I don’t understand how they are supposed to “sell your data” if you just never use a Mozilla account and uncheck all the telemetry. Its not like they can secretly steal your data, since its Open Source.
It seems to me like just more FUD that Google is spreading to undermine our trust in free software.
how are they supposed to “sell your data”
First step is collecting it. Putting provisions to grab everything from the software you installed on your device and use to do everything is a good start. Second step is selling it. Data broker loves data, surprisingly. And even small, inconsequential stuff can go a long way when you can correlate with dozens, or hundreds, of data points.
if you just never use a Mozilla account
Given how it’s implemented, the data pushed inside your account may be in a safer place than what you use the browser to do daily at this point.
and uncheck all the telemetry
Funny thing. Even with everything unchecked/disabled/toggled off/whatever, there’s a handful of ping back and other small reports that are configured to go out. You can turn these off using the complete config page; the one that warns people that its dangerous and have no clear way to know what most of its options do.
Its not like they can secretly steal your data, since its Open Source
If by “secretly” you mean without us knowing, it would be hard indeed, as long as people did look into the source AND the built images were faithful to the source, too. They are not doing it secretly, at least for now, anyway. That’s the point of their “privacy notice” that includes basically everything, which they then use as a safeguard saying "we can’t do shit (unless specified in the privacy notice).
It seems to me like just more FUD that Google is spreading to undermine our trust in free software
The policy changes comes from Mozilla. Were written, published, and updated by Mozilla, on their blog (and legal pages). What the fuck are you talking about with Google?
Heck, if you knew 2cts about this, Google actually low-key needs Firefox to exists as a counterpoint to Chrome’s hegemony, unless they want another trial for being too good at their job.
they want another trial for being too good at their job.
that’s a cute way to describe 2 decades of anti competitive behavior that results in a de facto monopoly across various tech segments including the online browsing infrastructure.
I agree with everything else 100% though
Something else that needs to be understood about Mozilla: Money!
The Foundation was formed in 2003. Mitchell Baker, the first CEO, stepped aside in 2008 but stayed on as Chairperson of the foundation.
- In 2018, she got nearly $2.5million in compensation as foundation chair.
- In 2019 that rose to $3million
- In 2020, she returned as CEO and received over $3million in salary.
- In 2021 her salary was over $5.5million.
- In 2022 it reached nearly $7million.
- In 2023 it was $6million again.
Think about that for a second. Mozilla’s market share has been struggling, and their financials have been weak; but their lead person pulled in over $26 million dollars over a handful of years.
This entire activity has been a long game to extract ‘maximum shareholder value’ into Baker’s pockets.
You don’t get paid like that for nothing!
As always following the money is the most effective way to understand human behavior. Note how propaganda is allergic to following the money, i wonder why
Either bootlickers like their propaganda based on feelz as pathology or they are not properly educated on their station in life.
Hard to tell
We’re all keyboard warriors with opinions.
I’ll get downvoted to hell for this, but I honestly feel like right now it is a nothingburger.
Will I continue to keep an eye on the things they do? Yes. Does their CEOs work history bother me? Yes. Will I keep using it and just keep tabs on settings and extensions? Yes.
Maybe. Not everyone is just going to ignore this, though.
I waffle between Firefox and other browsers, depending on how tolerant I’m feeling. Not using Firefox is more work. Sometimes I’ll spend a week or two with Firefox up, but normally, I’m in Luakit.But when I hit that web site that just doesn’t work with WebKit, I hop over to FF for it. Now, with this, I’ll probably start jumping to Nyxt which - while also WebKit - seems for some reason to work with more sites. Nyxt is faster, too; luakit is really slow and has a persistent scrolling bug that drives me nuts. But Nyxt hard-hangs multiple times during each hour of its, requiring a kill -9 and restart, so … Luakit.
