[jddj]

There is in fact a third option, which happens to be their stated position.

Part of their (written) agreement with Google is that none of the analytics data generated from Mozilla properties will contribute towards Google's tracking database.

"Mozilla has a legal contract with Google that prevents them from using our Google Analytics data for mining or from sharing it with third parties, among other privacy-protecting provisions."

"Mozilla went through a year long legal discussion with GA before we would ever implement it on our websites. GA had to provide how and what they stored and we would only sign a contract with them if they allowed Mozilla to opt-out of Google using the data for mining and 3rd parties." https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14

[BurnGpuBurn]

Great if you trust Google, not so much if you don't. Too bad Mozilla made that choice for us, and imho, the wrong one. Google has proved itself time and time again that they cannot be trusted with privacy.

"Mozilla went through a year long legal discussion with GA."

I wonder why. Implementing some basic analytics on a few pages shouldn't be that hard.

[criley2]

"Great if you trust Google, not so much if you don't. Too bad Mozilla made that choice for us, and imho, the wrong one. Google has proved itself time and time again that they cannot be trusted with privacy."

I believe this to be a lazy and ignorant opinion, and I think you are hoping no one will call you out for this.

"Google has proved time and time against they cannot be trusted with privacy". This is a contract between two businesses, which carries legal weight (and in some countries, carries more legal weight than just contract law), so could you source for me perhaps 2-3 (you said "time and time again", so 2-3 should be quite easy!) of your most iconic times that Google openly violated contract terms with major organizations regarding privacy controls?

[jtbayly]

Remember when they were "unintentionally" scanning and saving wifi data?

Broke the law.

If Google has a culture of "grab all the data, and use it in whatever way you can figure out to make money,"—and they do—then the real question is if they even have the institutional capability to not accidentally use this data the same way they use all the other data they have.

[criley2]

>"Remember when they were "unintentionally" scanning and saving wifi data? Broke the law."

I don't want to be a broken record of "this opinion sounds lazy and under-researched and I'm calling you out" but.....

* Google was cleared of wrongdoing under the Wire Tap Act after an investigation by federal law enforcement

* The wifi data capture was a 20% time engineer project which rolled out unintentionally, was never commingled with other data, and was destroyed without being used

* The DoJ and Federal Court of Appeals disagree on the details and the Supreme Court of the United States refused a petition to clarify any parts, so any assertion that they "Broke the law" is either ignorant or malicious, IMO, because to summarize a situation where law enforcement said "No law breaking " and an Appeals court said "Maybe law breaking" as "Law Breaking" can't be considered a rational and intellectual attempt at understanding

[yters]

Well, as long as it's all legal I'm happy :D

[skybrian]

While Google does collect a lot of data, the culture is to guard it rather zealously. Google has a lot of lawyers and all projects have to get a privacy review. The privacy folks take their jobs seriously. There is mandatory training about when you need a privacy review. There are a lot of internal rules and technologies built to guard security and privacy. There are researchers looking into ways to learn from data on mobile devices without actually collecting it. The security people are probably the best in the business. And so on.

Some of the procedures were put in place after the wifi scanning incident.

And that's not to say bad things can't still happen. One thing that sounded particularly bad about the now-cancelled Dragonfly project was that they were allegedly avoiding privacy review. This project was being kept secret from the rest of the company because it's not how things are usually done.

So, my guess as an ex-Googler is that they can guard it and probably will, at least under normal conditions.

[armitron]

We wouldn't know, since most of the incidents would never see the light. From the incidents that did come to light (e.g. Google spying on you through its assistant), we do know that they can and will bend the letter of the law to suit their purpose. So I think that it's your opinion that sounds hopelessly naive rather than OP's.

[penagwin]

Most of the cases of Google "spying through home assistant" (along with the other assistants, Amazon, Apple included) while obviously invasions of privacy were generally (all?) legal.

At least in the US they weren't breaking any laws. I'm not saying they would never break any laws for financial gain, just that most of the breaches in privacy aren't technically illegal (thus the need for privacy laws)

[hartator]

> This is a contract between two businesses, which carries legal weight.

It’s like the Snowden revelations didn’t happen. I am pretty sure US intelligence agencies have access to your Firefox GA analytics.

[xg15]

So where is the external audit to Google's data centers, verifying that they actually do what they claim to do?

[rhaps0dy]

It is pretty unlikely that a company (Google) would break a contract with another relatively large organisation (Mozilla). Yes, Google vacuum up all your data and do shady stuff with it, but only because all of it is legal.

Plus, the amount of data that they get from Mozilla must be tiny compared to the amount of data that they collect through their search engine: it's only data on mozilla.org, not data of everyone that uses the browser at all times. It is not wise to risk a lawsuit over it.

