and Safari updates.

Seriously? I'm the rarity so that makes your absurd rationalization okay? Am I really supposed to believe that most users don't have more than one app capable of playing/opening a particular filetype? Am I really supposed to believe that most users intend for the last application installed to be the default? That's just quite simply stupid. You don't have to take my case of 7 apps. You just have to consider the fact that almost every one has overlapping applications. Hell, whether or not any user has more than one browser, you support browser competition, right? You'd like to see people testing multiple browsers, right?

"You and I and very nearly everyone even paying attention to this Apple Software Update issue are far from "normal" and building products to satisfy this audience would most likely make them completely unusable or extremely difficult to the other 99% of the computer using population."

So you admit that 99% of the population could give a shit and won't even care, but you're still pounding away at your keyboard as if this is a serious issue to anyone but yourself and your corporation's CEO?

By the way, I'd like to be clear: did you, essentially, agree that it is improper, according to your logic, for any software to default to selecting itself as the default application when you support competition in the marketplace? It sounded like you did, but then you dismissed me as the rarity or something. My follow up question is: do you think Firefox is actually being installed on any system without a browser, and do you really assume that that installation implies the user wants to be the default?

Oh, and bringing up worse Apple offenses, ones that I wasn't "lucky" enough to have been exposed to (having been a longtime user of both iTunes and Quicktime -- so the cross-promotion there never happened to me) doesn't really make a very good case for why I shouldn't care about the case I did run into.

Also, if you think this is me crusading, then you're clearly unfamiliar with me or my work over the last decade.

I've made three blog posts about this issue. Compare that with my real crusade, 10 years of working on an open source free software project to promote choice, innovation, and participation on the web, and I don't think there's really anything to talk about.

I made three blog posts about this issue, here, here and this one. That's three posts and about 600 words.

This blog turned 6 years old last week. I've made 2,700 posts totaling over 400,000 words that were not about Apple in that time. If you wanna find a crusade here at my blog, perhaps you'd spend a moment and actually look things over. You might find one, but it's not gonna be about Apple.

- A

Tim F., you're being obtuse.

I didn't say that most people had, installed, zero or one program for media or browsing. I said that most people _use_ one program and offered up that some potentially significant minority _use_ two programs, particularly where the functions are actually quite different like in audio and video.

I'm not going to continue to argue against the words you're putting in my mouth. If you'd like to quote something I've said directly and ask me for a clarification or to defend it in some particular way, feel free, but asking me to defend things I didn't say is just lame.

- A

From Asa:

"..Mozilla is a public-benefit organization with a mission to promote choice (yes, promote choice) innovation, and participation on the Internet..."

Hilarious. Do you really believe that?

From Justin D:

I launch Firefox.
-> Firefox says "Hey, there's a Firefox update! Do you want to install it?"
-> I click in the negative. (Didn't notice if there were any checkboxes.)
-> Firefox says "OK no problem, we'll install them the next time you launch Firefox."
-> I'm like, what? Hopefully I'll just be able to decline the install on next launch.
-> Launch Firefox again.
-> Firefox says "Hold up, I'm installing those updates, remember?"
-> I'm like, screw you, I need my browser now, not after you do the crap that I didn't want you to do. Dammit!

The hypocrisy is so thick, you can choke on it.

I installed Safari on WIndows and have never been so pleased with a such a simple and innovative experience.

You still have a lot to learn, pal.

"If you'd like to quote something I've said directly and ask me for a clarification or to defend it in some particular way, feel free, but asking me to defend things I didn't say is just lame."

Well, I'm going to paraphrase, but I don't think I'm wrong: you said most users either have only one application for a particular purpose or always intend for their last update to be their primary use therefore it's okay to use the deceptive practice of checking a box. No?

Meh, I don't care about your answer to that question. Do you think it's okay that Mozilla derives revenue from bundling opportunities where the user may not be aware that Firefox or other applications may be installed? Do you really rationalize all of Firefox's usages of checked boxes as: the user really, really wants it that way? Do you really think it's best that, even for security purposes, Firefox updates are unavoidable and automatic? Shouldn't we be having some self-reflection?

@Tim F.

"you said most users either have only one application for a particular purpose or always intend for their last update to be their primary use therefore it's okay to use the deceptive practice of checking a box. No?"

Nope. I didn't say that.

"Do you think it's okay that Mozilla derives revenue from bundling opportunities where the user may not be aware that Firefox or other applications may be installed?"

Mozilla doesn't derive revenue from bundling opportunities where the user may not be aware that Firefox or other applications may be installed. Mozilla's revenue comes from the Firefox builds you downoad from mozilla.com and there is no bundling going on there.

"Do you really rationalize all of Firefox's usages of checked boxes as: the user really, really wants it that way?"

I don't understand that question. I've argued that software makers should optimize for the most common use cases and with a focus on user expectations for those use cases.

"Do you really think it's best that, even for security purposes, Firefox updates are unavoidable and automatic?"

They're not unavoidable. See Tools -> Options -> Advanced -> Updates.

They are "automatic" assuming that users don't change their settings. I do think this is the best thing, explicitly and specifically for security purposes.

I do not think it would be the best thing for non-security issues.

I support Microsoft's automatic security updates completely and hope that more software providers move to automatic security update systems. Individual users need the protection and a healthy Internet computing ecosystem depends on it. No computer is an island and the overwhelming majority of spam and malware is a direct result of software security not being maintained.

"Shouldn't we be having some self-reflection?"

Always. Mozilla is an open source project with tens of thousands of significant contributors all over the world building software and advancing the state of the Internet for a public benefit mission. As a group and as individuals I believe we are more contemplative of this mission and self-reflective on tactics and strategy than any other organization in the world shipping software at the scale we are.

I don't need for you to believe that but it is a key factor in why I've been working on this project for the better part of a decade and what keeps me here when there are many much more lucrative opportunities in more traditional "win at any cost" organizations.

I believe that the same is true for the overwhelming majority of people being paid to work on Mozilla and that our mission and the attitudes and values of the people driving that mission are why we've got tens of thousands of contributors all across the globe putting in considerable effort and delivering software to a larger consumer audience than any open source initiative in the history of computing.

We're succeeding exactly because we're not a "win at any cost, screw the user -- it's all about market share and revenue" organization. We're succeeding because we are committed to making computing and the Internet more useful, safer, more participatory, and more fun -- even if that be at the expense of winning or at the expense of market share or at the expense of revenue.

- A

"Mozilla's revenue comes from the Firefox builds you downoad from mozilla.com and there is no bundling going on there."

Do you really think that I'm so misinformed to actually believe this? Most of Mozilla's revenue comes from search agreements with Google and via partner bundling. Saying revenue comes from "builds you downoad" is a non-answer, one Bill Clinton would be proud of.

"I've argued that software makers should optimize for the most common use cases and with a focus on user expectations for those use cases."

You haven't argued that. You've argued that you know what's best for Apple and they should abide by what you say.

Otherwise, it's quite easy to arrive at: Apple has decided that anyone using any of their software may be interested in using other software they create and that's fair game if that's the use case they want to target. No?

By the way, do you really think you side-stepped the question of whether or not it's fair for Mozilla to presume it should be the default browser just because it's the latest browser to be installed?

"They're not unavoidable."

Thanks, good to learn. Not unavoidable, just pre-configured to be automatic and then buried under several layers of menus. Worse than or equal to a checked checkbox?

"I do think this is the best thing, explicitly and specifically for security purposes."

Thanks for deciding what is best for ME, but I thought you were all about user choice.

"As a group and as individuals I believe we are more contemplative of this mission and self-reflective on tactics and strategy than any other organization in the world shipping software at the scale we are."

So does that mean that you are wiling to consider unchecking Firefox as the default browser upon installation and will champion that cause within Mozilla or will you thinly pretend to not understand that question and/or pretend that in the "use case" scenario everyone wants FF to be the default and wouldn't rather start from the position of not having any pre-existing defaults altered?

Asa, either you didn't address it or I missed where you did, but I'd like you to explain why "Make this my default browser" being checked is ok, but "install this app" is not. Given that the first actively changes the behavior of how my computer works, while the second doesn't I'm personally more bothered by the first behavior. I'm sorry, but like lots of other people here I get the feeling this is a turf war more than an actual issue worth raising a ruckus about. If you are willing to state that you ALSO disagree with having the browser default check box checked on your own product I will accept that you are arguing against that type of behavior in general.

Oh, and while your at it, could you pass along this suggestion to the appropriate:
For the password remember dialogue box that pops up, the options are Yes and Cancel. They should be Yes and No, becuase the question is "Do you want Firefox to remember this password". I can't recall if the don't ask again box is checked by default on that one...

"Do you really think that I'm so misinformed to actually believe this? Most of Mozilla's revenue comes from search agreements with Google and via partner bundling."

Um, I guess I could have been more clear. Mozilla's revenue comes from the traffic generated by the builds of Firefox downloaded from mozilla.com. And no, partner bundling is not a significant revenue source for Mozilla. Mozilla's revenue comes from its search partners included in the builds of Firefox downloaded from mozilla.com.

"You've argued that you know what's best for Apple and they should abide by what you say."

Nowhere have I argued that it's best for Apple. I'm not terribly concerned about what's best for Apple. I've argued that it's best for users. There's a big difference there and you're putting words into my mouth again to avoid responding to what I actually said.

"By the way, do you really think you side-stepped the question of whether or not it's fair for Mozilla to presume it should be the default browser just because it's the latest browser to be installed?"

