> Important Note: Neither Mozilla nor Pocket receives a copy of your browser history. The entire process of sorting and filtering which stories you should see happens locally in your copy of Firefox.
Do you think they're lying? Do you just hate the idea of any built-in browser integration with proprietary services?
Trivial for your average HN user, but "normal" users can't be expected to go poking around in an undiscoverable settings feature that warns them about dragons.
Exactly. I stopped trusting Mozilla when Pocket went in. I just "upgraded" Firefox to make it shut up, and I spent 15 minutes checking the privacy options to see if they were sneaking anything in. I still don't see a way to totally remove "Sync".
I don't want the browser talking to any site that's not absolutely necessary to display the page. Period.
> I don't want the browser talking to any site that's not absolutely necessary to display the page. Period.
We've probably already lost that war, because almost all sites today include hundreds of kilobytes of extraneous javascript tracking cruft, and blocking it will frequently break the page display.
At least Mozilla is trying to help on that front with their privacy tools and container tabs.
I actually love Pocket, finding it great for organising my many bookmarks - but at the same time, I don't want proprietary services built into Firefox.
IMO, Pocket should be an extension, same as any other. Though I wouldn't even mind if the Firefox installer asked if I wanted to install this extension during installation, treating it as a kind of "Mozilla recommended" extension.
They're not lying, they're just missing the point.
1. I don't want recommendations, I didn't ask for recommendations. Having it as a feature that can be enabled for pocket-users might be defensible, opt-out isn't.
2. Even if they're somehow keeping your full browser history on your machine for processing (which is an irrelevant point anyway since it's often synced with your Firefox account anyway), the point is they're collecting data on your personal preferences. The raw data isn't the point, the generated metadata representing a personal profile of you is. It's the processing, regardless of where it takes place, that is objectionable in itself. Doing that processing at all in any form is the antithesis of what Mozilla claims they stand for in this article.
1. turn them off. Like any other application on the planet, you get some defaults and you turn on/off what you want, yourself, if what you want is different from the default. Settings => Home => Firefox Home Content. There's even a settings shortcut on the new tab view to take you to those settings, so turn it off first and see if you feel better now that you'll never see pocket ever again.
2. No it's not, that makes no sense. Processing your local behaviour, and never sending that information to anyone else, is not "the antithesis of what Mozilla stands for" in the slightest. What do you think happens here? Do you think they're sending that metadata to pocket, which then does _more_ processing on their end to match your preferences to recommendations? Because if so: that's not what happens, and it's time to read up on how pocket recommendations actually work to see if you're upset with them for a legitimate reason or whether you just completely misunderstood how this works.
1. my objection was to it being opt-out. "Turn it off" is not a valid solution to that. I'm wondering if you read my comment fully?
And it's not just me. You're saying that Mozilla is expecting all users to opt-out to protect themselves... from Mozilla itself. By Mozilla claims to be protecting those users...
2. you say it's not the antithesis of what they stand for but you've given no reasoning. Why is Mozilla compiling a personal profile of my browsing preferences not the antithesis of what they stand for? What have I said that isn't in line with the technicalities of how Pocket works? Does Pocket not compile a personal profile of my browsing preferences?
I'm sorry, I normally try to avoid combative tone on hn, but you've written quite a substantive comment all of which simply states that the points in my comment are incorrect with no reasoning behind those statements. It's not really logically cohesive...
The only thing that's being debated is whether sending a personal profile of your browsing preferences compiled from metadata is ok simply because it's not a personal profile of your browsing preferences consisting of your entire browsing history.
You're right that both things are profiles—that's not being argued.
Please provide evidence that they're "sending a personal profile of your browsing preferences compiled from metadata" anywhere.
As far as I can tell, the only data that's sent is what Pocket-recommended links were displayed, and if you clicked on them. Is that what you're claiming constitutes a "profile"?
