Ask HN: Is Firefox really privacy friendly?

6 points by andro_dev ↗ HN
I am perplexed by Mozilla's mindbending word games about privacy of the Firefox browser. They claim that

"Your privacy comes first As the internet grows and changes, Firefox continues to focus on your right to privacy — we call it the Personal Data Promise: Take less. Keep it safe. No secrets. Your data, your web activity, your life online is protected with Firefox."

"At Mozilla, we believe that privacy is fundamental to a healthy internet."

While this is all good they have a lot of telemetry going on in the background.

"Interaction data: Firefox sends data about your interactions with Firefox to us (such as number of open tabs and windows; number of webpages visited; number and type of installed Firefox Add-ons; and session length) and Firefox features offered by Mozilla or our partners (such as interaction with Firefox search features and search partner referrals)."

Please see the rest here.

https://www.mozilla.org/en-US/privacy/firefox/

How can we really call this a private browser or even privacy-friendly browser while they are constantly hogging user data.

14 comments

[ 2.6 ms ] story [ 43.9 ms ] thread
> How can we really call this a private browser

Because (much like the case with Chrome) most people use a privacy-respecting nonprofit fork rather than the main product.

Most people or most people that are at least somewhat into tech?
Which Firefox forks would you recommend to andro_dev?
I definitely would like to know that.
Librewolf is the big one, but there's also GNU IceCat if you're into that sorta thing.
The share of forked firefox users is smaller than you think
Do you give money to Firefox? As long as you are not paying money to a company, you should expect a little bit of "creep". Have you made any personal investments in producing privacy respecting software?

I don't know where you work, but I would go talk to your devops or SREs and ask them how important telemetry is to keeping things running and even more important than that, ask the business folks how important it is for informing business decisions.

I promise you that sometimes telemetry is really just telemetry.

This read is fairly satisfying to me: https://www.mozilla.org/en-US/privacy/faq/

The financial statement was also interesting: https://assets.mozilla.net/annualreport/2021/mozilla-fdn-202...

  Established in July 2003, Mozilla Foundation (the Foundation) is a California not-for-profit
  corporation that exists to improve and protect the internet as a public resource by working
  with thousands of volunteers to 1) keep the internet a universal open platform and 2) promote
  continued innovation on the internet. The Foundation supports the development of open-
  source, standards-compliant, free internet applications useable free of charge to hundreds of
  millions of users. It also a) develops foundational technologies that can be used to build the
  values of openness and interoperability into the internet; and b) fuels the movement for an
  open internet through educational work that connects open internet leaders with each other
  and mobilizes grassroot activities around the world. The Foundation is headquartered in San
  Francisco, California

  Advertising revenues - Mozilla also offers advertising services in three formats. The
  first is the New Tab / Tiles advertising service, which places links to sponsored
  content when a new tab is opened in the Firefox web browser. The second format is
  through Pocket’s email product, Pocket Hits. Pocket Hits may include paid
  advertisements, which are placed in email newsletters that get delivered to global
  Pocket users. Lastly, Mozilla also sells web advertisement spots on content that
  Mozilla licenses and syndicates from publisher partners across the web.
It is pretty easy to be jaded and cynical. There are many big tech companies that are definitely your enemy. Mozilla is pretty low on my list of concern and they are contributing way more than they are damaging.

Mozilla is also a non profit.

If you think your exposure to Firefox is a big privacy risk, think about google and your email, think about your phone backups or other backups, think about your non signal messengers, think about cloudflare, AWS, and GCP, think about your DNS provider, think about your photo album on your phone and how OCR is run on it to generate searchable tags and facial recognition is done to determine your social graph.

If nothing else, Firefox is supporting uBlock which is the single most important piece of privacy (and security) software today.

Most of the time (hopefully, from an SRE’s perspective), the telemetry used by DevOps and SRE teams is not the analytics gathered by product teams to make business decisions.
I think there is probably some overlap in raw data with wildly different representations of it. But yeah, the business useful stuff is a bit more invasive.

Either way, telemetry isn't inherently evil and it really does help the company.

It's like sending crash reports. If nobody sends crash reports, it's nearly impossible to know the scale of a crash or how to fix it.

The people who choose not to send crash reports for privacy concerns are being subsidized by the people who give up their privacy and send them, usually out of ignorance.

If I could pay the corporation for firefox I might. (Unlikely because they keep making it worse.) I can only pay the foundation which gives money to a load of bullshit and puts out stink pieces saying we need less speech on the web.

Telemetry is used as an excuse for removing features but it is really part of government surveillance.

Your argument is based on offering FF to be the best of the worse option. My issue is the hypocrisy they display in their wordings. Privacy and telemetry should not be used in the same paragraph.
You can disable some of firefox's background network requests by modifying the about:config key/value pairs of your firefox profile (for example, by using a user.js file). The Arkenfox user.js (https://github.com/arkenfox/user.js/) has some pretty good defaults that disable a lot of the background requests.

There are also firefox forks that disable background requests. Librewolf (https://librewolf.net/) is a popular fork that uses a combination of about:config tweaks, policies, and patches to disable all background requests (technically some requests still go through, but are replaced with a dummy url that you can block). Librewolf also downloads uBlock Origin by default, and is close to upstream. Overall it's a pretty good out-of-the-box solution.

https://imgur.com/a/p4CVBHb

"Power and privacy to the people. No need to dig into your security settings. Fierce privacy is our default."

- Firefox on a recent update. You know, a browser that defaults to Google search and having search suggestions on. I know I'd have a couple privacy settings to change.