I didn't think anything of the sort. You're really good at inserting words and motives into other people's mouths and minds. To answer that question, I do believe that the majority of people who seek out, download and install Firefox intend to make Firefox their browser. I wouldn't object to moving the dialog to the end of the first run experience rather than the beginning so that the users who aren't sure yet could use the browser for a session before making that decision. If enough other people making Mozilla happen agree, it will probably happen. I didn't say, so don't go putting words in my mouth yet again, that it was the the case for every user, just the case for the largest group of users and it's certainly not out of line with the expectation of most users.

"Thanks, good to learn. Not unavoidable, just pre-configured to be automatic and then buried under several layers of menus. Worse than or equal to a checked checkbox?"

Apples to oranges or oranges to apples? I made it very clear and I doubt there's much dispute in the software industry and among software users that installing new software and applying patches to critical security vulnerabilities in software that's already installed and being uses are two very different things. That such a simple concept is either outside of your grasp, or that you're not willing to honestly engage on that point, continues to points to the uselessness and wastefulness of this debate.

You continue to put words in my mouth that I didn't say (or type) and you continue to attribute motives to me without even a cursory knowledge of my relevant history and involvement with just the sorts of issues being discussed and you refuse to even respond to the most basic premises of the debate like the difference between bits of user interface in a critical security update for installed and in use internet-connected software and never installed and unrequested software. Unless you can discuss these issues less dishonestly, I really don't see what either of us or others reading this will benefit.

"Thanks for deciding what is best for ME, but I thought you were all about user choice."

No one's decided what's best for you. Mozilla has decided what's best for the largest number of its users in the most common use cases and with careful regard to users' expectations around those use cases.

There will always be exceptions, sometimes many of them, and you, the exception, are free and able to decide differently than the default.

- A

"There will always be exceptions, sometimes many of them, and you, the exception, are free and able to decide differently than the default."

By unchecking the box?

It seems I've discovered this discussion a little late! But anyway, I'm a complete Apple fanboy, and I love almost everything they do. That doesn't stop me, however, from being subjective. For example, although a 2G internet phone might be acceptable in the US, here in Europe for something like the iPhone not to have 3G is just silly, so I don't yet have one.

I also disagree with Apple's decision to have Safari come in with other software updates, but not to the point where I'll cast aspersions upon Apple, Mozilla, or anyone else! I like Safari a lot, and use it in Mac OS X, but I use Firefox for occasional browsing on Windows because Safari for Windows confuses Parallels' Coherence feature, and also because it's just plain confusing. The recent modification of Software Update for Windows makes it infinity times clearer that Safari is something the user doesn't already have installed, because before it was completely unclear.

It seems that there is some effort here to imply that Firefox's software update mechanism is somehow broken, just as bad as Apple's, or maybe even malicious. How I see it, this couldn't be further from the truth. A lot of people who use the internet, and more specifically web browsers, aren't exactly savvy to security issues. My mum, for example, uses Firefox quite a bit, but won't install updates - if she gets asked to she'll deny it and call me. Or rather, she'll mean to call me, and a lot of the time it'll be a few weeks before I hear about it. Pretty much the only thing she'll allow to update itself, if it asks, is a virus scanner.

I think that needs a bit of explanation, to not make me or her sound like complete idiots. When normal families first started getting the internet at home, things were much safer than they are now, in the public perception. We used Windows 95 and IE3 IIRC, and I think we had AOL. By today's standards, all horribly old, insecure, incompatible pieces of software and I think I would just die if I saw such a system in use today. We didn't have antivirus, or a firewall - I was only vaguely aware of what a firewall was at that time, and my mum had absolutely no idea. There was no prominent airtime or inches given over the internet at that time, apart from occasionally how it was changing all our lives.

Basically, as lots of non-savvy people are wont to think, if things stayed the same they wouldn't get any worse. Over time, we see more and more stories about how internet paedophiles are taking our children away from us and how internet scammers are stealing our money, our details and our identities. Words like phishing have entered the journalistic vocabulary. Surely things were safer back then?

Of course that's wrong, and we constantly need to update our software to stay ahead of the hackers/crackers/spammers/phishers and all the rest of it. But how are software developers supposed to ensure that the many people who will actually *resist* any change, no matter how necessary or small, stay safe?

By *forcing* them! It's not a nice solution by any means, and the real one should be education (education, education!), but there are a lot of people out there who won't or can't be educated for whatever reason. By hiding the option to deny an update away in a tab of a tab in a dialog under a menu, I can be reasonably confident in the knowledge that at least my mum's web browser is as safe as it can be.

Sam

PS. I expect that there are quite a few people who have, for example, RealPlayer, WMP, QuickTime, iTunes and maybe DIVX Player on their PCs. Not because they ever want to use more than one of them, but because at some point in time some piece of media has needed the codecs/plugins/device compatibility they provide. Managing file associations between them can be tricky, and much as it pains me to say it, I quite like Vista's new take on managing all this.

It seems I've discovered this discussion a little late! But anyway, I'm a complete Apple fanboy, and I love almost everything they do. That doesn't stop me, however, from being subjective. For example, although a 2G internet phone might be acceptable in the US, here in Europe for something like the iPhone not to have 3G is just silly, so I don't yet have one.

I also disagree with Apple's decision to have Safari come in with other software updates, but not to the point where I'll cast aspersions upon Apple, Mozilla, or anyone else! I like Safari a lot, and use it in Mac OS X, but I use Firefox for occasional browsing on Windows because Safari for Windows confuses Parallels' Coherence feature, and also because it's just plain confusing. The recent modification of Software Update for Windows makes it infinity times clearer that Safari is something the user doesn't already have installed, because before it was completely unclear.

It seems that there is some effort here to imply that Firefox's software update mechanism is somehow broken, just as bad as Apple's, or maybe even malicious. How I see it, this couldn't be further from the truth. A lot of people who use the internet, and more specifically web browsers, aren't exactly savvy to security issues. My mum, for example, uses Firefox quite a bit, but won't install updates - if she gets asked to she'll deny it and call me. Or rather, she'll mean to call me, and a lot of the time it'll be a few weeks before I hear about it. Pretty much the only thing she'll allow to update itself, if it asks, is a virus scanner.

I think that needs a bit of explanation, to not make me or her sound like complete idiots. When normal families first started getting the internet at home, things were much safer than they are now, in the public perception. We used Windows 95 and IE3 IIRC, and I think we had AOL. By today's standards, all horribly old, insecure, incompatible pieces of software and I think I would just die if I saw such a system in use today. We didn't have antivirus, or a firewall - I was only vaguely aware of what a firewall was at that time, and my mum had absolutely no idea. There was no prominent airtime or inches given over the internet at that time, apart from occasionally how it was changing all our lives.

Basically, as lots of non-savvy people are wont to think, if things stayed the same they wouldn't get any worse. Over time, we see more and more stories about how internet paedophiles are taking our children away from us and how internet scammers are stealing our money, our details and our identities. Words like phishing have entered the journalistic vocabulary. Surely things were safer back then?

Of course that's wrong, and we constantly need to update our software to stay ahead of the hackers/crackers/spammers/phishers and all the rest of it. But how are software developers supposed to ensure that the many people who will actually *resist* any change, no matter how necessary or small, stay safe?

By *forcing* them! It's not a nice solution by any means, and the real one should be education (education, education!), but there are a lot of people out there who won't or can't be educated for whatever reason. By hiding the option to deny an update away in a tab of a tab in a dialog under a menu, I can be reasonably confident in the knowledge that at least my mum's web browser is as safe as it can be.

Sam

PS. I expect that there are quite a few people who have, for example, RealPlayer, WMP, QuickTime, iTunes and maybe DIVX Player on their PCs. Not because they ever want to use more than one of them, but because at some point in time some piece of media has needed the codecs/plugins/device compatibility they provide. Managing file associations between them can be tricky, and much as it pains me to say it, I quite like Vista's new take on managing all this.

@David K.

"If you are willing to state that you ALSO disagree with having the browser default check box checked on your own product I will accept that you are arguing against that type of behavior in general."

First, since you also seem to be happy comparing apples to oranges here, let me state again that case 1. "user seeks out and downloads and installs and launches new web browser and is promoted to make that browser the system default" is not the same use case and should not be handled the same way as case 2. "user prompted to apply critical security update to existing in use software and is offered an opt-out install of new and unrelated software."

I don't disagree with having the browser default request checked by default. It's a fundamentally different user interaction for a completely different purpose, with quite different results and a completely different user expectation.

I do think, however, that that entire experience for default setting is less than optimal and should be changed. One of my preferences would be that the request not be offered until the user has actually had the opportunity to evaluate Firefox so a pre-first session dialog seems less than optimal. It breaks the user's flow. It asks a question for which the user may not have sufficient knowledge or experience to answer and it doesn't describe very well what it's actually doing.

Microsoft, under pressure from the DOJ, added a pretty good set of tools to Windows XP (carried forward in Vista) for setting system default applications. They don't get into the nitty gritty of specific protocols and file types in their primary UI but they do do a pretty good job of explaining the change that's being undertaken. I think that if Microsoft provided an API for hooking into that UI directly so that Firefox actually use that for users to change their settings, that would be an interesting approach and certainly worth evaluating.

It's even trickier on Mac and Linux though. Mac, until pretty recently, didn't offer an API for making the change at all and in order for a user to set Firefox as their default, the user had to launch Safari, go into Safari's preferences, and make the change here. On Linux (well, Gnome at least) there's also not a very consistent API for making this switch. These, technical rather than design issues though they may be, are just some of the issues that come up around making changes to the default browser settings.

