If/when Apple is forced to start allowing Blink on iOS globally, all it takes is a hearty marketing push from Google and devs putting “best viewed in Chrome” badges on their sites for Safari’s marketshare (and with it, Apple’s influence) to plummet.

Is keeping up with "just security patches" on Chromium reasonable?

As sickening as thought as it is, the best hope there is Microsoft-- they can afford to hire the necessary army of developers, and their incentives are aligned just far enough away from Google's that they would have reasons to do it.

The problem is that they're also in the ad economy now, so their opportunity to play it for relevance is shot.

They had a window where they could have said "Edge: the Chromium-based browser that treats uBlock Origin as a first-class citizen" but instead they'd rather add weird popups to credit card fields asking if I want to use Klarna instead.

If web devs get permission to start ignoring Safari (which currently sits at ~20% marketshare), there’s no way they’re going to care about Firefox which doesn’t have even a fifth as much. If Safari falls so does Firefox.

> Apple isn't the only one standing in the way of a Google hegemony.

Who else would you consider?

Chromium-based browsers from companies other than Google are still contributing to Google’s hegemony. And Mozilla is funded by Google.

> If they are, then the web is already fucked since neither corporation has a benevolent track record pertaining to Open Source.

Interesting take, since Google has both authored and supported hundreds of FLOSS projects over many years. They even sponsored summer "internships" for students to contribute to Open Source software as long as a maintainer bothered to register and promise to mentor the student via "Summer of Code"

> If they did something truly onerous

It would very unlikely be something which would affect Microsoft’s bottom line. They wouldn’t care.

> and everyone would switch their upstream to Edgium.

Who’s “everyone”? Anyone who cares minimally about possible shenanigans in Chromium is already selectively merging changes.

Edge aggressively sets itself as the default browser and slurps information from Chrome without permission. Edge and Microsoft are not and will not be a saviour from Google and Chrome.

Anyone who tries to push changes to Chromium will quickly find Google does control it.

> Google doesn't have control of Chromium though.

They do. If they merge DRM into it tomorrow or something alike, it trickles down to all users of Chromium and Google Chrome.

You can build _a fork_ of it. But the enormous majority of the masses don’t use your fork — they use upstream.

> Microsoft would fork it within hours

I haven't trudged through Chromium's commit statistics but has Microsoft been upstreaming many contributions? I'm skeptical that they are ready to take on the full brunt of Chromium maintenance on a whim, it would take a decent while to build up the teams and expertise for it.

>Google doesn't have control of Chromium though.

There's a tightly controlled pool of developers who make up the decision-making body about which commits get approved. That pool is dominated by Google employees so they effectively control whether something gets committed.

So it's not open in the sense that would be most people's first impression, which is that anyone can contribute code to the project and see it realized. You'd have to fork it and maintain a Google sized code base.

>Complaining about Chrome is barking up the wrong tree.

I don't see how that follows. Google disproportionately invests in a browser, controls it and with it much of the destiny of the web. The fact that Google is leveraging their ad monopoly to create and maintain a dominant browser is the issue. At least, it's an issue. The ad monopoly powers their control over the web and vice versa.

Even if that’s true, are we going to see Google’s dominance in the ad space meaningfully curbed? It seems highly unlikely at best, and it doesn’t matter how loud any of us are barking (at least until there’s a massive shift in political headwinds).

Until that’s addressed, Chrome being dominant is a problem, because Google has created an “open moat” with their resource expenditure. Microsoft sure as hell isn’t going to be able to justify that kind of spend on their Chromium fork, and so their influence will never be of note.

Except they do. One just has to look at the inability to keep JPEG-XL mainlined in Chromium. Sure, some forks still have JPEG-XL, but it's effectively gone at this point.

Nobody worth mentioning to big corporations uses Chromium.

> Microsoft would fork it within hours and everyone would switch their upstream to Edgium.

Why would people trust Microsoft more than Google, though? Even with really bad actions, switching browsers is very difficult (i.e. it requires making an active choice and change about an obscure topic) and I don't see normal people doing it, which is what would be required for this to happen.

Microsoft can't get any traction for Edge even with the pushiness on their OS and massive market share. I recently installed Windows 11 on a box and even searching for Chrome had the top portion of the screen show "You don't need a different browser!" at the top of Bing. Did that stop me? No. Not going to use a Microsoft browser, thanks.

surely they can be held responsible - they are the ones defining whatever heuristics cause traffic to be classed as malicious!

> Getting your Steam library to work on Linux before it got Valve's blessing with Proton wasn't a great experience.

There weren't any real roadblocks for that caused by Valve. And it definitely wasn't as hard as you're implying.

> If they wanted to, they could have easily decided to block games from running on Linux and gave some statement about preventing piracy and protecting users from malware.

They could have just like any software developer could but they didn't. They also didn't block the Steam for Linux client from running on unapproved distributions or even FreeBSD.

They at least still put out a native Linux client, even if there weren't that many native Linux games.

That at least demonstrated, to some extant, that Valve doesn't care where you run your games, as long as you buy them on Steam.

They are kind of different statements.

