Introducing a terms of use and updated privacy notice for Firefox | The Mozilla Blog
blog.mozilla.org
We’re introducing a Terms of Use for Firefox for the first time, along with an updated Privacy Notice.  Why now? Although we’ve historically relie

Not a good look for Firefox. Third partners and device fingerprinting clearly mentioned in the documents.

The move is the latest development in a series of shifts Mozilla has undergone over the past year.

The gecko engine and Firefox forks, such as Tor, Mullvad, Librewolf, and Arkenfox, are stables of private, open source web browsing.

In fact, Mozilla’s is one of the few browser engines out there, in a protocol-heavy industry that many say only corporate or well-funded non-profits can reliably develop.

What is more, daily driving the more hardened-for-privacy Firefox derivatives can be frowned upon by many sites, including your bank and workplace.

Mozilla’s enshittification leaves the open source community without a good alternative to Firefox, after years of promoting it as a privacy-friendly alternative to spyware-cum-browser Chrome.

  • fireshell@lemmy.mlEnglish
    4·
    6 days ago

    Not an exhaustive list on the Gecko engine or its forks:

    • Mozilla Firefox (Windows, macOS, Linux, Android, iOS)
    • LibreWolf (Windows, macOS, Linux)
    • Waterfox (Windows, macOS, Linux)
    • Tor Browser (Windows, macOS, Linux, Android)
    • Pale Moon (Windows, Linux)
    • Basilisk (Windows, Linux)
    • K-Meleon (Windows)
    • Midori (Windows, macOS, Linux)
    • SeaMonkey (Windows, macOS, Linux)
    • Floorp (Windows, macOS, Linux)
    • CometBird (Windows)
    • IceDragon (Windows)
    • Flock (Windows, macOS, Linux)
    • Capyloon (Windows, macOS, Linux)
    • Ladybird (Windows, macOS, Linux, Android)
    • QupZilla (Windows, macOS, Linux)
    • Zen Browser (Windows, macOS, Linux)
    • Comodo IceDragon (Windows)
    • Otter Browser (Windows, macOS, Linux)
    • OneMeaningManyNames@lemmy.mlOPEnglish
      7·
      6 days ago

      I don’t think we understand very well the threat model here. Are we talking about having a Mozilla account or the web engine itself. If you have an account they will probably start doing mining shit with it. What about activists researching certain topics then? The content browsed can be visible to Mozilla if they use their account for syncing bookmarks. That should be a dealbreaker right there. No different than Meta user-profiling the fuck out of your engagement behaviors. Now if this is NOT the case and you haven’t a Mozilla account, I assume that the version of the web engine available back at the time of the fork is exactly the same. So far so good.

      The problem is that browsers are hard, and there is a ton of web protocols to be implemented, various fixes for security, support extensions and other QOL features. WORD ON THE STREET is that tasks like these cannot be undertaken as solo/hobby projects, that funding and an organization structure is essential. The teams behind LibreWolf, Waterfox, etc have a track record of already lagging behind Firefox’s version updates. Same goes with user-profile and configuration sets like Arkenfox (if I am not wrong). You may tweak the conf all you want, but if privacy and anonymity is compromised at the web engine level, these forks will be left with little to do about it. Then the only option will be to keep using an old version of the web engine (sacrificing security and quality of life extensions), or ditching the gecko web engine altogether.

      That is why people are looking for genuine alternatives to the web engine.

  • rumba@lemmy.zipEnglish
    61·
    7 days ago

    I keep Firefox, brave, Librewolf, and Vivaldi All configured and loaded with my plugins and bookmarks.

    When Google pulled out of Firefox funding I expected them to go down a dark path.

    I don’t know that any of those choices of browsers are going to be significantly better than the others long-term. I’m also hoping for ladybug eventually.

    LW doesn’t seem to play nice with some of my sites and some of my plugins. It’s the one I want most to work. The last time I tried it, delivering pass keys out of bitwarden in it didn’t work. And that kind of makes it a no-go for me. I should try it again though it’s been at least a year.

    I’m pretty sure brave would sell my kidneys if they could. But they are the only one on the list that’s truly funded and they keep up with the Joneses on YouTube ad blocking. And there also probably the strongest browser for anti-fingerprinting at the moment.

    Vivaldi seems to work okay but it’s just a Google clone, they’ve only dedicated to not enforcing manifest V3 for “as long as they could.”

    • OneMeaningManyNames@lemmy.mlOPEnglish
      1·
      6 days ago

      I thought Mullvad was the best in anti-fingerprinting. Anyone can check their own configuration with EFF’s “cover your tracks” site.