I do think that if we could improve the dialog (or somehow use the Windows management UI) and move it to the end of the initial browser session that would be an opportunity for improvement (though user testing might not prove that out.) Even in that case, though, I think that the default should be checked and that would be the correct default for the largest number of users and most in line with their expectations for that activity.

If you want me to actually compare apples to apples on this, why not ask me if I think that it would be the right thing for Mozilla to offer other software packages (say Thunderbird or Calenar or ChatZilla or SeaMonkey or Fennec or more relevant, any of the 4000+ add-ons that would even be relevant to a Firefox user) as opt-out installs when performing a security update for an in-use Firefox install? That seems like the more honest question to have.

- A

Asa, I'm amazed at the contorted arguments you are making. Firefox behaves in much worse, more intrusive ways that Apple Software Update or Safari. You are making a big issue of Apple's updater, when it is very clear and easy to see what is happening.

In contrast, Firefox plays all kinds of games with updating without the user's explicit permission. It plays games with the default browser setting and homepage. It even automatically launches after installing! Now that's really crass. Why do you assume I want to launch the application just because I installed it? Reminds me of Realplayer.

These are far worse things than what Apple Software Update or Safari does. But instead of acknowledge that, you make twisted, byzantine arguments which conclude that everything Firefox does to remove user choice and control is perfectly fine - but Apple's insignificant checkbox is terrible.

Seriously, it's hard to take your argument about file-type associations seriously. Applications hijacking certain filetypes is one of the most annoying things ever. I'd rather have unwanted software installed (as long as it's not malware) than have an app mess with my file-type associations. It's not true that "most people want it that way." It's not the "rare exception" who is affected by this. It's a major annoyance for all kinds of users. Many people might want to try a new application without making it their default. Many people (not just power users or geeks) have several different apps they use for certain file types.

You go to great lengths to justify this offensive behavior while attacking a very trivial issue with Apple's software that doesn't even rise to anywhere near the level of annoyance that Firefox gives by default. And you say you have high standards in software! It certainly doesn't show in Firefox.

Will you continue to live in denial, or will you actually think about the shortcomings in your own software, and remove that beam from your own eye before condemning the mote in another?

"By unchecking the box?"

@Tim F. are you really going to continue down this silly path? Do you really believe that a critical security update for an installed and in use and internet-connected program is the same use case and deserving of the same user experience as an advertisement for an unrequested new piece of software? Really? Really?

- A

"If you want me to actually compare apples to apples on this, why not ask me if I think that it would be the right thing for Mozilla to offer other software packages (say Thunderbird or Calenar or ChatZilla or SeaMonkey or Fennec or more relevant, any of the 4000+ add-ons that would even be relevant to a Firefox user"

How is 4000+ add-ons as an opt-out install a "more relevant" comparison here? It's totally irrelevant. Or did I miss the time that Apple offered 4000+ titles through Software Update? The number of items currently being offered through Software Update for Windows can be counted on one hand. And the don't offer things like Applescripts or plug-ins or additional content through Software Update. Only applications and system frameworks/utilities.

For a realistic comparison, if the installer was as well-designed as Apple's and offered a handful of options that were easily disabled, then I don't see what the problem would be. I'm much more annoyed at the way Firefox auto-updates without asking me.

But I still don't see how a totally exaggerated and unrealistic comparison chosen specifically to favor your argument is an "apples to apples" comparison. That term usually applies to realistic, similar comparisons.

"If you want me to actually compare apples to apples on this, why not ask me if I think that it would be the right thing for Mozilla to offer other software packages (say Thunderbird or Calenar or ChatZilla or SeaMonkey or Fennec or more relevant, any of the 4000+ add-ons that would even be relevant to a Firefox user) as opt-out installs when performing a security update for an in-use Firefox install? That seems like the more honest question to have."

Because those of us that disagree would have no problem with such a proposition and don't care for your answer?

You claim it is apples to oranges, but as David K. said your orange is more disruptive than Apple's apple. You say you are opposed to it, but a search reveals no opposition to your company's position. You claim this isn't a crusade, but you don't sound very willing to make the same issue of the same issue (no matter how many times you say apple to oranges). You not only pass blame onto the various operating systems but on the DOJ. How 'bout Firefox doesn't ask to take default status at all? That would be easier.

At this point, it's pretty clear that you're willing to dismiss, pass off, or obfuscate similar issues, and are only pissing your own pants because Apple's decisions may affect your company and product.

"If you want me to actually compare apples to apples on this, why not ask me if I think that it would be the right thing for Mozilla to offer other software packages (say Thunderbird or Calenar or ChatZilla or SeaMonkey or Fennec or more relevant, any of the 4000+ add-ons that would even be relevant to a Firefox user"

How is 4000+ add-ons as an opt-out install a "more relevant" comparison here? It's totally irrelevant. Or did I miss the time that Apple offered 4000+ titles through Software Update? The number of items currently being offered through Software Update for Windows can be counted on one hand. And the don't offer things like Applescripts or plug-ins or additional content through Software Update. Only applications and system frameworks/utilities.

For a realistic comparison, if the installer was as well-designed as Apple's and offered a handful of options that were easily disabled, then I don't see what the problem would be. I'm much more annoyed at the way Firefox auto-updates without asking me.

But I still don't see how a totally exaggerated and unrealistic comparison chosen specifically to favor your argument is an "apples to apples" comparison. That term usually applies to realistic, similar comparisons.

"Do you really believe that a critical security update for an installed and in use and internet-connected program is the same use case and deserving of the same user experience as an advertisement for an unrequested new piece of software?"

When did I ever buy into your narrow-minded view that "Software Updater" app is exclusively for "critical security updates"? And did you miss when I said that, yes, I DO want to skip and/or ignore your allegedly "critical security updates"?

But nice dodge of an obvious point.

For anyone that continues to insist that the user interface and the user experience for critical security updates for installed and in use internet-connected programs should have any relationship to or be designed in any way to match the user interface and experience for software vendor advertisements for new and un-requested programs, I'm not going to keep responding to you individually. Either you're arriving late to the conversation and not reading up, or you're unwilling or incapable of an honest discussion around user experience and user expectations.

So, I'll say it one more time for all to read and be done with that piece of this discussion until someone adds something new to the discussion.

Delivering critical security updates to installed, in-use, and internet-connected programs is not just one of the most important responsibilities a software vendor has to its users, it's also a critical responsibility of a vendor for maintaining a functional Internet eco-system.

The user experience, including the delivery mechanism, the notifications, and the default settings for critical security updates for installed, in-use, and Internet-connected programs is a very important and very specific challenge that's distinct from just about every other design challenge in software today.

There is a different set of trade-offs. There is a different set of expectations. There is a different kind of responsibility in this area -- for both the vendor and the user, than for just about any other software feature. The rules _are_ different when it comes to security.

This is precisely what prompted this entire discussion in the first place and what Apple has, with praise from almost all concerned, started to address by making new software more clearly distinct and separate from security updates to installed and in use software.

Every other discussion, design challenge, or decision in terms of checkboxes and opt in versus opt out, are separate and distinct issues from the issue of keeping users secure and the Internet working.

Apple has fixed my most serious concern with their Updater by mostly fixing the confusion they introduced with Safari being labeled as an update to QuickTIme or iTunes. What's left is the much less concerning issue of opt in versus opt out for new software offers.

I think that most users and most people participating in the development of software today would agree, though there seems to be some vocal disagreement from some of you here, that when a user is installing or updating a piece of software, that any unrelated software packages being advertised as part of that process should be opt-out rather than opt in. That, at least, would be the user friendly thing to do and would be most in line with user expectations. As I said, I don't think that there's really any serious debate in the industry on this point.

I haven't argued that other software doesn't do this or that Apple is somehow a worse offender than others. I'm just suggesting that when people honestly ask themselves what "doing the right thing by users" would be in these two use cases, opt-out is the winner.

I'm also not arguing that it's some terrible hardship or that large numbers of users aren't capable of (or smart enough as some have suggested) adjusting to a less user friendly approach. But it is a less good approach and I'd like to see fewer software companies taking that rout. The ones that have come to my attention lately are Apple, Sun, and Real. I'm sure there are others that are offering opt-out rather than opt-in "extras" and for those who didn't read up and are waiting to hear me say it -- yes, this is a bad practice whoever is doing it, friend or foe.

So, to summarize :-) If you're going to approach the discussion here claiming that critical security updates can be equated to or should be handled the same as ride-along installs of unrequested software, don't expect a response from me. I've already given it here.

- A

@Bucky
"Applications hijacking certain filetypes is one of the most annoying things ever. "

I never claimed that hijacking of any kind wasn't annoying. Hijacking is wrong and shouldn't happen. Unless I'm missing some obvious exception (and it is nearly 2am here so I might be) one application should never take over settings from another application without user interaction.

- A

I wish Firefox would make opt-out its default experience for security updates, even if Asa tells me they are critical for internet-connected, buzzword, buzzword applications. But for some reason, I don't think that's what he's concerned about (user choice) or up for discussion here and at Mozilla.

@Bucky
"But I still don't see how a totally exaggerated and unrealistic comparison
chosen specifically to favor your argument is an "apples to apples"
comparison. That term usually applies to realistic, similar comparisons."

Sorry, it's late. Maybe I didn't choose my words carefully enough. I was suggesting that Firefox could offer any of the various other Mozilla applications or any of the various extensions (out of the generous pool of 4000+ extensions.)