Like I said. It’s harder to not use Firefox. But this change in policy is enough to make me change my habits and use something else when I have issues with Luakit. Or surf. Or vimb. Or whatever I’m fancying this month. Problem is, they’re mostly WebKit, and while in grateful for it, it struggles with many web sites - and especially the JS heavy ones.
Hmm, I’ll check these out, thanks!
They’re all very niche. Keyboard driven. A fair number of issues; they’re all built on WebKit, with all of the compatability issues that comes with.
I mean, it doesn’t hurt. But it’s like picking up vim: there’s a learning curve. They’re not for everyone, just fair warning.
Oh haha so this won’t work for…well, work.
I agree if it gets bad they will just resurrect Icewessle once again.
Librewolf is basically that. It’s pretty good ngl. I don’t have to spend a half hour reconfiguring Firefox like I do in new setups.
Yeah unfortunately it’s not in the debian Repo and I don’t like adding in 3rd party repos if I can help it but thanks for the info in case I get desperate
Its available on flathub, thats arguably better than any repos
Yeah for my browser my preference is to have it as a local package. But good to know
I would like to point out that they are free to modify the source code before building the binary they distribute. Being open source does not mean protection from secretly stealing data.
With chrome it is obvious because the closed part is called chrome and the open is chromium. But it is certainly possible to not make “stealing” magic on top public.
This is mitigated by “reproducible builds”
Does Firefox do reproducible builds? This bug report makes me think it doesn’t (at least for Linux): https://bugzilla.mozilla.org/show_bug.cgi?id=885777
But maybe they do for Windows/Apple/Android?
Not sure. But you can change that, if not
So what you’re saying is that I should compile Firefox from source?
You’re right that being opensource doesn’t mean the binaries don’t include extra stuff.
However, are you seriously suggesting no one would notice Firefox transmitting telemetry? Seems unlikely.
We notice. They’re not hiding. The (numerous) endpoints are all presents in the about:config page. The actual content, though, is not that obvious to get. If we assume the binaries are compromised (I don’t believe they are for now, for the record), an outsider would only see a TLS session. At best we could get the vague amount of data exfiltrated, not really the content. But that’s hypothetical. For now.
As someone else said, reproducible builds is a great mitigating factor for this secret changes. Firefox does have telemetry, but is very transparent and lets you turn it all off (as far as I can tell anyway). Don’t want ads? Easy. Don’t want Mozilla services? Simple.
I’m a software developer, and understand the technicalities and options available to me. I am capable of forking Firefox and make myself a custom build with anything I don’t like stripped out. (Capable of, not wanting to.)
They removed “We don’t sell your data and we never will” from their FAQ and they added “We may sell your data” to the ToS.
I am unhappy about this change. It is a clear sign that the people in charge of Firefox want to sell user data, and that the irrecoverable enshittification path has been chosen. It means that at some point in the next few years, I can’t trust Firefox’ with my privacy. And they sure as fuck don’t have anything else going for them: The browser eats memory and freezes my camera during video conferencing, and is plain not supported in some of the software I use at work.
The rationale is probably something entirely reasonable, like “While we do not intend to sell user data, the phrasing was too vague and not helpful. What is selling, and what is user data, really?” An organization with strong privacy values would be so far from anything “bad” that the phrasing as it was would not be a problem for them.
It’s irrelevant that right now privacy settings and xyz and telmentry is clear and opt in etc. Because the point is that they are gearing up to change that. The settings will be less clear, user data will be separated into shit like “operability assistance”, “personal information”, “experience improvement metrics” with some of it enabled by default because, etc.
The rationalization they have given is that legally, they may have been seeking data all along, as some jurisdictions define it extremely loosely.
For example, if you use their translation feature, they are sending the page your looking at (data) to a third party, which provides a benefit to Mozilla. Thats technically a sale in some laws, but most would agree that is acceptable given the user asked for it to happen.
https://blog.mozilla.org/en/products/firefox/update-on-terms-of-use/
The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
I’m overall concerned with Mozilla, but not sure this is malicious yet. But definitely needs to be closely scrutinized.
