The heuristics powering this, as well as the Windows Defender whitelisting, are terrible.
My understanding is that a specific binary needs to become popular for it to stop being flagged. This creates a chicken and egg problem. Users are not incentivized to use the program with the warning. But removing the warning requires many people to ignore the warning.
This is a big problem for anyone writing Windows software. An indie developer or small open source project is not going to do well with this.
raxxorraxor 13 hours ago [-]
This is also what I call bullshit security. These mechanisms are designed to chain developers to infrastructure of the OS provider. Apple does the same shit for that matter.
jasomill 6 hours ago [-]
Does Microsoft get kickbacks from code signing certificate vendors?
Because AFAIK SmartScreen only applies to software downloaded outside the Microsoft Store.
Come to think of it, I suppose it does incentivize distribution through the Store, so you make a good point.
csomar 19 hours ago [-]
I found out a similar thing with my website being blocked by corporate firewalls. You need to create profiles at these cyber companies and then wait for whitelisting so that they can drop the ban.
whateverboat 1 days ago [-]
This is also happening on linux for me.
kencausey 1 days ago [-]
Don't make statements like this without more explanation. In what way is this happening to you specifically? What distribution and platform are you using? Did you explicitly install something to warn you about 'side-loading' executables?
gruez 1 days ago [-]
>My understanding is that a specific binary needs to become popular for it to stop being flagged. This creates a chicken and egg problem.
Given the recent npm axios compromise this sounds like a pretty smart move?
dqv 1 days ago [-]
How is it a smart move? Here, Microsoft is training users to ignore a security warning. If the same mechanism were added to NPM (that is, a warning that the package is suspicious and for the user to be extra sure they want it), users would have been trained to ignore any security warning issued for the compromised axios version (just like they had ignored it for all previous "clean" versions) and installed it anyway.
kmeisthax 1 days ago [-]
The relevant heuristic in NPM supply-chain compromises would be the age of the specific binary. i.e. a freshly released package is riskier than one that's been around for a few days. So perhaps the policy should be that NPM doesn't install new package versions unless they've been public for 24 hours, or there's a signed override from the package repository itself stating that the update fixes a security issue. Of course, that would also require the NPM team have a separate review process for signing urgent security fixes.
Frotag 1 days ago [-]
Conveniently M$ lets you buy a signing certificate to fix this.
EV no longer skips smartscreen either nowadays. I understand that was abused, so it's treated as the same as OV. Having a certificate allows the cert itself to accumulate trust (rather than each binary independently doing so) and provides better UX and I suspect an initial small boost to trust signal, but doesn't bypass the initial distrust. There's no way to avoid that AFAICT and even if you're an established business you hit it at intervals because all these certificates expire and so the whole process resets every few years anyway. What a mess.
burnte 1 days ago [-]
> EV no longer skips smartscreen either nowadays. I understand that was abused
EV was always going to be abused. It started out promising to be a human verified, $10k cert that meant you were GUARANTEED to be who it said you were. Now I can get one for a couple hundred bucks.
The solution is to separate identity from encryption. They never should have been linked.
gruez 1 days ago [-]
>There's no way to avoid that AFAICT and even if you're an established business you hit it at intervals because all these certificates expire and so the whole process resets every few years anyway. What a mess.
Maybe have overlapping sets of certificates and dual sign your binaries? That way there's always an "aged" certificate available.
asveikau 1 days ago [-]
> EV no longer skips smartscreen either nowadays.
Not sure of the exact number, but the "nowadays" here is more than a decade.
asveikau 1 days ago [-]
Last I checked they can still quarantine your binary if it's properly signed and they decided it hasn't gained traction.
john_strinlai 1 days ago [-]
for what it is worth, when downloading the latest .exe from github, firefox says "this file is not commonly downloaded" and i have to select "allow download".
scans of it are fine.
probably just a heuristic-based false-positive, and not a news-worthy story of chrome abusing their monopoly or whatever.
ryandrake 1 days ago [-]
Do these little speed bumps even work? I have to admit I'm so numb to all these popups and to apps warning me this and begging me that, that I just don't read anything anymore. Each app that hits me up with yet another dialog is just another brick in the wall.
