Firefox uses on-device downloaded-on-demand ML models for privacy-preserving translation.

@chillicampari @firefoxwebdevs @joepie91 ️ But that alone won’t be enough to rebuild trust; I’d like to suggest something that would help with that, but unfortunately that’s far outside my wheelhouse
️

@cassidy @firefoxwebdevs this is because it's an AI marketing lie. "ha, you say you hate slop, so does that mean you hate *xrays* now? Checkmate, AI hater!"

@firefoxwebdevs "Without the user's request" is quite ambiguous, though. I'm reminded here of Google, which put the AI tab before the Web/All tab, displacing it so that people would unintentionally hit the AI button and "request" it. It's a small and plausibly-deniable change that nevertheless violates the user's boundaries, and difficult to call out and stop even internally within a company or team. I've seen many companies and software do the same thing.

A genuine opt-in would, in my opinion, look something like a single "hey do you want such-and-such features? these are the implications" question, presented in a non-misleading way, and if that is not answered affirmatively then the various UI elements for "AI" features should not even appear in the UI unless the user goes and changes this setting. It's much harder for that to get modified in questionable ways down the line, and reduces the 'opportunities for misclick' to a single one instead of "every time someone wants to click a button". It also means users aren't constantly pestered with whatever that week's new "AI" thing is if they've shown no interest.

Such a dialog could still specify something like "if you choose Yes, Firefox will still only download models once you try to use a feature", to make it clear to users that it's not an all-or-nothing, and they can still pick-and-choose after selecting 'Yes'.

@jwz @zzt @firefoxwebdevs we added an extension to send 440 volts through the other guy's chair

1M+ installs first week, 0 users remaining second week

@joepie91 @firefoxwebdevs Mozilla's tortured definition of opt-in seems to predict that Mozilla will invent features to nag you into enabling AI, as they have already done with Link Previews: https://www.quippd.com/writing/2026/01/06/architecting-consent-for-ai-deceptive-patterns-in-firefox-link-previews.html

@tasket

"Meanwhile, Red Hat is quietly undermining any legal basis for copyleft and leaning into the idea that gratis products (Fedora) shouldn't have robust & transparent system update tools."

it's a bit off topic, but would you mind elaborating more about the system update tools? i'm out of the loop on that, and it sounds concerning

@firefoxwebdevs @zzt You ignored the firefox userbase's voice when it came to adding AI in the first place, don't pretend you're listening now when you're really just trying to get the users to come up with justifications for what you have already decided to do. Firefox users have repeatedly said we do not want AI features imstalled by default, you chose not to listen and now you're trying to find ways you can feel less bad about that by pretending you gave people options when it comes to AI usage, rather than taking one away.

If you cared about what 'the community' wants, you would have asked people when the AI notion was first pitched and taken no for an answer, but yet again, AI enthusiasts have acted without consent.

@memoria The quick version: Fedora doesn't sign their repository metadata while everyone else (incl. sister RHEL) does. There was an outcry, and their response was to invent a new scheme that requests hashes of the metadata from a special server (not local mirror) for each update session over https.

@xela @firefoxwebdevs For on-device, the power usage is on the end-user, and the text in the viewport range is translated. It's heavy CPU work that is quickly finished. So you get short bursts of heavy CPU usage while actively interacting with a translated page. All the page content is private and stays on your machine.

@tasket @memoria

What the heck are you talking about? That is not even close to true. Firstly, Red Hat Enterprise Linux doesn't have signed repository metadata. There, they have a special scheme involving pinned TLS certs generated by subscription-manager.

Fedora doesn't have signed repository metadata because the tooling doesn't support it. That's it. There have been requests to do it, but the signing infra is old and needs revamping (which is in progress for other reasons).

@tasket @memoria

What the heck are you talking about? That is not even close to true. Firstly, Red Hat Enterprise Linux doesn't have signed repository metadata. There, they have a special scheme involving pinned TLS certs generated by subscription-manager.

Fedora doesn't have signed repository metadata because the tooling doesn't support it. That's it. There have been requests to do it, but the signing infra is old and needs revamping (which is in progress for other reasons).

@tasket @memoria

The Metalink system is a public standard! There's an IETF RFC for it even! The MirrorManager system is an implementation of that specification and it is used to offer secure and trustworthy mirror redirection.