Here’s the crux of the problem.
Mozilla went from “explicitly not malicious” to “probably not malicious yet.”
What’s next?
Yup. And it doesn’t help that they have been throwing away good will for a while now, with their crypto/AI/etc bandwagon jumping. They are still the least worst option, as I dont trust the forks either, but its getting hard to trust them.
The privacy centric way for Mozilla to have address this would have been to:
- acknowledge laws in certain countries have changed
- Due to those new laws, the definition of “sell” has changed and Firefox may no longer be in compliance with their desire to keep your data private
- Commit their desire to take the necessary steps to keep new versions of Firefox in line with their original vision
- update the “we will not sell” definition to within the jurisdiction of the United States, or indicate that the definition of sell may be different in different jurisdictions
- make the necessary extensions to jurisdictions where they were “selling” user data, self reporting where necessary
Yup, its been terribly handled. Dunno if it was driven by a panicy lawyer, but those steps would have been much better. At a minimum, that blog post should have come first.
The current intention may not be malicious, but it leaves the way open for changes that are to slip in. If they were worried about services like translation being concidered ‘sales’, which is a reasonable concern, they should have split them out of the core browser into an extension and put the ‘might sell your data’ licence on that.
Yeah, its definitely wide open for abuse now. But the California law also seems way too vague as well. What about DNS lookup? That takes a users input and transfers it to someone else, is that a “sale”? Can hardly start separating that out of the browser? Http requests? Its all users initiated, but is it a “sale” in California? Not a lawyer, haven’t a clue.
DNS is fine as the exchange has to be for “monetary” or “other valuable consideration” to be considered a sale. The issue seems to be that Mozilla were profiting off of things like adverts placed on the new tab page, and possibly from the translation service too.
I’m not a lawyer, but “other valuable consideration” seems very broad. For DNS, getting the returned IP address is valuable. Ditto for http, getting the returned webpage is valuable?
I only suggested the translation thing because it (imo) fell under a “transfer of data for value provided”, which makes it a sale?
Getting an IP address or the HTTP payload is valuable to the user, not to Mozilla, so there’s no sale there. Likewise with translation data, but if the translation company then send Mozilla a kickback for sending users their way, it would become a sale. Adverts on the ‘new page’ tab would definately be a sale.
I think they’ve removed the clauses about not selling your data from the ToS for the reasons they’ve stated, but it leaves a wide open hole in their promises and a huge temptation to add more advertising/data-mining in the future. I would have prefered them to instead leave the browser ToS as it was and move the questionable aspects into optional extensions that were licenced separately.
The angle I was thinking along was that if Mozilla was prevented from making those data transfers, then their browser becomes worthless. So in reverse, by making the transfers, their browser gains value. The obvious problem with that interpretation is that its basically impossible not to make a sale, as every transfer provides value - which very much defeats the purpose of the definition. (Not a lawyer, just an internet idiot, and I very much hope your definition is correct)
Spinning them out would have been preferable to me as well, and tbh, at this stage, I think I would prefer if firefox was spun out of Mozilla entirely. It really deserves to be managed by something like the Linux foundation or some other not-for-profit steward.
Something to note, however, is that the new terms apply to the browser as a whole. If it was due to some of the opt-in services the browser includes (sync, account, translation, etc.), they could have specified the terms apply to those services instead.
Agree this isn’t necessarily malicious yet, but it definitely is not beneficial to users.
I love how California basically defines a sale as “exchanging things for money” and Firefox is like, “its such a craaazy world we can’t even agree on the definition of exchanging things for money out here! Some call it a ‘sale’ apparently, so if we’re gonna exchange your data for money I guess we have to call it a ‘sale’… Stupid California, changing things to mean what they’ve always meant”
Its even more broad than that, because its any exchange of data for valuable consideration. No money has to change hands, but if it benefits FF, its a sale. And the benefit could simply be “if we do this we will function correctly as a browser”.