The only speed bump that I find super annoying is when your browser tries to prevent you from going to a site with an incorrectly configured certificate (or a self signed certificate). The UX browsers make you navigate in this case is extra-horrible. Apparently, my use of a self-signed certificate for some local machines means I'm about to die.
bahmboo 1 days ago [-]
I have been using the internet since before the www. In the last few years I pay attention to every speed bump and evaluate it seriously. I check the url of every financial site I log into. I disable automatic security blocks as a last resort. There's just too much consequence for failure.
dpoloncsak 1 days ago [-]
We recently rolled over an SSL cert that is used for RemoteApps. Most of my users rely on these RemoteApps. They all got the 'yellow warning box' that the SSL cert was different, and we got swamped with tickets.
Atleast in a corporate environment, they help
miki_oomiri 1 days ago [-]
Isn’t firefox using Google “safe browsing” database ?
warkdarrior 1 days ago [-]
Safebrowsing does not provide popularity metrics for downloads, to my knowledge. It only states whether a URL is malicious according to some Google checks. No amount of popularity would turn a malicious URL into a benign one.
whateverboat 1 days ago [-]
This is also happening with `.tar.gz` file on chrome for yt-dlp. Doesn't happen for other `.tar.gz`
jddecker 1 days ago [-]
The binaries they offer are complied using PyInstaller, which can give false positives in anti virus software.
ddtaylor 1 days ago [-]
Google has been anti yt-dlp before it was forked. They also have rules that carve out tools like this from their extension store and at Android, except enforcement is lacking sometimes.
Google is terrified of users having access users control to their video content.
nslsm 1 days ago [-]
yt-dlp breaks YouTube’s DRM. They could easily get the repo removed under the DMCA. They don’t.
1bpp 22 hours ago [-]
IIRC the old yt-dlp was removed at one point for exactly that.
xethos 1 days ago [-]
Google's already tried taking down Invidious. If they could use the DMCA for it, I believe they would. Notable, Invidious is still up, and there were fun articles from the response
it'll just cause a lot more people to become aware of it and cause mirrors to pop up everywhere.
kivle 1 days ago [-]
RIAA already tried to take down the Github repo for youtube-dl (basically the original yt-dlp was forked from) back in October 2020. But outcry from among others EFF got it reinstated just one month later. Google is probably on the fence about this because they saw how it went last time. The slow killing of adblockers in Chrome seems to be something they are getting away with, so maybe that will make them bolder once things have moved along far enough that there's no way back.
kmeisthax 1 days ago [-]
Weirdly enough, Google's never actually made a public statement that YouTube "has DRM". If they did, it would immediately give Kevin McLeod the biggest copyleft trolling opportunity in history, because all Creative Commons licenses specifically forbid using DRM on the resulting work.
The only reason why we even know YouTube "has DRM" is because third parties have been able to plausibly allege DMCA 1201 circumvention claims against yt-dlp regarding a nebulously named "rolling cipher". These are not actual court findings of fact, just that you can say this in a legal filing and not immediately get your case thrown out on summary judgment. Which is a really low bar. Whether or not the rolling cipher actually qualifies as DRM is still an open question.
The way DMCA 1201 is written, basically anything intended to function as copy protection is considered DRM under the law. Like, those really annoying no-right-click scripts people used to put on sites probably could be argued to be DRM under DMCA 1201. However, in this case, there's a disconnect between the people offering the DRM (who don't actually claim it's DRM) and the people using it as DRM.
ddtaylor 1 days ago [-]
Google has consistently maintained in legal proceedings and terms of service that its technical measures, specifically its "rolling cipher" and signature mechanisms, constitute technological protection measures under the DMCA.
