
Dear Mozilla, stop watching me - emilis_info
http://emilis.github.io/privacy/2013/06/16/mozilla-stop-watching-me.html
======
sinak
tl;dr: We built this site on a really tight time constraint, and had to use
Blue State Digital to process emails and store personal data, hence the
tracking codes.

I helped build stopwatching.us as part of the coalition of organizations and
individuals in support, and thought I'd give a quick bit of insight into why
the tracking stuff is in there.

When we came up with the idea for the site last Friday, we quickly realized
that one of the trickiest parts to manage would be the privacy policies of the
different organizations involved. There's over 80 different partners, and
about 6 different core organizations involved. Mozilla and EFF in particular
have really stringent legal conditions and privacy policies for any sites they
promote, and we needed to make sure we abided by them.

On Mozilla's end we needed to have some way of collecting and storing emails
and personal information that would get through their legal department
quickly. Since they've used Blue State Digital in the past and screened both
their technology and privacy policy, that was deemed the fastest way to make
things work.

BSD includes things like the email tracking code automatically, and as far as
I know there's not an easy way to strip that stuff out. Hence the tracking
stuff in the emails.

~~~
emilis_info
I am very glad that Mozilla takes privacy so seriously. I am glad it was a
conscious decision. Also: I noticed the tracking codes in the email using
Mozilla Thunderbird.

By the way: the email I got was probably sent to Mozilla supporters, not to
StopWatching.us signatories (although it seems they use the same From
address).

However, in the light of this privacy crisis, I think Mozilla should take time
and think some more of what could be done.

It doesn't look good anymore that the fastest solution was to choose a
technology provider that uses recipient tracking. It is bad that BSD privacy
policies probably don't stand a chance against a government request with a gag
order. I can only hope that the privacy policy treats US and non-US citizens
alike. I can also hope that the screening checked that BSD systems don't store
too much data about the recipients.

------
nostromo
I think we should learn to pick our battles.

 _Email itself is 100% insecure._ You should assume that 100% of your email is
available to the intelligence community. (There's a reason Petraeus never
_sent_ any email to his mistress. According to William Binney, the NSA keeps
copies of all emails sent to or received in the US.) So, they already know
this email was sent to you.

 _Stopwatching.us is going to present your signature to Congress anyway._ If
you're paranoid about the US government, it doesn't make sense to sign the
petition.

The only additional data they can receive from this innocent tracking code is
that you read the letter (if you decided to display images) and that you
clicked on a link (if you in-fact did).

The intelligence community could conceivably do a lot of terrible things with
everyone's phone records, everyone's Facebook data, everyone's Google
searches... but if you want to remove measurement completely from the web,
that's a bridge too far.

~~~
mike-cardwell
Where you see "innocent tracking code" some people see "exploiting a hole in
the way a piece of technology works to obtain information about people that
they don't expect you to be able to obtain, and never gave you permission to
collect"

~~~
lelandbatey
I don't know. It's a bit like saying Sherlock Holmes invades your privacy
because he's naturally more observant.

~~~
mike-cardwell
The information:

    
    
      1.) Whether an email was opened
      2.) When it was opened
      3.) What IP was in use when it was opened
    

Is not public.

The fact that the sender of an email can exploit a loop hole in the technology
so that they can gather that information, and the fact that it is commonly
exploited to do so, does not make it ok.

I would agree with your Sherlock Holmes analogy, but only if being "naturally
more observant" falls within the category of climbing through somebodys
bedroom window, hiding under their bed and observing what they're doing
without them knowing you're there.

~~~
qu4z-2
In fairness, that sounds like something Sherlock Holmes would very plausibly
do. Then again, we all know he's kind of an ass, if a lovable one.

------
swombat
Mozilla is effectively the only player in the browser space that I still feel
I can trust not to have commercial motives to hoover up data about me. That's
why I've switched to Firefox since the NSA scandal started.

I think they could do worse, strategically, than take a strong, consistent
stance throughout their product(s) and communications, to make Mozilla _the_
browser and email client of choice for those who don't want to leave a huge
slimy trail of cookies and web bugs for anyone who's interested to track.

Worth noting this is not saying that either Safari or Chrome are worse
browsers in general, or that they have security holes to feed the NSA machine
- but any piece of data that a US company has about you is a piece of data
that could be passed to the NSA under a FISA order, or even a future law
change a decade away from now.

The fewer of those pieces of data you create, the better, imho.

