
Firefox tracks users with Google Analytics in the add-on settings - kuschku
https://github.com/mozilla/addons-frontend/issues/2785
======
potch
Quick breakdown of what's going on here (I work at Mozilla, and have worked on
the Add-ons site in the past):

The "Get Add-ons" view in Firefox is an iframe to a page hosted by
addons.mozilla.org. AMO, as all Mozilla sites, use GA to collect aggregate
visitor statistics. We negotiated a special contract with Google [1] to only
collect a subset of data and that that data is only used for statistical
purposes.

Google Analytics is only loaded when this view is loaded, and is not otherwise
"inside" Firefox. I filed an issue [2] to make sure that our privacy policy is
linked from the Get Add-ons view so users can be better informed.

Mozilla tries to walk a very thin wire to ensure that we have the data we need
to make sure our products are working properly without being intrusive, and to
let concerned users opt-out of even that baseline data collection.

[1]
[https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14](https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14)
[2] [https://github.com/mozilla/addons-
frontend/issues/2789](https://github.com/mozilla/addons-frontend/issues/2789)

~~~
kuschku
That’s all fine and nice, but how did Mozilla Legal approve this in the first
place?

It’s obvious this violates both the so-called "Cookie Law" and the Google
Analytics ToS, as both require _any_ page with tracking to specifically tell
the user that they will track the user. And the so-called "Cookie Law" goes
even further, and requires it to be directly done in a modal.

How did Mozilla, a company saying they fight for privacy, approve something
that does not even meet the absolute minimum bar for privacy, the actual
privacy laws?

~~~
eli
It's not "obvious" that it violates either of those.

The general consensus is that normal GA tracking alone does not meet the
standards to trigger either the EU or the stricter Dutch cookie notification
requirements since they are using first-party cookies not tied to PII and
don't follow you across sites. And that's assuming a standard GA snippet, not
the smaller subset of data Mozilla is collecting here.

And the GA ToS require you to _have_ a privacy policy and to make users aware
of it. It doesn't require a link on every page. You already agreed to the
Mozilla privacy policy as part of the Firefox install process, right?

~~~
gcp
_The general consensus is that normal GA tracking alone does not meet the
standards to trigger either the EU or the stricter Dutch cookie notification
requirements since they are using first-party cookies not tied to PII and don
't follow you across sites_

Do you have a good reference for this? Especially the "don't follow you across
sites" seems weird as Google will end up collecting hits from the same
IP/browser/etc combo across sites, which trivially allows following.

~~~
amichal
Found a source for this opinion. Here [1] are instructions from the Dutch
Government's "Personal Data Authority" on setting up GA in compliance with
their laws in a way that does (did?) not require an explicit notice. See [2]
for an explanation in english

[1]
[https://autoriteitpersoonsgegevens.nl/sites/default/files/at...](https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/handleiding_privacyvriendelijk_instellen_google_analytics_1.pdf)
[2]
[https://www.iabeurope.eu/eucookielaws/nl/](https://www.iabeurope.eu/eucookielaws/nl/)

TLDR: If you use the following code. You are fine to use GA without a notice
under Dutch law.

ga('set', 'forceSSL', true); ga('set', 'anonymizeIp', true);

~~~
gcp
Thank you! This is really useful.

~~~
kuschku
Be aware, this changes in 316 days, when the EU GDPR comes into force, and
makes even for those cases opt-in required.

~~~
amichal
Opt-in via published policy or some silly explicit checkbox?

~~~
kuschku
Opt-in via an explicit dialog, and, most importantly, you have to give the
user the ability to select "no" and still use your website (in which case you
aren’t allowed to do any tracking).

------
michaelt
Given Firefox's pro-privacy positioning vs Chrome [1] and the fact that, by
virtue of being in about: these requests get sent even if the user is browsing
in private browsing mode or has extensions installed explicitly to block this
kind of traffic [2] it's surprising the Mozilla employees in that thread are
so keen to dismiss this.

