Firefox is trying to gain back user trust with this video: https://www.youtube.com/watch?app=desktop&v=O-xyNkvIB9g
This is a legit question: Should anybody trust Firefox again unless they put “we won’t sell your data” back into the privacy policy? I’m actually not sure if they haven’t already done so, let me elaborate:
https://brave.com/privacy/browser/ Brave: “We do not sell, trade, or transfer your information to any third parties.” This seems to obviously be in the legally binding text part. As is this one: “It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers.” (Disclaimer: I’m not a lawyer.)
However, for Firefox it seems ambiguous to me, which worries me: https://www.mozilla.org/en-US/privacy/firefox/#notice There is no appearance of “sell” in the entire privacy document, excpet for the top summary where i’m not sure if it’s at all legally non-binding.
Does anybody know if it is legally binding? If Mozilla were serious about it, why would they leave it ambiguous whether it is…?
Based on that, I’m not sure if Mozilla’s video about getting users back is worth trusting. I wonder if it’s just me.
Update for clarification: I’m not using Brave myself, and this isn’t a suggestion anybody should blindly do so.
FWIW I don’t recommend starting a post about selling data where the very first link points to a Google product.
Consider next time not linking to YouTube but instead the blog post that linked to it and ideally an alternative more privacy conscious frontend, e.g. invidious.
It seems like the official original source for this video is Youtube.
You had me until you propped up brave as the good guy. I would sooner trust opera than brave. They’ve already been caught being sheisters with your data.
See here.
Use a Firefox fork that respects you
Can you suggest one? Obvious it’s not LibreWolf due to lack of respect.
What’s wrong with LW?
They broke saving passwords workflow and disabled that popup to do it.
You can turn it on in settings. I use it and it works fine.
Which version do you use?
I use the latest version. I also have resist fingerprinting disabled and sync enabled. It’s been a while so I don’t quite remember but I think one or both of those might be required for it to work. I know resist fingerprinting disables a lot of stuff so for convenience I disable it and instead use a JS blocker.
Unfortunately, you’re statement from before is wrong. Saving passwords is still broken. I just double-checked it Librewolf on the latest 148.0.2.2 version. By saving password I mean the “Ask to save passwords” in Private & Security settings. Librewolf completely ignores it. Librewolf folks do some very stupid UI things with their fork.
The reasoning for Firefox changing their policy is that legally, in some jurisdictions, a sale of data is very ambiguous.
They are sending a “count of active users” to advertisers, which their legal team thinks counts as a sale of private data.
Is this good enough a reason? Up to you really. Their policy is fairly wide open for further actual data sales now, it certainly gives me an itchy feeling.
Maybe I’m just an old, cynical man (I’m 44) but it’s not like their policy forces them to follow it, I mean why trust that “they promised they won’t do it in their policy” means they won’t just do it anyway without telling anyone?
I think it’s mostly a defence against getting sued if they got caught. Chrome can point at their policy and get the case dismissed, Firefox would have to defend it in court and risk losing.
But you are absolutely correct, privacy policy’s are only as binding as your ability to enforce them, and you and I don’t really have any means to enforce them against a large Corp.
So why can Brave still have that clause? That’s what I don’t get. I also feel like Mozilla could try to do something like “we don’t ever sell your data, except this one corner case” and just explain it, but it seems like they didn’t even bother. (I could be completely misunderstanding things and perhaps I’m being unfair here. It’s just how it comes across to me as an uninformed doofus.)
You’d have to ask Braves lawyers. It could just be that Mozilla is more risk averse, perhaps brave thinks they won’t be sued.
It would be nice if they were clearer, but I think they don’t want to (or legally cant) define exactly what they do.
Very funny to mention Brave like it’s a normal browser.
Why wait for that to start distrusting FF https://lemmy.ml/c/librewolf
OP works for Brave. Original post is just an ad.
I use Librewolf myself, but I’m concerned about upstream Firefox dying so this whole situation frustrates me. The only reason I mention Brave is because Brave is also a company (unlike Librewolf) and has a Terms of use to compare Mozilla to (unlike Librewolf).
I just know from a privacy standpoint that I always understood Brave to be a hardcore no even dating back to 2018.
That could be true, I honestly don’t know. The crypto stuff in Brave definitely seems weird.
Could you link where they say that?
Regardless, they are afflicted by Lawyer Brain and need to hike it to BlueSky
Trust is hard to gain, very easy to lose. And much harder to regain, once its lost.
