Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Testing an Opt-Out System For Firefox Telemetry Collection (bleepingcomputer.com)

Posted by BeauHD on from the data-choices dept.

An anonymous reader writes: "Mozilla engineers are discussing plans to change the way Firefox collects usage data (telemetry), and the organization is currently preparing to test an opt-out clause so they could collect more data relevant to the browser's usage," reports Bleeping Computer. "In a Google Groups discussion that's been taking place since Monday, Mozilla engineers cite the lack of usable data the Foundation is currently receiving via its data collection program. The problem is that Firefox collects data from a very small fraction of its userbase, and this data may not be representative of the browser's real usage." Mozilla would like to fix this by flipping everyone's telemetry setting to enabled and adding an opt-out clause. Engineers also plan to embed Google's RAPPAR project [1, 2] for anonymous data collection.

35 of 227 comments (clear)

  1. User data to valuable to opt out by Anonymous Coward · · Score: 2

    Firefox, faced with a shrinking user base after the extension extinction event that is Firefox 57 will monetize it's remaining users. Mozilla knows there are no good alternatives, Opera, Chrome, Microsoft, Apple, Vivaldi, Pale Moon all track users data in some way so they can get user data for money.

    1. Re:User data to valuable to opt out by courteaudotbiz · · Score: 4

      If at least there is an actual option to opt out, that's still good news. Cause the only remaining users of MozFF are techies, so at least we can check or uncheck the necessary checkboxes.

      Ever tried to opt out of anything using Chrome?

    2. Re:User data to valuable to opt out by courteaudotbiz · · Score: 3

      even if it takes a bit of work

      Key point here. On Mozilla's side, they say they will let you opt out easily.

      Still, there are a number of alternatives (Waterfox that is FF based with telemetry stripped from the source and Palemoon) that do not collect data at all.

    3. Re:User data to valuable to opt out by fustakrakich · · Score: 2

      That's what provoked the creation of Firefox (originally conceived as Netscape lite), but they blew it. The application suite runs just as fast as any "pure" browser out there, and it hardly occupies any more space. And with almost 20 years of user interface stability, there's just nothing better. It's not an "alternative", it's the primary, not to be judged by its market share (or lack thereof).

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:User data to valuable to opt out by JohnFen · · Score: 2

      If 57 turns out to be as bad as it appears, Seamonkey will be one of the things I evaluate in my search for a new browser.

  2. In Other Words... by Anonymous Coward · · Score: 5, Insightful

    Not enough people were choosing to compromise their privacy, so we're going to do it for them.

    1. Re:In Other Words... by thereitis · · Score: 3, Insightful
      And yet Mozilla criticizes other organizations for their privacy. I guess Mozilla is just behind the curve and finally realizing the "goodies" that can be had simply by compromising their values like everyone else.

      Soon Mozilla will not have anything to differentiate them from everybody else.

      I guess you can tell a company's true character by their actions when hard times come.

  3. Trust comes on foot but leaves on horseback by Errol+backfiring · · Score: 4, Informative

    Yet another reason to switch to Pale Moon if you haven't already done so.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    1. Re:Trust comes on foot but leaves on horseback by raburton · · Score: 2, Informative

      Not really. They is a good rational for doing this, they are discussing it publicly and the opt-opt will be clear and easy. This is how you develop trust.

    2. Re:Trust comes on foot but leaves on horseback by QuietLagoon · · Score: 3

      ...They is a good rational for doing this...

      No, there isn't.

    3. Re:Trust comes on foot but leaves on horseback by Luckyo · · Score: 2

      Pale Moon has its extinction event earlier. Already killed jetpack add-ons, for no reason other than "well other people should just remake their add-ons for us".

      It went from solid alternative to firefox to firefox-lite with serious problems due to ridiculous engine change with all the same "developers full of themselves telling everyone else to change to fit their idea on how browser should work"-problem.

    4. Re:Trust comes on foot but leaves on horseback by 0123456 · · Score: 3, Interesting

      You develop trust by not spying on your users.

      I still use Firefox because NoScript, but I can't see myself still using it a year from now, the way things are going.

    5. Re:Trust comes on foot but leaves on horseback by spire3661 · · Score: 2

      You are confusing listening with spying. Listening in this context is supposed to mean a conversation where both parties have to read and interpret each others thoughts to come to a mutual understanding. Its a give and take between 'peers'. This is not what Mozilla is interested in. They want to build a package to sell to others, period. That doesnt involve 'listening', it involves doing things the user has already expressly told you not to. Its the opposite of listening.