The rationalization they have given…
Anything you say after this point is irrelevant. (Nothing personal, though.)
As soon as a company has to rationalise their legal back-pedalling, it is explicit evidence that they are intending to do wrong.
This will not end well.
If the legal definition of a term has changed such that their current activities now fall under it, changing the terms of use legal document does make sense.
They are pretty clear that under California law, they are “selling” data. They have two options, keep the ToU document the same, and try meet the new laws requirements (which as I’ve said in other comments, seems impossible for a browser - not a lawyer though), or update their ToU without changing their current behaviors.
They have gone with the latter, but it does also allow them to be far more “evil”. Its definitely the first step down a bad road, time will tell if they go further.
If you want to play it safe, block their domains via pihole: https://wiki.mozilla.org/Websites/Domain_List/Mozilla_Owned
time will tell if they go further.
Having seen this FAR too often, I have a different view:
Capitalism and greed will determine when they go further.
There is no “if” about it. Mitchell Baker is in it to get rich by destroying the platform, and is sharing enough of the corpse’s leavings with others to make sure they protect her.
“and we never will”
this should imply something that cant be changed. Such empty words should no longer be even considered no matter who says them, unless its paired with enforceable punishment for breaking the word
They removed “We don’t sell your data and we never will” from their FAQ and they added “We may sell your data” to the ToS.
“Never” has a very clear and definite meaning. By undoing “never,” I feel like the Mozilla foundation is inviting a class-action lawsuit.
Mozilla is changing the license used for the Firefox executable/binary. The TOS will be the governing license over Firefox, the branded browser executable. It will no longer be open source, as defined by the Open Source Initiative, as users are no longer free to use the software however they want. Firefox will now be source available.
The source code for the browser, is (at least as of this comment) FOSS under the MPL2 license. People are free to recompile the browser under a different name (e.g. Librewolf, Waterfox, etc.).
This is not FUD. I read through the new TOS, Acceptable Use Policy, and Privacy Policy. Since the browser executable was governed under the MPL2, there was little concern from the open source community. I made my judgement from those documents alone.
Ughh, don’t make me switch my browser again…
I think the painful reality is, is that the availability of good honest, privacy focused browsers are narrowing. Mozilla just had to go and make it harder. I’m personally using LibreWolf myself.
There was a post made my Mozilla years ago (I’m too lazy to find it). It was in the shadow of Chrome getting more scummy. Anyway, paraphrasing horribly, the idea was that the humble web browser was starting to become an increasingly personal decision. It represents you in ways that many people may not fully appreciate, comprehend, or understand. Your browser history tells people what you like, what you are afraid of. Increasingly, it tells corporations and governments who you talk to, where you’re going, and what you’re up to.
It’s why it’s important for a browser to be built for people, not for corporations.
It’s so sad to see how far Mozilla has gone from that stance.
So I get how challenging and annoying changing a browser is because in many ways, it’s you. It’s who you are. But, like in life, sometimes we must choose to leave the friends who bring us down. It hurts, it sucks. But it’s the way of life.
I’ve spent a good part of this morning switching things over to Waterfox. It’s not perfect. There are gaps and for some reason, I can port over Chrome and Edge profiles but NOT firefox profiles. But sometimes a fresh start is good too.
Ironically, I just made !waterfox@programming.dev last night, haha.
Is there one for LibreWolf ?
I made one at !librewolf@programming.dev
Apparently there is: https://lemmy.ml/c/librewolf
Honestly I stay away from Lemmy.ML for obvious reasons (Programming.dev is far nicer)
Subbed! And made the first post!
Why this not librewolf
Because I am but one man. 😂
Waterfox was what I noticed first. If waterfox didn’t work out, it’s next. Followed by ladybird.
LibreWolf my dude. Everything still works as if in FireFox.