I have been a Firefox user since… its Mosaic days. And even after Chrome became a thing, FF remained my default choice. It was just my browser, I would shrug at anyone telling me Chrome was so much better.
Alas, their recent switch in regards to data/ads and after that their focus on AI, after a few previous decisions of them that quite worried me too, convinced me to do what I had never imagined I would do: replace FF as my default browser.
I now use Waterfox, and if Firefox is still installed on my Linux box I have not used it since (I’m a liar: I clicked it once, out of habit). I just don’t feel comfortable using it, it’s not my browser anymore. It’s just a browser, like Chrome or Edge, some corp is trying to force feed me, and to screw me with. Thx, but no.
I would love to see FF change path and regain my trust. But this will take some efforts.
Single reason it’s my main browser still are addon functionality.
Interesting, it’s also not a chapter in https://browser.engineering/
That being said I imagine Google messed up the whole landscape with its Manifest V3 situation.
Also I imagine after a certain expertise threshold, one can relatively easily re-create an addon themselves. I’m thinking people who are familiar with Tridactyl or GreaseMonkey might not be as sensitive as this problematic.
I still remember the Mozilla Internet Application Suite before the browser part was spun off into Firefox and the email into Thunderbird. Some of their moves have been disappointing but I’ll still never use Chrome
I remember that too.
BTW, Waterfox is a fork of FF ;)
Thanks for tip
The advice I’ve always read is to avoid forks because they usually get security updates slower than the main browser. Is that true of waterfox?
Same boat. Used Mozilla since back when you had to futz to get it to compile.
Fuck Mozilla. Fuck FireFox.
LibreWolf fixed what the Foundation and Board enahittified.
I feel more sadness than anger. Like I feel a lot more sad realizing younger people will probably not be able to experiment a free and truly personal web, like the elders among us did. That corporate-free Web used to be the norm… with its clumsiness and its many quirks, its ability to tolerate conflicting opinions too. Now, everything is policed and so… neutered. It’s also ad-saturated. It has turned into a TV, just worse.
Seeing Mozilla take that pitiful road made we feel a lot more sadness than anger, really. They were one of the few that were supposed to stand for another model. But I was not that surprised either…
Slap yourself. Don’t accept defeat. Rage, rage against the dying of the 'net
Used Firefox for god knows how long. Reading your post made me want to try out Waterfox and I must say I really really like it so far. Gonna keep using it and maybe I’ll even uninstall Firefox down the line.
No need to rush a decision, give it a swirl and you will see ;)
Don’t trust them. Trust open-source.
Use forks, and donate to known projects that exist for (at least) a few years.
For them to sell your data, they need to collect it first. And as of now, all data collection can still be opted out of.
They collect personal data before you even have the chance to opt out which is a clear violation of the GDPR. They promise to delete it within 30 days when you opt out, but is was collected nonetheless.
I need to manually opt out?
That’s fair, but that requires the trust that they won’t add any collection without telling people. And it seems like they kind of want a license for all data I enter into the browser, which again Brave doesn’t seem to do. It’s like Mozilla is going out of their way to look shady and to harm trust. It’s sad. I’ve been using Firefox for a looong time until I left it behind.
trust that they won’t add any collection without telling people.
It’s open source so you can inspect it. If you don’t know how to do that you can pay for a 3rd party audit.
Also if it were to be found out, even without being open source via some pack inspection (e.g. using a software that checks if data is being sent to a server, e.g. imagine starting Firefox on a virtual machine then checking if any data goes to e.g.
firefox.com) and it were to be published then their entire brand would be dead. So rationally speaking I don’t think that’s a worthwhile bet.Do you audit every release of any open-source program you use before you run it?
Open-source alone isn’t enough if the creators are known to do weird things.
I know you ask this question in jest but basically it cascades, e.g. if I trust Debian or F-Droid, then I trust that the applications they include in their distribution or store is both secure enough (no piece of software is perfectly secure) and actually does what it say it does. In turn I believe they do the same, namely that initially when an application is added to their collection, they do review the application and the code yes. Then each update is only a gradual check, if ever done, assuming nothing special happened, e.g. no main maintainer change. If it’s far from perfect, and as somebody linked else there are limits (e.g. https://en.wikipedia.org/wiki/XZ_Utils_backdoor ) but in “normal” situations it’s enough for me.
