[justcommenting]

"fact of life of web server logging" = screw you, we're not even going to consider deleting our logs even as we talk a good line about how much we respect your privacy

edit after downvote: also, mozilla engineering PMs will intimate on hackernews that it won't internally correlate and potentially sell any of the location and other information it most obviously could correlate about people, even though it has already announced its intention to advertise.

[crankycoder1975]

We don't correlate your location data to ads. As a Canadian, that would actually be illegal and a violation of the Privacy Act.

We never got authorization from individuals to do that correlation.

We aren't perfect, but I think we do a pretty good job of respecting and protecting your privacy at Mozilla.

[justcommenting]

thank you for these clarifications.

one industry norm that makes these things tough (again, not Mozilla's fault) is that at least under US law, Mozilla could change its privacy policies at some point in the future and do a lot more than it currently does.

and... my parent comment was brash and probably deserved the downvote it received.

[lxt]

Selling user data would be completely against our mission and values, and I think it would be extraordinarily hard for such a change to make it through the internal immune system for such things. I think Mozilla is less likely to do bad things with your data than just about any other company (or government for that matter) out there.

(Disclosure: I work for Mozilla. I am helping write an updated set of privacy guidelines for engineering teams, to be as explicit as possible about how careful and respectful we need to be with data.)

[sp332]

"2) we may receive certain temporary data such as your IP address. This data is deleted after being used as follows". So yes, they do say they delete it. Also, Mozilla has a better track record with respecting user privacy than anyone else in this space. (And where is their intention to advertise?)

[justcommenting]

i agree that Mozilla has a better track record than most large tech companies in most areas, but that also sets a pretty low bar. i'm more of the opinion that if Mozilla really were as committed to user privacy as they claim to be, they might not respond so flippantly to questions about server logs. If it wanted to, Mozilla could even stop logging "certain temporary data such as your IP address."

regarding Mozilla's intention to advertise: http://www.zdnet.com/mozilla-clarifies-defends-firefox-ad-po...

[crankycoder1975]

Monitoring server logs is how we detected and implemented protection from a botnet scouring the database for SSID information.

[justcommenting]

there are indeed many useful ways that server logs can positively contribute to improving user privacy; i just thought the attitude of "well of course...that's what everyone else does" (even though that's true!) was dismissive of good-faith privacy concerns.