That’s only works so long as Firefox stays alive and in development.
LibreWolf relies on Firefox being funded, if Firefox dies then LibreWolf also dies. Tens of millions of dollars go into engineering salaries to keep Firefox up-to-date on web standards, features, and performance. LibreWolf benefits from this.
First, mostly as if in Firefox. Go open Netflix, just for the laugh of it.
Second, a fork that depends on Mozilla’s power to develop the upstream is not really in the clear. From a licensing perspective, sure. But let’s assume the worst (because it’s 2025 after all). Firefox is no longer open source. Sure, we can fork from where they left. But building, maintaining, and evolving a browser engine (and the browser itself) requires substantial work. Which means, developers/maintainers, and money. And staying on a “bare” browser might not be viable as long as standards keeps evolving and 95% of people will not care about that stuff.
All that to say, a fork is an option for now. A more tangible solution for the future is needed. A new “Mozilla” without the $millions CEO and structure, Mozilla splitting Firefox into a clean base and a commercial product, something else. But not a fork that just follow Firefox source.
because it’s 2025 after all
😩 Fuck, I know right?
I found it ironically frustrating that converting from Firefox to LibreWolf is harder than from literally any other browser, because there’s no import mechanism.
It wouldn’t be that hard to make a standalone tool to import bookmarks, passwords, and config settings, and would make LibreWolf a seamless transition for Firefox users. Instead, it’s a frustrating process in re-creating years of tweaks.
It uses the same profiles and configuration as Firefox. Should just have to rename the configuration folder to
.librewolf?
How can Firefox not be open source if its sources are under the MPL2 ?
It has always been the case that Firefox is a trademark and you can’t distribute it under that name. However if the code is open source the project is too.As of today, the latest Firefox Version 135.0.1 Binaries are released under MPL 2, which is open source.
Whenever the terms are implemented, the Terms of Use will replace the MPL for the binaries. Open source has a strict definition and goes beyond source code.
The Terms of Use, as current proposed, would violate #5 (“No discrimination against Persons or Groups”) as the TOU allows for Mozilla to terminate your use of Firefox for any reason.
As a result, their binary moves from Open Source via the MPL to Source Available, via a proprietary license.
The problem is that a reduction in trust correlates to a reduction in users. A reduction in Firefox increases Chromium’s dominance on the web, which is a near monopoly already. A monopoly on web renderers in turn is bad for open web standards.
People worried about Mozilla surely won’t migrate to chrome, will they?
Nobody can fucking win with either option anymore.
So you’re disgruntled with Mozilla now, so you hop to Chrome. But you learn that Chrome has neutered the way you were once able to have dodged ads. Whoops! Now that’s a problem, in addition to knowing how data-hungry Google has been for a while.
What’re you left with? Edge? Edge has recently announced that it too neutered ad-blockers and it’s not open source and they’re just as data-hungry because now you’re dealing with Microsoft.
So now Firefox, Edge and Chrome are all off the table now because they all went the route of enshittification.
Opera? Can’t trust opera because of it’s ties to a chinese company so that’s either here or there. Chromium? Back to dealing with Google again! Brave? The CEO is an asshat, targeted ads, cryptobullshit .etc
All that we’re realistically down to is just Firefox forks. IceDragon, Weasel, LibreWolf and all of them. Plenty of options but updates and development varies.
What choice…
Nah. There’s loads of great privacy browsers based on Firefox
Of course they would. Not everyone reasonable of course, but people are terribly stupid by default, even if they somehow stumbled into Firefox for some reason before.
There are people that say stuff like “better the devil you know” or “if I compromise privacy either way, might as well use the more supported browser” or whatever rationalizations people come up with.
Why not? Or at least if people are choosing a browser they might not see the benefits of Firefox and just see that chromium is more spread and thus more compatible and “user friendly” (whatever that means). If Firefox isn’t better than chrome, why not switch over to the bigger one…(?)
