> The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
THANK YOU California for this definition of selling data, which is accurate, and representative of what people think of when discussions of selling data come up.
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners
Ok, so that’s pretty straightforward. According to CA and other states Mozilla is collecting and selling your data. Which is exactly what everyone is upset about and means exactly what everyone thought it meant.
They also said "Mozilla doesn’t sell data about you (in the way that most people think about “selling data”)", and I'm struggling to fathom what they could possibly think that "most people" think selling data could mean other than "giving your data to someone else for compensation", which seems pretty much exactly what the California law says. Yes, it's embedded in some legalese, but surely Mozilla has lawyers?
I think they're trying to make the distinction between "we sell your searches and clicks attached to your personal id" and "we sell derivative aggregated information like we have a lot of users of X style to advertise to". But it's kinda hard to sift through exactly what they can and can't sell under this.
> If you sell the information how many customers you have and how many shoes you've sold last month, are you selling your customer's personal data?
To make that analogy fair for the scope of what Mozilla's doing, the shoe store would have to be selling data about what color shirts people are wearing when they visit the shoe store.
That is fair. But a more accurate analogy would be that the sales representative that goes to people house is reporting to the store what color people are wearing at home.
Firefox is installed on my computer, not on a VPS owned by Mozilla. I'm not browsing Mozilla website. Why are they entitled to record and share everything I do?
Most people don't think about this stuff and are simply uninformed. Referring to what "most people think" is a cop-out from their side.
But I think the sense Mozilla are referring to is the more obvious and over-the-top things like selling your name, phone number, email, postal address, your Amazon purchasing history, or to ramp it up more, your passwords, your credit card info etc.
Just saying that you can stretch it pretty far with vague language like "we aren't doing [bad thing] in the sense that most people would understand [bad thing]".
Most people probably envision selling data akin to shady person trading usb stick in dark alley or hackers selling huge batches of stolen data, so that statement will be true almost by default
most people I speak to about this tend to imagine selling data to be like people cold calling you with scams, getting suspicious advertisements that happen to be about stuff you just happened to be saying in the other room (which actually happened), and stuff like that. in Mozilla's case I'm pretty sure it's whatever Pocket is, considering how difficult it is in Firefox to turn that garbage off
> (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.
Most people would view a sale as Mozilla getting cash back for the data. But that "other valuable consideration" (which the AG declined to clarify or create a factor-based approach for deciding) makes Mozilla vulnerable to lawyers.
The same parasites that claimed that embedding a chatbot on your website violates the California wiretapping laws and have been extracting cash from sites will figure out a way to do the same to Mozilla. see the wave of CIPA chatbot lawsuits.
For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.
> For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.
If a search engine partner wants to use search terms to improve their search engine, they only have to look at their own logs. They don't need Mozilla to collect, aggregate, and sell them any data to accomplish that. Mozilla doesn't need to worry about selling data if they never possess that data in the first place.
Your complaint about "other valuable consideration" is just a complaint that the law isn't crippled by stupid loopholes.
This is a funny case where Mozilla thought they are clarifying their position by pointing out how ridiculously CA defines "sales" only for it to blow up in their face. This is not the first time it happens to companies where in an act of desperation they issue some "apology" or explanation only to make the whole thing worse.
> Firefox also shows its own search suggestions based on information stored on your local device (including recent search terms, open tabs, and previously visited URLs). These suggestions may include sponsored suggestions from Mozilla’s partners [...] or relevant URLs that are popular in your country.
> Mozilla processes [...] how many searches you perform, how many sponsored suggestions you see and whether you interact with them.
> Mozilla collects technical and interaction data, such as the position, size, views and clicks on New Tab content or ads, to understand how people are interacting with our content [...] This data may be shared with our advertising partners on a de-identified or aggregated basis.
> we share data across Mozilla-controlled affiliates and subsidiaries. We [...] disclose personal data as part of a corporate transaction, such as a merger, acquisition, sale of assets or similar transaction
> [...] retain personal data for more than 25 months, but actual retention periods may vary depending on the type of data and the purpose(s) for which it was collected
[Definitions]
> Technical data : Device type, operating system, IP address, ISP
> Precise Location: Your precise location (within a few feet or meters).
> Interaction data : How many tabs you have open or what you’ve clicked on. Click counts, impression data, attribution data, how many searches performed, time on page, ad and sponsored tile clicks.
> Browsing data: [...] websites and URLs you’ve visited. [...] (travel, shopping, social media), top level domains (example.com) or specific web pages visited.
Based on the parent, all the collected data preserves privacy:
> Firefox also shows its own search suggestions based on information stored on your local device
That data stays on your computer ...
> Mozilla processes [...] how many searches you perform, how many sponsored suggestions you see and whether you interact with them.
That description contains no user content: number of searches, number of ads, whether you interact says nothing about you - it doesn't say what you click on or see, just that you clicked.
> position, size, views and clicks on New Tab content or ads
Again, there is no content mentioned, just number of clicks and not what you click on.
> [Definitions]
This section defines terms; it doesn't say they are doing anything.
I wish this was more obvious that they don't identify what the 'clicked' New Tab content is. And for Search it could be stored local information and be tracked for suggestions. I wish they clarified the things you clarified instead of failing to mention them.
On your device: "Interests: Candles, Wooden Sculptures, Underwater Basket Weaving"
Advertiser: "Show this to users who like Candles."
Mozilla: "OK"
That's pretty standard and can be used to track people on the advertiser's side still, depending on how the ad itself is served and how clicks on the ad are processed.
When you keep the ip address, that often gives people everything that they need, along with "fingerprinting" data. Especially governments and huge corps like facebook/google/amazon, as they have you IP @ {date}/{time} as well. Match it up and you have the golden calf.
I feel like there _is_ some daylight between what people hear when someone says "Firefox is selling your data" and, for example, Firefox using your IP address to put you in a rough country-level geoblock to determine whether to show you an ad that was sold to all users in a country.
Yet the second one, which I think would be very much considered close to harmless from my perspective (compared to an alternative of "an ad is shown to everyone across the world"), would, I think, still fit into this metric of your data being sold.
Though maybe I'm misinterpreting what the CCPA's breadth would be.
I have been a bit disillusioned by FF for some time, and would like for them to figure out some version of a business model in order to survive, and so we can know the contours of that business model. Trying to play "we do not do business things at all" with them constantly shipping weird ad-ful features and stuff like Pocket... let's see if we can make this honest!
I chose firefox because I don’t want my browser to build an ad network to sell targeted ads.
And I definitely don't want this:
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content. [0]
There are only two ways to generate revenue: direct and indirect. Nobody will pay for a browser.
I don’t use Firefox and this whole thing is distasteful, but I’m not sure how they’re supposed to cover operating expenses without indirect monetization, or what for of indirect other than ads would work.
Well yeah and I do pay for Kagi but would still say “nobody will pay for a search engine” using “nobody” in the “not enough people to scale a mass market business” sense.
> There are only two ways to generate revenue: direct and indirect. Nobody will pay for a browser.
There's a third way: screw revenue, dump all staff not related to browser development and documentation (MDN) and look for government grants to fund that.
Especially the EU may be a target for a well-written proposal, given the political atmosphere it would make sense to have at least one browser engine that is not fundamentally tied to the US and its plethora of bullshit like NSLs.
It’s a weird term, but I’m not sure how “for the purpose of doing as you request” is terrible. To me that means that when you type a url, they have the right to do a DNS lookup for it.
Is there some interpretation where “for the purpose of doing as you request” means any purpose they want?
The problem is that I'm not requesting Mozilla do anything. Firefox isn't a "service" it's a web browser. When I input a seach query, _I_ am acting on my behalf, not Mozilla.
I don't want any language where they get to insert themselves into that chain of behavior. Curl doesn't need a TOS, why does Firefox?
Very much this. The browser already have all the features to do what I want it to do. Why does Mozilla insists of being a middleman? It's my computer, Firefox code, and someone's server.
> They have been doing for at least a decade by now (e.g Amazon). So why imply it suddenly isn’t acceptable to show ads (in any form)?
Because it isn't acceptable.
The first thing I've done (for years now) when configuring Firefox is to turn off many of the defaults. Advertisements, pocket, search engine, online spell checker, translator, blah blah blah.
I mean they integrated pocket right? They sold the default search engine position for billions. That’s something! Not all money making efforts are created equal, though. We judge based on what the effort is in context!
They are only three viable web-engines left over from the second browser-war:
* Blink (Google): Used in everything, from Chrome, Edge, Opera, Qt-Toolkit, Electron.
* Gecko (Mozilla): Firefox. And Waterfox? I assume Gecko is still hard to integrate.
* WebKit and WebKitGtk (Apple and Gtk): Safari, Epiphany and Gtk-Toolkit. Easy to integrate. And the only engine where I’m aware that actually two side actively cooperate in development.
Epiphany is small and nice, but they need a lot more developers. And I think they should use ffmpeg, gstreamer seems to be a source of issues for many years. But again, they need us, every helper capable of C++ is welcome.
Ladybird an another new engine, implemented in C++. But it is in alpha-state, only for developers.
Everyone else who tries to show us a new browser means “use that Google thing with another name on it”.
I'm still hoping for something to come out of Servo.
I honestly think we need to shift our trusted computing base off of C/C++. There's no way a ragtag bunch of volunteers puts enough effort into security when every minor mistake is a disaster :-(
Well do it, i had Firefox on all my machines for about 15 years, change to librewolf took like 20 minutes on all machines...and it even feels more responsive, and i dont have have to install uBlock manually and other settings by hand, like disable those experiments mozilla can install:
> If they can't stop abusing their users, I will look for another browser, goddamnit.
This seems to go beyond "can't stop" to "are actively plotting a course to continue." I've seen a lot of missteps from Mozilla over the years, but I never thought I'd see them selling my data. From seeing the news yesterday to today, I know now I have to stop recommending Firefox, and figure out a browser that I can trust.
And if everyone switches to Librewolf, Librewolf will die because Mozilla will no longer make money and won't be able to devote resources towards maintaining upstream Firefox.
I use Firefox. I hate ads. I don't love that Mozilla engages in some level of affiliate deals to pay the bills, but it's the only viable alternative to Google controlling the entire web and doing much worse tracking/advertising at this point, unless Mozilla can figure out some other revenue stream.
Chromium-based "privacy-focused" browsers can only exist as long as they're not popular enough to move the needle on Google's ad business. Firefox derivatives can only exist as long as Mozilla can pay the bills, which they almost certainly can't do if nobody uses Firefox (no reason for Google to pay for search priority for an audience of zero, and no affiliate deals for an audience of zero).
The more people use Firefox forks, the sooner Google controls everything. You might personally benefit in the short term, with "complete" privacy, so I can understand why some might choose that option, but you need to accept that you're contributing to Google's dominance by doing so.
Mozilla could have added years ago a donation or subscription to fund the development of Firefox, but they don't want that. Mozilla wants all the money for its charitable activities instead.
There will be a time when they have no money anymore, but it's only their fault.
I think it's not that they don't want it as it's difficult to mix money from commercial activities with donations. That's why they keep the two cash flows separate and are only using Google money for Firefox development, and spend donations exclusively on political bullshit very few people care about.
Although their $7 mil CEO could have found a way to handle this while not running afoul of the IRS, but she decided to play with a bunch of dead-end commercial endeavors instead. So that's on them.
You're saying "will" but what are you waiting for? How many data points do you need to leave FF now they're admitting to collect data and willing to display their own targetted ads, that they make deals with Facebook in addition to making deals with Google, that they're green-washing and pushing Google's efforts to take over the web as a targetted ad medium which has resulted in abandonment of almost all browser development and their own browser share drop to low single-digit figures, with funds directed towards nebulous virtual signalling campaigns but mostly to their management and certainly not towards development or the better of the web?
Would it have been better if Firefox/Mozilla went under as a result of never compromising on their principles for income 5 years ago, as opposed to continuing to exist in this less than optimal form today? If the business incompetence of where to put all the existing money were resolved.
I feel like the people who understand Mozilla's true principles have long since moved on by this point, and the crowd of those unaware still use Firefox as a daily driver, for better or worse. That crowd might have just moved to Chrome without Firefox as an option anymore.
Although, as I understand it Firefox and Chrome will be closer to each other in terms of 3rd-party data selling from now on with this ToS change.
Mozilla had $1,006,854,000 invested at end of 2023. Drawing 5% of that annually for developer salaries would pay a lot of Firefox developer salaries, even with no incoming cash whatsoever. I'd like to believe a world exists between "Firefox is a volunteer-only effort" and "Mozilla CEO is yet another sociopath robber baron".
Getting $400M a year is not "commercially viable". But thanks for clearing this up that you want to sell my data. Switched to Waterfox (for now, hope for an independent fork) after 30+ years of Firefox.
> According to CA and other states Mozilla is collecting and selling your data.
The definition requires Mozilla to do it "in exchange for “monetary” or “other valuable consideration.”". What consideration is Mozilla receiving and from who?
Personally, any application that even collects personal data is problematic for me. Personal data of a user has a value, and a large repository of personal data, of millions of users, makes the company valuable too. Any data collected can be monetised, if not immediately (as part of the company's business model) or in the future (when the company is sold).
With Mozilla, for example, displaying sponsored links using Firefox Suggest ( https://blog.mozilla.org/en/products/firefox/firefox-news/fi... ) means collecting and sharing personal data (like search keywords, browsing history or bookmarks). This data sharing, with another company, could either be the raw data or the processed data. In either case, it is a problematic issue for any privacy conscious and politically aware user because either party or multiple parties will (or can) create profiles from the data. "Anonymous" data collection doesn't have any meaning here because with enough data points from a particular user, you can reasonably identify a user (either to track them digitally or to even to identify their personhood in real life, for legal or political reasons). This is easier to do so if you also combine it with data from multiple sources. (Which is what the US NSA programs with US BigTech are doing, and why these companies are so valuable today - Data is the new oil).
I'm not sure you and they agree on the meaning of collect: If you input personal data into Firefox - e.g., an email you type in a Gmail - then they 'collect' it. Unless you use Firefox only for anonymous purposes, some data must pass through Firefox.
> With Mozilla, for example, displaying sponsored links using Firefox Suggest ( https://blog.mozilla.org/en/products/firefox/firefox-news/fi... ) means collecting and sharing personal data (like search keywords, browsing history or bookmarks).
That article says it's only opt-in, so you are safe:
As always, we believe people should be in control of their web experience, so Firefox Suggest will be a customizable feature.
We’ll begin offering smarter contextual suggestions to a percentage of people in the U.S. as an opt-in experience.
> I'm not sure you and they agree on the meaning of collect: If you input personal data into Firefox - e.g., an email you type in a Gmail - then they 'collect' it.
"They" in this context is Mozilla the organization, not Firefox the process in memory. For Mozilla to collect information, information has to leave my computer and end up on Mozilla's computer.
"That article says it's only opt-in, so you are safe:"
Funny, I never opt-in to that garbage - and yet Firefox keeps trying to auto-recommend things to me. It does this even in the Firefox Quantum mobile browser.
If they would simply tell us what part of Firefox is affected by the CCPA's definition of "selling user data", there would be no room for misinterpretation and this would be over.
If it's as innocent as "Firefox has to send HTTP packets to arbitrary web servers to achieve the fundamental function of loading a page" and that web server is considered 3rd party by CCPA, then everyone would understand... this is either poor communication or they are hiding something else (which everyone should rightly assume in this day and age).
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
And remember, they’re citing CCPA’s definition as meaning “… in exchange for ‘monetary’ or ‘other valuable considerations’”. This is exactly what people mean by “selling”.
It’s not the innocent thing you’re contemplating, about a browser doing its job. It’s specifically about things like serving ads, making that browser “commercially viable”.
Mozilla is stopping claiming they’re never selling your data because they’ve been selling your data for the last few years.
Selling ads isn't even the problem. They could do that and still truthfully, legally claim they never sell your data.
Mozilla is helping perpetuate the illusion that online advertising necessarily includes collecting and selling data about the users who are shown the ads.
If they've pioneered such technologies, they aren't using them. Their Privacy Notice enumerates many types of data that Mozilla collects and passes along to "partners"/advertisers. For example:
> Mozilla collects technical and interaction data, such as the position, size, views and clicks on New Tab content or ads, to understand how people are interacting with our content and to personalize future content, including sponsored content. This data may be shared with our advertising partners on a de-identified or aggregated basis.
There's a lot of tracking data that does leave the user's computer, and Mozilla is trying to justify it by assuring us it's sufficiently anonymized and aggregated—assurances they would not need to make if the data wasn't changing hands.
It's also silly to suggest that targeting advertising without tracking users needs to be "pioneered". It's obvious that Mozilla could have the browser download this month's list of sponsored search keywords and have the browser check search strings against that list, without going off-device. There's no innovation required to implement that. All the attempted innovation is focused on how to exfiltrate data in a form that they can get away with selling.
It's meaningless data to you: It doesn't say what you click on, just where and how big the ads are, and how many times you click. It doesn't identify you or reveal anything about you, except that you clicked on some unknown ads.
> It's also silly to suggest that targeting advertising without tracking users needs to be "pioneered". It's obvious that Mozilla could have the browser download this month's list of sponsored search keywords and have the browser check search strings against that list, without going off-device.
These are the words of someone who hasn't done it. Look at the article; what advertisers want and what the privacy-destroying competition does is much more sophisticated than what you describe. For example,
Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling. (A trusted execution environment is the secure area of a main processor where code can be run safely and in isolation.)
To be fair, the major ad platforms have long offered attribution and measurement solutions, Mudd said. “But they required the data to come into their system,” he added. “In this world, that doesn’t have to happen.”
> It's meaningless data to you: It doesn't say what you click on, just where and how big the ads are, and how many times you click. It doesn't identify you or reveal anything about you, except that you clicked on some unknown ads.
I'm not sure what you mean by "meaningless data to you". Obviously, the data Mozilla is collecting, aggregating, and selling is meaningful to the buyers. And you're straight up lying about the extent of the data, directly contradicting Mozilla's Privacy Notice.
> Look at the article; what advertisers want and what the privacy-destroying competition does is much more sophisticated than what you describe.
Obviously? What I was describing was how it's possible to target an advertisement without doing any user tracking. What the advertisers want to do and are doing is tracking users as much as they can get away with. And that includes the ad tracking company Mozilla bought.
Is that "obviously" true? Like if they had ad targetting and also let buyers of ads see aggregate results of impressions or something, that might already fall into user data being sold, right?
At what point does user data stop being user data? I don't think aggregation is enough in some of these discussions, but maybe I'm wrong.
CCPA/CPRA has no private right of action for this kind of thing. Only the CA AG can bring forth claims, and penalties would be paid to the state, not individuals, in that case.
Yeah, "Calm down everyone, the only issue here is that certain jurisdictions have sensible definitions that mean we can't legally claim we're not selling data because we are" is arguably clarifying but it's not particularly comforting.
