from ell1e@leminal.space to privacy@lemmy.ml on 11 Mar 10:09
https://leminal.space/post/32970539
Firefox is trying to gain back user trust with this video: www.youtube.com/watch?app=desktop&v=O-xyNkvIB9g
This is a legit question: Should anybody trust Firefox again unless they put “we won’t sell your data” back into the privacy policy? I’m actually not sure if they haven’t already done so, let me elaborate:
brave.com/privacy/browser/ Brave: “We do not sell, trade, or transfer your information to any third parties.” This seems to obviously be in the legally binding text part. As is this one: “It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers.” (Disclaimer: I’m not a lawyer.)
However, for Firefox it seems ambiguous to me, which worries me: www.mozilla.org/en-US/privacy/firefox/#notice There is no appearance of “sell” in the entire privacy document, excpet for the top summary where i’m not sure if it’s at all legally non-binding.
Does anybody know if it is legally binding? If Mozilla were serious about it, why would they leave it ambiguous whether it is…?
Based on that, I’m not sure if Mozilla’s video about getting users back is worth trusting. I wonder if it’s just me.
Update for clarification: I’m not using Brave myself, and this isn’t a suggestion anybody should blindly do so.
threaded - newest
Problem with FOSS movement happened is not all parts are self sustainable. Which leads to market fit revenue system which is basically selling data as of now. Hope this changes in future.
They legally cannot state that they will not sell data, because - according to some states’ laws - things like “XX% of users utilise Google as their primary search engine” is already “selling user data”.
Because they use user data to calculate that percentage, and it’s being used in relationship with Google who is paying Mozilla.
If this one corner case is the reason, why doesn’t Mozilla put it into the legal text? I feel like the ambiguity hurts their position here. That Mozilla is silent about specifics in the legal text, seems rather scary to me.
Because it’s not one corner case. There are multiple - they have other sponsors and advertisers.
I meant specifying the corner case of what exact type of data is shared, not an exhaustive list of companies it’s shared with that would inevitably go out of date.
You mean this?
You mean this?
They, and everybody else who shares user data, are legally obligated to keep track of said data and have that published and available for both users and other companies.
“Technical data”, “Interaction Data”, very specific, uh-uh. (I’m being sarcastic.) The latter especially sounds like it can be literally a keylogger.
I would love for Mozilla to fix this, which is why I try to be pragmatic and concrete. But so far, they don’t seem willing to do so.
Here’s the problem - people don’t care if the information is there or not. Microsoft has been disclosing their required telemetry data for years and people still thing it’s an invasion of their privacy.
Take you for example - I gave you a source, you checked 1/3rd of the information in it and started complaining.
Why am I assuming you didn’t bother to read the whole thing? Because you’re claiming that “technical data” is too obscure of a term to figure out what it is. “Interaction Data”, in your words, “can be literally a keylogger”, right? Well, it’s very clearly defined in the table:
Which of these would you consider to be “literally a keylogger”, hmm?
The reasoning for Firefox changing their policy is that legally, in some jurisdictions, a sale of data is very ambiguous.
They are sending a “count of active users” to advertisers, which their legal team thinks counts as a sale of private data.
Is this good enough a reason? Up to you really. Their policy is fairly wide open for further actual data sales now, it certainly gives me an itchy feeling.
So why can Brave still have that clause? That’s what I don’t get. I also feel like Mozilla could try to do something like “we don’t ever sell your data, except this one corner case” and just explain it, but it seems like they didn’t even bother. (I could be completely misunderstanding things and perhaps I’m being unfair here. It’s just how it comes across to me as an uninformed doofus.)
You’d have to ask Braves lawyers. It could just be that Mozilla is more risk averse, perhaps brave thinks they won’t be sued.
It would be nice if they were clearer, but I think they don’t want to (or legally cant) define exactly what they do.
