We need to get behind Mozilla and Firefox for the simple reason it is the last bastion on the path to omni-chrome
Those who care very deeply about very tight privacy have enough niche options.
But I want there to be browser that has enough privacy to be sustainable so there’s a reliable option for me to recommend to family members etc which is holds enough market share for websites to test against.
If Firefox’s market share dips any lower website makers won’t support it - testing only against the homogeneity of chrome/edge/safari and then it will become a death spiral and humanity will have taken a step backwards.
If we need to do anything, it's get behind Ladybird, and put up with a Firefox fork for the next 12-24 months as a 'daily driver'.
Mozilla has little enthusiasm for developing its actual web browser, and doesn't seem to like its users very much.
For the past decade, Mozilla has made one bad choice after another, and every time it blows up in their faces, their takeaway is that they failed to properly 'educate the customer'.
Mozilla should just get out of the way. If Google Legal didn't need them, they already would be out of the way.
The makers of other browser had either worse incentives, or were bad at getting attention, or couldn't execute, or offered just a reskinned Chrome/Firefox, or included too many avant-garde features that nobody asked for, or existed back when Firefox was liked enough to make them irrelevant.
I've been optimistic on ladybird after watching the speed of progress with tests in their monthly youtube updates, they are quite well presented.
Ladybird is also not ideologically captured by anti freedom extremists with self contradictory beliefs. Mozilla refuses to allow anyone to donate to firefox development because they demand the right to redirect funds you give them towards discriminating against people they don't like.
For the share issue we are already there, with Firefox+Linux so many websites started to just block, usually with chrome at least a captcha is still offered.
With the current board and directors and focus I don't see any ways Firefox will gain share in the future (or not any that I really care about), and I certainly have no interest to support the current goals ...
For the privacy part Mozilla has been sitting on features like containers for years with no improvements. At this point I believe Mozilla ending might be better since it would shake things up ...
I'm with you, I really am. I've been on Firefox for nearly two decades, even the shitty years. But I still think this was a foreseeable issue and even the claim that "there was confusion" only shows a disconnect.
If you make a move like this you need to announce it in advance. You announce it loudly! You need you recognize that users concerned with privacy are looking for canaries. So when you have to put a canary down you fucking tell people before and don't just wait for them to find a dead canary. Of course people are going to freak out, that's what canaries are for.
> Those who care very deeply about very tight privacy
> that has enough privacy to be sustainable
These are the key phrases. Mozilla has hitched its wagon to advertising. Behind all the bluster over last week, the underlying direction is clear. They bought Anonym [0] and Ajit Varma, the new VP of Product for Firefox and source of the updates, is ex-Meta. It's reasonable to assume that he's there, in part, because of advertising expertise.
Some will see Anonym's "privacy-powered advertising" as "enough privacy" and the only viable way to sustain Firefox without Google's annual cash injection.
Others won't buy that, believing that a browser can be built without relying on advertising. Ladybird is taking this approach - so we'll find out.
> If Firefox’s market share dips any lower website makers won’t support it
This is the risk the exec team must know they've taken. Specifically: what proportion of the current Firefox user base exists because of the historic pro-privacy stance, and what percentage of that will leave because of the advertising-based future?
No we need to get rid of Mozilla (the org and the company), transform/fork Firefox and Thunderbird to a community project with (maybe?) a Foundation behind like FreeBSD or Blender.
Mozilla's CEO's and Manifesto writers did nothing to support Firefox but fill their own pockets and hype the AI train, I really wonder how much money goes directly into the development of Firefox, if we compare it to the Linux Foundation supporting Linux (the Kernel) it's about 3%, it's probably even less for Mozilla.
if that were truly (sustainably) possible, I'd support it, but imo that'd just be signing ff's death warrant
side note, thunderbird is already independent and democratically-managed by the community (as of a few years ago). the way I understand it is that they effectively just use mozilla's resources for legal, logistical stuff
Neither of these represent the cost and support footprint to maintain and develop a fully featured browser because as it stands neither of them are fully featured, complete browsers.
>cost and support footprint to maintain and develop a fully featured browser
True because the real cost to support a "a fully featured browser" is at least a 1/4 billion dollars....because OpenSource needs to make money, not for the Dev's but the MBA's ;)
That's some bizarre upside-down-world Stockholm Syndrome thinking on display here. That or you are a paid PR influencer working on behalf of Mozilla. Just absolutely astonishingly weird psychological behavior.
Mozilla is violating user privacy. They are the bad guy. You don't ask the bad guy for help. You punch them in the face. These guys are making it worse, not better, and helping them will only make privacy worse, not better.
There are already multiple forks for Firefox and destroying Mozilla as an organization would greatly help one or more of them take off and carry the banner of true enabling privacy for the user, which Mozilla is not doing.
They have changed literally nothing except the FAQ. The "selling" is describing behaviour they already do and have been doing for years. They set the default search engine to Google, this is now considered selling user data.
> There are already multiple forks for Firefox and destroying Mozilla as an organization would greatly help one or more of them take off and carry the banner of true enabling privacy for the user, which Mozilla is not doing.
