I guess my praise for Mozilla’s and Firefox’ continued support for Manifest v2 had to be balanced out by Mozilla doing something stupid. Mozilla just published Terms of Use for Firefox for the first time, as well as an updated Privacy Notice, that come into effect immediately and include some questionable terms.
The Terms of Use state:
When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.
↫ Firefox’ new Terms of Use
That’s incredibly broad, and it could easily be argued that this gives Mozilla the right to use whatever you post or upload online through Firefox, which is clearly insane. However, it might also just be standard, regular, wholly unenforceable legalese, but the fact it’s in the Firefox Terms of Use now that you have to accept is disconcerting. Does this mean that if an artist uses Firefox to upload a new song they made, Mozilla now has a license to use that song in whatever way they deem fit? You’d hope not, but that does seem what the terms are stating here.
Moving on to the new Privacy Notice, and it seems Mozilla intends to collect more data in more situations. For instance, Mozilla is going to collect things such as “Unique identifiers” and “Browsing data” to “Market [their] services”, consent for which Mozilla will only ask for in jurisdictions where such consent is required, and it’s opt-out, not opt-in. I would hazard a guess that even in places where strict privacy regulations are in place, the wording of such consent will probably be obtuse, and the opt-out checkbox hidden somewhere deep in settings.
Mozilla also intends to collect “all data types” to “comply with applicable laws, and identify and prevent harmful, unauthorized or illegal activity”. Considering how fast, I don’t know, being trans or women’s health care is criminalised in the US, “illegal activity” can cover a lot of damn things once you have totalitarians like Musk and Trump in power. An organisation like Mozilla shouldn’t be collecting any data types, let alone all of them, and especially not in places where such data types can lead to real harm to innocent people.
The backlash to the new Terms of Use and updated Privacy Notice is already growing, and it further cements my worries that Mozilla is intending to invest more and more into becoming an advertising company first, browser maker second. The kinds of data they’re going to collect now from Firefox users are exactly the kinds of data that are incredibly useful to advertisers, and it doesn’t take a genius to see where this is going.
Time to figure out the counterpart to the Ungoogled Chromium Flatpak I use for testing my creations, I guess.
There’s a LibreWolf Flatpak, so I’ll probably start there.
I’m seeing Librewolf over on Mastodon as one candidate. This is very disappointing though.
Have you tried the Zen browser?
https://zen-browser.app/
Never even heard of it but, like Chromium-based browsers, it looks incompatible with my custom userChrome.css and that’s a deal breaker.
(The four big deal-breakers that come to mind off the top of my head for Chromium browsers are the browser.link.open_newwindow.* about:config properties, Shift+RightClick forcing access to the browser-default context menu, Mozilla’s extended version of Manifest v2 APIs, and the lack of userChrome.css.)
I don’t want a new browser design. I want Firefox, pinned to a certain maximum level of enshittification… which is part of what my userChrome.css does to the UI by reverting bad ideas.
“We own EVERYTHING which comes or goes through your Firefox browser”. Did the co-presidents buy Mozilla?.
That quoted bit is bizarre.
Apart from the ludicrousness of mozilla trying to grab permission above and beyond the implied one through usage (not to mention “us” as opposed to the local piece of software), it basically means that if you handle other people’s documents, you *cannot* use firefox in any step of said handling without those other people’s consent.
Thanks for sharing this Thom, I’m letting all my friends know. This is super fucked. BTW didn’t Google try to do a similar thing with Chrome early in its history, and get forced to back off?
I’ve been using Floorp for a while myself; it has some nice extra features, less brokenness than Librewolf, and I consider it a security bonus at this point that its development is not US based. This is a worrying development even for forks though – we don’t know how spyware-y the sources might get, and how well hidden the spyware might be.
What’s broken about LibreWolf?
Microsoft Cloud PC sessions (the cursor is inexplicably a box of clown vomit), and many many video meeting sites. Might have been fixed since I last tried Librewolf, but I have no desire to faff around with it again.
I still haven’t made up my mind about whether Richard Stallman getting “cancelled” (and the FSF losing a lot of donations after re-hiring him) was authentic outrage (Richard Stallman was never the most socially-adjusted person) or a covert op to get rid of the last obstacle to “open-source as a surveillance tool for ads” (which was Richard Stallman and the FSF).
BTW, what are the chances we get Iceweasel for Windows realistically?
>”what are the chances we get Iceweasel for Windows realistically?”
Just use IceCat – it’s been around for many years: https://icecatbrowser.org/download.html
Perhaps it would be appropriate to add “Do not use Firefox.” to the headline of this article.
Is Firefox any better than Brave now?
I must say I’m quite surprised by the tone of this article. Previous articles like every time Microsoft is screwing people over in some new way seem to be a lot more accepting with resignation.
Now this Mozilla terms update, which you indicated seems to be just worded poorly, and it’s get out the torches and pitchforks. This despite the organization always having given users nptoce, and made it easy to opt-out of previous features added that impact privacy, with a change in settings.
First, fuck right off with your tired concern trolling, it’s transparent as fuck and makes you look like an idiot. But to address your post:
Perhaps the tone is warranted because we have come to expect corporations to treat their users like shit. On the other hand, Firefox is an open source project from an organization that built its reputation off of its previous stance of strong user privacy protections and advocacy for an open Web, and now that organization is using its biggest project to spy on its users and sell their information, and potentially narc on them to oppressive regimes. Yeah, I can definitely see why one would be more upset at this unexpected behavior from a formerly benign entity than at the same, but expected, behavior from a shitty corporation who only holds themselves accountable to their shareholders.
On another note, you can’t opt out of a Terms of Use. Either you use Firefox and implicitly accept the ToU, or you reject the ToU by not using Firefox. There is no in between, no settings to change, nothing you can do about it except stop using it, or else figure out which addresses to block in your firewall and hope that disabling telemetry that way doesn’t render the browser unusable. But you already knew that.
So how do I disable it in about:config?
You have to search for and turn off anything related to “telemetry”, there’s no one universal toggle. There’s also likely some things that don’t expose a knob in about:config that can only be turned off in the source code, which means you’ll have to maintain your own fork of Firefox.
I also discovered that turning off certain things in Settings doesn’t actually turn them off in about:config. For example the new “Send daily usage ping to Mozilla” toggle does nothing, it still remains enabled as “identity.fxaccounts.telemetry.clientAssociationPing.enabled” in about:config and has to be turned off there as well.
Sad day. I work at a college, and almost all our FERPA-protected information (like recording student grades) is is accessed or generated through web portals. Since I cannot legally disclose any of that information to third parties, I can’t legally use Firefox to do that work.
My wife works in healthcare, and I’m sure the same applies to HIPPA-protected information. If you can’t call the Mozilla Corporation to tell them that some rando has high cholesterol, I doubt you can intentionally send them that same information via browser telemetry.
You shouldn’t be using a general purpose web browser for hippa protected data, ever. That was true before this firefox policy change, and should be true today. Its possible there are some healthcare apps that are accessed via browser that specifically say its ok, but that seems very sketchy to me.
I can understand the reasons why, but it won’t make it any better.
Mozilla really needs this data in order to build some of the products they have been working on (like news recommendations). However they are also a “privacy focused” browser, at least give that impression. So this move is going to backfire.
I’ve switched to LibreWolf after reading this. There’s also Floorp and other forks.
Seems everyone has quickly forgotten this prior article:
https://www.osnews.com/story/140733/chrome-based-browsers-highlight-the-risks-of-using-third-party-firefox-based-browsers/
I’m out. So long.