283
Firefox has a lot of issues, but maybe we don't have any other option.
(www.bleepingcomputer.com)
A place to discuss the news and latest developments on the open-source browser Firefox
Mozilla thinks so poorly of PPA data collection that they didn't tell their users, and then basically said their users were too stupid to be told. Consider, they hid this from their user base then Google hid "privacy sandbox" from theirs.
If you don't consider this an indication of Mozilla's bad will, and I'm not sure why you would ignore it, Mozilla FakeSpot already sells private data to ad companies. Directly.
Which this objectively is not. In what universe are advertisers going to use this instead of, not in addition to, other telemetry? Especially because this is a proprietary technique that works on 3% or less of browsers, whereas advertisers that cared about privacy could have just used different URLs in their ads to do their own private telemetry.
At best, this introduces data funneling through Mozilla corporate servers for no functional purpose.
They didn't really hide it, they just didn't advertise it. It was in the release notes, hence why the media picked up on it. And on release, there was a checkbox in the normal settings to opt-out, so it's honestly not that bad.
That's an opt-in extension, it's not part of the core browser. I honestly don't know much about it, and their privacy policy isn't appealing, so I won't use it. If it becomes part of Firefox by default, I'll disable it.
What telemetry is this providing? AFAIK, Mozilla isn't providing any kind of personalized info, it's merely aggregated data.
And the reason they'd pick this is to get access to privacy-minded people who would otherwise block their ads, but may choose to exempt these ads. Mozilla has some anti-tracking features, and there's a significant subset of Firefox users that block ads out of principle of avoiding tracking. If websites want to get some of that advertising revenue, they'll comply. That benefits all Firefox users, because some sites may choose to use this method of targeted ads, which still provides the site with ad revenue without providing the advertisers with details on their customers.
That's the idea here. It's not going to happen on day 1, but having the capability means Mozilla can pilot it and see if websites are interested. And it's possible Mozilla's ads are more relevant because they have access to browsing history, not just whatever advertisers were able to figure out from their network of ads.
Which the average person doesn't read. That's how you hide it.
They hit it worse than Google. You know, Google. The advertising company, Google.
They hit it worse than Brave.
That checkbox should have been unchecked and not given a label that hides the true intent of the data gathering. The same way Google (as previously mentioned) also wraps their extra data gathering in the label of "privacy."
The terrible rollout, and the terrible corporate response, should be enough to give any person pause about trusting Mozilla. And in slurping up private telemetry, that is what Mozilla Corp requires from you: even more trust.
When a company goes behind your back, gets caught, and then tells you to trust them, do you trust them?
That's the sneaky part about Mozilla's careful marketing scheme. They collect data that is personal, they just pinky promise that they won't release anything but aggregate data once they've finished slicing and dicing this private data.
I'm talking about the corporate subsidiary that sells private data directly to advertisers. It sells browsing and search history. It is part of Mozilla, and I see very little separating its privacy practices from everything people unknowingly pipe into Mozilla servers through Firefox.
Again, if advertisers can already reach privacy-minded people without using Mozilla Corp as an intermediary, why wouldn't they do that and reach 100% of people? In what universe does a browser with a dwindling user base encourage anybody to use their proprietary tracking solution?
Here's a chart.
If you trust the advertiser, they can do it on their own. If you don't trust the advertiser, why would you trust them to partner with a data slurping company?
I think it's pretty clear, the checkbox reads: "Allow websites to perform privacy-preserving ad measurement." There's also a link that explains what that means.
The real issue is that there should've been an advertisement that the option exists. I found it by reading release notes (I'm a nerd and am interested), but as you said, a lot of people don't read those. However, the impact here is also pretty low, since AFAIK companies aren't actually using this ATM, and generally speaking the data should stay with Mozilla. The official doc says:
I disagree that it should've been unchecked, because that completely kills the whole point of this pilot program. Perhaps it should only be there for people who have allow being part of surveys.
I don't think they've done that. I don't think there was anything malicious here, they just didn't think it was relevant to inform all users about, probably because only a handful of sites are using it.
So they haven't lost my trust. I was much more frustrated with their Pocket rollout than this, because Pocket really felt like it should've been a separate, opt-in service.
I will agree that Mozilla has made some questionable choices in the past, but this one doesn't really stand out to me. Maybe I trust them too much when they say no personalized data leaves my machine (but I have yet to see any evidence that it does).
