1. Download installer from Mozilla from your home network - Mozilla now has your home IP and installer ID.
2. Transfer it via USB key to a secure, anonymous computer - one not linked to you, on a network not associated with you, such as public WiFi.
3. Install Firefox using that installer on said computer. It transmits the installer ID to Mozilla, which matches the one given to your home IP, thereby deanonymizing you.
4. Mozilla receives a warrant for this information, or it is hacked, or the organization is infiltrated by a single government or corporate spy.
Edit: It gets worse. Suppose a newspaper IT department takes care of providing Firefox and other trusted software installers to their reporters. Now Mozilla can determine who that newspaper helped with IT, such as journalists or sources. Or if you provide trusted software to your friends, Mozilla gets part of your social graph.
You know I let a lot of important things in Firefox slide (like the poor Webspeech API support, bad text-to-speech, some missing extensions and a lot of other things) but I still make it a habit to use it over Chrome (and recommend it to everybody) as somewhere in my mind it feels like a small revolt against the giant evil Google corp.
But stuff like this and other shenanigans in the past (like Mr.robot, misuse of funding, etc) is really off-putting sometimes. It really makes me feel naive and just drinking the support open-source kool-aid.
Firefox has no real competitive pressure and no need to improve. Google is their sugar daddy and Mozilla stopped innovating a decade ago. It's just constantly playing catchup while suckling on Google teats, desperately clinging onto relevance. Without Google nobody would pay for their browser.
At this point it'd be better for the web if we standardized on Blink and moved on, cleaning up some of the invasive tracking in Chrome but leaving the renderer intact. Gecko and Safari/Webkit are just holding back the web.
Firefox provides nothing but a bunch of incompatibilities these days and some warm fuzzies that honestly haven't been deserved for years and years. Modern Firefox is slow, bloated spamware.
Firefox has fixed a lot of issues in their Quantum release. It removed a lot of what you called bloat as well. In tests it uses a lot less memory on average compared to Chrome. The privacy settings have been extended even further in recent years. Chrome’s settings come not even close to it. The extension system is still more flexible than Chrome’s. It has some built-in features such as autoplay stop and audio control that Chrome lacks. I also think you’re vastly overstating the incompatibilities on Firefox.
Finally, isn’t it better if there are multiple browser engines instead of just one? This allows for more innovation and has done so in the past too. The past pretty much proves that Firefox has and still can innovate despite your assertion.
I also wonder why you are stating all this in such a polemic and vulgar fashion. “ suckling on Google teats”, “bloated spamware”. None of this is even remotely accurate. But anyhow, what’s the point?
Sure, you go ahead and believe that. Every release of Firefox I've tried, including the recent ones, have sucked and been full of spam.
I'm angry at them because how the hell did we get here from the beauty of early Firefox and Phoenix? They've become the monster they were trying to fight.
You don't agree with my assertions, that's fine. Its marketshare speaks for itself. People don't trust Mozilla anymore, with good reason.
I'm old enough to remember the news of a "young kid" taking on Mozilla, IE and Netscape with their super lean Firefox browser, that was 20 years ago. It was meant to be lean, with the ability to install additional optional functionality through Plugins.
Now Firefox is old and bloated (Pocket?). It never got to be "lean" (always struggling with memory leaks, bad performance, etc) and poor compatibility (not Firefox fault, but still Firefox problem).
Yeah, exactly. Somewhere along the way leadership lost their way and made Firefox into bloated adware and kept uglifying it and mutating its interface to be worse and worse every iteration, all while posting flamboyant front-page news that they've made some major innovation. They haven't, they just... sucked even more.
It's not about trust. It's about convenience. Chrome comes with Android, so it's more convenient to use. Most people already use Google as search engine, and Google spams you to get Chrome, so it's more convenient to just use Chrome since you're also using Google, somehow using both products from the same house should be better, right?
Yeah, but those projects are forever downstream of Firefox, no? Like they still depend on Mozilla to build new features and such, but then remove the Mozilla-y stuff before publishing?
I think the Chromium model has them forking from a shared base, and Google adds their own Chrome bits after that...? Or am I wrong?
I honestly don't know why Google keeps funding Mozilla. Maybe it's a "useful fool" type of situation where having an inferior browser they can financially puppeteer helps them set their own standards (via WHATWG), since Firefox tries to keep parity with Chrome. Having another browser toe that line maybe helps legitimize those standards such that Google can remain in control and not worry as much about W3C/Microsoft/Apple domination? I dunno. Just speculating here.
It matters less these days since Microsoft gave up and went Chromium and Apple just doesn't care about its browser. Maybe Google already won and Firefox is on its last breaths?
I changed my default browser few days ago back to Safari. In Firefox, I would usually click the first two items on the home page which would be photopea or reddit. That day, they put 2 sponsored items for Amazon and Trivago instead at the first 2 spots and I accidentally clicked the amazon one without realizing because that first item was supposed to be Photopea. That was enough to piss me off:
Advertising inside of Firefox is going insane, even if it’s just ads for Mozilla. Tabs that opens when you open FF, little lines on the home page, “Big browser takes care of your privacy” starts looking very creepy.
The asshole homophobe who was CEO for like a week? Yeah, he deserved that. If you're going to try to tell people who they can fuck, don't be surprised if they say fuck you right back. He deserved it.
Mozilla was on its downhill slide long before him anyway.
Yeah, by using a better browser... Mozilla is kinda incompetent these days and shouldn't be trusted with stewardship. All they do is posture and market. All the real engineering seemingly stopped a long time ago.
Arguably Google can't either but at least they provide the engineering talent, if not the ethical leadership. Mozilla just offers spam.
The first bug is because of daylight savings the was also in chrome. People mistakenly thought it was to do with brave servers being down.
The second one is people trying to install plugins from the chrome web store, apparently it has to do this through brave servers. I don't think it's entirely unreasonable that when installing a plugin from your browser that your browser has to connect to a server to do so.
Trying to present bugs as some sort of malware is dishonest, the source code is open if it was really phoning home why not just link that code?
> On 6 June 2020, a Twitter user pointed out that Brave inserts affiliate referral codes when users type a URL of Binance into the address bar, which earns Brave money. Further research revealed that Brave redirects the URLs of other cryptocurrency exchange websites, too. In response to the backlash from the users, Brave's CEO apologized and called it a "mistake" and said "we're correcting". [0]
Suggest everyone here read up on Brave - internally the care for privacy is much higher than Mozilla [I have worked for both] and things like P3A liked here are carefully designed to avoid leaking PII and implemented honestly somewhat begrudgingly.
I did, too. All I can tell you is that when I have Brave running on an M1 with four tabs open, it's consistently using 240MB of memory. When I fire up Firefox Developer Edition with the same tabs open, it starts at 660MB and quickly balloons up to 1.05GB of memory usage.
My experience also. I’ve slowly edged away from Firefox and have primarily been using Brave and Safari for the last 6mos or so. Brave just feels snappier, and it’s close enough to Chrome that most work required websites aren’t broken.
I currently have a number of Google Docs and Sheets open in Brave. Because of your comment, I started poking around. Try as I might, I couldn't break anything. That probably doesn't mean there's absolutely no way anything could be broken, but just anecdotal—I couldn't find anything.
a browser who does not develop their own code base but reuse google's, with a business model based on monetizing users attention to ads network while pretending to protect privacy and block ads.
I wonder what could go wrong here ? maybe their history of misbehaving with money and injecting affiliate links in users browsing or the security issues and leaks could give us a pointer or two.
Interestingly this is likely for privacy reasons in a roundabout way. Brave doesn't connect to Google and so had to implement much of the serverside functionality (updates, sync etc) itself.
All people are fallible — by this logic, you should stop buying anything at all. Someone associated with anything you purchase or use just might have a scary opinion you can't tolerate, and we can't have that, can we now? Oh the agony!
The threat model is reasonable behavior + a single warrant or data leak. It may not be the most likely way of compromise, but it's very possible, and such small insecurities add up. Mozilla should be making such compromise less likely, not more.
They add up in the sense that each increases the likelihood you will be compromised, and reduces the set of activities that you may safely and privately perform.
I can't believe the apologists commenting on this.
Firefox put a lot of effort into tracking download to install behavior. Maybe this is the only violation you know about. There's no reason to continue to believe in Mozilla's good faith. They've been captured, and are 90% dependent on Google revenue.
