[Arizhel]

>Unlike IE and FireFox and Safari it comes from a company that is notorious for wanting to know everything about you.

That's not true. Microsoft has now gotten into the spying business, and is infamous for the Windows 10 telemetry. They're basically copying Google.

Firefox and Safari are the only ones that come from companies that aren't notorious for wanting to know everything about you. And Firefox doesn't try to get you to spend scads of money on massively overpriced but mediocre hardware that locks you into their ecosystem.

Firefox has its warts, but it's the only choice that really makes sense if you care about privacy and freedom and avoiding vendor lock-in.

[MBCook]

I see telemetry as fundamentally different from the kind of data that you want to use to push advertising to people.

[_jal]

There is no clear line to be drawn between the two, and it really depends on the use to which the data is put, something that's opaque to end users.

Sure, error reporting feeding in to a QA database is one thing. But is there the capability to target Win10 OS ads to, say, folks with old video cards? I'd be very surprised if someone in Redmond didn't think of that.

[yuhong]

That being said, I do believe that currently SQM is separate from ad tracking and crash reporting for example.

[imron]

So you think the telemetry is not going to help with things like this? https://www.extremetech.com/computing/245553-microsoft-now-p...

[sp332]

They seem to have sent that to everyone, so there's no targeting, and telemetry won't make a difference.

[yuhong]

And even if it did it would be probably separate from for example SQM.

[themihai]

Firefox sends the DOM hashes to Google just like Chrome.

[majewsky]

Can you explain this? I've never heard of "DOM hashes" before.

[acqq]

Not "DOM" but a hashes of the URL or a part of it, to check if the domain or URL is "safe." Also downloads are checked. And AFAIK it's more nuanced, there's also a database that can be checked and allow "offline" checks. But it would still be interesting to find one independent serious analysis of the behavior.

[themihai]

Actually it sends the DOM model too. It's named client side detection. https://news.ycombinator.com/item?id=5971403

[themihai]

It's named client side detection and it sends the DOM model(actually hashes of it) to Google. I found about it on HN too. Obviously you may check FF/Chrome source too. I would love to be proven wrong. https://news.ycombinator.com/item?id=5971403

[st3fan]

Can you please explain this in more detail? Ideally with an example request that you see?

(I highly doubt that there is any truth to this claim)

[helb]

I think they were referring to https://wiki.mozilla.org/Security/Safe_Browsing … which uses safebrowsing.google.com, but doesn't send any "DOM hashes" to them.

[themihai]

How do you explain this? https://news.ycombinator.com/item?id=5971403

[dbdr]

helb was saying Firefox does not send "DOM hashes", the story you link to is about Chrome.

[themihai]

Both Chrome and Firefox use the same techniques as far as the client side detection is concerned if not even the same code. Both send the data to Google.

[themihai]

I think you can check the source https://cs.chromium.org/chromium/src/chrome/browser/safe_bro... Long story short it sends the DOM "model" including links, input names etc. There was a story on HN about this https://news.ycombinator.com/item?id=5971403

[st3fan]

You should read the Privacy section at https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-...

> One of the most persistent misunderstandings about Safe Browsing is the idea that the browser needs to send all visited URLs to Google in order to verify whether or not they are safe.

> While this was an option in version 1 of the Safe Browsing protocol (as disclosed in their privacy policy at the time), support for this "enhanced mode" was removed in Firefox 3 and the version 1 server was decommissioned in late 2011 in favor of version 2 of the Safe Browsing API which doesn't offer this type of real-time lookup.

Firefox 3 - That was 9 years ago.

[themihai]

I believe that doesn't take into account the client side detection. It was added later.

[dblohm7]

There's a lot of FUD about this, though.

https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-...