Firefox is trying to gain back user trust with this video: https://www.youtube.com/watch?app=desktop&v=O-xyNkvIB9g
This is a legit question: Should anybody trust Firefox again unless they put “we won’t sell your data” back into the privacy policy? I’m actually not sure if they haven’t already done so, let me elaborate:
https://brave.com/privacy/browser/ Brave: “We do not sell, trade, or transfer your information to any third parties.” This seems to obviously be in the legally binding text part. As is this one: “It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers.” (Disclaimer: I’m not a lawyer.)
However, for Firefox it seems ambiguous to me, which worries me: https://www.mozilla.org/en-US/privacy/firefox/#notice There is no appearance of “sell” in the entire privacy document, excpet for the top summary where i’m not sure if it’s at all legally non-binding.
Does anybody know if it is legally binding? If Mozilla were serious about it, why would they leave it ambiguous whether it is…?
Based on that, I’m not sure if Mozilla’s video about getting users back is worth trusting. I wonder if it’s just me.
Update for clarification: I’m not using Brave myself, and this isn’t a suggestion anybody should blindly do so.
FWIW I don’t recommend starting a post about selling data where the very first link points to a Google product.
Consider next time not linking to YouTube but instead the blog post that linked to it and ideally an alternative more privacy conscious frontend, e.g. invidious.
It seems like the official original source for this video is Youtube.
Use a Firefox fork that respects you
Can you suggest one? Obvious it’s not LibreWolf due to lack of respect.
What’s wrong with LW?
They broke saving passwords workflow and disabled that popup to do it.
You can turn it on in settings. I use it and it works fine.
Which version do you use?
I use the latest version. I also have resist fingerprinting disabled and sync enabled. It’s been a while so I don’t quite remember but I think one or both of those might be required for it to work. I know resist fingerprinting disables a lot of stuff so for convenience I disable it and instead use a JS blocker.
Unfortunately, you’re statement from before is wrong. Saving passwords is still broken. I just double-checked it Librewolf on the latest 148.0.2.2 version. By saving password I mean the “Ask to save passwords” in Private & Security settings. Librewolf completely ignores it. Librewolf folks do some very stupid UI things with their fork.
That’ll eventually die the same way Firefox does because forks only survive by way of subsidized capabilities off of the work of the Firefox engineering team.
There is no winning here.
i’m going to be one of the last holdouts; refusing to switch to a chromium based browser. lol
https://brave.com/privacy/browser/ Brave: “We do not sell, trade, or transfer your information to any third parties.” This is obviously in the legally binding text part.
This is only for data that the user transmits to them in conjunction with feedback.
Here’s another quote: “It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers.” That one isn’t in the feedback section.
For them to sell your data, they need to collect it first. And as of now, all data collection can still be opted out of.
I need to manually opt out?
That’s fair, but that requires the trust that they won’t add any collection without telling people. And it seems like they kind of want a license for all data I enter into the browser, which again Brave doesn’t seem to do. It’s like Mozilla is going out of their way to look shady and to harm trust. It’s sad. I’ve been using Firefox for a looong time until I left it behind.
trust that they won’t add any collection without telling people.
It’s open source so you can inspect it. If you don’t know how to do that you can pay for a 3rd party audit.
Also if it were to be found out, even without being open source via some pack inspection (e.g. using a software that checks if data is being sent to a server, e.g. imagine starting Firefox on a virtual machine then checking if any data goes to e.g.
firefox.com) and it were to be published then their entire brand would be dead. So rationally speaking I don’t think that’s a worthwhile bet.Do you audit every release of any open-source program you use before you run it?
Open-source alone isn’t enough if the creators are known to do weird things.
I know you ask this question in jest but basically it cascades, e.g. if I trust Debian or F-Droid, then I trust that the applications they include in their distribution or store is both secure enough (no piece of software is perfectly secure) and actually does what it say it does. In turn I believe they do the same, namely that initially when an application is added to their collection, they do review the application and the code yes. Then each update is only a gradual check, if ever done, assuming nothing special happened, e.g. no main maintainer change. If it’s far from perfect, and as somebody linked else there are limits (e.g. https://en.wikipedia.org/wiki/XZ_Utils_backdoor ) but in “normal” situations it’s enough for me.
