Firefox is trying to gain back user trust with this video: youtube.com/watch?app=desktop&…
This is a legit question: Should anybody trust Firefox again unless they put "we won't sell your data" back into the privacy policy? I'm actually not sure if they haven't already done so, let me elaborate:
brave.com/privacy/browser/ Brave: "We do not sell, trade, or transfer your information to any third parties." This seems to obviously be in the legally binding text part. As is this one: "It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers." (Disclaimer: I'm not a lawyer.)
However, for Firefox it seems ambiguous to me, which worries me:
... Show more...Firefox is trying to gain back user trust with this video: youtube.com/watch?app=desktop&…
This is a legit question: Should anybody trust Firefox again unless they put "we won't sell your data" back into the privacy policy? I'm actually not sure if they haven't already done so, let me elaborate:
brave.com/privacy/browser/ Brave: "We do not sell, trade, or transfer your information to any third parties." This seems to obviously be in the legally binding text part. As is this one: "It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers." (Disclaimer: I'm not a lawyer.)
However, for Firefox it seems ambiguous to me, which worries me: mozilla.org/en-US/privacy/fire… There is no appearance of "sell" in the entire privacy document, excpet for the top summary where i'm not sure if it's at all legally non-binding.
Does anybody know if it is legally binding? If Mozilla were serious about it, why would they leave it ambiguous whether it is...?
Based on that, I'm not sure if Mozilla's video about getting users back is worth trusting. I wonder if it's just me.
Update for clarification: I'm not using Brave myself, and this isn't a suggestion anybody should blindly do so.
The Brave browser is designed to not know who you are, or what sites you visit. Brave does not store any record of users’ browsing history. Brave does not write any personal data to the blockchain.
Brave
Jay🚩
in reply to ell1e • • •Delilah
in reply to ell1e • • •Angelus7f
in reply to Delilah • • •The problem with forks is that you need to trust the original party (Mozilla) AND the developer of the fork. Also, that fork will inevitably lag in security updates coming from the original party.
Firefox is still pretty customizable with user and enterprise policies, and most telemetry can be disabled. They have shown that they listen to their userbase, even if capitalism forces the for-profit part to make cuestionable decisions.
Delusion6903
in reply to Angelus7f • • •Alaknár
in reply to ell1e • • •They legally cannot state that they will not sell data, because - according to some states' laws - things like "XX% of users utilise Google as their primary search engine" is already "selling user data".
Because they use user data to calculate that percentage, and it's being used in relationship with Google who is paying Mozilla.
ell1e
in reply to Alaknár • • •Alaknár
in reply to ell1e • • •ell1e
in reply to Alaknár • • •Alaknár
in reply to ell1e • • •You mean this?
You mean this?
They, and everybody else who shares user data, are legally obligated to keep track of said data and have that published and available for both users and other companies.
Firefox Privacy Notice
Mozillaell1e
in reply to Alaknár • • •"Technical data", "Interaction Data", very specific, uh-uh. (I'm being sarcastic.) The latter especially sounds like it can be literally a keylogger. Update: it isn't, see response, but it e.g. seems to include all sites and sub pages visited which already seems fairly bad.
I would love for Mozilla to fix this, which is why I try to be pragmatic and concrete. But so far, they don't seem willing to do so.
Alaknár
in reply to ell1e • • •Here's the problem - people don't care if the information is there or not. Microsoft has been disclosing their required telemetry data for years and people still thing it's an invasion of their privacy.
Take you for example - I gave you a source, you checked 1/3rd of the information in it and started complaining.
Why am I assuming you didn't bother to read the whole thing? Because you're claiming that "technical data" is too obscure of a term to figure out what it is. "Interaction Data", in your words, "can be literally a keylogger", right? Well, it's very clearly defined in the table:
Which of these would you consider to be "literally a keylogger", hmm?
ell1e
in reply to Alaknár • • •Alaknár
in reply to ell1e • • •Which one? Interaction data? It literally cannot, or it would've been stated there.
Yes, I know. That's because you don't really understand what you're reading here.
