
Firefox Personal Data Promise - sciurus
https://blog.mozilla.org/firefox/firefox-data-privacy-promise/
======
lucideer
It's great to see this recent marketing initiative from Mozilla to frame
themselves as a privacy-first company. Mozilla has always been considered by
the community as an organisation that _should_ respect the privacy of their
users, but there hasn't until now been such direct public statements to that
effect to point to.

Mainly I hope this can now be pointed to by Mozilla/Firefox users as a set of
standards that should be followed when Mozilla devs put in place measures that
infringe users' privacy or don't do enough to protect it.

Right now, [https://mozilla.org/](https://mozilla.org/) sets 15 Google cookies
and 12 Google localStorage tracking values when you visit it. Mozilla's
previous statements[0] justifying this have been fairly weak. I really hope
this new PR initiative gives some extra leverage to those asking for change.

[0]
[https://groups.google.com/forum/#!msg/mozilla.governance/9IQ...](https://groups.google.com/forum/#!msg/mozilla.governance/9IQvIubDOXU/0tWVVlrUJOQJ)

~~~
wayneftw
It's interesting to me how you can call out this post and recent others as a
"marketing initiative from Mozilla" without any apparent backlash (as of yet),
but when I called it "brigading by Mozilla supporters and fans" on multiple
other threads I was completely removed from the conversation. Is there really
a difference?

Is this the sort of story that casual users or even avid fans of the browser
would organically promote? That's the logic that I was handed in some of the
responses to me. Am I that out of place to assume that the following is how it
goes down? 1.) The marketing/evangelical folks at Mozilla create a story and
post it here and elsewhere. 2.) They put out a call to all their supporters in
various channels to come and help promote the story (and keep other commenters
in line apparently)...

I think the problem is that comment forums always optimize towards showing me
what the _currently active mob /majority thinks_ about a topic rather than
sorting things towards my own personal tastes. I'd much rather see a rating
system that weights posts/topics and comments based on my history. For
instance: if I've promoted a certain topic in the past, put it higher. If I
typically promote a given user, put their comment higher. If I typically
promote a certain user who promoted another comment, put that comment higher.
And so on. Basically censor the stuff I usually disagree with instead of
allowing mob rule. [1]

I don't see the point of trying to make everybody see the same truth because
that's not how real life works. Mostly, people tend to live in tribes.
Wouldn't it be nice if the Internet wasn't always in your face telling you how
wrong you are? IMO, such systems would put a chill on the global culture war.

[1] - This might be the perfect problem for a graph database. If anyone wants
to work on something like this, let me know how to contact you and I'll give
you all of my ideas!

~~~
feanaro
So, in other words, you want the internet to help you cement yourself in your
current positions?

~~~
wayneftw
Nope. Just trying to live my life without constantly being pitched to.

Are you advocating for mob-mentality?

~~~
feanaro
No, I'm advocating for plurality of opinion, exposure to new information and
constant challenging of my own viewpoints.

My reasoning is that, at any given point in time, I am wrong about a great
number of things. I fear that any algorithm that learns to present me
exclusively with the content I _like_ (i.e. which elicits the least emotional
objection) is going to hide all things that might correct my current errors.

~~~
wayneftw
> No, I'm advocating for plurality of opinion, exposure to new information and
> constant challenging of my own viewpoints.

Good for you! Now, how about letting people get challenged and exposed to new
information at a time and place when they choose to instead of constantly? I
like camping and hiking...but I'm glad I get to go home to my comfortable
house most of the time.

People are currently starting to gravitate more towards small group chats on
WhatsApp and similar and away from places like Twitter and Facebook. I wonder
why? Could it be it's because they don't want what you want 24/7?

I think so.

And the system you're advocating for, the current one, is obviously way more
susceptible to being gamed. As you can see here all it takes is a small mob
and a marketing push to get your unpopular browser on the front page 5 times
this week. The system I want isn't susceptible to that in the slightest (but
if I want to go look at things that I might not agree with, I'm still able to
- that's my whole point: User in control, not some timely mob).

~~~
feanaro
> People are currently starting to gravitate more towards small group chats on
> WhatsApp and similar and away from places like Twitter and Facebook. I
> wonder why? Could it be it's because they don't want what you want 24/7?

Are they and does this have anything to do with exposure to conflicting
opinions? Proper studies would be needed to determine this conclusively. After
all, this is how it used to be, before Facebook and Twitter appeared and
became widely popular _not that long ago_.