The most prominent public declaration of this stance occurred during the legal battle over youtube-dl (basically the ancesor of yt-dlp). While the RIAA initiated the initial 2020 DMCA takedown, Google's own technical implementation of the "rolling cipher" was the core of the argument.
TheSkyHasEyes 1 days ago [-]
Why would a browser(be designed to) care about this?
gruez 1 days ago [-]
Because people download viruses from the internet all the time? "Common sense antivirus" might work fine if you're technically inclined, but that's not the case for everyone.
mrob 1 days ago [-]
The growing prevalence of so-called "supply-chain attacks" (a bad name because it implies a commercial relationship that doesn't usually exist) shows that "common sense antivirus" isn't working so well even among the technically inclined.
rcakebread 1 days ago [-]
Because Google owns Youtube.
reactordev 1 days ago [-]
To protect the normies from harmful malware… not on their approved vendor list.
exe34 1 days ago [-]
it's to protect shareholder value.
thebeardredis 1 days ago [-]
Because Google does no evol.
g947o 1 days ago [-]
You could also ask why Android care about banning side loading to "prevent scams and spyware", and I honestly don't have an answer at all.
CloakHQ 22 hours ago [-]
[dead]
mercatop 1 days ago [-]
[dead]
alsetmusic 1 days ago [-]
Reminds me of how Bing search for Google takes people to a page meant to resemble Google.com. Can't trust huge companies.
But as others have pointed out, it's probably a coincidence in this case. But who knows.
frollogaston 19 hours ago [-]
Google did flag the Ad Nauseam Chrome extension as malware, so that was a definite abuse of power. This one is unclear.
Dangerous download blocked
yt-dlp_win_x86.zip is not commonly downloaded and may be dangerous.
[Discard] [Keep]
tremon 10 minutes ago [-]
How useful is that explanation, though? All new software releases (even Chrome itself) are not commonly downloaded, until they are.
matheusmoreira 1 days ago [-]
Which is why I download it from my Linux distribution's package manager. It's available on Termux too.
entropie 1 days ago [-]
Which in the case of yt-dlp might not be fast enough.
I use a telegram/mqtt/homeassistant wrapper (1) to let my mother download audiobooks which are saved in jellyfin so she can listen or download them from my (home)server.
Keeping yt-dlp up2date (and therefore) working is not that easy, especially since I dont systemupdate every other week. There were a few phases yt-dlp version in nixpkgs-unstable were just not working. I created a little wrapper that updates a venv so I always have the HEAD running for my bot.
It's funny such a big corporations can't let such a small tool live.
Google is such an evil company, it is not even provided anything great anymore.
Anti-gravity paid plans suck, GCP is billing heavy. Today google sucks at most things
Their Android playstore hardly updates statistics once a day, so much for such a big data company with unlimited sources lol
cess11 24 hours ago [-]
It's a tool used to build other tools, some of which have non-trivial amounts of users.
It's also a tool used by e.g. journalists and government agencies that dabble in stuff like research and evidence, and it would probably be more cumbersome for everyone involved if Google instead had to process requests and provide copies of material for these purposes.
Otherwise they'd probably have made life much harder for the yt-dlp-developers already. Not that I think they're nice in any way, but I don't think they're seriously trying to fully eradicate yt-dlp or related software.
ompogUe 1 days ago [-]
So, Google's browser says downloading a tool to download files from Google's servers is "Suspicious"? Not surprising.
schiffern 1 days ago [-]
By the same standard, Chrome itself is "a tool to download files from Google's servers." Chrome doesn't only download from Google's servers, but the same thing applies to yt-dlp.
I'm equally not "surprised" by their bad behavior, but that shouldn't stop us from condemning Google for unethically misleading people and engaging in browser monopoly abuse.