~~~
jmilkbal
Mozilla are the only ones without a hidden modus operandi. They make a web
browser and have become the organization to trust because their mission is
make the web a better place. Google want to sell ads and do everything in
their power to bombard its users about whom they so desperately needs to know
everything. Apple and Microsoft are busy creating lock-in. I don't actually
understand how any one knowing about these and knowing what a force for good
Mozilla strives to be could possibly use anything but Mozilla products. We are
implicitly telling these companies that we accept their behavior. The same
attitudes about deomcracy, "how can my single voice mean anything", applies
just as much to corporations and using their products and sending money to
them. It's a plague and we can work against. You just have to (at least in the
context of this thread) spend a few seconds to go back to the browser with
your interests at heart and quit destroying the web for the rest of us.

------
emilis_info
Author here.

My purpose with this post is _not_ to expose Mozilla, but to show how deep
many of us are in this business. I admit I am guilty of similar practices
myself.

I think we should use this privacy crisis to stop and rethink what are we
_gathering_ about our users, how are we doing it, can we really guarantee
their privacy in our countries and on technological platforms we use.

If you really care about your users, think before gathering any of their data.
It may end up somewhere you or they do not want.

~~~
ndesaulniers
> My purpose with this post is not to expose Mozilla, but to show how deep
> many of us are in this business.

Do you think you could have chosen a better title to reflect this?

~~~
emilis_info
I think so. At least I would like to have added "please" at the end.

I am sorry. My only excuse is that my two kids were running around disturbing
my ability to focus.

BTW: I am a big fan and a user of what you do. I think Firefox OS is one of
the technologies that will help us reclaim some of our freedoms and privacy
back.

------
QUFB
It looks like Mozilla outsourced their tracking to a third party, Blue State
Digital[1].

    
    
      $ host sendto.mozilla.org
      sendto.mozilla.org is an alias for secure-mozilla-1.bsdtools.com.
      secure-mozilla-1.bsdtools.com has address 66.151.230.193
    

[1] [http://www.bluestatedigital.com/](http://www.bluestatedigital.com/)

~~~
emilis_info
It seems so.

On the other hand I outsourced my blog tracking to Google Analytics. I am
guilty of the same crime.

Do you do that too?

I have now removed Google Analytics code in my blog until I will find an
alternative that keeps my visitors data more private:
[https://github.com/emilis/emilis.github.com/commit/ad40981a4...](https://github.com/emilis/emilis.github.com/commit/ad40981a4fa6caae7ef9e59d9c996bf4883166c9)

~~~
toni
Have you seen Piwik Analytics[1]? It's an open source web analytics app (much
like Google's) that you can run on your own server.

[1] [http://piwik.org/](http://piwik.org/)

~~~
LeonidasXIV
Or why do you even need to track? I have disabled tracking in my web server
and I am not really feeling missing out on the user statistics on my puny
blog.

There's also the possibility of saving the data for a shorter time period if
you really need it, like to detect attacks and such.

~~~
kefs
Tracking actions not related to specific individuals is still extremely
valuable information.

------
reedloden
Only the HTML version of the newsletter uses tracking links. If you want
"tracking-free" e-mails from Mozilla, sign-up for the plain text version. See
[https://bugzilla.mozilla.org/show_bug.cgi?id=772788](https://bugzilla.mozilla.org/show_bug.cgi?id=772788)
for details. :)

~~~
pvnick
Hey Reed! Good to see you're still with Mozilla

------
salman89
Where do we draw the line as companies in terms of user data collection?
Should we stop tracking our users entirely?

Government eavesdropping aside, I see the internet as just another form of
communication. Anytime you talk to someone, you are entrusting them with
whatever you are communicating to them. If you knew a friend doesn't keep
secrets well, you probably wouldn't tell them any secrets. When Mozilla sends
you that email with the tracking links, you are entrusting them with that
data, and are hoping that the data leads to a better relationship between them
and you or offers some mutual benefit.

What is different in internet communication is that it is hard for a user to
determine what company is trustworthy and when that trust has been violated.
Most users also simply don't care when that trust has been violated - no one
should like that their user data at some level is sold to advertisers by
Facebook, but that won't stop them from using it (I myself am guilty of this).

Should tech companies not collect user data in the fear that a 3rd party may
one day steal that data? Or should they not collect user data for some other
reason?

~~~
Volpe
> Where do we draw the line as companies in terms of user data collection?
> Should we stop tracking our users entirely?

Well then "Login" would stop working. I think there is no universal line. Just
inform users of what you are collecting.

------
jmilkbal
Mozilla observing the effectiveness of their campaign is not the same as
building a complete profile on you. This is quite different from using a phone
with Android or iOS or using Chrome whose primary goals are such. Be safe out
there, use Mozilla products and have a little faith. Mozilla is the only
mainstream force for good in its area.