Except that metadata isn't getting sent to pocket. Firefox gets the full list of pocket recommendations, and it, locally, picks which to show you, based on your browsing history. The entire thing you object so strongly to, namely things getting sent to mozilla _never happens_ and neither mozilla, nor pocket --nor anyone else except people who hack into your computer or your firefox account if you use such a thing-- will ever know what you're in to, if you turn of the general data sharing that you probably already have turned off for firefox because you're privacy-conscious.
I assume Mozilla makes a fair bit of money from the Pocket recommendations, and disabling it is one checkbox in the settings screen.
> an irrelevant point anyway since it's often synced with your Firefox account anyway
Only if you sign up for a Firefox account and enable sync!
> the point is they're collecting data on your personal preferences... the generated metadata representing a personal profile of you is.
I don't think this is true. They say:
> Recommendations from Pocket are displayed on your new tab, we collect information about how many times they appear and whether or not you interact with them. However, this information is not associated with any of the other technical and interaction information about you or your copy of Firefox.
Don't like Pocket, don't use it. I personally find it convenient, I'm not at the point I consider everything I browse equally sensitive. There are pages I don't consider being particularly sensitive I want to read later without cluttering my tabs. I really understand peoples wanting to protect everything, it's a valid choice, but I'm not there yet personally, thus for me Pocket is useful.
Except they actually provide useful features like Firefox Sync. If you opt into that service it is impossible for them to provide it to you withouth having your data on their servers.
They should be transparent about what data they have. There are options like "Allow Firefox to send technical and interaction data to Mozilla" and "Allow Firefox to send backlogged crash reports on your behalf" in Firefox, I don't recall if they are enabled by default when you install the browser but I seem to recall that at least one of them is. These options have nothing to do with the Sync feature.
That's just your opinion. I do not mind sharing data with them by default because I know the data helps their long-term survival. Especially because I know I'm lazy (like most people are) so if it's opt-in I wouldn't bother turning things on.
It should be noted that, though you personally may be consistent about this, most people would consider identical opt-in data sharing on the part of eg Chrome to be evidence of Google's dastardliness. I don't think it's unreasonable to expect Mozilla not to take user data by default if they're positioning themselves as privacy-oriented.
That's just your opinion. Mozilla should be very clear, up front, about what data they collect by default[1], so that users can make educated decisions about whether to allow it. This whole "we promise to protect everything (lol) we collect about you" PR stunt obscures the fact that they are collecting data from users by default.
1. They 'detail' it in the privacy policy, but 1) almost all end users will not see a link to it and 2) almost all end users will not consider that Mozilla is collecting data from them by default.
Curious, let me construct a bit of a straw man. Would you be ok with their data collection if that data was only interaction data? What features are you using, sans tracking features that may reveal who you are and what sites you visit? Assume for the sake of this question that it has been verified by 200 third parties to be the case.
What about bug reports?
I’m just curious if the line is “absolutely no data” or “nothing identifiable to me or my habits”, or something else.
Mozilla the organization are providing to me a piece of software (the browser), which after me downloading it, should have absolutely nothing to do with Mozilla, their services or servers.
Unless, of course, I explicitly instruct the browser to connect there, which is unlikely, because I don't want anything to do with them or with their services.
>you have no business having my data in the first place...
???
Mozilla doesn't have your data.
The only way Mozilla would ever have any of your data is if you explicitly signed up for one of their services to hold your data for syncing purposes or something.
Unless you very actively said "Take my data please!" at some point, there really are very few things Mozilla would be able to do to get at your data. (In fact, by far the easiest thing for them to do would be to forget about using firefox and just buy the data from Facebook or Google.)
You could just check out their privacy policy you know: https://www.mozilla.org/en-US/privacy/firefox/
It's literally linked from just below the "Download Firefox" button and in the page footer.
Before the apologists roll in: Cliqz GmbH is a media and advertising company, and Firefox DOES NOT own Cliqz GmbH, they just own a bit of it (officially they are a "minority investor").
The Mozilla Corporation sent private data of its users without their permission to a third party ad company. It's despicable and unforgivable.