You do realize that if Mozilla dies then every single one of these forks dies with it? Surely?
None of the teams working on these forks actually do any core browser engine work. Without Mozilla you are an ECMAScript update or a new web standard away from your fork of choice becoming a brick.
Huh? You do understand that Firefox is just a single executive decision away from becoming a chromium skin? In order to forward-think, proper-size and upward-achieve , so that limited funds can be utilized with most impact etc.?
> [Given that the definition of "selling" in legal terms can be slippery, we must be aware of not falling in cases like the following:] In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar. We set all of this out in our Privacy Notice. Whenever we share data with our partners, we put a lot of work into making sure that the data that we share is stripped of potentially identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP)
> in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as...
And then they go on to describe what a common-sense definition of a sale is. There's nothing broad or slippery about the example, so yes, they basically say "we're going to sell your data"
>>This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
So now we can use your photo of your birthday party that you sent via webmail... but don't worry, we don't own it, you just gave us a "non-exclusive, royalty-free, worldwide license".
> So now we can use your photo of your birthday party that you sent via webmail
Please read the second half of the text you quoted, where it says "for the purpose of doing as you request with the content you input in Firefox."
I cannot find a nicer way to say this, but a lot of people in these threads are essentially winding themselves up and then producing rubbish like this to fuel their own anger.
Mozilla have been clumsy sure, but this collective tantrum as a response makes zero sense especially now with given context it's clear they're not doing anything they haven't been doing for years.
This leaves out the important part, nothing has actually changed. This is entirely a rewording for what they're currently doing and have been doing for years.
If it's such an outrage worthy subject why did no one explode about this when they added the sponsored links years ago?
There's no chance I would be able to recommend some Waterfox or Iceweasel to family or friends. Current status is Chrome or Firefox, and there's a long long way ahead for anything else to become relevant. Death of Firefox would mean immediate death of all the forks too.
This is even more confusing. I understand that the browser needs to know my primary language and will send that as part of the HTTP requests (e.g. as part of the Accept-Language header) in order to operate ("To provide you with the Firefox browser"). I don't know why Mozilla needs a license for this.
They are not clear where/how the data is being used. For example, why are "Unique identifiers" and "Interaction data" part of "To provide you with the Firefox browser"?
From "Interaction data": "This is data about how you engage with our services, such as how many tabs you have open or what you’ve clicked on." -- Why is it necessary to track how many tabs I have open in order to provide the browser to me? -- That isn't something they need to send via HTTP to make websites function. If it is for telemetry and improving the browser, that should be a separate section.
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license *for the purpose of doing as you request* with the content you input in Firefox. This does not give Mozilla any ownership in that content.
They are saying that you give a license to Firefox to do as you request. That's all. The language is explicit and explain the relationship between you and the product when you use it. The product behaves as your agent, and would need permissions to do so. Every browser implies this, Firefox just was explicit with it.
It still doesn't make sense unless that info is going via mozilla's servers. Software running on your PC doesn't need permission to process and send data that you are giving it, to send it to the places you intend.
I'm looking at the https://www.mozilla.org/en-US/privacy/firefox/#lawful-bases section of the new privacy document which goes into more detail on what is collected and why, along with the "Types of Data Defined" section above it that describes the different data.
It doesn't differentiate when that data is stored locally, when it is sent to (and collected by) Mozilla, and when it is sent/accessed by the website you are on/using.
Likewise, because "Interaction data" covers both "how many tabs you have open" and "what you’ve clicked on" (as well as ad related information in the next paragraph) it can cover things like handling anchor ping attributes (what you've clicked on) which are nec1essary for Firefox to work w.r.t. that feature vs. collecting ad related information ("Click counts, impression data, attribution data, how many searches performed, time on page, ad and sponsored tile clicks.") which is not.
With those broad information categories they are combining different use cases from using the browser, telemetry, and collecting data useful for advertising.
Another example: in the "To adapt Firefox to your needs" section they explicitly call out sending location data to websites like Google Maps but the data collected is listed is "Any data type" not "Location".
I know there are other cases, but the specific wording is vague and unclear. For example that section mentions being able to "clear your browsing history". As a developer I can infer that that is related to JavaScript APIs being able to access your browsing history, but that isn't called out in this section so it is unclear that this is what they are referring to.
Why does Mozilla keep falling into the trap of bringing these crappy MBAs into their leadership? Promote real ambassadors of privacy and open software instead of people like the current interim CEO, who is ex-McKinsey. If they can't manage that then maybe it's finally time to let Mozilla go. Andreas Kling's browser project sounds like it's coming along well.
They're essentially owned by Google through a contract both cannot refuse, because it keeps the "Google isn't a monopoly" narrative while allowing Mozilla to stay afloat, therefore I wouldn't expect them to do anything that could harm the agreement with Google, like real competition.
Why? Mozilla has been circling the drain for a while with their poor decisions, and questionable privacy practices all while proclaiming to be all about user privacy. Now they have flushed any goodwill they had right down the toilet.
As leaders, they need to be held accountable for their poor decisions. Which means they need to fuck off, and let new people come in and rebuild trust.
yes, this was a big screw-up all things considered, but crucifying people for a (relatively straightforward, imo) comms issue just seems...borderline violent?