[1]
[https://mobile.twitter.com/meatcomputer/status/8813107782251...](https://mobile.twitter.com/meatcomputer/status/881310778225172480)
[2] [https://github.com/mozilla/addons-
frontend/issues/2785#issue...](https://github.com/mozilla/addons-
frontend/issues/2785#issuecomment-314807534)

~~~
ssivark
I can understand @tofumatt's desire to restrict that Github thread to the
specific problem and its fix.

However, given Mozilla's recent advertizing attempts slinging mud at
Google/Chrome, it seems like they're asking for their credibility to be
shredded publicly, in the media. This is an important enough matter that it
deserves immediate escalation, to get a _clear and coherent response at the
organizational level that is communicated convincingly to users_. Anything
short of that (especially a simple local bug fix) risks winning the battle but
losing the war, as Firefox's fundamental selling point now seems duplicitous
and disingenuous.

I sincerely hope that Mozilla/Firefox developers have the vision to recognize
that, and consider this matter of utmost importance. All the features and
technical improvements they might hope to ship in the next several months are
irrelevant compared to this single issue.

To me, this debate is a great example of a situation where an organization
must be guided by its core principles -- not by what seems convenient in each
specific instance.

~~~
gcp
_All the features and technical improvements they might hope to ship in the
next several months are irrelevant compared to this single issue._

Which "single issue" is that then? That AMO is using GA (and has been for
years)? Or that TP doesn't work correctly for the in-browser UI?

I'm going to have to disagree with you there.

~~~
ssivark
They are _both_ issues. My principal point is that they're all part of the
same problem in the bigger picture, which is: _Mozilla is breaking its privacy
promises to its users_.

1\. Mozilla casts aspersions on Google/Chrome for not respecting users'
privacy. (eg: recent billboard advertizements)

2\. Mozilla doesn't respect users privacy because it uses tracking, that too
third-party, _that too from Google_.

Pot -> kettle -> etc...

Mozilla risks losing credibility. What fundamental principles do they claim to
stand for, if they're willing to compromise those for convenience?

~~~
gcp
Siloing the GA data that is obtained from Mozilla (required by the contract
Mozilla has with Google) would stop the privacy-breaking aspects (which exist
due to aggregating over sites).

But this may be a case where even though Mozilla is _technically_ doing the
right thing, perceptions will tend the opposite way. Without that statement in
that old bug, most people would never know the Mozilla GA data is siloed.

~~~
michaelt
Siloing, schmiloing. If the user has installed an extension that blocks Google
Analytics, and you disable that extension, you're clearly ignoring the user's
privacy choices.

~~~
gcp
WebExtensions are never active on about:* pages, that's a documented design
choice not specific to content blockers or GA or whatever.

Note that old-style extensions do work and currently still block this.

------
tombrossman
Google Analytics T&Cs[0] make it explicitly clear that users must disclose to
visitors that they use it. _" You must post a Privacy Policy and that Privacy
Policy must provide notice of Your use of cookies that are used to collect
data. You must disclose the use of Google Analytics, and how it collects and
processes data."_

I know many people ignore it just like with all the other "I agree" check-
boxes that pollute websites, but it is a breach of the Terms to sneak it onto
your site or service.

Mozilla just launched a new podcast called "IRL" and in the first episode they
warn people about all the creepy third-party tracking out there[1]. To listen
to the podcast you have to allow third-parties to track you, and there is no
privacy policy on the website to warn you.

It's actually a good podcast episode and I recommend checking it out.

[0][https://www.google.com/analytics/terms/us.html](https://www.google.com/analytics/terms/us.html)

[1][https://irlpodcast.org/](https://irlpodcast.org/) ,
[https://twitter.com/tombrossman/status/883972350387134464](https://twitter.com/tombrossman/status/883972350387134464)

~~~
dpcx
To be fair, there's a link to the Mozilla Privacy Policy at the bottom of
every add-on page, that explicitly states that they may use analytics (and
even names Google Analytics).

