back to article Mozilla ponders making telemetry opt-out, 'cos hardly anyone opted in

Mozilla may require users to opt-out of sending telemetry from its Firefox browser because so few have opted in that it's hard for developers to get a good sample of what causes problems. The idea of opt-out telemetry has sparked a pretty lively mailing-list debate (at the time of writing, 42 posts in just a couple of days, …

  1. Bronek Kozicki Silver badge

    This user has visited one or more of these sites today

    www.theregister.co.uk www.theregister.com forums.theregister.co.uk m.theregister.co.uk

    ... but it does not mean that this user is an avid El Reg reader! Or at least, that's how Mozilla would have it.

    1. bombastic bob Silver badge
      Big Brother

      Re: This user has visited one or more of these sites today

      yes, having that information means they can sell it to whatever 3rd party wants it.

      ^^^ the REAL motivation behind telemetry

      1. Terry 6 Silver badge

        Re: This user has visited one or more of these sites today

        Yes, there's simple telemetry. For most people probably pretty reasonable that real-world problems are reported back to the developers automatically. There's performance telemetry, stuff like how the software performs under various conditions. Which might seem a bit to close to watching what we look at. And then there's plain spying on users. Unfortunately the various companies have chosen to use the first of these as a way to gain access to the third. Most aggressively, but at least openly Google, who supply genuinely no-cost software in exchange for this. Most egregiously Microsoft, who replaced ( upgraded arguably) for a "free" that excluded the possibility of not accepting it our existing ( and paid for if only indirectly) OS - and also charge for new retail copies - with an OS that claims to be collecting collecting telemetry, but is used to serve adverts built into the operating system of our computers.

        Mozilla is approaching an edge that has been very blurred.

        1. Phil Endecott Silver badge

          Re: This user has visited one or more of these sites today

          > For most people probably pretty reasonable that real-world

          > problems are reported back to the developers automatically.

          Less than 20% of the users of my iOS app opt in to sending anonymous crash reports.

  2. Anonymous Coward
    Anonymous Coward

    I think that's a good idea

    Mozilla isn't a for-profit corporation so they don't have the incentive to 'cheat' others collecting data might. I think if they made it clear when you first ran it that it was defaulting to data collection used for improvement only and not advertising, and let you uncheck a default checked box they'd get at least half the userbase submitting data. Most people just click 'ok' or 'next' through stuff like that and don't worry about it.

    This is basically what Windows 10 does, and despite their being far more evil and using the info for profit, I'll bet most Windows 10 users have "willingly" agreed to let Microsoft slurp their data by not unselecting the various telemetry options you get during install.

    1. Mage Silver badge
      Devil

      Re: I think that's a good idea

      Why?

      Exactly what does the loss of privacy improve?

      How secure will the collected data be?

      How is it used?

      If someone needs to send me a parcel they can "collect" my address. They ought not to keep it.

      If someone is getting paid they can "collect" my credit card info. They ought not to keep it. Many illegally store the extra digits on reverse. On Amazon I make a trivial but valid address change so at least any purchase needs the credit card re-entered (there are loads of ways for people to access your Amazon account, potentially. I set limit for eBook reader very low).

      Far too much is collected by Android, Chrome OS, Chrome Browser, MS Browers, Win10 etc. The motivation is not better software.

      Also GUI quality and important functionality on many major packages (Apple, Google, Microsoft, Mozilla) is going down, so is telemetry replacing proper design, proper user testing and proper research of users directly? Telemetry tells you nothing about WHY the user did something or how important the hardly used features are.

    2. Pen-y-gors Silver badge

      Re: I think that's a good idea

      Mozilla isn't a 'for-profit' organisation, but equally it isn't a 'for-loss' organisation. Bills have to be paid. Salaries have to be paid. If they need to raise money to keep going, who knows what they'll do? And if they're known to have the data, how do they respond to those secret letters the US Govt is so fond of?

    3. tony72

      Re: I think that's a good idea

      Mozilla isn't a for-profit corporation so they don't have the incentive to 'cheat' others collecting data might.

      "Not for profit" != "Doesn't need money". Mozilla burns through plenty of cash, and with Firefox's dwindling market share, the current sources of that cash, such as money they get from certain search engines for making them the default provider, definitely aren't guaranteed. So there is certainly reason for Mozilla to think about additional revenue sources.