> For instance, Mozilla said it may have removed blanket claims that it never sells user data because the legal definition of “sale of data” is now “broad and evolving,” Mozilla’s blog post stated.
> The company pointed to the California Consumer Privacy Act (CCPA) as an example of why the language was changed, noting that the CCPA defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
mind you, I sincerely doubt this ever even came across the desks of leadership—if it's legalese compliance bullshit, why would it?
You read it as a comms issue. I don't. I read it they have been selling a form of my data.
In one, my argument is an overreaction. In the other it is reasonable, given they have been misleading consumers. A strategy which clearly would be oversighted by senior management.
it sounds like you and I have completely different understandings of the world, so I'm genuinely not sure I can convince you otherwise, but let me give it a shot
to oversimplify into a couple points:
* people make mistakes, especially in communication—it happens! I misspeak (or often don't fully consider how people with different POVs will interpret what I say differently) all the time, personally
* nearly mozilla's entire remaining userbase has stuck around because of mozilla's independence and focus on privacy. everyone with a brain knows full well that selling all user data entered into the browser is the single biggest possible violation of that. therefore, how would mozilla continue to exist as a company in any capacity if that were actually the case? they would have zero users
finally, I'll leave you with hanlon's razor: "never attribute to malice that which is adequately explained by stupidity"
I'm not saying they're selling all data put into the browser, I'm saying they're selling user data, and they were doing so when they were claiming they never sold user data. They (charitably) seem to have convinced themselves that what they were doing was not 'selling' (in a similar way to google 'not selling your data' because they don't just make it available wholesale, they only sell the processed results indirectly through their ad business), but California's new privacy laws makes it obvious they should be calling it 'selling'. They've obvious cocked up the communication of this fact, partly with an overly broad update to their ToS, but even with this walking back they should apologise for misinforming people on this page before.
Despite all the justified doubts and concerns, it's also worth noting that Mozilla runs one of the few independent browser engines left, with limited ways to actually fund it.
When they're not here anymore, there aren't many parties left to argue about web standards in favor of a free web.
So I'd keep watching them as always, without painting them as evil just because of some misstep...
"The Firefox Browser is the only major browser backed by a not-for-profit that doesn’t sell your personal data to advertisers while helping you protect your personal information."
Now just says.
"The Firefox Browser, the only major browser backed by a not-for-profit, helps you protect your personal information."
This is not some misstep, it is the breaking of a promise.
If I remember correctly, more than 50% of their revenue came from Google Search in the past.
They are now at 2.6% market-share, I can imagine that revenue-stream is making it hard to keep the lights on.
It's sad that it came to this, but somewhat understandable as they don't really have these other lucrative side-businesses of Google, Apple, Microsoft.
FWIW, the change is that the new wording allows them to build a revenue-stream based on telemetry data, while the original wording prohibits them from such a financing model at all.
Outside of Europe this might be significant, but in European legal context the difference is that they could now ASK you if you allow them to use your telemetry to create revenue, and only do it IF YOU AGREE (small nudge to push for privacy-friendly laws).
The definition of the word "sell" has a different meaning in a post-AI world and in specific California have a new bill adding some other contexts to it, so despite not actually doing anything differently (go and look at the Firefox source tree if you don't believe me) they have to change their wording.
ETA: Setting Google as their default search engine in exchange for funding from Google has been cited as an example of "selling user data to Google", if you'd like a concrete example of what I'm talking about.
I would say they are changing the promise, not breaking it. Breaking it would have been if they sold data with the old description (which is not the case, is it?).
Does it matter if they weren't arguing in favor of a free web to begin with? Quite the opposite in fact; their stated stance is they want to remove people they disagree with from the web.
It seems like what is happening is not Firefox now making a pivot to the privacy unfriendly side, but Firefox has already been selling data, but in a manner that---for whatever strange reason---they didn't consider to qualify as "selling data", and hence the original Terms of Use included the promise of "We never sell your data". Then lawyers came along and told them that this just wouldn't fly legally, and they have to change their terms now.
Even now, Firefox still doesn't consider what they do "selling data", and they are forced to change the wording only because the laws are weird.
Frankly, I just don't see how sharing data to partners to make yourself commercially viable can be construed as not selling data. In their own words, what Firefox does is:
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
We could argue about whether the laws are slippery or over-reaching, or how responsible or not Firefox has been handling user data. We could argue about how much anonymization and aggregation of data reduce privacy concerns.
But to argue that the above action is not "selling data" is in my view not a reasonable position.
It's insane to think Firefox would ever have gone this route? How disconnected is management? The move would be suicide! A major reason people use Firefox is because of privacy. The other major reason is because a user's privacy conscious child or grandchild installed it for them. That's your whole fucking userbase!
It's a shame too because they had the opportunity to double down on privacy. What with Apple caving to governments.
I was a fanboy who's been with you for nearly two decades
You can check my comment history. I defended you through tough times, I've donated, and for what? A slap in the face.