Seems safest to assume that if it can be tracked, it will be. And traded too.
If they intended to clarify wording, they would have added something in place of their original wording instead of deleting it entirely. Legal team isn't slipping like that.
I actually laughed out loud at this. “We can’t say we don’t sell your data because some places have definitions of “sell” that are legally difficult to interpret, for example”:
<completely unambiguous definition of selling follows>
That was in California. Presumably, it's worded somewhat differently, and with different intent, elsewhere.
50 states, plus Federal laws, and all the other countries of the world and internal jurisdictions is how many possible variations? And before you say "Yeah, but they all mean mostly the same thing", remember it's lawyers we're dealing with, who will happily charge large sums of money arguing over misplaced punctuation and legislators who will happily take bribes from those same lawyers.
California was the example they chose to provide. From this, we can reasonably infer that Mozilla does not have a better example handy to illustrate what's wrong with legal definitions around selling user's data. If their best example is completely unconvincing, we should remain unconvinced.
Most people here are assuming that they mentioned that one specifically because it was one of those that Mozilla feels is too broad or difficult. It could be simply read as a random example, but I think that's quite a generous interpretation.
Usually, when I point out that Google sells your data and there’s no possible way to actually opt out, someone replies to say that’s not true, then defines “sell” in some way that most people would disagree with.
I came here to quote the same sentence and ... yeah, they shouldn't be doing any of this stuff. It's an open source web browser. I type a URL into the URL bar, you send the domain name to my DNS server, then send the rest of the URL to whatever that resolves to, and then you render the content. At no point in this exchange is any oral communication or "valuable consideration" required.
Like sorry, if your selling point is "privacy" then you can't show ads on the new tab page. Debian was onto something when they called this software "IceWeasel".
By that definition, wouldn’t sharing total monthly users for the basic purpose of landing some kind of deal (could be as simple as a partnership), constitute “selling data”? Stats like X million monthly users doesn’t appear to conflict with the spirit of the claim, but does conflict with that legal wording.
What part of "we have x million monthly users" is "a consumer’s personal information"? That's information about how many consumers you have, but it's not personal
But, "we have x million monthly users _in Arizona_" would be using your personal data, from a legal standpoint. And if they provide that aggregate data in exchange for money, they are selling your personal data (but not in the way many people think of it, like in a Google/FB sense of building an individualized profile and selling ads against that).
Mozilla might be doing very sketchy things with your data, but it's also very plausible that they are doing a reasonable job at anonymization of data but in a way that is still technically classified as selling personal data (in aggregate form).
> Exemptions:
> (6) Collect, use, retain, sell, share, or disclose consumers’ personal information that is deidentified or aggregate consumer information.
I understand that people who have a vested interest in eroding any possibility of online privacy and data protection would want us to believe these laws are vague and overreaching - but that doesn’t mean they actually are vague and overreaching.
I hate to point out the obvious, but when you collect and share with your partners, it’s obviously a polyamorous relationship. I’m appalled at this intrusion of California on the love life of companies.
Even if they did, I doubt it qualifies if the consumer intended to post it publicly. There's a difference between selling a book that I published versus selling access to a private draft of a book that I keep in cloud storage and never agreed to let you sell.
Wait, what? What part of this definition would include selling a default setting?
> selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information
Mozilla doesn't need my personal information at all to set a default search engine.
It may be relevant that Mozilla recently acquired a Meta-created ad tracking company and is now awash with Meta ad execs. [0]
It may also be relevant that Meta is recently upsetting people in Europe for tracking and targeting people in spite of Europe's data protection rules [1].
My guess (and this is just speculation at this point) is that Meta and Mozilla think they're being clever and getting away with some "private" ad tracking and are underestimating how much damage they're doing to Mozilla's reputation.
I doubt the Anonym tech has been built into Firefox yet, but it's clear that the corporate strategic direction is to bet on some concept of "acceptable ads" like Google did in the 90s.
Mozilla mentioned their viability in this statement, but one has to wonder how much more viable they’d be had they not wasted tens of millions of dollars on acquisitions such as this, Pocket, and of course their former CEO’s salary. I would happily donate to a company that focussed on just making Firefox and Thunderbird, but the reason why I don’t and probably will not donate to Mozilla ever again is that I have no idea what hare-brained acquisition they’ll do next.
Their mission and plan for the future is so incomprehensible that it’s probably just easier to assume actual malice.
> but the reason why I don’t and probably will not donate to Mozilla ever again is that I have no idea what hare-brained acquisition they’ll do next.
You can't donate to Mozilla Corporation at all, which is the entity maintaining Firefox and running these acquisitions. You can only donate to the Mozilla Foundation, which funds other campaigns.
> You can't donate to Mozilla Corporation at all, which is the entity maintaining Firefox and running these acquisitions. You can only donate to the Mozilla Foundation, which funds other campaigns.
The Mozilla Foundation is the parent of the Mozilla Corporation.
My guess is that they're aiming to pivot to become a Brave competitor, and either find a new (profitable) niche in the market, or just ride the business down to collapse.
Don't forget that private, hard-to-access data is now doubly valuable as AI training data.
> It may be relevant that Mozilla recently acquired a Meta-created ad tracking company and is now awash with Meta ad execs. [0]
That greatly misrepresents what the article says; really Mozilla acquired a company with a mission to get user data out of the advertising industry, which happened to be founded by former Meta employees:
Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla. ...
Mozilla had initially been talking to Anonym, which uses privacy-enhancing technologies to build measurement and targeting solutions, about a potential partnership.
“But that quickly turned into, ‘Wow, our missions are basically the same,’” Chambers said. “We realized that together we could move a lot faster.”
That shared mission is predicated on the notion that advertising and privacy are not – or at least don’t have to be – mutually exclusive.
“We both believe that privacy-preserving technologies are a critical part of the solution to the privacy problem in digital advertising,” Chambers said. ...
Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling. (A trusted execution environment is the secure area of a main processor where code can be run safely and in isolation.)
To be fair, the major ad platforms have long offered attribution and measurement solutions, Mudd said. “But they required the data to come into their system,” he added. “In this world, that doesn’t have to happen.”
> Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling.
Wow, "secure", "encrypted", and "trusted" all in one sentence. They're trying to make it sound as reassuring as possible, but they're still doing tracking.
They're not, in fact. That's the whole point of their business. Where does it say they are tracking anyone - which means recording personal information?
"impression and conversion data", "attribution, causal lift measurement and lookalike modeling". These are all terms of art in the field of tracking user behavior: collecting information, and using it to infer what you can't collect directly.
That data only exists in encrypted form and in a trusted execution environment, based on the evidence. I mean, everything you do on the computer is also in RAM - is that tracking too?
There is no evidence of risk. A general freakout is not evidence of anything besides maybe some bad acid.
> That data only exists in encrypted form and in a trusted execution environment, based on the evidence.
First of all, please don't try to pretend that claims that the data remains encrypted and secure and only in trusted environments are claims that should carry any weight. The data cannot only exist in encrypted form. The entire goal of these systems is to mangle and aggregate the data "enough", then share that result as plaintext with the highest bidder.
> I mean, everything you do on the computer is also in RAM - is that tracking too?
No, not everything I do on my computer is tracking. Most software doesn't keep a long-term record of detailed interaction data. I don't expect my window manager to log how much time each app spends in the foreground. But even for the stuff that is logged, you should be able to understand that the real concern comes from when that information is exfiltrated from my computer, processed by a third-party, and sold.
How exactly would you suggest one looks for "evidence of risk" in this scenario? We already don't have any clear visibility into what companies do with our days (which is kind of the whole reason everyone is upset about the changes to the privacy policy that everyone is discussing here in the first place), so if a new company comes in and also starts doing _something_ with data that we also have no visibility into, we should just assume that they aren't doing anything sketchy because they didn't happen to say anything incriminating? What would you expect a company that _is_ doing something sketchy to say in this scenario? You don't think that's a company might just lie about something that they know no one can disprove?
Your "no evidence of risk" is my "no evidence of a lack of risk", and at the end of the day, I don't see any reason to blindly trust any company on their claims of being benevolent, let anyone one operating in such a historically sketchy one like adtech.
> I mean, everything you do on the computer is also in RAM - is that tracking too?
Uh... what do you mean? It's not like every programs has free access to the RAM and can just whatever that's in it, there are boundaries. Just because something exists in RAM doesn't mean it can be read, collected and analysed by someone else.
Also, data existing in "encrypted form" and being executed in a "trusted execution environment" mean nothing either. People whose goal is to collect the data can still decrypt it and read it, and a "trusted execution environment" basically means nothing if they whatever they get by analysing that data in that "trusted execution environment" is going to be disseminated to third parties who may or may not have the capability to use that data to identify you.
It's not nice to accuse people of freaking out over "maybe some bad acid". Even if it's "freaking out", in this case it's actually safer to "freak out" and avoid it than taking your ill-reasoned advice.
> Whenever we share data with our partners, we put a lot of work into making sure that the data that we share is stripped of potentially identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).
But if the data was fully stripped of potentially identifying information, then it should not count as "personal information" under the California Consumer Privacy Act, therefore it should not trigger the "sale of personal information" requirement, regardless of how it's transmitted or what kind of compensation is involved.
The CCPA defines "personal information" as follows:
> “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
(It also includes a list of examples [1], but the examples are conditional on the same "linked, directly or indirectly, with a particular consumer or household" requirement.)
So, which is it? Is the data deidentified or is it not?
Is Mozilla just trying to reduce risk in case someone argues their deidentification isn't good enough? If so, I'd call that a cowardly move.
Legal is there to advise you. Sometimes what legal tells you is not in the best interests of your company. A good legal team will work with you to identify when maximal risk-averseness is not the right strategy.
Yes, so you claim you can do whatever you want with everything you can get your hands on and then social media blows up because it's batshit insane, but don't worry because you're _legally in the clear_.
You're acting like they didn't have the 2nd option of just not selling the data so the current wording is accurate...
How about don't send ANYONE's personal information, anonymized or not, to anyone including themselves? I think that's what people want. But that will never happen because you can't make money from it.
This is about Mozilla's Terms of Use for Firefox, not Firefox Sync and Mozilla VPN. Those services need their own Terms of Use that doesn't apply to using Firefox without using those add-on services.
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
You don't need a license for data you never see. When I use Firefox to type a comment on HN, that comment goes from me to HN. It doesn't go to Mozilla. Mozilla does not need a license. (And no, Firefox doesn't need a license either, because licenses are granted to people and organizations, not software.)
The only possible reason for Mozilla to need a license to the data I type into Firefox is if Mozilla intends to have Firefox send that data to them.
Right. Some people want Sync, Pocket, oneline translation, etc. Others like me just want a browser. There should be a simple option to choose between a browser and some multifunction beast that some people and even more managers at Mozilla are dreaming of.
Those things are Mozilla services. If they spoke of operating Mozilla services and data you input into Mozilla services, it'd be fine and expected. But instead they speak of operating Firefox and data input into Firefox, which is much more broad, and just happens to give them coverage for all kinds of data collection and abuse.
The fact they've issued this update and not clarified the scope as Mozilla services is disturbing.
Thanks for the terminology clarification. So ideally the services would be used by an extension that users are offered to download. Next best would be a simple choice do you want any services or not. If yes, all of them or customize.
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.
They're still broadly referring to "Firefox" with alarming language.
> They say it's only for "doing as you request with the content you input in Firefox" - how is that alarming?
Nothing that I intend to do with Firefox requires any such statement. The mere existence of the statement is evidence that Mozilla's intentions are drastically out of line with what a web browser should be doing.
> Nothing that I intend to do with Firefox requires any such statement.
So what? Millions of people use Firefox. Lots of things in Firefox and their ToS don't apply to me, of course. None of my personal info will be collected at all, based on what I've read.
While I agree with folks that this is a step backwards in privacy, I think it’s a good exercise to zoom out and understand Firefox’s position.
The browser market is highly competitive, and Mozilla’s competitors have orders of magnitude more resources at their disposal. As we all know Firefox’s market share has been dropping over the past years and unfortunately the revenue supporting all of Mozilla comes predominantly from their Google deal (which itself has been risked by the ongoing case against Google)
Unfortunately as well - unfortunate for Mozilla, but fortunate for its mission and users :) - the Mozilla corporation is wholly owned by the foundation, so there is no easy way to raise funds (donations amount to so little compared to its Google revenue). Given no access to traditional fundraising, Mozilla has limited options on sustaining its business.
All this is to say, Mozilla seems to be trying to diversify its revenue hard, and its previous on-brand attempts (Firefox OS, VPN, etc) haven’t yielded the return they expected from them, so I’m not surprised Mozilla is trying to make money off of ads and selling data. I disable data collection, though if it came to it, I trust Mozilla a tad bit more than its competitors to protect my data - initiatives like ohttp give me a sign that at least they’re trying
Mozilla were pulling in ~$500M/year on those search deals. So on year one, spend $15M on a team of 20+ highly competent full time developers for Firefox, put $450M into a trust to fund future development, and find something to waste $35M on. Then for the next 15 years, find something to waste $500M on.
The amount of money they've squandered is mind-boggling. If their goal had been to develop Firefox/Thunderbird/Mozilla Suite, and they had focused on how to sustainably do that, they never would've needed to diversify income sources.
Yes, this is how I see it, too. They’ve been operating as if their money hose from Google was (a) infinite and (b) cost-free. Turns out neither is the case, and now they’re dependent on it Google owns them.
They could have funded Firefox development for the next 100 years but they’ve pissed it away, and now they’re selling us out. It’s gross.
It implies maintaining the browser would better fund the mission in the long run than selling user data to adtech now as the user count continues to decline.
Google pays Apple 18 billion dollars per year to be the default search engine on Safari. If Firefox had managed to stay just as popular imagine how much more money they'd have been making on search deals these last 5 years and how much of that could have went to whatever mission they wanted. Instead they've got a whole lot of noise adding up to about nothing for income + a much smaller search deal than they should have. That's why "having a social mission" isn't inherently the issue, it's all about the management around balancing how the investment for the social mission is done.
I think GPs numbers are off by an order of magnitude or so though. I remember reading something like Mozilla spending 200 million/year on software development (not all Firefox) so it might take 300+ million/year just on Firefox to really have a big impact from status quo. Someone with the real numbers is invited to correct me on that. Browsers have huge teams of people, even Ladybird is using large components like Skia developed by other browser teams.
Firefox can't compete with iOS or Android for what should be obvious reasons - it is structurally impossible. Also, the competing browsers are way better today than in Firefox's heyday. There is very little reason to use Firefox today outside of ideological.
They've not developed the suite for... between 15 and 20 years I believe; and Thunderbird for over 10 years. For the past several years, Thunderbird is back under the MZLA Technologies Corporation, but - it is funded by donations (and doing rather well in that respect it seems).
So - Firefox is the "only" thing they need to develop.
Their weird org structure is their own fault. Millions of dollars squandered on things most people simply do not care about, while neglecting Firefox for a decade.
When Firefox/Firebird/Phoenix first came out, the org structure wasn't that weird yet. The hybrid structure came a few years later, and even then it was fine for a while, but somehow mission creep set in and they became this ginormous org that did nothing useful, but padded exec salaries at the expense of their only service that people actually cared about, the Firefox browser. They kept adding more and more ads and intrusive partnership and lost marketshare year after year until it became completely irrelevant.
Meanwhile, the Mozilla org tried to become some sort of EFF-wannabe, but heavy on the virtue signaling and low on producing anything of actual value.
At this point, I think Firefox would be better off spun off and managed by another FOSS entity altogether, not whatever the husk of Mozilla is today.
I too wish they would have spent money only on the improving the browser, obvious things like sync, and probably web standards, that's all they really need to do. They don't need to be doing stuff like "social equality" or web DEI or any of that. They don't need to be dabbling in a dozen side businesses.
"donations amount to so little" is very misleading stated like that because Mozilla just doesn't give us any way to donate to Firefox development or even just their FOSS efforts in general. Mozilla is one of the very few companies I've donated to even when I had little in the way of discretionary income, and is one of the first options people think of when they think of FOSS software they want to donate to. But then I learnt that any donations like this are highly unlikely to be spent on the software we're donating it for, and at that point I might as well donate to a random local charity instead.
I'm not gonna claim that donations would have rivaled the Google revenue otherwise, but they will certainly be many many times higher than what they are. Lots of people are willing to and even want to set up a regular donation to Firefox as the lone non-Chrome bulwark in the FOSS space. There would have been grassroots efforts to get more people to donate on the regular, hell I would have put in serious work on such efforts if we actually had a way to donate to keep Firefox alive and healthy.
It doesn’t help that they make it hard to donate to a specific product’s development. I’d donate to Firefox. I wouldn’t give a penny to anything of their other distractions.
(And others would support exactly the opposite, I’m sure. But no one gets to sponsor what they personally care about.)
(Would others? I don't think I have ever seen anyone defend that part of the equation. With Wikipedia's similar insanity--begging for donations to keep their servers on when they don't spend the money on that--I have at least seen some people who like what they do spend their money on as important to them, but I don't think I have ever seen anyone actively want to donate money to Firefox's random side projects instead of Firefox.)
I believe saurik is talking about Mozilla's spending on "advocacy" and other non-product causes, not actual products like Thunderbird. While there are a few actual products other than Firefox (like Thunderbird), most of the "distractions" kstrauser speaks of are of a much less tangible nature that basically amount to "whatever catches Mozilla management's fancy that month".
Reasonable people want people running the product they love to succeed, too. But when the equation involves obscene executive salaries, back tracking on _promises_, terrible decision that lost money, and overall just too much money to justify what's being done. The end result is what you see now: a lot of upset people and there is nothing _unfortunate_ for Mozilla.
I have a lot of trouble seeing what you are trying to defend here -- I really tried but couldn't. I find it pretty hypocritical to say that you disabled data collection while you trust them over your competitors to protect your data -- so you are saying that you trust them but you won't adjust your bottom line to help them succeed anyway?
I really mean well: sometimes you just shouldn't try to appear to be reasonable to a situation that isn't, it actually makes things worse for everyone. I used to do that and have learned some hard lessons.
And that's exactly the problem: treating it like a market. I don't want browsers to be a competitive market, in the same way that I don't want libraries, primary schools, firefighters or healthcare to be a competitive market.
In modern society, they're essential needs, which need to stop catering to the capitalist overlords and need to focus on the needs of the many.
But that ignores the reality. Chrome is implementing new (often privacy harmful) features and because the Chrome market share is high enough websites depend on them. Then the average user has to pick Chrome because "Firefox is broken".
The network effects between website and viewers make the market real and failing to gain a significant market share results in you effectively being cut out and failing to serve the needs of most of your users (unless you can match Chrome's insane pace of development bug-for-bug).
Firefox isn't broken, I literally use it all day long as my browser for work and home usage. Rare occasions I pull out brave, maybe once a month, for something that has an issue, and usually that's not it, it's an extension or something.