~~~
kuschku
Currently there is no such link at the bottom the discovery page, this is
still an open PR, and was created as response to this thread.

Additionally, this _still_ violates the Cookie Law.

> The addressees of the obligation are Member States, who must ensure that the
> use of electronic communications networks to store information in a
> visitor's browser is only allowed if the user is provided with “clear and
> comprehensive information”, in accordance with the Data Protection
> Directive, about the purposes of the storage of, or access to, that
> information; and has given his or her consent. The regime so set-up can be
> described as opt-in, effectively meaning that the consumer must give his or
> her consent before cookies or any other form of data is stored in their
> browser.

~~~
jhasse
Does that mean that I could sue Mozilla?

~~~
kuschku
Potentially. I recommend you check with your Landesdatenschutzbeauftragter, in
Schleswig-Holstein, that’d be the
[https://www.datenschutzzentrum.de/](https://www.datenschutzzentrum.de/) (you
can send them E-Mail via GPG), and discuss that with them. Additionally, you
might get help from the Verbraucherzentrale.

------
forgotpwtomain
Interesting comment by Gorhill from the above discussion:

>> I thought web extensions couldn't block that content.

> I just ran a couple of tests, and I believe you are correct.

> Legacy uBlock Origin can block the network request to GA.

> However webext-hybrid uBO as per Network pane in dev tools does not block
> it. Same for pure webext Ghostery, the network request to GA was not
> blocked, again as per Network pane in dev tools.

> What is concerning is that both uBO webext-hybrid and Ghostery report the
> network request to GA as being blocked, while it is really not as per
> Network pane in dev tools. It's as if the order to block/redirect the
> network request was silently ignored by the webRequest API, and this causes
> webext-based blockers to incorrectly and misleadingly report to users what
> is really happening internally, GA was not really blocked on about:addons,
> but there is no way for the webext blockers to know this and report properly
> to users.

> This is what I have observed, hopefully this can be confirmed by others.

~~~
gcp
Sounds like a bug to be filed. I'd encourage people to try the webext versions
of those add-ons so we can catch things like this in time for 57.

~~~
TheChaplain
I installed the latest Firefox Aurora (55.08b), latest uBlock0.webext.xpi and
a MITM proxy.

uBlock WebExt does not block GA.

I added a specific filter for the GA domain, but still uBlock failed to block
again.

Unrelated, I noticed Firefox also made a connection to aus5.mozilla.org which
sets cookies named _ga and _gid.

~~~
gcp
Doesn't block it generally, or doesn't block it for the "Get Add-ons" page?

The latter is expected. The former isn't. In any case you should report this
to the author, not here.

------
pavement

      As I mentioned in #1107: we will not be 
      removing analytics support entirely. It 
      is extremely useful to us and we have 
      already weighed the cost/benefit of 
      using tracking.
    

[https://github.com/mozilla/addons-
frontend/issues/1107](https://github.com/mozilla/addons-frontend/issues/1107)

Ew. Firefox, I am ashamed to know you.

~~~
jshelly
Deleted based on similar response below.

"Which browser should I use"

~~~
akerro
[https://www.brave.com](https://www.brave.com)

~~~
jshelly
Will take a look, thanks, first time I've heard of brave.

------
drtillberg
The Google Analytics scripts runs on a page that appears to be a system/UI
page in Firefox, when you search for new add-ons. The response from Mozilla
about Piwik being too much work is concerning.

The optional NoScript add-on does stop this script from running, even on that
page. You'd have to configure NoScript to block Google Analytics. I, for one,
globally block Google Analytics scripts.

Incidentally, I also block third-party-site Google.com scripts, but that is
harder on websites like Hacker News, which will sometimes send for a Captcha
check that only completes successfully with Google.com enabled in NoScript.