That's demonstrably false. Disabling telemetry resulted in the collection of meta-telemetry, in violation of users' explicitly expressed decision to not allow collection of telemetry.
For 1% of the users opting out of telemetry. And anonymized. And also the data not being telemetry related.
Technicaly correct, but pretending that this is mozilla going against the spirit of "decide what to share and when" is at best stretching it, and worst case willingly misrepresenting the case.
Your decision to show ads to your users this last week without their consent was the last straw for me. And believe me, I've stood A LOT from you. My relationship with you has been practically abusive. Farewell Mozilla, it's been real.
Where on earth are you going? Chrome? There are no other independent browser engines left besides Firefox, web browsers are a duopoly now and if you think Google is better on data collection and ads than Mozilla, I have a bridge to sell you.
Chrome isn't the only other option. There are tons of browsers that are more respectful of user privacy than Firefox:
- Firefox (but fixed with settings that are hidden from the user for some reason)
- IceCat, Waterfox, Pale Moon, etc.
- Ungoogled Chromium, Iridium, Qutebrowser, etc.
Mozilla's actions (Cliqz spyware integration, ads in the browser, Google analytics in the browser, locked enabled telemetry, etc.) show that their "commitment" to user privacy is just marketing.
This feels like a problem the free market would have solved. Pay $x00/year or so, get a browser that doesn't track you or serve ads, and doesn't remove features that the userbase liked. But that hasn't happened, so I'm clearly vastly misunderstanding things here.
You could literally be Firefox talking. You don't want us to do this? But when we do, where are you going to go? The other guy is worse.
edit: I feel like I should footnote this with the observation that Firefox is at the lowest marketshare it's ever been, and continues to shed users. It currently only exists so to be used as a defense in future antitrust actions against Google.
I don't recall Chrome putting ads in the browser, so it does seem like, comparing apples-to-apples, Chrome has been better than Firefox on ads (given the Mr Robot ad and this recent booking.com ad on the new tab page).
That being said, as much as I've been unimpressed with Mozilla's decisions over the last half-decade, I don't really see the issue with putting an ad on the new tab page, given that they claim it wasn't targeted and didn't use any user data.
The very least I'm well aware of what it does and it's not hiding it and it doesn't eat my laptop's battery with anything WebGL or video-related (and also does both without any glitches).
Does anyone else find it strange that threads on Mozilla articles submitted to HN are filled with privacy-absolutists while articles about Google/Chromium are disproportionately commented on by Google apologists?
Are there two radically divergent subsets of HN users who hardly comment on articles about the other major browser?
I think the difference is how they position themselves. Mozilla claims to fight for you and keep your data safe, Google claims to be an advertising company.
It would be like if McDonald's sold an "all beef burger" that contained no actual beef, or if the Impossible Burger was found to contain any beef at all.
Mozilla bragging to me about how they're defending me on the web is like Smith & Wesson telling me they're keeping me safe from guns.
It also seems like the height of hypocrisy to complain about data privacy when people use almost exclusively free services online. Somebody has to pay for it all, and since users refuse to do so, advertising has to. It's simple math: if you don't pay for content, your data will be monetized to pay for it. If all use of private data on the web was somehow regulated into oblivion, the web would collapse, because there'd be no money to pay for it.
Invasive advertisement doesn't fund most of the web, it only funds some thousands of top websites and I bet most of them can exist without invasive tracking and banners. There are still brand deals and content advertising and other forms of non banner advertisement, not to mention non advertising business models. And most websites can't exist on advertising revenue anyway and are funded some other way.
There's no question of whether a business can exist without targeted advertising ("invasive" advertising). But they're definitely going to use it whenever feasible, because it's the most efficient form, possibly more than direct marketing.
The ways a business can make money online are A) partnerships, B) advertising, C) goods/services, D) subscriptions, or E) community. The last two are dwarfed by the first three, which depend on advertising. Even if you're a B2B, you still need marketing to get new clients, which almost invariably includes some kind of advertising.