I also use it almost exclusively, but sites that don't support it (or more often that just don't test against it and have various broken features) are becoming more common. As the market share shrinks this will become more and more common.
I wonder how much success would have some subscription option (at least for small amount) like maybe $5 per year?
would that be more than my data are worth?
I really like Firefox and u would like it to improve over time and as this is one of my main tools for my work I could consider to spend a little on it
> It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
I really struggle to understand what legal team believes this language is necessary in downloaded software. There is a lot of precedent for this kind of language in online hosted services, but not downloaded software.
> This does not give Mozilla any ownership in that content.
Yes, it’s a license. Nothing changes. There is no ambiguity about ownership in a perpetual nonexclusive worldwide license, but this doesn’t explain why this license is suddenly necessary now and wasn’t before.
Clearly the legal team at Mozilla is struggling with multiple issues in this update. Why are these changes being made now, and what is driving them?
Others have discussed the data sale issue, but I don’t see a reasonable explanation for the license issue, and the changing text doesn’t inspire confidence.
> I really struggle to understand what legal team believes this language is necessary in downloaded software.
Exactly. Even if nothing is changing at Mozilla, their legal team has invented a new interpretation of copyright law. That’s a huge deal from a legal perspective—Apple, Google, Microsoft, etc need to be rushing to add corresponding terms to their applications.
Mozilla PR is dropping the ball completely by trying to sweep this under the rug as ‘standard legal boilerplate’ because it’s not a clause in any other application I’ve ever seen.
Since I use FireFox at work, I don’t even have permission to give Mozilla a license to the content I create on the clock, so I will be switching browsers.
Not for nothing, it is standard legal boilerplate. I just checked two randomly selected terms of service--one for ReadAI, the other for Google--and they both include a very similar clause with those exact parameters.
That said, I'm not suggesting Mozilla isn't also being wildly hypocritical in their behavior, and hamfisted in their PR.
Both of your examples are cloud services, not software run locally on users' own hardware. If they intend the license to be limited to cloud services like Firefox Sync, then they should say so.
They have for example recently added AI chat sidebar via Firefox Labs. So in effect, the browser itself is collecting and sending information to third parties. And I imagine Mozilla is or will get some money for these integrations. I would guess this is how they will try to diversify their income away from Google Search integration.
Of course the question then shifts to, do we need AI in the browser sidebar?
> This does not give Mozilla any ownership in that content.
I actually disagree, fundamentally.
This is digital content, so "ownership" isn't the same as for physical stuff.
Lets look at analogies: "piracy isn't theft" (because the original owner still keeps their copy!). Also, surely if Mozilla can sell your data, they must have owned it first! But you also keep your data!
So clearly, to "own" digital stuff is different from "owning" physical stuff.
Then, how do we define "own" for digital stuff? I'd say a sufficient definition would be, "possess and can do whatever".
So when Mozilla says "nonexclusive, royalty-free, worldwide license [...] necessary to operate Firefox", and then in subsequent paragraphs argue that selling ads is necessary to operate Firefox... Yes, we can add two and two together.
Now, apologists will claim that the literal statement in new terms is "nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox", but obviously, the DO NOT NEED A LICENSE for doing as you request in Firefox (i.e. sending POST requests directly to third parties), so clearly there's some shady business involved.
Tbf, any softwares that send your input to an external (like browsers...) should disclose like this too. The thing that sends those data is your software, not you. Otherwise, after you click on the button "Purchase" with your credit card information, the only way to not grant your software the rights to send that information is you driving to the stores and give them your credit card by yourself.
The problem here is that Mozilla has used language that is what you'd expect if the browser is sending data to Mozilla; there's no need for such language if the browser is acting purely as a user agent and sending data to the address you put in the URL bar.
Yeah, legal words are frustrating like that. When the law comes to their house, using "acting purely as a user agent and sending data" will just help them on reddit but not on court. And no, you don't always send the data to the "address in URL bar", there can be services that are in iframes or with other add-on services like their Pocket, VPN, AI chats (ChatGPT...), similar to any client softwares sending data to other services that are not their own.
That's why they use these words, which actually can include more activities inside browser
> for the purpose of doing as you request with the content you input in Firefox.
There's a reason I won't interpret serious things by myself if I face legal entities without a proper lawyer.
I feel like you're deliberately ignoring the crux of the issue: a web browser's job does not require anything remotely resembling a copyright license from the user to the browser vendor.
Yes, Mozilla has been developing and acquiring a host of other services, many of which do involve Mozilla taking possession of user data and processing it. Those services need legal policies that cover Mozilla doing stuff with your data. A web browser does not, because the vendor of the web browser does not need to know what you're doing with your copy of the browser.
Mozilla the legal entity that can be the recipient of a nonexclusive, royalty-free, worldwide license is not the same as Firefox with PID 3808 on my machine. PID 3808 does not need, and cannot need, and cannot receive a nonexclusive, royalty-free, worldwide license to anything. PID 3808 is not a legal person. This fundamental distinction between code I'm running on my machine and services provided by Mozilla is why the legal terms of use for Firefox should not be lumped in to the same document as the terms of use for Mozilla's various services.
Mozilla the legal entity does not need a nonexclusive, royalty-free, worldwide license to the comments I post to HN using my copy of Firefox, any more than Netgear the legal entity needs a license to those comments because a Netgear box is transmitting those packets.
why can't they let you opt into those services and agreements at the opt in part? There's a middle ground they are completely ignoring. The only way around it is to install a fork of firefox that doesn't have any of it.
Firefox should make it clear that Firefox (browser) will not collect, transmit, nor sell user data beyond what is technically required for interaction between the browser and other computers over networks.
Anything less and people stop using Firefox.
If other Mozilla services need broader terms, those should be separate.
I find it interesting that Mozilla actually believes that everyone of their users are idiots.
Going from "We never sell your data" to whatever those weaseling paragraphs attempt to say, is quite obvious that the users are going to be the product.
And it would be better if they'd be straight about it.
I wish they'd rather say "pay us $100 a year, and you'll get a modern browser on all platform that will stop ads and make tracking difficult".
While this is confirming that Mozilla is already outright selling data, it at least DOES provide clarity on the issues around the acceptible use policy.
That language had been so broad that it forbade most use of the browser. For example, "send unsolicited communications" so no filing a bug report. "Deceive, mislead" so no playing Among Us. "Sell, purchase, or advertise illegal or controlled products or services" so no online refils of your antimigraine medication lasmiditan or your epilepsy medication (pregabalin) which are schedule V. "Collect or harvest personally identifiable information without permission. This includes, but is not limited to, account names and email addresses" so no browsing any forum where a username is displayed to you. And of course "access to content that includes graphic depictions of sexuality or violence" that rules out watching the nightly news, stream PG-13 and R movies, to watch classic Looney Tunes cartoons, to play Fortnight, and on and on.
At this point, I believe, it's important to accelerate development of Servo[1], which not only provides better browser security because of memory safety (getting rid of the stupid mistakes like OOB access or UAF), but is also managed[2] by Linux Foundation Europe[3], which gives more hope from the privacy standpoint.
> we’ve removed the reference to the Acceptable Use Policy because it seems to be causing more confusion than clarity.
Weak sauce. Mozilla ought to be apologising here, not blaming its community for being upset at Mozilla's efforts to impose restrictions on its binaries that are in direct conflict with the core principles of Free and Open Source software.
We were discussing this yesterday. [0] It's not 'confusion'. We saw what they were up to, and we weren't happy about it.
This is the upside of doing what I did yesterday, which is to realize Mozilla cannot recover from this, which makes such follow-on mistakes easier to bear. The shock has been absorbed. I have installed a few alternatives and will be deleting FF as soon as possible. I will also continue to advocate for privacy and user-rights preserving software - a set that does not include anything from Mozilla. The bridge is well-and-truly burned. They had a 2% marketshare based on goodwill with privacy rights geeks, and managed to destroy it overnight. There is no recovery for them.
I use Firefox Nightly on Android, and originally had location sharing on for the handful of websites where I'm fine with sharing it. But today, my phone notified me that Nightly updated what it does with location data on the play store to include using location for marketing or advertising purposes.
Changed it to ask every time instantly, and I'm not going to be giving Mozilla nearly as much trust ever again.
They just lost a monopoly case because they paid Mozilla all that money, this theory has always made little sense and sticking to it now makes even less.
In fact, one could argue that Google losing its case is what caused this. Google provided a substantial amount of revenue to Mozilla. With that now gone, new ways(TM) to get money are needed.
Yes, of course. If Mozilla decided to do what other user here suggested (`spend $15M on a team of 20+ highly competent full time developers for Firefox, put $450M into a trust to fund future development`) I doubt that the 500M/year would continue flowing.
That's nice and all, but most people are worried about the other "rights" this would grant them and their partners. (What they can vs what they say they will)
I'm just curious if it is possible that some former/current employees in Mozilla can just form an org, say they will maintain a fork of Firefox, and accept donation from the users that were pissed and maybe apply for some funding from EU NGI?
I get that people are hung up on the "licensing" clause, but for me it is not the most egregious part. They say elsewhere,
> Mozilla can suspend or end anyone’s access to Firefox at any time for any reason, including if Mozilla decides not to offer Firefox anymore.
This is a direct contradiction of Freedom 0, and is at best a meaningless clause (very bad in a ToS) and at worst a reframing of Firefox to be non-free, either by casting it as a service or something else.
How many times have we seen this ploy? First you have a nice policy, then you change it to something extreme that causes outrage, then you walk back most of the change saying you had legal or whatever baloney reasons to make the change in the first place and somehow couldn't wordsmith the language well enough the first time.
I don't buy it. I hope some day business schools begin teaching that this ploy is a very bad idea. And if this really is the corporate lawyers being greatly insensitive then force PR and others to review every change they make to any policies that could destroy the company.
In this instance, they haven’t walked anything back yet: rather, they’re trying to explain why they’ve done what they’ve done, why it isn’t as bad as it looks but is just a matter of others using the wrong definitions… and then demonstrating that it’s them that have the wrong definition after all, and it is exactly as bad as it looks. And that the Mozilla of even ten years ago wouldn’t have been in this bind.
They believed we misunderstood and they were very much wrong. We know what you're trying to achieve and we're telling you not to do it. I have already cancelled my existing Mozilla subscriptions and am actively looking towards alternatives that either respect my privacy better (seems like Waterfox or Ladybird are the candidates), or remain as bad for privacy as Mozilla but provide more functionality than Firefox (Vivaldi, Brave).
>there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar
Mozilla should commit to stop doing anything like that. Then we can have a nice clear Terms of Use that promises to not sell data. I think that would alleviate community concerns.
Each update from Mozilla about this issue has Mozilla claiming users are confused (which may be true; I don't follow the larger social media ecosystem), then doubling down on the part I'm personally concerned about.
I'm worried that Mozilla is asserting it needs a license for the information input into Firefox for Firefox to do it's job, since that's factually untrue. So either Mozilla is genuinely confused about this point, which I find unlikely, or they have some ulterior motive. I can't say with any confidence what the ulterior motive is, but I can be pretty sure there is one, and that worries me about the future of the browser landscape.
I assume not since i never agreed to such a terms and only learned about them yesterday. How on earth did we get to a point of hidden privacy policies on desktop open source software...
Submitted and helped with debugging my first bug report to Ladybird browser today. Starting to use it with as many sites as possible. I really hope it can grow to replace Firefox
People love to pile on - it's a popular modern social game.
But in this case they are damaging something especially valuable, one of the leading privacy and freedom organizations in the world, during a very dangerous time. (And also one that doesn't buy or organize an army of 'grassroots' support.)
Cui bono?
I think Mozilla has made clear that they use the data for things the user requests. If someone thinks otherwise, please quote the current language (not the language from two days ago).
They also are innovators in privacy-preserving advertising. Almost anything else on the web is much worse: it has ads and collects personal data. Not only does Mozilla not collect personal data, if they can create effective privacy-preserving advertising, they could transform privacy (again) by not only sharing this technology but demonstrating to government that the privacy violations are unnecessary for business profitability.
Yet people are throwing all that out for the energy and excitement of piling on. That's a really bad choice, as far as I can see. If that's not what's happening, why are almost all posts expressed that way? How about some reasonable, calm discussion?
Sorry, but only Mozilla is damaging Mozilla here. Anyone could have predicted that their actions these past days would be devastating to their reputation.
If you asked some random selection of technical people, "hey if Mozilla just went ahead and made a ToS which gives Mozilla a broad license to anything you enter into Firefox, then removed the text 'Mozilla won't sell your data' from their FAQ pages, how would people react?" I think 99.9% of people would've predicted that the reaction would be negative.
These things aren't as impossible to anticipate as you pretend. This backlash is 100% predictable, 100% Mozilla's fault, and 100% deserved.
The one thing I haven't seen in any of these threads is where privacy-conscious users are supposed to go now. Are there any viable alternatives to Firefox?
Actually, I just tried it for a bit, but I can't recommend this right now. It crashed several times in the hour I was using it. Very unstable, along with a host of other bugs. Seems like an early alpha/beta.
Yes. Webkit-based but closed source for now. And terribly unstable... I tried it for an hour just now and it crashed 5-6 times for me, including while I was filling out a bug report, lol.
How do you turn off getting your search history sold? You can turn off seeing the suggestions. Can you request they don't sell it though? The company they sell your search profile to could then sell that to someone else.
Where does it say your search history could be sold? They say they will use your data only to do things you request - probably you aren't requesting that.
"there are a number of places where we collect and share data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar"
These are the places they say they sell user data to be commercialy viable. Search history data is the most valuable data they could steal. Selling it for suggestions turns giving it away to companies into a feature. You can turn off 'showing' the suggestions but the feature could still be active.
Seems a bit weasle-y. How hard is it to be straightforward?
I don't mind Firefox doing what it needs to to fund itself. I do mind when it seems like they try to hide what specifically that is. Saying that some places define "sell" as more broad than what you think of is a total cop-out.
Just put up a page that describes every single thing that is taken from the browser for revenue purposes. Maybe it's reasonable, maybe it's not, but it seems like everyone is defaulting to unreasonabl, so..
And the sad outcome is probably more people will go to Chrome, which 1. is already worse wrt privacy 2. if they get monopoly will absolutely destroy the open web (already busy doing what they can already get away with).
In what countries is this FAQ (removed in their PR) not seen as a legally-binding contract with all current Firefox users? It seems like a very clear contractual obligation in the US.
{
"@type": "Question",
"name": "Does Firefox sell your personal data?", 1
"acceptedAnswer": {
"@type": "Answer",
"text": "Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. " 9+
}
},
That contract is made in exchange for your willingness to use their product and your willingness to use Mozilla is what gets them big contracts from companies like Google.
I don’t think there is a contract here in most parts of the world. But maybe there’s an argument to be made for promissory estoppel e.g. by a company who moved from IE to Firefox based on these promises and spent $x moving to Firefox and now have to spend $x moving to something else in response to new information?
In reality there’ll probably be nothing from this, though I’d love to see companies get punished for walking back statements like these.
> TL;DR Mozilla doesn’t sell data about you (in the way that most people think about “selling data”)
Three paragraphs later:
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
Sharing our data with advertisers in return for money is exactly the way most people think about "selling data".
The reports about this Terms of Use for Firefox pushed me to build from source and run LibreWolf. In the past, I have not been able to successfully build FireFox. Today was a breakthrough for me as I was able to successfully build and run LibreWolf. Things I like so far:
open ... "about:telemetry"
Blocked Page
Your organization has blocked access to this page or website.
Lots of sane defaults that actually respect privacy and security.
uBlock Origin is installed by default.
No information is sent back to Mozilla.
Not really. What does it provide that other browsers don’t? What must I give up? The open-source tax isn’t one I am willing to bear. That doesn’t mean it’s the case for everyone. But while it has value for me, it’s hot a hard limit.
I made the same decision earlier today. Migrating to Orion as we speak... It's frustrating because I've used Firefox since 2006 and have stuck by them and defended their decisions for decades. I still won't touch anything chrome-based, but Mozilla has sold out their customers and I cannot deal with that.
Time to move on. Mozilla lost latest pieces of relevancy.
Apparently, half a billion dollars per year can't get a modern browser nowadays.
At least in Mozilla case.
Some higher ups at Mozilla have realised an opportunity to train an AI on user data. Theft of user data at this unprecedented scale will be covered by the fig leaf of ToS, at least it's their plan. They really belong to prison, but the gov is knee deep in the same business, and so it's not going to do anything about it.
I've said it countless times. Mozilla is the downfall of Firefox. Get Firefox out of Mozilla and the current administration, what Firefox getting better and better.
There's a few ff forks that may work for you. So far I'm quite happy with Librewolf since I migrated this morning, there's other forks that also cover Android, but there's more privacy-related research to do there as alternatives like Waterfox have past drama.
You can delete your Mozilla account here if you want to send a strong signal that privacy matters,
I'm quite concerned about the web becoming closed at this point. Bigger websites are mostly walled gardens, there's an increasingly big amount of generated crap (even before LLMs), and on top of that Chromium is the new IE, which on it's own a bit better than before since the core is open, but still a bad cherry on top, especially since the Ad push from Google. I don't want `chrome://settings/adPrivacy` on my browser as the optimal amount of ads and tracking is zero.
"We were actually selling your data according to 'courts' so instead of making good on our promise to literally never do that we just memory-holed it. Not sure what the big deal is please continue to trust us."
"we never sell your data" but we actually do it...
For me, sharing my data even with "privacy preserving way" is not ok with the spirit I expected from something like Firefox.
Even just something like "someone open new tabs 50 times with your advertisement there" or "someone went to your website last Friday" is not ok to share about me and my activity!
So sad that corporate assholes took control of the project and try to confuse us with bullshit.
I thought the initial wording/hype was around poorly phrased lawyer speak for "you give FF permission to interact (post/get requests) with a web page as a browser. Don't sue us".
The whole some may consider it "legally selling your data" proves this is not just a Terms of Use change in good faith.
This pretty much confirms that this is what everyone thought the change was about. So we get clarity, but no actual change in course from Mozilla. Good. We now know very clearly where Mozilla and Firefox stand on privacy.
If one opted out of all the possible data collection and privacy related options, are they still able to collect your data? If yes, how does it work? Is this called client-side scanning?
Companies have been long concerned about exfiltration of data and ran MITM proxies to stop it, which ironically has been the target of propaganda about "privacy" by the browser makers.
Don't forget the push for browsers to ignore your DHCP-provided DNS server and instead get their DNS from a server outside your control over an encrypted tunnel. It's an obvious attack on stuff like PiHole, with little to no real upside for users.
If this is in reference to DoH then I found an upside. Generally, DoH servers allow HTTP/1.1 pipelining by default. This allows one to fetch DNS data in bulk over a single TCP connection. The DNS specification RFC 1035 suggests that computer users would be able to send multiple queries in a single _packet_: QDCOUNT is any unsigned 16-bit integer. The implementation of servers that can handle QDCOUNT greater than 1 has not happened. But at least with DoH I can send multiple queries over a single TCP connnection.
