Mozilla people - this is a serious issue. If you want to champion privacy, you NEED to have a big red button that says "nothing gets sent out" and you NEED to have an end-to-end test to make sure Firefox respects it.
Why? Like, seriously. Telemetry is useful, and I am more than happy to provide them with some useful metrics so they know what to improve on - since I can’t really help with the code itself, since it is an insanely huge project.
It’s not like they use it to build a profile of you, as goddamn chrome does.
I feel that whatever Mozilla does can never be good enough for some people, even though they are one of the most important players in the “fight” of OSS. Just think about it, linux is only usable as a desktop OS because most of the desktop apps migrated to the web - and firefox is the only free browser that is actually capable, as well as the only engine that is not google-controlled. We should support them as much as we can.
It annoys me that Mozilla and Firefox are held to an almost impossible standard by this community, whereas others get a pass on behaviour that's far more intrusive. These posts seem to be lacking entirely in perspective. That doesn't mean that Mozilla can't be criticised, but ffs, don't blow minor issues out of proportion.
Software that sends surveillance data of user activity without first obtaining the user’s consent is malware, silently acting against the wishes of the user, co-opting their hardware and network to work against them to benefit a remote party.
It’s great that you consent. In that instance it is fine. Many do not, and to proceed with the assumption of consent should be a crime.
What is done with the data is irrelevant. Spying without explicit consent is the problem.
It’s not like they use it to build a profile of you, as goddamn chrome does.
Eh? Says who? Them?
So many times, companies have lied, cheated, made excuses. So many times "we don't", then they do.
So. Many. Times.
So I should just trust Mozilla, because... well, why?
And this doesn't even take into account new corporate owners, leveraging existing data in a new way.
Or rogue elements in corps, employees stealing data for profit, or even data leakage due to misconfigured servers.
These thongs have all happened.
Corps have left dumps of entire client databases, credit cards, id, on open portals!
Over and over, again and again, we have been shown, never ever trust anyone with your data. Ever.
The client is open source (and you can go to about:telemetry to see for yourself what it’s sending), the server side is open source, and much of that data is publicly accessible at https://telemetry.mozilla.org
The preference controlling whether telemetry is sent anywhere is "datareporting.healthreport.uploadEnabled". The other telemetry settings are just about what telemetry modules are enabled to collect telemetry data locally (which you still can view with about:telemetry, but will not get send when you disabled "uploadEnabled"). [1]
Disable "datareporting.healthreport.uploadEnabled" and Firefox will not send telemetry data around. But users cannot be expected to mess around in about:config, right? That why there is a checkbox in the Firefox preferences just for this. In the Privacy & Security tab.
Also, when you create a fresh Firefox profile (e.g. when you use it for the first time), it will open their privacy policy page, with a somewhat hidden button that brings you straight to those checkboxes. I don't like that it's a bit hidden now by default, and they could do better there (and actually did better in the past, where there was a very visible popup asking you about this stuff).
As for "they should test this!": Right, and they do have unit tests[2].
I'm all for this functionality but if the said users go to Chrome because "Firefox has no privacy" this is ridiculous. Firefox is our best browser in this domain, let's not kill it by complaining indefinitely on it.
What are you going to switch to? Chrome? Sure, it would be nice to have an easy switch that disables all telemetry, but let's not forget that every other major browsers collects far more data, and the most popular browser steers you toward to storing your entire web and location history on their servers as soon as you log into your email account. Kinda puts non-identifying information about Firefox's performance into perspective, doesn't it?
A related anecdote: Firefox disabled ALSA support because their telemetry showed nobody was using it, but it turned out that the kind of people who use ALSA are also the kind of people who disable as much telemetry as possible:
Disabling telemetry is like refusing to register to vote: you minimise the chance of people doing bad things to you, but you also minimise the chance of people doing good things for you. Maybe that trade-off is worth it for you, maybe it isn't, but don't complain that the trade-off exists and don't get annoyed that other people choose differently.
More like refusing to vote if it can't be done anonymously. That said, I have telemetry turned on in my personal browser because I trust Mozilla not to abuse my data.
At work I handle more sensitive data and there it's turned off (the basic stuff, without diving into about:config to make it completely silent).