Firefox is dead. It's time to move past denial. It doesn't stand for anything you think it does. I'm sad, too. Time to bury the putrid, rotting corpse.
I can. I'd still rather use Firefox than Chrome or Edge when it comes to privacy. "Firefox is dead ... Time to bury the putrid, rotting corpse" is ridiculously dramatic.
I like the idea of Vivaldi and honestly probably would use it, but I've been using Firefox as my primary browser for the last 7 years or so and just don't have a reason to switch.
I also think competition is good and am concerned if Blink became the only
browser engine.
Mozilla as an org is a husk of it's former self. They're constantly playing catch up with Firefox, almost abandonwared thunderbird, and have little actual usable innovation. What part of Firefox is "open source" when you can't integrate in your own projects? What's the point when the tech is non portable? Chromium is the clear OS winner, so open and modular you can just make your own browsers.
> What part of Firefox is "open source" when you can't integrate in your own projects?
Let's not mix everything up. For a good debate we need clear ideas. Firefox can be built from sources available under open source licenses, it is sufficient to makes it open source. Being embeddable and modular may be desirable features but it isn't a requirement to be open source.
> What part of Firefox is "open source" when you can't integrate in your own projects?
AFAIK, all of it; there are even full independent forks running around. Just because you can't bend the code to your particular use doesn't make it not FOSS.
I know that you meant something else with this, but the wording amused me as currently Firefox is the only up-to-date "portable" browser that lets you carry around your browser profile in a usb stick.
Anything with Chromium deletes your extensions, passwords etc. whenever you open it in a new computer.
Elinks looks like it hasn't had an update in years. There's a fork of it called Felinks [0] which seems pretty actively maintained. The last release was on December 24, 2021.
Yes, I'm in Vivaldi as well. For now! We need to avoid making software/product choices part of our identity.
A true firefox fan would've raised the alarm years ago, and voted with their feet when it kept moving in the wrong direction and stopped being the best option on the market.
Loving a brand no matter what they do is suboptimal.
I just disabled all of that. No Chromium browser is my main browser but when I need one, Brave seems like the best option.
If you were to pick between Brave, Vivaldi and I dunno, maybe Edge, just for when you need Chrome-compatibility and pretty much no other reason, which one would you pick and why?
They report anonymised data that can be turned off. They also connect to servers for auto updates and safe browsing checks, everything you would expect of a modern secure browser.
The people upset with brave for auto updates also consider tor browser spyware because it checks for updates LOL.
> Firefox is dead. It's time to move past denial. It doesn't stand for anything you think it does. I'm sad, too. Time to bury the putrid, rotting corpse.
I don't disagree, it's just that I need a browser, and there's no real alternatives.
Looking a lot at Librewolf. Have there been any independent audits of it?
The two are separate things. Chrome is built on top of the chromium base. I guess technically chromium and chrome v1 were developed and released about the same time so chicken and egg thing.
Firefox to my eye jumped the shark a long, long time ago, when they took to using deliberate deception during the install process to get people to sign up to a Mozilla account.
Pretty much everything they've introduced for years I've not wanted or disliked.
The saving grace has been that pretty much everything can be turned off in about::config.
I may be wrong, but I think Moz has become a typical larger company, wholly divorced from its users, unable to know what users want, let alone respond.
What Moz as a large company wants is really completely different to what users want, and a unique tracking ID is a shining example of this.
I'll be using Tor, but I my secondary browser now has to change, as this is intolerable.
It's like how when you're baking a cake, the easiest way to do it is to buy a cake mix and follow the directions on the back. Yes, maybe you can make a tastier cake by changing the directions or using better ingredients, but you also introduced the possibility of the cake exploding. Particularly with anonymity, the trick is to do what everyone else who wants to be anonymous is doing.
This isn't a landmine in any normal threat model. The average person is concerned with identity theft and perhaps their local law enforcement, not the full weight of domestic or foreign intelligence services.
It may not concern the "average person", but it contributes to the omnipresent surveillance endangering the extraordinary people we rely on to keep an eye on our governments and corporations.
If we only care about the average person, we may as well have Firefox snitch to the NSA and their Russian, Chinese, Indian, etc. equivalents, plus Microsoft, Google, Raytheon, General Electric,..
Nothing I said requires a statistic, it is common knowledge US police officers kill roughly 1000 civilians a year on average.
It is also clear from investigative reporting that many police departments have a long history of colluding with local coroners to cover up many additional deaths.
Colin Kaepernick didn't recently start a multimillion dollar fund to aid families of victims in getting secondary independent coroner/autopsy reports without reason.
If the fact that this is necessary doesnt terrify you or the people in your community, then I don't know what to say.
I don’t know whether the OP was thinking of it, but world-wide, it is thousands (https://worldpopulationreview.com/country-rankings/police-ki.... Numbers “include those killed by security forces such as military police and intelligence agents”, but I think removing those would easily keep it ‘thousands’)
Checking the bug tracker, it only does something if you have Firefox Data Collection turned on in the settings. Personally, the first thing I do is turning that off on a fresh install.
considering it sends your unique ID (or download token) during installation, when you disable settings after installation, it's already too late.
it seems there's actually a way to turn it off before installation using enterprise policies, but I have not tried it as I left mozilla's firefox long ago first for waterfox and now librewolf.
That's a slight bit different because that file metadata is being assigned on the receiving client side and not from the distributor of the file. Likewise, that info is stored in your Spotlight index, not the file itself and isn't moved with the file (you can look at the raw metadata with the `mdls` command on a Mac and see that it is lost when you move something to a USB stick, or upload it to your own server or something)
Isn't that just storing the domain name from which served the file? I actually find this useful for those times when I can't remember where a file came from but need to use the site again. Having that data in a Get Info windo has been useful and faster than web searching.
That is also annoying but two wrongs don't make a right.
Also Apple seems to just track this to show a prompt as to why they need approval for the install. And it's just stored locally in the metadata.
But yes I wish this prompt could be completely turned off. This isn't just security for the user though, they have a clear financial motive in promoting their app store as an easier option. After all the app store is a huge revenue driver for them on mobile but not on Mac.
Also Apple has done a lot worse things like checking the notarisation online every time an app was launched. They have now cut this back to once every few days since the outcry about it but still it's something you should be able to turn off IMO.
But what do you expect from a closed source OS (yes it is, only the kernel is open). And again, the fact that Apple does it too does not make Mozilla's action less questionable.
I have a hard time viewing Apple's Spotlight metadata as a wrong. It's locally created and stored, it's transparently shown in File info and mdls. It can be purged and edited with xattrs. It doesn't follow the file across computers and you can outright disable file metadata and indexing if you really care enough and I've never seen or heard of any evidence of Apple sending this local data outside your computer. Windows indexes files and creates metadata, even popular Linux desktop distros do it, because it's a usability improvement for most people.
>But yes I wish this prompt could be completely turned off.
defaults write com.apple.LaunchServices LSQuarantine -bool NO
Except this is an attribute saved on the file locally on your system, added by your browser when you download it, not something that Apple stores on their servers and tracks.
Any connection to Mozilla's servers reveals your IP to them. Given the amount of telemetry in Firefox, it's foolish to assume they don't log these IPs. And in either case, they could be legally compelled to. But afaik, under US law, they cannot be compelled to subvert their software, e.g. to add such spyware features if they were not already present.
Even if they don't (currently) feel that they need them, they could be compelled by law enforcement to retain logs and forbidden from revealing this fact publicly. Or their network could get infiltrated.
How do you propose to prevent a user from leaking their home IP address to Mozilla without undermining the ability to:
* Download the browser
* implement a safe browsing mechanism
* support automatic updates (which are a critical security feature)
If the updates are signed, then there is no danger in downloading them from a third party mirror. As for finding a mirror, Mozilla could put locations as TXT records in the DNS.
There would still be the problem that someone would have a log of your IP address downloading a Firefox update, but it wouldn't be Mozilla. Also, with a big enough list of mirrors, across 100 different jurisdictions, the probability of any given mirror being subpoenaed and having data on any given user is very small.
As for how to bootstrap the whole thing by letting the user securely download Firefox in the first place, that is of course difficult, but it should be an infinitesimally rare event compared to checking for browser updates. A user could therefore take special care to use public Wi-Fi when doing the initial download.
What part of Mozilla's behavior makes you assume they don't? It's easy to come up with some dubious internal justification to store IPs (like to determine where to focus internationalization efforts).