[edit: I am using the legacy add-on, which Mozilla I guess will disable in
November 2017]

~~~
kuschku
NoScript only blocks it if you use the legacy add-on – WebExtension addons
can’t block requests from about: pages. Which makes this even more annoying.

------
EwanToo
It's worth knowing that Mozilla negotiated an opt-out with Google around the
re-use of this (and other) Google Analytics data

[https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14](https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14)

~~~
kuschku
Yet, they don’t even ask the user if the data should be sent to Google
Analytics. Not even a cookie notice.

~~~
bsilvereagle
I'm not sure why you're being downvoted (unless Mozilla does indeed provide
this information).

All sites using Google Analytics are supposed to inform the user according to
Section 7 of the GA ToS:
[https://www.google.com/analytics/terms/us.html](https://www.google.com/analytics/terms/us.html)

Just because "no one else does it" and Google turning a blind eye towards
violators doesn't mean they're not violating the ToS.

~~~
nucleardog
If they negotiated a special contract regarding what data is collected, and
where and how it's stored and used by Google... What exactly makes you think
that ToS has any relevance to the relationship between Mozilla and Google?

------
mozkev
Howdy all, Kev Needham here, and I'm the Product Manager for add-ons. I want
to make sure everyone understands that we're going to be making changes.

Some parts of Firefox populate the content of some “about:” pages (like
about:addons) from web-based sources. Thanks to your comments, we better
appreciate how users may not know that content in those pages can come from a
web service, and can use third-party analytics. We don’t like to surprise our
community, and are disappointed that we did.

It's always been important for us to use Google Analytics and other analytic
services in a way that meets the expectations of Firefox users. We have taken
great care to ensure that our partnership with Google is structured so that
they are prohibited from creating user profiles from our website data, or from
tracking users across other websites. We also need to help ensure that we are
clear where Mozilla products and services make use of those services.

We want to make sure we follow our “no surprises” rule
([https://www.mozilla.org/privacy/principles/](https://www.mozilla.org/privacy/principles/))
, so we are exploring solutions that inform our users about how these pages in
Firefox use web content and analytics tools - and provide our users with tools
to better control the data that may be sent. We’ll be making changes in the
near term, and will publish updates as we make progress.

------
coldpie
I hate these public bugs that blow up. They always turn into these dumb
dogpile rants from uninformed users. Tofumatt's doing a good job, but they
should really lock this bug report from commenters before it gets out of hand.

~~~
joenathanone
>dumb dogpile rants...

Pot meet kettle

You're comment hasn't added any value to the conversation, it's just a rant.

~~~
i80and
Thing is... he's right, though, and it IS rather on topic. Public bug trackers
only function as long as the peanut gallery doesn't decide to descend. Once it
DOES descend on an issue, the issue often becomes a cluttered off-topic mess
of ill-informed nastiness.

Just look at any Mozilla bugzilla issue addressing Linux video acceleration,
as an example.

~~~
vurpo
For an extreme example, see the Android bug tracker. It is hopeless.

------
davb
What browser should users opt for if they want performance, broad
compatibility with websites and absolutely no tracking/analytics? Preferably
open source and cross platform.

~~~
coldpie
Firefox is a good one. They're clearly implementing a fix for this bug.

~~~
davb
I guess I'm interested in browsers who's developers wouldn't have done this in
the first place - a browser which has privacy as a core principle and who's
develop we wouldn't consider pushing any data, regardless of aggregation or
commercial value, to a third party without explicit consent..

~~~
coldpie
To be blunt, you're not going to find one. Developing a modern browser is
extremely difficult, on the order of developing an entire operating system.
Mozilla does respect privacy rights, and it is clearly treating this as a bug
to be fixed. You're going to have to cut them some slack for not being 100%
perfect always.

~~~
throwaway2048
The fact they thought this was a good idea to begin with speaks volumes about
their actual position.