      --
      Good-bye
    6. Re:Trust comes on foot but leaves on horseback by AmiMoJo · · Score: 2

      They tried what you suggested, looking at small numbers of users in detail. This is to get an overview and look for larger trends, like how many people install add-ons that bring back the old UI or enable hidden preferences in about:config.

      I wouldn't turn it on myself, but especially if it was opt-in it would be a legitimate way of collecting data.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Re:Fork, here we come by ArhcAngel · · Score: 4, Interesting

    Jumped to Waterfox several years ago. At the time it was the only 64 bit version of FF code but it has matured and while it still follows FF core it didn't disable plug-ins and it strips out tracking.

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  5. Re: If they made it opt in by Anonymous Coward · · Score: 2, Insightful

    Huh? Telemetry is currently opt-in, not opt-out, except for beta builds. Your post doesn't make sense, because that is how Firefox is currently configured.

    I don't have a problem with betas collecting telemetry on an opt-out basis. I think it's more reasonable to expect that a developer would want to collect more data from versions that are likely to include new features and are explicitly built for testing purposes.

  6. How did companies survive before extensive spying? by QuietLagoon · · Score: 4, Insightful

    It is amazing that we have developed as a civilization in the days before all this privacy-busting data collection.

  7. Oxymoron alert! by QuietLagoon · · Score: 5, Funny

    ...Engineers also plan to embed Google's RAPPAR project [1, 2] for anonymous data collection....

    Using the word "google" with the phrase "anonymous data collection" may invoke laughter. And disbelief.

  8. Re: If they made it opt in by Anonymous Coward · · Score: 2, Insightful

    Huh? Telemetry is currently opt-in, not opt-out, except for beta builds. Your post doesn't make sense, because that is how Firefox is currently configured.

    Because, this is Slashdot, so whatever Mozilla (and many other companies) do is automatically wrong, even when they do the thing we bitched about them not doing previously

  9. Re:Fork, here we come by Merk42 · · Score: 2

    Yes I'm eagerly awaiting SlashFox because everyone here seems to know how to make the perfect browser.

  10. Re:Fork, here we come by GrBear · · Score: 2, Informative

    The feature list doesn't need to be long, nor complicated.

    Render HTML5 and CSS properly, bookmark support, built in ad blocker and sandboxed from the OS. Everything else is unnecessary and simply bloatware.

  11. Odd PR move in the wake of what's coming by bjdevil66 · · Score: 5, Interesting

    My first response: They're about to kill its best, remaining feature in the minds of many, and now they say, "Let me spy on you."

    But I ultimately get what they're trying to do. After all this online complaining, they may finally be having to accept that they really need to know more about how people use their product. Considering how many people here have complained about how the Mozilla devs "don't know what we really want!! Why are they doing X??", this should be something they should consider doing.

    Sounds like they're damned if they do, damned if they don't. Maybe us complainers should look in the mirror and realize we may be one of the toughest crowd of browser users in the world to please. "No, you can't collect my data!.... Wait - Why are you removing X? I USE THAT FEATURE! Don't you know that about your users?

    Maybe that's why Google Chrome has outstripped Firefox over the last several years when it comes to user base size. They KNOW what most people want, even if we don't like to admit to everything we want?

    I'm a loyal Firefox user - and I'll probably still opt-out while I grumble about losing most of my add-ons. But I won't honestly be able to say that Firefox's eventual demise will be on the Mozilla Foundation alone.

    1. Re:Odd PR move in the wake of what's coming by 0123456 · · Score: 2, Insightful

      Firefox started losing market share the moment they switched to the 'release every five minutes and don't allow users to stick to old versions' model.

      Then, when people pointed out that it was a disaster for business users, that developer said 'actually, dude, we really don't care about the business market'. That was pretty much the point that all the businesses I'm involved with stopped using Firefox and switched to Chrome. That then led to employees switching to Chrome at home.

      Then they had the SJW debacle, where they forced Eich out of the company, and everyone to the right of Lenin who was still using Firefox started to look for alternatives.

      They have no-one to blame but themselves.

    2. Re:Odd PR move in the wake of what's coming by sinij · · Score: 3, Funny

      The next day after telemetry collection goes live:

      Firefox now renders porn 1000% faster using 50% less memory and supports up to 999 tabs. Every other feature was removed.

  12. Firefox engineers obviously aren't happy... by hyades1 · · Score: 2, Interesting

    The constant update cycle, trying to become Chrome-but-worse, disabling treasured extensions and plugins, all of these tactics and more have cratered Firefox's market share, but some people still apparently have it installed on their system.

    Clearly, these few remaining miscreants must be driven away as fast as possible. Default collection of private data should do the trick!

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  13. What telemetry would be acceptable? by pr0nbot · · Score: 3, Interesting

    The knee-jerk reaction is that all telemetry is a privacy nightmare.

    As a thought experiment, what kind of telemetry might be acceptable?

    For example, suppose it were 2 integers collected weekly:
    * number of HTTPS sites visited
    * number of HTTP sites visited

    Unavoidably, there would be metadata: IP address and date/time of data collection. So as well as the intended analytics ("what proportion of the sites users are visiting are HTTPS sites?") it would be possible to build a per-IP profile of number of sites visited over time.

    Is this level of telemetry unacceptable?

    If it is acceptable, then we've established that it is not telemetry per se that is bad but rather the data being collected.

    Ongoing telemetry would require trust ("when I consented you were collecting two integers, but now you're collecting all sorts of other things") unless totally transparent, but perhaps even with total transparency the burden of verification that then falls on the user is too onerous.

    I wonder if there could be a role for someone like the EFF to be the guardian of telemetry info, i.e. Firefox sends telemetry data to the EFF and they then decide whether it's ok or not, or anonymize it (e.g. strip out IP addresses in the above example), before sending it on to Mozilla. Of course, they'd want to be paid for this service, and since users reject the notion of paying for a browser the obvious payer would be Mozilla, but that creates moral hazard. Given that it'd be a public good, the government could run and/or fund it, but I suspect there's a large overlap between the set of people who have a problem with telemetry and the set of people who distrust their government.

    1. Re:What telemetry would be acceptable? by JohnFen · · Score: 2

      what kind of telemetry might be acceptable?

      That entirely depends on who is collecting the data. With some organizations, such as Microsoft or random developers that I've never heard of, there is no amount of telemetry that is acceptable to me at all.

      With others (I used to count Mozilla among these, but I'm not so sure anymore), I have enough trust in them that I'm OK with quite a lot of telemetry.

      There are also things that are never OK no matter who you are: lists of files on my system, what applications I have installed or run, the contents of any file that the application does not own, etc.

  14. Static or not? by tepples · · Score: 2

    Firefox is used to visit WEBPAGES.

    This is likely to run into a definition dispute, sometimes called "no true Scotsman", "misunderstood word", or "Layne's Law". To avoid this, we need to clarify something first:

    "WEBPAGES" means "HTML documents", which are parsed into a DOM that is styled with CSS and edited in response to user actions with JavaScript. Is this what you meant? Or do you specifically refer to static HTML documents, whose only forms of user interaction are navigation, form submission, and checkbox-hack hiding and showing?

  15. Firefox's privacy policy scares the heck out of me by Anonymous Coward · · Score: 5, Informative

    Anybody who claims that Firefox protects their privacy probably hasn't actually looked at Firefox's privacy policy.

    Below are some excerpts from the Firefox privacy policy that is dated July 31, 2017.

    Be sure to notice the type of information being collected and possibly even transmitted to third parties (including Google, some "Leanplum" company, a "mobile analytics vendor", and "certain developers"). We see terms like:

    • - "IP address"
    • - "browser version"
    • - "operating system"
    • - "locale"
    • - "language preference"
    • - "list of add-ons you have installed"
    • - "phone number"
    • - "email address"
    • - "URLs associated with the downloaded file"
    • - "hardware configuration"
    • - "commonly visited domains"
    • - "location"
    • - "the active URL"
    • - "Google advertising ID"
    • - "personal information"
    • - "key word searches"
    • - "Wi-Fi networks"
    • - "cell phone towers"

    Here are the excerpts:

    Once per day, Firefox sends the following info to Mozilla when it checks for browser updates: your Firefox version information, language preference, operating system, and version.

    Firefox contacts Mozilla once per day to check for add-on information to check for malicious add-ons. This includes, for example: browser version, OS and version, locale, total number of requests, time of last request, time of day, IP address, and the list of add-ons you have installed.

    About once per day, Firefox connects to Mozilla and provides you with new snippets, if available. Mozilla may collect how often snippets are clicked, snippet name, browser locale, and which version of Firefox you're using.

    Firefox sends Mozilla a monthly request to look up your location at a country level using your IP address.

    Some Mozilla sponsored snippets are interactive and allow you to optionally share your phone number or email address.

    This data includes, for example: device hardware, operating system, Firefox version, add-ons (count and type), timing of browser events, rendering, session restores, length of session, interaction with search access points and use of Firefox search partner codes, how old a profile is, basic information about errors and crashes, and count of pages.

    Firefox sends to this third-party information identifying the site's certificate.

