I don’t understand how they are supposed to “sell your data” if you just never use a Mozilla account and uncheck all the telemetry. Its not like they can secretly steal your data, since its Open Source.
It seems to me like just more FUD that Google is spreading to undermine our trust in free software.
I would like to point out that they are free to modify the source code before building the binary they distribute. Being open source does not mean protection from secretly stealing data.
With chrome it is obvious because the closed part is called chrome and the open is chromium. But it is certainly possible to not make “stealing” magic on top public.
This is mitigated by “reproducible builds”
Does Firefox do reproducible builds? This bug report makes me think it doesn’t (at least for Linux): https://bugzilla.mozilla.org/show_bug.cgi?id=885777
But maybe they do for Windows/Apple/Android?
Not sure. But you can change that, if not
You’re right that being opensource doesn’t mean the binaries don’t include extra stuff.
However, are you seriously suggesting no one would notice Firefox transmitting telemetry? Seems unlikely.
As someone else said, reproducible builds is a great mitigating factor for this secret changes. Firefox does have telemetry, but is very transparent and lets you turn it all off (as far as I can tell anyway). Don’t want ads? Easy. Don’t want Mozilla services? Simple.
Mozilla is changing the license used for the Firefox executable/binary. The TOS will be the governing license over Firefox, the branded browser executable. It will no longer be open source, as defined by the Open Source Initiative, as users are no longer free to use the software however they want. Firefox will now be source available.
The source code for the browser, is (at least as of this comment) FOSS under the MPL2 license. People are free to recompile the browser under a different name (e.g. Librewolf, Waterfox, etc.).
This is not FUD. I read through the new TOS, Acceptable Use Policy, and Privacy Policy. Since the browser executable was governed under the MPL2, there was little concern from the open source community. I made my judgement from those documents alone.
How can Firefox not be open source if its sources are under the MPL2 ?
It has always been the case that Firefox is a trademark and you can’t distribute it under that name. However if the code is open source the project is too.Ughh, don’t make me switch my browser again…
LibreWolf my dude. Everything still works as if in FireFox.
I found it ironically frustrating that converting from Firefox to LibreWolf is harder than from literally any other browser, because there’s no import mechanism.
It wouldn’t be that hard to make a standalone tool to import bookmarks, passwords, and config settings, and would make LibreWolf a seamless transition for Firefox users. Instead, it’s a frustrating process in re-creating years of tweaks.
That’s only works so long as Firefox stays alive and in development.
LibreWolf relies on Firefox being funded, if Firefox dies then LibreWolf also dies. Tens of millions of dollars go into engineering salaries to keep Firefox up-to-date on web standards, features, and performance. LibreWolf benefits from this.
I think the painful reality is, is that the availability of good honest, privacy focused browsers are narrowing. Mozilla just had to go and make it harder. I’m personally using LibreWolf myself.
There was a post made my Mozilla years ago (I’m too lazy to find it). It was in the shadow of Chrome getting more scummy. Anyway, paraphrasing horribly, the idea was that the humble web browser was starting to become an increasingly personal decision. It represents you in ways that many people may not fully appreciate, comprehend, or understand. Your browser history tells people what you like, what you are afraid of. Increasingly, it tells corporations and governments who you talk to, where you’re going, and what you’re up to.
It’s why it’s important for a browser to be built for people, not for corporations.
It’s so sad to see how far Mozilla has gone from that stance.
So I get how challenging and annoying changing a browser is because in many ways, it’s you. It’s who you are. But, like in life, sometimes we must choose to leave the friends who bring us down. It hurts, it sucks. But it’s the way of life.
I’ve spent a good part of this morning switching things over to Waterfox. It’s not perfect. There are gaps and for some reason, I can port over Chrome and Edge profiles but NOT firefox profiles. But sometimes a fresh start is good too.
Ironically, I just made [email protected] last night, haha.
Is there one for LibreWolf ?
Subbed! And made the first post!