It's not even internal justification, it's just plainly the default for practically any web server that does logging. You would have to go out of your way to disable it.
Yeah, it definitely is. But that doesn't automatically mean they actually did it.
"Best practices" are moot unless they're implemented, and since the default is to log these things, then something (even a blog post from them claiming it's been done) has to exist to show it's there and doing the right thing.
They had to serve you the file, for which they needed your IP. If they're willing to assign each downloaded client a unique ID what are the odds they are not storing the IP address associated with that unique ID?
Why would they need installer IDs? The question is if they collect it, not if they need it, and all their other behavior suggests that they do collect it.
They can probably reach the same conclusions about why there might be more installs than downloads by thinking about it for maybe 5 seconds instead of tracking people.
Easiest explanation off the top of my head, without reading the article, would be IT departments including Firefox in their base image they use on all their standard issue computers, resulting in hundreds and possibly thousands of different installs having the same download ID. That alone by itself would cause an absolutely massive discrepancy between download and install numbers. My company includes Firefox in our base image and it's on at least 200,000 different laptops and desktops, with a handful of different download IDs between them depending on when they got issued the computer.
You seem to be unaware that intelligence services have been hoovering up internet traffic wholesale for decades, and that telcos do it internally as well. Verizon's "supercookie" is a great example.
On the other hand, if intelligence agencies are personally targeting you it's already over. This might help them, but even they can probably get everything they need on you with way less effort.
Are you suggesting in good faith that Mozilla would implement and transmit a unique ID without linking you to your download session? I've never come so close to breaking hacker news etiquette.
It's possible that they are tracking how many times an installer gets used without violating your privacy. Installers can be shared online or you can install it on someone else's computer. It's not like they are specific to a person.
They promote their product by claiming that it protects people's privacy. They do something that can be reasonably interpreted as tracking (which it is, whether it is download/installation tracking as they claim, or user tracking as some people claim).
For the most part, privacy is based upon trust. Trust is earned. You don't earn trust by doing things behind people's backs or claiming that they are technically telling the truth.
I've been working at Mozilla since its inception. And eventually left the company 2 years ago.
And I'm so mad.
Mozilla is not the Mozilla that was created almost 20 years ago. It's not the same people there. After the Firefox 4 nightmare, they started hiring product managers from big corp. We started seeing some ex-twitter, ex-microsoft, ex-amazon joining the company. People with more professional ambitions. We didn't know how to react to Google Chrome and the smartphone revolution. We all trusted the upper management, but upper management was slowly becoming non-mozillians.
And an absurd mechanic started: original engineer were busy writing difficult code. upper-management was morphing into some BS silicon valley gang. New young engineers were hired, and they thought the core of Mozilla values lied in these upper-management people. And slowly the original engineers started leaving, leaving behind this BS people with these young engineers.
Marketing became "how to show we're good people". LGBT, women right, etc etc. Who gives a shit about Mozilla standing for these values? It's all marketing. The real only value, the manifesto, burnt a long time ago.
Don't get me wrong, LGBT and such are important, but that's not the job of Mozilla.
The last blow: getting rid of Brendan. Maybe he didn't have the same values employees had about LGBT, but fuck this. People in the silicon valley *love* being offended. And that thing was just too good of a fight for them. Brendan was the last bastion standing.
I'm so so so mad.
Mitchell trusted the wrong people. We were seeing all these ambitious silicon-valley-puppets taking the position of PM, director, etc etc…
Got damn, all we wanted is to make Gecko amazing, light, in a lightweight simple browser. But all these stupid features that were landing on our head…
Let's not act like Eich was some kind of last bastion of honest software. At the helm of Brave, I've witnessed a lot of very scummy ideas be presented (sure most of them were backpedaled when people were appalled as expected, but they're still pushing the line of what is _just_ not shady enough to be tolerated), and even defended online (even here on HN) personally. Ad replacement, shadow accounts in their BAT "donation" system, the system that collects on peoples behalf without their knowing and will never tell them if under a certain threshold. etc etc. Maybe he didn't try that stuff at Mozilla but let's not make him out as a saint.
A good time to remind everyone that when you donate to "Mozilla", you're donating to the Mozilla Foundation, which is the social justice part, not the Mozilla Corporation, which is the browser part.
Don't you think Mitchell is a big part of the problem? She controls both MoCo and MoFo. She is a good motivational speaker but a terrible operational exec.
Brendan getting ousted was the beginning of the end. A brilliant engineer cancelled for politically correct reasons that had nothing to do with engineering or technology. Mozilla destroyed the company through HR.
> Maybe he didn't have the same values employees had about LGBT, but fuck this
This tactic will only work if Mozilla doesn't want to bring queer people along with them — an open web for _most_ people, but some people aren't welcome to join in.
Making tools and services for public use is always political, and by tacitly endorsing discrimination against queer people, Mozilla would have been taking a stance that would have tarnished their reputation with a lot of potential contributors — just look at what's happening with Disney right now.
On the other hand, it might have been possible for Mozilla to retain Brendan's services without alienating a good fraction of their user base, with a suitably well-thought-through response:
- acknowledge Brendan's personal political donations
- affirm that Mozilla's position is on the side of diversity and inclusivity
- publicly describe the robust grievance/disciplinary/safeguarding procedure that any contributor would face if they did discriminate unfairly against other contributors (while stating clearly that this procedure has never been needed for Brendan, so any concerns at this stage are hypothetical)
- reiterate Brendan's technical credentials
I think the mistake Mozilla made was assuming that a high-profile leader's personal political position would always reflect on Mozilla; whereas I think it may have been possible to separate the two — as long as everyone's able to behave as though they respect each other.
So the solution you're describing is: apply public posturing to appease the mob, and highlight the queer/LGBT-positive stance of the company (while disregarding the importance of its engineers, given that Mozilaa is a tech company first, not a social justice company)?
Since when have a "good fraction of their user base", i.e. of Mozilla's, been the queer and LGBT community?
> apply public posturing to appease the mob, and highlight the queer/LGBT-positive stance of the company
I'm not suggesting public posturing. I'm suggesting sincerity.
> given that Mozilaa is a tech company first, not a social justice company
I don't accept that premise. ~20 years ago, Mozilla was primarily about empowering all ordinary people to make full use of the web.
They talked about their mission rather than products; they used slogans like “Take back the web” [from big corporations] and “This technology could fall into the right hands”; and they unironically used revolutionary socialist imagery.
If they were just a tech company I wouldn't care about them.
> Since when have a "good fraction of their user base", i.e. of Mozilla's, been the queer and LGBT community?
Always. Depending on where you get your numbers from, around 15% to 25% of people are LGBTQ+. The fraction appears higher among people born since about 1990, for the same reason that the number of left-handed people appeared to increase in the 1950s.
And the proportion of people who believe that LGBTQ+ people are worthy of dignity (which is the group Mozilla would be alienating) is even higher than that.
> This tactic will only work if Mozilla doesn't want to bring queer people along with them — an open web for _most_ people, but some people aren't welcome to join in.
What about people who hold opinions you disagree with?
> affirm that Mozilla's position is on the side of diversity and inclusivity
> Making tools and services for public use is always political
Why and how?
If I need a hammer, should I care what opinions the guy making it has, as long as he is making (and striving to) make good hammers?
Trying to politicize every single seems to be part of the problem here. We're almost at the point where you can't buy a hammer. You can either buy a LGBTQ hammer or a anti-LGBTQ hammer, even though all you care about is a piece of metal on a a piece of wood that you can hit nails with.
Perhaps the word “tool” was misplaced. For something like a hammer that you can buy once and then just use, the manufacturer's corporate personality isn't really relevant, yeah.
But for goods and services where you're (perhaps tacitly) entering an ongoing relationship with the manufacturer — like software, which requires maintenance — the company's reputation is important, and it reflects on the values of the consumer.
In a free market, consumer choice dictates what companies do, so by buying from a company that uses child labour (for example), you're endorsing and literally funding that practice.
I don't think this is a new phenomenon: companies have long been rewarded and condemned for taking positions on the moral questions of the day, at the very least as far back as Luddism.
I guarantee that at least 15-25% of the population finds same-sex marriage morally reprehensible and that Mozilla is alienating an enormous number of current or potential users with its woke ideology. Is flipping the bird to the conservative half of the electorate good for business?