As it happens, this is actually a very relevant and useful comparison. Firefox 3 has a simple advertising mechanism for "recommended add-ons" right inside the add-ons manager. Now, it doesn't pop up automatically or anything, and the addons are "related" software in that they augment the already installed software, but it's still a reasonable comparison I think. So, how does it work? You launch Firefox, then you open the Add-ons manager and you are presented with several recommended add-ons. But guess what!? Yep, you guessed it, they're not checked by default. You get the offer from Mozilla, it's got a nice little screenshot and description and if you want it, you have to select it and opt-in (what a novel concept) to the install. Once you opt-in, you're given a sort of "are you sure" confirmation screen and if you OK that, then you get the new software.

Would I change that to have it opt out for the one add-on that Mozilla thinks you really really want? Nope. Not a chance.

You could have also addressed the first have of that sentence when I asked about Thunderbird or Calendar or ChatZilla. We're proud of our other applications. Heck, there are probably as many Thunderbird users as there are Safari users. Comparing how we distribute Thunderbird to Firefox users with how Apple distributes Safari to iTunes users would be a pretty honest discussion. Want to have that discussion? No one seems to. It's much easier to impugn motives, erect strawmen, or change the subject entirely.

- A

@Tim F
"How 'bout Firefox doesn't ask to take default status at all? That would be
easier."

That would violate user expectations and leave more users confused than the various alternatives.

"I never claimed that hijacking of any kind wasn't annoying. Hijacking is wrong and shouldn't happen. Unless I'm missing some obvious exception (and it is nearly 2am here so I might be) one application should never take over settings from another application without user interaction."

Actually, you pretty clearly said, if you're installing it, obviously you want it to do what it will do.

Quote: "I disagree with you about Software Updates installing new software and requested and installed software asking to become the default handler for it's content types. You won't see me complaining about Apple's iTunes, QuickTime, or Safari all engaging in that practice. I rather appreciate that those programs, when I've requested them, offer to do what I explicitly installed them to do. (possibly with one exception out of the hundreds of file type handlers that are swtiched -- and that's QuickTime grabbing a couple of my PhotoShop file types but that's not a big deal and it's definitely a very small minority case.)"

And most plainly...

"I don't disagree with having the browser default request checked by default."

You probably shouldn't start crusades, but more importantly, once you do, maybe you shouldn't keep responding until 2 am... Cops do that to get a confession. You did it voluntarily.

"Delivering critical security updates to installed, in-use, and internet-connected programs is not just one of the most important responsibilities a software vendor has to its users, it's also a critical responsibility of a vendor for maintaining a functional Internet eco-system."

So, is every Firefox update a fix for "critical security issues"? That would be pretty extraordinary. You never have updates that just fix certain features, or for minor (non-critical) security issues?

I actually only use Firefox on my company's LAN. Because our CMS doesn't work properly with Safari. It is also used for testing our own pages. But I never use Firefox to browse the greater internet. So why don't I get any say in whether I update or not? What if I want to investigate a client's problem with page rendering in a specific version of Firefox, without the update?

Delivering critical security updates to installed, in-use, and internet-connected programs is not just one of the most important responsibilities a software vendor has to its users, it's also a critical responsibility of a vendor for maintaining a functional Internet eco-system.

So, byt his implication, you are accusing Apple of being negligent for allowing users to choose when and if they update Safari?

That, at least, would be the user friendly thing to do and would be most in line with user expectations.

That depends on the design of the rest of the interface. An unclear and poorly designed installer with "opt-in" would be less user friendly than a poorly designed muddle of an installer with "opt-out". It's not a black-and-white issue. Context matters greatly. And you appear to be ignoring context in some of your arguments. Things work differently at different scales, for example. Your example of 4000+ options in an installer is a very different beast that an installer with only 5 options.

As I said, I don't think that there's really any serious debate in the industry on this point.

This is precisely the kind of issue that "industries" are very generally poor at deciding on. So I wouldn't really put much stock into what an "industry" says. What matters more are ideas, contexts and user experiences.

But I really don't see any consensus in the industry on your point about "critical updates", anyway. Firefox is the only piece of software that I regularly use that just goes ahead and updates itself. Every other application asks me first if I want to update. So it seems that Firefox is actually the odd one out, and the industry doesn't really agree with you. (Not that industries can ever really agree on any idea other than "make money" - but anyway)

So, to summarize :-) If you're going to approach the discussion here claiming that critical security updates can be equated to or should be handled the same as ride-along installs of unrequested software, don't expect a response from me. I've already given it here.

But you don't seem to have really thought it through very deeply, and now your mind is closed. That approach might be worth a rethink.

"I wish Firefox would make opt-out its default experience for security
updates, even if Asa tells me they are critical for internet-connected,
buzzword, buzzword applications. But for some reason, I don't think that's
what he's concerned about (user choice) or up for discussion here and at
Mozilla."

You are free to make that change but that would be the wrong setting for the overwhelming majority of browser users and it would be the wrong settings for the health of computing and the Internet.

I don't doubt your sincerity in believing it is the wrong experience for you, but you're not responsible for the safety and security of 160+ million Firefox users and you're not responsible for working with other vendors to ensure that the Internet becomes a more rather than less safe place. I doubt that either of those factors even play into your very sincere belief about the best setting there. It's a good thing that Apple, Microsoft, Mozilla, and other major vendors of Internet-connected software do not share your priorities. That being said, the really nice thing is that you have a lot of choice in the matter. You can change the preference. You can change the code and make your own less safe browser. You can go to a different vendor (though the number of browser vendors not providing automatic security updates will be shrinking rapidly, thankfully.)

Isn't choice wonderful :-)

- A

That would violate user expectations and leave more users confused than the various alternatives.

What??? Users expect the browser to ask for default status? I don't think so. What possible confusion could it cause? People are far more likely to be confused when Firefox opens when they didn't ask it to, rather than their usual web browser.

I certainly don't expect any software to do this. If I want an application to be my default for a certain function, I'll set that myself.

But can't you see how this totally defies the "opt-in" creed that you are asking Apple to use? If you are so against that kind of thing, then why is "Make Firefox the default browser" the default, pre-checked choice? Why isn't that an example of user-unfriendliness, if Apple's opt-out checkbox is?

"it would be the wrong settings for the health of computing and the Internet."

"but you're not responsible for the safety and security of 160+ million Firefox users"

Will I hurt the Internet or not, Asa? Tell me, tell me! I don't care about myself, but I must protect the Internet.

"I don't doubt your sincerity in believing it is the wrong experience for you"

Do I sincerely believe that most of your updates are nuisance updates based on my security configuration? Absolutely?

"It's a good thing that Apple, Microsoft, Mozilla, and other major vendors of Internet-connected software do not share your priorities."

Actually, of those three, Apple most closely shares my priorities.

"That being said, the really nice thing is that you have a lot of choice in the matter. You can change the preference. You can change the code and make your own less safe browser."

Oh great, thanks, Asa. Now, your answer isn't lobbying your own company to change defaults for me to opt-in, to remove checked checkmarks... now, I can build my very own software. Thanks for the option, buddy!

Comparing how we distribute Thunderbird to Firefox users with how Apple distributes Safari to iTunes users would be a pretty honest discussion. Want to have that discussion? No one seems to. It's much easier to impugn motives, erect strawmen, or change the subject entirely.

I thought I've been trying to have that discussion. But I fail to see where I erected any strawmen or impugned any motives. If I did, perhaps you could point that out to me.

As for changing the subject entirely, that's what you seem to do by invoking "critical security updates".

... but you're not responsible for the safety and security of 160+ million Firefox users and you're not responsible for working with other vendors to ensure that the Internet becomes a more rather than less safe place.

See, here's the problem I have with the "critical security updates" and "keeping people safe" trope. These days, pretty much every piece of software connects to the internet. Therefore, any software company can simply say "but it's for your own security!" to push updates on people. Kind of like the way politicians use terrorism or kiddie porn to justify whatever action they may want to take. Seems like a cop-out to me.

I prefer freedom of choice, even if that might potentially make some users less "safe." After all, we let people buy alcohol and kitchen knives. I've never seen Firefox distinguish between critical security updates and updates that fix functionality or add features.

@Bucky,

"So, is every Firefox update a fix for "critical security issues"?"

Yes all automatic updates are for critical security fixes. No. we don't have automatic updates that just fix certain features, or for minor (non-critical) security issues. If the security issue is minor, ie not a serious threat to your safety, it will mostly likely wait and tag along with critical security update.

"So why don't I get any say in whether I update or not?"

Actually, you do (did you read any of my previous comments here?) If you're a special case, and it sounds like you are -- someone who doesn't venture out onto the Web, then feel free to disable the automatic updates. I would encourage you to check for updates manually at regular intervals though. Some nasty stuff circulates inside corporate firewalls too.

"So, byt his implication, you are accusing Apple of being negligent for allowing users to choose when and if they update Safari?"

Actually, I didn't say that explicitely but yes. It's my belief that browser vendors (and vendors of other widely used and often attacked internet connected software) should have opt-out critical security updates. I don't know how well you keep up with security news, but this report should scare you and should cause all of the kinds of vendors I'm talking about to do whatever they can to increase the time to deployment for security updates. Even several days from the issuance of a security patch is too long for users to go without that patch. It's really getting extraordinarily scary.

"It's not a black-and-white issue. Context matters greatly."

Yes, you are right and perhaps I've been too strident on some points. I blame the brick wall that most of my earlier and less strident explanations seemed to be running into. There are always gray areas and exceptions to every rule and context matters.