These are not just "pinky promise" lists. These are legally binding lists of data types being shared and the data sub-processors. If you find anything incorrect there, you basically get free money in a lawsuit.
Sub-Processor - GDPR Summary
GDPR Summaryell1e
in reply to Alaknár • • •CameronDev
in reply to ell1e • • •The reasoning for Firefox changing their policy is that legally, in some jurisdictions, a sale of data is very ambiguous.
They are sending a "count of active users" to advertisers, which their legal team thinks counts as a sale of private data.
Is this good enough a reason? Up to you really. Their policy is fairly wide open for further actual data sales now, it certainly gives me an itchy feeling.
ell1e
in reply to CameronDev • • •CameronDev
in reply to ell1e • • •You'd have to ask Braves lawyers. It could just be that Mozilla is more risk averse, perhaps brave thinks they won't be sued.
It would be nice if they were clearer, but I think they don't want to (or legally cant) define exactly what they do.
iamtherealwalrus
in reply to CameronDev • • •CameronDev
in reply to iamtherealwalrus • • •I think it's mostly a defence against getting sued if they got caught. Chrome can point at their policy and get the case dismissed, Firefox would have to defend it in court and risk losing.
But you are absolutely correct, privacy policy's are only as binding as your ability to enforce them, and you and I don't really have any means to enforce them against a large Corp.
Quacksalber
in reply to ell1e • • •ell1e
in reply to Quacksalber • • •Quacksalber
in reply to ell1e • • •utopiah
in reply to ell1e • • •It's open source so you can inspect it. If you don't know how to do that you can pay for a 3rd party audit.
Also if it were to be found out, even without being open source via some pack inspection (e.g. using a software that checks if data is being sent to a server, e.g. imagine starting Firefox on a virtual machine then checking if any data goes to e.g.
firefox.com) and it were to be published then their entire brand would be dead. So rationally speaking I don't think that's a worthwhile bet.ell1e
in reply to utopiah • • •Do you audit every release of any open-source program you use before you run it?
Open-source alone isn't enough if the creators are known to do weird things.
utopiah
in reply to ell1e • • •I know you ask this question in jest but basically it cascades, e.g. if I trust Debian or F-Droid, then I trust that the applications they include in their distribution or store is both secure enough (no piece of software is perfectly secure) and actually does what it say it does. In turn I believe they do the same, namely that initially when an application is added to their collection, they do review the application and the code yes. Then each update is only a gradual check, if ever done, assuming nothing special happened, e.g. no main maintainer change. If it's far from perfect, and as somebody linked else there are limits (e.g. en.wikipedia.org/wiki/XZ_Utils… ) but in "normal" situations it's enough for me.
Anyway that's just my perspective on the matter, on your problem specifically after a brief ~5min search I haven't found exactly what you are looking for but here are still some examples of what I do find helpful :
- IMHO very close but limited to And
... Show more...I know you ask this question in jest but basically it cascades, e.g. if I trust Debian or F-Droid, then I trust that the applications they include in their distribution or store is both secure enough (no piece of software is perfectly secure) and actually does what it say it does. In turn I believe they do the same, namely that initially when an application is added to their collection, they do review the application and the code yes. Then each update is only a gradual check, if ever done, assuming nothing special happened, e.g. no main maintainer change. If it's far from perfect, and as somebody linked else there are limits (e.g. en.wikipedia.org/wiki/XZ_Utils… ) but in "normal" situations it's enough for me.
Anyway that's just my perspective on the matter, on your problem specifically after a brief ~5min search I haven't found exactly what you are looking for but here are still some examples of what I do find helpful :
Those though are mostly around security. They are definitely linked to privacy but still distinct. If I genuinely cared about the topic I would directly ask if organizations, non-profits, etc do think about the topic, e.g. Access Now, EFF, Exodus Privacy.
If by any chance you do find something helpful there please do share back.
backdoor discovered in 2024
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)ell1e
in reply to utopiah • • •The linked reports don't seem too useful since 1. the first one seems some automated scan not a code review, and 2. the second one is "Firefox Accounts" and not a browser code review. My apologies if I"m missing something.
