1 August 2015Mozilla:
am writing to you about a very disturbing aspect of Windows 10. Specifically, that the update experience appears to have been designed to throw away the choice your customers have made about the Internet experience they want, and replace it with the Internet experience Microsoft wants them to have.
When we first saw the Windows 10 upgrade experience that strips users of their choice by effectively overriding existing user preferences for the Web browser and other apps, we reached out to your team to discuss this issue. Unfortunately, it didn’t result in any meaningful progress, hence this letter.
If you only read the first two paragraphs of Mozilla’s letter, you’d think Windows 10 would have removed the option for users to change the default browser at all a la iOS. That’s not the case, though. With the new version of the OS, Microsoft has made it so that third-party apps cannot directly change the default apps settings for a range of activities, including choice of browser. That means that Firefox cannot make itself the default browser in one click, as it could in previous versions of Windows. It has to follow a system-defined series of steps, as explained here.
What Firefox can do is ask the OS to open a system dialog that includes default browser settings. The user can then interact with the system dialog and select Firefox as the default browser.
In this open letter, Mozilla present this change as an abhorrent violation of freedom. What they conveniently omit from their statement is that this is actually a huge improvement in user security. In previous versions of Windows, having the ability to become the default browser without user invention made way for really easy phishing attacks.
Just make an unscrupulous app that resembled a browser, set that as the default without the user knowing, and steal all their passwords, browsing history and account information that they subsequently typed into the fake app. It’s phishing at a software level.
Even ignoring the exposure to malware, letting individual apps be responsible for shared settings is generally always a bad idea. The OS cannot exert any control over how the option is presented. A crafty app could just make itself the default without ever prompting the user. A good analogy is how Location Services work on iOS; the only way for third-party apps to use location information is to let the system ask the user through a standardised popup dialog.
The centralisation means that the only person that can change the setting is you, the user. It’s an unambiguously better system that Mozilla is sadly trying to spin as an attack on freedom and openness.