But only if you use the extension. Mozilla doesn't collect that data w/o the extension being installed. If I opt-in (or not opt-out) to the PPA feature, that data will not go to that subsidiary, nor will it be associated with me in any way if it's ever provided to third parties. At least that's my understanding.
Mozilla isn't an advertiser. Google and Brave are. So Mozilla is far more likely to limit what access to data advertisers have, so I'll trust them way more than Brave or Google.
Instead of removing it, I think Mozilla should expose some tools so ad-blockers can optionally allow privacy-respecting ads with some metadata (maybe that exists?).
Nowhere does this explicitly state that Mozilla receives non-anonymous information from the user. If anything, they do their damnedest to obfuscate this fact.
But yes, I am shocked that they did not notify their users, and I am even more shocked that they use the excuse of being too confusing, especially after the collection of pop-ups I have found them display on far more trivial things in the past.
Mozilla FakeSpot is Mozilla. Their privacy policy specifically states that data can be transferred to their parent company, and it also states that data is sold to advertisers. On the other side, Mozilla's privacy policy says that "Firefox temporarily sends Mozilla your IP address, which we use to suggest content based on your country, state, and city. Mozilla may [read: will] share location information with our partners"...
I'm not a lawyer, so I don't even know if Mozilla considers Mozilla FakeSpot to even be a partner or just a core component of the company.
Mozilla now owns a subsidiary that sells geolocation and browsing history information to advertisement companies. Mozilla now owns a subsidiary that processes advertisements. Mozilla's Firefox browser now contains a data aggregation and reporting utility that's turned on by default.
If that's not an ad company, what is? Brave is one too.
I think it's irrelevant provided the only data FakeSpot sends to advertisers comes from data it collects on its own, and not from data Mozilla has collected from other sources (e.g. PPA). Those should always be separate.
Well yeah, they have their own search engine, and they place ads on webpages, so they're absolutely an ad company, since that's their core revenue stream.
With Mozilla, it's a bit trickier because they don't directly place ads, and the PPA feature is still in an evaluation phase. Pocket is certainly an ad-based product, and Fakespot definitely seems like one, so I guess there's an argument there? But the vast majority of Mozilla's money comes from Google for search. Is that advertising revenue? Kind of?
Mozilla is a weird company. I'd rather them be an independent, privacy-focused ad company instead of reliant on search deals, provided they can handle ads in a privacy-friendly way. I'd prefer them to offer a replacement for ads, where users could pay whatever the ads are earning for the website instead of seeing the ads, and I see this as a step toward that. If Mozilla controls the data collection and potentially ad selection, they could also theoretically offer customers a way to pay to drop that nonsense. That's my horse in this race.
Mozilla is explicit that Mozilla FakeSpot gives Mozilla Corporation private data. Assuming Mozilla would behave well, especially given all the evidence to the contrary, sounds like wishful thinking>
Mozilla also runs the ad company Mozilla Anonym, and now they traffic in other people's data.
I feel like I'm a broken record, but I've said again and again that Mozilla sells geolocation and browsing data to ad companies.
This is the face Mozilla is presenting to you: The face of privacy violation.
There is no reason to assume Mozilla will change now. They had months and months to rewrite the Mozilla FakeSpot privacy policy. They decided to spit in the faces of consumers instead.
Huh, that's a pretty recent acquisition. I guess we'll see what they do with it.
But isn't this only if you opt-in to their extension? I don't, have never, and probably will never use that extension.
But I guess we'll see if they'll amend the privacy policy of FakeSpot and stop the sale of personal data to advertisers, which would be in-line with the privacy policy on the rest of their services. But that absolutely is my line in the sand. If they integrate FakeSpot with that terrible privacy policy into Firefox, I will leave to a different browser. I sincerely hope they just haven't fully integrated the FakeSpot org into Mozilla, though their Privacy Policy was updated in Jan of this year, over 6 months after the acquisition.
Maybe Mozilla won't change. I don't know. What I do know is they're currently the best option for an open web. If they fumble that, I guess I'll go try using something like Konqueror again. But until that happens, I'll just avoid their services that violate my privacy.
Wait and see...
FakeSpot was the last "Wait and See" moment I experienced as Mozilla fans told me Mozilla would fix their terrible privacy policy.
They did not.
Perhaps you also missed their recent round of firing employees, which they attempted to pin on an executive with cancer who spoke out against disproportionately firing minorities too...
Yeah, some sketchy things for sure. But at least for now, they don't seem to be messing with Firefox, and that's the only product from them I use.