"This is precisely the kind of issue that "industries" are very generally poor at deciding on. So I wouldn't really put much stock into what an "industry" says. What matters more are ideas, contexts and user experiences."

And the people who are creating those ideas, shaping those contexts, evaluating those user experiences are "the industry" of which I and Mozilla are a part. The "industry" also includes consumer advocate groups, policing authorities, standards bodies, and users themselves. The consensus, and I think it's correct, is that deceptive or confusing software install practices are generally a bad thing. I don't know many people who will argue with that.

"But you don't seem to have really thought it through very deeply, and now your mind is closed. That approach might be worth a rethink."

I've been thinking about these issues for the better part of a decade as someone producing software and for longer than that as someone using (and abhorring most) software.

There are some things that aren't gray or where the line isn't blurry. Without some actual argument to the contrary that introduces new evidence or even new ideas, I'm not going to change my view that security updates are a different beast entirely from software advertisement platforms.

- A

"Users expect the browser to ask for default status? I don't think so."

Yes. They do. You may not thing so but until you've done browser support for a few years, you're just guessing.

Just cruise our feedback forums (bugzilla, hendrix, the newsgroups, and the mozillazine forums) for when we first introduced Firefox on Mac. At the time, Apple had just moved the "set default browser" out of their General System Prefs and into the Safari Prefs and there was no API from Apple to allow browsers to offer default status to users.

Users were very confused. They expected to be able to make Firefox their default browser from within Firefox. This expectation is probably the result of it being possible from every browser going back a decade or more to accomplish this task and most browsers going back 7 or 8 years making the offer on first run.

Go look it up. It was a real mess. At first, we just advised all those users to open Safari and then open the Safari prefs and then find the right tab and then set Firefox as the default. Eventually, we found an undocumented API that we were able to hook into but it didn't set Firefox as default for all of the major browser protocols. Eventually we got most of them sorted out but there were lots of edge cases where some other previously set default (safari, IE, chimera/camino) was still launching in violation of users' expectations.

Still to this day, setting Firefox as the default browser (either through Safari prefs or through Firefox prefs) doesn't work fully on Mac because there are several system services that Apple hard-coded to launch Safari no matter what the users's default browser is. One example is the "Search on Google" system service. There's no way to make that search in Firefox even if Firefox is your default and running at the time. It just launches Safari and takes you to Google there.

Yes, users are confused when they want Firefox to handle web content and it doesn't. Yes, users are confused when they don't have the option to set Firefox as their default from within Firefox. It's actually happened and there's plenty of evidence recorded in our various feedback forums.

- A

Yes all automatic updates are for critical security fixes. No. we don't have automatic updates that just fix certain features, or for minor (non-critical) security issues.

That's good to know. But why are there so many critical security issues in your software? That's a little ominous.

Actually, I didn't say that explicitely but yes. It's my belief that browser vendors (and vendors of other widely used and often attacked internet connected software) should have opt-out critical security updates.

I'm still not going to swallow that. Long-term, I think it's worse for security if people get used to the idea of software doing things like install without user intervention. They get used to that with "legitimate" software, and how long before they just accept malware doing something like that in the background? It's just like the problem of people clicking "OK" automatically on every dialog box.

The consensus, and I think it's correct, is that deceptive or confusing software install practices are generally a bad thing. I don't know many people who will argue with that.

I won't argue with that at all. I strongly agree. But the thing is - when did Apple ever do anything confusing or deceptive with their software install practices? Apple is one of the best in the world with their install practices. They are very clear and up-front. In fact, they seem to lead the industry when it comes to this matter.

I don't recall any time they did anything deceptive with their installers. Do you have examples, or are you just speaking hypothetically?

@Tim F.

"Oh great, thanks, Asa. Now, your answer isn't lobbying your own company to change defaults for me to opt-in, to remove checked checkmarks... now, I can build my very own software. Thanks for the option, buddy!"

I aim to please. We've got lots of options for you and they're all free and open.
The other 160 million users, they're the ones I'm lobbying and advocating for. They're the ones who aren't going to get my wonderful one on one time like you :-)

- A

Go look it up. It was a real mess. At first, we just advised all those users to open Safari and then open the Safari prefs and then find the right tab and then set Firefox as the default.

Yes, that was a mess, and still is to some degree. But my point was that Firefox makes this choice opt-out, which is exactly what you are complaining about in Apple Software Update for Windows.

I'm fine with giving users the choice, but why are you making it the default? Isn't that the same thing you are saying is deceptive for inattentive users in the Apple software? Why not make the default choice (the highlighted button) "don't change my default browser"?

Still, long-term I think we should discourage users from relying on such crutches. It just perpetuates poor thinking and users being ignorant about how their systems work.

"See, here's the problem I have with the "critical security updates" and "keeping people safe" trope. These days, pretty much every piece of software connects to the internet. Therefore, any software company can simply say "but it's for your own security!" to push updates on people. Kind of like the way politicians use terrorism or kiddie porn to justify whatever action they may want to take. Seems like a cop-out to me."

Ding! Ding! Ding! Now we're getting somewhere. This is precisely why Mozilla folks raised this issue in the first place. Security is a sacred trust that must be defended and I and others saw Apple abusing that trust relationship by labeling an entirely unrelated program as an update (something that most users consider important to maintaining their security) and served it to users along side an actual critical security update.

You appear to have already given up on the system and don't trust software vendors. At Mozilla, we're not giving up. We're a public benefit organization (not serving the public benefit, we'd lose that status, at least with the IRS) and we're in an ideal position to help defend that sacred trust. We're fighting the good fight here (whether any of you all want to believe that or not) on behalf of improving that trust relationship so that we can keep people safe.

You may not be able to trust joe-shmoe's free porn chat client with security updates, but you should be able to trust the major vendors like Apple, Microsoft, and Mozilla, to not abuse your fear of insecurity for financial or market gain.

I'm so pleased that you brought this discussion back to its roots, to the part of it that really matters. Thanks, Bucky!!

- A

"That's good to know. But why are there so many critical security issues in
your software? That's a little ominous."

This is getting quite off-topic. There are many critical security issues in all web browsers. We're really really good at finding them. The browser platform, especially the scriptability of the Web, is literally such a complex system (for all browsers) that there is no way to be completely free of security flaws. To do that would mean building a browser that couldn't render the Web. So, we work with the security research community to both build more secure architectures (both in the standards bodies and in the program itself) and to migrate the Web to those new systems and at the same time we're always trying to find flaws in the software that could be exploited and fix those.

A critical security flaw doesnt mean that there's someone out there with an exploit that can take advantage of it, but it does mean that someone could so we treat those as the same thing.

One great example of how this works is when one of our contributos, Jesse Ruderman, wrote something called a "fuzzer". The fuzzer feeds the browser massive amounts of jumbled and mixed up code and content and tries to get the browser to fail. If the browser fails, it's likely that that failure could be exploited. This tool that Jesse built found dozens of flaws in Mozilla code and we fixed all of those, presumably before anyone else found them. We also provided that tool to Apple and Microsoft and Opera so they could run it against their own softwhere where it turned up flaws.

So, the number of software flaws isn't just a measure of how good the code is, it's a measure of how good the flaw finders are and how much time and effort is invested in finding those flaws, even and especially before anyone else finds them. At Mozilla, we've got a global community of really smart security researchers poking and prodding all the time and so we find a lot.

We also report all the flaws we find and fix when we do a security update. Other vendors don't do that. As a matter of fact, other vendors often don't fix and disclose a flaw except under threat of exposure from the security researcher that found it. So, it's common practice in companies more concerned about PR than user safety to either not look or flaws (that way you don't find any and no one thinks you have any) or to find and fix them without telling anyone.

All that's to say that yes, we regularly find flaws with critical security implications and we fix and deploy them as efficiently as possible. This means that you're actually safer than if we just crossed our fingers and only fixed the occasional flaw found by a third party.

"But the thing is - when did Apple ever do anything confusing or deceptive with their software install practices?"

Maybe you missed the beginning of this whole thing. Apple included Safari as a checked by default "update" along with real updates to existing installs of iTunes and QuickTime and they didn't make any distinction between the two. Users could easily be confused (or, if one was less kind to Apple, deceived) into thinking that Safari was actually an update for something they already installed and perhaps even an important or critical security update since that's what the updater had been offering them in the past.

That's a lot better now that they put the new software offers in a different box from the updates for already in use software.

- A

This is precisely why Mozilla folks raised this issue in the first place. Security is a sacred trust that must be defended and I and others saw Apple abusing that trust relationship by labeling an entirely unrelated program as an update

Well, I hope that was the real reason it was raised. It just doesn't seem to me that there is any crisis in trust or security that has warranted this level of reaction from Mozilla.

I really don't know, but I doubt that this was intentional. Many people are acting like this was a conspiracy to push Safari on unsuspecting users. But that doesn't make a lot of sense. Because if their intention was to prey on those who would just click "Install" without knowing they were installing Safari, then how would that work to gain users? It doesn't auto-launch, or set itself as default browser. So, the inattentive user would just end up with Safari sitting in their Applications folder. If they were that inattentive, then why would they then seek out this software they previously didn't notice and start using it?

I think what is more likely is that the engineers didn't think about the unintended consequences, or didn't think it would cause the fuss it did. They just re-engineered Software Update for Windows, and had it work the same way it does on the Mac. If they really intended to subvert security updates for marketing purposes, there are many more effective ways they could have done it.