Once retrieved, I load the DNS data into the memmory of the "MITM proxy". This eliminates the need for DNS queries to be immediately proceeding associated HTTP requests for web pages, etc., or within some DNS cache duration period.
When I use other sources of DNS data^1, I eliminate the need for remote DNS queries altogether.
1. For example, I extract DNS data from Common Crawl data.
Indeed, it does not seem like DoH was implemented to improve life for computer users but, at least for me, it can be useful. It can also be useful for example to computer users who use remote DNS servers where their ISP is hijacking port 53.
I avoid DHCP-provided DNS and use a local copy of unbound which does DNSSEC validation. A home I control the DHCP, but everywhere else, you can get any sort of custom crap.
I have been running one for long time now. I depend on it so much that I cannot imagine using the internet without it. It is much smaller and easier to compile than a graphical browser.
Others will have different opinions but I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies that profit from data collection, surveillance and online advertising services, and the CDNs that collaborate with them. While it can be used to protect a computer owner's sensitive data from eavesdroppers as it transits across the open internet, e.g., during "e-commerce", in practice TLS is used to conceal data exfiltration from the computer owner for commercial purposes by so-called "tech" companies. Not to mention the issue of "Certificate Authorities".
IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser,^1 but in practice it provides the most value to so-called tech "companies" that are using it to control _someone else's_ browser to allow unauthorised and/or concealed data collection and surveillance.
> I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies that profit from data collection, surveillance and online advertising services, and the CDNs that collaborate with them. While it can be used to protect a computer owners' data from eavesdroppers as it transits across the open internet, e.g., during "e-commerce", in practice TLS is used to conceal data exfiltration from the computer owner for commercial purposes by so-called "tech" companies. Not to meniton the issue of "Certificate Authorities".
I agree completely.
Google pushed HTTPS because it ensures that they are the only ones who can spy on users.
> Others will have different opinions but I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies ...
I think TLS can be helpful (for both sides of a communication), but the browser should not require it, and most servers also should not require it (but should allow it, if you deliberately choose to connect with TLS). HSTS is especially bad (I managed to disable it on my computer by using a hex editor so that the browser would no longer recognize the Strict-Transport-Security header).
Certificates can be helpful if you actually know which ones you specifically trust for a specific purpose (rather than being automatic), and if they will tell you information about a business (although as far as I know, Let's Encrypt does not do this and only verifies the domain name). However, sometimes if a certificate is changed or superseded, due to expiry, or change in ownership, etc, and it does not prevent the server operator from sending you malware; it only prevents spies from doing so. If a domain name is sold to someone else, that does not prevent cookies and other stuff from being sent, or from them adding malware, etc; however, it would be possible for end users to know the certificate to trust and avoid this problem (if a browser can be programmed to do this).
Client certificates could be helpful for authentication too, but this is rare with HTTPS (but it is commonly used with Gemini protocol). But, it does prevent someone who takes over the domain name from being able to use your information to log in, since a private key is required in order to use a client certificate.
Furthermore, the browser really should allow unencrypted proxies for encrypted connections, in order that if you deliberately want MITM then you do not need to encrypt and decrypt the data multiple times.
> IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser ...
Yes, as well as other programming languages (if a browser supports it, which most don't).
(I disable JavaScripts on my computer, except for the scripts that I wrote by myself. I did write scripts to replace GitHub's UI (in much less lines of code than GitHub uses themself), and other things.)
Yup. This is almost a year exactly after they announced a "pivot" to "privacy."
At least the most useless, overpaid person in SV is finally gone and no longer collecting her $7M salary.
Not like money has ever been a problem at Mozilla - they're sitting on over $1.5B in assets, $500M or so in cash alone. That's despite a plunging market share...
> "...for the purpose of doing as you request with the content you input in Firefox"
I'm still confused about the scope of what this means. Is this post I'm writing now considered "content I input in Firefox"? If I upload an image to my own website, is that content I input in Firefox?
From my perspective, I'm not submitting anything "to Firefox", I'm submitting the content to remote servers and websites. I don't use Firefox cloud services or bookmarks or Mozilla account or anything. Even my bookmarks, I use raindrop.io at the moment.
Are we able - with the version of FF currently out - to completely disable all transmission of data to Mozilla?
Of course this might change with these announced plans, but I want to know if the current baseline can be safe to use (without patching), or whether it's already rather far-gone.
> in the way that most people think about “selling data”
I quite frankly am opposed to any entity selling my data, in any way, for any reason, without my explicit consent because it implies you were taking my data in the first place, which is the core issue. It's my data. Not yours. Taking it (eg, telemetry) is what I object to. You selling it, I further object to. Stop. Without exception. To both. Period. The how and why of it does not matter. Worried about the breadth of the law opening you up to liability? Then stop chasing enshittification for your own gain. Don't collect the data in the first place. Its that easy.
I’ve used Netscape, the Mozilla browser, and then Firefox, so I guess I’m a long-time user. But as of today, I’m no longer using Firefox because of this.
I'm sad and disappointed that simply charging a fair price in return for offering something of value - with no other strings attached - has become so out of fashion in tech world.
Almost everyone running tech businesses seems to assume that subscriptions or data capitalism are the only way to make any money these days. But I have paid for good software in the past and I know plenty of indie developers who still sell software like a product and do OK with that model. Copies of great software like Firefox could surely be sold - for actual money - to the kind of people who value its independence, privacy, and user focus. Offer free security updates for some reasonable period similar to an LTS release. The web moves fast enough that a lot of people will want to buy upgrades quite regularly anyway just for the new features.
Firefox appears to have close to 200M active users based on Mozilla's published data at https://data.firefox.com/dashboard/user-activity. If they could get 1/20 of those users to pay them an average of $10 per year - that's less than one month of a standard subscription to a major streaming service in most Western countries - then that's $100M/year in revenues. Based on the public financial statements that's on the same scale as their subscription and advertising revenue and their annual spend on development activities.
Another possibility might be to hide some of the developer resources behind some token paywall. Almost everyone I know who works in web dev uses MDN regularly. Firefox dev tools have a lot of useful things about them. Then maybe you can even keep the main browser free and get some revenue from devs - who are mostly going to file it as a business expense anyway and whose employers benefit greatly from the continued existence and maintenance of these resources.
Sure everyone would complain - just as everyone complains about paying a few bucks for a good text or graphics editor they use for hundreds or thousands of hours per year to make 1000x the asking price. But the value is obviously there to many people. I think a lot of Firefox users in particular would probably respect the transparent attempt to keep the lights on without compromising on the USPs that make Firefox attractive to those users in the first place.
Mozilla can't be trusted to spend their money in a way that improves their browser or their market share. We will never know, but I think Mozilla would squander $100M/year from users. It makes me sad because I have been a fan of Mozilla and Firefox for most of my life.
This is really just the core of it. I probably trust Mozilla about as much as I trust Google at this point. Leadership is non-existent. Mission and goal is lost. Pointless acquisitions galore. Wasting money on innumerable social programs.
They’ve been at this for maybe a decade at this point. I want to believe things will change, but…
Selling browsers was tried, back in the 90s. They lost to free, when the audience was much more limited. Trying to sell a browser now is an even weaker proposition to most users.
I also think you're overselling how many devs would pay for their resources. Individual contractors? Sure. But anybody salaried? My employer's response wouldn't be "sure, we'll pay for MDN & Firefox dev tools for all our devs"; it'll be "go use Chrome or Edge to debug, and use GitHub Copilot if you've got questions on how the web works". (I recognize that Copilot is crap as an MDN substitute, but the beancounters will take "we're already paying for that" over "new expense" any day.)
> Selling browsers was tried, back in the 90s. They lost to free, when the audience was much more limited. Trying to sell a browser now is an even weaker proposition to most users.
It's interesting to me the uphill battle Kagi is fighting to get people to pay for ad-free search and browsing. I wish them all the best because I think it's a fight worth having. https://help.kagi.com/kagi/why-kagi/why-pay-for-search.html
Kagi is fighting the good fight. I admire them, though I'm not yet a customer.
I stumbled upon their Orion docs, I find the following concerning:
Orion is a free, lightning-fast, privacy-protecting browser for Apple users, open to the web and all its standards and protocols. One day, we hope everyone will say Orion is the best browser for all Apple devices. We're glad you're here!
That's fine and dandy, but I'm not an Apple user (I'm South American). I'd assume Apple is the larger user base for their U.S. customers, but outside of the U.S., Apple is not really a thing.
I think if they believed there would be enough people to justify charging for the software to make that model work, they would do it. But I don't think it's actually viable, I think the number of people that would pay for firefox is much lower than you think.
Consider how many other similarly popular software programs charge small fees for their app... I can't even think of a single one. And you can only really charge for binaries, because as soon as one person gets the source, they can distribute it, and then they (or others) can make their own (free) binaries, and then why would anyone pay money anymore.
I also doubt whether that business model could work. But I don't think doubt is the reason Mozilla hasn't tried it. They won't go that route because the best-case outcome is that it becomes a sustainable but small business. They aren't interested in something that doesn't have a chance at turning into a jackpot.
I don't expect a high proportion of people would pay for a browser. My point is that if you're starting at 200M users you don't need a high proportion. You just need a loyal core of fans who see enough value to play the "whale" role and prop up the rest. Given the kind of people that Firefox has traditionally appealed to in the first place I don't think that's an entirely unrealistic scenario.
As for other apps - for my own small development businesses we have spent a lot more than $10/user on all-day-every-day development tools like text editors and diff tools. Also on several other areas like graphics, business admin and communications. For a browser and related resources that we also use on a daily basis whenever we're working on web projects it would be a very quick decision.
I don't accept your premise about only charging for the binaries. You're not going after the people who would rip you off anyway with this model. You're going after the people who genuinely value your product and want to support its continued development. They're going to pay a modest amount without much thought just as we do for several of the software packages we use - despite almost all of them having free (but not necessarily as good in our opinion) competitors available.
> They're going to pay a modest
amount without much thought
Highly disagree... I think if you've been providing a free and open source product to your loyal fans for over 20 years, then suddenly start charging for it, isn't going to get people stepping over each other to hand their money over.
TLDR Firefox has been selling your data all along in exchange for ad money, but now state laws with more teeth forced them to come clean about this behavior.
Sure. It's the part right after the horizontal rule line.
> The reason we’ve stepped away from making blanket claims that “We never sell your data” is because in some places, the LEGAL definition of “sale of data” [is the transfer] of a consumer’s personal information [from one business to another in exchange for something of value].
> [...]
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
This is them saying "it's not that we've suddenly become more evil... we've been doing this for a while... we gotta make money somehow, and advertising and sharing your data is how we do that, but now state privacy laws make us have to be clearer about it".
Firefox gets almost all of its money from Google Search sponsorships and other ads. (https://www.investopedia.com/articles/investing/041315/how-m...). It's not really that different from any other adtech company. It's just one degree away, but most of that sweet user data still flows to Google in the end. Sure, they might obscure some of the PII... but so did FLoC, Google's controversial attempt to keep tracking users after third-party cookies.
Firefox is just a privacy laundering operation for Google and some smaller advertisers. Then Mozilla uses most of that money on unrelated marketing and virtue signaling, pretending like they're some sort of privacy / civil rights champion, when in reality they're not really very different from any other ad-based browser maker — except that they're horribly inefficient at using their millions. All that money and Firefox has still fallen way behind, all while Mozilla keeps pretending they're some sort of enlightened think tank. Nobody actually pays attention to any of their think-tank related work or their other services. Either as a browser maker or a privacy-oriented nonprofit, they're completely ineffective.
If Google stops funding them, they'd shut down overnight, losing 90% of their revenue. And maybe that's a good thing... it's time for a more capable org to take the reins. Mozilla has been a terrible steward, and Firefox went from the thing that saved the internet (from a Microsoft IE monopoly and the super-bloated app suite that Netscape Communicator / Mozilla Suite became) to then crumbling under the poor leadership of its lost decade.
I see a bunch of people saying that Firefox "needs to make money" or something to that effect, like they've never heard of free software.
When Flash was killed, enthusiasts re-implemented it entirely from scratch. I'm sure if Mozilla exploded today people would take the source code and continue maintaining Firefox. I'm aware maintaining a browser is complicated, but maintaining an operating system is even more-so, and that never stopped GNU.
Recent and related:
Introducing a terms of use and updated privacy notice for Firefox - https://news.ycombinator.com/item?id=43185909 - Feb 2025 (1060 comments)
> The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
THANK YOU California for this definition of selling data, which is accurate, and representative of what people think of when discussions of selling data come up.
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners
Ok, so that’s pretty straightforward. According to CA and other states Mozilla is collecting and selling your data. Which is exactly what everyone is upset about and means exactly what everyone thought it meant.
They also said "Mozilla doesn’t sell data about you (in the way that most people think about “selling data”)", and I'm struggling to fathom what they could possibly think that "most people" think selling data could mean other than "giving your data to someone else for compensation", which seems pretty much exactly what the California law says. Yes, it's embedded in some legalese, but surely Mozilla has lawyers?
I think they're trying to make the distinction between "we sell your searches and clicks attached to your personal id" and "we sell derivative aggregated information like we have a lot of users of X style to advertise to". But it's kinda hard to sift through exactly what they can and can't sell under this.
Wouldn't derivative aggregated information not be included in definitions like the one quoted because they specifically about personal data?
If you sell the information how many customers you have and how many shoes you've sold last month, are you selling your customer's personal data?
> If you sell the information how many customers you have and how many shoes you've sold last month, are you selling your customer's personal data?
To make that analogy fair for the scope of what Mozilla's doing, the shoe store would have to be selling data about what color shirts people are wearing when they visit the shoe store.
That is fair. But a more accurate analogy would be that the sales representative that goes to people house is reporting to the store what color people are wearing at home.
Firefox is installed on my computer, not on a VPS owned by Mozilla. I'm not browsing Mozilla website. Why are they entitled to record and share everything I do?
Most people don't think about this stuff and are simply uninformed. Referring to what "most people think" is a cop-out from their side.
But I think the sense Mozilla are referring to is the more obvious and over-the-top things like selling your name, phone number, email, postal address, your Amazon purchasing history, or to ramp it up more, your passwords, your credit card info etc.
The latter is a pretty high bar. Even Google doesn't do that.
Just saying that you can stretch it pretty far with vague language like "we aren't doing [bad thing] in the sense that most people would understand [bad thing]".
Most people probably envision selling data akin to shady person trading usb stick in dark alley or hackers selling huge batches of stolen data, so that statement will be true almost by default
most people I speak to about this tend to imagine selling data to be like people cold calling you with scams, getting suspicious advertisements that happen to be about stuff you just happened to be saying in the other room (which actually happened), and stuff like that. in Mozilla's case I'm pretty sure it's whatever Pocket is, considering how difficult it is in Firefox to turn that garbage off
CCPA/CPRA have a very broad definition of sale.
> (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.
Most people would view a sale as Mozilla getting cash back for the data. But that "other valuable consideration" (which the AG declined to clarify or create a factor-based approach for deciding) makes Mozilla vulnerable to lawyers.
The same parasites that claimed that embedding a chatbot on your website violates the California wiretapping laws and have been extracting cash from sites will figure out a way to do the same to Mozilla. see the wave of CIPA chatbot lawsuits.
For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.
> For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.
If a search engine partner wants to use search terms to improve their search engine, they only have to look at their own logs. They don't need Mozilla to collect, aggregate, and sell them any data to accomplish that. Mozilla doesn't need to worry about selling data if they never possess that data in the first place.
Your complaint about "other valuable consideration" is just a complaint that the law isn't crippled by stupid loopholes.
This is a funny case where Mozilla thought they are clarifying their position by pointing out how ridiculously CA defines "sales" only for it to blow up in their face. This is not the first time it happens to companies where in an act of desperation they issue some "apology" or explanation only to make the whole thing worse.
Now people will read even more carefully their privacy policy https://www.mozilla.org/en-US/privacy/firefox/#notice and may find things like:
> Firefox also shows its own search suggestions based on information stored on your local device (including recent search terms, open tabs, and previously visited URLs). These suggestions may include sponsored suggestions from Mozilla’s partners [...] or relevant URLs that are popular in your country.
> Mozilla processes [...] how many searches you perform, how many sponsored suggestions you see and whether you interact with them.
> Mozilla collects technical and interaction data, such as the position, size, views and clicks on New Tab content or ads, to understand how people are interacting with our content [...] This data may be shared with our advertising partners on a de-identified or aggregated basis.
> we share data across Mozilla-controlled affiliates and subsidiaries. We [...] disclose personal data as part of a corporate transaction, such as a merger, acquisition, sale of assets or similar transaction
> [...] retain personal data for more than 25 months, but actual retention periods may vary depending on the type of data and the purpose(s) for which it was collected
[Definitions]
> Technical data : Device type, operating system, IP address, ISP
> Settings: Enhanced Tracking Protection settings, cookie settings, permissions (location, camera, microphone), toolbar customization.
> Location : Country code, city.
> Precise Location: Your precise location (within a few feet or meters).
> Interaction data : How many tabs you have open or what you’ve clicked on. Click counts, impression data, attribution data, how many searches performed, time on page, ad and sponsored tile clicks.
> Browsing data: [...] websites and URLs you’ve visited. [...] (travel, shopping, social media), top level domains (example.com) or specific web pages visited.
Based on the parent, all the collected data preserves privacy:
> Firefox also shows its own search suggestions based on information stored on your local device
That data stays on your computer ...
> Mozilla processes [...] how many searches you perform, how many sponsored suggestions you see and whether you interact with them.
That description contains no user content: number of searches, number of ads, whether you interact says nothing about you - it doesn't say what you click on or see, just that you clicked.
> position, size, views and clicks on New Tab content or ads
Again, there is no content mentioned, just number of clicks and not what you click on.
> [Definitions]
This section defines terms; it doesn't say they are doing anything.
I wish this was more obvious that they don't identify what the 'clicked' New Tab content is. And for Search it could be stored local information and be tracked for suggestions. I wish they clarified the things you clarified instead of failing to mention them.
How do they decide which sponsored ad to show you?
Usually it's the sponsor who decides. Because, for example, it's pointless to show Walmart ads in North Korea. (I'm not a mz insider)
On your device: "Interests: Candles, Wooden Sculptures, Underwater Basket Weaving"
Advertiser: "Show this to users who like Candles."
Mozilla: "OK"
That's pretty standard and can be used to track people on the advertiser's side still, depending on how the ad itself is served and how clicks on the ad are processed.
Does Firefox download information about every ad that advertisers have paid for, and then match against local data to decide which ad to serve?
If not, when it queries to find out which ads to serve, what data does is sent with that query (or prior to that query)?