So the majority of websites people visit are still paid for with some form of marketing. It may be indirect, such as by affiliate, partnership, selling of private data, etc, or it may be direct, such as with advertisements and spam/newsletters. The user is still going to pay for it, one way or another. If they're not paying via a subscription or donation, they're paying through their use as a marketing target. (And often, via both!)
76 comments
[ 4.2 ms ] story [ 127 ms ] thread> Important Note: Neither Mozilla nor Pocket receives a copy of your browser history. The entire process of sorting and filtering which stories you should see happens locally in your copy of Firefox.
Do you think they're lying? Do you just hate the idea of any built-in browser integration with proprietary services?
Yes. I hate the idea of any built-in browser integration with proprietary services.
Pocket.enabled
Set to false
Seems pretty simple to me.
But if I did, Google seems 100x the larger problem.
I don't want the browser talking to any site that's not absolutely necessary to display the page. Period.
We've probably already lost that war, because almost all sites today include hundreds of kilobytes of extraneous javascript tracking cruft, and blocking it will frequently break the page display.
At least Mozilla is trying to help on that front with their privacy tools and container tabs.
IMO, Pocket should be an extension, same as any other. Though I wouldn't even mind if the Firefox installer asked if I wanted to install this extension during installation, treating it as a kind of "Mozilla recommended" extension.
1. I don't want recommendations, I didn't ask for recommendations. Having it as a feature that can be enabled for pocket-users might be defensible, opt-out isn't.
2. Even if they're somehow keeping your full browser history on your machine for processing (which is an irrelevant point anyway since it's often synced with your Firefox account anyway), the point is they're collecting data on your personal preferences. The raw data isn't the point, the generated metadata representing a personal profile of you is. It's the processing, regardless of where it takes place, that is objectionable in itself. Doing that processing at all in any form is the antithesis of what Mozilla claims they stand for in this article.
1. turn them off. Like any other application on the planet, you get some defaults and you turn on/off what you want, yourself, if what you want is different from the default. Settings => Home => Firefox Home Content. There's even a settings shortcut on the new tab view to take you to those settings, so turn it off first and see if you feel better now that you'll never see pocket ever again.
2. No it's not, that makes no sense. Processing your local behaviour, and never sending that information to anyone else, is not "the antithesis of what Mozilla stands for" in the slightest. What do you think happens here? Do you think they're sending that metadata to pocket, which then does _more_ processing on their end to match your preferences to recommendations? Because if so: that's not what happens, and it's time to read up on how pocket recommendations actually work to see if you're upset with them for a legitimate reason or whether you just completely misunderstood how this works.
And it's not just me. You're saying that Mozilla is expecting all users to opt-out to protect themselves... from Mozilla itself. By Mozilla claims to be protecting those users...
2. you say it's not the antithesis of what they stand for but you've given no reasoning. Why is Mozilla compiling a personal profile of my browsing preferences not the antithesis of what they stand for? What have I said that isn't in line with the technicalities of how Pocket works? Does Pocket not compile a personal profile of my browsing preferences?
I'm sorry, I normally try to avoid combative tone on hn, but you've written quite a substantive comment all of which simply states that the points in my comment are incorrect with no reasoning behind those statements. It's not really logically cohesive...
The only thing that's being debated is whether sending a personal profile of your browsing preferences compiled from metadata is ok simply because it's not a personal profile of your browsing preferences consisting of your entire browsing history.
You're right that both things are profiles—that's not being argued.
As far as I can tell, the only data that's sent is what Pocket-recommended links were displayed, and if you clicked on them. Is that what you're claiming constitutes a "profile"?
> an irrelevant point anyway since it's often synced with your Firefox account anyway
Only if you sign up for a Firefox account and enable sync!
> the point is they're collecting data on your personal preferences... the generated metadata representing a personal profile of you is.
I don't think this is true. They say:
> Recommendations from Pocket are displayed on your new tab, we collect information about how many times they appear and whether or not you interact with them. However, this information is not associated with any of the other technical and interaction information about you or your copy of Firefox.