Maybe corporate virtue signaling appeals to you but it repulses me. Given the choice between a company that supports far-left causes and one that remains politically neutral, I would, all other things being equal, always go with the latter.
Yeah, each person is going to choose where the line is for themself.
Activists will whinge loudly on Twitter because that's the only effective influence they have (because it turns out consumerism doesn't actually produce rich consumer choice; rather, it cements already-rich companies — who'dathunkit?)
If you're running a company, and your newly-promoted executive is actively making political donations in support of a campaign that you know a reasonable number of people consider morally reprehensible (whether you agree with those people or not), then you can expect to see an impact on your company's reputation, and you get to decide how to respond.
You (the hypothetical person running a company) may believe that it shouldn't matter, and that's fair enough, but unless your customers already agree with you on that point, then you're going to have to persuade them.
Is there any case of a company that went through those steps and it was well received by the public?
Because I'm under the impression the people who were asking for Brendan's head are the ones who believe a CEO's personal political position would always reflect on his company. Mozilla just trying to say it does not wouldn't be enough.
Consider why some people were “asking for Brendan's head”.
Yeah, some of them will have thought “he's one of the bad ones; good riddance and I hope he loses”, and they're not likely to be persuaded.
But some people will have been scared. Civil rights are not a done deal; this was the prospect of someone who's campaigning against civil rights, in a position of authority for a project you care deeply about and believe to be important…
They may have _said_ they wanted rid of Brendan, when what they really wanted was an assurance of safety.
That sort of empathetic approach from Mozilla might have persuaded some of this group, and fostered greater understanding between the people who ended up on opposite sides of the argument. Treading more carefully would have pissed off the “other side” less too; and Mozilla would have benefited from Brendan's technical expertise for longer.
Looking back, I think Mozilla reacted too hurriedly. They could hypothetically have done a better job of defusing the situation more gently.
I'm sorry about the shit that went down. It makes me mad and I'm just a user, I can't image what it feels like for someone who put years of hard work into it.
Do you or any or your former colleagues still have the energy or will to work on a real user-centric, stable, privacy-first browser for the masses? Do you think there's hope of developers potentially wanting to work on an organised fork or something along those lines?
Or have you mostly had enough and mostly want to move onto something else?
I actually think that, a few of us would be totally willing to build a new strong, fast and privacy centric browser.
Some absolutely incredible ideas have been discussed about a potential new engine (Servo based) that could be privacy-first / lightweight / fast / bloat-free. This would require rethinking the web in a retro-compatible way, and here again I've heard of some very smart ideas.
… but who's gonna lead that? And where will the money come from?
There are organizations that give grants for open source development that impact people, and a browser seems like an extraordinary good fit, e.g.: https://nlnet.nl/
Additional, asking individual users for funding is very wise (like what Signal is doing[1]). Sending a clear message of why funding is needed is also important. I'd personally be willing to put some recurring funds into this, and I'm sure many other people in tech would care about this too -- pretty much the same of us that are pissed at where Firefox is heading.
I care about this subject a lot, I'd be interested in corresponding with people with the actual expertise to work on it, want to shoot me an email? hugo at whynothugo.nl
Browser engineers are expensive. And we need a lot of those. And before leaving their current well paying job, they need the insurance that a potential people-funded contract won't die off after 2 years.
Firefox 4 was supposed to be our response to Google Chrome. We were feature driven. "Firefox 4 will be released with features A, B and C". And it took us a stupid amount of time to get there. Firefox 4 was supposed to be great. But no devtools, no multiprocess … compared to Chrome it was bad.
So much work and stress went into this release, it took us a loooong time, people were exhausted, and the result was mediocre. Electrolysis was hard. Hardware acceleration challenging. And all these new HTML5 features… gosh.
But we had to get much much better, because the Google's engineer were killing it. The race was hard. And we also needed a Firefox-on-mobile plan. With less engineers, and a much smaller budget.
Important people left after Firefox 4. John Lilly left. And Mozilla hired product managers and such. More marketing etc etc. Things changed. We moved to a new version of Firefox every 6 weeks (that was a good move though).
We basically went from the "savior of the internet" to "google chrome followers".
It's absurd to me how OK everyone is with the fact that you're heavily implying that "the LGBT" or "women right" (sic) is in some way responsible. Greed, lack of sight and poor management are all at fault, as you said. There's literally no point in singling out those groups, beyond validating your biases.
They seem to be trying to gather a lot of telemetry to measure how they can boost popularity of Firefox. I wonder did they tried to measure how the measurement itself influences popularity? Social measurements are like quantum ones, they change reality.
There was a funny story of a Hawthorn Experiment[1], which tried to find ways to boost productivity but at the end managed to state just that the very attempt to conduct an experiment boosts productivity. It seems to me that with Mozilla the effect has a opposite sign and any attempt to measure decreases the target variables of decision making. And therefore they need to find ways to measure "non-invasively", not to measure every little thing they can measure.
> They seem to be trying to gather a lot of telemetry to measure how they can boost popularity of Firefox.
This might sound like a crazy idea, but they could always try listening to users! Everytime I get annoyed by something in Firefox and try to find a fix for it, I find a lot of people with the same issue across HN, Reddit, the Mozilla forums, etc. There is rarely any sign that a decision maker from Mozilla cares one bit. But rather than listening to the many vocal complaints, suggestions, and other copious public feedback... they add a unique download identifier. Ok then.
I really, really hope that Mozilla gets new management before it's too late (if it's not already).
> Our sacred cow was excellent US-based phone support. That is quite expensive. If there were bugs in our product, users would call in, and our call center costs would increase because we'd have to have more people working. So every week in our team meeting, we would look at summaries of calls, and take on engineering work to address the most common class of problems. That let us scale up the business and still provide friendly and competent phone support, because we were reducing the problems that people called in about.
> Because we had that "sacred cow", every obscure bug that we spent months fixing not only made the product better and were intellectually stimulating to finally figure out, but had a concrete impact on how costly it was to deliver the service.
> What most companies would do here to reduce costs is simple. Don't fix DERP bugs, just charge for it. Don't fix "black screen" bugs, just hide the phone number on your website so people can't figure out to call.
I have observed this as well, and not just with Mozilla.
It is so easy to just ignore feedback because it's difficult to parse, just set up some automated telemetry and focus on nothing but that. Removing the human element here is a big optimization in the cycle of receiving feedback, and it's also critically damaging to the effectiveness of decisions made based on that feedback cycle...
I don't know how to claw back a company like Mozilla that has strayed this far. Perhaps the political culls they had are responsible for the breakdown in decision making competence. Perhaps they've just gotten too big. Either way they aren't serving the original market of firefox, and if they continue straying this way the only option is a unified effort by the community to create a true competitor, likely starting as a fork. Maybe one of the forks that exist now can launch themselves successfully into prominence with proper funding and achieve independence from the Mozilla branch.
yeah the pay of the higher ups does not seem to be tied to success of the browser or the relationship they have with their users; endlessly depressing TBH
Well they've spent a decade trying the "be more like Chrome" method. I suggest they try the "be more like Firefox from when Firefox was successful" method.
Firefox was successful when it was the alternative, better, option to the dominant Internet Explorer. Now the dominant browser is Chrom(e|ium). The two scenarios are very different.
Precisely. Firefox is never going to defeat Chrome in the "being Chrome" category. If it wants to exist as more than a tool for Google to avoid antitrust lawsuits, it can't keep playing that game. It has to differentiate. Privacy is not differentiation because it's invisible and HN commentators are 90% of the people who care about it. I want the sense of power back. I want the feeling that Firefox gave me a decade ago that my browser behaved exactly the way I wanted it to and nothing about it ticked me off because if I didn't like it I could just change it.
Nowadays using Firefox feels more like holding a political demonstration in an empty room than using the finely-tuned instrument I once had.
> Nowadays using Firefox feels more like holding a political demonstration in an empty room than using the finely-tuned instrument I once had.
I can't think of better words to describe my feeling as a Firefox holdout. It's still my default browser, and the one I use for 97% of my work. Mozilla is breaking my heart with their floundering. Like a fantasy author who keeps getting mired in side quests and can never get back to the main plot.
Stop with the goofy marketing tie ins, the hostile telemetry choices, the side products like Pocket and VPN, and just make a fucking browser that doesn't attempt to hide complexity from the user. Focus on that, do yearly fundraising like Wikipedia does, and be content.