For-profit institutions will almost always act in the interest of profit for the people who have an ownership stake and a claim to the prophet stream. That's definitionally why they exist, and we have enough evidence from the history of everything ever to assume that they will for the most part act that way.

You are saying something different. You are pointing out that the people making decisions aren't necessarily good at making those decisions. Or maybe the incentive structure is set up such that the people making the decisions do not share the goal of profit with the company, and so decide according to what's best for them, which might or might not be what's best for the profit objective.

The instability of institutions in general is yet a third characteristic.

The actual metric management maximizes management remuneration, which is dependent on short-term shareholder value.

Startups nominally care more about the long view, as they need to convince investors that they high long-term value and have to act accordingly. As companies grow from VC-funded, to fast-growing public, then to well-established public company, the culture shifts to match dominant shareholder expectations.

I think Public Benefit Corporation (PBC) are a way to try and solve that problem.

I recently switched to Kagi and their Orion browser, and that's when I learned about PBCs.

A PBC legally takes a triple mandate, the first is just as any for-profit corp, to maximize shareholder value, the second is to the benefit of the stakeholders, and the last can be anything they write down when they register as a PBC. The Delaware law says:

> The board of directors shall manage or direct the business and affairs of the public benefit corporation in a manner that balances the stockholders’ pecuniary interests, the best interests of those materially affected by the corporation’s conduct, and the specific public benefit or public benefits identified in its certificate of incorporation.

If they fail at any of these mandates, you can sue them.

That means they are still for-profit, but also can't decide to favor profit over their other mandate or change their mind. Their other mandate being stakeholders interests, like users, as well as the explicitly stated benefit. For Kagi, that benefit is:

> Kagi is committed to creating a more human-centric and sustainable web that benefits individuals, communities, and society as a whole, with a transparent business model that aligns the incentives of everyone involved.

Now it's not all roses, Anthropic I learned is another PBC. Their benefit is:

> the responsible development and maintenance of advanced AI for the long-term benefit of humanity

Which is quite vague, and can be taken in many directions.

But overall, it's much better than normal corporations, because here they are legally obligated to care about stockholder, stakeholder, and some additionally specific "public benefit".

That's ahistoric. Democratic governments are correlated with a _decrease_ in violent conflict.

Determining if traffic is genuine requires the user to completely and totally give up privacy.

I compare Cloudflare to border control. Open up your bag. Answer the questions. Present your papers.

I am. Try to browse anonymously. On the modern internet you're no longer allowed to do this.

Cloudflare can't determine who you are? No website for you.

> Without Cloudflare, you wouldn't have the website you're browsing

What ridiculous statement.

Or CF could just do better caching, which was their original reason for existence.

[flagged]

the end game will be ai training bots will have to be:

1) like 1 cent or fraction of cent to get access to page

2) scrawlers will just cache this data on their server or just train on it so will pay just once

3) small content creators will get just make like few dollars our of it

4) CF will get some 10-30% cut from their content semaphore.

5) in the end you small content creator trading their whole content for few dollars but because CF has mass of scale they will make multi millions or more.

Nope. It's because the cloudflare captchas require a bleeding edge browser. If one uses a modern commercial browser it works and you've never even presented with a captcha. But in both cases I am tunneling to a VPS to avoid Comcast/Xfinity's MITM injections of javascript into pages and that adds some oddness to my connections. Comcast has a monopoly on high speed internet in my town and I cannot even get DSL or I'd switch.

Lacking lived experience re: discrimination is something that's pretty common. I hate to compare my entirely optional 'software veganism' struggles with real discrmination issues, but just because you don't experience discrimination doesn't mean it doesn't happen. I go to online stores, government services, even places of recreation and I get denied service because I have to tunnel to avoid my ISP's unethical practices and I don't use a cloudflare approved browser. It feels bad.

[dead]

Since you seem so well-informed I would love any example of good-will and strictly not-for-profit activities done directly by a large corporation with shareholders which weren't done have other reasons.

Examples of things which don't count:

- Supporting an open source competitor to avoid getting hammered by antitrust

- Giving money to a foundation (which they may or might not own) for greenwashing

- Giving money to a foundation ran by a friend/family member

- Doing an activity to try to fix an evil thing they did before and backfired

- Doing something good for obvious PR reason (e.g. By being heavily advertised) but then do something even worse in the same area later on

I'm genuinely interested in a healthy conversation about this. But I honestly cannot think of anything which either is generally free for the company or that will help them getting (or not losing) more money. Happy to be wrong.

Those of us who get blocked from access services (government, commercial, personal) by cloudflare nearly every day have the lived experience to really understand the issue and the company. Most are blissfully unaware of their lack of experience. If you stick to corporate browsers you'd never know. It's not your fault, but maybe reflect on this lack of experience before commenting with so much confidence.

Cloudflare is domiciled in the USA, where shareholder supremacy has been part of US corporate law going all the way back to Dodge v Ford Motor Co. in 1919.

Now, it's in Cali, where it's not as strong a statement as in some other states, but it's still got a lot of precedent behind it.

> SafetyNet […] provides an API for applications to verify the app is running in a verifiable and locked down environment.

FTFY

Access to public resources is. Companies aren't even allowed to dictate what can be installed on their OS anymore.