You had it going with the rust rewrite and just floundered on every opportunity. You made Thunderbird pretty good and gave many hope, then floundered. You have some great devs, let them make great software
So where do we go now? What browser that isn't just a different color of chrome? Safari? No. Ladybird? Sea Monkey?
I honestly don't understand the insane levels of hate that Mozilla gets on HN and certain other corners of the internet. More than the most evil corporations on earth. I can only assume some of it is politically driven.
Firefox and Thunderbird are two of the last bastions of functional, accessible FOSS software in their respective spaces. The software landscape would be a lot more bleak without them.
It's important to hold Mozilla to account given their role (and this TOS roll-out was clearly a screw-up whatever way you look at it) but the amount of people jumping in saying that they are irredeemable now, that we must now stop using their software even if they backtrack on this, is counterproductive. And honestly I suspect a lot of the people saying that have also been saying it for years before any of this happened.
The whole thing confuses me is that why would Firefox as an browser (user agent) need that legal jargon to work. Hopefully Legal Eagle or similar channels would cover this, but they are too busy with politics at the moment?
I would love that detractors explain what data is being sold, exactly. Because it's the same data that you have willingly given them by using their _services_. The only change with the product is "for the purpose of doing as you request", which is the definition of an User Agent.
Sounds like the blog post shows that they are explicitly selling user data. Specifically data relating to the ads they show in the browser. They claim it's carefully anonymised and aggregated, but they are selling it nonetheless. The blog post is a nonsequitar with the claims in the updated 'TOS', which make no sense because they don't need a license for an executable on your PC to process and send data to the website's your visiting in line with what's expected of a web browser, only a license if they are also sending it to themselves or on behalf of themselves, which is not "what you intend" if you visit a web page or just open up a new tab.
> because they don't need a license for an executable on your PC to process and send data to the website's your visiting in line with what's expected of a web browser
You actually do. It's implied that by using the software you give it to the software to act to your agent, but you actually do have it. In court you would have to establish this behavior using context. Mozilla avoids all of that by making it explicit.
> only a license if they are also sending it to themselves or on behalf of themselves
> The company pointed to the California Consumer Privacy Act (CCPA) as an example of why the language was changed, noting that the CCPA defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
I've been deeply studying "trust" for the past year, as part of a
project around "Zero Trust". It's a core pillar in cybersecurity.
Trust is very complex. Extremely hard won, easy to lose, practically
impossible to rebuild.
Mozilla have blown it and there's no going back for that company.
This is what happens when you let morally defective people take the
reigns. My advice would be, dissolve it and use whatever money is left
to start new projects for free-software browsers.
Mozilla's core major malfunction is that they are deceptive, as an
organisational culture. No amount of hard work, careful words, money
spent on PR will hide that odour, and whatever goodwill they show now
will naturally be undone as they return to business as usual.
What complicates things is that large companies have incentive and resources to try to dissuade users from using completely free and open source browsers.
This makes it harder to trust messages about not trusting ie. Firefox.
There are certainly many enemies of Mozilla who've used disinformation
and exaggeration to agitate against them.
From where I stand, Mozilla have done little to deflect that,
everything to encourage it and generally been been their own worst
enemy.
Taking on an operation like running Mozilla is not just running some
random tech company that makes a browser. Standing up for software
freedom is an ideological stance (in the best possible sense) and
requires more capable people who are prepared to dig deeper, work
harder, take risk, and stand up for what is right.
I do not see those people at Mozilla. Correct me if I'm wrong (and
let's have their email) so I can apologise and invite them to discuss
why Firefox is no longer a browser that I can trust.
We need to get behind Mozilla and Firefox for the simple reason it is the last bastion on the path to omni-chrome
Those who care very deeply about very tight privacy have enough niche options.
But I want there to be browser that has enough privacy to be sustainable so there’s a reliable option for me to recommend to family members etc which is holds enough market share for websites to test against.
If Firefox’s market share dips any lower website makers won’t support it - testing only against the homogeneity of chrome/edge/safari and then it will become a death spiral and humanity will have taken a step backwards.
It’s a case of use it lose it.
If we need to do anything, it's get behind Ladybird, and put up with a Firefox fork for the next 12-24 months as a 'daily driver'.
Mozilla has little enthusiasm for developing its actual web browser, and doesn't seem to like its users very much.
For the past decade, Mozilla has made one bad choice after another, and every time it blows up in their faces, their takeaway is that they failed to properly 'educate the customer'.
Mozilla should just get out of the way. If Google Legal didn't need them, they already would be out of the way.
Why is Ladybird going to be more successful than all the other failed browsers?
The makers of other browser had either worse incentives, or were bad at getting attention, or couldn't execute, or offered just a reskinned Chrome/Firefox, or included too many avant-garde features that nobody asked for, or existed back when Firefox was liked enough to make them irrelevant.
I've been optimistic on ladybird after watching the speed of progress with tests in their monthly youtube updates, they are quite well presented.
Ladybird is also not ideologically captured by anti freedom extremists with self contradictory beliefs. Mozilla refuses to allow anyone to donate to firefox development because they demand the right to redirect funds you give them towards discriminating against people they don't like.
For the share issue we are already there, with Firefox+Linux so many websites started to just block, usually with chrome at least a captcha is still offered.
