Free software users are not generally known for their quiet acceptance of
user interface changes. Many changes to the UI of desktop environments or
popular applications lead to long and loud threads from users—with some
percentage of those users claiming they will move to an alternative rather
than "put up" with the change. But what happens if the alternative is to
stick with an earlier, unsupported version of the application? That's the
question that came up in a short, but interesting, thread on the Mozilla
security mailing list.
Plans for Firefox to remove the "tabs on bottom" feature have so incensed a
vocal subset of users (see this bug report
or this lengthy thread
on the mozilla.dev.apps.firefox group) that they don't plan to upgrade the browser
once this change is implemented.
For many releases now, Firefox has had its tabs
below the controls and "awesome bar", which is the behavior
called "tabs on
bottom". More recent versions have had a "Tabs on top" toggle in the
toolbar configuration, which moves the tabs to just below the menu (and
above the controls and awesome bar). The
toggle is slated for removal, with tabs on top becoming the default. The
old behavior will still be available by setting browser.tabs.onTop to
false in about:config, but users are concerned that will
eventually disappear as well.
The ferocity of the arguments against moving the tabs (and removing the
toggle) led Zack Weinberg to suggest
keeping the toggle and feature:
Obviously, refusing to upgrade Firefox opens up these users to serious
security risks. I would like to suggest that we put that toggle back in,
and commit to preserving tabs-on-bottom mode for the foreseeable future,
*just because* it will encourage this upset minority of users to continue
upgrading. Remember that the actual size of the upset minority here is
probably at least 100x larger than the number of people who have gone to
the trouble of complaining about it in the newsgroups and/or the bug
Web browsers, by their nature, need frequent updates.
Because browsers face the often hostile internet and can provide a portal to
users' documents, photos, passwords, and so forth, it is critically
important for users to keep up with browser updates. Anything that gets in
the way of that process is (and should be) worrisome. That is the main
reason that Chrome and Firefox have moved to automatic updates, for example.
But there is a tradeoff to be made here. Mozilla's VP of Firefox
Engineering Johnathan Nightingale argues
that, over the years, too much attention has been paid to the most
vocal user contingent. There is code that is "in desperate need of
clean up", he said, so Firefox developers cannot necessarily afford
to heed the negative feedback:
[...] but on balance I believe we bias far too much towards letting vocal, conservative complaint chill the evolution of our products.
Every community has conservative elements. They are helpful; they remind us
who we are when we forget. But conservative forces prevent change (by
definition!) and we have important aspects of our code that need changing.
Weinberg is not convinced that cleaning up the code base overrides the
security issue, however. He is concerned
that the "tabs on bottom" issue is really just the straw that broke the
camel's back for some segment of users. Even a small percentage of the Firefox
install base can make for a rather large problem:
But with my security hat on, even a small minority of our users is still
tens or hundreds of thousands of people, and if their computers are 0wned
because they refused security updates because they didn't like our UI
changes, that potentially has cascading fallout upon a much larger
population (as the 0wned machines become malware sources
themselves). That's not something I think is justifiable by code
cleanliness concerns on our end.
Drawing a clear line is difficult, though. If any change to the UI can be seen
as a "security problem" because users might decide not to upgrade, it will
be difficult for Firefox to make any changes. Users have to take some
responsibility for their choices. As Curtis Koenig put it:
While it is
concerning when users choose to resist change in hazardous manners we
cannot and should not halt forward movement due to the real or perceived
threat that some portion of the user base will make ill conceived
choices. This would allow anyone to hold up anything with the cry of "I
won't update" and then we get nowhere.
Users will make poor choices at times, and it is certainly possible that
some change will drive some of them to make those choices. Is there a
"moral responsibility", as Weinberg claimed, for Firefox (and, by implication, other
applications, desktops, etc.) to continue to deliver a user experience that
its users have become accustomed to? Are UI changes always potential
security problems? There are obviously some kinds of UI changes that are
security flaws, but simply changing the way the user interacts with the
program likely doesn't really reach that level.
Both Koenig and Nightingale do not see the "tabs on bottom" change as a
security issue. There may be design or development issues that need to be
resolved—though Nightingale seems confident that those have largely been dealt
with—but changing some UI elements around is not cause for a security red
flag. In fact, Nightingale called the security concern "a red
herring (or a slippery slope, take your pick)".
There is only so much that a project can do to protect its users. Part of
the problem with this particular case is that the other "major" free
alternative, Chrome/Chromium, also has its tabs at the top. One
guesses that the uproar would be good deal more subdued if there were an
"easy" alternative that behaved the way the "vocal conservatives" want.
There may be good reasons to consider leaving the "tabs on bottom" feature
alone; security isn't really one of them. But it is
always good to see projects thinking about and debating where these lines
to post comments)