      That point aside however, I tend to agree; they should just collect the data, bury the note about what they're doing in the small print like everyone else, and make sure that for those that do go looking, there is a very clear description of what data is collected, how it's anonymized, and what it's used for. Having a public debate about it, as this has now become, just makes all the privacy nutjobs flip their lids, and hilarious as that is to watch, it's not really productive.

    4. paulf Silver badge
      Big Brother

      Re: I think that's a good idea

      @DougS "I'll bet most Windows 10 users have "willingly" agreed to let Microsoft slurp their data..."

      Let's see; Windows 10 has at least two settings for data collection "ON" and "ON" and they're turned "ON" by default. Even if you turn it "OFF" it automagically turns itself "ON" again when it quietly installs an automatic update. So when you say "willingly" I doubt that's via informed consent of deliberately turning it on from its default OFF state having decided to do so based on full information on what will be collected and how it will be stored/used.

      The bottom line is that very little (if any) of this continued data collection is about better software. It's all about profiling you to the max to push Adverts at you, because $$$/£££/€€€. Even the bloody robot vacuum cleaners are doing it!

      Mozilla seems to have decided continued existence is just too much hassle. There's been the continued frustrating UI buggering about in the years since Australis was introduced. Then the recent news that they're going ahead with the kill on extensions and plugins. Old school plugins like Flash I can understand but it seems they'll kill the more recent extensions stuff like Classic Theme Restorer (and I presume stuff like AdBlock +). The latest missive is full on death of privacy. As another poster said above: they may make lots of virtuous promises now when the collection is turned on but that could change once they have the data as the Ts&Cs slowly creep into more and detailed data collection. Based on how they're going at the moment would you trust them 5 years from now with the data they collect from you today?

      I really like Firefox and have used it (Thunderbird, too) since something like the 0.8 beta but I just don't get what they're up to at the moment.

    5. bombastic bob Silver badge
      Thumb Down

      Re: I think that's a good idea

      "This is basically what Windows 10 does"

      and that is PRECISELY why we do NOT want this telemetry stuff to be OPT OUT

      NEWS FLASH: _MOST_ people do NOT run Win-10-nic.

      If Mozilla becomes "slurpy" like Micro-shaft and Google, they'll lose their entire market share, and someone else will fork their code so that we'll have a reasonable browser alternative, other than the data slurpers.

      1. Anonymous Coward
        Anonymous Coward

        Re: I think that's a good idea

        There's a difference between slurping to sell the data to advertisers like Google and more recently Microsoft, and slurping for the sole purpose of making the browser better. i.e. if they know the most visited sites of Firefox users are, they can include them in their testing to make sure they render correctly. If they get lists of sites that take more than 'x' CPU seconds to render or cause the browser's memory usage to grow by more than 'y' MB, they can have their devs visit them to figure out what is going on.

        Nothing requires saving individual data beyond the moment it is sent to Mozilla HQ to add to the totals from everyone else. Now if you want to argue "once you are sending them the data they could decide to use it for other purposes" in violation of the promise they make when collecting it well you can make that argument about anyone. How do you know Google won't send a copy of all the sites you visit in Chrome directly to the NSA and another copy to Vladimir Putin? How do you know Microsoft won't save your banking info when you type it in your browser so they can start charging you $10/month for Windows to increase their profits? You can make up whatever "what if" scenarios you want once you decide to play that game.

        I mean, if you don't trust Mozilla, how do you know they aren't slurping your data NOW, even if you haven't opted in? Do you regularly do packet captures to check? If you're that paranoid about what Mozilla "might do" and don't regularly do packet captures on your network to verify nothing that isn't supposed to be sending data home is doing so, you are either far too paranoid or not nearly paranoid enough...there's no acceptable middle ground :)

        1. Orv

          Re: I think that's a good idea

          There's a difference between slurping to sell the data to advertisers like Google and more recently Microsoft, and slurping for the sole purpose of making the browser better.

          If you follow Chrome development, you'll see that the "data slurping" in Chrome is pretty much along the lines being discussed here, stuff needed to make the browser better. It's pretty low-level stuff, like how many sites use a particular Javascript function they're thinking about deprecating, what percentage of sites use http vs. https, etc. Proposed patches often have justification in the form of, "the impact of this is small because only 0.01% of sites use it," that sort of thing. I think this is mostly a good thing because it tends to contribute to the stability of the web and make changes that cause massive breakage less likely.

          That's not to defend Google's advertising data slurping, which is quite excessive. But that comes from search queries,Gmail, tracking cookies, etc. They don't need to bug the browser to collect that, especially since that would only get them data from the roughly 50% of users who use Chrome.