With the current board and directors and focus I don't see any ways Firefox will gain share in the future (or not any that I really care about), and I certainly have no interest to support the current goals ...
For the privacy part Mozilla has been sitting on features like containers for years with no improvements. At this point I believe Mozilla ending might be better since it would shake things up ...
I'm with you, I really am. I've been on Firefox for nearly two decades, even the shitty years. But I still think this was a foreseeable issue and even the claim that "there was confusion" only shows a disconnect.
If you make a move like this you need to announce it in advance. You announce it loudly! You need you recognize that users concerned with privacy are looking for canaries. So when you have to put a canary down you fucking tell people before and don't just wait for them to find a dead canary. Of course people are going to freak out, that's what canaries are for.
I agree completely that something needs to change procedurally—this can't be allowed to happen again
> Those who care very deeply about very tight privacy
> that has enough privacy to be sustainable
These are the key phrases. Mozilla has hitched its wagon to advertising. Behind all the bluster over last week, the underlying direction is clear. They bought Anonym [0] and Ajit Varma, the new VP of Product for Firefox and source of the updates, is ex-Meta. It's reasonable to assume that he's there, in part, because of advertising expertise.
Some will see Anonym's "privacy-powered advertising" as "enough privacy" and the only viable way to sustain Firefox without Google's annual cash injection.
Others won't buy that, believing that a browser can be built without relying on advertising. Ladybird is taking this approach - so we'll find out.
> If Firefox’s market share dips any lower website makers won’t support it
This is the risk the exec team must know they've taken. Specifically: what proportion of the current Firefox user base exists because of the historic pro-privacy stance, and what percentage of that will leave because of the advertising-based future?
[0] https://www.anonymco.com/
--
EDIT: addedd missing reference
> Others won't buy that, believing that a browser can be built without relying on advertising. Ladybird is taking this approach - so we'll find out.
I'm afraid that we'll find out indeed and end up with no Ladybird and no Firefox either.
>We need to get behind Mozilla and Firefox
No we need to get rid of Mozilla (the org and the company), transform/fork Firefox and Thunderbird to a community project with (maybe?) a Foundation behind like FreeBSD or Blender.
Mozilla's CEO's and Manifesto writers did nothing to support Firefox but fill their own pockets and hype the AI train, I really wonder how much money goes directly into the development of Firefox, if we compare it to the Linux Foundation supporting Linux (the Kernel) it's about 3%, it's probably even less for Mozilla.
if that were truly (sustainably) possible, I'd support it, but imo that'd just be signing ff's death warrant
side note, thunderbird is already independent and democratically-managed by the community (as of a few years ago). the way I understand it is that they effectively just use mozilla's resources for legal, logistical stuff
>if that were truly (sustainably) possible, I'd support it, but imo that'd just be signing ff's death warrant
I really don't think so, have a look at the ladybird browser:
https://ladybird.org/#sponsors
Or even Servo:
https://servo.org/
Neither of these represent the cost and support footprint to maintain and develop a fully featured browser because as it stands neither of them are fully featured, complete browsers.
>cost and support footprint to maintain and develop a fully featured browser
True because the real cost to support a "a fully featured browser" is at least a 1/4 billion dollars....because OpenSource needs to make money, not for the Dev's but the MBA's ;)
I just wish I could get enthusiastically behind Mozilla, right now I stand behind them in spite of their leadership.
> We need to get behind Mozilla and Firefox
That's some bizarre upside-down-world Stockholm Syndrome thinking on display here. That or you are a paid PR influencer working on behalf of Mozilla. Just absolutely astonishingly weird psychological behavior.
Mozilla is violating user privacy. They are the bad guy. You don't ask the bad guy for help. You punch them in the face. These guys are making it worse, not better, and helping them will only make privacy worse, not better.
There are already multiple forks for Firefox and destroying Mozilla as an organization would greatly help one or more of them take off and carry the banner of true enabling privacy for the user, which Mozilla is not doing.
> Mozilla is violating user privacy.
They have changed literally nothing except the FAQ. The "selling" is describing behaviour they already do and have been doing for years. They set the default search engine to Google, this is now considered selling user data.
> There are already multiple forks for Firefox and destroying Mozilla as an organization would greatly help one or more of them take off and carry the banner of true enabling privacy for the user, which Mozilla is not doing.
You do realize that if Mozilla dies then every single one of these forks dies with it? Surely?
None of the teams working on these forks actually do any core browser engine work. Without Mozilla you are an ECMAScript update or a new web standard away from your fork of choice becoming a brick.
Huh? You do understand that Firefox is just a single executive decision away from becoming a chromium skin? In order to forward-think, proper-size and upward-achieve , so that limited funds can be utilized with most impact etc.?
Please, directly skip to the real announcement:
https://blog.mozilla.org/en/products/firefox/update-on-terms...
The actual content:
> [Given that the definition of "selling" in legal terms can be slippery, we must be aware of not falling in cases like the following:] In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar. We set all of this out in our Privacy Notice. Whenever we share data with our partners, we put a lot of work into making sure that the data that we share is stripped of potentially identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP)
This was discussed before on HN.:
> in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as...