Why this not librewolf
Because I am but one man. 😂
Waterfox was what I noticed first. If waterfox didn’t work out, it’s next. Followed by ladybird.
I’m a software developer, and understand the technicalities and options available to me. I am capable of forking Firefox and make myself a custom build with anything I don’t like stripped out. (Capable of, not wanting to.)
They removed “We don’t sell your data and we never will” from their FAQ and they added “We may sell your data” to the ToS.
I am unhappy about this change. It is a clear sign that the people in charge of Firefox want to sell user data, and that the irrecoverable enshittification path has been chosen. It means that at some point in the next few years, I can’t trust Firefox’ with my privacy. And they sure as fuck don’t have anything else going for them: The browser eats memory and freezes my camera during video conferencing, and is plain not supported in some of the software I use at work.
The rationale is probably something entirely reasonable, like “While we do not intend to sell user data, the phrasing was too vague and not helpful. What is selling, and what is user data, really?” An organization with strong privacy values would be so far from anything “bad” that the phrasing as it was would not be a problem for them.
It’s irrelevant that right now privacy settings and xyz and telmentry is clear and opt in etc. Because the point is that they are gearing up to change that. The settings will be less clear, user data will be separated into shit like “operability assistance”, “personal information”, “experience improvement metrics” with some of it enabled by default because, etc.
They removed “We don’t sell your data and we never will” from their FAQ and they added “We may sell your data” to the ToS.
“Never” has a very clear and definite meaning. By undoing “never,” I feel like the Mozilla foundation is inviting a class-action lawsuit.
“and we never will”
this should imply something that cant be changed. Such empty words should no longer be even considered no matter who says them, unless its paired with enforceable punishment for breaking the word
The rationalization they have given is that legally, they may have been seeking data all along, as some jurisdictions define it extremely loosely.
For example, if you use their translation feature, they are sending the page your looking at (data) to a third party, which provides a benefit to Mozilla. Thats technically a sale in some laws, but most would agree that is acceptable given the user asked for it to happen.
https://blog.mozilla.org/en/products/firefox/update-on-terms-of-use/
The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
I’m overall concerned with Mozilla, but not sure this is malicious yet. But definitely needs to be closely scrutinized.
The rationalization they have given…
Anything you say after this point is irrelevant. (Nothing personal, though.)
As soon as a company has to rationalise their legal back-pedalling, it is explicit evidence that they are intending to do wrong.
This will not end well.
Something to note, however, is that the new terms apply to the browser as a whole. If it was due to some of the opt-in services the browser includes (sync, account, translation, etc.), they could have specified the terms apply to those services instead.
Agree this isn’t necessarily malicious yet, but it definitely is not beneficial to users.
I love how California basically defines a sale as “exchanging things for money” and Firefox is like, “its such a craaazy world we can’t even agree on the definition of exchanging things for money out here! Some call it a ‘sale’ apparently, so if we’re gonna exchange your data for money I guess we have to call it a ‘sale’… Stupid California, changing things to mean what they’ve always meant”
Its even more broad than that, because its any exchange of data for valuable consideration. No money has to change hands, but if it benefits FF, its a sale. And the benefit could simply be “if we do this we will function correctly as a browser”.
Here’s the crux of the problem.
Mozilla went from “explicitly not malicious” to “probably not malicious yet.”
What’s next?
Yup. And it doesn’t help that they have been throwing away good will for a while now, with their crypto/AI/etc bandwagon jumping. They are still the least worst option, as I dont trust the forks either, but its getting hard to trust them.
The privacy centric way for Mozilla to have address this would have been to:
- acknowledge laws in certain countries have changed
- Due to those new laws, the definition of “sell” has changed and Firefox may no longer be in compliance with their desire to keep your data private
- Commit their desire to take the necessary steps to keep new versions of Firefox in line with their original vision
- update the “we will not sell” definition to within the jurisdiction of the United States, or indicate that the definition of sell may be different in different jurisdictions
- make the necessary extensions to jurisdictions where they were “selling” user data, self reporting where necessary
Yup, its been terribly handled. Dunno if it was driven by a panicy lawyer, but those steps would have been much better. At a minimum, that blog post should have come first.