I personally think you shouldn't run software that accesses such intricate personal information if you don't trust it, if it can be updated to change to grab all that data. ~~Especially since Mozilla seems to potentially give itself a license to all your data, apparently.~~ Update: This seems to only apply to "Mozilla Accounts", my apologies for the error: mozilla.org/en-US/about/legal/…
Firefox Cloud Services: Terms of Service
Mozillautopiah
in reply to ell1e • • •
... Show more...Yes, and you should also brush and floss your teeth, do physical activities, buy local produces, recycle everything, do your due diligence on all political candidates, etc, etc. In practice we ALL have to make pragmatic choices. There are not a lot of browsers and basically for fully featured engines there are (arguably) only 2, Chromium by Google and Firefox by Mozilla. One is an advertising for profit company, the other is not. If you genuinely care a lot about privacy though you might not have to use either, you might be perfectly fine with much simpler browsers like Links or even lynx and I can tell you with a lot greater confidence that there no data will leak. You can also containerize your browser using e.g. docs.linuxserver.io/images/doc… and then run within there whateve
Yes, and you should also brush and floss your teeth, do physical activities, buy local produces, recycle everything, do your due diligence on all political candidates, etc, etc. In practice we ALL have to make pragmatic choices. There are not a lot of browsers and basically for fully featured engines there are (arguably) only 2, Chromium by Google and Firefox by Mozilla. One is an advertising for profit company, the other is not. If you genuinely care a lot about privacy though you might not have to use either, you might be perfectly fine with much simpler browsers like Links or even lynx and I can tell you with a lot greater confidence that there no data will leak. You can also containerize your browser using e.g. docs.linuxserver.io/images/doc… and then run within there whatever you want.
That's not correct, you mean some data from your browser usage. I think it's important to be precise here otherwise through shortcuts you try to convince yourself, and others, about a problematic situation that just does not exist.
So which browser do YOU trust and why?
webtop - LinuxServer.io
docs.linuxserver.ioell1e
in reply to utopiah • • •Voxel
in reply to Quacksalber • • •yeehaw
in reply to Quacksalber • • •Libb
in reply to ell1e • • •Trust is hard to gain, very easy to lose. And much harder to regain, once its lost.
I have been a Firefox user since... its Mosaic days. And even after Chrome became a thing, FF remained my default choice. It was just my browser, I would shrug at anyone telling me Chrome was so much better.
Alas, their recent switch in regards to data/ads and after that their focus on AI, after a few previous decisions of them that quite worried me too, convinced me to do what I had never imagined I would do: replace FF as my default browser.
I now use Waterfox, and if Firefox is still installed on my Linux box I have not used it since (I'm a liar: I clicked it once, out of habit). I just don't feel comfortable using it, it's not my browser anymore. It's just a browser, like Chrome or Edge, some corp is trying to force feed me, and to screw me with. Thx, but no.
I would love to see FF change path and regain my trust. But this will take some efforts.
nymnympseudonym
in reply to Libb • • •Same boat. Used Mozilla since back when you had to futz to get it to compile.
Fuck Mozilla. Fuck FireFox.
LibreWolf fixed what the Foundation and Board enahittified.
Libb
in reply to nymnympseudonym • • •I feel more sadness than anger. Like I feel a lot more sad realizing younger people will probably not be able to experiment a free and truly personal web, like the elders among us did. That corporate-free Web used to be the norm... with its clumsiness and its many quirks, its ability to tolerate conflicting opinions too. Now, everything is policed and so... neutered. It's also ad-saturated. It has turned into a TV, just worse.
Seeing Mozilla take that pitiful road made we feel a lot more sadness than anger, really. They were one of the few that were supposed to stand for another model. But I was not that surprised either...
nymnympseudonym
in reply to Libb • • •freedickpics
in reply to Libb • • •Libb
in reply to freedickpics • • •I remember that too.
BTW, Waterfox is a fork of FF ;)
freedickpics
in reply to Libb • • •Zagorath
in reply to freedickpics • • •tomiant
in reply to Libb • • •sidebro
in reply to Libb • • •Libb
in reply to sidebro • • •tomiant
in reply to Libb • • •utopiah
in reply to tomiant • • •Interesting, it's also not a chapter in browser.engineering/
That being said I imagine Google messed up the whole landscape with its Manifest V3 situation.
