
When it comes to privacy, default settings matter - nachtigall
https://blog.mozilla.org/blog/2019/06/04/when-it-comes-to-privacy-default-settings-matter/
======
dantiberian
Mozilla didn't mention this in the article, but the study they referenced had
an astounding statistic proving their point about default settings.

> Chrome and Safari are the two most prevalent browsers in our data, with
> Chrome being associated to about 43% of the ad transactions and Safari to
> about 38%. _About 73% of the ads shown on a Safari browser do not have a
> cookie associated, whereas on Chrome this is the case about 17% of the
> time._

> The difference is probably due to different default tracking settings across
> the two browsers, with Safari impeding, by default, third-party tracking
> cookies being set on the user’s machine (the user has to explicitly allow
> the usage of third-party cookies)

[https://weis2019.econinfosec.org/wp-
content/uploads/sites/6/...](https://weis2019.econinfosec.org/wp-
content/uploads/sites/6/2019/05/WEIS_2019_paper_38.pdf)

------
cromwellian
[Googler, but this is just my own musing] Here's a theoretical question, if
all third party tracking cookies were blocked, wouldn't that strengthen
Google's position in the ad market and weaken all of the third party ad
networks?

Google gets most of it's revenue (~70%) from it's first party sites, and stuff
like AdSense could be made to work without cookies, and given Google's size in
the market, people would switch to whatever ad embedding format they required.

But smaller ad networks won't have that power, and don't have huge first party
sites either. So in a way, if Google jumps onboard this bandwagon in Chrome,
they could be accused of doing it to strengthen their own position, the same
way adopting Apple's extension/ad blocking restrictions in Chrome, led people
to accuse them they're trying to sabotage ad blockers, instead of trying to
reign in a toxic hell stew malware from overly permissive extensions.

~~~
scarface74
I am not a Googler and have been a long time critic of any business model that
is not “I give you money and you give me stuff.”

That being said, I defended Google’s choice of implementing ad blocking
extensions using an approach similar to Apple’s because I inherently don’t
trust random third party extension makers that can intercept all of my web
browsing. I also don’t trust VPN providers to protect my privacy but that’s a
rant for another day.

~~~
sbov
I don't trust random third party extension makers either. That's why I don't
go around randomly installing extensions.

~~~
scarface74
Even if you do trust the extension maker at the time you installed it, how
many times have malware makers bought formerly trustworthy extensions?

[https://arstechnica.com/information-
technology/2014/01/malwa...](https://arstechnica.com/information-
technology/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-
filled-updates/)

I’m very careful on what gets installed on my work Windows laptop and I rarely
use my home computer. I’m usually on my iPhone or iPad. There, I install any
random app because I know the permission model only allows so much.

------
Tepix
This step is overdue and i applaud Mozilla for doing it. But:

Why doesn‘t Firefox block _all_ 3rd party cookies by default? That would be a
huge win for privacy. Yes, some sites would break. But if Apple can do it with
Safari, Mozilla can do it with Firefox.

Be brave! Do it!

~~~
ianbicking
When sites break, people leave Firefox. No amount of explaining or media
changes that: the number one (by far) reason people leave a browser is because
a site is broken.

~~~
smacktoward
Yes, this. Anyone who was around for the launch of Windows Vista could see
this effect in action.

Vista's added security measures like UAC
([https://en.wikipedia.org/wiki/User_Account_Control](https://en.wikipedia.org/wiki/User_Account_Control))
broke a lot of poorly coded Windows applications that didn't bother to follow
the rules of the platform.

Who did the users blame when those apps broke? Microsoft.

Why? "It worked fine until I upgraded to Vista!"

Sigh.

~~~
fwip
Further evidence: Windows 7 wasn't even that much of a change from Vista. The
main differences were 1) software had adjusted to deal with UAC and 2) new
laptops were more powerful. But most of the good new architectural features
had premiered with Vista.

I think they did improve the UAC situation with Vista SP1, if memory serves.

~~~
mehrdadn
> Further evidence: Windows 7 wasn't even that much of a change from Vista.

I seem to recall Vista was way more sluggish than 7 on the same machines.

~~~
paxys
Most of the anecdotal evidence was comparing a laptop running with years'
worth of bloated software to a fresh install. No surprise that Windows 7 came
out ahead.

~~~
mehrdadn
I was referring to my own experience of fresh installs of both.

------
stemuk
When it comes to the greater public, default settings might as well be the
only available setting. Apart from a few 'techies' most people will never even
touch the default settings out of the naive belief that "the default setting
is what's best for me".

As an alternative approach I would suggest empty settings to begin with,
forcing the user to think about their preferences on first use.

~~~
selebrazin
That would only work if every browser implemented it but for the average user,
choosing between a blank-slate approach where they have to parse through
terminology they don't understand, and an alternative offering "sensible"
defaults, I suspect most users would just pick the easier latter option.

~~~
mikro2nd
Perhaps there's a middle ground. Give users a range of options (say 3 to 5)
that aggregate the settings, ranging from " _I don 't really care about
privacy_" to " _I wear a tinfoil hat to bed_ ", along with pointers to where
and how they might wish to delve deeper into more detailed settings. It can't
be that hard...?