Indeed.. For me the only reason I still really use it is because the other options are even worse. I definitely won't use Chrome. And Microsoft is pushing edge so hard it annoys me (both at work politically, and by pushing it everywhere in Windows)
Also, Firefox is the only browser I know that has end to end encrypted sync. Google and Microsoft enjoy snooping around in your bookmarks (great to determine marketing interests) too much to ever offer this. You can even self host it.
Also it still has a few power user features left over like container tabs. Though they've relegated it to a plug-in now.
Hah, yeah, I've seen that page before. It's not ideal. I'd still take it over their current funding strategy of "don't piss off Google."
Or maybe I should find a better example. But one thing about Wikipedia is that it appears to be much the same as it was 10 years ago and more. Wikipedia hasn't started introducing Wiki VPN, nor has it partnered with Mr. Robot to temporarily insert marketing stuff into articles.
To the extent that Wikimedia has graft and vanity projects, they're not ruining the core "product".
So... I guess yeah, just like Wikipedia, as in "Look, even with donations you can spend a crapton of money. Maybe not $500mm a year, but still enough to support development of an open source software product."
It can't be worse for growth than their current strategy of burning the house down, which for some reason does not prevent them from justifying millions a year in C-level salaries.
I too want my power back. I want my user agent back. I especially want total inalienable power over the websites I'm browsing. The kind of power I'd have if I were to write a custom client for each website: the power to freely script, copy, save, edit, block and delete, whether the site's owner wants it or not.
> Privacy is not differentiation because it's invisible
Privacy could be a differentiation if Mozilla did not show again and again that they don't actually care about your privacy. It might not be enough, but currently they don't even have that.
I think the physical analogy you're thinking about is "the observer effect"[1]. And it's actually a pretty much universal problem in physics, not just quantum mechanics.
Maybe they just kind of forgot how to make good software and now desperately try to recreate that magic using loads of metrics and social experiments leading to loads of competing interpretations and infighting.
There are nothing wrong with laying a scientific basis under your anecdotal experience, to get an ability to reproduce your successes. But it must be done by using the best possible scientific methods and by great minds, just a statistics wouldn't do it magically.
My (probably wrong) opinion, is that they hired data scientists who knows nothing about social science's research and these statisticians are trying to substitute research with data gathering and statistics. If something doesn't work, then instead of refining their research techniques they gather more data. They had hit the ceiling of this paradigm but they do not know it.
There are other options beyond data. For example you can find representatives of different categories of users and research their use of your software (or software you compete with). You need not have millions of representatives, a dozen would be enough for the most practical purposes, just pick them carefully so they will be the most diverse set of representatives. Or you can even have no real representatives, you can imagine them. It is a real technique of UX professionals, I heard of it in a talk at some conference from people who are professionally using it. If it doesn't seem rigorous enough, one could dig into Judea Pearl and to make a formal quantitative model out of it. One can even measure differences between this quantitative model and the reality, and it wouldn't necessarily lead to an annoying telemetry.
I will not be surprised if there are techniques I never heard of that can compete with a statistical data processing: I'm not an UX specialist, I just was curious about it at some point, because it lays on a boundaries of two interests of mine -- psychology research and software development. But Mozilla seem unaware of them all. They gather data instead.
That seems like a very harsh interpretation. Very few people will care whether their specific download is tracked. I do honestly wonder how that adds vakuento Mozilla, but no one will not use Firefox due to this- especially as every single alternative is much worse than Firefox on such metrics.
If they really thought that 'very few people' would care about it ... why then didn't they 'the privacy browser' reveal this 'feature' when it was rolled out?
'Low-level skulduggery' is the nicest description I can muster (noone wants to hear what I really think).... Now (with telemetry 'turned off' each time before took it online) I have to wonder what else is 'protecting' me....
I have worked with enough "data scientists" and see enough telemetry to believe it is all smoke and mirrors and bullshit.
Managers, product owners enjoy making pretty looking graphs out of them and with enough creative accounting they can make any data to fit their narrative.
If a product is in trouble and they think the telemetry will help, then it is time to looking for a new job
Spyware watchdog posted about this years ago. It's been in there at least since 2016, and every time you open Firefox (not start!) it will happily broadcast its geo position information to their geolocation backend. The same goes for the WebRTC related STUN servers, which are always connected to when Firefox starts.
I mean, come on folks. Never trust any software blindly. Use MITM proxy to verify. Use a host firewall like opensnitch.
For the moment the best alternative is ungoogled chromium with ublock origin, even though the CSP headers cannot influence the DNS resolver mechanics in the CEF code.
I am still busy forking webkit into retrokit and it's a shitload of work to remove these tracking features. [1] But a project like this needs more privacy like minded people.
I mean, even the TOR people kind of gave up on this. Just look at their codebase, trying to stub everything anew with upstream changes.
There's no point in trying to race against chrome in "whose browser has the most features", you can't win anyways. I don't care about WebGL or WebGPU, I don't care about WebRTC, I just want privacy back.
If you prefer Firefox to chrome, then the best alternative is librefox. Librefox is Firefox without all of the tracking: https://github.com/intika/Librefox/
Minor detail: Note that librefox/librewolf are not forks, but a patchset (similar to ungoogled chromium). So the base of the source code is still upstream firefox. [1]
> For the moment the best alternative is ungoogled chromium with ublock origin
> I am still busy forking webkit
Why choose to base your browser on Webkit instead of on Chromium? Is your point that Chromium get's more development, so it's harder to keep up with it?
Am I wrong to think that Chromium is ahead of Webkit in terms of security? I know that this would be offset to some degree by your changes that decrease the attack surface, but couldn't you have done that for Chromium/Blink instead?
Tried it and gave up. It's impossible. Repotools, manifests and submodule fatigue and other things make it close to impossible to host all the code yourself and build it, because many parts of the build toolchain and codebase contain includes via git/https URLs these days.
That's why I went with WebKit, because there I clone a single repo, install the dependencies/libraries, build it and have a running Browser. Without having to have internet all the time, without dozens of repos that are out of my control.
>One note, in case it's not already clear: The download token will be available in the telemetry environment, but all web session data that it is linked to will NOT ever be included in telemetry, it is being deliberately kept in a separate data set, and we will be limiting access to the ability to join these data sets to a small set of people.
This is very alarming. If web session data will never be included in telemetry, why do some people have to ability to query joins? That means it can happen. Why does this small set of people need to access my web session data?
I don't use Firefox regularly, but I have it installed on my computers. I think I'm going to uninstall it completely. This stuff has become more and more common, and is totally unacceptable.
The entirety of the US government most likely, any hacker that manages to get onto Mozillas servers, every spy agency worth its money, if its choice of research partners has something to say everyone at Meta. So in total maybe a bit bellow a million people. So really just a handful of trusted people.
This is an example of where openness — which Mozilla used to excel at — would have helped.
If there was a detailed rationale considering the potential privacy impact of this change, publicly available, then we'd be able to see that Mozilla did indeed thoughtfully weigh up the consequences of doing this.
We may disagree with the decision, but at least we'd be able to see the set of underlying assumptions and point to which one we think is wrong, and perhaps provide evidence to show it's mistaken — constructive feedback.
But as it is, we just have an opaque assertion that “this is fine”.
I personally feel like it's not treating user's privacy as "fundamental" to increasingly add telemetry like this. In this case correlating downloads to system installs, and to have that on by default.
It's fairly hidden first off (what % of users are going to watch the checksums or read these articles?). You also don't seem to get a chance to opt-out of this until after the installation when you can open settings in a normal use case, yet as explained here[1] they'll be attaching the download token to the install and post-install pings[2] which include system information which seems to enable tracking people via metadata across systems.
The "optional" bit is maybe open to interpretation, but if taken literally it's tracking that's on by default, so the privacy is "optional" here in that sense.
I get this isn't a big deal for a lot of people, but I dislike that Mozilla has a "manifesto" and talks a huge game about empowering users and privacy when they're treating them as secondary priorities rather than actual principles. It strikes me as disingenuous to claim it's a principle then have a bunch of "buts" in there that are increasingly moving away from the alleged principle, even if it isn't nefarious.
I believe you can opt out by having your browser send the Do No Track (DNT) header when you download Firefox. This applies to all analytics on Mozilla.org.
It gives Mozilla the opportunity to connect my IP address with my browser with my Mozilla account. Mozilla needs to bow down to the US govt and supply them with this information should they have stored it, if the govt feels they need it.