Also I imagine after a certain expertise threshold, one can relatively easily re-create an addon themselves. I'm thinking people who are familiar with Tridactyl or GreaseMonkey might not be as sensitive as this problematic.
Web Browser Engineering
browser.engineeringTywèle
in reply to ell1e • • •This is only for data that the user transmits to them in conjunction with feedback.
Browser Privacy Policy | Brave
Braveell1e
in reply to Tywèle • • •BoblinTheGoblin [none/use any]
in reply to ell1e • • •zebidiah
in reply to ell1e • • •Liketearsinrain
in reply to zebidiah • • •Voxel
in reply to Liketearsinrain • • •No, that has changed since almost 3 years.
Source: waterfox.com/blog/a-new-chapte…
Please verify before you accidentally spread misinformation.
A New Chapter for Waterfox
Alex Kontos (Waterfox)Liketearsinrain
in reply to Voxel • • •mspencer712
in reply to ell1e • • •Buying the company usually means buying all of their user information as well. Other companies can change their policies too. I think you should judge them by their actions, and give them a chance to answer your questions before you condemn them.
(Did you try asking them about your concerns?)
ell1e
in reply to mspencer712 • • •DJ Putler
in reply to ell1e • • •Very funny to mention Brave like it's a normal browser.
Why wait for that to start distrusting FF lemmy.ml/c/librewolf
nothx [he/him]
in reply to DJ Putler • • •Yeah I always love seeing Brave being mentioned as the better alternative to any browser.
Marketing works…
Voxel
in reply to nothx [he/him] • • •nothx [he/him]
in reply to Voxel • • •undone6988
in reply to DJ Putler • • •Rose
in reply to undone6988 • • •DJ Putler
in reply to Rose • • •ell1e
in reply to undone6988 • • •undone6988
in reply to ell1e • • •ell1e
in reply to undone6988 • • •ClathrateG [none/use name]
in reply to ell1e • • •bourgeoisie_burgers [none/use any]
in reply to ell1e • • •chi-chan~
in reply to ell1e • • •Don't trust them. Trust open-source.
Use forks, and donate to known projects that exist for (at least) a few years.
JeeBaiChow
in reply to ell1e • • •yeehaw
in reply to JeeBaiChow • • •JeeBaiChow
in reply to yeehaw • • •yeehaw
in reply to JeeBaiChow • • •JeeBaiChow
in reply to yeehaw • • •UltraGiGaGigantic
in reply to ell1e • • •douglasg14b
in reply to UltraGiGaGigantic • • •That'll eventually die the same way Firefox does because forks only survive by way of subsidized capabilities off of the work of the Firefox engineering team.
There is no winning here.
eldavi
in reply to douglasg14b • • •ell1e
in reply to douglasg14b • • •hobata
in reply to UltraGiGaGigantic • • •pogmommy
in reply to hobata • • •hobata
in reply to pogmommy • • •Lumelore (She/her)
in reply to hobata • • •hobata
in reply to Lumelore (She/her) • • •Lumelore (She/her)
in reply to hobata • • •hobata
in reply to Lumelore (She/her) • • •Lumelore (She/her)
in reply to hobata • • •hobata
in reply to Lumelore (She/her) • • •You're really sure that you get this popup?
If so, can you pin down the exact version you use and the source you get it from?
I think the last Librewolf that had
rememberSignonsworking was 134.Lumelore (She/her)
in reply to hobata • • •hobata
in reply to Lumelore (She/her) • • •versionc
in reply to ell1e • • •fallaciousBasis
in reply to ell1e • • •ell1e
in reply to fallaciousBasis • • •muusemuuse
in reply to ell1e • • •ell1e
in reply to muusemuuse • • •utopiah
in reply to ell1e • • •FWIW I don't recommend starting a post about selling data where the very first link points to a Google product.
Consider next time not linking to YouTube but instead the blog post that linked to it and ideally an alternative more privacy conscious frontend, e.g. invidious.
ell1e
in reply to utopiah • • •