The current intention may not be malicious, but it leaves the way open for changes that are to slip in. If they were worried about services like translation being concidered ‘sales’, which is a reasonable concern, they should have split them out of the core browser into an extension and put the ‘might sell your data’ licence on that.
Yeah, its definitely wide open for abuse now. But the California law also seems way too vague as well. What about DNS lookup? That takes a users input and transfers it to someone else, is that a “sale”? Can hardly start separating that out of the browser? Http requests? Its all users initiated, but is it a “sale” in California? Not a lawyer, haven’t a clue.
DNS is fine as the exchange has to be for “monetary” or “other valuable consideration” to be considered a sale. The issue seems to be that Mozilla were profiting off of things like adverts placed on the new tab page, and possibly from the translation service too.
I’m not a lawyer, but “other valuable consideration” seems very broad. For DNS, getting the returned IP address is valuable. Ditto for http, getting the returned webpage is valuable?
I only suggested the translation thing because it (imo) fell under a “transfer of data for value provided”, which makes it a sale?
We’re all keyboard warriors with opinions.
I’ll get downvoted to hell for this, but I honestly feel like right now it is a nothingburger.
Will I continue to keep an eye on the things they do? Yes. Does their CEOs work history bother me? Yes. Will I keep using it and just keep tabs on settings and extensions? Yes.
Maybe. Not everyone is just going to ignore this, though.
I waffle between Firefox and other browsers, depending on how tolerant I’m feeling. Not using Firefox is more work. Sometimes I’ll spend a week or two with Firefox up, but normally, I’m in Luakit.But when I hit that web site that just doesn’t work with WebKit, I hop over to FF for it. Now, with this, I’ll probably start jumping to Nyxt which - while also WebKit - seems for some reason to work with more sites. Nyxt is faster, too; luakit is really slow and has a persistent scrolling bug that drives me nuts. But Nyxt hard-hangs multiple times during each hour of its, requiring a kill -9 and restart, so … Luakit.
Like I said. It’s harder to not use Firefox. But this change in policy is enough to make me change my habits and use something else when I have issues with Luakit. Or surf. Or vimb. Or whatever I’m fancying this month. Problem is, they’re mostly WebKit, and while in grateful for it, it struggles with many web sites - and especially the JS heavy ones.
I agree if it gets bad they will just resurrect Icewessle once again.
Librewolf is basically that. It’s pretty good ngl. I don’t have to spend a half hour reconfiguring Firefox like I do in new setups.
Yeah unfortunately it’s not in the debian Repo and I don’t like adding in 3rd party repos if I can help it but thanks for the info in case I get desperate
The problem is that a reduction in trust correlates to a reduction in users. A reduction in Firefox increases Chromium’s dominance on the web, which is a near monopoly already. A monopoly on web renderers in turn is bad for open web standards.
People worried about Mozilla surely won’t migrate to chrome, will they?
Nobody can fucking win with either option anymore.
So you’re disgruntled with Mozilla now, so you hop to Chrome. But you learn that Chrome has neutered the way you were once able to have dodged ads. Whoops! Now that’s a problem, in addition to knowing how data-hungry Google has been for a while.
What’re you left with? Edge? Edge has recently announced that it too neutered ad-blockers and it’s not open source and they’re just as data-hungry because now you’re dealing with Microsoft.
So now Firefox, Edge and Chrome are all off the table now because they all went the route of enshittification.
Opera? Can’t trust opera because of it’s ties to a chinese company so that’s either here or there. Chromium? Back to dealing with Google again! Brave? The CEO is an asshat, targeted ads, cryptobullshit .etc
All that we’re realistically down to is just Firefox forks. IceDragon, Weasel, LibreWolf and all of them. Plenty of options but updates and development varies.
What choice…
Nah. There’s loads of great privacy browsers based on Firefox
Of course they would. Not everyone reasonable of course, but people are terribly stupid by default, even if they somehow stumbled into Firefox for some reason before.