Fedora's system was created by a community contributor 20 years ago. Red Hat wasn't even involved.

@mdavis @firefoxwebdevs

The Firefox AI "kill switch" is not "complicated" except insofar as it's incoherent. it's not "undisclosed nuance" except insofar as it's incoherent.

the "kill switch" doesn't exist.

this is important to keep in mind. once you remember that NONE OF THIS EXISTS, you will realise that every one of the dilemmas you posit is an imaginary problem that follows from incoherent postulates.

e.g. "AI kill switch purists" is not a coherent postulation because the "kill switch" does not exist.

the "kill switch" is a hypothetical proposed in this post:

https://mastodon.social/@firefoxwebdevs/115740500373677782

the "kill switch" is a proposal to satisfy the demand for an opt-in by providing an opt-out. you might think that's a failure to respect the question, and you might even begin to suspect the proposal was in bad faith.

note that Jake, in presenting the kill switch and calling it a kill switch and getting it into all the papers as a kill switch, says he's uncomfortable with the name he's publicised it as. you might think that's oddly incompetent for literally a PR (devrel) person.

the concept as presented imposes multiple false dilemmas.

the LLM stuff should *incredibly obviously* be an extension. this is the purest possible opt-in, despite jake's past attempts to muddy the meaning of "opt-in".

making it an extension is also eminently feasible. There is literally no technical reason it needs to be a browser built-in.

this suggests the reasons are not in any way technical. some person with a name, who has yet to be named, dictated that it would be a built-in. so that's what Mozilla is going with.

why Mozilla went hard AI is entirely unclear. this would have been late 2024? we have no idea who was inspired with this bad idea nor why they were so incredibly keen to force it into the browser.

nor is it clear what Mozilla will do for external LLM services when the AI bubble runs out of venture capital and pops in a year or so, most of the chatbot APIs shut down and whatever remains is 10x the cost at least. but that's a problem for 2027's bonus, not 2026's.

note how the poll provides no option for "no LLM functions built-in to Firefox", in a pathetically transparent attempt to synthesize consent. jake wants to use this poll as evidence of what the user base wants, deliberately leaving out the option he knows directly a lot of them want.

and in conclusion:

1. solve the "kill switch" naming problem by branding it the "brutal and bloody robot murder switch with an option on the executives responsible".
2. make all this shit an extension like they should have a year ago.
3. and your little translator too.

@neal @memoria "Firstly, Red Hat Enterprise Linux doesn't have signed repository metadata"

OK, well they changed it after many years of signing (and Fedora having no metadata protection at all).

"they have a special scheme involving pinned TLS certs generated by subscription-manager."

Interesting.... subscription control.

"Fedora doesn't have signed repository metadata because the tooling doesn't support it. That's it."

Very special. Gold star! I won't inquire about their motivations any further while their parent eviscerates the GPL.

@firefoxwebdevs I really love the local on-device translation, "AI" or not.

I think this question follows a fundamental misunderstanding of the AI toggle. I want I do not want to ship off my browser data to any AI company (including Mozzila), and that would be the toggle I would look for.

If Firefox/Mozilla came out with a on-device local-only LLM I would personally be more receptive. The main issue for a browser is that it should be a browser, and also not ship all my data off for harvesting by AI slop companies.

Firefox uses on-device downloaded-on-demand ML models for privacy-preserving translation.

They're not LLMs. They're trained on open data.

Should translation be disabled if the AI 'kill switch' is active?

@chillicampari @firefoxwebdevs @joepie91 I’m kindof amazed that Mozilla can’t distinguish which changes led to the backlash. I think that’s why this whole thing feels more like putting on a show than like a genuine attempt at reform.

The timing alone makes it clear that the builtin translation was not the issue. Sure, moving it to a plugin would be an improvement, and requiring user action to enable it would be smaller improvement, but that was the case before.
️

@firefoxwebdevs doing a great job at regaining users' trust there, I see

In other news, you've done such a great job at regaining my trust that I've switched browsers to anything but Firefox. Well done, Mozilla.

> A web browser should load web pages, allow you to interact with them ...

I would point out that translating a web page written in a non-native language allows me to interact with said page. Your argument can go both ways.