Hacker News new | ask | show | jobs
by thristian 2054 days ago
A related anecdote: Firefox disabled ALSA support because their telemetry showed nobody was using it, but it turned out that the kind of people who use ALSA are also the kind of people who disable as much telemetry as possible:

https://chuttenblog.wordpress.com/2020/11/05/data-science-is...

Disabling telemetry is like refusing to register to vote: you minimise the chance of people doing bad things to you, but you also minimise the chance of people doing good things for you. Maybe that trade-off is worth it for you, maybe it isn't, but don't complain that the trade-off exists and don't get annoyed that other people choose differently.
2 comments
Aachen 2054 days ago
More like refusing to vote if it can't be done anonymously. That said, I have telemetry turned on in my personal browser because I trust Mozilla not to abuse my data.

At work I handle more sensitive data and there it's turned off (the basic stuff, without diving into about:config to make it completely silent).

On the other extreme, I also use Firefox during security assessments. My browser making noise on a network where I'm not supposed to be detected is not something I can have happen. Removing all URLs and disabling all telemetry settings in about:config used to be enough, but recently they added a new system and that URL doesn't seem to be in about:config, I guess it's hard-coded. With covid-19 our on-site assessments are on hold anyway, but sooner or later I'll need to disable that either in Firefox itself or in the proxy configuration (on localhost, which logs any requests I make).

link
calcifer 2054 days ago
> More like refusing to vote if it can't be done anonymously.

It's already anonymous, no? Of course if you consider a CGNAT IP address not-anonymous then nothing can help you.

link
Aachen 2054 days ago
The definition of personally identifiable information, as I recall it, is info for which there exists a party that can trace it back to a person. Just because I can't find your name using your social security number doesn't mean that your SSN is not PII, because there exists a party that knows whom this SSN belongs to.

Similarly, it's not as if CGNAT is an anonymisation technology. Crooks would love it: download and upload whatever you want and nobody can ever tell it was you! No, ISPs log who used which IP and port at which time.

Processing the IP address and port number is essential for TCP to work, and even if you don't store it and filter it on your network's edge, it's still covered by privacy law–technically. A judge might not award you damages, but technically the processing (not storage) of personal data is also covered by privacy laws.

Of course, if they don't store it then I would consider it anonymous. The question to me is what they do with the data. But it's not correct to assume that it's anonymous just because you share an IP address with others, or to assume that everyone has CGNAT. Where I live a personal address is the default.

link
calcifer 2054 days ago
You are conflating separate things. The fact that your ISP can match an IP/port pair to a person doesn't make Mozilla's IP based telemetry "personal data".
link
a_imho 2054 days ago
So it is the privacy conscious people's fault for opting out? Hard disagree. If moz://a implements bias in their feedback loop that is on them.
link