~~~
coldpie
I disagree. I think people who believe in protecting their privacy can also be
OK with Google Analytics processing, anonymizing, and aggregating the data. I
also understand why someone would not feel that way. I think it's something
about which reasonable people can disagree. This is why Mozilla provides the
option[1].

[1] Which is, incorrectly, not being respected. This is a bug which they will
fix.

~~~
hu3
[http://i.imgur.com/fsATjLv.jpg](http://i.imgur.com/fsATjLv.jpg)

------
toephu2
Ironically Mozilla does not allow third-party developers to include Google
Analytics in any way shape or form in a Firefox Add-on.

------
prajjwal
Users who care about privacy are, quite literally, the only demographic that
cares about Firefox at this point. The numbers clearly say that. I'm not even
remotely versed in how to run a business, but in what twisted universe does it
make sense to alienate us?

I put up with Firefox's single threaded nonsense for years, with their
outright refusal to properly implement hardware acceleration for Linux, and
with their clearly inferior performance. And now I find out they've got Google
Analytics on a page where uBlock Origin can't even block it (at least not post
FF 56), and that doesn't even respect my telemetry settings (which I've
obviously disabled). Every decision they've made lately seems to be targeted
at gaining the attention of people who clearly couldn't be arsed to get off
Chrome if they proved it gives you cancer, instead of making it better for
people who are keeping it afloat.

Congratulations, Mozilla. You've put a whole bunch of us out on the lookout
for a replacement. Enjoy your descent into obscurity.

~~~
hellbanner
What's your preferred alternative browser? Serious, I haven't found one I like
yet.

~~~
rnhmjoj
A fork like IceCat or Pale Moon?

------
jdenning
The main reason I use and recommend Firefox is that I don't trust Google to
respect user privacy. I'm sure I'm not alone in that. Mozilla has violated
user trust here, and the responses to the bug report are very disappointing.

Any other recommendations for privacy-respecting, open source browsers? This
seems like a good time for a competitor to earn some market-share.

~~~
jhasse
If you are using Linux check out Eolie or Poseidon:

[https://github.com/gnumdk/eolie](https://github.com/gnumdk/eolie)

[https://github.com/sidus-dev/poseidon](https://github.com/sidus-dev/poseidon)

------
yq

      As I mentioned in #1107: we will not be 
      removing analytics support entirely. It 
      is extremely useful to us and we have 
      already weighed the cost/benefit of 
      using tracking.
    

“The Party seeks power entirely for its own sake. We are not interested in the
good of others; we are interested solely in power, pure power.”

Mozilla Developer also mentioned:

    
    
      Actually, @muffinresearch pointed out we could probably just observe Do Not Track here, 
      because this pane is actually a web page loaded in an iFrame inside the browser page. 
      That might be faster to ship. Just thinking aloud :smile:
    
      I'm definitely for giving users the option to disable this.
    

“Power is in tearing human minds to pieces and putting them together again in
new shapes of your own choosing.”

\- 1984, George Orwell.

------
hartator
I don't know how many incidents like this is needed before people realized
Mozilla is not the angel it used to be.

~~~
rexicus
Don't forget the "bug" where Google's supercookie was un-deletable
[https://bugzilla.mozilla.org/show_bug.cgi?id=1008706](https://bugzilla.mozilla.org/show_bug.cgi?id=1008706)

~~~
gcp
1) This bug is INVALID. Several people tried to reproduce it and failed.

2) The indicated cookie (from bug 1026538) is a cookie _sandboxed for privacy
reasons_ and NOT your real Google cookie. It broke the cookie manager exactly
_because_ it was sandboxed.

So tell me, what do you mean by using quotes around "bug"?

~~~
MikusR
It's called FUD.

------
kuschku
Notice: The mods just changed the title from "Firefox secretly tracks users
with Google Analytics in the addon settings" to "Firefox tracks users with
Google Analytics in the add-on settings"

@mods: The "secretly" was used to signify the fact that Mozilla does not
inform users about this fact, their Privacy Policy does not cover it, and at
no point does any page, modal, or disclaimer tell this.

