Hacker News new | past | comments | ask | show | jobs | submit login

There's a config-flag to turn it off. You could even deploy that enterprise-wide.

That said, every auto-update system is essentially an RCE system. For highly exposed and security-sensitive applications like browsers, the auto-update is a net win in many deployment scenarios.




Isn’t it kind of ironic that you mention a user flag to turn off telemetry that is on by default on a post about “defaults matter”?


Yes.

Telemetry and auto-updates are important enough that having them on by default isn't wildly unreasonable.


Auto updates yes for security. But why would telemetry be important to the end user - especially for a “privacy focused browser”?


https://docs.telemetry.mozilla.org/concepts/choosing_a_datas...

The nice thing is that you don't have to ask. You can look for yourself. Mozilla's pretty transparent about what they have and what is in it.

Turns out telemetry is good for things like finding / addressing crashes and seeing if updates have gone out properly.

Also, I seem to recall being explicitly asked if I wanted to participate. But my memory could be failing me.


No browser is really "privacy-focused". Performance, security, stability and Web compatibility are all table stakes for Web browsers. If you aren't competitive at those, it doesn't matter what else you do, your product isn't viable. And telemetry data is really valuable for achieving all those; without it, you'll waste a lot of resources fixing the wrong things. Mozilla certainly can't afford to do that.

Once your browser is competitive at those table stakes, only then can you give it a "privacy focus" to differentiate from Chrome.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: