I don’t understand how they are supposed to “sell your data” if you just never use a Mozilla account and uncheck all the telemetry. Its not like they can secretly steal your data, since its Open Source.
It seems to me like just more FUD that Google is spreading to undermine our trust in free software.
I’m a software developer, and understand the technicalities and options available to me. I am capable of forking Firefox and make myself a custom build with anything I don’t like stripped out. (Capable of, not wanting to.)
They removed “We don’t sell your data and we never will” from their FAQ and they added “We may sell your data” to the ToS.
I am unhappy about this change. It is a clear sign that the people in charge of Firefox want to sell user data, and that the irrecoverable enshittification path has been chosen. It means that at some point in the next few years, I can’t trust Firefox’ with my privacy. And they sure as fuck don’t have anything else going for them: The browser eats memory and freezes my camera during video conferencing, and is plain not supported in some of the software I use at work.
The rationale is probably something entirely reasonable, like “While we do not intend to sell user data, the phrasing was too vague and not helpful. What is selling, and what is user data, really?” An organization with strong privacy values would be so far from anything “bad” that the phrasing as it was would not be a problem for them.
It’s irrelevant that right now privacy settings and xyz and telmentry is clear and opt in etc. Because the point is that they are gearing up to change that. The settings will be less clear, user data will be separated into shit like “operability assistance”, “personal information”, “experience improvement metrics” with some of it enabled by default because, etc.
“and we never will”
this should imply something that cant be changed. Such empty words should no longer be even considered no matter who says them, unless its paired with enforceable punishment for breaking the word
The rationalization they have given is that legally, they may have been seeking data all along, as some jurisdictions define it extremely loosely.
For example, if you use their translation feature, they are sending the page your looking at (data) to a third party, which provides a benefit to Mozilla. Thats technically a sale in some laws, but most would agree that is acceptable given the user asked for it to happen.
https://blog.mozilla.org/en/products/firefox/update-on-terms-of-use/
I’m overall concerned with Mozilla, but not sure this is malicious yet. But definitely needs to be closely scrutinized.
Here’s the crux of the problem.
Mozilla went from “explicitly not malicious” to “probably not malicious yet.”
What’s next?
The privacy centric way for Mozilla to have address this would have been to:
The current intention may not be malicious, but it leaves the way open for changes that are to slip in. If they were worried about services like translation being concidered ‘sales’, which is a reasonable concern, they should have split them out of the core browser into an extension and put the ‘might sell your data’ licence on that.
Yeah, its definitely wide open for abuse now. But the California law also seems way too vague as well. What about DNS lookup? That takes a users input and transfers it to someone else, is that a “sale”? Can hardly start separating that out of the browser? Http requests? Its all users initiated, but is it a “sale” in California? Not a lawyer, haven’t a clue.