Maybe I’m just an old, cynical man (I’m 44) but it’s not like their policy forces them to follow it, I mean why trust that “they promised they won’t do it in their policy” means they won’t just do it anyway without telling anyone?
I think it’s mostly a defence against getting sued if they got caught. Chrome can point at their policy and get the case dismissed, Firefox would have to defend it in court and risk losing.
But you are absolutely correct, privacy policy’s are only as binding as your ability to enforce them, and you and I don’t really have any means to enforce them against a large Corp.
I switched to waterfox, I will never trust Mozilla again for a wide variety of reasons.
The problem with forks is that you need to trust the original party (Mozilla) AND the developer of the fork. Also, that fork will inevitably lag in security updates coming from the original party.
Firefox is still pretty customizable with user and enterprise policies, and most telemetry can be disabled. They have shown that they listen to their userbase, even if capitalism forces the for-profit part to make cuestionable decisions.
Which brings me to Phoenix for Firefox…
For them to sell your data, they need to collect it first. And as of now, all data collection can still be opted out of.
That’s fair, but that requires the trust that they won’t add any collection without telling people. And it seems like they kind of want a license for all data I enter into the browser, which again Brave doesn’t seem to do. It’s like Mozilla is going out of their way to look shady and to harm trust. It’s sad. I’ve been using Firefox for a looong time until I left it behind.
While I can understand not wanting to trust corporations and Mozilla has definitely become more corporate over the years, if they ever start to collect data without the ability to opt out, by (european) law, they need to inform the user about the data collection. So for now, I don’t see much reason to be alarmed.
It’s open source so you can inspect it. If you don’t know how to do that you can pay for a 3rd party audit.
Also if it were to be found out, even without being open source via some pack inspection (e.g. using a software that checks if data is being sent to a server, e.g. imagine starting Firefox on a virtual machine then checking if any data goes to e.g.
firefox.com) and it were to be published then their entire brand would be dead. So rationally speaking I don’t think that’s a worthwhile bet.Do you audit every release of any open-source program you use before you run it?
Open-source alone isn’t enough if the creators are known to do weird things.
I know you ask this question in jest but basically it cascades, e.g. if I trust Debian or F-Droid, then I trust that the applications they include in their distribution or store is both secure enough (no piece of software is perfectly secure) and actually does what it say it does. In turn I believe they do the same, namely that initially when an application is added to their collection, they do review the application and the code yes. Then each update is only a gradual check, if ever done, assuming nothing special happened, e.g. no main maintainer change. If it’s far from perfect, and as somebody linked else there are limits (e.g. en.wikipedia.org/wiki/XZ_Utils_backdoor ) but in “normal” situations it’s enough for me.
Anyway that’s just my perspective on the matter, on your problem specifically after a brief ~5min search I haven’t found exactly what you are looking for but here are still some examples of what I do find helpful :
Those though are mostly around security. They are definitely linked to privacy but still distinct. If I genuinely cared about the topic I would directly ask if organizations, non-profits, etc do think about the topic, e.g. Access Now, EFF, Exodus Privacy.
If by any chance you do find something helpful there please do share back.
The linked reports don’t seem too useful since 1. the first one seems some automated scan not a code review, and 2. the second one is “Firefox Accounts” and not a browser code review. My apologies if I"m missing something.
I personally think you shouldn’t run software that accesses such intricate personal information if you don’t trust it, if it can be updated to change to grab all that data.
Especially since Mozilla seems to potentially give itself a license to all your data, apparently.Update: This seems to only apply to “Mozilla Accounts”, my apologies for the error: www.mozilla.org/en-US/about/legal/…/services/Yes, and you should also brush and floss your teeth, do physical activities, buy local produces, recycle everything, do your due diligence on all political candidates, etc, etc. In practice we ALL have to make pragmatic choices. There are not a lot of browsers and basically for fully featured engines there are (arguably) only 2, Chromium by Google and Firefox by Mozilla. One is an advertising for profit company, the other is not. If you genuinely care a lot about privacy though you might not have to use either, you might be perfectly fine with much simpler browsers like Links or even lynx and I can tell you with a lot greater confidence that there no data will leak. You can also containerize your browser using e.g. docs.linuxserver.io/images/docker-webtop/ and then run within there whatever you want.
