Remember that the enemy of my enemy is my friend (or, "Don't attack your teammates")

Hi @GaelDuval,

I was pretty disappointed when I read your retweet this morning: https://mobile.twitter.com/gael_duval/status/1222072347076841472

I thought that, after your experience of living and working through the onslaught of FUD-spreading that Microsoft did against the FLOSS community in the 90s/00s, that you would know that this approach isn’t going to get us anywhere. And you expressed similar in a thread recently: Long-term plan for /e/ official app store

Why, why, why, are so many FLOSS enthusiasts so against Mozilla? The most successful FLOSS company, which truly embodies the FLOSS spirit by doing its development in the open, producing proper copyleft code and collaborating with the community. The company that did more than any other to keep the web open, which fought back against Microsoft’s FUD against open-source and broke their monopoly on web browsers as well as fighting to ensure that the web follows open standards*. Mozilla has done more than any other browser vendor (except TOR, if we consider that project a “vendor”) to improve our online privacy and protect us.

That article you retweeted is basically saying “Look, Mozilla says this is white but we believe it is black” with nothing to back up their claims other than their personal opinion. Mozilla are totally open about what data they are collecting (https://www.mozilla.org/en-US/privacy/firefox/) and if we don’t believe them we can check the source code. Open Firefox and go to “about:telemetry” and we can see everything which that so-called news site says is “personal” data. Did you check? Did you find anything which you consider to be personal data? Even when aggregated, does any of that tell anybody anything about you?

You may refer to the fact that the data travels with an IP address. But Mozilla explain that the IP address is removed as soon as it arrives at the server, so the two are no longer connected. And if you don’t believe them you can check the source code for this, as far as I know. Heck, every website we visit knows the IP address we send our requests from, so unless we all use TOR or a VPN then we’ve all got much bigger things to worry about.

And this LeanPlum thing, that’s definitely FUD. The Mozilla support explanations state exactly what data is sent to LeanPlum, but then the author of that FUD-article then refers to the LeanPlum privacy policy to suggest that personal data is sent to them - it isn’t at all, the only data which is sent is what is listed here: https://support.mozilla.org/en-US/kb/how-do-you-use-leanplum-firefox. Again, if we don’t believe then we can check the source code.

Still, I am open to being convinced that Mozilla really are the evil spying empire that so many FLOSS and privacy fundamentalists say they are - if these fundamentalists provide compelling evidence. I will read the future installments of that website’s investigation (if they ever appear).

Alors, c’est l’heure de dejeuner donc je vais arreter. Bon appetit

*Note that /e/ is undermining this work by using Bromium… because it’s based on Blink which is Google’s browser engine which it uses to do exactly the same as Microsoft was trying to do 15 years ago. The fact that Blink is “open source” is a thin veneer of respectability that so many people (including /e/, it appears) seem to be dazzled by, at the same time as saying that Mozilla are untrustworthy. The hypocrisy stinks.

i really have to agree!

it’s more than ridiculous, how gael and some others here in this forum argue against mozilla and some other important players in the open source field, which in fact realize/d much more essential tools and valuable free software solutions than /e/.

this kind of political resp. social community related attitude and lack in solidarity concerning similar open source projects reminds me, that we should perhaps spend more attention on the dangers of actually gathered data and software in the hand of the /e/ maintainers and their servers. sure, they do not utilize old fashioned cookies or other well known tracking mechanism, but maybe they are nerveless able to identify, surveil and to some degree control a rather interesting ‘critical’ segment of actual mobile device users and phone software just by clever abuse of social engineering strategies, a nice looking sympathetic facade and lots of PR efforts, and little bit of nearly negligibly development work to implement cosmetic modifications in already existing open source software.

but i already expressed some of this objections and rectification in another thread about security warnings resp. false positives related to mobile firefox browsers.

My impression is that you two are a bit touchy when anything negative is said about Firefox. It makes you start discussing the tech economy and ist politics. And it makes @mash share his thoughts that are nothing else than assumptions.

I can’t see what is the problem here.
Despite the good work, and I’ve been a Firefox user since its creation, the telemetry enabled by default is, indeed, a privacy violation.
Let’s face it: the privacy concerns are not for all kinds of people. Better off if there was a warning asking the user for enabling the feature.
But that’s just my opinion.

if you want to debate this topic in more serious manner, you should perhaps differentiate between reporting “telemetry data” and more surveillance oriented and privacy violating spy mechanisms. sure, there is no strict line, which would divide both kinds of calling home, but it simply doesn’t make sense to generaly intermix both techniques resp. ignore their actual purpose and the actual transfer of privacy related data in particular!

IMHO it makes a difference, if data gathering is simply used as a dirty business model, or if’s just a facility to improve software products resp. realize real world debugging. nevertheless i personally prefer to disable this kind of features in my browsers as a precaution, although i still have more confidence in mozillas privacy policies than in the notorious vague and putting off /e/ promises.

Of course a well established enterprise like Mozilla deserves credit and a fresh started one like /e/ needs to walk its way for it.
Trust me, I believe no one and no company without trying my best to be sure I can.
I trust Mozilla and I’ve been using their products, one way or another, for the past 15 years or so. And I’m not saying they have bad goals behind this telemetry stuff.
All I’m saying that it would a more privacy oriented position if this feature would be left disabled by default and asked for enabling by the user.