When you keep the ip address, that often gives people everything that they need, along with "fingerprinting" data. Especially governments and huge corps like facebook/google/amazon, as they have you IP @ {date}/{time} as well. Match it up and you have the golden calf.
I feel like there _is_ some daylight between what people hear when someone says "Firefox is selling your data" and, for example, Firefox using your IP address to put you in a rough country-level geoblock to determine whether to show you an ad that was sold to all users in a country.
Yet the second one, which I think would be very much considered close to harmless from my perspective (compared to an alternative of "an ad is shown to everyone across the world"), would, I think, still fit into this metric of your data being sold.
Though maybe I'm misinterpreting what the CCPA's breadth would be.
I have been a bit disillusioned by FF for some time, and would like for them to figure out some version of a business model in order to survive, and so we can know the contours of that business model. Trying to play "we do not do business things at all" with them constantly shipping weird ad-ful features and stuff like Pocket... let's see if we can make this honest!
I chose firefox because I don’t want my browser to build an ad network to sell targeted ads.
And I definitely don't want this:
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content. [0]
[0] https://www.mozilla.org/en-US/about/legal/terms/firefox/#you...
Exactly.
Why is my browser serving me advertising in the first place? Because Mozilla is an advertising company now.
There are only two ways to generate revenue: direct and indirect. Nobody will pay for a browser.
I don’t use Firefox and this whole thing is distasteful, but I’m not sure how they’re supposed to cover operating expenses without indirect monetization, or what for of indirect other than ads would work.
In the meanwhile, people are asking how to donate to Firefox not to Mozilla and it's CEOs whims and personal salary.
> Nobody will pay for a browser.
Speak for yourself.
Give me a browser that clearly and unambiguously does not sell my usage of it in any way, and I will give you a monthly subscription.
Well yeah and I do pay for Kagi but would still say “nobody will pay for a search engine” using “nobody” in the “not enough people to scale a mass market business” sense.
> There are only two ways to generate revenue: direct and indirect. Nobody will pay for a browser.
There's a third way: screw revenue, dump all staff not related to browser development and documentation (MDN) and look for government grants to fund that.
Especially the EU may be a target for a well-written proposal, given the political atmosphere it would make sense to have at least one browser engine that is not fundamentally tied to the US and its plethora of bullshit like NSLs.
Yes, ad first company, with a browser product to capture ad audience.
It’s a weird term, but I’m not sure how “for the purpose of doing as you request” is terrible. To me that means that when you type a url, they have the right to do a DNS lookup for it.
Is there some interpretation where “for the purpose of doing as you request” means any purpose they want?
The problem is that I'm not requesting Mozilla do anything. Firefox isn't a "service" it's a web browser. When I input a seach query, _I_ am acting on my behalf, not Mozilla.
I don't want any language where they get to insert themselves into that chain of behavior. Curl doesn't need a TOS, why does Firefox?
Very much this. The browser already have all the features to do what I want it to do. Why does Mozilla insists of being a middleman? It's my computer, Firefox code, and someone's server.
And I chose Librewolf because I didn't want that, either.
this is why I use librewolf
> Firefox using your IP address ... to show you an ad
Why do you imply that Firefox showing ads is acceptable ?
They have been doing for at least a decade by now (e.g Amazon). So why imply it suddenly isn’t acceptable to show ads (in any form)?
> They have been doing for at least a decade by now (e.g Amazon). So why imply it suddenly isn’t acceptable to show ads (in any form)?
Because it isn't acceptable.
The first thing I've done (for years now) when configuring Firefox is to turn off many of the defaults. Advertisements, pocket, search engine, online spell checker, translator, blah blah blah.
I mean they integrated pocket right? They sold the default search engine position for billions. That’s something! Not all money making efforts are created equal, though. We judge based on what the effort is in context!
> let's see if we can make this honest!
They're beholden to who gives them money, which is not us.
It could be us, either directly with money, or even just indirectly by “being the product” but being able to just walk away.
FF exists off of good will and the search deal. The more people stop using the browser the less they’re going to pull in from the deal.
> FF exists off of good will and the search deal
Firefox exists off of google and their antitrust deal.
Mozilla, then Phoenix, then Firefox user for over 27y or so.
If they can't stop abusing their users, I will look for another browser, goddamnit.
They are only three viable web-engines left over from the second browser-war:
Epiphany is small and nice, but they need a lot more developers. And I think they should use ffmpeg, gstreamer seems to be a source of issues for many years. But again, they need us, every helper capable of C++ is welcome.Ladybird an another new engine, implemented in C++. But it is in alpha-state, only for developers. Everyone else who tries to show us a new browser means “use that Google thing with another name on it”.
Though not yet ready for the public don't forget the promising https://servo.org
(It is very usable already in combination with Tauri as alternative to Electron + Chromium)
I'm still hoping for something to come out of Servo.
I honestly think we need to shift our trusted computing base off of C/C++. There's no way a ragtag bunch of volunteers puts enough effort into security when every minor mistake is a disaster :-(
WebKit is also used in Orion, but that browser is macOS/iOS only.
They've started work on a Linux version, too.
Some more:
* Librewolf, Palemoon, Falkon.
Librewolf is Firefox plus minor patches.
Palemoon is based on an outdated fork of Gecko.
Falkon uses QtWebEngine, which is Blink.
> I will look for another browser, goddamnit.
Well do it, i had Firefox on all my machines for about 15 years, change to librewolf took like 20 minutes on all machines...and it even feels more responsive, and i dont have have to install uBlock manually and other settings by hand, like disable those experiments mozilla can install:
https://librewolf.net/#main-features
And if you de-install firefox on windows you can even tell them why you did it ;)
> If they can't stop abusing their users, I will look for another browser, goddamnit.
This seems to go beyond "can't stop" to "are actively plotting a course to continue." I've seen a lot of missteps from Mozilla over the years, but I never thought I'd see them selling my data. From seeing the news yesterday to today, I know now I have to stop recommending Firefox, and figure out a browser that I can trust.
Yes, here too, add Mosaic and Netscape there. Switched to Waterfox, would pay for a full fork.
there are many offshoots, zen, floorp, librewolf (if you want that classic feel), waterfox, etc
Librewolf is a Firefox fork with this crap removed.
And if everyone switches to Librewolf, Librewolf will die because Mozilla will no longer make money and won't be able to devote resources towards maintaining upstream Firefox.
I use Firefox. I hate ads. I don't love that Mozilla engages in some level of affiliate deals to pay the bills, but it's the only viable alternative to Google controlling the entire web and doing much worse tracking/advertising at this point, unless Mozilla can figure out some other revenue stream.
Chromium-based "privacy-focused" browsers can only exist as long as they're not popular enough to move the needle on Google's ad business. Firefox derivatives can only exist as long as Mozilla can pay the bills, which they almost certainly can't do if nobody uses Firefox (no reason for Google to pay for search priority for an audience of zero, and no affiliate deals for an audience of zero).
The more people use Firefox forks, the sooner Google controls everything. You might personally benefit in the short term, with "complete" privacy, so I can understand why some might choose that option, but you need to accept that you're contributing to Google's dominance by doing so.
> Mozilla will no longer make money
Mozilla could have added years ago a donation or subscription to fund the development of Firefox, but they don't want that. Mozilla wants all the money for its charitable activities instead.
There will be a time when they have no money anymore, but it's only their fault.
I think it's not that they don't want it as it's difficult to mix money from commercial activities with donations. That's why they keep the two cash flows separate and are only using Google money for Firefox development, and spend donations exclusively on political bullshit very few people care about.
Although their $7 mil CEO could have found a way to handle this while not running afoul of the IRS, but she decided to play with a bunch of dead-end commercial endeavors instead. So that's on them.
I doubt donation would be anywhere close to what is needed for development even if that exists.
Na, Mozilla will die and Firefox and Thunderbird will get transferred to a community project, Thunderbird survived without Mozilla so will Firefox.
Pretty sure that community project will get overwhelmingly big donations from all over.
A web browser is much more complex software than an e-mail client, though.
You're saying "will" but what are you waiting for? How many data points do you need to leave FF now they're admitting to collect data and willing to display their own targetted ads, that they make deals with Facebook in addition to making deals with Google, that they're green-washing and pushing Google's efforts to take over the web as a targetted ad medium which has resulted in abandonment of almost all browser development and their own browser share drop to low single-digit figures, with funds directed towards nebulous virtual signalling campaigns but mostly to their management and certainly not towards development or the better of the web?
Would it have been better if Firefox/Mozilla went under as a result of never compromising on their principles for income 5 years ago, as opposed to continuing to exist in this less than optimal form today? If the business incompetence of where to put all the existing money were resolved.
I feel like the people who understand Mozilla's true principles have long since moved on by this point, and the crowd of those unaware still use Firefox as a daily driver, for better or worse. That crowd might have just moved to Chrome without Firefox as an option anymore.
Although, as I understand it Firefox and Chrome will be closer to each other in terms of 3rd-party data selling from now on with this ToS change.
> the people who understand Mozilla's true principles have long since moved on by this point
Where to?
I'm really liking Orion browser, unfortunately it doesn't support Windows or Linux yet
Mozilla had $1,006,854,000 invested at end of 2023. Drawing 5% of that annually for developer salaries would pay a lot of Firefox developer salaries, even with no incoming cash whatsoever. I'd like to believe a world exists between "Firefox is a volunteer-only effort" and "Mozilla CEO is yet another sociopath robber baron".
https://assets.mozilla.net/annualreport/2024/mozilla-fdn-202...
Getting $400M a year is not "commercially viable". But thanks for clearing this up that you want to sell my data. Switched to Waterfox (for now, hope for an independent fork) after 30+ years of Firefox.
There is no "independent fork," unless you consider the Chromium skins independent forks too.
> According to CA and other states Mozilla is collecting and selling your data.
The definition requires Mozilla to do it "in exchange for “monetary” or “other valuable consideration.”". What consideration is Mozilla receiving and from who?
Personally, any application that even collects personal data is problematic for me. Personal data of a user has a value, and a large repository of personal data, of millions of users, makes the company valuable too. Any data collected can be monetised, if not immediately (as part of the company's business model) or in the future (when the company is sold).
With Mozilla, for example, displaying sponsored links using Firefox Suggest ( https://blog.mozilla.org/en/products/firefox/firefox-news/fi... ) means collecting and sharing personal data (like search keywords, browsing history or bookmarks). This data sharing, with another company, could either be the raw data or the processed data. In either case, it is a problematic issue for any privacy conscious and politically aware user because either party or multiple parties will (or can) create profiles from the data. "Anonymous" data collection doesn't have any meaning here because with enough data points from a particular user, you can reasonably identify a user (either to track them digitally or to even to identify their personhood in real life, for legal or political reasons). This is easier to do so if you also combine it with data from multiple sources. (Which is what the US NSA programs with US BigTech are doing, and why these companies are so valuable today - Data is the new oil).
I'm not sure you and they agree on the meaning of collect: If you input personal data into Firefox - e.g., an email you type in a Gmail - then they 'collect' it. Unless you use Firefox only for anonymous purposes, some data must pass through Firefox.
> With Mozilla, for example, displaying sponsored links using Firefox Suggest ( https://blog.mozilla.org/en/products/firefox/firefox-news/fi... ) means collecting and sharing personal data (like search keywords, browsing history or bookmarks).
That article says it's only opt-in, so you are safe:
As always, we believe people should be in control of their web experience, so Firefox Suggest will be a customizable feature.
We’ll begin offering smarter contextual suggestions to a percentage of people in the U.S. as an opt-in experience.
> I'm not sure you and they agree on the meaning of collect: If you input personal data into Firefox - e.g., an email you type in a Gmail - then they 'collect' it.
"They" in this context is Mozilla the organization, not Firefox the process in memory. For Mozilla to collect information, information has to leave my computer and end up on Mozilla's computer.
"That article says it's only opt-in, so you are safe:"
Funny, I never opt-in to that garbage - and yet Firefox keeps trying to auto-recommend things to me. It does this even in the Firefox Quantum mobile browser.
I don't think Mozilla is being 100% honest.
From their privacy policy [1]:
"we work with partners, service providers, suppliers and contractors"
But they won't disclose which partners and what Mozilla gets in exchange. Which is opaque, and probably intentionally so.
You can scroll down to the types of data and lawful bases they list for these data exchanges.
[1] https://www.mozilla.org/en-US/privacy/firefox/#how-is-your-d...
Mozilla is continuing to dig its own grave
Hasn't Mozilla gotten enough money that if they hadn't wasted it they could've been living solely off interest by now?
$7B was not enough to be "commercially viable" it seems.
But then they would need to be given more money.
If they would simply tell us what part of Firefox is affected by the CCPA's definition of "selling user data", there would be no room for misinterpretation and this would be over.
If it's as innocent as "Firefox has to send HTTP packets to arbitrary web servers to achieve the fundamental function of loading a page" and that web server is considered 3rd party by CCPA, then everyone would understand... this is either poor communication or they are hiding something else (which everyone should rightly assume in this day and age).
Just tell us already Mozilla!
From the article:
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
And remember, they’re citing CCPA’s definition as meaning “… in exchange for ‘monetary’ or ‘other valuable considerations’”. This is exactly what people mean by “selling”.
It’s not the innocent thing you’re contemplating, about a browser doing its job. It’s specifically about things like serving ads, making that browser “commercially viable”.
Mozilla is stopping claiming they’re never selling your data because they’ve been selling your data for the last few years.
Selling ads isn't even the problem. They could do that and still truthfully, legally claim they never sell your data.
Mozilla is helping perpetuate the illusion that online advertising necessarily includes collecting and selling data about the users who are shown the ads.
AFAIK they do the opposite: They've pioneered ways to target advertising without your data leaving your computer.
See for example,
https://www.adexchanger.com/privacy/mozilla-acquires-anonym-...
"That shared mission is predicated on the notion that advertising and privacy are not – or at least don’t have to be – mutually exclusive."
And it goes into detail on the investment and technology in that area.
If they've pioneered such technologies, they aren't using them. Their Privacy Notice enumerates many types of data that Mozilla collects and passes along to "partners"/advertisers. For example:
> Mozilla collects technical and interaction data, such as the position, size, views and clicks on New Tab content or ads, to understand how people are interacting with our content and to personalize future content, including sponsored content. This data may be shared with our advertising partners on a de-identified or aggregated basis.
There's a lot of tracking data that does leave the user's computer, and Mozilla is trying to justify it by assuring us it's sufficiently anonymized and aggregated—assurances they would not need to make if the data wasn't changing hands.
It's also silly to suggest that targeting advertising without tracking users needs to be "pioneered". It's obvious that Mozilla could have the browser download this month's list of sponsored search keywords and have the browser check search strings against that list, without going off-device. There's no innovation required to implement that. All the attempted innovation is focused on how to exfiltrate data in a form that they can get away with selling.
> There's a lot of tracking data
It's meaningless data to you: It doesn't say what you click on, just where and how big the ads are, and how many times you click. It doesn't identify you or reveal anything about you, except that you clicked on some unknown ads.
> It's also silly to suggest that targeting advertising without tracking users needs to be "pioneered". It's obvious that Mozilla could have the browser download this month's list of sponsored search keywords and have the browser check search strings against that list, without going off-device.
These are the words of someone who hasn't done it. Look at the article; what advertisers want and what the privacy-destroying competition does is much more sophisticated than what you describe. For example,
Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling. (A trusted execution environment is the secure area of a main processor where code can be run safely and in isolation.)
To be fair, the major ad platforms have long offered attribution and measurement solutions, Mudd said. “But they required the data to come into their system,” he added. “In this world, that doesn’t have to happen.”
> It's meaningless data to you: It doesn't say what you click on, just where and how big the ads are, and how many times you click. It doesn't identify you or reveal anything about you, except that you clicked on some unknown ads.
I'm not sure what you mean by "meaningless data to you". Obviously, the data Mozilla is collecting, aggregating, and selling is meaningful to the buyers. And you're straight up lying about the extent of the data, directly contradicting Mozilla's Privacy Notice.
> Look at the article; what advertisers want and what the privacy-destroying competition does is much more sophisticated than what you describe.
Obviously? What I was describing was how it's possible to target an advertisement without doing any user tracking. What the advertisers want to do and are doing is tracking users as much as they can get away with. And that includes the ad tracking company Mozilla bought.
Is that "obviously" true? Like if they had ad targetting and also let buyers of ads see aggregate results of impressions or something, that might already fall into user data being sold, right?
At what point does user data stop being user data? I don't think aggregation is enough in some of these discussions, but maybe I'm wrong.
> Mozilla is stopping claiming they’re never selling your data because they’ve been selling your data for the last few years.
If that's true then it sounds to me like there's some liability to sue for in California courts against Mozilla. I wonder if EFF would be interested
CCPA/CPRA has no private right of action for this kind of thing. Only the CA AG can bring forth claims, and penalties would be paid to the state, not individuals, in that case.
Most of what is collected is recorded in about:studies and about:telemetry. You can disable studies in Settings, and I think most of telemetry.
What is collected by telemetry is documented here for desktop [1].
[1] https://firefox-source-docs.mozilla.org/toolkit/components/t...
[flagged]
This binary is known to the State of California to sell data.
Yeah, "Calm down everyone, the only issue here is that certain jurisdictions have sensible definitions that mean we can't legally claim we're not selling data because we are" is arguably clarifying but it's not particularly comforting.
Seems safest to assume that if it can be tracked, it will be. And traded too.
If they intended to clarify wording, they would have added something in place of their original wording instead of deleting it entirely. Legal team isn't slipping like that.
Didn't they do that?
> in exchange for “monetary” or “other valuable consideration.”
JFC, it's funny they try to call this out as some kind of a "weird" definition when that's just... what selling is.
I actually laughed out loud at this. “We can’t say we don’t sell your data because some places have definitions of “sell” that are legally difficult to interpret, for example”:
<completely unambiguous definition of selling follows>
That was in California. Presumably, it's worded somewhat differently, and with different intent, elsewhere.
50 states, plus Federal laws, and all the other countries of the world and internal jurisdictions is how many possible variations? And before you say "Yeah, but they all mean mostly the same thing", remember it's lawyers we're dealing with, who will happily charge large sums of money arguing over misplaced punctuation and legislators who will happily take bribes from those same lawyers.
California was the example they chose to provide. From this, we can reasonably infer that Mozilla does not have a better example handy to illustrate what's wrong with legal definitions around selling user's data. If their best example is completely unconvincing, we should remain unconvinced.
Most people here are assuming that they mentioned that one specifically because it was one of those that Mozilla feels is too broad or difficult. It could be simply read as a random example, but I think that's quite a generous interpretation.
Usually, when I point out that Google sells your data and there’s no possible way to actually opt out, someone replies to say that’s not true, then defines “sell” in some way that most people would disagree with.