Could this be considered a GDPR violation? If other posters are correct there is no way to opt out until after the installation and just running the installer already reports back to Mozilla.
You log into your mozilla account from your browser through the goddamn internet. They literally have to have your IP address for that and that adds absolutely zero information than necessary. It is just “people want to be outraged over nothing” yet again.
Correct and it's just one of many reasons why checksums and signatures are so important in package managers. There's an automatic enforcement of privacy and integrity.
Package manager installations are normally built from source by the distribution maintainers, not downloaded as binaries from the Mozilla website. So they wouldn't have any "download identifier", unique or not, in them.
Looks like Chocolatey gets the binary from download.mozilla.org [1], while WinGet gets it from download-installer.cdn.mozilla.net [2] (which looks to be the HTTPS repository mentioned in the article, thus being exempt from tracking?)
This is the difference between a distribution and a simple package manager. Linux distributions have a more holistic approach to this and enforce it with checksums, signatures, reproducible builds, etc. A package manager really only cares about managing the packages installation, dependencies, etc. Not the integrity of the packages themselves.
It doesn’t look to me like the tracking stuff is on the HTTPS repo links, so they’re probably telling the truth about that. They also ship a version in the Microsoft Store, that should be safe too (I don’t think Microsoft shares user identities for free apps with the developers, maybe I’m wrong?)
Which is what 95% of users would do though.. the average user will use Windows or Mac and has never heard of Chocolatey. Firefox is not in the Mac app store and I guess not on Windows either.
> This will allow us to track which installs result from which downloads to determine the answers to questions like, "Why do we see so many installs per day, but not that many downloads per day?"
What value does Mozilla see in being able to do that?
The prevailing belief in the industry is that any problem can be solved with more data, dumpster-grade[1] though it may be. It's appealing to think that it can be used in lieu of just making thoughtful decisions.
I have no idea what the actual answer is, but one can image that they want to understand where are people getting these copies of ff if they do not download them themselves.
Why would this be important, again just speculating: to try to leverage whatever channel this might uncover to distribute even more copies of the browser.
Is this ID thing the best way to do it, though? Probably.
> but one can image that they want to understand where are people getting these copies of ff if they do not download them themselves.
These people are getting it obviously from their admins! (Like myself. I push Firefox updates to close to 1000 PCs. I thought (amongst other things) I'm doing them a favour by saving them traffic.) They obviously know that! The real reason they are doing this is simply because they started collecting data. Now they are hooked and constantly want more. That is all there is to it. They already identify each individual installation, so someone on the team said: Let's identify each download too.
> These people are getting it obviously from their admins!
That's one possibility. And even if you pretend it's the only one, it's still interesting how that's distributed. Is it X admins of 1000-PC orgs, or X*500 people who also install it on dads PC? Count how often each token is used, and you got a histogram, and if you just record that you've not collected anything remotely sensitive about any user. This question can be answered extremely cleanly.
I'm an admin of Y orgs + a hand full of private (dad) PCs. The information is useless. They collect it because they can. (Well technically I also push a installation profile that deactivates all known telemetry. So hopefully they get nothing.)
> This question can be answered extremely cleanly.
I pushed it to tens of thousands of endpoints in the past :P
Though we have long since moved it to optional. First we moved to Chrome as the "standard browser" due to user requests and eventually our management caved in to Microsoft's constant pushing to make Edge the standard browser. Not that I cared because both are bad for privacy obviously.
But the amount of lobbying for edge that they do makes me really sceptical. It's clearly not about having their pet project succeed, they must have some serious strategy hinging on this. Edge doesn't make them any money on its own as it's a free product so the revenue must come from side channels of its use instead.
Which, considering MS' past with IE and their recent ventures into tracking and advertising in the OS is probably bad news for the end user :(
Does this even help with that though? Without some further means of identifying users, what use is there in saying download#123 got installed x times? Even if you add the obvious IP information to this, then what? Run GeoIP and say "oh, interesting" when they do or do not correlate?
What could they realistically figure out from this that could help them figure out how people are getting Firefox?
That's an easy one, of course. By identifying a "commonly-used installer" (say, some installer stored by some IT team) you could then do things like say with more certainty "no, we do need older installers to keep working". Or reach out to mirrors that have decided to stop updating installers.
From an Ops perspective, having an idea of how your install base is installing your browser can have a lot of implications. And not having the information could easily lead you to accidentally breaking installations for large subsets of your users.
There's also content-market-y stuff involved, of course.
the reverse case might be more interesting. Many downloads but few install follow throughs may suggest the installation process is to cumbersome or something along those lines.
The state of web broswers is so pathetic I wish the government would step in and limit the amount of out right spying that is going on. We have created an entire society which thinks that so long as the data is simply 1 degree removed from anonymity, that everything is ok.
Privacy is largely a mirage, where are our representatives to protect our privacy when the "free" market cannot, and indeed will not, do it for us?
It's not on the radar of politics. We have some parties in Europe that care about it, but they are all under the flag of pirate parties which is self-defeating IMO. By associating themselves with piracy they always add a negative association to any debate about privacy. Which allows opponents to easily dismiss them with the "people only want privacy because they have something to hide" fallacy.
If they want to be taken seriously they have to grow up and call themselves the privacy party.
Of course there's also a lot all of us could do to make our interests know to mainstream politicians. Because don't forget, our adversaries are spending millions on lobbyists preaching the holy book of big data.
I read over the article's links now and what I said service wasn't quite right. This looks like it's based on the stub attribution technique but expands it beyond what those links describe. You can see the server side of the implementation at the links below
The way firefox does it can connect the downloading session with the running session. You can argue with the value or validity of that, but it seems like the chrome installer cant do that, which is nice.
As for why it's in the article I think it's valuable to include it since if chrome was doing it too it might be seen as just "normal", but now it seems even more weird that firefox which is supposed to be the privacy alternative is tracking something that google is not.
Considering that ~everyone was tracking device or installation IDs before Apple cracked down on it, on iOS, I think it's a safe bet that ~everyone is still doing it on desktop, and yeah, generating at install time is probably enough for most use cases and makes your build and distribution processes simpler.
>OK, however, are we completely sure that Chrome installer doesn't generate this token on launch and talk with the mothership?
That wouldn't give any information about where/when you got the installer from, which is the topic of this article. Doing so would be impossible without embedding information in the exe (which would change the hash).
While I agree that it's a little weird to specifically note it for Google of all companies, the relevance to the article is that Chrome isn't engaging in this specific type of tracking.
Of which there are (supposedly) only 2^13 possible variants:
>Additionally, a subset of low entropy variations are included in network requests sent to Google. The combined state of these variations is non-identifying, since it is based on a 13-bit low entropy value (see above). These are transmitted using the "X-Client-Data" HTTP header, which contains a list of active variations. On Android, this header may include a limited set of external server-side experiments, which may affect the Chrome installation. This header is used to evaluate the effect on Google servers - for example, a networking change may affect YouTube video load speed or an Omnibox ranking update may result in more helpful Google Search results.
Firefox users who prefer to download the browser without the unique identifier may do so in the following two ways:
Download the Firefox installer from Mozilla's HTTPS repository (formerly the FTP repository).
Download Firefox from third-party download sites that host the installer, e.g., from Softonic.
It's nuts and another indication Mozilla doesn't understand the reason they exist, but it's not that hard to get around... if you're one of the 0.1% that hears about this.
Use a reputable Linux distro and install from the official repos, problem solved. To date the Debian maintainers have proven more trustworthy than 99.99% of the software vendors out there. They also appear to have better security practices than most commercial shops.
Debian has a deliberate policy of extensively modifying upstream code, including security-critical code, without any dedicated security review. This (predictably) resulted in quite possibly the worst general-purpose software security bug of all time, where SSH and TLS keys generated on Debian machines were effectively blank and supposedly encrypted communications were readable by anyone. Debian has not changed its practices to prevent a reoccurrence and continues to follow the same policy.
I agree that most Debian maintainers are trustworthy and have good intentions, but I would not consider them as having good security practices.
That particular outstandingly bad security bug, once. (There are other cases of bugs in Debian that aren't present in upstream - in particular, Debian packagers introduced enough bugs in cdrecord that the maintainer made future versions non-open-source as he felt that these bugs that were not his fault were hurting his reputation - but I don't have any stats, and I don't feel that the rate of bugs in Debian is particularly high compared to other projects if we set aside the security-specific aspects).