That’s not correct, you mean some data from your browser usage. I think it’s important to be precise here otherwise through shortcuts you try to convince yourself, and others, about a problematic situation that just does not exist.
So which browser do YOU trust and why?
.
They collect personal data before you even have the chance to opt out which is a clear violation of the GDPR. They promise to delete it within 30 days when you opt out, but is was collected nonetheless.
I need to manually opt out?
Trust is hard to gain, very easy to lose. And much harder to regain, once its lost.
I have been a Firefox user since… its Mosaic days. And even after Chrome became a thing, FF remained my default choice. It was just my browser, I would shrug at anyone telling me Chrome was so much better.
Alas, their recent switch in regards to data/ads and after that their focus on AI, after a few previous decisions of them that quite worried me too, convinced me to do what I had never imagined I would do: replace FF as my default browser.
I now use Waterfox, and if Firefox is still installed on my Linux box I have not used it since (I’m a liar: I clicked it once, out of habit). I just don’t feel comfortable using it, it’s not my browser anymore. It’s just a browser, like Chrome or Edge, some corp is trying to force feed me, and to screw me with. Thx, but no.
I would love to see FF change path and regain my trust. But this will take some efforts.
Same boat. Used Mozilla since back when you had to futz to get it to compile.
Fuck Mozilla. Fuck FireFox.
LibreWolf fixed what the Foundation and Board enahittified.
I feel more sadness than anger. Like I feel a lot more sad realizing younger people will probably not be able to experiment a free and truly personal web, like the elders among us did. That corporate-free Web used to be the norm… with its clumsiness and its many quirks, its ability to tolerate conflicting opinions too. Now, everything is policed and so… neutered. It’s also ad-saturated. It has turned into a TV, just worse.
Seeing Mozilla take that pitiful road made we feel a lot more sadness than anger, really. They were one of the few that were supposed to stand for another model. But I was not that surprised either…
Slap yourself. Don’t accept defeat. Rage, rage against the dying of the ’net
I still remember the Mozilla Internet Application Suite before the browser part was spun off into Firefox and the email into Thunderbird. Some of their moves have been disappointing but I’ll still never use Chrome
I remember that too.
BTW, Waterfox is a fork of FF ;)
The advice I’ve always read is to avoid forks because they usually get security updates slower than the main browser. Is that true of waterfox?
Thanks for tip
Used Firefox for god knows how long. Reading your post made me want to try out Waterfox and I must say I really really like it so far. Gonna keep using it and maybe I’ll even uninstall Firefox down the line.
No need to rush a decision, give it a swirl and you will see ;)
Single reason it’s my main browser still are addon functionality.
Interesting, it’s also not a chapter in browser.engineering
That being said I imagine Google messed up the whole landscape with its Manifest V3 situation.
Also I imagine after a certain expertise threshold, one can relatively easily re-create an addon themselves. I’m thinking people who are familiar with Tridactyl or GreaseMonkey might not be as sensitive as this problematic.
This is only for data that the user transmits to them in conjunction with feedback.
Here’s another quote: “It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers.” That one isn’t in the feedback section.
I think when they defended the removal they said they changed it because the definition of “sell” was quite broad in some jurisdictions
Have you tried waterfox?
Owned by an advertising companyNot true anymore, my badNo, that has changed since almost 3 years.
Source: www.waterfox.com/…/a-new-chapter-for-waterfox/
Please verify before you accidentally spread misinformation.
I was not aware this, will edit the comment. Thank you!
Buying the company usually means buying all of their user information as well. Other companies can change their policies too. I think you should judge them by their actions, and give them a chance to answer your questions before you condemn them.