          1. Anonymous Coward
            Anonymous Coward

            'If you follow Chrome development'...

            If you follow Chrome 'packets' you'll see constant phone-home-traffic including Google-Browser-Sync data like Bookmarks / History info etc. This happens even if you're logged out of Gmail etc. You make dangerous / dumb assumptions @Orv...

            1. Orv

              Re: 'If you follow Chrome development'...

              If you log into Chrome, of course it's going to sync bookmarks. That's why you log into Chrome. (This is not the same thing as logging into Gmail, they're separate sign-ins.) That's not snooping, that's delivering a service you signed up for.

              If Chrome actually did as much snooping as you think, then the Chromium project would either a) be howling about it, or b) be applying patches to stop it. We know this is true because when Google did try to stuff in something that phoned home (the voice recognition blob), they howled.

          2. inmypjs Silver badge

            Re: I think that's a good idea

            "like how many sites use a particular Javascript function they're thinking about deprecating, what percentage of sites use http vs. https, etc"

            What bollocks. Why do they need thousands of users to tell them a particular web site uses http or https or this or that javascript function? It takes one user to tell them that and google constantly spider the whole internet anyway and how much information they collect from google analytics is frightening.

            Slurping information from users gives them information about users.

            1. Orv

              Re: I think that's a good idea

              Spidering tellls them how many sites in general use a feature, but not how often people encounter sites that use it.

              With https, in particular, the idea was not "which sites use https?" but "how often do people enter data into sites that use http?" You'll notice they've decided this is at a tipping point and are now warning people about typing data into forms on http sites, but they couldn't push forward with that before knowing how badly sites would be affected across the web.

    6. Anonymous Coward
      Anonymous Coward

      Top-100 site info is available all over the net..

      Why does Mozilla want to slurp this info too? Feeble misguided direction, especially when you still have to type: PT.E just to get a shortcut to About:Config -> Javascript! More likely its the start of invasive data-retention slurp for later 'mission-creep' purposes!

  3. Mage Silver badge
    Unhappy

    idea of opt-out telemetry

    I suspect that's illegal in many jurisdictions. If not it should be. Why on every front are they trying to copy the worst ideas of the competitors. I've had to install Firefox ESR 52.x on all linux and windows computers. We'll have to change to something else when that ends, unless Mozilla reforms.

    1. Anonymous Coward
      Anonymous Coward

      Re: idea of opt-out telemetry

      Here in Italy, "sensitive data" - those that disclose race, religion, political and union opinion and/or affiliation, sexual orientation and health state are specially protected, can't be collected and managed but with a *written* consent from a person, and explicit authorization from the Authority. A checkbox on by default is not enough.

      Just accessing some URLs will disclose the data above. It's not only a Mozilla issue, Chrome, Edge/IE and so on break that regulation as well - maybe it's time I file a formal complain with the authority.

      I would also like to know how they could optimize some sites which are behind some kind of string authentication, and pretty country-specific. For example, I use the my region health service site to book physicians visits and medical tests, download results, etc. This is much more critical and more important to me than Facebook or YouTube.

      Having a browser optimized to display cat videos, and maybe not working properly when accessing critical information (but still gathering telemetry about very personal data), is a very big issue.

      Mozilla has the classic governance issue - they became obsessed with the most and worst "consumer" user, losing sight completely of the broader internet, and what people need to access.

      Google and Facebook turned the internet into a very nasty place. Microsoft, and now Mozilla, are following. Hope this obsession about gathering people data will soon turn against them - and software returns to be something useful, not a spy masqueraded as something else.

    2. bombastic bob Silver badge
      FAIL

      "Silly Valley" has gone INSANE

      "Why on every front are they trying to copy the worst ideas of the competitors"

      (from topic 'idea of opt-out telemetry')

      'Silly Valley' has gone INSANE. It's turning into an ISOLATED MICRO-CULTURE, in which they all suck one anoth... scratch one another's backs and tell each other how great their ideas are, while the REST OF THE PLANET is angry. Redmond is also a similar micro-culture and maybe they do occasional culture exchanges between Silly Valley and Redmond or something...

      Point being, these guys are SO isolated from what end-users (read: customers) want, that they're falling for the SAME traps that Microshaft and Google and Facebook, and "all of the others" have fallen for.