Anyway that’s just my perspective on the matter, on your problem specifically after a brief ~5min search I haven’t found exactly what you are looking for but here are still some examples of what I do find helpful :
- IMHO very close but limited to Android https://reports.exodus-privacy.eu.org/en/reports/org.mozilla.firefox/latest/ and only technical, not about the “business” side, still it shows what is potentially collected and thus sold back
- example of 3rd party security audit on the accounts part of Firefox https://blog.mozilla.org/security/2017/07/18/web-service-audits-firefox-accounts/
- some publication from that 3rd party https://cure53.de/#publications-2024 but not specific to Firefox
- what Mozilla itself sponsored in terms of auditing other open source software https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed
Those though are mostly around security. They are definitely linked to privacy but still distinct. If I genuinely cared about the topic I would directly ask if organizations, non-profits, etc do think about the topic, e.g. Access Now, EFF, Exodus Privacy.
If by any chance you do find something helpful there please do share back.
Those are useful, thanks. But still, I personally think you shouldn’t run software that accesses such intricate personal information if you don’t trust it, if it can be updated to change to grab all that data. Especially since Mozilla seems to potentially give itself a license to all your data, apparently.
you shouldn’t run software that accesses such intricate personal information if you don’t trust it, if it can be updated to change to grab all that data.
Yes, and you should also brush and floss your teeth, do physical activities, buy local produces, recycle everything, do your due diligence on all political candidates, etc, etc. In practice we ALL have to make pragmatic choices. There are not a lot of browsers and basically for fully featured engines there are (arguably) only 2, Chromium by Google and Firefox by Mozilla. One is an advertising for profit company, the other is not. If you genuinely care a lot about privacy though you might not have to use either, you might be perfectly fine with much simpler browsers like Links or even lynx and I can tell you with a lot greater confidence that there no data will leak. You can also containerize your browser using e.g. https://docs.linuxserver.io/images/docker-webtop/ and then run within there whatever you want.
since Mozilla seems to potentially give itself a license to all your data, apparently.
That’s not correct, you mean some data from your browser usage. I think it’s important to be precise here otherwise through shortcuts you try to convince yourself, and others, about a problematic situation that just does not exist.
So which browser do YOU trust and why?
While I can understand not wanting to trust corporations and Mozilla has definitely become more corporate over the years, if they ever start to collect data without the ability to opt out, by (european) law, they need to inform the user about the data collection. So for now, I don’t see much reason to be alarmed.
They collect personal data before you even have the chance to opt out which is a clear violation of the GDPR. They promise to delete it within 30 days when you opt out, but is was collected nonetheless.
The reasoning for Firefox changing their policy is that legally, in some jurisdictions, a sale of data is very ambiguous.
They are sending a “count of active users” to advertisers, which their legal team thinks counts as a sale of private data.
Is this good enough a reason? Up to you really. Their policy is fairly wide open for further actual data sales now, it certainly gives me an itchy feeling.
So why can Brave still have that clause? That’s what I don’t get. I also feel like Mozilla could try to do something like “we don’t ever sell your data, except this one corner case” and just explain it, but it seems like they didn’t even bother. (I could be completely misunderstanding things and perhaps I’m being unfair here. It’s just how it comes across to me as an uninformed doofus.)
You’d have to ask Braves lawyers. It could just be that Mozilla is more risk averse, perhaps brave thinks they won’t be sued.
It would be nice if they were clearer, but I think they don’t want to (or legally cant) define exactly what they do.
Maybe I’m just an old, cynical man (I’m 44) but it’s not like their policy forces them to follow it, I mean why trust that “they promised they won’t do it in their policy” means they won’t just do it anyway without telling anyone?
I think it’s mostly a defence against getting sued if they got caught. Chrome can point at their policy and get the case dismissed, Firefox would have to defend it in court and risk losing.
But you are absolutely correct, privacy policy’s are only as binding as your ability to enforce them, and you and I don’t really have any means to enforce them against a large Corp.
I switched to waterfox, I will never trust Mozilla again for a wide variety of reasons.
The problem with forks is that you need to trust the original party (Mozilla) AND the developer of the fork. Also, that fork will inevitably lag in security updates coming from the original party.
