AI Summary:
Overview:
- Mozilla is updating its new Terms of Use for Firefox due to criticism over unclear language about user data.
- Original terms seemed to give Mozilla broad ownership of user data, causing concern.
- Updated terms emphasize limited scope of data interaction, stating Mozilla only needs rights necessary to operate Firefox.
- Mozilla acknowledges confusion and aims to clarify their intent to make Firefox work without owning user content.
- Company explains they don’t make blanket claims of “never selling data” due to evolving legal definitions and obligations.
- Mozilla collects and shares some data with partners to keep Firefox commercially viable, but ensures data is anonymized or shared in aggregate.
That’s good and I’m genuinely glad they’re trying to clarify it, but it proves yet again that their top management is out of touch with reality and their users: somebody (most likely more than one person actually) had to sign off on these changes and the message they sent out - this whole thing could have been avoided if they understood their users better (and/or if they actually cared nore about what users think).
Google funding allows them to be big and inefficient, which means a lot of tops paid well and thinking themselves fashionable FOSS leader people or something.
They can live without it. They’ll have to cut most of the organization and return to being an open project developing a web browser.
That doesn’t sound cool for people not doing useful work. Like me, I’ll get to my shit instead of typing comments.
“I am doing things that are not selling your data which some people consider to be selling your data”
Why is he so cryptic? Neil, why don’t you tell me what those things are and let me be the judge?
Louis Rossmann had a good video about this. Basically, California passed a law that changed what “selling your data” means, and it goes way beyond what I consider “selling your data.” There’s an argument here than Mozilla is largely just trying to comply with the law. Whether that’s accurate remains to be seen though.
Then how about putting that in the language? “We don’t sell your data, except if you’re in California, because they consider x, y and z things we might actually do as selling data.”
Exactly!
Hetzner kind of does this, where there’s a separate EULA for US customers that lays out precisely how they’re screwing you in that jurisdiction (e.g. forced arbitration). I’m not happy about that, but I appreciate having a separate, region-specific TOS.
If some wording only applies in California, state that. Or if it’s due to similar laws elsewhere, then state that. And then detail which features collect data, why, what control you have, and how you can opt-out. Maybe have a separate mini-TOS/EULA for each major component that gets into details.
But just saying “you give us a license to everything you do on Firefox” may appease their legal counsel, but it doesn’t appease many of their users, especially since they largely appeal to people who care about privacy.
At this point I care about ownership of what I do on my browser, Chrome under these guidelines is a better alternative (and that’s a low bar)
How is chrome better? It’s literally run by an ad company, and there’s no way they have a better TOS.
It’s not it’s just slightly less bad than Firefox on the perspective of ownership,
E.g.: under the new guidelines by Mozilla you’re not allowed to bookmark pornhub
This is thanks to Mozilla’s focus on “privacy respecting “ advertisement and ai, go to any open source conference and you’ll see a list of ai talks by them.
——
Don’t get me wrong I implore anyone to move to any browser that isn’t; Chrome, Edge, Firefox, Opera
I’m pretty sure this person is making a joke using a fake exaggerated “answer” from a corporation to highlight the absurdity of their double speak. I doubt something this insane would come from an actual spokesperson.
I’m getting that now too. I don’t know the players in Mozilla. The quote without context made me think this was one of those Mozilla execs.
Some jurisdictions classify “sale” as broadly as “transfer of data to any other company, for a ‘benefit’ of any kind” Benefit could even be non-monetary in terms of money being transferred for the data, it could be something as broadly as “the browser generally improving using that data and thus being more likely to generate revenue.”
To avoid frivolous lawsuits, Mozilla had to update their terms to clarify this in order to keep up with newer laws.
I think this is a reasonable explanation.
But I also believe a large part of the firefox user base does not want any data about them collected by their browser, no matter if it is for commercial purposes or simply analytics / telemetry. Which is why the original statement “we will never sell any of your data” was just good enough for them, and anything mozilla is now saying is basically not good enough, no matter how much they clarify it to mean “not selling in the colloquial sense”
Which is a ridiculous thing to want for most users and exposes how little so much of the self-identified “techie” crowd actually understands about how this stuff works.