And notice the way that Apple delivers these updates. They very clearly list them, give descriptions, and make it easy to disable them. I find it a lot more up-front than Firefox's approach.

Now, can you understand where I see the hypocrisy in the "default browser" issue? That's a behavior that I personally find far more annoying than Apple Software Update. I'm perfectly fine with you having it that way - it's your software. But I don't think you should take such a vocal stance against Apple, when you have a very similar problem in your own product. If Software Update is being deceptive, then Firefox is also being deceptive. If Firefox is not being deceptive, then logically, neither is Software Update. You can't have it both ways.

This comes back to the issues of context that I was discussing before. Although fundamentally the same issue, there are some differences in context and presentation that makes me feel that Firefox is behaving more questionably than Software Update:

The Firefox "default browser" dialog is just that - a standard application dialog box. The kind of thing that users dismiss quickly and unthinkingly. Software Update, on the other hand, is an entire application, and it presents a substantial window with the options clearly presented. It's something that a user is likely to at least pause at. It may even require an administrator password. In terms of user interaction, I think the Firefox dialog box is far more likely to be inadvertently dismissed than Software Update.

I'm so pleased that you brought this discussion back to its roots, to the part of it that really matters. Thanks, Bucky!!

Hey, it's been fun! Thanks for your time.

"Yes, that was a mess, and still is to some degree. But my point was that
Firefox makes this choice opt-out, which is exactly what
you are complaining about in Apple Software Update for Windows."

And I'm saying, again (even though I said I wouldn't) that these three situations are all different and there are a different set of considerations for each of them.

New, unrequested software installs, like Safari is for QuickTime users on windows or apparently the Google Toolbar is for people trying to install Java, should not be presented as updates to already installed software (Apple just fixed this -- the whole point of my post) and they should be opt out because installing some unrelated piece of software on a user's machine when they're trying to install or update some other piece of software isn't something that they're going to expect and may cause real user confusion (What's this toolbar doing here?! What's this background networking process that just got hijacked by spyware?!) I don't think there's a lot of room for debate here. Opt out is just wrong in this situation.

Security updates, essential to the safety of users and the health of the internet, should be opt out and the major vendors should be closely monitored (by each other and by consumer advocacy groups, and perhaps even the government) to ensure that they're not abusing this because it's a critical mechanism for preserving the health of a shared commons. It's sort of like a smallpox vaccination before smallpox was eradicated. You shouldn't be able to opt out not just because you may die a painful death from smallpox, but because you may end up taking lots of other people out when you do. But, the process needs to be watched closely to prevent abuse. This is open to some debate for sure, but I think that it's shifting towards opt-out and I think that's a good trend.

Setting application default file types and handlers is not a settled issue. I think opt out, especially if we can make the interface more useful, get it out of the way during the initial session, and help users understand better what's happening, is the way to go -- for all programs. People disagree here. I've been thinking about this for years and we've made lots of adjustments to how this works over the years (so have the other players) and nothing is fully settled. I've been watching browser users deal with this issue for a long time, longer than most browser users have been online, and I think that we're at the least bad solution that does the right thing for the most possible users. Could it improve? Absolutely. Should it be wedged into the exact same mold as security updates or software hitch-hicker installs? Absolutely not. I'm not going to be constrained in my thinking about this issue by the other two completely different scenarios and today, after various tweaks and trials of the last decade, I think that -- at least for browsers, what we're all doing is probably the best compromise. Will that change tomorrow or the day after when the browser wants to do more -- like handle your word processing, spreadsheets, email, photo retouching, and your multimedia collection? It probably will.

- A

'Well, I hope that was the real reason it was raised. It just doesn't seem
to me that there is any crisis in trust or security that has warranted this
level of reaction from Mozilla."

What level of reaction? A blog post from me and a blog post from John Lilly? You think that's some high-level of reaction from Mozilla?

Look. Two people at Mozilla, John and myself, saw this happen on our machines and we both went "oh, shit. users are gonna hate this. it'd suck if that caused them to trust our security update mechanism less" and so we blogged it.

There was no law suit. No call for a DOJ investigation. No press release. There was a couple of blog posts and they seem to have at least contributed to Apple's updating their Software Updater to be more informative and less confusing to users.

How's that a bad thing? Isn't this where we talk about how competition is good and how rivals in a market pushing eacho ther to do a better job is good for the consumer?

The unfortunate downside of the competition is that people assume it's about something other than the users. For a traditional corporation like Apple or Microsoft, it has to be about revenue. That's the legal responsibility they have to their shareholders. (not to say they can't maximize revenue by doing right by users.) But at Mozilla, our only shareholder is the public -- that's what it means to be a classified as a public-benefit organization. We exist to make things better for the public benefit while at the same time competing in a commercial marketplace. It's a bit confusing to a lot of people, but we've got time to convince by continued good work and good deeds :-) Hopefully when more people see the good we've been doing and are doing, they'll be less skeptical when we raise issues on behalf of users.

- A

What level of reaction? A blog post from me and a blog post from John Lilly? You think that's some high-level of reaction from Mozilla?

You are aware that anything from Mozilla, even if released on a "blog" is going to be picked up widely, on the like of slashdot, Digg, Daring Fireball, BoingBoing, and so forth, don't you?

Specifically criticising a competitor is definitely a high-level reaction for any organization. Portraying it sa "just a couple of blog posts" doesn't make it any different. Didn't you realize this would start all kinds of conspiracy theories and bashing?

Also, it's a "high level of reaction" qualitatively, not just quantitatively. It's actually a pretty trivial issue, not some sort of threat to security or user freedom as you have been portraying it.

Look. Two people at Mozilla, John and myself, saw this happen on our machines and we both went "oh, shit. users are gonna hate this.

I'm really not seeing it. Which typical users are going to "hate" this apart from those with an ax to grind against Apple? Of course, I've already mentioned slashdot, et. al.

Isn't this where we talk about how competition is good and how rivals in a market pushing eacho ther to do a better job is good for the consumer?

That's a very strange idea of competition in the marketplace. No competitor on the market wants to help their competitor do a better job. Outside of Libertarian fantasies, of course. The goal is to eliminate competition.

The unfortunate downside of the competition is that people assume it's about something other than the users.

While I sympathize, and take you in good faith, can you see how it's very difficult to believe in this case? When there are so many far more egregious violations, yet Apple gets singled out, and they happen to be taking on the same space that Mozilla exists in?

But at Mozilla, our only shareholder is the public -- that's what it means to be a classified as a public-benefit organization. We exist to make things better for the public benefit while at the same time competing in a commercial marketplace. It's a bit confusing to a lot of people

Oh, I understand that well enough... I work for a large educational institution. The interplay between public good and being part of a vast organization is a daily battle for me.

So wait the CEO of Mozilla afraid of Apple pushing Safari onto Windows users which ultimately might lead people to switch from Firefox?!?!? *gasp!*

Seriously the only reason this guy along with others at Mozilla are whining about Safari is out of fear. Fear of competition and fear that in their eyes Apple's software update will be able to push Firefox out of the spotlight ala IE vs Netscape. Apple also has the momentum to push other products out via updates and close off Firefox. As with anything in the general publics view if it loads faster, it supports a new set of CSS technologies, or heck they have the "its made by Apple so it must be better then what I'm using" mentality then a lot of people are abandoning Firefox and therefor Mozilla. So while I try and applaud your coming out for the people and bashing Apple over this fiasco I still sense that its driven by fear.

Is this really worth wasting time worrying about, get a life its only bloody software!

You should congratulate Apple for pre-checking the box as this will help decrease IEs marketshare. If you use Firefox or another browser then you're informed enough to uncheck the box in this software update. There is a reason you have to click a button to install these updates after all -- it's there so you can see exactly what you're installing, otherwise it would just be automatic.

Most people don't even know what a 'web browser' is and still use that awful IE, which makes web designers' and developers' lives so much harder having to fix all the inconsistencies. I'd rather have Apple push Safari to Windows users at the expense of you having to uncheck a little box than leave IE to rule the market.

Hahahahahaha. Yahoo Messenger and Google Tooolbar have been notorious for this type of behavior. For the past couple years (or more!) they've been "stealth-bundling" their wares within other 3rd party programs. And yes, unless you are REALLY careful to do the uncheck thinggy during Installation Options, Messenger or Google Toolbar will be stealth-installed on your computer. Why single out Apple now?

Mozilla is singling out Apple on this practice ONLY because Apple is in a unique position to gain market share using this practice. The reality is that no one raised the issue with hundreds of other companies who frequently behaved this way. So singling out Apple now seems petty.

If you want to solve this problem, don't just single out Apple. Point fingers at and chastise everyone who engages in this type of behavior.... and you will realize that there is a boatload of software companies that engage in this kind of behavior. Confronting Apple is not enough. You'd have to confront an entire industry.

Asa, I would love to see your numbers that prove that the majority of installs want their default browser and home page hijacked on first run. Do you have them? If not, don't use "expectations" or "tiny minority" in defense of these decisions -- FIX THEM.

I always thought the big battle over "web portals", whose browser would be the de-facto on your desktop, whose website your browser would default to when it launched was ridiculous. I'm mean who didn't realize you could just change your settings and use whatever browser you wanted. Change another setting and have your browser go wherever you wanted it to on launch. Now, however, I see the world truly is populated by people that have no clue and must be protected from the ravages of those who know they are clueless. This all goes a long way towards explaining how Windows remains the dominant operating system on earth.