      What Mozilla has done to reduce their market share:

      a) become WAY TOO MUCH like Chrome (2D FLATSO, hamburger menu, etc.)

      b) stop supporting the plugin interface needed for 'Classic UI' plugins

      c) favoring "new shiny" _WAY_ over "make it better"

      What they should do instead: LISTEN TO THE CUSTOMERS! Not pollsters, not shouty activist users, etc.. And stop relying on bots and slurping and other 'impersonal' tactics that effectively turn people into MINIONS to be exploited.

  4. Digitall

    about:telemetry in address bar will reveal your settings.

    I've had all telemetry disabled since introduced a while back.

    Just another task to add to the ever increasing pile of tasks when setting up/ updating firefox.

    1. Mystic Megabyte

      @Digitall

      about:telemetry in address bar will reveal your settings.

      What is "FHR data upload"?

      Answering my own question, it must be : Firefox Health Report

    2. Ilgaz

      I have it on

      I enabled it since they politely asked me and they were open about the data they gather.

      Will disable it from now on.

  5. Kraggy

    I don't care about optimization for a handful of the sites in the world, especially sites like Facebook I never visit.

    In any case, at the end of the day Firefox is an HTML renderer and HTML is a specified computer language, Mozilla don't need to 'optimize' for specific examples of programs of this language they simply need to write an efficient engine.

    1. Orv

      It helps them optimize their development, too -- like deciding which old Javascript functions are still being used, and which no longer have to be coded around.

  6. Pen-y-gors Silver badge

    Not legal in the EU

    GDPR article 4 requires 'informed consent'

    any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed;

    no pre-ticked boxes etc

    And how do existing 'safe harbour' agreements between EU and US work under GDPR? Are US protections sufficient for GDPR compliance? Can they transfer the data to the US?

    Ah well, I was thinking of switching from Firefox to something less bloated anyway.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not legal in the EU

      It may not be legal in EU, but if Mozilla has no presence (account, offices, personnel) inside EU does it matter?

      I would be satisfied if upon first-use the user is presented with a opt-in/out page where at least selected stuff (anonymized crash data, platform data etc) is already turned on, but the user could still turn them off.

      Firefox is losing the war to Chrome simply because Google can pay for e.g. Adobe to install Chrome along with Adobe Reader, and the non-Chrome users in Google search have periodically been offered the Chrome browser to replace IE/FF. Chrome also collects telemetry, and the people who know about Chromium, SRWare et cetera are a very minor party.

      A single source for browser would of course unify all the standards immediately, but we'd all suffer from the whims of Google if they decided to end support for eg. Java or Flash. (oops!)

    2. tony72

      Re: Not legal in the EU

      Wrong. The GDPR specifically does not apply to anonymized data, so this would be perfectly legal in the EU.

      Recital 26: The GDPR does not apply to data that are rendered anonymous in such a way that individuals cannot be identified from the data.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not legal in the EU

        Define anonymised. The telemetry comes from an IP. There has been / is plenty of debate as to whether an IP address counts as personal information, despite it not necessarily identifying a single individual. A postcode or house address doesn’t identify an individual directly either.

  7. Adam 1

    NO!

    Don't do it.

    > because so few have opted in that it's hard for developers to get a good sample of what causes problems.

    Did it occur to them that so few have opted in BECAUSE they don't want it on? If we want to be slurped we would just use chrome.

    1. Dan 55 Silver badge

      Re: NO!

      As much as a might trust Mozilla, I turned it all off when the Snowden leaks happened. Before then I think I opted in to just browser crash reporting.

    2. Anonymous Coward
      Anonymous Coward

      Re: NO!

      Typical Reg reader != typical user. The reason so few have opted in is because few know the options exist, what they're for, or change much of anything from its default. That's true with everything software related.

      1. Adam 1

        Re: NO!

        Sure. My issue isn't with being asked. It is with the behaviour when the user doesn't know the option exists. Simply, they are solving the wrong problem. Imagine that you saw the following message after an upgrade.

        "We'd love your help. We think we can improve your experience/achieve peace in the Middle East/whatever if we collect information about the websites that you visit.

        This is what we will gather...

        This is how we will protect your privacy...

        Can you help us?

        * Yes, sure

        * No thanks

        * Busy now, ask me tomorrow

        As long as Yes, sure is *not* checked by default unless you have previously opted in, I am totally happy to be asked. I will still answer No (which may well be an El Reg commentard thing), but I have no objections being asked.

      2. Anonymous Coward
        Anonymous Coward

        Re: NO!

        > The reason so few have opted in is because few know the options exist, what they're for, or change much of anything from its default.