The first 6 years of Firefox were done without telemetry and after it was implemented it was opt-in for a while.
While I see the use of telemetry for development purposes, I would not call it aridiculous thing to not want
I more meant that the average user actually wants a significant amount of data collection and telemetry, as part of their normal web usage. There are some true privacy geeks who are actually maintaining near-anonymity on the modern internet, but there’s a lot of people who get riled up about things like this while using Android phones, or signing up for loyalty programs, using corporate social media, etc.
I agree, I don’t want my browser provider to collect any data on me at all, but if they absolutely must gather the absolute minimum system analytics stats or such they should NEVER pass it to a third party for ANY reason.
You make a desktop browser application, that’s your job, to provide a portal to the world wide web, nothing more. Stay within your bounds and we’ll never have any problem.
I mean…if they pay for the service of external analization of data in exchange of money, how is that a sale of goods/data?
Ask the lawmakers who wrote the laws with vague language, because according to them, that kind of activity could be considered a sale.
As a more specific example that is more one-sided, but still not technically a “sale,” Mozilla has sponsored links on the New Tab page. (they can be disabled of course)
These links are provided by a third-party, relatively privacy protecting ad marketplace. Your browser downloads a list of links from them if you have sponsored links turned on, and no data is actually sent to their service about you. If you click a sponsored link, a request is sent using a protocol that anonymizes your identity, that tells them the link was clicked. That’s it, no other data about your identity, browser, etc.
This generates revenue for Mozilla that isn’t reliant on Google’s subsidies, that doesn’t actually sell user data. Under these laws, that would be classified as a sale of user data, since Mozilla technically transferred data from your device (that you clicked the sponsored link) for a benefit. (financial compensation)
However, I doubt anyone would call that feature “selling user data.” But, because the law could do so, they have to clarify that in their terms, otherwise someone could sue them saying “you sold my data” when all they did was send a small packet to a server saying that some user, somewhere clicked the sponsored link.
I would definitely call that selling my data. The recipient can now add that to my profile as an interest.
The recipient doesn’t get any identifying data about you, because the data that shows the link was clicked does not identify you as an individual, since it’s passed through privacy-preserving protocols.
To further clarify the exact data available to any party:
- The ad marketplace only knows that someone, somewhere clicked the link.
- Mozilla knows that roughly x users have clicked sponsored links overall.
- The company you went to from that sponsored link knows that your IP/browser visited at X time, and you clicked through a sponsored link from the ad marketplace
There isn’t much of a technical difference between this, and someone seeing an ad in-person where they type in a link, from a practical privacy perspective.
Their implementation is completely different from traditional profile/tracking-based methods of advertising.
“ChatGPT, I need your help. Please pretend to be a lawyer that recently suffered a severe concussion and write me something I can post online that will male this situation slightly weirder.”
Neil doesn’t need a chatbot with sparkles for that, he’s plenty capable to take absolute piss himself. 😁
some people consider indirect, cryptic answers to be complete
Really? I would think most would consider them for what they are: evasive and probably deceptive
all sorts of people are super satisfied with answers that don’t answer the question….
people tell me that all the time….vague to be exact, keeping it vague, so its up for interpretation on thier part, and they can use the vagueness as an excuse.
Oh, it’s perfectly clear. We got the message. Mozilla are not to be trusted with our data.
Reread it, double negative.
Edit: oops, sorry. Removed this myself for being wrong.
Mozilla collects and shares some data with partners to keep Firefox commercially viable
How hard is it to be specific? People are concerned about this, can they not tell us the exact data they share and with whom, or is doing so going to make people more concerned so they are avoiding telling us?
They can’t be specific in the legal note because that would close their options and prevent them from auctioning off every month to the new highest bidder.
They certainly could keep a page of what they’re currently selling to whom, but even if it was innocuous (doubtful) that would again put them in the news every time they changed it.
Tried and true
legalPR strategy: say nothing and hope the attention goes away
I didn’t sell your shit, I collected it and shared it to keep myself comercially viable.
Surprise Mechanics 🤗
Mozilla says that “there are a number of places where we collect and share some data with our partners” so that Firefox can be “commercially viable,” but it adds that it spells those out in its privacy notice and works to strip data of potentially identifying information or share it in aggregate.