(Did you try asking them about your concerns?)
Since there are alternatives, I don’t find that argument too compelling. I’m hoping people will continue to speak up about this though. Ideally I would want Mozilla to do better with their policy, assuming they actually act nice and just aren’t very good at making their policy sound like it.
Very funny to mention Brave like it’s a normal browser.
Why wait for that to start distrusting FF lemmy.ml/c/librewolf
Yeah I always love seeing Brave being mentioned as the better alternative to any browser.
Marketing works…
Reality does too.
Debatable
OP works for Brave. Original post is just an ad.
Could you link where they say that?
Regardless, they are afflicted by Lawyer Brain and need to hike it to BlueSky
I use Librewolf myself, but I’m concerned about upstream Firefox dying so this whole situation frustrates me. The only reason I mention Brave is because Brave is also a company (unlike Librewolf) and has a Terms of use to compare Mozilla to (unlike Librewolf).
I just know from a privacy standpoint that I always understood Brave to be a hardcore no even dating back to 2018.
That could be true, I honestly don’t know. The crypto stuff in Brave definitely seems weird.
Lynx doesn’t sell you’re data, use it
Maybe mozilla is just more honest than crypto and affiliate scammers? They all sell your data , just have to try and give as possible to them.
Don’t trust them. Trust open-source.
Use forks, and donate to known projects that exist for (at least) a few years.
Dunno. Ive already left. Now its on them to give me a good enough reason to consider going back.
To where?
Waterfox, brave, many options.
Brave is shit I don’t know why people keep recommending it.
Ok
Use a Firefox fork that respects you
That’ll eventually die the same way Firefox does because forks only survive by way of subsidized capabilities off of the work of the Firefox engineering team.
There is no winning here.
i’m going to be one of the last holdouts; refusing to switch to a chromium based browser. lol
My personal hope is if Firefox ever dies that the LibreWolf team will just use Chromium as a base instead. I’ll go wherever the LibreWolf team does.
Can you suggest one? Obvious it’s not LibreWolf due to lack of respect.
What’s wrong with LW?
They broke saving passwords workflow and disabled that popup to do it.
You can turn it on in settings. I use it and it works fine.
Which version do you use?
I use the latest version. I also have resist fingerprinting disabled and sync enabled. It’s been a while so I don’t quite remember but I think one or both of those might be required for it to work. I know resist fingerprinting disables a lot of stuff so for convenience I disable it and instead use a JS blocker.
Unfortunately, you’re statement from before is wrong. Saving passwords is broken. I just double-checked it Librewolf on the latest 148.0.2.2 version. By saving password I mean the “Ask to save passwords” in Private & Security settings. Librewolf completely ignores it. Librewolf folks do some very stupid UI things with their fork.
That’s strange. I just tested it on my machine and it is still working so there must be something weird going on that makes it only work for some people. I am using Debian and have it installed with extrepo, perhaps it is an issue with a specific release?
You’re really sure that you get this popup? <img alt="" src="https://lemmy.ml/pictrs/image/33dfb9ae-2b5e-4d86-8cb8-c8b763411b7c.png">
If so, can you pin down the exact version you use and the source you get it from? I think the last Librewolf that had
rememberSignonsworking was 134.I am using 148.0.2-2. It appears as a little key icon in the address bar and you have to click on it to open it.
<img alt="" src="https://files.catbox.moe/rer6xl.jpg">
nice, found it.
.
Shit post
Frustration post
You had me until you propped up brave as the good guy. I would sooner trust opera than brave. They’ve already been caught being sheisters with your data.
See here.
FWIW I don’t recommend starting a post about selling data while the very first link points to a Google product.
Consider next time not linking to YouTube but instead the blog post that linked to it and ideally an alternative more privacy conscious frontend, e.g. invidious.
It seems like the official original source for this video is Youtube.