~~~
slavik81
If you put a big scary decision as the first thing users see, many will just
close the browser because they don't know what they should pick. When they
open a different browser that doesn't present them with that choice, they may
conclude that it's not a problem on that other browser.

------
rolph
"Today marks an important milestone in the history of Firefox and the web. As
of today, for NEW USERS who download and install Firefox for the FIRST TIME,
Enhanced Tracking Protection will automatically be set on by default,
protecting our users from the pervasive tracking and collection of personal
data by ad networks and tech companies."

this gives me the impression that Mozilla is trying to pull in a bunch of new
recruits, also does this mean upgrades or repetitive DLs will not have this
~privacy by default?

~~~
pbhjpbhj
So they're killing the Google relationship? I mean something called "Enhanced
Tracking Protection" would have to disable any sending of data to Google (or
anyone, except the server as required to get the data requested), surely?!?

~~~
roca
Google might not be happy about this move, but historically Google has paid
Mozilla to be the default search engine in Firefox, which doesn't require
Firefox sending any data to Google (apart from actual search queries,
obviously).

------
sciurus
There's some discussion of how this ties into Mozilla's mission at
[https://blog.mozilla.org/blog/2019/06/04/the-web-the-
world-n...](https://blog.mozilla.org/blog/2019/06/04/the-web-the-world-needs-
can-be-ours-again-if-we-want-it/)

------
blitmap
The thing that absolutely pisses me off is how I try to be actively aware of
what settings I disagree with and disable things I don't like - and then an
unseen update resets things to default.

HOW MANY TIMES MUST I UNCHECK WHAT TO SYNC TO MY ACCOUNT? YOU WOULD THINK THAT
IS SAVED PERSISTENTLY.

I think my qualify of life on Firefox would be improved greatly if a notice
popped up saying some of my settings were reset to defaults because of
breaking changes (or minor). Like they give a crap.

~~~
nullandvoid
Not sure why the down votes that would sure piss me off. I'm very conscious of
what I want synced and it only takes a single bug like that to throw away all
the effort to keep things separated

------
basscomm
> In fact, nearly 25% of web page loads in Firefox take place in a Private
> Browsing window.

If Mozilla knows that, then Private Browsing Mode isn't as private as it could
be.

~~~
nsuser3
The total amount of loaded pages in Private Browsing doesn't really have to be
private?

~~~
sp332
As long as the data is aggregated and not tied to individual users, I'm ok
with it.

~~~
tomschlick
Thats exactly what firefox telemetry data is. It collects things like % of
requests over HTTPS, % over IPv6, etc and sends anonymized stats to Mozilla.

~~~
satokema_work
But at the end of the day, I'm just taking someone's word for it that this is
all they send, and assumes that it won't change over time in a browser that
regularly updates itself.

It'd be a lot more acceptable if there was an option to show me "This is the
exact telemetry payload we want to send to Mozilla." And even then you are
taking someone's word for it that there isn't some other piece of data hidden
in a hash or something, or that the browser isn't secretly sending data.

I'm not quite paranoid enough to do the full monitoring of all network
traffic, but how do I reasonably know what is going on without listening to
traffic/watching memory at all times? In the end, I'm trusting a faceless
corporation that is attempting to put on a facade of trustworthiness.

The only trustworthy computer is an unnetworked one.

~~~
mintplant
> It'd be a lot more acceptable if there was an option to show me "This is the
> exact telemetry payload we want to send to Mozilla."

There is! Navigage to about:telemetry in Firefox.

------
AsusFan
The irony is strong with this one.

By default, Firefox:

\- Collects a bunch of telemetry data via several mechanisms and ships them to
Mozilla HQ

\- Provides Mozilla with remote code execution privileges on your machine via
the shield (or normandy, or whatever they are calling it these days)
mechanism, which can install and uninstall extensions and certificates, change
browser settings, etc

\- Uses Google as the default search engine, and search suggestions leak
private data to Google

\- Uses Google Location Services for their geolocation thingy, which -
unsurprisingly - phones home to Google

\- Ships closed source third party add-ons

\- Comes with a bunch of "about:config" settings configured in sub-optimal
ways, privacy wise - battery API enabled by default, accept all cookies by
default and so on

Sure, Chrome is worse, but bringing that up that is like arguing that your
pile of manure is better because it doesn't smell as bad: in the end, you are
still arguing about shit.

~~~
opencl
There are some valid privacy complaints about Mozilla but I think they are
severely overblown by a lot of people.

Mozilla is very up-front about exactly what telemetry data they're collecting
and what it's used for, there's even a pop-up when you first install the
browser about it telling you what's collected and how to disable it if you
want to. And then when Mozilla makes decisions based on telemetry like
removing features that 2% of people use the people who disabled telemetry
complain that Mozilla is ignoring their opinions.

The optional syncing service is end to end encrypted so Mozilla can't see the
data you're syncing.

Shield is a valid complaint, I am not a fan of it being opt-out.

Search suggestions are disabled by default in private browsing mode and
probably a feature most people want anyway. Your query gets sent to the search
engine when you hit enter either way.

The battery API was completely removed from Firefox two and a half years ago,
that particular complaint is very outdated. Firefox has been tracking cookies
by default for a while now too. More strict cookie policies would just annoy
the vast majority of users.

