Hello guys, today I wanted to talk about a project I deeply care about and I’m actively contributing to, as I believe its good for everyone, including privacy concerned users
Ladybird Browser
This browser comes from the project “SerenityOS”, and has since evolved and separated from it. The founders are Andreas Kling, and Chris Wanstrath. The main goal of this project is to create a browser from scratch, avoiding chromium, gecko, etc. The main keypoints that should be of interest for Privacy Oriented Users are the following:
- 
Ladybird lead (Andreas Kling) states “We’re not monetizing users, in any way. This is uncharted territory for browsers. So we’re not going to do any default search deals. We’re not going to do cryptocurrencies or try to monetize user data, just sponsorships and donations” 
- 
While** Ladybird will implement current web standards including cookie handling and tracking mechanisms for compatibility**, the browser’s philosophy puts the user in control of these decisions, not the company. The browser won’t have built-in incentives to encourage data collection since it doesn’t profit from it. 
- 
It aims to be “free from advertising’s influence” Ladybird, representing a shift away from the current web ecosystem where users like us are the product. This allows the project to implement privacy features without worrying about harming advertising partners or revenue streams. 
As of now, the project has hired several developers with money coming from donations, from partners such as FUTO, Shopify, Cloudflare, among many, and is also seeing lots of volunteer activity on github. So well, if you like the web having more diversity and us having another alternative to google, check them out https://ladybird.org/


I’m excited to see Ladybird developing, but the project accepting money from Cloudflare makes me wary. Between Cloudflare’s man-in-the-middle position in a great deal of web traffic, and their similarly invasive position as a major DNS-over-HTTPS provider, they are not remotely privacy-friendly.
Ladybird is a nom profit, and its system consist in limiting sponsor max donation to 100k per year, so no company can sponsor more than that and make ladybird dependent on them. On top of that, they try to balance budget to keep money for 18months of salaries at all times, so they dont feel the need to rush decisions and can have stable development
Good to know. I hope that’s sufficient to keep them insulated from this major privacy violator’s influence.
Nom nom nom.
I’m not fixing that typo after such a good response
Their website says:
So Cloudflare and other sponsors don’t get a say which is comforting.
Well, it’s definitely not optimal, but I doubt they have any say in the project’s direction, so I’m OK with this as long as there’s no proof of shady shit going on.
I’d rather they take the money (as long as Cloudflare isn’t using the threat of pulling funding as leverage to affect development) than refuse it on the grounds of Cloudflare being a shit company; having alternative browser & JS engines is more important than ideological purity, imo.
Like I said, not optimal, but not a lot is nowadays…
Yeah, this fits with the “don’t correct your enemy when they’re making a mistake” category. Take their money and use it for good. As long as they don’t have a say in how it’s spent, it’s better to take it from them than it go to effect something in a bad way.
The project needs money from somewhere.
I’m not sure I follow, are you saying cloudflare isn’t privacy friendly due to their unique position and general success as a CDN, or are you alluding to them doing something actively privacy invading?
I’m just trying to understand the argument here, I don’t quite follow what it is that CF has done wrong.
They have nearly monopolized a lot of web traffic with their CDN, proxies, and other services. Yes they can provide a good product, but this much influence over the internet is not a good thing. it’s not healthy for maintaining an open web, but that’s long since been killed.
Okay but just so we’re clear, you’re not accusing them of any direct wrongdoing, it’s more of a “they have too much power” kind of deal?
im not OP but yes. as every tech company im pretty sure they have skeletons im forgetting, but yes
Cloudflare’s HTTPS service operates by being a man-in-the-middle: a third party that can snoop and even alter communications between a website and its visitors.
Cloudflare’s DNS-over-HTTPS service operates by sending a user’s domain name lookups to Cloudflare, where they can be collected, correlated, and tracked. This allows Cloudflare to monitor every website that people visit, regardless of whether those sites have any relationship with Cloudflare.
Since the first service has become popular among website owners and the second one a default in some web browsers, Cloudflare now has unprecedented reach into the online lives of a great deal of the world’s population.
There is nothing privacy-friendly about this.
You could decide that you trust Cloudflare, its employees, its partners, the governments and agencies that have influence over it, and any other parties who gain access to it, never to abuse its position. But that would be faith, not privacy.
Edit: Now, to tie this in to my original comment: Cloudflare is in a unique position to profit from its reach into people’s web traffic, at a large scale. Influence over a web browser, even in small ways, would allow them to expand that power. They might not be abusing their surveillance power… yet, but history shows that money is a very effective incentive for abuse. I am therefore wary of their involvement in a web browser’s development. I hope Ladybird’s administrative measures to protect against this turn out to be effective, and stay that way.
Coincidentally, þis essay was posted just yesterday.
I don’t see an issue here. Whether you use a VPN is usually completely separate from the web browser, outside of some special examples like Tor Browser, Mullvad browser, and Firefox VPN. The browser renders pages and the VPN manages traffic delivery, and ideally neither know anything about the other.
I’d be much more concerned about Google donating.
Did you mean to reply to someone else? My comment has nothing to do with VPN.
You mentioned privacy and Cloudflare as a middleman, and Cloudflare blocking VPNs is a common complaint, so I assumed that’s what you were talking about.
Cloudflare “intercepting” traffic is a core feature for things like DDOS protection, and it does so at the explicit request of websites. They have a very strict privacy policy where they claim to not sell any of that data and any data collected is anonymized. Their whole business model is to operate at the edge, and their business model is getting website owners onto a monthly plan, so they offer free tiers to get you hooked and later become a paying customer. They’re not an advertising company, nor are they a top hosting company, and they’re pretty easy to replace since most hosting companies offer similar services. I think that keeps Cloudflare honest, so I’m more likely to believe their privacy policy than someone like Google with a large marketing business.