I came here to quote the same sentence and ... yeah, they shouldn't be doing any of this stuff. It's an open source web browser. I type a URL into the URL bar, you send the domain name to my DNS server, then send the rest of the URL to whatever that resolves to, and then you render the content. At no point in this exchange is any oral communication or "valuable consideration" required.
Like sorry, if your selling point is "privacy" then you can't show ads on the new tab page. Debian was onto something when they called this software "IceWeasel".
I was under the impression that selling anonymised data would also fall under this category. Either way we need more transparency here.
By that definition, wouldn’t sharing total monthly users for the basic purpose of landing some kind of deal (could be as simple as a partnership), constitute “selling data”? Stats like X million monthly users doesn’t appear to conflict with the spirit of the claim, but does conflict with that legal wording.
What part of "we have x million monthly users" is "a consumer’s personal information"? That's information about how many consumers you have, but it's not personal
But, "we have x million monthly users _in Arizona_" would be using your personal data, from a legal standpoint. And if they provide that aggregate data in exchange for money, they are selling your personal data (but not in the way many people think of it, like in a Google/FB sense of building an individualized profile and selling ads against that).
Mozilla might be doing very sketchy things with your data, but it's also very plausible that they are doing a reasonable job at anonymization of data but in a way that is still technically classified as selling personal data (in aggregate form).
I don’t think that’s true:
Per: https://thecpra.org/#1798.145(a)(6)
> Exemptions: > (6) Collect, use, retain, sell, share, or disclose consumers’ personal information that is deidentified or aggregate consumer information.
I understand that people who have a vested interest in eroding any possibility of online privacy and data protection would want us to believe these laws are vague and overreaching - but that doesn’t mean they actually are vague and overreaching.
My mistake, I missed that the data was limited to "personal" information.
I hate to point out the obvious, but when you collect and share with your partners, it’s obviously a polyamorous relationship. I’m appalled at this intrusion of California on the love life of companies.
So by that definition, if I click on your profile info here, HN is "selling me your data" no?
But anyway, if anyone thinks FF or any other browser can survive without such commercial deals needs to get ready to use Safari or other minor browser
> So by that definition, if I click on your profile info here, HN is "selling me your data" no?
What monetary or other valuable consideration does HN get from you when HN serves up someone's profile page to you?
Even if they did, I doubt it qualifies if the consumer intended to post it publicly. There's a difference between selling a book that I published versus selling access to a private draft of a book that I keep in cloud storage and never agreed to let you sell.
Selling access to be the default search engine could count under this definition, which was Mozilla's primary revenue source for decades.
Wait, what? What part of this definition would include selling a default setting?
> selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information
Mozilla doesn't need my personal information at all to set a default search engine.
It may be relevant that Mozilla recently acquired a Meta-created ad tracking company and is now awash with Meta ad execs. [0]
It may also be relevant that Meta is recently upsetting people in Europe for tracking and targeting people in spite of Europe's data protection rules [1].
My guess (and this is just speculation at this point) is that Meta and Mozilla think they're being clever and getting away with some "private" ad tracking and are underestimating how much damage they're doing to Mozilla's reputation.
I doubt the Anonym tech has been built into Firefox yet, but it's clear that the corporate strategic direction is to bet on some concept of "acceptable ads" like Google did in the 90s.
[0] https://www.adexchanger.com/privacy/mozilla-acquires-anonym-...
[1] https://www.reuters.com/technology/digital-rights-activists-...
Mozilla mentioned their viability in this statement, but one has to wonder how much more viable they’d be had they not wasted tens of millions of dollars on acquisitions such as this, Pocket, and of course their former CEO’s salary. I would happily donate to a company that focussed on just making Firefox and Thunderbird, but the reason why I don’t and probably will not donate to Mozilla ever again is that I have no idea what hare-brained acquisition they’ll do next.
Their mission and plan for the future is so incomprehensible that it’s probably just easier to assume actual malice.
> but the reason why I don’t and probably will not donate to Mozilla ever again is that I have no idea what hare-brained acquisition they’ll do next.
You can't donate to Mozilla Corporation at all, which is the entity maintaining Firefox and running these acquisitions. You can only donate to the Mozilla Foundation, which funds other campaigns.
> You can't donate to Mozilla Corporation at all, which is the entity maintaining Firefox and running these acquisitions. You can only donate to the Mozilla Foundation, which funds other campaigns.
The Mozilla Foundation is the parent of the Mozilla Corporation.
https://en.wikipedia.org/wiki/Mozilla_Corporation
But donations to the Foundation cannot legally be spent on the Corporation's projects, of which Firefox is one.
What is their profit or loss from Pocket?
> it’s probably just easier to assume actual malice
The easiest assumption to make is greed and foolishness.
Dishonesty in pursuit of greed equals malice.
> "private" ad tracking
My guess is that they're aiming to pivot to become a Brave competitor, and either find a new (profitable) niche in the market, or just ride the business down to collapse.
Don't forget that private, hard-to-access data is now doubly valuable as AI training data.
> It may be relevant that Mozilla recently acquired a Meta-created ad tracking company and is now awash with Meta ad execs. [0]
That greatly misrepresents what the article says; really Mozilla acquired a company with a mission to get user data out of the advertising industry, which happened to be founded by former Meta employees:
Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla. ...
Mozilla had initially been talking to Anonym, which uses privacy-enhancing technologies to build measurement and targeting solutions, about a potential partnership.
“But that quickly turned into, ‘Wow, our missions are basically the same,’” Chambers said. “We realized that together we could move a lot faster.”
That shared mission is predicated on the notion that advertising and privacy are not – or at least don’t have to be – mutually exclusive.
“We both believe that privacy-preserving technologies are a critical part of the solution to the privacy problem in digital advertising,” Chambers said. ...
Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling. (A trusted execution environment is the secure area of a main processor where code can be run safely and in isolation.)
To be fair, the major ad platforms have long offered attribution and measurement solutions, Mudd said. “But they required the data to come into their system,” he added. “In this world, that doesn’t have to happen.”
> Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling.
Wow, "secure", "encrypted", and "trusted" all in one sentence. They're trying to make it sound as reassuring as possible, but they're still doing tracking.
They're not, in fact. That's the whole point of their business. Where does it say they are tracking anyone - which means recording personal information?
"impression and conversion data", "attribution, causal lift measurement and lookalike modeling". These are all terms of art in the field of tracking user behavior: collecting information, and using it to infer what you can't collect directly.
That data only exists in encrypted form and in a trusted execution environment, based on the evidence. I mean, everything you do on the computer is also in RAM - is that tracking too?
There is no evidence of risk. A general freakout is not evidence of anything besides maybe some bad acid.
> That data only exists in encrypted form and in a trusted execution environment, based on the evidence.
First of all, please don't try to pretend that claims that the data remains encrypted and secure and only in trusted environments are claims that should carry any weight. The data cannot only exist in encrypted form. The entire goal of these systems is to mangle and aggregate the data "enough", then share that result as plaintext with the highest bidder.
> I mean, everything you do on the computer is also in RAM - is that tracking too?
No, not everything I do on my computer is tracking. Most software doesn't keep a long-term record of detailed interaction data. I don't expect my window manager to log how much time each app spends in the foreground. But even for the stuff that is logged, you should be able to understand that the real concern comes from when that information is exfiltrated from my computer, processed by a third-party, and sold.
How exactly would you suggest one looks for "evidence of risk" in this scenario? We already don't have any clear visibility into what companies do with our days (which is kind of the whole reason everyone is upset about the changes to the privacy policy that everyone is discussing here in the first place), so if a new company comes in and also starts doing _something_ with data that we also have no visibility into, we should just assume that they aren't doing anything sketchy because they didn't happen to say anything incriminating? What would you expect a company that _is_ doing something sketchy to say in this scenario? You don't think that's a company might just lie about something that they know no one can disprove?
Your "no evidence of risk" is my "no evidence of a lack of risk", and at the end of the day, I don't see any reason to blindly trust any company on their claims of being benevolent, let anyone one operating in such a historically sketchy one like adtech.
> I mean, everything you do on the computer is also in RAM - is that tracking too?
Uh... what do you mean? It's not like every programs has free access to the RAM and can just whatever that's in it, there are boundaries. Just because something exists in RAM doesn't mean it can be read, collected and analysed by someone else.
Also, data existing in "encrypted form" and being executed in a "trusted execution environment" mean nothing either. People whose goal is to collect the data can still decrypt it and read it, and a "trusted execution environment" basically means nothing if they whatever they get by analysing that data in that "trusted execution environment" is going to be disseminated to third parties who may or may not have the capability to use that data to identify you.
It's not nice to accuse people of freaking out over "maybe some bad acid". Even if it's "freaking out", in this case it's actually safer to "freak out" and avoid it than taking your ill-reasoned advice.
Facebook is sort of tech’s Enron / McDonnell Douglas.
Ahh, the Unity game engine special.
> Whenever we share data with our partners, we put a lot of work into making sure that the data that we share is stripped of potentially identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).
But if the data was fully stripped of potentially identifying information, then it should not count as "personal information" under the California Consumer Privacy Act, therefore it should not trigger the "sale of personal information" requirement, regardless of how it's transmitted or what kind of compensation is involved.
The CCPA defines "personal information" as follows:
> “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
(It also includes a list of examples [1], but the examples are conditional on the same "linked, directly or indirectly, with a particular consumer or household" requirement.)
So, which is it? Is the data deidentified or is it not?
Is Mozilla just trying to reduce risk in case someone argues their deidentification isn't good enough? If so, I'd call that a cowardly move.
[1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
I dunno, if legal recommends wording for your TOS you should probably listen to them.
Legal is there to advise you. Sometimes what legal tells you is not in the best interests of your company. A good legal team will work with you to identify when maximal risk-averseness is not the right strategy.
A normal legal team (as opposed to a good one) will always recommend whatever is virtually guaranteed not to come back to bite them.
Then comes the question: would it also obviously expand their domain of allowable actions to trespass on their users?
Since that is a resounding "yes" and they also have the extremely obvious finance incentive to do so...
Yes, so you claim you can do whatever you want with everything you can get your hands on and then social media blows up because it's batshit insane, but don't worry because you're _legally in the clear_.
You're acting like they didn't have the 2nd option of just not selling the data so the current wording is accurate...
How about don't send ANYONE's personal information, anonymized or not, to anyone including themselves? I think that's what people want. But that will never happen because you can't make money from it.
Nor should you make money from data transfer.
Tax this, and give the tax back as reverse income tax to individuals.
How will Sync or their VPN operate, for example?
This is about Mozilla's Terms of Use for Firefox, not Firefox Sync and Mozilla VPN. Those services need their own Terms of Use that doesn't apply to using Firefox without using those add-on services.
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
You don't need a license for data you never see. When I use Firefox to type a comment on HN, that comment goes from me to HN. It doesn't go to Mozilla. Mozilla does not need a license. (And no, Firefox doesn't need a license either, because licenses are granted to people and organizations, not software.)
The only possible reason for Mozilla to need a license to the data I type into Firefox is if Mozilla intends to have Firefox send that data to them.
Right. Some people want Sync, Pocket, oneline translation, etc. Others like me just want a browser. There should be a simple option to choose between a browser and some multifunction beast that some people and even more managers at Mozilla are dreaming of.
Those things are Mozilla services. If they spoke of operating Mozilla services and data you input into Mozilla services, it'd be fine and expected. But instead they speak of operating Firefox and data input into Firefox, which is much more broad, and just happens to give them coverage for all kinds of data collection and abuse.
The fact they've issued this update and not clarified the scope as Mozilla services is disturbing.
Thanks for the terminology clarification. So ideally the services would be used by an extension that users are offered to download. Next best would be a simple choice do you want any services or not. If yes, all of them or customize.
I thought they removed the reference to Firefox?
From TFA:
> Here’s what the new language will say:
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.
They're still broadly referring to "Firefox" with alarming language.
Thanks.
> They're still broadly referring to "Firefox" with alarming language.
"alarming" is a low standard - people get alarmed because they see everyone else throwing a fit.
They say it's only for "doing as you request with the content you input in Firefox" - how is that alarming?
> They say it's only for "doing as you request with the content you input in Firefox" - how is that alarming?
Nothing that I intend to do with Firefox requires any such statement. The mere existence of the statement is evidence that Mozilla's intentions are drastically out of line with what a web browser should be doing.
> Nothing that I intend to do with Firefox requires any such statement.
So what? Millions of people use Firefox. Lots of things in Firefox and their ToS don't apply to me, of course. None of my personal info will be collected at all, based on what I've read.
"There should be a simple option to choose between a browser"
Less money, not going to happen.
While I agree with folks that this is a step backwards in privacy, I think it’s a good exercise to zoom out and understand Firefox’s position.
The browser market is highly competitive, and Mozilla’s competitors have orders of magnitude more resources at their disposal. As we all know Firefox’s market share has been dropping over the past years and unfortunately the revenue supporting all of Mozilla comes predominantly from their Google deal (which itself has been risked by the ongoing case against Google)
Unfortunately as well - unfortunate for Mozilla, but fortunate for its mission and users :) - the Mozilla corporation is wholly owned by the foundation, so there is no easy way to raise funds (donations amount to so little compared to its Google revenue). Given no access to traditional fundraising, Mozilla has limited options on sustaining its business.
All this is to say, Mozilla seems to be trying to diversify its revenue hard, and its previous on-brand attempts (Firefox OS, VPN, etc) haven’t yielded the return they expected from them, so I’m not surprised Mozilla is trying to make money off of ads and selling data. I disable data collection, though if it came to it, I trust Mozilla a tad bit more than its competitors to protect my data - initiatives like ohttp give me a sign that at least they’re trying
Mozilla were pulling in ~$500M/year on those search deals. So on year one, spend $15M on a team of 20+ highly competent full time developers for Firefox, put $450M into a trust to fund future development, and find something to waste $35M on. Then for the next 15 years, find something to waste $500M on.
The amount of money they've squandered is mind-boggling. If their goal had been to develop Firefox/Thunderbird/Mozilla Suite, and they had focused on how to sustainably do that, they never would've needed to diversify income sources.
Yes, this is how I see it, too. They’ve been operating as if their money hose from Google was (a) infinite and (b) cost-free. Turns out neither is the case, and now they’re dependent on it Google owns them.
They could have funded Firefox development for the next 100 years but they’ve pissed it away, and now they’re selling us out. It’s gross.
>spend $15M on a team of 20+ highly competent full time developers
Implies that the browser is the mission, not some social cause is the mission
It implies maintaining the browser would better fund the mission in the long run than selling user data to adtech now as the user count continues to decline.
Google pays Apple 18 billion dollars per year to be the default search engine on Safari. If Firefox had managed to stay just as popular imagine how much more money they'd have been making on search deals these last 5 years and how much of that could have went to whatever mission they wanted. Instead they've got a whole lot of noise adding up to about nothing for income + a much smaller search deal than they should have. That's why "having a social mission" isn't inherently the issue, it's all about the management around balancing how the investment for the social mission is done.
I think GPs numbers are off by an order of magnitude or so though. I remember reading something like Mozilla spending 200 million/year on software development (not all Firefox) so it might take 300+ million/year just on Firefox to really have a big impact from status quo. Someone with the real numbers is invited to correct me on that. Browsers have huge teams of people, even Ladybird is using large components like Skia developed by other browser teams.
Firefox can't compete with iOS or Android for what should be obvious reasons - it is structurally impossible. Also, the competing browsers are way better today than in Firefox's heyday. There is very little reason to use Firefox today outside of ideological.
This is exactly it, millions spent on the product, but no noticeable changes? The money is going elsewhere.
Wikipedia is doing the same.
If they've had any non-code projects that had costs in the millions, they were catastrophic failures, so they shouldn't have had such a mission.
They've not developed the suite for... between 15 and 20 years I believe; and Thunderbird for over 10 years. For the past several years, Thunderbird is back under the MZLA Technologies Corporation, but - it is funded by donations (and doing rather well in that respect it seems).
So - Firefox is the "only" thing they need to develop.
Their weird org structure is their own fault. Millions of dollars squandered on things most people simply do not care about, while neglecting Firefox for a decade.
When Firefox/Firebird/Phoenix first came out, the org structure wasn't that weird yet. The hybrid structure came a few years later, and even then it was fine for a while, but somehow mission creep set in and they became this ginormous org that did nothing useful, but padded exec salaries at the expense of their only service that people actually cared about, the Firefox browser. They kept adding more and more ads and intrusive partnership and lost marketshare year after year until it became completely irrelevant.
Meanwhile, the Mozilla org tried to become some sort of EFF-wannabe, but heavy on the virtue signaling and low on producing anything of actual value.
At this point, I think Firefox would be better off spun off and managed by another FOSS entity altogether, not whatever the husk of Mozilla is today.
I too wish they would have spent money only on the improving the browser, obvious things like sync, and probably web standards, that's all they really need to do. They don't need to be doing stuff like "social equality" or web DEI or any of that. They don't need to be dabbling in a dozen side businesses.
"donations amount to so little" is very misleading stated like that because Mozilla just doesn't give us any way to donate to Firefox development or even just their FOSS efforts in general. Mozilla is one of the very few companies I've donated to even when I had little in the way of discretionary income, and is one of the first options people think of when they think of FOSS software they want to donate to. But then I learnt that any donations like this are highly unlikely to be spent on the software we're donating it for, and at that point I might as well donate to a random local charity instead.
I'm not gonna claim that donations would have rivaled the Google revenue otherwise, but they will certainly be many many times higher than what they are. Lots of people are willing to and even want to set up a regular donation to Firefox as the lone non-Chrome bulwark in the FOSS space. There would have been grassroots efforts to get more people to donate on the regular, hell I would have put in serious work on such efforts if we actually had a way to donate to keep Firefox alive and healthy.
It doesn’t help that they make it hard to donate to a specific product’s development. I’d donate to Firefox. I wouldn’t give a penny to anything of their other distractions.
(And others would support exactly the opposite, I’m sure. But no one gets to sponsor what they personally care about.)
(Would others? I don't think I have ever seen anyone defend that part of the equation. With Wikipedia's similar insanity--begging for donations to keep their servers on when they don't spend the money on that--I have at least seen some people who like what they do spend their money on as important to them, but I don't think I have ever seen anyone actively want to donate money to Firefox's random side projects instead of Firefox.)
You don't need to go far. Just look at the Thunderbird. People are donating to support it.
I believe saurik is talking about Mozilla's spending on "advocacy" and other non-product causes, not actual products like Thunderbird. While there are a few actual products other than Firefox (like Thunderbird), most of the "distractions" kstrauser speaks of are of a much less tangible nature that basically amount to "whatever catches Mozilla management's fancy that month".
Probably not, but you know if I left that out, someone would claim the opposite just for contrariness.
Reasonable people want people running the product they love to succeed, too. But when the equation involves obscene executive salaries, back tracking on _promises_, terrible decision that lost money, and overall just too much money to justify what's being done. The end result is what you see now: a lot of upset people and there is nothing _unfortunate_ for Mozilla.