Firefox is still pretty customizable with user and enterprise policies, and most telemetry can be disabled. They have shown that they listen to their userbase, even if capitalism forces the for-profit part to make cuestionable decisions.
Problem with FOSS movement happened is not all parts are self sustainable. Which leads to market fit revenue system which is basically selling data as of now. Hope this changes in future.
I think when they defended the removal they said they changed it because the definition of “sell” was quite broad in some jurisdictions
Have you tried waterfox?
Owned by an advertising company
No, that has changed since almost 3 years.
Source: https://www.waterfox.com/blog/a-new-chapter-for-waterfox/
Please verify before you accidentally spread misinformation.
I was not aware this, will edit the comment. Thank you!
Buying the company usually means buying all of their user information as well. Other companies can change their policies too. I think you should judge them by their actions, and give them a chance to answer your questions before you condemn them.
(Did you try asking them about your concerns?)
Since there are alternatives, I don’t find that argument too compelling. I’m hoping people will continue to speak up about this though. Ideally I would want Mozilla to do better with their policy, assuming they actually act nice and just aren’t very good at making their policy sound like it.
Very funny to mention Brave like it’s a normal browser.
Why wait for that to start distrusting FF https://lemmy.ml/c/librewolf
Yeah I always love seeing Brave being mentioned as the better alternative to any browser.
Marketing works…
Reality does too.
Debatable
OP works for Brave. Original post is just an ad.
I use Librewolf myself, but I’m concerned about upstream Firefox dying so this whole situation frustrates me. The only reason I mention Brave is because Brave is also a company (unlike Librewolf) and has a Terms of use to compare Mozilla to (unlike Librewolf).
I just know from a privacy standpoint that I always understood Brave to be a hardcore no even dating back to 2018.
That could be true, I honestly don’t know. The crypto stuff in Brave definitely seems weird.
Could you link where they say that?
Regardless, they are afflicted by Lawyer Brain and need to hike it to BlueSky
They legally cannot state that they will not sell data, because - according to some states’ laws - things like “XX% of users utilise Google as their primary search engine” is already “selling user data”.
Because they use user data to calculate that percentage, and it’s being used in relationship with Google who is paying Mozilla.
If this one corner case is the reason, why doesn’t Mozilla put it into the legal text? I feel like the ambiguity hurts their position here. That Mozilla is silent about specifics in the legal text, seems rather scary to me.
Because it’s not one corner case. There are multiple - they have other sponsors and advertisers.
I meant specifying the corner case of what exact type of data is shared, not an exhaustive list of companies it’s shared with that would inevitably go out of date.
I meant specifying the corner case of what exact type of data is shared
You mean this?
not an exhaustive list of companies
You mean this?
that would inevitably go out of date.
They, and everybody else who shares user data, are legally obligated to keep track of said data and have that published and available for both users and other companies.
“Technical data”, “Interaction Data”, very specific, uh-uh. (I’m being sarcastic.) The latter especially sounds like it can be literally a keylogger.
I would love for Mozilla to fix this, which is why I try to be pragmatic and concrete. But so far, they don’t seem willing to do so.
I would love for Mozilla to fix this, which is why I try to be pragmatic and concrete. But so far, they don’t seem willing to do so.
Here’s the problem - people don’t care if the information is there or not. Microsoft has been disclosing their required telemetry data for years and people still thing it’s an invasion of their privacy.
Take you for example - I gave you a source, you checked 1/3rd of the information in it and started complaining.
Why am I assuming you didn’t bother to read the whole thing? Because you’re claiming that “technical data” is too obscure of a term to figure out what it is. “Interaction Data”, in your words, “can be literally a keylogger”, right? Well, it’s very clearly defined in the table:
Click counts, impression data, attribution data, how many searches performed, time on page, ad and sponsored tile clicks.
Which of these would you consider to be “literally a keylogger”, hmm?
Point taken and I appreciate the correction, but it still seems to include e.g. all URLs which could leak all your search queries and other rather invasive conclusions. If anything, this makes me feel like it confirms Mozilla does sell data it shouldn’t.
Lynx doesn’t sell your data, use it
Don’t trust them. Trust open-source.
Use forks, and donate to known projects that exist for (at least) a few years.
Shit post
Frustration post