        The sorry thing asks you by means of a pop up bar whether you would like to send telemetry data on one of it first runs. Pretty much every single person that has used Firefox more than twice has seen that pop up bar at some point. And dismissed it with a no, thank you.

  8. imanidiot Silver badge

    uhhmmmm,

    How about No. Let's NOT do that and just optimize Firefox to work as well as possible with ANY site. There is plenty of site-independent suckiness going on that could be improved without turning into an even closer copy of google Chrome.

  9. RFC822
    Unhappy

    Another nail in the coffin...

    Coming hot on the heels of the news that most of my Extensions will no longer work in the near future, I fear that it's time to look for another browser.

    Firefox started off with a great idea - a small core browser, which the user could then customise by using various Add-ons (Extensions, Plug-Ins, Dictionaries) that were important for what they wanted to do.So you ended up with exactly the browser that you wanted. That vision has long been lost :-(

    Only problem is what browser to move to. Google already know far too much about me for me to want to use Chrome. IE and Edge are a bit meh. Palemoon et al are all very dependent on the developers keeping up with security patching.

    1. Anonymous Coward
      Anonymous Coward

      Re: Only problem is what browser to move to.

      especially if you don't run Windows.

      1. Korev Silver badge

        Re: Only problem is what browser to move to.

        Vivaldi or Opera?

    2. Dan 55 Silver badge

      Re: Another nail in the coffin...

      I went to Firefox ESR and put the problem off till next year. Cyberfox and Waterfox won't be around for much longer, Palemoon is a bit slow on security updates and slurpy.

      If I had to move from Firefox ESR, the first thing I'd look at would be Seamonkey.

      (All of these browsers are Mozilla-based.)

    3. luminous

      Optional

      Dumping all the plugins was the final straw for me. Australis was the start of the slippery slope. I really can't fathom how they don't understand that a lot of people used Firefox exactly because it didn't behave and look like Chrome and that they could customise it however they wanted. And they've spent the last 3 years trying to make it more and more like Chrome. And that idiot from Mozilla who said that "only 40% of users use any plugins" so we can just ignore them.....

      I've probably been using Firefox for around the last 10 years, and I finally dumped it last week. I've switched to Vivaldi, which, I know is based on Chromium, but the whole ethos behind it reminds me of how Firefox was before. Hopefully it stays that way. I can't get it exactly how I ran Firefox but I guess I have about 90% of my customisations.

    4. tony72

      Re: Another nail in the coffin...

      Firefox started off with a great idea - a small core browser, which the user could then customise by using various Add-ons (Extensions, Plug-Ins, Dictionaries) that were important for what they wanted to do.So you ended up with exactly the browser that you wanted. That vision has long been lost :-(

      I hate to point this out, but that was never Mozilla's vision" that was what people outside of Mozilla decided Firefox was good for. Mozilla primarily trumpeted the core features of Firefox - tabbed browsing, pop-up blocker, etc etc - things that were ground-breaking at the time. The minimalist, extensible browser idea didn't come from Mozilla. To quote the goals from the Firefox charter 1.0 from 2004, first line; Delivering the right set of features - not too many or too few (the goal is to create a useful browser, not a minimal browser) .

      Yes, they aimed for a bloat free browser, but that mostly meant not shipping it with a suite of other applications in the way of the Netscape Suite. And yes, they promoted the hundreds of add-ons as a benefit, but those of us who've used Firefox since the pre-1.0 days, when add-ons were free to shit all over each other and all over the browser, will recall that the Mozilla devs attitude was that if a given add-on worked for you, great. If it didn't, don't use it. As far as they were concerned, add-ons were just a bonus, and a way to experiment with new features, and their job was the browser's core features. It took them literally years to engage with the fact that people were using Firefox primalrily because of the add-ons and extensions, and start working towards stable and secure add-on APIs. I quote another goal from the charter; Develop and maintain an extension system to allow for research into new areas without affecting the core and to allow for techies, early adopters, web developers and other specific communities to customize their browsers to suit their specific needs without affecting usability or download size for the mass market.. Extensions were not intended to be part of the mainstream Firefox experience. Which is probably a large part of the reason why we are where we are today.

      1. Dan 55 Silver badge

        Re: Another nail in the coffin...

        The release notes for Phoenix 0.1 say "It's a lean and fast browser that doesn't skimp on features" and mention that there were plans for an extension manager. An official addon site came online by the time Firefox 0.9 was released.