      • rumba@lemmy.zipEnglish
        3·
        6 days ago

        They slightly edge out brave on vanilla. Once you load all of your plugins and stuff braves a little better at lying about it. To be fair they’re both close enough it doesn’t matter either one will get the job done. I usually think of mull as a leave it vanilla and use it when you need to leave no trace.

        • OneMeaningManyNames@lemmy.mlOPEnglish
          1·
          6 days ago

          Note just to be sure, Mull is a different thing than Mullvad. What you wrote makes sense for Mullvad, but I am not so sure if this is the case with Mull, the mobile app.

          • rumba@lemmy.zipEnglish
            1·
            6 days ago

            I’m only dealing with desktop browsers in this and trying to type with autocomplete from an uncomfortable position. I’m fairly certain privacy doesn’t really exist in OTC Android.

  • Rentlar@lemmy.ca
    876·
    8 days ago

    On the contrary, I think this is a responsible way to operate. The terms of use apply to the Mozilla distributed binary, not the open source version and open source forks, and I don’t think additional terms shut them out of that. The privacy policy is clear, concise as can be and links so that people can jump directly to what is being collected.

  • comfy@lemmy.ml
    632·
    8 days ago

    People are saying it is Bad News

    So, uhh, you want to tell us who is saying it’s bad news?

    • joe@feddit.org
      2914·
      8 days ago

      I have the feeling people are overreacting to anything Mozilla does these days, just to have an excuse to talk people into using (politically?) worse browsers.

      • rmuk@feddit.ukEnglish
        8·
        6 days ago

        Yeah, ususally at this point someone goes “ugh, I’m never using Firefox again because Mozilla don’t respect people any more… iT’s TiMe To iNsTaLl BRaVe!”

      • idefix@sh.itjust.works
        2·
        6 days ago

        Strangely enough, that’s what I thought for a long time but not this time. Removing the lines I saw makes absolutely no sense unless you’re selling users data, which I strongly oppose to.

        I’ve started to use librewolf, unsure if this is a good idea.

        • OneMeaningManyNames@lemmy.mlOPEnglish
          624·
          7 days ago

          This is trolling. It is beyond self-evident that the Open Source fediverse has thoroughly criticized the latest Mozilla move. I myself point out device fingerprinting and third party vendors. You respond to neither approach. You want me to do homework and quantify the sentiment on the trending Mozillla hashtag? Sealioning. Diigressing the topic of conversation? Report and block you sad impotent spook troll.

          • setVeryLoud(true);@lemmy.ca
            232·
            7 days ago

            Onus probandi.

            You make the claims, you serve the proof. You can’t point at a vague, general direction and go “here, proof!”. Especially not a social media feed, that’s the most subjective, volatile “proof” you could provide.

            Quote me the text, in its full context, where it says that Mozilla is selling the data they are “now collecting”, or that it was optional for them without degrading services. Because I can’t find it.

            All I see is data that Mozilla is required to collect to provide existing services, they are now putting it in black on white. I don’t really care what the “general opinion” is, opinions do not automatically become facts once sufficient people hold them.

            I’ve seen Mozilla do bad stuff, this is just a very standard privacy policy update. Let’s criticize them when they actually deserve it, and encourage them the rest of the time.

            Also, nice strawman instead of simply answering my question. 🥰

  • Onno (VK6FLAB)@lemmy.radio
    334·
    8 days ago

    Have you considered what is driving this change?

    Looking from the sidelines, I think it’s all about money, specifically, how to make the development of Firefox sustainable. Yes, I’m aware of the cynical view that this is about lining the pockets of the CEO, I have no evidence for this.

    I think that’s essentially caused by how we have licensed open source software and had limited resources to combat abuse at the industrial scale that silicon valley companies have monetized other people’s work.

    Bruce Perens is attempting to erect “Post Open”, but I’m not yet sure if that is going to solve the fundamental issues.

    Disclaimer: I’ve worked a little on the community standards document for the post open project.

    • tomatolung@lemmy.world
      18·
      8 days ago

      Being halfway between both sides, I can see the need for a monetary model to sustain development, yet I am challenged by the opacity that this feels like. The OP’s point that it feels like a downward slide toward principles compromise is challenging. Especially in light of the enshittification of everything lately, Mozilla needs to do a better job communicating how this is not going down that path and yet also trying to sustain itself.