~~~
bjpbakker
Honestly this has never been secret. It's even in the configure flags to
enable/disable it. So you van easily disable it as you wish.

There's a page on the wiki aboit various forms of data collections [1]. It os
pretty descriptive of the information they send.

[1]
[https://wiki.mozilla.org/Firefox/Data_Collection](https://wiki.mozilla.org/Firefox/Data_Collection)

~~~
gorhill
> There's a page on the wiki aboit various forms of data collections [1].

The page you linked to starts with "Firefox sends various data back to
Mozilla".

Nowhere does it say "Firefox sends various data back to Google Analytics" on
that page.

~~~
gcp
This is probably a better page, as the original one linked is indeed for
sending data to Mozilla. This one also talks about "service providers":
[https://www.mozilla.org/en-US/privacy/firefox/](https://www.mozilla.org/en-
US/privacy/firefox/)

Though it also doesn't mention GA.

------
hatsunearu
I don't mind if they take analytics--as long as it's on a completely Mozilla
controlled server with a tight privacy policy.

------
mattab
> We won't use Piwik. Mozilla uses Google Analytics for website analytics.
> Hosting our own is more work for a worse product.

Hi Mozilla, Piwik team here. Would you mind explaining what you found worse in
Piwik VS Google and reporting your feedback to us, so we have a chance to
improve and in the future to see Mozilla use Piwik to track users, rather than
Google?

------
anonymousab
Opt-in by default seems so often an admission that not enough would go out of
the way to enable it, and that they don't have enough faith in the importance
of thr item in question as to introduce install/update friction and just ask
users what they want.

------
kuschku
The worst part of this is, this also applies to the Tor Browser, and might
potentially help Google to de-anonymize Tor users:

[http://i.imgur.com/vdlFWYR.png](http://i.imgur.com/vdlFWYR.png)

~~~
gcp
Why would this allow de-anonymization? Does the request not go through the Tor
network?

~~~
kuschku
I changed the wording of my post, but generally, the Tor Browser uses NoScript
to block Google Analytics anywhere to improve security, and this page
circumvents that, allowing Google Analytics to be loaded. This provides
significantly more tracking information than if no GA script was ever loaded.

Additionally, that page has special access to allow installing addons, or
removing them, and the Google Analytics script might be able to abuse that to
install an addon that leaks your data.

~~~
gcp
You'd still see an installation doorhanger.

Fore sure, this will leak info you'd rather not, but I see no evidence it
allows de-anonymization. If it did, any custom tracking NoScript doesn't know
about would defeat Tor.

And that's not the case.

~~~
kuschku
The issue is less random tracking, but that from 57 on no addon can block
this, and that it runs in a privileged context.

------
jakub_g
Proposal: What about passing &track=false in the URLs to AMO/mozilla.org when
user opted out from tracking in Fx settings / browses in private mode? And on
server side, do not embed GA script in such case.

~~~
gcp
Simply respecting DNT (which is the fix that was proposed) works out to the
same.

------
samuell
I did a check of the traffic sent to various "extra servers" for both Chrome
and Firefox, using Wireshark, some time ago.

After I learned that Firefox sends data to3rd party servers pretty much like
Chrome, and that I was able to turn it off in Chrome, I've been staying with
Chrome, as it is at least usable, performance-wise.

------
doe88
Overall, I don't mind Mozilla having these data but I'm more concerned with
Google by extension having them too, that, is unexpected.

------
vatotemking
A browser vendor who peddles privacy and uses "not google chrome" as its
selling point, decides to track its users and sell the data to google.
Hackernews absolutely explodes, as it considers tracking evil (unless its them
doing it). The rest bikesheds on privacy policy and nothing of value was lost.

------
xinayder
Waterfox has a patch that disables GA tracking:
[https://github.com/MrAlex94/Waterfox/commit/d3e9b4534ab9069e...](https://github.com/MrAlex94/Waterfox/commit/d3e9b4534ab9069eb661097e3aff896ef6ada0f5)

------
based2
[https://www.reddit.com/r/programming/comments/6mvcol/firefox...](https://www.reddit.com/r/programming/comments/6mvcol/firefox_secretly_tracks_users_with_google/)

------
Sir_Cmpwn
Ugh. If Mozilla needs the data then they need to build their own service for
harvesting it. Involving Google for this is not acceptable, opt-out or not.

I would argue for this on the GitHub issue but they would rather silence all
opinions than work around the ill informed ones.

------
hartator
> Legacy uBlock Origin can block the network request to GA. /gorhill

uBlock Origin is no legacy, but probably one of the best options. Glad to see
so much contempt from Moz leadership.