        So the idea for a non-bloated browser with extensions was there right from the start.

        I seem to remember the target was to have a browser that fit on a 1.44M floppy but that had to be dropped. Can't find that online though.

  10. sitta_europea

    " ... it's hard for developers to get a good sample of what causes problems. ..."

    Bollocks.

    All they EVER had to do was read some of my emails.

    But they couldn't even be arsed to do that, so I kicked Firefox into touch where it belongs.

  11. x 7

    another nail in the coffin

    Mozilla's market share has been shrinking for years

    Now it will shrink even further as it loses one of its USPs.

  12. Redstone
    WTF?

    Here's an idea..

    ...instead of trying to figure out how to slurp data like Chrome, why not just figure out how to load pages faster and generally be lighter on resources and more nimble? You might actually start to get some user base back. I started using Pale Moon over Firefox for this very reason.

    As for rendering Arsebook pages: HTML5/CSS is a standard. If they can't be bothered to set up their 'tailored' pages to the standard, then F*%k them (excuse my French).

  13. Anonymous Coward
    Anonymous Coward

    " ... it's hard for developers to get a good sample of what causes problems. ..."

    When Firefox crashes then I say "yes" - ONLY as a one-off - to send that incident to the developers. It's under my control and they get the evidence of a catastrophic failure. It's happened too many times recently.

    Anything more than that is definitely not welcome here. Opt-outs have nasty habit of being "lost" during updates.

    Pale Moon is now installed for a trial - but the opening page is not a good omen.

    "We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information you’ve provided to them or they’ve collected from your use of their services"

  14. fnusnu

    So what does Mozilla collect?

    Anybody who claims that Firefox protects their privacy probably hasn't actually looked at Firefox's privacy policy.

    Below are some excerpts from the Firefox privacy policy that is dated July 31, 2017.

    Be sure to notice the type of information being collected and possibly even transmitted to third parties (including Google, some "Leanplum" company, a "mobile analytics vendor", and "certain developers"). We see terms like:

    - "IP address"

    - "browser version"

    - "operating system"

    - "locale"

    - "language preference"

    - "list of add-ons you have installed"

    - "phone number"

    - "email address"

    - "URLs associated with the downloaded file"

    - "hardware configuration"

    - "commonly visited domains"

    - "location"

    - "the active URL"

    - "Google advertising ID"

    - "personal information"

    - "key word searches"

    - "Wi-Fi networks"

    - "cell phone towers"

    Here are the excerpts:

    Once per day, Firefox sends the following info to Mozilla when it checks for browser updates: your Firefox version information, language preference, operating system, and version.

    Firefox contacts Mozilla once per day to check for add-on information to check for malicious add-ons. This includes, for example: browser version, OS and version, locale, total number of requests, time of last request, time of day, IP address, and the list of add-ons you have installed.

    About once per day, Firefox connects to Mozilla and provides you with new snippets, if available. Mozilla may collect how often snippets are clicked, snippet name, browser locale, and which version of Firefox you're using.

    Firefox sends Mozilla a monthly request to look up your location at a country level using your IP address.

    Some Mozilla sponsored snippets are interactive and allow you to optionally share your phone number or email address.

    This data includes, for example: device hardware, operating system, Firefox version, add-ons (count and type), timing of browser events, rendering, session restores, length of session, interaction with search access points and use of Firefox search partner codes, how old a profile is, basic information about errors and crashes, and count of pages.

    Firefox sends to this third-party information identifying the site's certificate.

    About twice per hour, Firefox downloads Google's SafeBrowsing lists to help block access to sites and downloads that are malicious or forged (Google's privacy policy is at https://www.google.com/policies/privacy/).

    Firefox may send metadata, including URLs associated with the downloaded file, to the SafeBrowsing service.

    Usage statistics or "Telemetry" is a feature in Firefox that sends Mozilla usage, performance, and responsiveness statistics about user interface features, memory, and hardware configuration. Your IP address is also collected as a part of a standard web log.

    Firefox sends to Mozilla data relating to the tiles such as number of clicks, impressions, your IP address, locale information, and tile specific data (e.g., position and size of grid).

    In Firefox Beta, certain short-term Telemetry experiments (see above) for Tiles may collect information about commonly visited domains.

    Firefox sends Mozilla a request once to look up your location at a country level using your IP address.

    Firefox may send the terms you type in the Awesome Bar or Search Bar to your Default Search Engine to retrieve suggestions, and is governed by the applicable Privacy Policy from your Default Search Engine.