---
EDIT: holding up (hilariously) RIAA lawyers as ethical role models only proves my point, thanks.
Habgdnv 1 days ago [-]
Actually that is what they want you to believe. Behind the scenes, secretly Chrome is mostly "a tool to upload files to Google's servers" but because it does not require any actions from the user to do that, many people miss that part.
ddtaylor 1 days ago [-]
Oops we accidentally stole, indexed and resold all your data. Sorry.
dryarzeg 1 days ago [-]
> Chrome itself is "a tool to download files from Google's servers."
...legitimately. While Google (I will reinforce: Google, not everyone) sees downloading of the videos and other content from the YouTube by third-party services as illegitimate because of YouTube's ToS. After all, they're making money from the YouTube Premium and "Download" option provided by it, so things like that are kinda expected to happen.
And no, I don't agree that it's right. While I can understand the position of Google, the method they (allegedly) used here... Well... I don't even know what to say. That's plainly wrong, in my opinion. After all, "download" is defined as "To transfer (data or a program) from a central computer or website to a peripheral computer or device." by The American Heritage Dictionary of the English Language (5th Edition), so when you just watch videos, you download them already, don't you? What about watching them in browser, somewhere in embed on some website? Does that constitute a legitimate client (I guess so, because most of embeds still use YouTube Player after all)? That just makes me laugh : )
SturgeonsLaw 14 hours ago [-]
Chrome should be flagged as suspicious
waffletower 1 days ago [-]
I am sure that RIAA lawyers would rofl at this yt-dlp labelling being an example of Google "... unethically misleading people and (committing) browser monopoly abuse". I want to live in that fantasy world with you though.
ddtaylor 1 days ago [-]
Come to our fantasy Linux land anytime you want. We circumvent all of the strange things both RIAA, MPAA, Google and many other companies do to attempt to lock information into a box with only one hole they allow you to look through.
Our fantasy land gets better every time your reality gets worse.
1 days ago [-]
Meekro 1 days ago [-]
I tried to reproduce this on their download page for the latest release[1]. Only the windows exe gets the warning, the other releases (macos, linux, etc) all download just fine. That makes me think it's an automated system that messed up, not an attempt at anticompetitive behavior.
Clear conflict of interest enabled by anti trust not being enforced.
fortran77 1 days ago [-]
Firefox gives a similar warning.
exe34 1 days ago [-]
it uses Google's shitlist
jacquesm 1 days ago [-]
And only exists because of Google.
exe34 7 hours ago [-]
Are you sure? If chrome didn't have a choke hold on the web, I have a feeling firefox would have been fine.
simon-b 16 hours ago [-]
As an aside, yt-dlp presents a perfect use-case for uvx (part of uv):
uvx yt-dlp <yt_url>
No manual download/install required.
jesse23 1 days ago [-]
`brew install yt-dlp` or `scoop install yt-dlp` :)
mghackerlady 1 days ago [-]
I suspect for M$ users you could even use winget (though I am unable to subject myself to Windows right now)
bigyabai 1 days ago [-]
Yep. Never send a web browser to do a package manager's job.
ddtaylor 1 days ago [-]
Linux user here unaffected as I get it straight from my command line.
eis 1 days ago [-]
Which link exactly did you try to use? Or what specific version on the Github releases page? I checked both the latest windows and macos versions against Google Safe Browsing and all were fine.
owlninja 1 days ago [-]
I can't reproduce this either, OP is light on details.
nnevatie 1 days ago [-]
You wouldn't download a downloader.