~~~
xvector
> Mozilla is very up-front about exactly what telemetry data they're
> collecting and what it's used for,

I consider myself relatively technically inclined. When I started using
Firefox, I absolutely did not know about

\- Normandy as an RCE engine to install arbitrary extensions and customize
random settings

\- Google Location Services as the location backend

\- Which about:config settings I need to change for a reasonable expectation
of privacy

~~~
orbital-decay
Didn't you already trust Mozilla to execute their code on your machine when
you installed the browser, in the first place? And to do it remotely with
auto-updates.

~~~
jedberg
There is a big difference between them being able to activate a connection to
my machine at their whim and execute code, vs me downloading their software or
an update _at a time of my choosing_ , especially since if I am very security
conscience I can wait until an updated has been audited or tested.

With a remote code execution engine, someone could hack into their backend and
then start running malicious code on thousands or millions of machines. If
they compromise a software update, at least there is a chance it can be caught
before it gets to me.

~~~
Kalium
There's a config-flag to turn it off. You could even deploy that enterprise-
wide.

That said, every auto-update system is essentially an RCE system. For highly
exposed and security-sensitive applications like browsers, the auto-update is
a net win in many deployment scenarios.

~~~
scarface74
Isn’t it kind of ironic that you mention a user flag to turn off telemetry
that is on by default on a post about “defaults matter”?

~~~
Kalium
Yes.

Telemetry and auto-updates are important enough that having them on by default
isn't wildly unreasonable.

~~~
scarface74
Auto updates yes for security. But why would telemetry be important to the end
user - especially for a “privacy focused browser”?

~~~
Kalium
[https://docs.telemetry.mozilla.org/concepts/choosing_a_datas...](https://docs.telemetry.mozilla.org/concepts/choosing_a_dataset.html)

The nice thing is that you don't have to ask. You can look for yourself.
Mozilla's pretty transparent about what they have and what is in it.

Turns out telemetry is good for things like finding / addressing crashes and
seeing if updates have gone out properly.

Also, I seem to recall being explicitly asked if I wanted to participate. But
my memory could be failing me.

------
lotu
WARNING advertising SWE insider

I don't like how the opening line of article exploits the fact the average
person does not know cost of average online ad to make it appear like tracking
has basically no value.

>... data about you was transmitted to dozens or even hundreds of companies,
all so that the website could earn an additional $0.00008 per ad.

For the reader to be able to accurately understand how much money this is they
need to know the percentages.

Very roughly (this varies widely based on the country and websitem) the
average online ad only costs ~$0.0005, so that insignificant $0.00008 is
around 10-20%. If the article had presented the exact same information but
instead framed it in the form of revenue available to pay employees at an
online company dependent on advertising, this would sound very different while
really conveying the same concept.

Edit: I read the linked study and the data they used had an average cost per
add of $0.001 putting the difference around 4%. This is smaller than I would
have predicted. I would still rather they have lead with this number.

~~~
zbraniecki
My personal problem with the model is not how much they make, but rather the
intentionally hidden relationship they develop with the user. If the
relationship is - you get the article, we get to show you an ad that gives us
a chance to sell you something and make money on it, which is ~$0.00008 - that
would be clear.

Even if the relationship was - you get the article, we get the above plus
we'll collect some bits of information about you that we explicitly list. The
ad itself will give us ~$0.00008, and the collected data another ~$0.000007 -
that would be ethical imho.

But the real model is - we give you an article, and in return you sign a blank
document that allows us to collect all the possible data and try to maximize
the amount of money we can make on it. You step into it today, but we are not
comfortable putting any price point on this agreement because we bank on the
idea that in the future we'll make more as we increase our grip over
understanding of user behavior and improve our ability to monetize it in any,
potentially unethical way. The reason companies hide the nature of the
relationship is because their business models are built around the assumption
that the data collection will generate increasing amount of revenue in the
future. And since there's no way for you to understand the relationship, or
step out of it, you're entering it with information disadvantage, and there's
no turning back. I hope you can see how this approach is by design hostile to
users and the Internet as a public plane.

------
anordal
When it comes to everything, default settings matter.

------
Despegar
I'm amused by this because when I called Mozilla out a few days ago, I got a
bunch of downvotes [1]. Plus one of the top comments was a subtweet of mine.

[1]
[https://news.ycombinator.com/item?id=20055322](https://news.ycombinator.com/item?id=20055322)

~~~
craftyguy
> Please don't comment about the voting on comments. It never does any good,
> and it makes boring reading.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

