[roca]

"No new data is collected, stored, or shared to make these new recommendations."

"When contextual suggestions are enabled, Mozilla receives your search queries. When you see or click on a Firefox Suggest result, Mozilla collects and sends your search queries and the result you click on to our partners through a Mozilla-owned proxy service. The data we share with partners does not include personally identifying information and is only shared when you see or click on a suggestion."

Doesn't sound like "datamining everything you search for".

[TeMPOraL]

> "When contextual suggestions are enabled, Mozilla receives your search queries. (...)"

This, right here. They get those regardless of whether you click on anything. What happens with those queries afterwards?

> "No new data is collected, stored, or shared to make these new recommendations."

If that's true, it would imply search queries were already being sent to Mozilla. I hope it isn't true. I feel incredibly dumb that I never bothered to verify it, that I trusted them. If it turns out the queries were sent, I'll look into filing a GDPR complaint, because I sure as hell didn't give consent for my queries - intended for the search engine of my choice, and which might contain PII - to be processed by Mozilla.

[roca]

> What happens with those queries afterwards?

https://blog.mozilla.org/data/2021/09/15/data-and-firefox-su...

> Mozilla approaches handling this data conservatively. We take care to remove data from our systems as soon as it’s no longer needed. When passing data on to our partners, we are careful to only provide the partner with the minimum information required to serve the feature.

> A specific example of this principle in action is the search’s location. The location of a search is derived from the Firefox client’s IP address. However, the IP address can identify a person far more precisely than is necessary for our purposes. We therefore convert the IP address to a more general location immediately after we receive it, and we remove the IP address from all datasets and reports downstream.

[TeMPOraL]

>> When passing data on to our partners, we are careful to only provide the partner with the minimum information required to serve the feature.

That's hogwash without access to details of actual cases. What is the definition of "minimum" for a given partner here?

Reminds me of the UX of Android a couple years ago:

- Android: "I'm a better system than desktops, I offer fine-grained permissions that ensure apps only have access to what they need, nothing more."

- Every single app, upon installation: "I need every single permission enumerable in the current SDK version."

>> A specific example of this principle in action is the search’s location. (...)

Oh, that's nice, I feel a bit more relaxed - this means they can't enable this feature for me at all, because they first have to seek informed consent from me for this kind of processing. They'd better remember to ask.

[chrisjc]

I think I can confidently assume that despite not providing IP or accurate location data, there are enough features in the data for their partners to fingerprint individuals. Might require a lot more work, but when advertisers go out of their way to identify individuals based on their browser/os/hardware settings, they'll attempt to do it on just about anything they could get their hands on.

I wonder how containers affect this behavior? Since the same history seems to pop up regardless of which container I'm in, I wonder if this effectively makes containers permeable?

[cpeterso]

How will a third-party suggestion provider fingerprint individual users when search queries are all proxied from the Mozilla server IP addresses?