------
SunboX
"Yes, saw. Is covered by opt in privacy policy and only used in aggregate, but
looking into how we use and whether it's DNTable."

Source:
[https://twitter.com/msurman/status/346564623539003393](https://twitter.com/msurman/status/346564623539003393)

------
GigabyteCoin
Is Mozilla really "watching" you? Or perfecting their UI design flow?
Considering they are one of the groups who created StopWatching.us I would
imagine it's the latter.

That tracking image is just trying to see how many people opened the email.
And yes, they can tell you opened the email. So what?

The tracking of links is simply trying to gauge popularity for each link in
the context of what the email was about.

The reason they're watching you click things in the email you willingly signed
up to receive, is because they want to keep you as a subscriber and not anger
you by sending pointless emails that you never interact with.

Written from my Firefox browser.

------
zobzu
I don't think these sites are formally hosted or run by Mozilla. They probably
just support the outcry "lets asks govts to stop watching us"

They certainly should think twice when they redirect a DNS overnight.

------
namank
You're wanting to do away with the whole concept of analytics.

Though I've often pondered over the implications, I'm not convinced that not
gathering analytics is the solution here. This is not too far from the debate
about AK-47 - would it be better if the gun had never been invented? How about
nuclear power?

The point is that analytics are the way of the future, the differentiation
lies in the purpose for which you leverage them.

~~~
derleth
> You're wanting to do away with the whole concept of analytics.

How about making analytics opt-in?

~~~
Volpe
aggregate data of usage is not a breach of privacy, it's only when I have
individual data about someone that privacy becomes an issue.

Perhaps analytics needs a standard for how they are stored (i.e only store
aggregates, not individual records)

~~~
uptown
But as systems become more aware about the profiles of their visitors - it
will become easier to ascertain who the specific individual is that is
accessing your site. In some cases, this is already a possibility.

[http://www.gabrielweinberg.com/blog/2010/05/a-fb-ad-
targeted...](http://www.gabrielweinberg.com/blog/2010/05/a-fb-ad-targeted-at-
one-person-my-wife.html)

Now imagine a marketplace where Google, Facebook (or somebody that can connect
an authenticated user to a digital "fingerprint" of their machine based on
browser metrics, installed fonts, ip address, etc.) can answer the "who"
question for partner sites willing to buy that information. Visitor-
identification as a service.

~~~
lfuller
Is this not exactly what Facebook, Google, and Twitter do with their tracking
cookies? They figure out what you are interested in based on analytics
regarding the sites you visit (obtained through multiple different methods),
then sell that data to advertisers.

~~~
uptown
They sell access to those people. They don't provide specific identity
information about those individuals. The Facebook example I posted shows how
somebody was able to specify granular-enough parameters to focus on one
individuals, but this type of targeting wouldn't work for everyone. I can
imagine a day when this type of targeting is offered more-proactively.

------
jasonlotito
I wonder if I was the only amused by the OP's use of Quantcast for tracking on
that page, as well as allowing other 3rd parties like WordPress, Twitter, and
IntenseDebate to track users as well.

The point is well and good, but those in glass houses should be careful when
throwing stones.

~~~
Amadou
Part of the problem is that it so many of the tools available have tracking
embedded in them. The mozilla guy who posted about how this came to be hit on
it - they used a service for email that tracked by default and made it
difficult, if not impossible, to disable the tracking.

This situation is the inevitable result of an industry that is built on
advertising dollars. All of the tools are designed with that in mind and they
crowd out tools that don't support that business model.

------
rasterizer
You are overreacting, not to mention reaching the wrong conclusions from these
NSA reports. The problem isn't measurement, that is a cornerstone of
engineering (and of everything else really), the problem is government
overreach.

It's almost as insane as that piece in Slate claiming that Hadoop is evil
because it enabled large scale data analysis
([http://www.salon.com/2013/06/14/netflix_facebook_and_the_nsa...](http://www.salon.com/2013/06/14/netflix_facebook_and_the_nsa_theyre_all_in_it_together)).
Technology is not the issue.

This newly found aversion to tracking and measurement is a stupid knee-jerk
reaction to the news.

~~~
derleth
The problem is opt-out instead of opt-in. If measurement and tracking are so
benign, tell people you're doing it and allow them to agree or disagree, on an
opt-in basis. Otherwise, it's not benign.

~~~
Amadou
There is still a problem with opt-in in that most people are not cognizant of
the risks and so are unable to make an informed choice.