NiloCK 1 days ago [-]
Interesting to inspect any telemetry on this. Could end up on a list.
lofaszvanitt 23 hours ago [-]
Chrome is just ridiculous. It pretends you are mentally handicapped
Ooooh, this is an executable, THAT'S VERY DANGEROUS! Are you sure you want to download it? Hmmmph?
uoaei 1 days ago [-]
Chrome and YouTube are both owned by Google. There's an obvious reason why they want to discourage use of that extension.
waffletower 1 days ago [-]
Chrome for work, Safari or Arc for everything else. I envy you if your use of yt-dlp is work related.
apparent 1 days ago [-]
Why use Chrome when there's Brave? I can't remember the last time I opened Chrome.
iririririr 1 days ago [-]
you almost got it rigth. safari and arc are as bad as chrome. arc is just stable-chrome (it will have the same nonsense with a custom ui next release)
firefox sadly is still what you should use.
LollipopYakuza 1 days ago [-]
I started giving a try to Zen (based on firefox) a few days ago.
I like it especially while heavily relying on a tiling window manager.
johnthedebs 1 days ago [-]
Agree with sibling comment as someone who used Zen for many months, maybe as long as a year or two. It constantly breaks and often stays broken in small but fundamentally important ways, to the point that I just switched back to FF last week and am glad to be off the roller coaster. Before Zen I had tried Arc and left for a lot of the same reasons.
For all of the (valid) criticism against FF, it's still the best available browser that's not just an experiment IMHO.
Edit to add: part of the switch back is that FF now supports, to some degree, all the features I was using Zen for: vertical tabs (needs customization but works well enough), custom search "engines" (ie, shortcuts), split view, not-Chrome
jrajav 1 days ago [-]
I daily drove Zen for months. The design and implementation are overall fantastic. Unfortunately it still has chronic performance issues, gobbling up CPU randomly - and they don't seem to be too focused on despite it being a commonly reported issue.
I don't want to burn out my battery quicker than usual, so I was forced to switch off. I'm currently trying Orion instead and have been loving it - aside from several poorly implemented websites just not working on it. And the Cloudflare false positives, but that's as much or more an issue on Zen.
jrajav 1 days ago [-]
Why is Safari as bad as Chrome?
bigyabai 1 days ago [-]
Website compatibility is inconsistent, extension compatibility is a slog, the desktop UI is confusing and nonstandard, WebKit itself is woefully incomplete, and on non-Apple platforms WebKit barely works covers conformance tests even with hardware acceleration disabled.
I don't use macOS anymore, but when I did I used Firefox without missing out on anything Safari would have given me. Now that I've abandoned macOS I don't think I can name one advantage of installing a WebKit browser on my system versus something Chromium-based.
sleepybrett 1 days ago [-]
break this shit up, break all of this shit up.
Google needs to be at least what four companies.. gcp, youtube, search, workspaces...
Apple needs to be at least two hardware/os, music/tv+
Microsoft, meta, etc, Monopolies are bad and our SEC/FTC/Government is doing a poor job of controlling them. At least as equally trecherous are these businesses that overly vertically integrate... anyways, we're fucked.
rdevilla 1 days ago [-]
It's over. The internet culture of the 20th and early 21st century has been appropriated for profit.
thesuitonym 1 days ago [-]
No it's not, and no it hasn't. That old Internet is still there, you just stopped going to it.
rdevilla 1 days ago [-]
[flagged]
throwaway_19sz 1 days ago [-]
You are not under attack. It’s just someone disagreeing with you. Please keep things civil.
rdevilla 1 days ago [-]
Where is the incivility? If anything it's coming from those who project their simplistic ideas of others unto the complexity of others' persons to pigeonhole them into their own idiosyncratic mental categories.
josteink 1 days ago [-]
We built it on enthusiasm for enthusiasts and for that reason alone, it became something great.
Then they stole it all for profit.
Probably not the first time in history this has happened.
izzydata 1 days ago [-]
The amounts of times someone invented something that was important to them and then never make any money from it only for some other entity to make tons of money from it is way too high.
recursive 1 days ago [-]
And hopefully not the last
socalgal2 1 days ago [-]
This entire thread it almost entirely proof that HN is now reddit. No facts, no consideration, just accusation and crowd think
> Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
none of that here
> Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.
not followed here
> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
none of that there
> Eschew flamebait. Avoid generic tangents. Omit internet tropes.