And then they go on to describe what a common-sense definition of a sale is. There's nothing broad or slippery about the example, so yes, they basically say "we're going to sell your data"
>"we're going to sell your data"
And:
>>This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
So now we can use your photo of your birthday party that you sent via webmail... but don't worry, we don't own it, you just gave us a "non-exclusive, royalty-free, worldwide license".
> So now we can use your photo of your birthday party that you sent via webmail
Please read the second half of the text you quoted, where it says "for the purpose of doing as you request with the content you input in Firefox."
I cannot find a nicer way to say this, but a lot of people in these threads are essentially winding themselves up and then producing rubbish like this to fuel their own anger.
Mozilla have been clumsy sure, but this collective tantrum as a response makes zero sense especially now with given context it's clear they're not doing anything they haven't been doing for years.
This leaves out the important part, nothing has actually changed. This is entirely a rewording for what they're currently doing and have been doing for years.
If it's such an outrage worthy subject why did no one explode about this when they added the sponsored links years ago?
> why did no one explode about this when they added the sponsored links years ago?
There was a lot of discussion and consternation about this as well.
No thank you. Fork.
There's no chance I would be able to recommend some Waterfox or Iceweasel to family or friends. Current status is Chrome or Firefox, and there's a long long way ahead for anything else to become relevant. Death of Firefox would mean immediate death of all the forks too.
You're forking the FAQ? Because that's the only thing that's actually changed here.
This is even more confusing. I understand that the browser needs to know my primary language and will send that as part of the HTTP requests (e.g. as part of the Accept-Language header) in order to operate ("To provide you with the Firefox browser"). I don't know why Mozilla needs a license for this.
They are not clear where/how the data is being used. For example, why are "Unique identifiers" and "Interaction data" part of "To provide you with the Firefox browser"?
From "Interaction data": "This is data about how you engage with our services, such as how many tabs you have open or what you’ve clicked on." -- Why is it necessary to track how many tabs I have open in order to provide the browser to me? -- That isn't something they need to send via HTTP to make websites function. If it is for telemetry and improving the browser, that should be a separate section.
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license *for the purpose of doing as you request* with the content you input in Firefox. This does not give Mozilla any ownership in that content.
They are saying that you give a license to Firefox to do as you request. That's all. The language is explicit and explain the relationship between you and the product when you use it. The product behaves as your agent, and would need permissions to do so. Every browser implies this, Firefox just was explicit with it.
It still doesn't make sense unless that info is going via mozilla's servers. Software running on your PC doesn't need permission to process and send data that you are giving it, to send it to the places you intend.
I'm looking at the https://www.mozilla.org/en-US/privacy/firefox/#lawful-bases section of the new privacy document which goes into more detail on what is collected and why, along with the "Types of Data Defined" section above it that describes the different data.
It doesn't differentiate when that data is stored locally, when it is sent to (and collected by) Mozilla, and when it is sent/accessed by the website you are on/using.
Likewise, because "Interaction data" covers both "how many tabs you have open" and "what you’ve clicked on" (as well as ad related information in the next paragraph) it can cover things like handling anchor ping attributes (what you've clicked on) which are nec1essary for Firefox to work w.r.t. that feature vs. collecting ad related information ("Click counts, impression data, attribution data, how many searches performed, time on page, ad and sponsored tile clicks.") which is not.
With those broad information categories they are combining different use cases from using the browser, telemetry, and collecting data useful for advertising.
Another example: in the "To adapt Firefox to your needs" section they explicitly call out sending location data to websites like Google Maps but the data collected is listed is "Any data type" not "Location".
I know there are other cases, but the specific wording is vague and unclear. For example that section mentions being able to "clear your browsing history". As a developer I can infer that that is related to JavaScript APIs being able to access your browsing history, but that isn't called out in this section so it is unclear that this is what they are referring to.
Why does Mozilla keep falling into the trap of bringing these crappy MBAs into their leadership? Promote real ambassadors of privacy and open software instead of people like the current interim CEO, who is ex-McKinsey. If they can't manage that then maybe it's finally time to let Mozilla go. Andreas Kling's browser project sounds like it's coming along well.
They're essentially owned by Google through a contract both cannot refuse, because it keeps the "Google isn't a monopoly" narrative while allowing Mozilla to stay afloat, therefore I wouldn't expect them to do anything that could harm the agreement with Google, like real competition.
How about the directors and Management who let this happen, resign. We need another phoenix to rise from the ashes of Firefox.
They are currently with an interim CEO and searching for a new one https://blog.mozilla.org/en/mozilla/a-new-chapter-for-mozill...
I am old enough to get that.
Let's fork it and call it Firebird...oh no wait ;)
that seems wildly excessive
Why? Mozilla has been circling the drain for a while with their poor decisions, and questionable privacy practices all while proclaiming to be all about user privacy. Now they have flushed any goodwill they had right down the toilet.
As leaders, they need to be held accountable for their poor decisions. Which means they need to fuck off, and let new people come in and rebuild trust.
yes, this was a big screw-up all things considered, but crucifying people for a (relatively straightforward, imo) comms issue just seems...borderline violent?