@puns,
"You should congratulate Apple for pre-checking the box as this will help decrease IEs marketshare."

"Most people don't even know what a 'web browser' is and still use that awful IE, which makes web designers' and developers' lives so much harder having to fix all the inconsistencies."

While I love and appreciate just about anything that decreases Microsoft's market share in favor both more competition and more standards-supporting browsers, I'm just not going to cheer any of abusive, predatory, or confusion tactics that rely on an uninformed victim being manipulated by a software vendor. There are better ways, like building a better product! and educating users! that, while they may not always be as effective as abusing users, are IMO the preferred rout.

- A

@Steeve Greenly
"Yahoo Messenger and Google Tooolbar have been notorious for this type of behavior. For the past couple years (or more!) they've been "stealth-bundling" their wares within other 3rd party programs."

As I've been told. Does that make the practice better or acceptable. Because some bad actors behave a certain way should everyone? Is there a better alternative to accomplishing the same goal?

"Mozilla is singling out Apple on this practice ONLY because Apple is in a unique position to gain market share using this practice."

And the aforementioned Google and Yahoo toolbars aren't in a position to gain market share from this abusive tactic? Because Gator or Real abuse their users and because Google and Yahoo abuse their users so then it's a great process that should be applauded?

"If you want to solve this problem, don't just single out Apple. Point fingers at and chastise everyone who engages in this type of behavior...Confronting Apple is not enough. You'd have to confront an entire industry. "

So you fully admit it's a problem? It is bad behavior? You would seem to be in the minority (along with me) here on that statement.

Apple is the one I encountered on my desktop. Am I not allowed to speak out against one issue of abuse unless I become a crusader for all issues of similar abuse?

That's just silly. I shouldn't report an accident on the freeway unless I'm willing to quit my job and devote all of my time to monitoring the nearby freeways and reporting all accidents? You're creating an awfully high barrier to action here.

"You musn't call out human rights abuses you witness unless you're willing to also learn about and protest all human rights abuses across the planet!!"

Yeah. That'll make for a great world. Let's all live that way.

- A

@Steven Fisher
"Asa, I would love to see your numbers that prove that the majority of
installs want their default browser and home page hijacked on first run. Do
you have them? If not, don't use "expectations" or "tiny minority" in
defense of these decisions -- FIX THEM."

I dispute your claim of "hijacking". I will continue to use user expectations and majority and minority use cases with and without numbers, to defend software design practices. If you demand quantitative measures of every move, you're never going to move. That's a pretty silly barrier to progress.

Look, I've been building and supporting browsers for almost a decade. There are thousands of others working on Mozilla that have been doing the same. That collective experience and wisdom is a valuable tool in evaluating design decisions. Suggesting that the only method for arriving at a decision is to first have hard numbers is just silly.

And, if you'll read up, you'll see that I've both said that it's less than ideal and proposed some modifications (which do not included changing the state of the checkbox) and that there is not nearly as much agreement here as on the other two distinct use cases that this thread was intended to address.

Also, your use of all caps commandments is a bit rude. Please try to keep it civil here. People often follow by example and when one person starts "shouting", it often spreads. Thanks.

- A

I'm not sure if anybody has mentioned this yet but I haven't read it.

The fact that Apple have added a "New Software" section to their Software Update indicates that the automatic roll out of Safari through Software Update is not a one-off but will be a new method of software distribution by Apple.

I'd hence suggest that users of Apple softwares should expect to see more unwanted applications appearing on their computer soon.

I'm just not going to cheer any of abusive, predatory, or confusion tactics that rely on an uninformed victim being manipulated by a software vendor. There are better ways, like building a better product! and educating users! that, while they may not always be as effective as abusing users, are IMO the preferred rout.

And now we are back at square one. For a while there, I actually thought you wanted to have a reasonable discussion about security and software distribution. Apparently not. It seems to be more about making exaggerated insults about a competitor.

Listen to yourself:

"Victims". "Abusing users". "Manipulated".

Do you really believe this? This is very extreme language you are using here. For someone to be a victim, harm has to be inflicted. But how is anybody harmed by having Safari on their desktop? And if they were manipulated or abused, then why did Apple offer the ability to uncheck that box and not install the software? They could have made it a mandatory install with iTunes, but they didn't. Isn't it the user's fault that they didn't uncheck the box in what is a very clear and simple installer?

Finally, all of your outrage assumes that Apple deliberately intended to confuse users and have them install against their will. Do you have any evidence at all that this is true?

Personally, I think your talking this way about a piece of software makes a mockery of people who actually are victims of abuse.

Oh yes I see. You Windows users do face a real problem when it comes to unchecking a box in a dialogue screen.
That GUI concept is a hard thing to learn, I know. Takes some effort.

Oh yes I see. You Windows users do face a real problem when it comes to unchecking a box in a dialogue screen.
That GUI concept is a hard thing to learn, I know. Takes some effort.

Much worse than anything Apple OR Mozilla has done is Microsoft pushing Windows Genuine Advantage... Windows Genuine Advantage (WGA) is a detrimental piece of software from the user's viewpoint - it does absolutely nothing useful, AND it is capable of shutting down your system if it doesn't like what it sees (whether that's because of truly pirated software, a use that violates the draconian shrink-wrap license, but is perfectly within the ACTUAL tenets of copyright law, or a bug that makes WGA think it smells piracy when there's nothing wrong). This is a dangerous application - it gives Microsoft a unilateral remote shutoff on your computer! At first, Microsoft simply listed WGA as an optional update, but, of course, nobody installed it (unless they didn't know what it did). Their second tactic was to bundle it with IE7, but WGA was bad enough that many people avoided IE7 to avoid WGA. After that, it mysteriously popped back up as a poorly explained critical security update (checked by default). Even with this level of disguise, people still sometimes went to the trouble of avoiding it. Now, it is bundled in with a couple of other updates to Microsoft's UPDATER! No other program will update until the updater is current, and the required updates to the updater include the detrimental Windows Genuine Advantage! Microsoft is FORCING users to install a program that could VERY easily be considered malware (it doesn't do anything that a user might want, and it opens up a route to shut your computer down remotely)!
By comparison, BOTH Apple and Mozilla are innocent! For what it's worth, I think Firefox's default browser grabbing is somewhat worse than Apple's Safari trickery (especially now that Safari is clearly marked as new software)

Whenever there is a Firefox update because of security concerns, there is precious little information as to the platform the hole exists. But when an issue is famously cross-platform, that info is made plain.

Why should Firefox on my Mac update by default because of a hole found in Windows? Why should I care? What Windows code could possibly have changed to affect my Mac? Why should a Windows user update for a critical hole found in OS X? How could any Mac code affect a Windows box?

To claim the default update setting protects the integrity of all users — or worse, the integrity of the web — is more than a straw man. It's laughable. Seemingly more important is forcing every platform's version of Firefox to have the same version number.

Apple Software Update should work like Microsoft Update -> Assume users only want updates for products they've currently installed. Anything else should be unticked by default.

I wonder would the Apple defensive people think any different were Mozilla to, by default, assume users wanted to install Thunderbird when checking for a Firefox update, or vice versa...

This is what results when you build an operating system that doesn't have a package management system for its software.

@Bucky, you said "But how is anybody harmed by having Safari on their desktop?" How about the fact that a new Safari can also come with background networking process called Bonjour that could have security implications and users never know about it. How about wasting disk space on new machines with limited high-performance Flash disks (SSDs.) How about making their desktop that much less usable by splattering unused icons on it. There are lots of ways that this practice falls under the term "abuse". Opt-out new software installation a dirty tactic that was once limited to malware distributors like Gator. Now you're defending the world's most well known software companies when they engage in that same tactic. Opt-out is wrong. It's just that simple. People may disagree on how bad it is and that will certainly vary depending on what's being installed (a google toolbar, a background networking service, a keylogger, a new browser, etc.) but that doesn't make the practice any less wrong or somehow get it off the hook for being an abusive software tactic.

As for your comment about people suffering physical or psychological abuse (I assume that's what you meant,) should we stop using the word "predatory" when talking about predatory lending tactics, for example, because it somehow takes away from the real suffering of children who have been the victims of predatory pedophiles? That you're unable to make a distinction between kinds or severity of abuse in this world shouldn't preclude the rest of us from using the word with more nuance, subtly, or variance in meaning.

@MacRussian, no it's about usability and doing the right thing. I imagine that Mac users would be pretty ticked off if Microsoft did the exact same thing with Office pushing IE9 or WMP something like that. Opt-out is wrong for new software installs. It's just that simple. It's wrong for "do you want to receive spam from this website or its partners" when making an online purchase, it's wrong for new and unrequested software installs. Because it's not painful to opt out, doesn't make the tactic any less wrong, whether it's websites spamming you with email or software companies spamming you with new installs.

@Dan Wells, yeah, Microsoft's WGA is pretty lame. I was really pleased when they stopped requiring that for IE7 upgrades because IE 7 really should be seen and advertised as a critical security update for IE 6 (thanks to major architectural changes that remove entire classes of potential vulnerabilities, EV Certificats, and Phishing protection features.) That they tried to use IE 7 sexy features (whatever those were) to push WGA on more people was a huge mistake and means a lot of Windows users are far less secure than they would have been if Microsoft had allowed them to get IE 7 when it first shipped. At least they learned something and stopped that practice and in so doing will have made the Web safer and more standards-adherent.

@Mac Pawn, the overwhelming majority of security holes are in code that the same on Mac, Windows, and Linux. All of the back-end, where security holes are often found (called Gecko, in the Mozilla platform) is shared between the different platforms. There have been one or two occasions out of the last 50 or so security updates where the only fixed flaw was specific to one platform.