I have a lot of trouble seeing what you are trying to defend here -- I really tried but couldn't. I find it pretty hypocritical to say that you disabled data collection while you trust them over your competitors to protect your data -- so you are saying that you trust them but you won't adjust your bottom line to help them succeed anyway?
I really mean well: sometimes you just shouldn't try to appear to be reasonable to a situation that isn't, it actually makes things worse for everyone. I used to do that and have learned some hard lessons.
> The browser market is highly competitive
And that's exactly the problem: treating it like a market. I don't want browsers to be a competitive market, in the same way that I don't want libraries, primary schools, firefighters or healthcare to be a competitive market.
In modern society, they're essential needs, which need to stop catering to the capitalist overlords and need to focus on the needs of the many.
But that ignores the reality. Chrome is implementing new (often privacy harmful) features and because the Chrome market share is high enough websites depend on them. Then the average user has to pick Chrome because "Firefox is broken".
The network effects between website and viewers make the market real and failing to gain a significant market share results in you effectively being cut out and failing to serve the needs of most of your users (unless you can match Chrome's insane pace of development bug-for-bug).
Firefox isn't broken, I literally use it all day long as my browser for work and home usage. Rare occasions I pull out brave, maybe once a month, for something that has an issue, and usually that's not it, it's an extension or something.
I also use it almost exclusively, but sites that don't support it (or more often that just don't test against it and have various broken features) are becoming more common. As the market share shrinks this will become more and more common.
I wonder how much success would have some subscription option (at least for small amount) like maybe $5 per year?
would that be more than my data are worth?
I really like Firefox and u would like it to improve over time and as this is one of my main tools for my work I could consider to spend a little on it
Or, hear me out, surprising, crazy, I know: Sell the browser!
> It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
I really struggle to understand what legal team believes this language is necessary in downloaded software. There is a lot of precedent for this kind of language in online hosted services, but not downloaded software.
> This does not give Mozilla any ownership in that content.
Yes, it’s a license. Nothing changes. There is no ambiguity about ownership in a perpetual nonexclusive worldwide license, but this doesn’t explain why this license is suddenly necessary now and wasn’t before.
Clearly the legal team at Mozilla is struggling with multiple issues in this update. Why are these changes being made now, and what is driving them?
Others have discussed the data sale issue, but I don’t see a reasonable explanation for the license issue, and the changing text doesn’t inspire confidence.
> I really struggle to understand what legal team believes this language is necessary in downloaded software.
Exactly. Even if nothing is changing at Mozilla, their legal team has invented a new interpretation of copyright law. That’s a huge deal from a legal perspective—Apple, Google, Microsoft, etc need to be rushing to add corresponding terms to their applications.
Mozilla PR is dropping the ball completely by trying to sweep this under the rug as ‘standard legal boilerplate’ because it’s not a clause in any other application I’ve ever seen.
Since I use FireFox at work, I don’t even have permission to give Mozilla a license to the content I create on the clock, so I will be switching browsers.
Switching to what? Honest question, not asking for a friend.
Not OP, but we had a waterfox thread yesterday: https://news.ycombinator.com/item?id=43205110
I switched to https://librewolf.net/
Is it a reputable project? What credentials does it have?
Well it's part of the Debian Main-repo, FreeBSD-Ports, FlatHub and brew on MacOS:
https://librewolf.net/installation/
Not for nothing, it is standard legal boilerplate. I just checked two randomly selected terms of service--one for ReadAI, the other for Google--and they both include a very similar clause with those exact parameters.
That said, I'm not suggesting Mozilla isn't also being wildly hypocritical in their behavior, and hamfisted in their PR.
Both of your examples are cloud services, not software run locally on users' own hardware. If they intend the license to be limited to cloud services like Firefox Sync, then they should say so.
You can't download Google.
They have for example recently added AI chat sidebar via Firefox Labs. So in effect, the browser itself is collecting and sending information to third parties. And I imagine Mozilla is or will get some money for these integrations. I would guess this is how they will try to diversify their income away from Google Search integration.
Of course the question then shifts to, do we need AI in the browser sidebar?
> This does not give Mozilla any ownership in that content.
I actually disagree, fundamentally.
This is digital content, so "ownership" isn't the same as for physical stuff.
Lets look at analogies: "piracy isn't theft" (because the original owner still keeps their copy!). Also, surely if Mozilla can sell your data, they must have owned it first! But you also keep your data!
So clearly, to "own" digital stuff is different from "owning" physical stuff.
Then, how do we define "own" for digital stuff? I'd say a sufficient definition would be, "possess and can do whatever".
So when Mozilla says "nonexclusive, royalty-free, worldwide license [...] necessary to operate Firefox", and then in subsequent paragraphs argue that selling ads is necessary to operate Firefox... Yes, we can add two and two together.
Now, apologists will claim that the literal statement in new terms is "nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox", but obviously, the DO NOT NEED A LICENSE for doing as you request in Firefox (i.e. sending POST requests directly to third parties), so clearly there's some shady business involved.
> not downloaded software
Tbf, any softwares that send your input to an external (like browsers...) should disclose like this too. The thing that sends those data is your software, not you. Otherwise, after you click on the button "Purchase" with your credit card information, the only way to not grant your software the rights to send that information is you driving to the stores and give them your credit card by yourself.
The problem here is that Mozilla has used language that is what you'd expect if the browser is sending data to Mozilla; there's no need for such language if the browser is acting purely as a user agent and sending data to the address you put in the URL bar.
Yeah, legal words are frustrating like that. When the law comes to their house, using "acting purely as a user agent and sending data" will just help them on reddit but not on court. And no, you don't always send the data to the "address in URL bar", there can be services that are in iframes or with other add-on services like their Pocket, VPN, AI chats (ChatGPT...), similar to any client softwares sending data to other services that are not their own.
That's why they use these words, which actually can include more activities inside browser
> for the purpose of doing as you request with the content you input in Firefox.
There's a reason I won't interpret serious things by myself if I face legal entities without a proper lawyer.
I feel like you're deliberately ignoring the crux of the issue: a web browser's job does not require anything remotely resembling a copyright license from the user to the browser vendor.
Yes, Mozilla has been developing and acquiring a host of other services, many of which do involve Mozilla taking possession of user data and processing it. Those services need legal policies that cover Mozilla doing stuff with your data. A web browser does not, because the vendor of the web browser does not need to know what you're doing with your copy of the browser.
Mozilla the legal entity that can be the recipient of a nonexclusive, royalty-free, worldwide license is not the same as Firefox with PID 3808 on my machine. PID 3808 does not need, and cannot need, and cannot receive a nonexclusive, royalty-free, worldwide license to anything. PID 3808 is not a legal person. This fundamental distinction between code I'm running on my machine and services provided by Mozilla is why the legal terms of use for Firefox should not be lumped in to the same document as the terms of use for Mozilla's various services.
Mozilla the legal entity does not need a nonexclusive, royalty-free, worldwide license to the comments I post to HN using my copy of Firefox, any more than Netgear the legal entity needs a license to those comments because a Netgear box is transmitting those packets.
why can't they let you opt into those services and agreements at the opt in part? There's a middle ground they are completely ignoring. The only way around it is to install a fork of firefox that doesn't have any of it.
Firefox should make it clear that Firefox (browser) will not collect, transmit, nor sell user data beyond what is technically required for interaction between the browser and other computers over networks.
Anything less and people stop using Firefox.
If other Mozilla services need broader terms, those should be separate.
I find it interesting that Mozilla actually believes that everyone of their users are idiots.
Going from "We never sell your data" to whatever those weaseling paragraphs attempt to say, is quite obvious that the users are going to be the product. And it would be better if they'd be straight about it.
I wish they'd rather say "pay us $100 a year, and you'll get a modern browser on all platform that will stop ads and make tracking difficult".
While this is confirming that Mozilla is already outright selling data, it at least DOES provide clarity on the issues around the acceptible use policy.
That language had been so broad that it forbade most use of the browser. For example, "send unsolicited communications" so no filing a bug report. "Deceive, mislead" so no playing Among Us. "Sell, purchase, or advertise illegal or controlled products or services" so no online refils of your antimigraine medication lasmiditan or your epilepsy medication (pregabalin) which are schedule V. "Collect or harvest personally identifiable information without permission. This includes, but is not limited to, account names and email addresses" so no browsing any forum where a username is displayed to you. And of course "access to content that includes graphic depictions of sexuality or violence" that rules out watching the nightly news, stream PG-13 and R movies, to watch classic Looney Tunes cartoons, to play Fortnight, and on and on.
> "send unsolicited communications" so no filing a bug report
why you think that filing bug reports in place inviting bug reports is "unsolicited communication"?
At this point, I believe, it's important to accelerate development of Servo[1], which not only provides better browser security because of memory safety (getting rid of the stupid mistakes like OOB access or UAF), but is also managed[2] by Linux Foundation Europe[3], which gives more hope from the privacy standpoint.
[1] https://github.com/servo/servo
[2] https://servo.org/about/
[3] https://linuxfoundation.eu/
> we’ve removed the reference to the Acceptable Use Policy because it seems to be causing more confusion than clarity.
Weak sauce. Mozilla ought to be apologising here, not blaming its community for being upset at Mozilla's efforts to impose restrictions on its binaries that are in direct conflict with the core principles of Free and Open Source software.
We were discussing this yesterday. [0] It's not 'confusion'. We saw what they were up to, and we weren't happy about it.
[0] https://news.ycombinator.com/item?id=43207456
This is the upside of doing what I did yesterday, which is to realize Mozilla cannot recover from this, which makes such follow-on mistakes easier to bear. The shock has been absorbed. I have installed a few alternatives and will be deleting FF as soon as possible. I will also continue to advocate for privacy and user-rights preserving software - a set that does not include anything from Mozilla. The bridge is well-and-truly burned. They had a 2% marketshare based on goodwill with privacy rights geeks, and managed to destroy it overnight. There is no recovery for them.
I use Firefox Nightly on Android, and originally had location sharing on for the handful of websites where I'm fine with sharing it. But today, my phone notified me that Nightly updated what it does with location data on the play store to include using location for marketing or advertising purposes.
Changed it to ask every time instantly, and I'm not going to be giving Mozilla nearly as much trust ever again.
Is Google paying Mozilla to sabotage themselves?
Stay in business, so monopoly arguments can be brushed aside.
But slowly erode privacy on the internet. And slowly lose user base.
They just lost a monopoly case because they paid Mozilla all that money, this theory has always made little sense and sticking to it now makes even less.
In fact, one could argue that Google losing its case is what caused this. Google provided a substantial amount of revenue to Mozilla. With that now gone, new ways(TM) to get money are needed.
They really don’t need more revenue. They are nominally a not-for-profit and in 2023, they had 250 million cash and a billion more in investments.
They’ve taken billions of dollars from Google since 2005, and now they’re turning their back on user privacy.
They spend well over 200 million a year in software development, and they've made those investments presumably expecting this revenue issue.
Building a browser is expensive, that's why there's only two of them. Even Microsoft considered it too expensive to continue.
that's true, but now google will appeal it and with the new regime in place they will withdraw the case and give google a win.
Yes, of course. If Mozilla decided to do what other user here suggested (`spend $15M on a team of 20+ highly competent full time developers for Firefox, put $450M into a trust to fund future development`) I doubt that the 500M/year would continue flowing.
they also couldn't have timed this better with the manifestv3 thing
> It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
Do I understand it correctly that they can now use everything I read or type in the browser as they please, including for AI training?
Considering that I do most of my work in webbased enail, issue tracker and other internal tools, this sounds like a direct violation of my NDA.
"It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox."
> Do I understand it correctly that they can now use everything I read or type in the browser as they please, including for AI training?
Have you requested that?
Presumably they mean that if you want to post a comment to hacker news you give them the right to do what you want them to do.
I'm presuming there's no catchy legal gotcha around the "doing as you request" clause.
That's nice and all, but most people are worried about the other "rights" this would grant them and their partners. (What they can vs what they say they will)
I'm just curious if it is possible that some former/current employees in Mozilla can just form an org, say they will maintain a fork of Firefox, and accept donation from the users that were pissed and maybe apply for some funding from EU NGI?
I get that people are hung up on the "licensing" clause, but for me it is not the most egregious part. They say elsewhere,
> Mozilla can suspend or end anyone’s access to Firefox at any time for any reason, including if Mozilla decides not to offer Firefox anymore.
This is a direct contradiction of Freedom 0, and is at best a meaningless clause (very bad in a ToS) and at worst a reframing of Firefox to be non-free, either by casting it as a service or something else.
How many times have we seen this ploy? First you have a nice policy, then you change it to something extreme that causes outrage, then you walk back most of the change saying you had legal or whatever baloney reasons to make the change in the first place and somehow couldn't wordsmith the language well enough the first time.
I don't buy it. I hope some day business schools begin teaching that this ploy is a very bad idea. And if this really is the corporate lawyers being greatly insensitive then force PR and others to review every change they make to any policies that could destroy the company.
In this instance, they haven’t walked anything back yet: rather, they’re trying to explain why they’ve done what they’ve done, why it isn’t as bad as it looks but is just a matter of others using the wrong definitions… and then demonstrating that it’s them that have the wrong definition after all, and it is exactly as bad as it looks. And that the Mozilla of even ten years ago wouldn’t have been in this bind.
They believed we misunderstood and they were very much wrong. We know what you're trying to achieve and we're telling you not to do it. I have already cancelled my existing Mozilla subscriptions and am actively looking towards alternatives that either respect my privacy better (seems like Waterfox or Ladybird are the candidates), or remain as bad for privacy as Mozilla but provide more functionality than Firefox (Vivaldi, Brave).
>there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar
Mozilla should commit to stop doing anything like that. Then we can have a nice clear Terms of Use that promises to not sell data. I think that would alleviate community concerns.
Fixed headline: Mozilla adds insult to injury by trying to PR-talk their way out of their Judas-level piece of shit license change
Each update from Mozilla about this issue has Mozilla claiming users are confused (which may be true; I don't follow the larger social media ecosystem), then doubling down on the part I'm personally concerned about.
I'm worried that Mozilla is asserting it needs a license for the information input into Firefox for Firefox to do it's job, since that's factually untrue. So either Mozilla is genuinely confused about this point, which I find unlikely, or they have some ulterior motive. I can't say with any confidence what the ulterior motive is, but I can be pretty sure there is one, and that worries me about the future of the browser landscape.
Does this new TOS also apply to Firefox as distributed in Linux distributions?
Will Debian's default browser get switched out for LibreWolf?
https://wiki.debian.org/DefaultWebBrowser
I assume not since i never agreed to such a terms and only learned about them yesterday. How on earth did we get to a point of hidden privacy policies on desktop open source software...
Submitted and helped with debugging my first bug report to Ladybird browser today. Starting to use it with as many sites as possible. I really hope it can grow to replace Firefox
People love to pile on - it's a popular modern social game.
But in this case they are damaging something especially valuable, one of the leading privacy and freedom organizations in the world, during a very dangerous time. (And also one that doesn't buy or organize an army of 'grassroots' support.)
Cui bono?
I think Mozilla has made clear that they use the data for things the user requests. If someone thinks otherwise, please quote the current language (not the language from two days ago).
They also are innovators in privacy-preserving advertising. Almost anything else on the web is much worse: it has ads and collects personal data. Not only does Mozilla not collect personal data, if they can create effective privacy-preserving advertising, they could transform privacy (again) by not only sharing this technology but demonstrating to government that the privacy violations are unnecessary for business profitability.
Yet people are throwing all that out for the energy and excitement of piling on. That's a really bad choice, as far as I can see. If that's not what's happening, why are almost all posts expressed that way? How about some reasonable, calm discussion?
Sorry, but only Mozilla is damaging Mozilla here. Anyone could have predicted that their actions these past days would be devastating to their reputation.
[flagged]
If you asked some random selection of technical people, "hey if Mozilla just went ahead and made a ToS which gives Mozilla a broad license to anything you enter into Firefox, then removed the text 'Mozilla won't sell your data' from their FAQ pages, how would people react?" I think 99.9% of people would've predicted that the reaction would be negative.
These things aren't as impossible to anticipate as you pretend. This backlash is 100% predictable, 100% Mozilla's fault, and 100% deserved.
The one thing I haven't seen in any of these threads is where privacy-conscious users are supposed to go now. Are there any viable alternatives to Firefox?
I think the closest is librewolf and holding out for Ladybird
Maybe Orion, if you trust Kagi enough?
https://kagi.com/orion/
It's webkit-based, and you can pay for it ($150 for a lifetime license).
Actually, I just tried it for a bit, but I can't recommend this right now. It crashed several times in the hour I was using it. Very unstable, along with a host of other bugs. Seems like an early alpha/beta.
Proprietary?
Yes. Webkit-based but closed source for now. And terribly unstable... I tried it for an hour just now and it crashed 5-6 times for me, including while I was filling out a bug report, lol.
We just had a thread on Ladybird that seemed positive, but I haven't tried it and so don't know what it's like as a browser.
https://news.ycombinator.com/item?id=43200604
It's in a pre-alpha state and nowhere near ready yet :(
How do you turn off getting your search history sold? You can turn off seeing the suggestions. Can you request they don't sell it though? The company they sell your search profile to could then sell that to someone else.
Where does it say your search history could be sold? They say they will use your data only to do things you request - probably you aren't requesting that.
"there are a number of places where we collect and share data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar"
These are the places they say they sell user data to be commercialy viable. Search history data is the most valuable data they could steal. Selling it for suggestions turns giving it away to companies into a feature. You can turn off 'showing' the suggestions but the feature could still be active.
and they continue to dig themselves a bigger hole
"we are selling your data, not necessarily anonymised, even though a month ago we had a text on our website said we NEVER would"
Dear Mozilla, just give an option to pay you money for a browser that does not make any compromise in privacy.
Don't care, already moved on and happy with Librewolf (https://librewolf.net/)
Seems a bit weasle-y. How hard is it to be straightforward?
I don't mind Firefox doing what it needs to to fund itself. I do mind when it seems like they try to hide what specifically that is. Saying that some places define "sell" as more broad than what you think of is a total cop-out.
Just put up a page that describes every single thing that is taken from the browser for revenue purposes. Maybe it's reasonable, maybe it's not, but it seems like everyone is defaulting to unreasonabl, so..
And the sad outcome is probably more people will go to Chrome, which 1. is already worse wrt privacy 2. if they get monopoly will absolutely destroy the open web (already busy doing what they can already get away with).
In what countries is this FAQ (removed in their PR) not seen as a legally-binding contract with all current Firefox users? It seems like a very clear contractual obligation in the US.
Contracts in the US require consideration. A promise made in exchange for nothing is not a contract because there's no consideration.
That contract is made in exchange for your willingness to use their product and your willingness to use Mozilla is what gets them big contracts from companies like Google.