Regarding time to fix it, the bug was fixed about 2 weeks after it was reported, but it had been present for about 20 months (affecting all DSA keys generated on Debian systems during that time) - since security audits and researchers only look at the original upstream source, the bug was only spotted when a user noticed that two of the servers they were logging into had the same SSH key.
As of testing 2 minutes ago, downloading from the canonical "latest" location [1] vs. navigating the directory structure of the mentioned repository[2] result in identical files, which (assuming the above info is correct) means my scripted ffox upgrades have omitted the unique id, I guess?
These builds still have distribution-specific in-built API keys for some of the built-in services such as Google Safebrowsing, Google Location Services and Mozilla Location Services. See [1], [2], [3], [4], [5] and [6] for details and examples.
Additionally, upon first launch of Firefox, a unique client identifier is created, and this is sent to Mozilla by default probably before you get a chance to disable telemetry features within the preferences dialogs. See [2], [7], [8] and [9].
As these privacy impacting features are enabled by default, before first launch of Firefox on Linux, you should disable these third party and telemetry features and also lock down other security and privacy settings. See [10] and [11] for the method of doing so, and an example user.js that contains decent documentation on well over a 100+ recommended configuration changes to make Firefox more respectful of privacy and security. If you don't reconfigure a user.js before first launch, at least the "New Profile" event will be notified to Mozilla with the unique client ID after a delay of only 30 minutes from creation of the first Firefox profile[9] (first launch).
I am sick, so sick at seeing all this bullshit that Mozilla is doing to my beloved browser. If this was a standalone issue, I probably wouldn't mind. But this one of a string of crap Mozilla has been doing.
I hate WebKit and Blink's domination as much as anyone, but rather than put up a strong fight, Firefox is begging to lose.
And unfortunately, I can't help but admit that Firefox deserves to lose (not just from this, but from other terrible decisions added up), even if the consequences of a web monoculture are terrible.
How much of the drama of the last three years can be laid squarely at the feet of the CEO who gave themselves a raise right when they laid off the MDN staff?
This wouldn't be so bad if it wasn't that the entire brand identity of Firefox is Privacy.
It's like discovering there's ham in a vegetarian sandwich. When you ask them they look puzzled and say their focus group was clear it tastes a lot better that way, besides it's just a little bit and the bread is vegetarian and there's way more meat in a Big Mac.
This also wouldn't be so bad if people were capable of nuance instead of acting as if everything involving data were the same thing. I won't claim Mozilla is in any way perfect, but even as someone who is very much pro-privacy it is a little bit ridiculous how much people loose their shit about tiny things like this and claim there is no difference to what other trackers do.
If you position your product as being about privacy, your company about being about privacy, and talk about the importance of online privacy whenever you get any sort of opportunity, then it looks extremely bad if you can't refrain from spying on your users. I don't really think there is any way around this fact.
If this type of telemetry is necessary for Mozilla to develop software, then perhaps they shouldn't be talking so much about privacy, because as it stands, they're not walking the talk, that's what ultimately looks bad. The telemetry is incidental. Nobody is railing against Microsoft for doing the same thing because they're not constantly seen preaching about how bad it is.
> do you seriously consider counting how many installs are triggered from a download "spying"?
Yes. It is a unique identifier that they are fully capable of associating with telemetry data and other personal activity. It could be used by various parties to deanonymize me. That is spying. You are playing dishonest semantic games.
Effective privacy may well be complicated. Perhaps you can maintain effective privacy in various ways even while being actively spied on in some manners. That doesn't mean that spying isn't spying.
There is a very large difference between "X is spying on Y" and "X could spy on Y if they started to record and correlate things". And even "I don't trust them not to" is not the same as "they are". A lot about privacy involves not looking at things you could look at.
E.g. picking the example mentioned repeatedly in this discussion: Network transfers annoyingly involve IP addresses. That doesn't mean every server you talk to is spying on you, and there is wide a range from "doesn't record anything", over "keeps a log of errors for 5 days that's only used for debugging", over "looks in GeoIP database and counts visitors per country", to "immediately connects your IP to your user profile and shares that data packet with 50 ad networks". I have a hard time calling the first three "spying", it starts IMHO somewhere after that. And annoyingly, telling the difference comes down to trust at some point.
Or even simpler, I could trivially spy on my neighbors with what reaches my apartment. I don't though.
Imagine you could stick a camera over your users' shoulders, mostly without them knowing you're doing it, instead of doing actual user research.
That's what the stuff's for. Some of the tools for these things record entire sessions, including mouse movements. It's creepy as hell and even the tamest of "telemetry" 100% would have gotten something classed, unambiguously, as spyware, in the distant past of ~15-20 years ago.
IMO as market optimization turns the screws ever harder, the escape hatch is to head towards source distributions. Outrage articles are only necessary because people have come to rely on these monolithic binary downloads with their "channels" and "installers" and "auto updaters", that are gatekept by centralized entities like Mozilla. Whereas if say the source tarball used by Nix is engaging in similar shenanigans, that is fixable with a self-applied patch rather than needing to convince Mozilla to change.
> Mozilla notes that the opt-out mechanism is the standard Telemetry opt-out. How users may opt-out before the installation of Firefox is unclear. A quick check of Chrome installers returned identical hashes each time.
This is why I keep insisting that we need a browser made in a jurisdiction which has at least minimal privacy rights. Having to explicitly opt-out of being tracked by a browser is not reasonable at all; browsers should only spy/track users who explicitly consent, not by default.
I would not download anything from Softonic. I know it's just an example but if you download anything from there you might get few surprises with the download.
I'm seriously considering switching from Firefox. I put a lot of effort into avoiding advertisements on all my devices and then Firefox goes and hijacks my system to show me an advertisement for some Disney+ movie and now this.
I was able to disable the ads with an about:config modification and I always get my installers from ftp.mozilla.org so this didn't even personally effect me, but still I feel betrayed.
I really would like to see some proof of worth here. What changes--organizational wise, code wise, or otherwise--have been made as a result of this tracking? There seems to be a presumed usefulness for this tracking. Is there still a need to do this tracking?
If it's genuinely useful and you're a transparent organization then it should be an easy thing to write up. "See! We avoided this *catastrophic* thing!" Demonstrate that the data has a very defining role in decision making or just get rid of it. The demonstration of its usefulness needs to continue as long as the tracking does. What significant problem(s) is being solved here? Sated curiosity isn't that compelling.
Wait a second, can someone with more knowledge explain how Google Analytics is related to everything else? I don't understand the following sentence from the article:
> This data will allow us to correlate telemetry IDs with download tokens and Google Analytics IDs.
IIRXC, Firefox has (had?) Google Analytics in new tab page and settings page. I don't think it's the same as standard web tracking script, but rather API calls with specific events.
It is likely that they correlate the dltoken, Google Analytics tracking ID, and Telemetry IDs.
The Google Analytics usage in Firefox is very difficult to Google, and I wholeheartedly wish my memory is wrong about this, because it's a very worrying thing otherwise.
No, but unless you go tweak a bunch of things you are still sending your information to Mozilla. Also, they've had a few "convenient" bugs that reverted privacy settings in the past.
> So forget user agent/screen resolution/OS masking and other marketing talk used by browsers - this was maybe a thing 15 years ago, if ever. This does not protect you against sophisticated fingerprinters on the web.
> The only efficient protection against fingerprinting is what Orion is doing - preventing fingerprinter from running in the first place. Orion is the only browser on the market that comes with full first party and third party ad and tracking script blocker, built in by default, making sure invasive fingerprinters never run on the page.
Why would it be difficult to create a different tarball for each download? You can just have a separately compressed section with the random ID that is replaced on-the-fly.
Non trivial but a couple hours of work to implement and test probably.
tarball don't really have a footer or header that contains info of all files. To add a file to a tarball, all you need is remove the end-of-file marker, append to it and make a new marker. And that works extremely well with stream compressors (you just remake the last section).
I'm honestly more comfortable with Google than companies that pretend to be into the whole privacy thing. At least Google doesn't try deceive you. I really hope nobody here uses TOR (developed by Mozilla?) for anything important, It seems like large parts of the network is owned by the govt.
I moved from Firefox to Edge in August after 19 years of dedication. No regrets. They just kept killing features. I was one to ignore shenanigans like this download tracker. I tested every browser and my 2nd choice is Brave. But I found all browsers from non major vendors to be noticeably buggy in some way.