    To help us understand and improve our marketing campaigns, Firefox sends certain information by default. This includes “Referral Data” such as the website domain or advertising campaign that referred you to download and install Firefox, as well as “Interaction Data” about what features you use in Firefox.

    On Android and iOS, Firefox sends Referral Data to our mobile analytics vendor, and also includes a Google advertising ID, IP address, timestamp, country, locale, operating system, and app version.

    On desktop, Firefox records and sends Referral Data to Mozilla as part of Firefox Health Report.

    On iOS, Firefox sends Interaction Data to Leanplum, our mobile marketing vendor, which has its own privacy policy.

    When you ask it to, Firefox also connects to Mozilla to provide you with features such as Sync, location services, crash reporting, and add-ons.

    Firefox may use several pieces of data to determine your location, including your operating systems geolocation features, Wi-Fi networks, cell phone towers, or IP address.

    Estimating your location involves sending some of this information to Google's geolocation service, which has its own privacy policy.

    This includes technical information such as why Firefox crashed, the active URL and the state of Firefox's memory usage at the time of the crash, which may include personal information.

    To display the personalized recommendations, Firefox sends information to Mozilla, including the list of add-ons you have installed, Firefox version information, and your IP address.

    Mozilla collects these key word searches, as well as your Firefox version information, locale, and OS to show you recommendations.

    Firefox sends information to Mozilla about what sites you have agreed to receive Push Notification from.

    Mozilla may share aggregated information with certain developers including the number of visitors to their site that have subscribed or unsubscribed to their Push Notifications.

    We receive data such as the average size and number of your uploaded screenshots, your Firefox browser version, device operating system, and errors. The IP address accessing the Firefox Screenshots website is temporarily collected as part of a standard server log.

    Some people will try to justify this nonsense by saying, "It's ok, they disclose what they're collecting and sharing!" or the even more idiotic, "It's ok, you can disable some of this data collection and sharing!".

    None of that matters!

    If you're using Firefox because you think it gives you "privacy", well, you really ought to reconsider why you're using it.

    As its very own privacy policy indicates, Firefox collects a lot of information and readily shares it with Mozilla and others.

    https://m.slashdot.org/story/330335

    1. CFWhitman

      Re: So what does Mozilla collect?

      This post could be pretty misleading to someone who didn't read it all the way through. If you are not on mobile, then Firefox doesn't send much of any information that would allow you to be identified unless you specifically enter the information and say it's OK (you have to actually enter your email address and phone number if you want them to have them). It only uses your IP address to identify what country you are in.

  15. Simone

    Blocking add-ons?

    When I heard of the proposed change to add-ons, I installed the Addon Compatibility Reporting Add-On. My Add-On list shows "Multiprocess is not enabled", and each Add-On shows "Compatible with multiprocess" or "Not compatible with multiprocess". Classic Theme Restorer and Adblock Plus show they are compatible, so can I assume that these still work when the change is implemented? I might have misunderstood something!

    1. Dan 55 Silver badge

      Re: Blocking add-ons?

      CTR definitely won't work.

      The ones marked "Not compatible with multiprocess" definitely won't work. The ones which are may be compatible, you have to click through to addons.mozilla.org and see if it's got the "Firefox 57+ compatible" tag.

  16. CFWhitman

    This Article is Pretty Misleading

    This article is pretty misleading considering that the idea of making the data involved opt-out was only a suggestion by a couple of software engineers and so far hasn't even been taken up for consideration by the committee.

    1. Anonymous Coward
      Anonymous Coward

      Re: This Article is Pretty Misleading

      Now's the time to nip this in the bud. Something along the lines of "are you fucking high?" Their current data collection and privacy policies have removed them from consideration here some time ago. You see, or rather you likely don't, I read and keep reading their privacy policies, EULA, etc. on a regular basis. I do that for all my software, not just browsers. As we all know, I'm really, really weird in this regard.

      One minor point, if they go opt-out then the first thing that will happen is me opting out of recommending their browser to regular people. For some reason, people ask me these types of questions. Can't imagine why. Seriously. This isn't hard.

  17. fobobob

    Since nobody will do it willingly, let's change the wording a bit:

    Do you not not not not not not not not not not not not not not not not not not not not not not not not not not not not not not not not not not want to have your stuff tracked?

    And then take a page from the Microsoft playbook and basically ignore whatever choice the user made, or possibly just reset it on the next update.