      • Aelis@lemm.ee
        2·
        6 days ago

        Being halfway between both sides

        People really need to stop playing devil advocate, «Especially in light of the enshittification of everything lately». Mozilla has gone downhill for a good while now, being gentled by sweet Google money and spending it in trends far too late only to waste it, employees keep getting fired while the CEO gets a regular raise and Firefox barely got improved over the years. And now they want to jump head first into AI, way too late again, all the while we already know all AI compagnies run at a tremendous loss. Can you even call that « trying to sustain itself» at this point ? Seems surreal to me.

        All I really see is another breach of trust in a full history of mistakes, probably the last one.

        • TrickDacy@lemmy.world
          81·
          8 days ago

          Reductionism is lazy and sucks. You didn’t even read the comment you responded to, you’re just mad that not everyone is upset enough for you.

          • Coldmoon@sh.itjust.worksEnglish
            65·
            8 days ago

            No, not particularly. I’m not that upset myself, I recently switched to Librewolf. I just get annoyed at what I perceive as statements that ride the fence. Privacy is not a place to give ground on.

            • bobs_monkey@lemm.ee
              7·
              8 days ago

              Did it ever occur to you that people can have a mix of views that don’t fully conform to one ideology or another? It’s a spectrum, not riding the fence. Like politics, not everything is a team sport.

            • TrickDacy@lemmy.world
              34·
              7 days ago

              I suppose Mozilla should lock the doors and institute slave labor rather than find some way of paying their employees that might be construed by you to be giving up privacy

        • tomatolung@lemmy.world
          36·
          8 days ago

          That’s an idiotic statement. Realism or understanding what realpolitik is in a political situation is far more likely to allow you find and develop change in an organization, as well keep you from wasting your time on useless leverage points. In this case knowing both frames of reference is valuable so that action can be taken, as opposed to just writing five words.

  • Hiro8811@lemmy.world
    171·
    7 days ago

    Well it’s been a nice time while it lasted but this should be a lesson that nothing is safe from enshitification and corruption. Fortunately there are a few options till something better arrives. Personally I’m waiting for Ladybug

  • BaroqueInMind@lemmy.mlEnglish
    92·
    8 days ago

    I’m looking into Ladybird browser that everyone here is talking about and I can’t find anything about when they will release something.

    • Hiro8811@lemmy.world
      4·
      7 days ago

      Alpha will drop around 2026[site], but they have several contributors so who knows. Compiled it a few months ago at it was just a browser without engine, not sure how much it developed now but I’m hopeful

    • sleep_deprived@lemmy.dbzer0.comEnglish
      83·
      8 days ago

      The choice of C++ + Swift feels strange and off-putting to me. Swift, at least, is pretty safe as languages go, but does leave me scratching my head a bit. C++, though, frankly should have no place in a new browser project. For a piece of software whose whole purpose is to essentially download and run untrusted code, C++ is unacceptable.

      It’s realistically not gonna happen, but what I’d really like to see is Servo developed into a full browser.

      • KeenFlame@feddit.nu
        2·
        6 days ago

        Could you explain how their language choice affects the security of the software? Because it’s open source and easier to find cracks?

        • sleep_deprived@lemmy.dbzer0.comEnglish
          3·
          6 days ago

          No, the industry consensus is actually that open source tends to be more secure. The reason C++ is a problem is that it’s possible, and very easy, to write code that has exploitable bugs. The largest and most relevant type of bug it enables is what’s known as a memory safety bug. Elsewhere in this thread I linked this:

          https://www.chromium.org/Home/chromium-security/memory-safety/

          Which says 70% of exploits in chrome were due to memory safety issues. That page also links to this article, if you want to learn more about what “memory safety” means from a layperson’s perspective:

          https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/

          • KeenFlame@feddit.nu
            2·
            6 days ago

            Cool, it makes sense I guess. But why would other languages not also be succeptible to memory injections?

            • sleep_deprived@lemmy.dbzer0.comEnglish
              2·
              6 days ago

              In simple terms, they just don’t allow you to write code that would be unsafe in those ways. There are different ways of doing that, but it’s difficult to explain to a layperson. For one example, though, we can talk about “out of bounds access”.

              Suppose you have a list of 10 numbers. In a memory unsafe language, you’d be able to tell the computer “set the 1 millionth number to be ‘50’”. Simply put, this means you could modify data you’re not supposed to be able to. In a safe language, the language might automatically check to make sure you’re not trying to access something beyond the end of the list.

    • tomatolung@lemmy.world
      2·
      8 days ago

      Correct me if I’m wrong but ladybird is focused on a new browser, and not a new browser that is privacy oriented? Their language is pretty specific about donations and independence, but I didn’t catch anything that specifically denotes privacy.