    About twice per hour, Firefox downloads Google's SafeBrowsing lists to help block access to sites and downloads that are malicious or forged (Google's privacy policy is at https://www.google.com/policies/privacy/).

    Firefox may send metadata, including URLs associated with the downloaded file, to the SafeBrowsing service.

    Usage statistics or "Telemetry" is a feature in Firefox that sends Mozilla usage, performance, and responsiveness statistics about user interface features, memory, and hardware configuration. Your IP address is also collected as a part of a standard web log.

    Firefox sends to Mozilla data relating to the tiles such as number of clicks, impressions, your IP address, locale information, and tile specific data (e.g., position and size of grid).

    In Firefox Beta, certain short-term Telemetry experiments (see above) for Tiles may collect information about commonly visited domains.

    Firefox sends Mozilla a request once to look up your location at a country level using your IP address.

    Firefox may send the terms you type in the Awesome Bar or Search Bar to your

  16. HTML, CSS, bookmarks, and no JS? by tepples · · Score: 2

    I'm assuming that your preference to omit "Everything else" implies omitting JavaScript. If so, then what do you prefer to replace JavaScript?

    Web applications ought to run server-side Good luck having to click-wait-click-wait-click on server-side image map, with a full page reload each time, in order to use any web application with substantial interaction. Web applications that require JavaScript ought to be rewritten as native applications Not only does a native application tend to have even less "sandbox[ing] from the OS" than a web application, but it also works on only one operating system family. Even if using a multi-platform library such as Qt, the developer still needs to acquire an instance of each target platform on which to test each executable. Expect to see a lot more notices to the effect "Sorry, this application is not available for [your OS]. If you want to see this application on [your OS], please contribute to our crowdfunding campaign."
  17. Re:How did companies survive before extensive spyi by JohnFen · · Score: 2

    Indeed. I always cringe when telemetry is represented as "critical" in some way.

    Even setting aside the politics of privacy, it's far from clear to me that telemetry has been, on the whole, all that much of a benefit in terms of software quality. Generally speaking, software quality has been declining for years, and I often see objectively bad decisions being made on the basis of telemetry.

    Good use for telemetry: getting a better understanding of how your software is malfunctioning. Bad use for telemetry: using it to make or justify "user experience" decisions.

  18. Re: Simple question by JohnFen · · Score: 2

    When settings like telemetry are on a preferences page, average users won't navigate to the page.

    Yeah, I've noticed this myself. It baffles me a bit, because when I use a program for the firs time, the very first thing I do is examine everything on the options pages.

    But then, the first thing I do when I get a new appliance or device is read the instructions (often before completely unpacking it), so I'm admittedly a freak.

  19. Implementation by Rick+Schumann · · Score: 2

    If the 'opt out clause' just means I have to go into settings and uncheck some boxes, and Mozilla otherwise isn't going to pull any Microsoft-level bullshit like quietly countermanding me again when I'm not looking, then that's fine.

    If, on the other hand, they do something nasty, like remove the checkboxes entirely, and make you jump through a bunch of hoops to 'opt out', and then you have no way of independently verifying your 'opt out' choice has been taken seriously, then I say "screw you, you bastards, you have become everything you hate".

  20. Re:Fork, here we come by G00F · · Score: 2

    I don't know how to make the perfect browser. But the browser I want is one that I am in control of my PC. Not some website, not the adds, not the virus or other badware.

    Firefox without addons does better than others(with things hidden in about:config). And with 2-5 choice addons it's the best in having users in control. I don't give my parents and friends things like ublock/umatrix/noscript, but insted give them Disconnect(or ublock using limited lists).

    People don't need to know hot to make what they want, (Although other forks like The Palemoon and Waterfox exist). They do know Mozilla is not only ignoring but moving away from what they want.

    --
    The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
  21. Mozilla has a fundamental problem... by QuietLagoon · · Score: 4, Interesting
    The Firefox developers apparently have a very different vision for Firefox than the Firefox users do. This is evidenced by the declining market share and the bloating of Firefox with unwanted "features" that do little to enhance or make more efficient the browsing experience.

    .
    Privacy-busting data collection is not going to fix that problem, as the data will more than likely be interpreted by the developers to confirm their misdirected vision.

    Instead of data collection (something that is done because it is easy, not necessarily the proper solution), the Firefox developers need to take a step back and look at their vision for Firefox. That is the conversation that needs to take place with the Firefox users.

    Offhand, I'd say that priority #1 is that the Firefox users don't want Firefox to continue on the goal of turning into a Chrome clone. With the addition of data collection, that goal is almost met.

    I could go on, but I doubt if anyone is reading, they're probably drooling over all the data they will be collecting soon.