  18. keithpeter
    Childcatcher

    sigh...

    HN https://news.ycombinator.com/item?id=15071492

    Reddit (!) https://www.reddit.com/r/firefox/comments/6vapu5/firefox_planning_to_anonymously_collect_browsing/

    Anyone got a cattle prod?

    Redux: Firefox has a small 'market' share. Apparently that demographic chooses not to share browsing habits. Just possibly the demographic has chosen Firefox as it is privacy friendly to some extent.

    Actionable content: I went as far as compiling midori on Slackware current after I read this. Not bad, still some rough edges.

    Icon: In Loco Parentis

  19. Anonymous Coward
    Anonymous Coward

    Cut the head off!!

    Mozilla suffers from a very common ailment these days. They have incompetent people in charge.

    //Places the picture of a fox with an orange toupee//

  20. Anonymous Coward
    Anonymous Coward

    Magnificient!

    "Mozilla is going to start with a user study before it takes any steps down the opt-out path"

    In true corporate fashion. I'm so proud of them!

    I used to think that they just pissed their (rather, someone else's) money hiring incompetent programmers¹, but I now look forward to the innumerable meetings and committees that will analyse this issue, and no doubt others of equal or greater irrelevance.

    ¹ Spent enough time in their bug tracker to have given up in despair.

    1. Dan 55 Silver badge

      Re: Magnificient!

      Why would they need a user study? They've been only too happy to screw up the UI and extensions without one.

  21. Anonymous Coward
    Anonymous Coward

    On telemetry

    There are ways and ways of doing it.

    In Firefox, I have a large user.js that changes, blanks or disables hundreds of configuration options in order that my browsing can stay relatively private and secure. Needless to say, I would not dream of enabling anything with the faintest smell of telemetry.

    In Nextcloud, a product produced by a business run as a proper business and not trying to pass itself as a "foundation", I not only enable but actually take positive steps to submit telemetry.

    The main difference, other than trust in the intentions and competence of the respective developers, is that Nextcloud's telemetry consists of a relatively short JSON object which can be easily reviewed (and edited if needed) in less than a minute. It does send a presumably unique "installation id" and no other information that could be claimed to be obtrusive even by a paranoid like truly yours.

    I use Firefox, because that's the devil I know, but I have had zero (nay, negative) goodwill towards them for a very long time now.

  22. Anonymous Coward
    Anonymous Coward

    "Mozilla is going to start with a user study before it takes any steps down the opt-out path."

    Mozilla devs seem so out of touch with ordinary users! There are more important things to fix / tweak right now....

    Firefox has made it tricky for novices to toggle JavaScript / Images etc, while simultaneously adding useless nag screens like 'Refreshing Firefox' etc. But why??? Its the justification in threads by developers too, that says people working there are so out of touch with users and what's actually helpful. That wasn't always the case, so what changed?

    ~ I'd like to see 'about:config.javascript' etc shortcuts for toggling JavaScript etc. Having to Type 'pt.e' as a shortcut seems dumb. Same goes for toggling images etc. like having to set dom.image.srcset.enabled to FALSE after every install to block image loads, WTF???

    ~ I still use Firefox. What else is there? Sure there's Palemoon, but in many workplaces that's not an option. Lets not even dwell on Win10 browser slurp, never going there... Plus after finding Google secretly slurping bookmarks, history etc from local machines without even being signed into Gmail, I'm never going back to Chrome. That's a pity too, as it had had some nice 'per site' scripting / image / cookie blocking tools, which negated the need to always have separate Ad-Blockers etc.

  23. Chemical Bob

    I call bullshit

    Mozilla stopped caring about their users a long time ago.

  24. Munchausen's proxy
    Pint

    Optimize for specific websites?

    I know this is crazy talk these days, but why not optimize for the freaking Standards? If you want to go down a partnership / monetizing path with some sites, do that separately. Make your browser generally useful and maybe people would generally use it again.

  25. Anonymous Coward
    Anonymous Coward

    Wish Mozilla would fix important things instead

    Like default COOKIE handling... Why does every version default to:

    'Accept Cookies from Sites'

    ->

    'Accept Third-party Cookies'

    -

    - ALWAYS -

    -

    Why would Mozilla do that, what's wrong with NEVER as a default? Can't think of any website that insists on explicit 3rd-Party-Cookies anymore to work (if they do dump them immediately). Where's the advantage to the End-User here, unless Mass-Tracking & Slurp is the goal... WTF Mozilla?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020