"When you install Vivaldi browser, each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution."
Is this information enough for them to uniquely identify and track each user?
Hey, here's Gaëlle Medeiros-Logeay, Data Protection Officer at Vivaldi.
The data we collect is not personally identifiable, and we try to keep it as minimal as possible. :)
We're not in the business of collecting data, and we do not sell them to advertisers like others do. The collected data helps us to understand where most of our users come from.
Our stats show us which country our users are located in and nothing more. We don't do data profiling. We just look at trends.
We don't see any browsing history, it's all stored locally so that only you can see your own browsing history. If you use Sync, then the data is encrypted.
> The data we collect is not personally identifiable, and we try to keep it as minimal as possible. :)
Hey Gaëlle!
Huh? Unique ID + /24 + screen resolution is the opposite of "not personally identifiable". You may not use it that way yet, but that's only because no one applied enough incentive or force yet.
That is an interesting site. It made me think that the best way to avoid this tracking is to have the most common OS with the most common Browser and all default settings.
I am a linux and firefox user in Brazil. I am probably very easy to track combining this information with my geolocation and ISP.
Is there a way to opt-out or disable this telemetry? Under privacy laws isn't Vivaldi supposed to give users a choice: whether they want to be tracked or not?
1) each installation profile is assigned a unique user ID that is stored on your computer
2) every 24 hours it sends IP, ID, version, cpu architecture, screen resolution and time since last message
3) then we store the resolved approximate location after using a local geoip lookup
So, what they have for each ID:
approximate location, CPU architecture, screen resolution. They can easily know places you visited.
From Quant's privacy policy: "French law makes it mandatory to keep some connection data (e.g. user ID used, URL or position, nature of the operation, time…) for one year."
To be exact, it is 'the IP address of Vivaldi users by removing the last octet of the IP address'.
It's true that they can still approximate location based on that. But unless you're travelling a lot so that you've many locations in their record, it's impossible for them to identify you.
Statistically, if they geolocate you once per 24h, they will find you either at home or at work. Once both locations are known, determining which is which does not strike me as very hard.
If you are working in any bigger company they have more than a C class, so they can identify company. If you go there frequently you are employee. You can infer how often /24 changes, means you are traveling or even commuting between work and home. You can't infer exact location but some close area can be guessed. They have a set of data for bigger group so they can create highly probable guesses what people may be doing and where they are.
Identifying a user does not have to mean that they can know your home address and name. Identification can mean that one is able to determine whether a user is the same across two separate instances of usage/visit.
Searx seems like the best option in this space, since you can host your own instance and avoid having to trust anyone (except the developers, assuming you didn't audit the code yourself).
Firefox is developed by a for-profit corporation the Mozilla Corporation, which is a wholly owned subsidiary of the Mozilla Foundation. It's of course not to say that the Mozilla Corporation is an evil profit seeker, but merely a perspective.
I for one think that modern web standards are used by most web site authors not in users interests. Therefore implementing those standards in good faith not necessarily mean implementing an _user_ agent. Firefox is great, but web as it is mostly served is increasingly not. I just would like to see an user agent dedicated to users, not standards. Even if it would mean omitting JS and most of CSS. I would use it for information seeking and Firefox for necessary web apps.
> Firefox is developed by a for-profit corporation the Mozilla Corporation, which is a wholly owned subsidiary of the Mozilla Foundation. It's of course not to say that the Mozilla Corporation is an evil profit seeker, but merely a perspective.
"wholly owned subsidiary of the Mozilla Foundation" is the more important part here, because the Foundation is nonprofit and eventually has authority over the corporation, so the latter can't decide on its own to sell out.
The corporation needs to be able to make a profit not as an end in itself but to make strategic savings in case things get more rough with Google.
Thanks for clarifying what it means, though it's amusing free software detractors are still using this trick (guess that how "fake news" is used to make people act against their own interest.)
There's no other browser developer that's focused on user rights online other than Mozilla. These days it can't be just features and performance, though Firefox does not need any help in that respect either. Current version are simply brilliant.
Pretty rough, but that's not a too unrealistic scenario given that Google is a pretty aggressive competitor in the browser market and there are hardly any other search engines that would be good enough to be the default in a mainstream browser. (Mozilla tried with Yahoo but they couldn't deliver the quality users have come to expect.)
Have you checked Mozilla's expenses too? It has around 1200 employees, I think, and a few offices around the world, data center costs etc.. If you want to be able to independently keep that going for a few years, you need a big war chest.
I just would like to see an user agent dedicated to users, not standards. Even if it would mean omitting JS and most of CSS. I would use it for information seeking and Firefox for necessary web apps.
What I'd like to see is a memory safe JS interpreter (no JIT) - yes, it will be slow, but 90% of websites don't need JS go that fast, but JIT opens up a security can of worms.
So if I go to Google docs, I can toggle spidermonkey (or whatever Firefox's JS compiler is called nowadays), but if I go to $randomwebsite, I'll get a secure and usable web.