@Mark, I've removed your comment. When and if you'd like to come back with a more civil comment, I'll let it though.

@everyone, I'm not going to let my blog comments descend into cesspool of name-calling, profanity, or even all-caps shouting. If that's crossing some line for you, feel free to take your comments or your comment reading elsewhere.

- A

But how is anybody harmed by having Safari on their desktop?" How about the fact that a new Safari can also come with background networking process called Bonjour that could have security implications and users never know about it.

Wait, isn't Bonjour listed as a separate product in Software Update? It doesn't come with Safari, to my knowledge.

How about wasting disk space on new machines with limited high-performance Flash disks (SSDs.) How about making their desktop that much less usable by splattering unused icons on it.

So, someone has a swank new high-performance flash disk, and isn't savvy enough to know how to delete an application? Or remove an icon from the desktop?

Not to mentions - it was their own fault in the first place for not looking at what they were installing. Apple did nothing to hide what software was to be installed. They did nothing to make it difficult to disable.

So, how can Apple be abusing or taking advantage of someone, if that person won't even read what is a very clear dialog box? Sounds more like self-inflicted harm to me. Should a gun manufacturer be considered at fault if somebody decides to shoot themself in the face with that manufacturer's product?

Opt-out is wrong. It's just that simple.

No, it's not really that simple at all, and you saying it is doesn't make it so. You have yet to demonstrate any actual harm that arises from this.

should we stop using the word "predatory" when talking about predatory lending tactics, for example, because it somehow takes away from the real suffering of children who have been the victims of predatory pedophiles?

No, because the use of the word "predatory" is not limited to pedophiles. While the use of the word "abuse" should only apply to thinks that are abusive - not a non-issue where there has been no abuse of any sort.

Which is the case here. There is no abuse of any kind going on in Apple Software Update. Do you have any proof that Apple intended to "abuse" its users or cause any harm?

The software is called "Apple Software Update". The title implies that existing software will be updated, not new software surreptitiously installed. The fact that the check box is still checked by default is deceptive, and puts Apple on the same level as Real.

The software is called "Apple Software Update". The title implies that existing software will be updated,

So, it's all about the name, eh? If they called it something different, then it would be OK?

Newsflash, often the word "update" is used for something new... such as a news update. Why couldn't this be keeping you up-to-date with software that's from Apple?

If you're going to play semantic games, then I don't think you have much of a leg to stand on. Especially as they now explicitly label new software that isn't already installed on your machine.

I also find a checkbox confusing. Apple should make it so that it's really hard for me to install Safari. I'm worried that this may come up on my screen during the middle of a Warcraft raid, when I'm clicking the mouse furiously at Felguard, and then I might accidentally click on the 'install' button by mistake, completely corrupting my system and filling it with tons of ActiveX controls and other viruses. Bleah. Why is Apple doing this to me!?!? This was a new machine, and now it's HOPELESSLY CORRUPTED!!!!!

Bucky said:

>Wait, isn't Bonjour listed as a separate product
>in Software Update? It doesn't come with Safari,
>to my knowledge.

Not sure about now, but when I first got offered Safari on my XP machine, I got Bonjour with it and I didn't see any warning. If they've moved it to the "New Software" section and checked it by default, I'll have the same comments about it as I do about Safari.

>Not to mentions - it was their own fault in the
>first place for not looking at what they were installing.

Yep. It's always the user's fault. Where's that vaunted elegance of the user experience I'm always hearing about from Apple fans? Users should pay more attention, yes, but with this setting, Apple has made it easier for users to make mistakes than to not make mistakes and it's pretty clear that was intentional. If it wasn't, they'd have changed the checkbox state when the first outcry happened and they moved Safari out of the Updates section and into a new New Software section.

>Should a gun manufacturer be considered at fault
>if somebody decides to shoot themself in the face
>with that manufacturer's product?

Though I think it's a faulty comparison, it's worth noting that gun manufacturers design guns with safeties to help prevent just this kind of problem. To continue the broken metaphor, Apple shipped their Updater with the safety off and users are rightly calling on them to ship with the safety on instead. Optimizing the user experience for the results the user expects is something I expect of major software vendors. Optimizing the user experience in a way that maximizes the possibility of mistakes is what I expect from spammers and malware distributors.

>So, someone has a swank new high-performance
>flash disk, and isn't savvy enough to know how
>to delete an application?

Yeah, all those Eee PC sub-$500 laptop owners are the most tech-savvy people on the planet. Disk space is not cheap or free to everyone.

And, since you didn't address it at all, I'll reiterate that there are other downsides for users including desktop and Start menu clutter which disproportionately impacts the less savvy users most likely to accidentally install Safari. More of that famous Apple elegance of design at work I suppose.

>No, it's not really that simple at all, and
>you saying it is doesn't make it so.

My saying that the Earth is round doesn't make it so. It also doesn't make me wrong.

Opt-out for entirely new software installs is wrong. It's wrong because it requires the user to take a positive action to avoid an addition to his system that he didn't request in the first place. It's just rude and pushy and presumptive. It's the kind of thing one expects from spammers and malware distributors, not reputable software vendors like Apple.

>There is no abuse of any kind going on in
>Apple Software Update. Do you have any proof
>that Apple intended to "abuse" its users or
>cause any harm?

Intent isn't a requirement for abuse. For all any of us know, Apple "intends" this practice to be helpful to users. (Though I suspect not.) Even presuming the best of intent, that doesn't change the nature of the result.

Tthe choice was deliberate, and I believe that it was calculated to maximize Safari installs -- even at the expense of those who would unintentionally install it. Apple used deceptive techniques when they first advertised Safari as an "update," when it was nothing of the sort, and I think that the current ASU service, while somewhat less deceptive, is still designed to maximize installs of Apple software -- even at the expense of those who get it unintentionally.

I think that behavior matches up pretty closely with my and many others' definition of abusive software distribution practices.

- A

"More of that famous Apple elegance of design at work I suppose."

That's rich when firefox pretty much ripped off the whole damn Safari interface!

@HP, you're pretty off base here.

Using system colors, gradients, button shapes, and even icons is not ripping off. It's the default and encouraged behavior for all of the major desktop operating systems -- especially Apple. While closer to the Apple metal look than in previous versions, Firefox is actually deviating from the encouraged look and feel and developing it's own "visual identity" more than just about any other popular Mac app I can think of.

That's both a blessing and a curse. Our toolbar gradient colors, our button shapes, our icons, our text field endcaps, all that and more give Firefox a distinct look on Mac. That's nice for keeping our product identity. It's not so nice for most vocal Mac enthusiasts who don't want any variance from the system defined norms.

Fortunately, for those people, there are a couple of themes out there that really do come a lot closer to the stock Apple Metal look (Finder, Safari, iTunes, etc.)

If you want to talk about what came first, let's talk about integrated search, the find toolbar, tabbed browsing, pop-up blocking, a bookmarks toolbar, form auto-fill, rss auto-discovery, session restore, and just about every single other major piece of Safari's interface that was implemented in early Firefox and other browsers before Safari. If you want to call it ripping off and you want to toss around that accusation so casually, let's go. I think that Firefox, IE, Opera, NetCaptor, Netscape, and just about every other browser on the planet had those features and more well before Safari.

Or, we could get really silly and talk about Safari ripping off the location of the back button in relation to the location of the forward button. What a rip-off! They put an address field on the same toolbar as the the back and forward buttons and they put a bookmarks toolbar underneath that toolbar!! The outrage!

But, I don't use that word rip-off because that's just not how it works. Software evolves and good features, good design, and good looks are picked up by all players in a market eventually (especially when the OS vendor builds those features, design, and looks into the toolkit it pushes on all of its software makers.)

If you want to get into the game of crediting originators, that's fine, but it's a very slippery slope and it takes quite a bit of research to play the game well if you weren't fairly involved in the development of the various browsers during the last 14 years or so.

- A

@Asa Dotzler: Ah, so your experience at building browsers makes it okay to change home pages and defaults on the user's system, but actually finding out what they want hasn't occurred to you. Got it.

I have very little problem with Firefox doing that, to be honest. I do have a problem with the community coordinator for the pushiest browser on the Internet calling another browser pushy without disclosing their own poor decisions. Pot, kettle and all that. Apple's made a step in the right direction from a lesser evil: What has Firefox done?

> The update process as proposed by Apple (old one or new one), let no the user choose what they want. Have the choice means: "Here you are, choose what you want". Apple's proposal is: "Here you are, choose what you don't want". Do you go to a supermarket where you have to say what you DON'T want? Do you agree if when you put gasoline on your car, you have to say: please, I don't want chewing gums?

You mean, like when Firefox installs, you have to manually choose NOT to report "anonymous stats" that you DON'T WANT TO? And what about this ：

"As a Safe Browsing user, your browser will contact Google's servers when you visit a potentially risky site. It will also periodically contact Google's servers to download the most recent list of known phishing and malware sites. Google does not collect any account information or other personally identifying information as part of this contact, but does receive standard log information including an IP address and one or more cookies." O_o

Oh, and how about when you install Firefox and run it the first time, you have to UNTICK the box to choose NOT to make it the default browser? Yes, Firefox, Safari, Opera, and (the eternally condemned) IE all do this "choose what you don't want" practice. Now if you want to ask a competitor to do "more" in the "right direction", how about doing something in the "right direction" yourself first? -_-b