Anyway that’s just my perspective on the matter, on your problem specifically after a brief ~5min search I haven’t found exactly what you are looking for but here are still some examples of what I do find helpful :
- IMHO very close but limited to Android https://reports.exodus-privacy.eu.org/en/reports/org.mozilla.firefox/latest/ and only technical, not about the “business” side, still it shows what is potentially collected and thus sold back
- example of 3rd party security audit on the accounts part of Firefox https://blog.mozilla.org/security/2017/07/18/web-service-audits-firefox-accounts/
- some publication from that 3rd party https://cure53.de/#publications-2024 but not specific to Firefox
- what Mozilla itself sponsored in terms of auditing other open source software https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed
Those though are mostly around security. They are definitely linked to privacy but still distinct. If I genuinely cared about the topic I would directly ask if organizations, non-profits, etc do think about the topic, e.g. Access Now, EFF, Exodus Privacy.
If by any chance you do find something helpful there please do share back.
The linked reports don’t seem too useful since 1. the first one seems some automated scan not a code review, and 2. the second one is “Firefox Accounts” and not a browser code review. My apologies if I"m missing something.
I personally think you shouldn’t run software that accesses such intricate personal information if you don’t trust it, if it can be updated to change to grab all that data.
Especially since Mozilla seems to potentially give itself a license to all your data, apparently.Update: This seems to only apply to “Mozilla Accounts”, my apologies for the error: https://www.mozilla.org/en-US/about/legal/terms/services/you shouldn’t run software that accesses such intricate personal information if you don’t trust it, if it can be updated to change to grab all that data.
Yes, and you should also brush and floss your teeth, do physical activities, buy local produces, recycle everything, do your due diligence on all political candidates, etc, etc. In practice we ALL have to make pragmatic choices. There are not a lot of browsers and basically for fully featured engines there are (arguably) only 2, Chromium by Google and Firefox by Mozilla. One is an advertising for profit company, the other is not. If you genuinely care a lot about privacy though you might not have to use either, you might be perfectly fine with much simpler browsers like Links or even lynx and I can tell you with a lot greater confidence that there no data will leak. You can also containerize your browser using e.g. https://docs.linuxserver.io/images/docker-webtop/ and then run within there whatever you want.
since Mozilla seems to potentially give itself a license to all your data, apparently.
That’s not correct, you mean some data from your browser usage. I think it’s important to be precise here otherwise through shortcuts you try to convince yourself, and others, about a problematic situation that just does not exist.
So which browser do YOU trust and why?
deleted by creator
While I can understand not wanting to trust corporations and Mozilla has definitely become more corporate over the years, if they ever start to collect data without the ability to opt out, by (european) law, they need to inform the user about the data collection. So for now, I don’t see much reason to be alarmed.
deleted by creator
Dunno. Ive already left. Now its on them to give me a good enough reason to consider going back.
To where?
Waterfox, brave, many options.
Brave is shit I don’t know why people keep recommending it.
Ok
Buying the company usually means buying all of their user information as well. Other companies can change their policies too. I think you should judge them by their actions, and give them a chance to answer your questions before you condemn them.
(Did you try asking them about your concerns?)
Since there are alternatives, I don’t find that argument too compelling. I’m hoping people will continue to speak up about this though. Ideally I would want Mozilla to do better with their policy, assuming they actually act nice and just aren’t very good at making their policy sound like it.
Have you tried waterfox?
Owned by an advertising companyNot true anymore, my badNo, that has changed since almost 3 years.
Source: https://www.waterfox.com/blog/a-new-chapter-for-waterfox/
Please verify before you accidentally spread misinformation.
I was not aware this, will edit the comment. Thank you!
I switched to waterfox, I will never trust Mozilla again for a wide variety of reasons.
The problem with forks is that you need to trust the original party (Mozilla) AND the developer of the fork. Also, that fork will inevitably lag in security updates coming from the original party.
Firefox is still pretty customizable with user and enterprise policies, and most telemetry can be disabled. They have shown that they listen to their userbase, even if capitalism forces the for-profit part to make cuestionable decisions.
Which brings me to Phoenix for Firefox…
https://brave.com/privacy/browser/ Brave: “We do not sell, trade, or transfer your information to any third parties.” This is obviously in the legally binding text part.
This is only for data that the user transmits to them in conjunction with feedback.
Here’s another quote: “It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers.” That one isn’t in the feedback section.
Problem with FOSS movement happened is not all parts are self sustainable. Which leads to market fit revenue system which is basically selling data as of now. Hope this changes in future.