> For instance, Mozilla said it may have removed blanket claims that it never sells user data because the legal definition of “sale of data” is now “broad and evolving,” Mozilla’s blog post stated.
> The company pointed to the California Consumer Privacy Act (CCPA) as an example of why the language was changed, noting that the CCPA defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
mind you, I sincerely doubt this ever even came across the desks of leadership—if it's legalese compliance bullshit, why would it?
You read it as a comms issue. I don't. I read it they have been selling a form of my data.
In one, my argument is an overreaction. In the other it is reasonable, given they have been misleading consumers. A strategy which clearly would be oversighted by senior management.
well, yeah...if mozilla's been selling all our data, then screw firing leadership—they as an organization are rotten to the core and should burn
but I honestly think that's a totally unreasonable conclusion to draw based on this kerfuffle alone
It sounds a bit more like they were lying before, frankly, and they were forced to come clean by this act.
it sounds like you and I have completely different understandings of the world, so I'm genuinely not sure I can convince you otherwise, but let me give it a shot
to oversimplify into a couple points:
* people make mistakes, especially in communication—it happens! I misspeak (or often don't fully consider how people with different POVs will interpret what I say differently) all the time, personally
* nearly mozilla's entire remaining userbase has stuck around because of mozilla's independence and focus on privacy. everyone with a brain knows full well that selling all user data entered into the browser is the single biggest possible violation of that. therefore, how would mozilla continue to exist as a company in any capacity if that were actually the case? they would have zero users
finally, I'll leave you with hanlon's razor: "never attribute to malice that which is adequately explained by stupidity"
I'm not saying they're selling all data put into the browser, I'm saying they're selling user data, and they were doing so when they were claiming they never sold user data. They (charitably) seem to have convinced themselves that what they were doing was not 'selling' (in a similar way to google 'not selling your data' because they don't just make it available wholesale, they only sell the processed results indirectly through their ad business), but California's new privacy laws makes it obvious they should be calling it 'selling'. They've obvious cocked up the communication of this fact, partly with an overly broad update to their ToS, but even with this walking back they should apologise for misinforming people on this page before.
and no, a decent manager shouldn't have to literally review every little thing every single one of their employees does
obviously something needs to change here procedurally, but micromanagement across the entire board is not the answer
and therefore firing management for this is not really solving anything other than satiating the bloodlust of the mob
Wow, quite black and white views here.
Despite all the justified doubts and concerns, it's also worth noting that Mozilla runs one of the few independent browser engines left, with limited ways to actually fund it.
When they're not here anymore, there aren't many parties left to argue about web standards in favor of a free web.
So I'd keep watching them as always, without painting them as evil just because of some misstep...
Original
"The Firefox Browser is the only major browser backed by a not-for-profit that doesn’t sell your personal data to advertisers while helping you protect your personal information."
Now just says.
"The Firefox Browser, the only major browser backed by a not-for-profit, helps you protect your personal information."
This is not some misstep, it is the breaking of a promise.
If I remember correctly, more than 50% of their revenue came from Google Search in the past.
They are now at 2.6% market-share, I can imagine that revenue-stream is making it hard to keep the lights on.
It's sad that it came to this, but somewhat understandable as they don't really have these other lucrative side-businesses of Google, Apple, Microsoft.
FWIW, the change is that the new wording allows them to build a revenue-stream based on telemetry data, while the original wording prohibits them from such a financing model at all.
Outside of Europe this might be significant, but in European legal context the difference is that they could now ASK you if you allow them to use your telemetry to create revenue, and only do it IF YOU AGREE (small nudge to push for privacy-friendly laws).
The definition of the word "sell" has a different meaning in a post-AI world and in specific California have a new bill adding some other contexts to it, so despite not actually doing anything differently (go and look at the Firefox source tree if you don't believe me) they have to change their wording.
ETA: Setting Google as their default search engine in exchange for funding from Google has been cited as an example of "selling user data to Google", if you'd like a concrete example of what I'm talking about.
I would say they are changing the promise, not breaking it. Breaking it would have been if they sold data with the old description (which is not the case, is it?).
Does it matter if they weren't arguing in favor of a free web to begin with? Quite the opposite in fact; their stated stance is they want to remove people they disagree with from the web.
It seems like what is happening is not Firefox now making a pivot to the privacy unfriendly side, but Firefox has already been selling data, but in a manner that---for whatever strange reason---they didn't consider to qualify as "selling data", and hence the original Terms of Use included the promise of "We never sell your data". Then lawyers came along and told them that this just wouldn't fly legally, and they have to change their terms now.
Even now, Firefox still doesn't consider what they do "selling data", and they are forced to change the wording only because the laws are weird.
Frankly, I just don't see how sharing data to partners to make yourself commercially viable can be construed as not selling data. In their own words, what Firefox does is:
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
We could argue about whether the laws are slippery or over-reaching, or how responsible or not Firefox has been handling user data. We could argue about how much anonymization and aggregation of data reduce privacy concerns.
But to argue that the above action is not "selling data" is in my view not a reasonable position.
Optics. Mozilla bungled the optics, then in their reaction, bungled it some more! They do not look good here. We respond to looks.
