Except companies like Mozilla and Google (even Microsoft) don't give that data to those companies, and have no incentive to do so. Indeed, to a company like Google that would be corporate suicide as it would undermine their main source of revenue. Google's money comes from being a middle man, they want to keep their competitive advantage (your data to target ads) secret more than you do.
1) "Google [...] doesn't give that data to those companies". What about selling that data? That's in line with what you call "being a middle man" I think.
2) "[they] have no incentive to do so". They have no incentive in trumpeting that they are doing it. But without having read their ToS, I'm sure they got that covered.
Of course this is pure speculation and I have exactly zero proof that this is the case. I would actually never have believed those claims 6 months ago, but today, I wouldn't be surprised.
So you admit not even having read the ToS, but now you're ready to believe that it happens, despite the fact that (for example) Google has a fairly straightforward privacy policy that enumerates what they use data for: http://www.google.com/policies/privacy/
As the person who originally replied to you mentioned: it'd be political suicide for Google to provide the information they use for their own ad targeting to others, even for a fee, beyond users' explicit consent. It'd also be business suicide, given that it would allow people to cut Google out of the loop, rather than using Google as the advertising platform.
> 1) "Google [...] doesn't give that data to those companies". What about selling that data? That's in line with what you call "being a middle man" I think.
1) Nobody really actually wants to buy that data in the first place. Companies that buy ads just want to sell you shit, they really, really don't care about you in the slightest. Sorry, but your personal information by itself isn't actually worth a damn thing. Hell, if companies were willing to pay for my browsing history I'd sell it to them myself.
2) Why on earth would Google sell one of its advantages? If Google sold data Facebook or Microsoft would buy all of it in a snap and Google would be screwed.
lots of toolbar companies and plugin companies sell your search data to websites like magnetic.com for search re-targetting. So even if they dont sell directly there are still many ways they can get there dirty hands on your data.
What hannibal5 says: Trackers are there after you're off of Google's site(they know whether you've been bad or good, so be good for goodness' sake), and Firefox doesn't need to phone home to Mozilla for your browser to enable others to track you.
In other words, neither Google nor Mozilla has to be involved to track you.
Let me lay out a specific scenario.
It's easy enough for insurance companies (or a 3rd party who's willing to sell that data to an insurance company) to run genuinely informative health sites that have good rankings on Google's SERP, and thus get high clickthrough. Such a site can on clickthrough set a cookie on your client for you, and/or fingerprint your browser (c.f., EFF's panopticlick), and/or use an ETag as a 'cookieless cookie'/browser identifier.
Once they've got a way to identify past behavior for a browser (i.e., look up health concerns for an identifier), they have something to sell to insurers.
Okay, well, clicking on an organic result is a weak signal of health risk / pre-existing condition, all you know is they ended up on a page.
Suppose you, as an insurer, want a stronger signal of whether the person using that browser has a health risk/pre-existing condition. Just put out some AdWords. Here's where Google really helps a website build valuable, saleworthy data.
Search for something:
https://www.google.nl/#q=breast+check
Click adwords ad for breastcancer.org
Opens a page to: http://www.breastcancer.org/symptoms/testing/types/self_exam/bse_steps?gclid=CMC0rI74uLkCFQSS3godSSAA_Q
With this value in the HTTP request's Referer header:
http://www.google.nl/aclk?sa=l&ai=CA_XBGe0qUqOhD4e--QbWkoHoBqzGitEBlN6ongr-x6YMCAAQAVCVu9RFYJGEk4X8F6AB7qeO_wPIAQGqBCBP0MOny_HlmSNBJ-QDgpzV0OqbNNjg7FAjv3nX9hy9u4AH-tdx&sig=AOD64_1DSbXWQm-KpW0fMRFiY3lcjn3kQg&rct=j&q=breast+check&ved=0CCwQ0Qw&adurl=http://www.breastcancer.org/symptoms/testing/types/self_exam/bse_steps.jsp
I was logged into my Google account while I did this.
Google empties the Referer for organic results always (if I've read&remembered correctly, for a few years they scrubbed Referer only for logged-in users, as a privacy boon). But they still leave it for their paying advertisers!
So, if you run breastcancer.org and put out some ads and are selling your data to insurers, you now can link search terms to impressions to clickthroughs to a browser identifier. Then you just need to offer a low-latency service that serves the insurer a list of health conditions for which a particular browser seems to be at-risk for.
Note that all of this works end-to-end, so SSL/TLS doesn't prevent the host serving a clickthrough from sharing data.
The part where your browser is identifiable (uses etags, sends cookies, presents a consistent fingerprint) is the weakest link.
Disclaimer: I have no reason to believe breastcancer.org is anything but altruistic, I just needed to find a medical condition for which there was a clickable AdWords ad and which is expensive to treat.
So your scenario doesn't exist.