Sounds like they’ve already been selling (or trading) data and this whole debacle is a way to retroactively cover their asses.
google is probably thier number one customer for the data.
Yeah. And their privacy notice is basically a mix-match of ten or so sections that have no place in a web browser privacy policy, that allows them to do the things people reproach them for doing.
It’s like saying “we’re not doing that, because we’re limited by that document that allows us to do just that”. And now they’re tripling down on it.
Too late, I switched to Floorp.
Because of privacy stuff? No. Because of repeated drama? Yes.
I don’t have time for this stuff. I don’t have time to track every minute twist of the knife that Google’s funding drives Mozilla to embark on.
I’m bored of using software and watching it go through “death by a thousand minor dramas”
So now I use a web browser that has a name so stupid I don’t even recommend it to other people. Brilliant.
The drama isn’t exactly their fault. There are a lot of rich organizations that want them to cease to exist. Most of which want track you online and/or shove ads down your throat.
A fair amount of drama is exactly their fault. Mozilla chose to increase management pay and fire people, Mozilla chose to flirt with ai, Mozilla bought an ad firm, and so on. It’s not like someone was holding a knife to their throat.
Floorp isn’t recommended for its privacy features anyway, it’s recommended by users for the amount of customization you can do. It’s got some features that Firefox has that I don’t want to do without.
Even if the name sounds stupid, you should still recommend it to other people :D
Have been doing so for a few months and haven’t had any negative feedback.
Truly an outstanding move
Try zen browser. It’s just like floorp but has that Arc browser aesthetic.
I was a floorp user until I tried zen browser. You should give it a try too.
Never heard of this one before. too bad it doesn’t have a mobile version as well.
Floorp is a new Firefox based browser from Japan with excellent privacy & flexibility.
💀
The magic of forking!
✨
Too late. That wasn’t a typo, Terms are going downhill from here. I’m gone.
We saw it with reddit and that place is fucked now. Seems no one can be content with their status, they all need more.
A FOSS browser has and never will require collecting user data.
This should not happen at all.
Certain features certainly could be considered as doing that, such as:
- Firefox sync
- crash reporting
- add-on store
I certainly want those. And then there are others that I don’t want:
- telemetry
- studies
- AI
My understanding is that this change is primarily motivated by a recent law change in California that has a pretty broad definition of “selling user data” and this is less likely to be a fundamental change in how Mozilla operates. However, let’s see what they come back with.
That second list should also include
- Ads
Because ads in the search bar results are one of the things Mozilla cited as precipitating the need for ToS.
Is that a pocket thing? Because I disable pocket and changed the default search engine.
If they laid out precisely which features result in data collection by Mozilla and how to disable them, I’d be pretty happy with it. However, if they’re unilaterally collecting data and not really separating concerns, then I’ll need to find something else.
What do you think a browser does?
The browser manufacturer doesn’t need a license to my inputs to process them and give them to the server it’s supposed to give them to. If you type a text in Libre office, does it ask you for a license to the text in order to save it?
No, but that’s a local program processing and saving data entirely on your system. It’s a world of difference from what a web browser does, which is oversee a whole suite of protocols connecting you to remote servers and transmitting data back and forth in requests that build on and reference each other. With the complexity of modern web interactions, there’s a ton of reasons why a browser might need to store your data and share it with others, even ignoring profit-seeking motives.
And let’s remember that the last thing Mozilla got heat for was the introduction of a method to anonymize bulk user data for sharing & selling purposes, as opposed to the granular, extremely invasive tracking that 99% of websites are doing these days.
I see a company that needs to make a decent amount of money in a crazy competitive environment, that’s trying their best to do so in the way least destructive to user privacy and choice.
Not even the lemmy instance you’re on needs a license to your content, and it is stored there and displayed for the world to see. Why is that? Because storing and displaying your posts is the very thing you want it to do. That is the service it is providing for you, and you declare that you want it to do that by clicking “send”. They would need a license if they wanted to do anything else with your stuff, which doesn’t directly have to do with displaying your posts in the fediverse.