Lots of that here
The system is clearly automated. As others have pointed out, they've been able to download without incident. As other have also pointed out, Firefox also warns. The warning is reasonable, claiming that something isn't downloaded often is true, until it isn't. A few more downloads and the warning will likely go away.
Nothing to see here except a Google hater mis-interpreting something and the posting ragebait.
whateverboat 1 days ago [-]
You are wrong. There is at least one collaboration here that I can see. Download any other `.tar.gz`, Chrome says nothing. Do it with `yt-dlp`, chrome says it can harm your computer. Why?
rjh29 21 hours ago [-]
"a Google hater mis-interpreting something and the posting ragebait." Isn't exactly a thoughtful comment either. It's exactly the kind of no facts baseless accusation that you claim to be tired of seeing.
frollogaston 19 hours ago [-]
"Please don't sneer, including at the rest of the community."
Rendered at 20:09:54 GMT+0000 (Coordinated Universal Time) with Vercel.
My understanding is that a specific binary needs to become popular for it to stop being flagged. This creates a chicken and egg problem. Users are not incentivized to use the program with the warning. But removing the warning requires many people to ignore the warning.
This is a big problem for anyone writing Windows software. An indie developer or small open source project is not going to do well with this.
Because AFAIK SmartScreen only applies to software downloaded outside the Microsoft Store.
Come to think of it, I suppose it does incentivize distribution through the Store, so you make a good point.
Given the recent npm axios compromise this sounds like a pretty smart move?
https://stackoverflow.com/questions/48946680/how-to-avoid-th...
EV was always going to be abused. It started out promising to be a human verified, $10k cert that meant you were GUARANTEED to be who it said you were. Now I can get one for a couple hundred bucks.
The solution is to separate identity from encryption. They never should have been linked.
Maybe have overlapping sets of certificates and dual sign your binaries? That way there's always an "aged" certificate available.
Not sure of the exact number, but the "nowadays" here is more than a decade.
scans of it are fine.
probably just a heuristic-based false-positive, and not a news-worthy story of chrome abusing their monopoly or whatever.
The only speed bump that I find super annoying is when your browser tries to prevent you from going to a site with an incorrectly configured certificate (or a self signed certificate). The UX browsers make you navigate in this case is extra-horrible. Apparently, my use of a self-signed certificate for some local machines means I'm about to die.
Atleast in a corporate environment, they help
Google is terrified of users having access users control to their video content.
https://www.vice.com/en/article/youtube-tells-open-source-pr...
The only reason why we even know YouTube "has DRM" is because third parties have been able to plausibly allege DMCA 1201 circumvention claims against yt-dlp regarding a nebulously named "rolling cipher". These are not actual court findings of fact, just that you can say this in a legal filing and not immediately get your case thrown out on summary judgment. Which is a really low bar. Whether or not the rolling cipher actually qualifies as DRM is still an open question.
The way DMCA 1201 is written, basically anything intended to function as copy protection is considered DRM under the law. Like, those really annoying no-right-click scripts people used to put on sites probably could be argued to be DRM under DMCA 1201. However, in this case, there's a disconnect between the people offering the DRM (who don't actually claim it's DRM) and the people using it as DRM.
The most prominent public declaration of this stance occurred during the legal battle over youtube-dl (basically the ancesor of yt-dlp). While the RIAA initiated the initial 2020 DMCA takedown, Google's own technical implementation of the "rolling cipher" was the core of the argument.
But as others have pointed out, it's probably a coincidence in this case. But who knows.
Dangerous download blocked yt-dlp_win_x86.zip is not commonly downloaded and may be dangerous. [Discard] [Keep]
I use a telegram/mqtt/homeassistant wrapper (1) to let my mother download audiobooks which are saved in jellyfin so she can listen or download them from my (home)server.