I don’t think there is a contract here in most parts of the world. But maybe there’s an argument to be made for promissory estoppel e.g. by a company who moved from IE to Firefox based on these promises and spent $x moving to Firefox and now have to spend $x moving to something else in response to new information?
In reality there’ll probably be nothing from this, though I’d love to see companies get punished for walking back statements like these.
Their stance is: "The post office needs an unrestricted license to the content of your letters to transport them". This is beyond ridiculous.
More like Bic needs unrestricted access to your letters so their pen can write them for you.
From the page:
> TL;DR Mozilla doesn’t sell data about you (in the way that most people think about “selling data”)
Three paragraphs later:
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
Sharing our data with advertisers in return for money is exactly the way most people think about "selling data".
this didn't make things better
Hard uninstall. Can’t believe I’m mainling Kagi’s Orion browser. Yet here we are.
is it open-source? doesn't look like it.
if it's not, why are you putting trust on them more than firefox?
> why are you putting trust on them more than firefox?
Literally this article. I care about my privacy more than open source. And I care about honesty above both. If open source can’t deliver, so be it.
Waterfox or Librewolf aren’t viable alternatives?
The reports about this Terms of Use for Firefox pushed me to build from source and run LibreWolf. In the past, I have not been able to successfully build FireFox. Today was a breakthrough for me as I was able to successfully build and run LibreWolf. Things I like so far:
Not really. What does it provide that other browsers don’t? What must I give up? The open-source tax isn’t one I am willing to bear. That doesn’t mean it’s the case for everyone. But while it has value for me, it’s hot a hard limit.
I made the same decision earlier today. Migrating to Orion as we speak... It's frustrating because I've used Firefox since 2006 and have stuck by them and defended their decisions for decades. I still won't touch anything chrome-based, but Mozilla has sold out their customers and I cannot deal with that.
I think you made the right decision. Becoming an active Orion user will help the browser ecosystem improve, while Firefox is clearly a dead end.
Time to move on. Mozilla lost latest pieces of relevancy. Apparently, half a billion dollars per year can't get a modern browser nowadays. At least in Mozilla case.
Some higher ups at Mozilla have realised an opportunity to train an AI on user data. Theft of user data at this unprecedented scale will be covered by the fig leaf of ToS, at least it's their plan. They really belong to prison, but the gov is knee deep in the same business, and so it's not going to do anything about it.
I've said it countless times. Mozilla is the downfall of Firefox. Get Firefox out of Mozilla and the current administration, what Firefox getting better and better.
BS we're sorry you noticed announcement.
There's a few ff forks that may work for you. So far I'm quite happy with Librewolf since I migrated this morning, there's other forks that also cover Android, but there's more privacy-related research to do there as alternatives like Waterfox have past drama.
You can delete your Mozilla account here if you want to send a strong signal that privacy matters,
- https://support.mozilla.org/en-US/kb/how-do-i-delete-my-fire...
---
I'm quite concerned about the web becoming closed at this point. Bigger websites are mostly walled gardens, there's an increasingly big amount of generated crap (even before LLMs), and on top of that Chromium is the new IE, which on it's own a bit better than before since the core is open, but still a bad cherry on top, especially since the Ad push from Google. I don't want `chrome://settings/adPrivacy` on my browser as the optimal amount of ads and tracking is zero.
and on top of that Chromium is the new IE, which on it's own a bit better than before since the core is open
The original IE was closed source, yet it wasn't anything more than just a browser, and people trusted MS on that.
Its been a nice 25 years, Mozilla browser(s). So long, just another old guard leaving for new pastures here.
I cant see Mozilla surviving this. This is something monopolies get away with, not also-rans
"We were actually selling your data according to 'courts' so instead of making good on our promise to literally never do that we just memory-holed it. Not sure what the big deal is please continue to trust us."
"we never sell your data" but we actually do it...
For me, sharing my data even with "privacy preserving way" is not ok with the spirit I expected from something like Firefox.
Even just something like "someone open new tabs 50 times with your advertisement there" or "someone went to your website last Friday" is not ok to share about me and my activity!
So sad that corporate assholes took control of the project and try to confuse us with bullshit.
Hate to say it but seems Safari might be the alternative. Only missing piece is ublock origin
Unfortunately, I don't believe there are any adblockers on Safari that are very effective. I'd love to be proven wrong.
I moved from Wipr to this, have been pleasantly surprised.
https://github.com/0xCUB3/wBlock
There's also this[0] that was posted here yesterday. Haven't tried it myself, I've personally found Wipr/1Blocker to be sufficient.
[0]: https://news.ycombinator.com/item?id=43204406
I thought the initial wording/hype was around poorly phrased lawyer speak for "you give FF permission to interact (post/get requests) with a web page as a browser. Don't sue us".
The whole some may consider it "legally selling your data" proves this is not just a Terms of Use change in good faith.
Read again, they are addressing two unrelated wording changes in two separate documents.
Maybe this will provide some momentum to SeaMonkey or other browsers?
This pretty much confirms that this is what everyone thought the change was about. So we get clarity, but no actual change in course from Mozilla. Good. We now know very clearly where Mozilla and Firefox stand on privacy.
If one opted out of all the possible data collection and privacy related options, are they still able to collect your data? If yes, how does it work? Is this called client-side scanning?
Companies have been long concerned about exfiltration of data and ran MITM proxies to stop it, which ironically has been the target of propaganda about "privacy" by the browser makers.
Every home network needs a MITM proxy too.
Don't forget the push for browsers to ignore your DHCP-provided DNS server and instead get their DNS from a server outside your control over an encrypted tunnel. It's an obvious attack on stuff like PiHole, with little to no real upside for users.
If this is in reference to DoH then I found an upside. Generally, DoH servers allow HTTP/1.1 pipelining by default. This allows one to fetch DNS data in bulk over a single TCP connection. The DNS specification RFC 1035 suggests that computer users would be able to send multiple queries in a single _packet_: QDCOUNT is any unsigned 16-bit integer. The implementation of servers that can handle QDCOUNT greater than 1 has not happened. But at least with DoH I can send multiple queries over a single TCP connnection.
Once retrieved, I load the DNS data into the memmory of the "MITM proxy". This eliminates the need for DNS queries to be immediately proceeding associated HTTP requests for web pages, etc., or within some DNS cache duration period.
When I use other sources of DNS data^1, I eliminate the need for remote DNS queries altogether.
1. For example, I extract DNS data from Common Crawl data.
Indeed, it does not seem like DoH was implemented to improve life for computer users but, at least for me, it can be useful. It can also be useful for example to computer users who use remote DNS servers where their ISP is hijacking port 53.
I avoid DHCP-provided DNS and use a local copy of unbound which does DNSSEC validation. A home I control the DHCP, but everywhere else, you can get any sort of custom crap.
"Every home network needs a MITM proxy too."
I have been running one for long time now. I depend on it so much that I cannot imagine using the internet without it. It is much smaller and easier to compile than a graphical browser.
Others will have different opinions but I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies that profit from data collection, surveillance and online advertising services, and the CDNs that collaborate with them. While it can be used to protect a computer owner's sensitive data from eavesdroppers as it transits across the open internet, e.g., during "e-commerce", in practice TLS is used to conceal data exfiltration from the computer owner for commercial purposes by so-called "tech" companies. Not to mention the issue of "Certificate Authorities".
IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser,^1 but in practice it provides the most value to so-called tech "companies" that are using it to control _someone else's_ browser to allow unauthorised and/or concealed data collection and surveillance.
1. https://raw.githubusercontent.com/bambax/hntitles/refs/heads...
> I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies that profit from data collection, surveillance and online advertising services, and the CDNs that collaborate with them. While it can be used to protect a computer owners' data from eavesdroppers as it transits across the open internet, e.g., during "e-commerce", in practice TLS is used to conceal data exfiltration from the computer owner for commercial purposes by so-called "tech" companies. Not to meniton the issue of "Certificate Authorities".
I agree completely.
Google pushed HTTPS because it ensures that they are the only ones who can spy on users.
> Others will have different opinions but I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies ...
I think TLS can be helpful (for both sides of a communication), but the browser should not require it, and most servers also should not require it (but should allow it, if you deliberately choose to connect with TLS). HSTS is especially bad (I managed to disable it on my computer by using a hex editor so that the browser would no longer recognize the Strict-Transport-Security header).
Certificates can be helpful if you actually know which ones you specifically trust for a specific purpose (rather than being automatic), and if they will tell you information about a business (although as far as I know, Let's Encrypt does not do this and only verifies the domain name). However, sometimes if a certificate is changed or superseded, due to expiry, or change in ownership, etc, and it does not prevent the server operator from sending you malware; it only prevents spies from doing so. If a domain name is sold to someone else, that does not prevent cookies and other stuff from being sent, or from them adding malware, etc; however, it would be possible for end users to know the certificate to trust and avoid this problem (if a browser can be programmed to do this).
Client certificates could be helpful for authentication too, but this is rare with HTTPS (but it is commonly used with Gemini protocol). But, it does prevent someone who takes over the domain name from being able to use your information to log in, since a private key is required in order to use a client certificate.
Furthermore, the browser really should allow unencrypted proxies for encrypted connections, in order that if you deliberately want MITM then you do not need to encrypt and decrypt the data multiple times.
> IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser ...
Yes, as well as other programming languages (if a browser supports it, which most don't).
(I disable JavaScripts on my computer, except for the scripts that I wrote by myself. I did write scripts to replace GitHub's UI (in much less lines of code than GitHub uses themself), and other things.)
Yes. Any software you installed including your operating system can turn evil and copy anything off your drive.
This doomsday scenario thinking really doesn’t help the discussion.
Yup. This is almost a year exactly after they announced a "pivot" to "privacy."
At least the most useless, overpaid person in SV is finally gone and no longer collecting her $7M salary.
Not like money has ever been a problem at Mozilla - they're sitting on over $1.5B in assets, $500M or so in cash alone. That's despite a plunging market share...
> "...for the purpose of doing as you request with the content you input in Firefox"
I'm still confused about the scope of what this means. Is this post I'm writing now considered "content I input in Firefox"? If I upload an image to my own website, is that content I input in Firefox?
From my perspective, I'm not submitting anything "to Firefox", I'm submitting the content to remote servers and websites. I don't use Firefox cloud services or bookmarks or Mozilla account or anything. Even my bookmarks, I use raindrop.io at the moment.
Are we able - with the version of FF currently out - to completely disable all transmission of data to Mozilla?
Of course this might change with these announced plans, but I want to know if the current baseline can be safe to use (without patching), or whether it's already rather far-gone.
“You all read it wrong, we’re not evil really. We pinky promise. Don’t look behind the curtain.”
> in the way that most people think about “selling data”
I quite frankly am opposed to any entity selling my data, in any way, for any reason, without my explicit consent because it implies you were taking my data in the first place, which is the core issue. It's my data. Not yours. Taking it (eg, telemetry) is what I object to. You selling it, I further object to. Stop. Without exception. To both. Period. The how and why of it does not matter. Worried about the breadth of the law opening you up to liability? Then stop chasing enshittification for your own gain. Don't collect the data in the first place. Its that easy.
Not to mention the little market share they have is from people who are actively trying to avoid bullshit like that.
Safari it is.
I’ve used Netscape, the Mozilla browser, and then Firefox, so I guess I’m a long-time user. But as of today, I’m no longer using Firefox because of this.
I'm sad and disappointed that simply charging a fair price in return for offering something of value - with no other strings attached - has become so out of fashion in tech world.
Almost everyone running tech businesses seems to assume that subscriptions or data capitalism are the only way to make any money these days. But I have paid for good software in the past and I know plenty of indie developers who still sell software like a product and do OK with that model. Copies of great software like Firefox could surely be sold - for actual money - to the kind of people who value its independence, privacy, and user focus. Offer free security updates for some reasonable period similar to an LTS release. The web moves fast enough that a lot of people will want to buy upgrades quite regularly anyway just for the new features.
Firefox appears to have close to 200M active users based on Mozilla's published data at https://data.firefox.com/dashboard/user-activity. If they could get 1/20 of those users to pay them an average of $10 per year - that's less than one month of a standard subscription to a major streaming service in most Western countries - then that's $100M/year in revenues. Based on the public financial statements that's on the same scale as their subscription and advertising revenue and their annual spend on development activities.
Another possibility might be to hide some of the developer resources behind some token paywall. Almost everyone I know who works in web dev uses MDN regularly. Firefox dev tools have a lot of useful things about them. Then maybe you can even keep the main browser free and get some revenue from devs - who are mostly going to file it as a business expense anyway and whose employers benefit greatly from the continued existence and maintenance of these resources.
Sure everyone would complain - just as everyone complains about paying a few bucks for a good text or graphics editor they use for hundreds or thousands of hours per year to make 1000x the asking price. But the value is obviously there to many people. I think a lot of Firefox users in particular would probably respect the transparent attempt to keep the lights on without compromising on the USPs that make Firefox attractive to those users in the first place.
Mozilla can't be trusted to spend their money in a way that improves their browser or their market share. We will never know, but I think Mozilla would squander $100M/year from users. It makes me sad because I have been a fan of Mozilla and Firefox for most of my life.
> Mozilla can't be trusted
This is really just the core of it. I probably trust Mozilla about as much as I trust Google at this point. Leadership is non-existent. Mission and goal is lost. Pointless acquisitions galore. Wasting money on innumerable social programs.
They’ve been at this for maybe a decade at this point. I want to believe things will change, but…
Selling browsers was tried, back in the 90s. They lost to free, when the audience was much more limited. Trying to sell a browser now is an even weaker proposition to most users.
I also think you're overselling how many devs would pay for their resources. Individual contractors? Sure. But anybody salaried? My employer's response wouldn't be "sure, we'll pay for MDN & Firefox dev tools for all our devs"; it'll be "go use Chrome or Edge to debug, and use GitHub Copilot if you've got questions on how the web works". (I recognize that Copilot is crap as an MDN substitute, but the beancounters will take "we're already paying for that" over "new expense" any day.)
> Selling browsers was tried, back in the 90s. They lost to free, when the audience was much more limited. Trying to sell a browser now is an even weaker proposition to most users.
So was search.
Look at Kagi now.
> Trying to sell a browser now is an even weaker proposition to most users.
To most users yes, but a group of power users like me can make them life-changing money. I'd happily pay a monthly subscription for my web browser.
It just does not need to be a U.S. entity. Otherwise, people without a Visa or Mastercard will be left out.
Crypto is fine for this use case.
It's interesting to me the uphill battle Kagi is fighting to get people to pay for ad-free search and browsing. I wish them all the best because I think it's a fight worth having. https://help.kagi.com/kagi/why-kagi/why-pay-for-search.html
Kagi is fighting the good fight. I admire them, though I'm not yet a customer.
I stumbled upon their Orion docs, I find the following concerning:
That's fine and dandy, but I'm not an Apple user (I'm South American). I'd assume Apple is the larger user base for their U.S. customers, but outside of the U.S., Apple is not really a thing.I think if they believed there would be enough people to justify charging for the software to make that model work, they would do it. But I don't think it's actually viable, I think the number of people that would pay for firefox is much lower than you think.
Consider how many other similarly popular software programs charge small fees for their app... I can't even think of a single one. And you can only really charge for binaries, because as soon as one person gets the source, they can distribute it, and then they (or others) can make their own (free) binaries, and then why would anyone pay money anymore.
I also doubt whether that business model could work. But I don't think doubt is the reason Mozilla hasn't tried it. They won't go that route because the best-case outcome is that it becomes a sustainable but small business. They aren't interested in something that doesn't have a chance at turning into a jackpot.
I don't expect a high proportion of people would pay for a browser. My point is that if you're starting at 200M users you don't need a high proportion. You just need a loyal core of fans who see enough value to play the "whale" role and prop up the rest. Given the kind of people that Firefox has traditionally appealed to in the first place I don't think that's an entirely unrealistic scenario.
As for other apps - for my own small development businesses we have spent a lot more than $10/user on all-day-every-day development tools like text editors and diff tools. Also on several other areas like graphics, business admin and communications. For a browser and related resources that we also use on a daily basis whenever we're working on web projects it would be a very quick decision.
I don't accept your premise about only charging for the binaries. You're not going after the people who would rip you off anyway with this model. You're going after the people who genuinely value your product and want to support its continued development. They're going to pay a modest amount without much thought just as we do for several of the software packages we use - despite almost all of them having free (but not necessarily as good in our opinion) competitors available.
> They're going to pay a modest amount without much thought
Highly disagree... I think if you've been providing a free and open source product to your loyal fans for over 20 years, then suddenly start charging for it, isn't going to get people stepping over each other to hand their money over.
TLDR Firefox has been selling your data all along in exchange for ad money, but now state laws with more teeth forced them to come clean about this behavior.
I wouldn’t put it as all along; it’s only been in the last few years.
Could you quote where it says that?
Sure. It's the part right after the horizontal rule line.
> The reason we’ve stepped away from making blanket claims that “We never sell your data” is because in some places, the LEGAL definition of “sale of data” [is the transfer] of a consumer’s personal information [from one business to another in exchange for something of value].
> [...]
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
This is them saying "it's not that we've suddenly become more evil... we've been doing this for a while... we gotta make money somehow, and advertising and sharing your data is how we do that, but now state privacy laws make us have to be clearer about it".
Firefox gets almost all of its money from Google Search sponsorships and other ads. (https://www.investopedia.com/articles/investing/041315/how-m...). It's not really that different from any other adtech company. It's just one degree away, but most of that sweet user data still flows to Google in the end. Sure, they might obscure some of the PII... but so did FLoC, Google's controversial attempt to keep tracking users after third-party cookies.
Firefox is just a privacy laundering operation for Google and some smaller advertisers. Then Mozilla uses most of that money on unrelated marketing and virtue signaling, pretending like they're some sort of privacy / civil rights champion, when in reality they're not really very different from any other ad-based browser maker — except that they're horribly inefficient at using their millions. All that money and Firefox has still fallen way behind, all while Mozilla keeps pretending they're some sort of enlightened think tank. Nobody actually pays attention to any of their think-tank related work or their other services. Either as a browser maker or a privacy-oriented nonprofit, they're completely ineffective.
If Google stops funding them, they'd shut down overnight, losing 90% of their revenue. And maybe that's a good thing... it's time for a more capable org to take the reins. Mozilla has been a terrible steward, and Firefox went from the thing that saved the internet (from a Microsoft IE monopoly and the super-bloated app suite that Netscape Communicator / Mozilla Suite became) to then crumbling under the poor leadership of its lost decade.
[flagged]
I see a bunch of people saying that Firefox "needs to make money" or something to that effect, like they've never heard of free software.
When Flash was killed, enthusiasts re-implemented it entirely from scratch. I'm sure if Mozilla exploded today people would take the source code and continue maintaining Firefox. I'm aware maintaining a browser is complicated, but maintaining an operating system is even more-so, and that never stopped GNU.