I figure at this point in history, browsers are so complex (25M+LOC) and important that it no longer makes sense to not use native browsers. There’s many advantages to them.
For me, daily usage of Edge and keeping Tor Browser installed has been great. I rarely use Tor, usually just when trying to get around IP bans or limitations, but I keep it installed out of principle. I wouldn’t rely on that small team to support a daily browser either.
Over the years, I’ve enjoyed reading many ghacks articles about browsers. However, I find it ironic that every link in the OP article reporting on user tracking practices is wrapped in opaque googleadservices links. By opaque, I mean the destination link is hidden.
I thought this would be a somewhat clickbaity title, but not:
> This data will allow us to correlate telemetry IDs with download tokens and Google Analytics IDs. This will allow us to track which installs result from which downloads to determine the answers to questions like, "Why do we see so many installs per day, but not that many downloads per day?"
So it's basically to spy on people and track who's redistributing the installer or installing Firefox multiple times.
As a software developer, I fail to see how this would help fix bugs or anything alike.
Well, Firefox' tracking is usually meant for determining things like where did the installer came from and collecting feature usage data, while Google's is all about building marketing profiles to sell targeted ads. You decide how bad each of them is.
Like, people can’t see the difference between “telemetry” done by supermarkets by counting an approximate number of visitors vs the full-on knowing your childhood best-friends’ secret crush on you. There is eons of difference between the two.
I don't know how many folks will see this, and of those that do I don't expect many will necessarily be moved by what I say here. I'm going to say it anyways, however, and then I may never look at this thread again. I'm the person who designed the download token scheme that is discussed in this article, and, while I understand all of the concerns and suspicions, I believe that the way we designed this and the way we handle our telemetry data means that this is not the privacy violation some of you are claiming it is. Also, to be clear, I am speaking for myself here, these are my own thoughts and opinions, and I am not representing Mozilla in any official capacity.
So, a download token is a UUID associated with a unique download event. It gets generated when you click the 'download' link, added to the installer, and then passed through to the installed browser. It is returned to us in the telemetry pings that the browser sends back to our telemetry ingestion endpoints. When the download happens, on the server side we capture the download token and the GA session ID and store those in a table. There is nothing else stored in this table.
Having access to this table means that you can correlate the user's activity on the Mozilla website that GA provides with the telemetry data that Firefox sends us. The website activity contains URLs that the user visited, so we consider this "category 3" data (see https://wiki.mozilla.org/Data_Collection#Data_Collection_Cat...), quite sensitive. For that reason this table has highly restricted access, only a small number of individuals are able to get to it.
Access restrictions offer no protection against subpoenas, of course. But I believe you can safely maintain your anonymity by opting out of our telemetry gathering, because when you opt out of telemetry we delete all of the historical telemetry data we have collected for your Firefox profile. Everything, including all of the records that contain the download token.
If this happens, all we are left with is that original record with the download token and a GA session. The download token can no longer be correlated with your telemetry data, and we have no way of associating your Firefox installation with your GA session, not even under subpoena. And this is all assuming that you haven't blocked GA, or that you haven't specified 'Do Not Track' before visiting our website. If you've done either of those things, we won't have a GA session ID for you to begin with.
Oh, incidentally, we never store any IP addresses or other PII in our telemetry data. That all gets scrubbed during ingestion.
Again, I don't expect this to have much impact, but I'm sharing what I know to counter some of the more extreme claims that this removes the ability for Firefox users to remain anonymous.
Finally, we have the obvious question: Why we would even do this? Believe it or not, understanding your user base does actually have some value in serving that user base. For most of Firefox's existence, there has been no trustable feedback loop. Sure, folks out there in the world have opinions, and share them, but opinions differ, and anecdotes are not data. If one person thinks most users will like a particular change, and someone else thinks they won't, nobody can prove their point in any meaningful way. The folks making decisions about Firefox have been flying blind. And, as many of you in this thread have pointed out, it hasn't necessarily been going that well.
In Firefox's early years, there was lots of low hanging fruit, and the competition was a poorly maintained Internet Explorer, so it was easy to win a bunch of market share. Then Chrome came on the scene with their effectively limitless budget and famously data driven product process. We'll never match their budget, but we can try to make choices based on data instead of just letting whoever has the most organizational power decide. My team has spent the last few years building out a data infrastructure that we hope will support better decision making going forward while still trying to honor user privacy and choice. This is a tough balance to strike, and we're far from perfect, but we do our best.
Chromium-based browsers really bog down my MacBook, so I've been using Firefox instead. However, I tend to notice small bugs, and been wondering if there are other useful and lightweight browsers.
On the other hand, what I dislike about Safari is the hassle of installing extensions. Everything has to be installed through the App Store as an independent app.
Remember what happened when Firefox OS died? It was forked into KaiOS, which has become a superior product that actually found a market.
I will not mourn the death of Mozilla. When it collapses, may it be forked and turn into something decent by more competent leaders who don't give themselves multimillion dollar salaries and make pointless acquisitions.
My understanding of the GDPR is that it doesn't apply if the analytics are fully anonymized, and only partially applies if the analytics are pseudonymous[1]. It's exceedingly likely that one of these cases applies, since the ID in question is tied to a single Mozilla installation, not individual user or even browser profile.
At the same time IP addresses have been ruled to be personal information. They very clearly don't uniquely identify a person, but are close enough that it doesn't matter as the GDPR is concerned. Unique identifiers in general are murky waters.
In fact this is how you get past SmartScreen checks. Windows freaks out a lot more when it sees the same file being downloaded by lots of people, but if you make them all different, then it calms down.
How much R&D do you think Firefox squandered on making a custom installer generator for every download and being unable to cache the files on a cheap CDN?
Not much? I did exactly this when I worked on a really popular P2P file sharing client (at one point estimated to be installed on >15% of all PCs worldwide). It even improved our actual installs, but that is probably about just using an ultralight weight installer rather than having a tracking ID integrated into it. It literally took me a week. Granted, things were really fast and loose back then. It would probably take me 2 years and a team of engineers to do a similar thing at my current FANG job.
They don't need to hook an IP to a tracking code for this sort of testing?
From what they've said it's very basic information they're looking to collect. "This installer was downloaded on X date. The installer was then used and run on X date." sort of thing.
No IP is needed to check anything regarding that.
Attaching an IP in the process somewhere for tracking would only be needed if you were checking things on a deeper level. For example, where a user might download the installer but is downloading and sending it to someone else, where it gets installed on a different IP/system.
Is the current Mozilla CEO a plant by Google with the goal of driving Mozilla into the ground as much as possible? I don't understand how they can keep fucking up their business so badly.
I love this comment. It feels like it gets at the heart of a frustration that is otherwise difficult to articulate. I have passed it around to all those I know (with credit) in the hope that it helps them, too, at least name what they are facing as they struggle through bureaucratic morasses.
Even if you do 'install' and 'first run' tracking without the unique identifier you need to have consent for EU citizens before sending the tracking request to Mozilla. As the IP is transmitted you would already be sending what the regulations call 'personal data'.
The ID is just additional data that would probably be classified as PD (personal data) as well.
So even basic install tracking is a no go. I also just don't understand why this would be necessary. This wasn't the case for software for how many decades? It didn't necessarily transmit such information. If it was commercial you probably had something like license server stuff in the later days (before just a number that was checked for validation).
It probably became a thing when the mobile phone with app model rose. There the vendors (mostly Apple/Google) knew the downloads from the app stores and marketing wanted more. Especially when the pushed advertisements for apps.
So companies like Adjust rose to fame for tracking ad clicks to installs, first run and usage stats.
This probably led to others thinking it to be a great idea for general software as well.
1. Download installer from Mozilla from your home network - Mozilla now has your home IP and installer ID.
2. Transfer it via USB key to a secure, anonymous computer - one not linked to you, on a network not associated with you, such as public WiFi.
3. Install Firefox using that installer on said computer. It transmits the installer ID to Mozilla, which matches the one given to your home IP, thereby deanonymizing you.
4. Mozilla receives a warrant for this information, or it is hacked, or the organization is infiltrated by a single government or corporate spy.
Edit: It gets worse. Suppose a newspaper IT department takes care of providing Firefox and other trusted software installers to their reporters. Now Mozilla can determine who that newspaper helped with IT, such as journalists or sources. Or if you provide trusted software to your friends, Mozilla gets part of your social graph.