The browser is supposed to take my requests and inputs, carry them to the server that I’m talking to and bring back the answer. The mail doesn’t need a license to my letters. That only changes if they want to open them and do something I originally had not intended.
But you know who claims a license to your content? Meta. Because you’re the product there, not the costumer.
And let’s remember that the last thing Mozilla got heat for was the introduction of a method to anonymize bulk user data for sharing & selling purposes,
as opposedin addition to the granular, extremely invasive tracking that 99% of websites are doing these days.Ftfy. It’s never going to replace more invasive tracking and just constitutes yet another party collecting my data.
I see a company that needs to make a decent amount of money
Mozilla already makes enough money from passive investment income. They don’t need to make any money from Firefox at all (but they do, it’s from google). They also don’t need to pay their CEO 6 Million a year.
Edit: Typo
this is them rolling it back cause of the outcry, they don’t want to admit it worked
The terms were never actually bad. This is them responding to the backlash, yes, but that’s just because everyone freaked out over nothing. They’re not “rolling back” anything, and this comment is just more disinformation.
The proof that even techies can confuse « rollback » and « fix ».
They have no business collecting any data in the first place. If I wanted my data collected I’d be using Chrome like everyone else. I’m not choosing to use their buggy ass inferior and slower browser for any of Mozilla’s services, I’m choosing it because I want to support non-Chromium browsers and regain my privacy.
There’s no point whatsoever to using Firefox if it’s just a worse Chrome.
Even if Firefox is selling your data, its still 10x better than chrome since they allow uBlock Origin. Fuck chrome and fuck ads
Telemetry benefits everyone, knowing which features are getting used, knowing what parts are causing crashes… It lets developers target what to improve and fix instead of going in blind. I get that collecting data can be scary, because so far everyone has been busy selling that data. But there’s a reason why data is so valuable, if it’s properly handled and anonymized it benefits everyone using firefox.
if it’s properly handled and anonymized it benefits everyone using firefox
glub glub much?
There is no justification for opt-out telemetry data collection, and there is no proper handling of data obtained despite user pushback. Also, properly anonymizing large data sets is not as trivial as you think. Even “fully anonymized” data set, assuming everything’s possible’s been done, can lead to correlation when added with other data. Even “cohorts” can lead to the creation of an aggregate group with so few individuals that it basically boils down to individual tracking.
Why do you think people are so vocal about not letting any of this happens in the first time? It’s not for blind idealism. It’s basically because even a minimum waiver on “supposedly anonymous” data is a huge blow to your privacy. And some people care about that.
Besides, Mozilla’s been pushing for a shitton of features that are constantly blamed for Firefox becoming as bad as its competition, and constantly turned off/removed. If they cared even a tiny bit about user feedback, the last… 3, 5 years of decisions from Mozilla would have been very different. Feature usage telemetry is a joke to make people accept their bullshit; the only thing that influence feature development is management or very heavy pushback, and that happens in dev issues, not with telemetry feedback.
glub glub much?
That’s a nice way to start and end a discussion.
How convenient for you.
It’s exactly the level of discourse your misinformation deserved.
While they have to be careful, there can be reasonable ones to help what they do/stop doing.
Example, “x% of telemetry enabled users enable the bookmark bar”, not particularly useful for harmful purposes, but if it were 0.00%, then they know efforts accommodating the bookmark bar would be pointless. Not many users would go out of their way to say “I don’t use some feature I’m ignoring”, and telemetry is able to convey that data, so the developer is not guessing based on his preference.
That being said, the telemetry is so opaque that it’s hard to make an informed decision as to whether the telemetry in question is risky or not. Might be good to have some sort of accumulated telemetry data that you can click to review and submit, and have that data be actually human readable and to the point for salient points.
It lets developers target what to improve and fix instead of going in blind.
I’m sure they’ll make do
No, fuck that and quit bootlicking. Software makers did just fine without telemetry for decades; your supposed justification is nothing but a bullshit lazy excuse.
Software makers did just fine without telemetry for decades
They actually did not, almost every software out there is mining your information. Software developers rely on and need data, you can’t guess what people want. Whether it’s from studies, testers, surveys, or telemetry, developers need information about what users like, what they don’t, how they interact with the software… This is what makes data so valuable, and why businesses like Google can exist. Denying open source software telemetry is shooting yourself in the foot.
. Software developers rely on and need data, you can’t guess what people want.
Why would I want software developers (particularly web browser) to guess what I want? I will tell them what I want, otherwise they have no business serving it to me.
If I’m not offering that data, it means I don’t want you to have it. Simple as that.
I will tell them what I want
You might, but 99% of users will never take a step towards giving any feedback whatsoever.
Yes, which means they don’t want anything from them. Rather than seeing those people as nothing more than potential profit, just move on.
Yes, which means they don’t want anything from them.
And yet they’re using the application. Don’t you want the applications that you use to work better? This is what telemetry enables, the ability to give feedback without jumping through 10 hoops, creating an account, responding to a survey, or whatever other method you’re thinking of to give feedback.
I think it’d be less creepy if there was an easily accessible public dashboard displaying this telemetry. E.g. like counters showing how many people hide the bookmark bar. If you can instantly see what data your browser is sending in an easily digestible format (ie not a dump of JSON in a submenu), it’s easier to gain a quick understanding of the benefits vs minimal privacy tradeoffs.
But it really depends on trust: trust that they’re not collecting more than they claim, and trust that the data is properly anonymized. Mozilla has lost that trust.
Me looking at Mozilla like: https://pbs.twimg.com/media/GHShUPtagAANgks.jpg
What’s the alternative for Android? Fuck Chrome I want to move off this shit onto something that actually gives half a shit about me.
Fennec on F-Droid, which is Firefox fork
Boy have i got a treat for you, Ironfox! the continuation of Mull
Will check it out, thanks.
IronFox
Tor. Anything short is freely giving your data away. If you’re looking for something that isn’t based on Gecko or Chromium there is the DuckDuckGo browser, which is WebKit. I can’t attest to how good their privacy policy is though as I have no idea.
Tor Browser doesn’t include uBo (on Android at least) and their ad blocking is abysmal. Its great that no one can trace your IP but completely useless since it doesn’t do anything to block trackers.
Anything short is freely giving your data away.
Misinformation.
cool, sounds good. (the Community gif where Troy walks into the room with Pizza, Pierce has been shot, and there’s fire everywhere)
Too late. I’ve already moved to another browser
Which one? There is literally nothing else.
Zen, Librewolf, Waterfox, Mullvad Browser to name a few
Is mullvad chromium based?
Nope, Firefox based. It’s basically Tor Browser w/o Tor.
No, Firefox
There are so many Firefox forks, just try them out and pick you poison.
Since others have already commented some suggestions, I’d like to add Floorp.
I use it on desktop
Removed by mod
Pornhub now remembers what sort of porn you like while browsing incognito. Is this also happening with other browsers? I just don’t wanna have my wife know what kid of bdsm I really like. It keeps things fun that way. Fun, gun, hun, nun, are all too close on the keyboard. Autocorrect can’t fix that.
yet you missed the elephant in the room.
kid
Pornhub now remembers what sort of porn you like while browsing incognito.
Are you sure? All incognito windows run in the same memory space. If you open one window and do something in it, that session data is available to any other open incognito window open. To clear this ALL incognito windows need to be closed. Once they are all closed, you should be able to open a single new one and have no remnants of the previous sessions left over for the website to know you. The exceptions to this are if they are tracking activity from your IP address or if they are using Browser Fingerprinting on your session so they know even if you come from a different IP they know its your computer.
I run into the IP tracking sometimes. The wife will be doing searches for some specific thing, and I’ll see youtube recommendations show up on those topics even though I’m running youtube via incognito on completely different hardware (but we’re both using the same public IP).
I’m pretty sure there’s something even more perverse happening maybe IP tracking. Maybe phone location tracking. Like when I search for stuff on Google here at home on my phone that stuff appears on my work Google (where I have never actually logged in to Google with any account). It maybe a server side user profile tracking system that we haven’t seen before. Instead of tracking a user via IP, you look at a location… Then you look at what people are searching for in that location and you develop a profile for that particular hardware ID.
reddit does the same thing to, to identify ban evaders, except reddit turned it up a notch in doing this. i think only anti-detect browsers can alleviate that
Maybe this?