> I wonder why. Implementing some basic analytics on a few pages shouldn't be that hard.

Maybe defining a contract to prevent use of Mozilla data without loopholes is harder.

[pbhjpbhj]

It will be "anonymised" I imagine, enough to give Google all they want and still let Mozilla get paid and _say_ they don't give up user data.

There's surely no way to tell what they do with the data at the other end? It's Google and their serf, Mozilla, I can't imagine it's wholesome.

[shkkmo]

> It will be "anonymised" I imagine, enough to give Google all they want and still let Mozilla get paid

Do you have you any basis for this assertion?

[pbhjpbhj]

For the assertion of my assumption? The post itself is evidence of it.

[judge2020]

You can see from the screenshot in the linked bug report that the data won't be shared whatsoever if those boxes aren't checked.

[mensetmanusman]

It’s not entirely one sided as you describe. Google is one of the few companies that has also fought legal requests from governments trying to spy on their citizens, when the others giants caved immediately.

[judge2020]

One of the things Google gets right. They know that data breaches, where someone does get the valuable ad profiles or data of Google users (while usually advertisers just get to target based off the data), are one of the few things that will actually cause the masses to think about their privacy settings and why they're giving Google their life story at all.

[luckylion]

Which requires the user to trust Google to a) honor that agreement (somewhat simple, though we don't know the actual terms, i.e. what's on the line for Google) and b) not have bugs in their systems that accidentally leak information (to their own profiling services or third parties), and if they trust them on this, why not trust them in general when it comes to "we won't use your information for anything nefarious". Anti-Ad/Tracking-Plugins being among the most popular suggests that a lot of Mozilla's users don't want to rely on trust.

My bank argues the same way and uses Google Analytics to track their visitors, including inside the online banking system. Fine, so they trust Google to honor agreements and not connect profiles, but I'd still prefer Google to simply not know when and how often I'm logging in to check my account balance.

It's good that Mozilla goes the extra mile to get a custom contract, but I believe that most people aren't expecting a self-proclaimed privacy champion to use an anti-privacy-service by one of the largest corporate enemies of privacy. Explicit opt-in would be the right thing to do here.

[cameronbrown]

Not only that, but Mozilla's Google opt-out is available to all GA customers, which is great for everyone.

[lonelappde]

It's not any good for users who don't have the choice to opt out.

[cameronbrown]

If you personally want to opt out then use a content blocker? There's also an official way to completely opt out of GA, but this basically does the same thing.

Privacy isn't a zero sum game, there can be improvements.

[lonelappde]

What's the point? Why does Mozilla exist? If Google is good enough mozilla.org should redirect to google.com/chrome.

If Google is not going enough, Mozilla shouldn't use Google for analytics on the add-ons page when there are plenty of other options and an opportunity to do something valuable by building a site-private analytics product as part of their core mission of protecting the web.

[intea]

Thanks for bringing that up. Im wondering why they went through all that trouble though. Are there no alternatives to GA?

[jddj]

According to the issues trackers, various forms of "self-hosting would be more work for a lesser product".

I'm not sure that would still be the case if the decision were being made today, and would quietly hope not, but I guess we can charitably say that the reason now is "inertia".

Personally, I think they may have underestimated (or failed to fully predict) the anti-google, pro-privacy sentiment in the wings, and it's clear even from this thread and the issues on bugzilla that it's probably cost them enough privacy-capital at this stage to have justified the extra work required to self-host.

But hindsight is 20-20. There are sunk costs now which also must play into the decisions.

[swebs]

Or just don't load any "analytics" scripts at all. Do you really need to know the aggregate mouse positions of every user on your addon page?

[jddj]

Definitely not, but I can see how it might be useful to know aggregates of the Firefox version and locale information for people visiting that particular page.

[buildzr]

Sure, but you can do that with just your web server log.

[spookthesunset]

> Personally, I think they may have underestimated (or failed to fully predict) the anti-google, pro-privacy sentiment in the wings, and it's clear even from this thread and the issues on bugzilla that it's probably cost them enough privacy-capital at this stage to have justified the extra work required to self-host.

Or maybe the "anti-google, pro-privacy sentiment" isn't really all that big. Could be a relatively small but vocal set of people.

[lonelappde]

> self-hosting would be more work for a lesser product".

The same argument applies to the whole of Firefox. It's more work and it's a lesser product. If Firefox can be a better product, than Mozilla Analytics could be too.

At this point it's clear that Mozilla is a business (with well paid management and staff) like Google that is using Privacy as a promo like Google used Don't Be Evil. Mozilla might be better in practice today, but it's not on a principled foundation. It looks like a Google Lite - Firefox vs Chrome, Rust vs Go, etc.

