[jedberg]

There is a big difference between them being able to activate a connection to my machine at their whim and execute code, vs me downloading their software or an update at a time of my choosing, especially since if I am very security conscience I can wait until an updated has been audited or tested.

With a remote code execution engine, someone could hack into their backend and then start running malicious code on thousands or millions of machines. If they compromise a software update, at least there is a chance it can be caught before it gets to me.

[Kalium]

There's a config-flag to turn it off. You could even deploy that enterprise-wide.

That said, every auto-update system is essentially an RCE system. For highly exposed and security-sensitive applications like browsers, the auto-update is a net win in many deployment scenarios.

[scarface74]

Isn’t it kind of ironic that you mention a user flag to turn off telemetry that is on by default on a post about “defaults matter”?

[Kalium]

Yes.

Telemetry and auto-updates are important enough that having them on by default isn't wildly unreasonable.

[scarface74]

Auto updates yes for security. But why would telemetry be important to the end user - especially for a “privacy focused browser”?

[Kalium]

https://docs.telemetry.mozilla.org/concepts/choosing_a_datas...

The nice thing is that you don't have to ask. You can look for yourself. Mozilla's pretty transparent about what they have and what is in it.

Turns out telemetry is good for things like finding / addressing crashes and seeing if updates have gone out properly.

Also, I seem to recall being explicitly asked if I wanted to participate. But my memory could be failing me.

[roca]

No browser is really "privacy-focused". Performance, security, stability and Web compatibility are all table stakes for Web browsers. If you aren't competitive at those, it doesn't matter what else you do, your product isn't viable. And telemetry data is really valuable for achieving all those; without it, you'll waste a lot of resources fixing the wrong things. Mozilla certainly can't afford to do that.

Once your browser is competitive at those table stakes, only then can you give it a "privacy focus" to differentiate from Chrome.

[roca]

If you're security-conscious then you'll install updates immediately, before you get compromised by whatever attack it might be fixing.

In reality no-one outside Mozilla is auditing updates (other than black-hats reverse-engineering security fixes to catch the people who don't update immediately). I don't think the situation for other browser vendors is any different.