> And the system you're advocating for, the current one, is obviously way more
> susceptible to being gamed.

I'm not advocating for any system, this is just how life is: you undoubtedly
encounter opinions which are not aligned with your own. You will also be wrong
a lot of the time. That's nothing to be afraid of. You certainly don't need to
build a sheltered city to hide from this.

> The system I want isn't susceptible to that in the slightest (but if I want
> to go look at things that I might not agree with, I'm still able to - that's
> my whole point: User in control, not some timely mob).

Except this doesn't really work in the general case. It's both intuitively
familiar and well researched that it is really hard to change someone's mind
and opinions are very inert.

Furthermore, I don't really see why it would be useful to expend significant
energy to shelter yourself from opposing opinions. Simply to avoid emotional
discomfort? If you're not in the mood for it in a certain moment, simply not
reading online forums and going for a walk or picking up a book seems like a
better option.

------
dogecoinbase
I love Mozilla, but it's difficult to take this seriously while they're still
partnering with Cloudflare on in-browser resolvers that bypass my local DNS
resolver and expose my lookups to Cloudflare:
[https://blog.mozilla.org/futurereleases/2019/04/02/dns-
over-...](https://blog.mozilla.org/futurereleases/2019/04/02/dns-over-https-
doh-update-recent-testing-results-and-next-steps/)

~~~
seieste
DOH makes Pihole ineffective.

~~~
sjwright
Pihole is redundant in Firefox with uBlock Origin.

------
evmar
Where in this page is the actual promise? Is it the "take less" bit? That is a
surprisingly weak statement.

I think almost all of the statements made here are worded vaguely enough that
could be equally have been claimed by Google, e.g. "never sell ... your info"
/ "only data we want is ... data that serves you in the end". But I think
Mozilla's actual intended position is pretty far from Google.

~~~
afiori
It is the same claimed position maybe, but Google consider targeted ads a
service to users

~~~
pbhjpbhj
Mozilla do too though, for example for Hello, or Pocket? They also have an
advert for Firefox Mobile on desktop browsers. So Mozilla's ads are clearly
_de minimis_ in comparison, but they don't disagree on the prinicple of
targeting ads to users (even after they've expressed a preference to receive
no advertising).

------
mondoshawan
How about "take nothing" instead of "take less"? No PII should be "taken"
anywhere. They're a browser -- a platform -- and as such they should be taking
great strides to prevent collection of anything at all by applications running
on that platform.

~~~
dblohm7
Most of the data that is collected by Mozilla is _not_ PII.

See our data collection guidelines:
[https://wiki.mozilla.org/Firefox/Data_Collection](https://wiki.mozilla.org/Firefox/Data_Collection)

~~~
mondoshawan
It's good and all that you have a policy, but the fact remains that you have
the ability to make exceptions for collecting PII in category 4. That's what I
mean by "don't collect" \-- this stuff isn't your data. Get your mitts off it.

~~~
sciurus
You make it sound like we could decide to have Firefox collect your PII
without your consent. We won't. The standards for the collection of category 4
data are

"Default off. May be eligible for opt-in data collection by specific users,
provided there is (i) advance user notice (ii) consent and (iii) an opt-out."

The only collection of this data that I'm personally aware of is the Firefox
Pioneer program.

[https://support.mozilla.org/en-US/kb/about-firefox-
pioneer](https://support.mozilla.org/en-US/kb/about-firefox-pioneer)

(Disclosure: I work for Mozilla)

------
AdmiralAsshat
Pocket is notably _absent_ from the "Firefox Family". Perhaps because they
can't make that same personal data promise?

~~~
lucideer
Funnily enough, the Pocket logo is present in the thumbnail for the Firefox
Family video on [https://www.mozilla.org/en-US/](https://www.mozilla.org/en-
US/) Pocket does not however feature in the video (which is unironically
hosted on that Google video hosting platform...)

~~~
jeena
That's really weird that they don't host the video themselves but instead on
YouTube and send all their users (who go on that webpage) automatically to
Google.

