If you didn't have browsers auto updating no-one would update them manually, meaning bad news for web developers wanting to take advantage of newer features.
> meaning bad news for web developers wanting to take advantage of newer features.
I think you spelled “mass compromise of unsuspecting users due to unpatched security holes” wrong.
Like it or not, browsers as the primary networked application that people use are the prime target to exploit users. They connect to unknown endpoints of questionable trustworthiness (unlike most other networked apps) and execute code loaded from there. They also handle people’s secrets such as credentials to Homebanking. We maybe shouldn’t be at that point, but here we are and browser vendors need to handle that responsibility. Quick auto updates are crucial for that. Expert users might dislike them, but let’s face it, we’re not the majority.
> Quick auto updates are crucial for that. Expert users might dislike them
I don't think anyone is really against quick security-related fixes being delivered with a degree of automation. What most power users dislike is mixing these updates with other ones (typically for commercial reasons).
What you want assumes having patches for every version that was ever released in the extreme case. How do you propose not doing so when you have limited resources? Firefox offers an ESR release, you can use that if you want.
What? They produced the fix, that’s not the problem. The problem is keeping the delivery mechanism separate from the telemetry/experiments delivery mechanism. Which it clearly was in the past, since FF has been pushing security updates forever. Why it couldn’t be done this time? Is it a sign of things to come? If yes, that is very shady from a privacy perspective and unsound from an engineering perspective.
You can get the fix without telemetry. You just have to wait until the update goes through the update channels, as usual. Going via telemetry just speeds up the process. What you asked for is something different: security updates without feature updates for your chosen release. Forever.
I understand the appeal of that for developers but it comes at the cost of users agency and control of their own system, I've been very annoyed with even simple UI changes in firefox updates as I simply didn't ask or want any such change. Reading other comments here it's clear I'm a dying breed of old and stubborn users that prefers full control and agency over my own system. Making it easier for web developers to implement new features is absolutely not a tradeoff I'd make willingly at the cost of my systems consistency and reliability. Also the reason I use firefox is because of all the major browsers vendors they seem the most aligned with those values although this seems to be changing more and more every year.
The incentive structures of society (capitalism, if you're so inclined, but I don't think this is unique to capitalism) are incompatible with your wishes.
Good news for users is sometimes bad news for developers. Anyway, too often these "newer features" are just new ways to exploit people or shiny add-ons without much societal value.