In objective reality it's a bit of much ado about nothing, but in today's world it's optics and perception that rules. It's subjective.
As another comment says it takes forever to gain trust and a moment to lose it all. Trust is subjective.
People need to resign
It's insane to think Firefox would ever have gone this route? How disconnected is management? The move would be suicide! A major reason people use Firefox is because of privacy. The other major reason is because a user's privacy conscious child or grandchild installed it for them. That's your whole fucking userbase!
It's a shame too because they had the opportunity to double down on privacy. What with Apple caving to governments.
I was a fanboy who's been with you for nearly two decades You can check my comment history. I defended you through tough times, I've donated, and for what? A slap in the face.
You had it going with the rust rewrite and just floundered on every opportunity. You made Thunderbird pretty good and gave many hope, then floundered. You have some great devs, let them make great software
So where do we go now? What browser that isn't just a different color of chrome? Safari? No. Ladybird? Sea Monkey?
So isn't this a good thing? The comments on here are more overwrought than rational and disinterested...
I honestly don't understand the insane levels of hate that Mozilla gets on HN and certain other corners of the internet. More than the most evil corporations on earth. I can only assume some of it is politically driven.
Firefox and Thunderbird are two of the last bastions of functional, accessible FOSS software in their respective spaces. The software landscape would be a lot more bleak without them.
It's important to hold Mozilla to account given their role (and this TOS roll-out was clearly a screw-up whatever way you look at it) but the amount of people jumping in saying that they are irredeemable now, that we must now stop using their software even if they backtrack on this, is counterproductive. And honestly I suspect a lot of the people saying that have also been saying it for years before any of this happened.
The whole thing confuses me is that why would Firefox as an browser (user agent) need that legal jargon to work. Hopefully Legal Eagle or similar channels would cover this, but they are too busy with politics at the moment?
Time to sue Intel for releasing chips that process our inputs as we request.
Dupe? I didn’t see anything from this article that wasn’t already in the previously posted Mozilla blog posts which have already been submitted here.
I would love that detractors explain what data is being sold, exactly. Because it's the same data that you have willingly given them by using their _services_. The only change with the product is "for the purpose of doing as you request", which is the definition of an User Agent.
Sounds like the blog post shows that they are explicitly selling user data. Specifically data relating to the ads they show in the browser. They claim it's carefully anonymised and aggregated, but they are selling it nonetheless. The blog post is a nonsequitar with the claims in the updated 'TOS', which make no sense because they don't need a license for an executable on your PC to process and send data to the website's your visiting in line with what's expected of a web browser, only a license if they are also sending it to themselves or on behalf of themselves, which is not "what you intend" if you visit a web page or just open up a new tab.
> because they don't need a license for an executable on your PC to process and send data to the website's your visiting in line with what's expected of a web browser
You actually do. It's implied that by using the software you give it to the software to act to your agent, but you actually do have it. In court you would have to establish this behavior using context. Mozilla avoids all of that by making it explicit.
> only a license if they are also sending it to themselves or on behalf of themselves
Which again, the license still doesn't allow.
> The company pointed to the California Consumer Privacy Act (CCPA) as an example of why the language was changed, noting that the CCPA defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
...yeah? That's pretty straightforward.
Too little too late.
I've been deeply studying "trust" for the past year, as part of a project around "Zero Trust". It's a core pillar in cybersecurity. Trust is very complex. Extremely hard won, easy to lose, practically impossible to rebuild.
Mozilla have blown it and there's no going back for that company. This is what happens when you let morally defective people take the reigns. My advice would be, dissolve it and use whatever money is left to start new projects for free-software browsers.
Mozilla's core major malfunction is that they are deceptive, as an organisational culture. No amount of hard work, careful words, money spent on PR will hide that odour, and whatever goodwill they show now will naturally be undone as they return to business as usual.
What complicates things is that large companies have incentive and resources to try to dissuade users from using completely free and open source browsers.
This makes it harder to trust messages about not trusting ie. Firefox.
You mean bundling the browser with the OS?
There are certainly many enemies of Mozilla who've used disinformation and exaggeration to agitate against them.
From where I stand, Mozilla have done little to deflect that, everything to encourage it and generally been been their own worst enemy.
Taking on an operation like running Mozilla is not just running some random tech company that makes a browser. Standing up for software freedom is an ideological stance (in the best possible sense) and requires more capable people who are prepared to dig deeper, work harder, take risk, and stand up for what is right.
I do not see those people at Mozilla. Correct me if I'm wrong (and let's have their email) so I can apologise and invite them to discuss why Firefox is no longer a browser that I can trust.
[dead]
> Mozilla rewrites Firefox's Terms of Use after user backlash
This looks like a deja-vu of Apple CSAM scanning.
"We didn't mean it".
They didn't actually change anything, they just tried to clarify what had made people panic about things they never intended to do.
At least, that's how I read it. IANAL.
Or Unity
Damage is done. Their intention is clear. Mozilla name is toxic to common-sense privacy now.
If they acquired Tailscale, I'd stop using it.
If they endorsed ChaCha20, I'd question if it is backdoored.