Keeping yt-dlp up2date (and therefore) working is not that easy, especially since I dont systemupdate every other week. There were a few phases yt-dlp version in nixpkgs-unstable were just not working. I created a little wrapper that updates a venv so I always have the HEAD running for my bot.
[1] https://github.com/entropie/ytdltt
Google is such an evil company, it is not even provided anything great anymore.
Anti-gravity paid plans suck, GCP is billing heavy. Today google sucks at most things
Their Android playstore hardly updates statistics once a day, so much for such a big data company with unlimited sources lol
It's also a tool used by e.g. journalists and government agencies that dabble in stuff like research and evidence, and it would probably be more cumbersome for everyone involved if Google instead had to process requests and provide copies of material for these purposes.
Otherwise they'd probably have made life much harder for the yt-dlp-developers already. Not that I think they're nice in any way, but I don't think they're seriously trying to fully eradicate yt-dlp or related software.
I'm equally not "surprised" by their bad behavior, but that shouldn't stop us from condemning Google for unethically misleading people and engaging in browser monopoly abuse.
---
EDIT: holding up (hilariously) RIAA lawyers as ethical role models only proves my point, thanks.
...legitimately. While Google (I will reinforce: Google, not everyone) sees downloading of the videos and other content from the YouTube by third-party services as illegitimate because of YouTube's ToS. After all, they're making money from the YouTube Premium and "Download" option provided by it, so things like that are kinda expected to happen.
And no, I don't agree that it's right. While I can understand the position of Google, the method they (allegedly) used here... Well... I don't even know what to say. That's plainly wrong, in my opinion. After all, "download" is defined as "To transfer (data or a program) from a central computer or website to a peripheral computer or device." by The American Heritage Dictionary of the English Language (5th Edition), so when you just watch videos, you download them already, don't you? What about watching them in browser, somewhere in embed on some website? Does that constitute a legitimate client (I guess so, because most of embeds still use YouTube Player after all)? That just makes me laugh : )
Our fantasy land gets better every time your reality gets worse.
[1] https://github.com/yt-dlp/yt-dlp/releases/tag/2026.03.17
Ooooh, this is an executable, THAT'S VERY DANGEROUS! Are you sure you want to download it? Hmmmph?
firefox sadly is still what you should use.
For all of the (valid) criticism against FF, it's still the best available browser that's not just an experiment IMHO.
Edit to add: part of the switch back is that FF now supports, to some degree, all the features I was using Zen for: vertical tabs (needs customization but works well enough), custom search "engines" (ie, shortcuts), split view, not-Chrome
I don't want to burn out my battery quicker than usual, so I was forced to switch off. I'm currently trying Orion instead and have been loving it - aside from several poorly implemented websites just not working on it. And the Cloudflare false positives, but that's as much or more an issue on Zen.
I don't use macOS anymore, but when I did I used Firefox without missing out on anything Safari would have given me. Now that I've abandoned macOS I don't think I can name one advantage of installing a WebKit browser on my system versus something Chromium-based.
Google needs to be at least what four companies.. gcp, youtube, search, workspaces...
Apple needs to be at least two hardware/os, music/tv+
Microsoft, meta, etc, Monopolies are bad and our SEC/FTC/Government is doing a poor job of controlling them. At least as equally trecherous are these businesses that overly vertically integrate... anyways, we're fucked.
Then they stole it all for profit.
Probably not the first time in history this has happened.
> Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
none of that here
> Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative.
not followed here
> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
none of that there
> Eschew flamebait. Avoid generic tangents. Omit internet tropes.
Lots of that here
The system is clearly automated. As others have pointed out, they've been able to download without incident. As other have also pointed out, Firefox also warns. The warning is reasonable, claiming that something isn't downloaded often is true, until it isn't. A few more downloads and the warning will likely go away.
Nothing to see here except a Google hater mis-interpreting something and the posting ragebait.