I think Gael is right, I lost my faith in Firefox/Mozilla a while ago, although I used to be a fan of Firefox. A series of vulnerabilities/idiotic decisions/privacy violations just changed my mind. Also, considering the amount of (google) money Mozilla is receiving, they made a pretty bad job considering market shares of Firefox…

mozilla is much more than just this kind of optional browser for your phone!

just think about their role on the way inventing and developing the rust programming language and all the security related advantages related to it…

whenever /e/ may present some similar important and actually successful results for the benefit of a wider community, we can debate this “series of vulnerabilities/idiotic decisions/privacy violations” again…

Hi @cedricoola, yes I think you’re right, I do get a bit touchy on the subject of Mozilla, but it’s mostly because I don’t understand the strange negative attitude towards it from the rest of the FLOSS community. After all, I know Mozilla has done many things that people don’t like (e.g. kill FirefoxOS) but this general active distrust and always looking to say they’re doing bad things is something I don’t understand.

I will say that I defend other projects in other forums too, for example when people question /e/'s motives and how it really contributes to privacy. I think I had a debate with someone on the Fairphone forum about this and also another discussion about /e/ with someone from Volla.

I don’t agree with the aspersions which @mash is saying about /e/, but those are the right questions to ask and /e/ can’t really complain about being asked, unless they’ve already answered them as best they can.

I agree with @facb69 that Mozilla should perhaps change the default to be no data gathering of any kind, but then perhaps nobody would activate it? Or only “enthusiasts” and Mozillians which would give a skewed idea of how people in general use their web browser.

Back to why I originally posted though, I’m just incredibly surprised to see this kind of FUD retweet from Gael. If he had retweeted an article on the same subject, but one which just outlined the facts without the over-the-top sensationalist vitriol I would have understood, but that article is straight out of the FUD realm.

Let’s hope he was just having a bad day!

Cheers

@madbilly, fair enough. Questionning things is good. I’m out of this discussion now because I don’t understand much of it.

Sure, and when the world time was adjusted the extensions didn’t work anymore, we had to go to about:studies and re-enable these “privacy violating settings”

But I agree, access to the camera and the microphone should be disabled by default in Firefox, and “never remember history” should be default too, just as “accessibility services” should be disabled by default, and so on and so on, but compared to setting privacy and security in Firefox, the settings in Chromium (and any web-browser based on it) are a real nightmare. That is why I prefer Firefox Klar as default browser in /e/, it has the right privacy settings by default.

Also browsers should never ask to remember passwords, that’s also wrong in Firefox’s default settings.
Luckily I’m a Linux user on desktop, because I’ve seen that in Windows Firefox even has DRM enabled by default! And that is a crime.

But I prefer Firefox over Chromium, alas, most websites don’t work in www-textbrowsers. Too bad the web became totally graphic. So, maybe instead of criticizing Firefox, we should criticize the average internet user as a threat to privacy and security of all. And the average smartphone user in particular.

P.S: I like the amnesia in TAILS, or even better the amnesia in HEADS from Devuan, an amnesia without systemd. And Whonix is nice too, and the security in QubesOS. So I’d like to congratulate Gaël for all his efforts. I’m really looking forward to the “James Bond 007” version of /e/ that was announced. I only hope its default browser won’t be Chromium based.

Hi all, I like both Firefox and /e/!
That website am I unique is pretty amazing, I had no idea we all had a footprint like that!

that’s already the default behavior!
you’ll be always asked before access to microphone or cam is given to an app within the browser.

mozilla is much more restrictive in this respect than chrome/blink-engine based browsers.
that’s the reason, why many features (e.g. WebUSB, local filesystem-API, multithreading in WASM) aren’t available in firefox because of justified security misgivings.

sure, you may prefer an even more restrictive default behavior, but that’s perhaps beyond the general accepted measures. we all want to use our browsers in real live and therefore have to look for working compromises and reasonable privacy protection.

Thank you @madbilly for the pointer.
The article from PIA is really blowing things out of proportion. It is certainly not a “privacy nightmare”. Nothing I would worry about.
By the way, the article emphasizes the IP address thing, from a company (PIA) that sells VPN to hide your IP adress… So gross…
Mozilla and Firefox have lots of fans from people in OSS who know what they’re talking about. Not that everyone loves everything they do (I was mad when they broke my extensions). But they deserve a lot of respect.
To me, by far the biggest problem in the Browser space is the lack of variety for Browser Engines. Hopefully, Mozilla/Firefox offers an alternative to all the browsers that are just based on Google’s browser engine. And Firefox offers really interesting things to protect your privacy like having multiple profiles, using containers etc.
Mozilla is certainly on the same side of privacy than /e/.

Well it’s good to know that I’m in good company it seems like plenty of people have a similar opinion to me.

Cheers

You have a footprint but you can protect yourself by using the right add-ons on Firefox but also on Chromium (or some other browsers). In that case fingerprinting as a technique does not work as it supposed to.
As far as I’m concerned WebGL fingerprint defender, canvas fingerprint defender, user agent spoofer, webrtc leak protection, etc. should be default on a good browser - this is not the case. At least there are add-ons to install.

hmm – you also have to consider the fact, that even this protection mechanisms may be used for fingerprinting!

unfortunatlly that’s a well known issue – especially, if you utilize less frequently used software. at the end it may be possible to identify your computer again, just because of the fact, that no one else has exactly the same set of protection plugins installed as you…

Haha. What would you recommend @kalman, I use duckduckgo privacy essentials, does that do the trick?

Lol, i thought that /e/ users knows that Firefox not much better than chrome without editing about:config and using right extensions, so i totally agree with @GaelDuval . Some privacy guide, but it is entry lvl https://restoreprivacy.com/firefox-privacy/

Unfortunately I agree with you, especially when I see things like this:

Most people don’t know or care enough to start tweaking with Firefox (especially since it’s a product that works, what is there to tweak?) and therefore this slogans are only giving away a false sense of security and privacy.

However, beyond this point, Firefox is the right tool for the job if you want to protect your privacy online since it does in fact empower the users to modify it however they want.