Fair point. Of course, to a FOSS purist, it's still not good enough, as mere source-inspectibility isn't enough to qualify as OSI Open Source, or as FSF Free Software.
Firefox is becoming more user hostile with each revision, though. I've been using Waterfox as a more privacy-conscious alternative, but long term I'd like to see a new, fully open source, privacy focused, user-first browser that doesn't phone home for any reason. Waterfox is 99% there, but I feel the developer is having issues moving it to the Firefox Quantum release due to all the extra crap Mozilla shoveled into that release.
The bulk of the user-hostile bits are in this list[1] of what's removed from Firefox for the Waterfox builds, mostly telemetry and tracking, Pocket, ad-supported nonsense, and DRM (for those who prefer a DRM-free first class browsing experience).
Waterfox also allows users to continue using "classic" extensions that Mozilla completely abandoned, and the developer has committed to staying with Firefox ESR until he feels Quantum has reached a point where he can switch to that codebase (i.e. maintain older extensions while allowing new features).
Thanks for the explanation. The telemetry/tracking stuff is what I'm mainly concerned by (and was previously aware of) but I balked at the idea that they'd introduced something more in Quantum that I hadn't yet heard of.
Ironically I'd be far more interested in switching to Waterfox if it switched to Quantum. Not only is the new extension's API far nicer than the previous one for new developers starting new extensions (yes porting old extensions is a pain, and sometimes impossible due to lack of feature-parity) but it's much more secure, which should be a priority for something focused on protecting a user's privacy. Furthermore, I wasn't aware until reading your linked list, but it appears Waterfox allows installing unsigned extensions by default: is this true? The unsigned config value is already very easy to set in Firefox, but having it set by default is just asking for users to shoot themselves in the foot in terms of leaking private data to extensions.
The porting effort from Mozilla's side can hardly be described as "developer-hostile" either; they've continuously added APIs for specific 3rd-party extensions on-request, and had a 2+ year compatibility roll out with plenty of shouty warning.
> Furthermore, I wasn't aware until reading your linked list, but it appears Waterfox allows installing unsigned extensions by default: is this true?
Yep and that's one of the reasons I say Waterfox is 99% there. I actually set that back to the Firefox default.
My biggest gripe with Firefox is its tendency towards making privacy hostile telemetry opt-out instead of opt-in, while still claiming they are the most privacy focused browser. They should either switch to opt-in, or remove language from their promotional materials and blog claiming to be privacy focused.
It is not really user hostile - but it is developer hostile IMO. The person you replied to did not claim the Firefox Quantum stuff was user hostile either.
I'm just curious about what they're referring to (user- or developer-hostile). What is it that you find developer-hostile?
They mentioned user-hostile in their first sentence and then went on to say the Waterfox devs were having difficulty with Quantum, so I'm really just asking about either.
I am generally just curious, as a user of Firefox. I currently trust it more than Chrome but I'm concerned if there's a trend of disimprovement.
I've commented on HN before about my concerns with some Mozilla initiatives (mainly Test Flight, but others too), but I was under the impression that Firefox core work was of a better standard.
The browser that's has Google Analytics integrated, comes with pre-installed third-party tracking app, and that reports home every UI interaction you have? No, thanks, I'll stick with Iridium.
You're talking about the same Firefox that displays ads on my home page by default, sends analytics to them by default, and is owned by a foundation that is owned by a for-profit company?
I have been using Qwant for a couple of months now, overall it gets to the point, but I find myself using "!g" quite often (which is also the case with duckduckgo ..
As long as Bing doesn't get direct access to the metadata of the device making the query why does it matter? I assume they're not using the Bing API straight from the client browser, are they? They're basically proxy-ing Bing's results and add their own features on top of that. At least that's how I understand it.
Privacy is one but not the only problem with centralised web search.
The other big problem is manipulation of search results.
Of course it already happens for ads and filesharing and that is bad.
But worst is when they do it for political reasons. Bing cannot tell who you are, but they can still promote their own agenda by tweaking the ranking of search results. Blog against MS? Send it to the 10th page or hide it entirely. Of course I use here a very innocuous example. You can imagine the power of tweaking search results. You can change the perception of reality, essentially.
Well, you're still sending information to Bing. For example, let's say you want to know if someone patented idea X. You can search for X on Qwant, but since they send the information to Bing, now Microsoft knows about X and they can scoop you. Just one example.
But those are just cookies related to the functionality and the personalization of the search page. I guess they could have written that they do not have any tracking cookies, but I guess the intent was to be clear to the average user: "we are cookie free", therefore we do not track you.
Except that the "h_user: 9019....." part looks like a unique user ID that you don't need for any personalization or functionality. Unique IDs are only useful for tracking.
"When you install Vivaldi browser, each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution."
Is this information enough for them to uniquely identify and track each user?