[1over137]

>Are there no alternatives to GA?

There is Matomo (formerly Piwik): https://matomo.org/

[edoceo]

We use this one, paid version. Sometimes it's a slower load, the UI is less good than GA, other little issues but we still get the core data, and can trap page-level-events.

[TheSpiceIsLife]

> legal contract with Google that prevents them

This misrepresents the ability of a contract.

No law can prevent a thing, no written agreement can prevent cheating. Law can only set out that such cheating might be illegal in the sense that it can be argued in court that penalties should apply.

[jddj]

I do see the point that you are making, and clearly prevents is not absolutely true, but the beauty of open companies like Mozilla is that this information is available at all. In an issue tracker no less.

We can be a little more charitable in not demanding legalese from someone who was casually paraphrasing somebody else, given the context (a bug report).

[pbhjpbhj]

Mozilla is open? Which manager signed off on the Pocket implementation? Where are the minutes for the meetings in which that was agreed?

Mozilla make open source, they're not open like a publicly accountable body, are they?

[jddj]

Sorry, ironically I didn't mean to imply openness in any legal sense (although the foundation itself is publicly accountable in terms of what they spend their money on).

Open companies was probably a bad term to use because it might imply something beyond most/all(?) of their products being developed in the open, but I think the point stands well enough regardless.

I won't edit now, but please read my original "open" as "open source".

[criley2]

>No law can prevent a thing, no written agreement can prevent cheating. Law can only set out that such cheating might be illegal in the sense that it can be argued in court that penalties should apply.

This is asinine stuff. Contract law is one of the oldest parts of the legal system and contracts are protected. Violating contract terms leads to a discussion of damages. It's not about illegal contracts, it's about liability and damages.

[lonelappde]

No one before you was talking about "illegal contracts". You misread what you replied to. Contracts don't prevent things. Contracts determine (sometimes indefinite, but not infinite) prices for actions.

If you trust Google to always uphold its contract, than by the same logic you should trust the government to never abuse your encryption keys. But we don't, because insider access is (eventually) outsider access. Bits don't have color.

[criley2]

And I'm explicitly rejecting the theoretical discussion of "contracts not preventing things", a somewhat useful model of legal thinking for first year law students to understand one aspect, but an absolutely atrocious model for a layperson to understand general contract law.

This is like saying criminal law doesn't prevent crime, which again under some literalist and pointless definition sure a murderer isn't physically prevented from murder by a law, but the punishment of murderers does prevent many people from becoming murderers.

Similarly, contract law influences the behavior of people who agree to them by establishing damages and liabilities for various situations, and these incentives influence and control normal actors in predictable ways. A summary of the influences and controls on normal actors in contract negotiation could be "contracts prevent things".

My contract with my ISP prevents me from reselling my bandwidth to my neighbors. It doesn't physically prevent me, but it establishes a liability for me that I want to avoid.

My contract with my car insurance company prevents me from working for Uber. It doesn't physically prevent me from clicking Sign Up in the Uber app, but it establishes limits on my coverage such that I would be driving illegally if I were to continue, and I want to avoid that, so the contract prevents me from doing it.

[mkd1964]

Unless they believe they can get away with it.

Let's not be naive. The Big Brother agenda of Google didn't happen in a vacuum. They have government support and protection from some factions of our intelligence agencies to this day (although, perhaps not for much longer). The whole original concept of "Google" as a search engine (and tracking app) was originally a program of DARPA (same for Facebook - originally called "LifeLog"). Do you really think they cut all ties with the government when they went public? Neither Google or Facebook are what they appear to be.

"Privacy" in the sense that it pertains to selling your info to advertisers is just a sideshow; i.e. not the real problem.

[dragonwriter]

> Violating contract terms leads to a discussion of damages.

No, being found in a court of law to have done so does, but when the contract terms are easy to violate without the other party being aware it is especially inaccurate to portray this as the violation itself leading to this result.

[Hitton]

Thank God that Google is such trustworthy company on which we can depend with all our data and personal information. The company that would never deal with likes of China. The company which would never expose data of Google+ customers. The company which is always transparent with its policies and usage of user provided data.

[oblio]

> The company that would never deal with likes of China.

This is disingenuous. They basically locked themselves out of China voluntarily many years ago. They're really scary otherwise and I agree with you, but don't lessen your point by including exaggerations, in my opinion.

[carapace]

Expletive deleted. Project Dragonfly.

https://en.wikipedia.org/wiki/Dragonfly_(search_engine)

[ekianjo]

> Part of their (written) agreement with Google is that none of the analytics data generated from Mozilla properties will contribute towards Google's tracking database.

Do they really think people are that naive?