On the other extreme, I also use Firefox during security assessments. My browser making noise on a network where I'm not supposed to be detected is not something I can have happen. Removing all URLs and disabling all telemetry settings in about:config used to be enough, but recently they added a new system and that URL doesn't seem to be in about:config, I guess it's hard-coded. With covid-19 our on-site assessments are on hold anyway, but sooner or later I'll need to disable that either in Firefox itself or in the proxy configuration (on localhost, which logs any requests I make).
The definition of personally identifiable information, as I recall it, is info for which there exists a party that can trace it back to a person. Just because I can't find your name using your social security number doesn't mean that your SSN is not PII, because there exists a party that knows whom this SSN belongs to.
Similarly, it's not as if CGNAT is an anonymisation technology. Crooks would love it: download and upload whatever you want and nobody can ever tell it was you! No, ISPs log who used which IP and port at which time.
Processing the IP address and port number is essential for TCP to work, and even if you don't store it and filter it on your network's edge, it's still covered by privacy law–technically. A judge might not award you damages, but technically the processing (not storage) of personal data is also covered by privacy laws.
Of course, if they don't store it then I would consider it anonymous. The question to me is what they do with the data. But it's not correct to assume that it's anonymous just because you share an IP address with others, or to assume that everyone has CGNAT. Where I live a personal address is the default.
You are conflating separate things. The fact that your ISP can match an IP/port pair to a person doesn't make Mozilla's IP based telemetry "personal data".
> even after you disable these options, Firefox still collects and sends data to servers
I am surprised, for a product that claims to be privacy focused to behave in this way. I am a Firefox user and have not disabled telemetry since I think it can help Firefox and I trust them no to do anything wrong with it. But I would have expected that unchecking the telemetry option would actually disable telemetry.
I know there are a lot of people hanging around here looking for a business idea or a side project with some potential, so here's one idea:
Create a customized version of Firefox that:
- has support for removing the top bar when tst or something similar is installed. It should probably be possible to disable/reneable it using a menu option and an optional toolbar button.
- actually disables all telemetry when you try to disable telemetry
- optional but recommended: a "getting started wizard" where you select your preferred search engine, if you want to install TST or Sidebery, and if you want to set memory consumption to sane defaults.
- otherwise works exactly like Firefox
- Charge $50 a year, possibly more.
I'd probably sign up immediately.
Questions:
Q: what if Mozilla finally gets it and implements this?
I can't be the only one to miss old Firefox features and UX without wanting to leave behind all improvements we've seen the last few years on security, support for new standards and also performance.
Is there anything these preferences disable that isn't disabled by unchecking the three boxes (telemetry, experiments, crash reports) in the regular Privacy & Security tab of the Firefox preferences?
FF has a default link that it checks for capture portals on wifi networks. I think that it must be turned on all the time, though something in the about: pages might turn it off.
Tho that isn't mentioned in the article, and I'd be surprised if mozilla collects any data there (other than something like a hit count).
Of course, there are also the update checks, both for Firefox itself and extensions (both not mentioned in the article either, and probably a bad idea to disable this functionality unless some external source like a package manager does the updating for you).
Of course, but some people seem to be reacting as if that's what's happening, and knowing which sites problems occurred on would be useful for a browser vendor to know.
It doesn't seem like click bait or misleading [1]. Maybe it's changed in the last few minutes? Adding "How to" and messing with the capitalisation doesn't seem like an improvement.
[1] Currently "Disable All Telemetry and Data Collection in Mozilla Firefox Quantum"
It is. Telemetry turned off, all URLs removed from about:config, still making requests to "buckets/monitor/collections/changes/records" at the domain firefox.settings.services.mozilla.com (spotted this one in my proxy while trying to do a website audit).
It constantly pings the servers with my IP address, timestamp, and user agent if nothing else. They can see where people are over time. I was busy so haven't looked into what it's sending (just exempted the domain from interception for the duration of the audit), but in the EU and IP address with timestamp is personally identifiable information.
I don't think the claim that Firefox sends telemetry even after disabling it in the preferences has ever been true. It will still contact Mozilla servers for other reasons, like retrieving lists of malicious add-ons or checking for updates, but it won't send telemetry.
Quite impossible without extensive sourcecode changes. Where FF has extensive user-configurable flags in about:config, Chrome is just a totally unconfigurable blob.
There's a reason X-Client-Data telemetry being sent to DoubleClick servers in Chrome browsers is undisclosed to users, hard coded and impossible to disable.