There are people that say stuff like “better the devil you know” or “if I compromise privacy either way, might as well use the more supported browser” or whatever rationalizations people come up with.
Why not? Or at least if people are choosing a browser they might not see the benefits of Firefox and just see that chromium is more spread and thus more compatible and “user friendly” (whatever that means). If Firefox isn’t better than chrome, why not switch over to the bigger one…(?)
It’s been a few steps in a concerning direction by them recently. As of right now, it’s still OK to use IMO but I’m sincerely hoping this is the extent of it, or even that they row back some of the recent changes.
However, I still want it to exist because its the only viable alternative at the moment to Google’s dominance. Yes there are plenty of forks (two of which I use) but they still rely on Firefox as the core product. I don’t think any are hard forks (or am I wrong?). I’m very uncomfortable at the thought of using a browser thats based on Chromium and/or unable to run the full version of UBO or have Containerised tabs.
Mozilla just can’t stop taking Ls. This new and unnecessary development is another one.
Putting a local LLM into a product that doesn’t need it, just like other businesses do, is just one step too far for me. I hate this AI trend with a passion.
Good thing that Firefox is open source so that we can just switch forks.
Putting a local LLM into a product that doesn’t need it, just like other businesses do, is just one step too far for me. I hate this AI trend with a passion.
Seconded, the pushing AI trend is just off putting and is something that literally no-one asked for. It reminds me of that brief trend of 3D TVs.
Actually translations are great and they were needed.
you don’t need AI for automated translations though.
There is no ai in ai, it’s just a program. In case of firefox translations it was made specifically for machine translation and later adapted to use with firefox browser.
There is no ai in ai, it’s just a program.
well duh. But why is Mozilla investing in LLM research then?
How does having an AI-chat feature in a browser diminish it’s quality? No one’s forced to use any feature.
Where does I say that it diminish it’s quality?
Also the you don’t have to use it, is a weak argument not even for or against it.
Also the you don’t have to use it, is a weak argument not even for or against
“Our pizza now comes with a topping of human feces!”
“Ew”
“What? Just scrape it off if you don’t like it”
exactly.
I think the rest have explained it better, but I use a Mozilla account and I kinda trusted them, not so much anymore. I dont know if I’m a minority, I found this feature very useful.
I will probably keep using firefox until it goes too bad for my taste and switch to a fork and self-host a sync server
Well, I never used the sync feature, if I ever need to save urls, I’ll just store it in Standard Notes or something. I also uncheck all the telemetry. I guess I’m unaffected by their ToS change.
If all you’re doing is “unchecking” then there’s more you’re missing:
https://github.com/K3V1991/Disable-Firefox-Telemetry-and-Data-Collection
The whole advanced configuration settings in
about:configare probably never seen by the majority of users. Ultimately though, you’re right: for the most part, privacy-focussed forks aren’t offering anything that you couldn’t manually configure for yourself in mainline Firefox, assuming you have the time, energy and interest.Certainly, if you’re in the habit of policing all of these relatively undocumented flags with each update to be sure you haven’t been opted in to any telemetry you don’t know about and assuming that all of it remains optional, you’re absolutely unaffected. However, they now have a license to everything you do within Firefox which they state they will only use to “help” you. Does training their AI model to make targeted suggestions to users count as “helping”?
On another note, taking back a promise not to sell users’ data, even if your personal data is protected because you rigorously police the
about:configpage, is not something many people are enthusiastic about. Just because I’m safe, doesn’t mean everybody else is.Hm I see, I have sync to keep my history and bookmarks synced across devices (also helps easily share urls among devices)😅
the people freaking out are reading social media takes written by other people freaked out over other social media posts written by yet more others who are freaked out after not reading and fully comprehending the full policy documents…
I read the git history changes and while I generally think it’s somewhat of a nothing burger for savvy users, it is a scummy move that alienates their core user base at a moment in time where they were best positioned to expand their user base.