~~~
Aaronn
Legacy in this case is just referring to the API that was used to build the
add-on. Also I assume you realize gorhill (who posted this sentence) is the
person who created uBlock Origin, he is not a Mozilla employee.

------
TekMol
As a long term Firefox user, I am totally shocked.

------
xinayder
They are probably adding a new section in their privacy policy right now that
includes the mess they made.

------
snakeanus
I find it quite amusing how the new web extensions are unable to block this in
comparison to the "legacy" ones. [https://github.com/mozilla/addons-
frontend/issues/2785#issue...](https://github.com/mozilla/addons-
frontend/issues/2785#issuecomment-314807534)

I am really wondering why they want to replace xul addons with the web
extension ones when they are so weak compared to the xul ones?

~~~
anonymousab
>when they are so weak compared to the xul ones

To many, I suspect that is the prime intent.

~~~
Silhouette
So far, the only difference I have noticed is that some useful add-ons that
made Firefox significantly more attractive than some other browsers no longer
work.

The single biggest loss for me personally has been the ones that would save
unsubmitted form content in case of crashes, accidental window/tab closure,
etc. When I checked recently, there no longer appeared to be any add-on
available that provided this valuable functionality.

~~~
dotancohen
Also Tree-Style-Tabs is no longer supported. TST arranges the browser tabs in
a vertical hierarchy, which has the dual benefit of logically arranging the
tabs themselves and providing more vertical space (important on a 16:9 aspect
ratio monitor).

~~~
uAntabaka
There are sidebar tab WebExtensions, including one rudimentary one which
supports tree indentation.

I even contributed to one this morning that is quite attractive, called Tab
Center Redux.

------
Charismatic
Without elaborating on opt-in or opt-out, there is one clear fact: A user that
has telemetry disabled has clearly stated that he does NOT want to "Share
performance, usage, hardware and accusation data about your browser with
Mozilla". [https://support.mozilla.org/en-US/kb/share-telemetry-data-
mo...](https://support.mozilla.org/en-US/kb/share-telemetry-data-mozilla-help-
improve-firefox)

If you do this add-on tracking despite this option is turned off, this is a
clear breach of trust. If I have this option off, then I expect that exactly
such a tracking of usage and customization like described above is NOT
happening.

------
tomjen3
This seems more and more common with desktop software. Any way in which we can
poison the collected data? Just turning it of does not seem harsh enough.

------
AmVess
Tofumatt wrote "we will not be removing analytics support entirely. It is
extremely useful to us and we have already weighed the cost/benefit of using
tracking."

Which reads a lot like "they are giving us a pile of money to breach your
privacy, so to hell with you."

~~~
shostack
More like "it is really critical that we understand how users engage with our
product and we need a solid way of tracking that. GA is practically an
industry standard."

~~~
kuschku
And the cookie notice is also an industry standard, so that I know on which
sites to use uMatrix to manually block the scripts.

I didn't expect that I'd have to do that on an about: page.