"That's Tron, he fights for the users."
https://www.youtube.com/watch?v=8kcgosLwPDE
If it is enabled by default, then they are doing it wrong.
That's just your opinion. Mozilla should be very clear, up front, about what data they collect by default[1], so that users can make educated decisions about whether to allow it. This whole "we promise to protect everything (lol) we collect about you" PR stunt obscures the fact that they are collecting data from users by default.
1. They 'detail' it in the privacy policy, but 1) almost all end users will not see a link to it and 2) almost all end users will not consider that Mozilla is collecting data from them by default.
What about bug reports?
I’m just curious if the line is “absolutely no data” or “nothing identifiable to me or my habits”, or something else.
Unless, of course, I explicitly instruct the browser to connect there, which is unlikely, because I don't want anything to do with them or with their services.
???
Mozilla doesn't have your data.
The only way Mozilla would ever have any of your data is if you explicitly signed up for one of their services to hold your data for syncing purposes or something.
Unless you very actively said "Take my data please!" at some point, there really are very few things Mozilla would be able to do to get at your data. (In fact, by far the easiest thing for them to do would be to forget about using firefox and just buy the data from Facebook or Google.)
That is not my definition of explicitly signing up for their services.
https://www.ghacks.net/2017/10/06/mozilla-to-launch-firefox-...
The Mozilla Corporation sent private data of its users without their permission to a third party ad company. It's despicable and unforgivable.
That's demonstrably false. Disabling telemetry resulted in the collection of meta-telemetry, in violation of users' explicitly expressed decision to not allow collection of telemetry.
https://www.ghacks.net/2018/09/21/mozilla-wants-to-estimate-...
Technicaly correct, but pretending that this is mozilla going against the spirit of "decide what to share and when" is at best stretching it, and worst case willingly misrepresenting the case.
- Firefox (but fixed with settings that are hidden from the user for some reason)
- IceCat, Waterfox, Pale Moon, etc.
- Ungoogled Chromium, Iridium, Qutebrowser, etc.
Mozilla's actions (Cliqz spyware integration, ads in the browser, Google analytics in the browser, locked enabled telemetry, etc.) show that their "commitment" to user privacy is just marketing.
So...some minor derivatives of Firefox, plus some hacked-on versions of Chromium. What are you going to do if Firefox goes away?
edit: I feel like I should footnote this with the observation that Firefox is at the lowest marketshare it's ever been, and continues to shed users. It currently only exists so to be used as a defense in future antitrust actions against Google.
That being said, as much as I've been unimpressed with Mozilla's decisions over the last half-decade, I don't really see the issue with putting an ad on the new tab page, given that they claim it wasn't targeted and didn't use any user data.
(Source: https://utcc.utoronto.ca/~cks/space/blog/web/MozillaStillTru... )
Are there two radically divergent subsets of HN users who hardly comment on articles about the other major browser?
It would be like if McDonald's sold an "all beef burger" that contained no actual beef, or if the Impossible Burger was found to contain any beef at all.
It also seems like the height of hypocrisy to complain about data privacy when people use almost exclusively free services online. Somebody has to pay for it all, and since users refuse to do so, advertising has to. It's simple math: if you don't pay for content, your data will be monetized to pay for it. If all use of private data on the web was somehow regulated into oblivion, the web would collapse, because there'd be no money to pay for it.
The ways a business can make money online are A) partnerships, B) advertising, C) goods/services, D) subscriptions, or E) community. The last two are dwarfed by the first three, which depend on advertising. Even if you're a B2B, you still need marketing to get new clients, which almost invariably includes some kind of advertising.
So the majority of websites people visit are still paid for with some form of marketing. It may be indirect, such as by affiliate, partnership, selling of private data, etc, or it may be direct, such as with advertisements and spam/newsletters. The user is still going to pay for it, one way or another. If they're not paying via a subscription or donation, they're paying through their use as a marketing target. (And often, via both!)