~~~
afiori
No it's not,

------
MaximumMadness
Firefox is really doubling down on their positioning vs Google, I feel like
every day I see a new privacy-focused promise or tool on the front page from
Mozilla

~~~
sjwright
It was a perfect time to strike while Google is being seen to make anti-user
decisions with Chrome and ad-blocking add-ons. I don’t know if it was a
coincidence but the timing was excellent.

------
atklp
Looks like they conveniently forgot of when they sent the entire browsing
history of some users to a third party advertisement agency. Thanks for
protecting my privacy, Mozilla! Looking forward to your next surprise.

[https://blog.mozilla.org/press-uk/2017/10/06/testing-
cliqz-i...](https://blog.mozilla.org/press-uk/2017/10/06/testing-cliqz-in-
firefox/)

------
Zhenya
Is there a place where I can see everything they promise to keep safe about
me?

------
cdransf
I wish they didn't use G Suite:

``` <<>> DiG 9.9.7-P3 <<>> mozilla.org mx ;; global options: +cmd ;; Got
answer: ;; ->>HEADER<<\- opcode: QUERY, status: NOERROR, id: 42182 ;; flags:
qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION
SECTION: ;mozilla.org. IN MX

;; ANSWER SECTION: mozilla.org. 60 IN MX 5 alt1.aspmx.l.google.com.
mozilla.org. 60 IN MX 5 alt2.aspmx.l.google.com. mozilla.org. 60 IN MX 10
aspmx3.googlemail.com. mozilla.org. 60 IN MX 1 aspmx.l.google.com.

;; Query time: 39 msec ;; SERVER: 172.26.38.1#53(172.26.38.1) ;; WHEN: Fri Jun
07 10:30:00 PDT 2019 ;; MSG SIZE rcvd: 150 ```

~~~
bastawhiz
Of all the things I wish Mozilla did differently, their choice of internal
corporate email provider is roughly at the bottom of the list. Using a FOSS
solution provides essentially zero benefit to even a fraction of a percent of
their users.

~~~
cdransf
Sure, but it undermines their public opposition to Google and their practices.
DuckDuckGo appears to operate just fine on Fastmail.

~~~
h1d
Why would they oppose Google when they're Mozilla's wallet?

Where else does Mozilla get revenues from?

~~~
pbhjpbhj
Their job seems to be to appear to geeks as if they oppose Google whilst still
funnelling as much useful traffic/data to Google as possible. Then people who
oppose Google can use Firefox, thinking it helps, when it probably helps a lot
less.

It would be like a political party being the main donor to the second choice
party.

------
cfv
I for one hope they keep this promise better than the EME one, about which I'm
still super salty

~~~
jraph
I don't know. I hate DRMs and so far I've successfully managed to avoid using
EME.

But I recently said good things about Firefox to someone, and noticed one day
that they switched to it from Edge. It felt like a small victory.

This person uses Netflix and Spotify. If Firefox didn't support EME, they
would not have ditched Spotify and Netflix. They would probably have gone back
to Edge, or installed Chrome and used EME from there. EME would not exist in
my ideal world but in this case I'm kind of happy EME works in Firefox. Using
Firefox over Edge or Chrome is a net gain. Maybe this person will evolve and
start to refuse DRMs and/or seek free software (one can dream), but this is
not today. Firefox acts like an entry point to this world. If the entry point
is too rough, it will not be taken. One thing at a time.

EME is a lost battle, but the war is not over.

------
jodrellblank
_We ask ourselves: do we actually need this? What do we need it for? And when
can we delete it?_

That is the minimum of every company's obligations under the European GDPR
(Genderal Data Protection Regulation) and even then as far as "our promise to
you" goes the answer can simply be "yes, to guide us making better services,
for as long as you use anything from Mozilla".

 _Tech companies are using the word “privacy” a lot these days [..] They all
want you to think they can be trusted._

mmhmm.

------
schmichael
What the US needs is a regulatory framework like GDPR that incentivizes this
sort of behavior. Private data should be considered a liability, not an asset.
Taking less and keeping it private+secure should be the default -- not the
exception that needs calling out.

Kudos as usual to Mozilla for going out of their way to promote these
principles.

------
blokeley
The article could have simply said, "Mozilla intends to comply with the
European General Data Protection Regulation".

------
kreetx
Do they take periodic donations somewhere? ;)

~~~
Krasnol
[https://donate.mozilla.org/en-
US/?presets=50%2C30%2C20%2C10&...](https://donate.mozilla.org/en-
US/?presets=50%2C30%2C20%2C10&amount=30&currency=usd)

~~~
dblohm7
Note that donations are used exclusively for Foundation efforts; donation
money is not put toward product development.

(The Foundation is a great cause, obviously, but I want to ensure that you are
aware of how your donation will be used.)

------
wetpaws
We learned hard way with google that company promises arnt really worth that
much

