> low level software engineers on payroll

How does The Browser Company make money? They're giving their product away for free.

Browsers are complicated. It doesn't inspire confidence that the folks in charge of that complexity can't get their heads around a business model.

(Aside: none of their stated company values have anything to do with the product or engineering [1]. They're all about how people feel.)

[1] https://thebrowser.company/values/

They don't have a business model yet, is the thing.

> Browsers are complicated. It doesn't inspire confidence that the folks in charge of that complexity can't get their heads around a business model.

Unfortunately you are also describing Mozilla here.

Well, it's an app that users access all their online info through - bank, email, search, work, social - everything. Even an open-source, decentralized, blockchain, grass-fed, organic, extra virgin, written in nothing but HTML, released by W3C itself browser could monetize just ~5% of market share if users are downloading their build (or if its baked into the source), considering how much a browser reveals about its user and to the extent the user can be retargeted for: Ads, marketing, surveillance, analytics.

The biggest opportunity has to be driving search traffic to the major search providers all these browsers partner with.

Could also get acquired by a major browser vendor if you have a better product and people are downloading it more than the major ones, especially if both are based on the same underlying engine. Even Firefox still sucks to this day. I'm using it right now (Waterfox) the product still sucks! I know of some browser vendors acquiring others, especially as mobile took off and it was hard to get it right.

Seems like the opportunity is similar to that of social media but slightly more modern because nobody uses new social media anymore but people are trying out new browsers (and you get richer user/usage data).

I don't see an issue, using something like Firebase is what a smart engineer would do. Just this one piece of logic is a problem.

I tend to agree with this. Why re-invent the wheel by spending engineering effort building a CRUD backend?

If you're trying to bring value to market, focus on your core differentiator and use existing tooling for your boilerplate stuff.

It’s the “chrome replacement we have been waiting for”, but (if I read this right), my data is still sent to Firebase? Also it’s a browser, not a “tinder but for cats” startup idea I’m writing for my cousin for a beer.

It’s not only not a smart engineering decision, it’s also a terrible product, reputation and marketing decision.

I'm not disagreeing about the severity of the security vulnerability that has been uncovered – to be clear, it's an absolute shocker of a bug. It's really disappointing to see.

But I still disagree that the use of Firebase, in and of itself, is a bad engineering decision. It's just a tool, and it's up to you how you use it.

Firebase gives you all features needed to secure your backend. But if you configure it incorrectly, then _that's_ where the poor engineering comes into play. It should have been tested more comprehensively.

Sure. You could build your own backend rather than using a Backend-as-a-Service platform. But for what gain? If you don't test it properly, you'll still be at risk of security holes.

> a “tinder but for cats” startup idea

Needs a name. Meowr? Hissr?

Yowlr. (Which is apparently a dubstep musician.)

(Dubstep isn't music.)

My cats would use Yowlr.