It’s been a few steps in a concerning direction by them recently. As of right now, it’s still OK to use IMO but I’m sincerely hoping this is the extent of it, or even that they row back some of the recent changes.
However, I still want it to exist because its the only viable alternative at the moment to Google’s dominance. Yes there are plenty of forks (two of which I use) but they still rely on Firefox as the core product. I don’t think any are hard forks (or am I wrong?). I’m very uncomfortable at the thought of using a browser thats based on Chromium and/or unable to run the full version of UBO or have Containerised tabs.
Mozilla just can’t stop taking Ls. This new and unnecessary development is another one.
Putting a local LLM into a product that doesn’t need it, just like other businesses do, is just one step too far for me. I hate this AI trend with a passion.
Good thing that Firefox is open source so that we can just switch forks.
Putting a local LLM into a product that doesn’t need it, just like other businesses do, is just one step too far for me. I hate this AI trend with a passion.
Seconded, the pushing AI trend is just off putting and is something that literally no-one asked for. It reminds me of that brief trend of 3D TVs.
Actually translations are great and they were needed.
you don’t need AI for automated translations though.
There is no ai in ai, it’s just a program. In case of firefox translations it was made specifically for machine translation and later adapted to use with firefox browser.
There is no ai in ai, it’s just a program.
well duh. But why is Mozilla investing in LLM research then?
Firefox translate isn’t an llm afaik. Anyway, why wouldn’t they? LLMs aren’t inherently good or bad, they are useful, and pushing for offline local first ai is a good thing.
is the LLM or its trainingdata opensource though, do we know what it does/is trained on?
There are truly open llm, there are somewhat open. If you are asking about firefox translate, it seems that models themselves weren’t trained by mozilla.
How does having an AI-chat feature in a browser diminish it’s quality? No one’s forced to use any feature.
Where does I say that it diminish it’s quality?
Also the you don’t have to use it, is a weak argument not even for or against it.
Also the you don’t have to use it, is a weak argument not even for or against
“Our pizza now comes with a topping of human feces!”
“Ew”
“What? Just scrape it off if you don’t like it”
exactly.
I think the rest have explained it better, but I use a Mozilla account and I kinda trusted them, not so much anymore. I dont know if I’m a minority, I found this feature very useful.
I will probably keep using firefox until it goes too bad for my taste and switch to a fork and self-host a sync server
Well, I never used the sync feature, if I ever need to save urls, I’ll just store it in Standard Notes or something. I also uncheck all the telemetry. I guess I’m unaffected by their ToS change.
If all you’re doing is “unchecking” then there’s more you’re missing:
https://github.com/K3V1991/Disable-Firefox-Telemetry-and-Data-Collection
The whole advanced configuration settings in
about:configare probably never seen by the majority of users. Ultimately though, you’re right: for the most part, privacy-focussed forks aren’t offering anything that you couldn’t manually configure for yourself in mainline Firefox, assuming you have the time, energy and interest.Certainly, if you’re in the habit of policing all of these relatively undocumented flags with each update to be sure you haven’t been opted in to any telemetry you don’t know about and assuming that all of it remains optional, you’re absolutely unaffected. However, they now have a license to everything you do within Firefox which they state they will only use to “help” you. Does training their AI model to make targeted suggestions to users count as “helping”?
On another note, taking back a promise not to sell users’ data, even if your personal data is protected because you rigorously police the
about:configpage, is not something many people are enthusiastic about. Just because I’m safe, doesn’t mean everybody else is.Hm I see, I have sync to keep my history and bookmarks synced across devices (also helps easily share urls among devices)😅
the people freaking out are reading social media takes written by other people freaked out over other social media posts written by yet more others who are freaked out after not reading and fully comprehending the full policy documents…
I read the git history changes and while I generally think it’s somewhat of a nothing burger for savvy users, it is a scummy move that alienates their core user base at a moment in time where they were best positioned to expand their user base.
