I really appreciate having an open source solution. I hope the production costs can come down over time. I currently have an Airthings Wave and a Plus - which are roughtly in the same price range but additionally measure Radon.
This is a fairly common cognitive dissonance I see in technology – preferring small developers/publishers/etc with essentially no basis for trust over big companies who are subject to legislation all around the world and have strong compliance procedures, auditing, security assessments, chains of trust, etc.
The latter is more secure in almost every case, in almost every way you can analyse the problem, but at a human level it's easier to trust one person whose name you know over a company where you can't point to any specific individual.
When you know someone personally then perhaps this is a reasonable trade-off to make, but "on the internet nobody knows you're a dog"[1]. People form parasocial relationships with individuals, movements, influencers, etc, and really there's not much to trust about them.
This is entirely server-side UA sniffing going wrong. You get an empty HTML doc, only a doctype, with a Firefox Android UA. You can reproduce this with curl and it seems that this affects all UA strings with versions >= 65. <=64 work.
It's interesting if you remove "Android" from the UA, then it sends more, but remove "Mobile" it still sends only the "doctype", and removing "Firefox" fixes it entirely.
You can actually see all of the telemetry data Firefox is sending by going to about:telemetry in your browser.
You can also see all of the probes it could be collecting here: https://probes.telemetry.mozilla.org/
Keep in mind that the telemetry that is captured in Firefox goes through a thorough review process, so that it respects user privacy: https://wiki.mozilla.org/Data_Collection
Even with all telemetry disabled (including the option "Allow Firefox to send technical and interaction data to Mozilla") and without anything showing on that page, the browser still sends out interaction data by means of so called "pings", URL parameters, etc.
Wow, a browser is making network connections, how dare it. Come on, these things are there so that if you are on "connected" to a network that require some registration, e.g. an airport, then you can actually be forwarded to that registration page.
Like what do you even think, Mozilla people are sitting on top of all that sweet
PING www.mozilla.org (3.161.119.172) 56(84) bytes of data.
64 bytes from server-3-161-119-172.vie50.r.cloudfront.net (3.161.119.172): icmp_seq=1 ttl=248 time=4.06 ms
64 bytes from server-3-161-119-172.vie50.r.cloudfront.net (3.161.119.172): icmp_seq=2 ttl=248 time=4.16 ms
64 bytes from server-3-161-119-172.vie50.r.cloudfront.net (3.161.119.172): icmp_seq=3 ttl=248 time=3.64 ms
It makes these connections even when all the things mentioned in the official "How to stop Firefox from making automatic connections"[1] are disabled. This includes the captive portal detection you allude to.
Regardless:
The browser asks me if I allow it to make these connections.
I tell it in unmistakable and irrevocable terms that I do not.
The browser makes these connections anyway.
The problem was never the connections or the contents of the data stream. You were aware of this before posting your comment, and yet you commented anyway. You are a troll.
Am I really the troll, or those who bring down the only remaining truly libre, open-source browser engine over stupid nitpicky bullshits, while not contributing anything positive to improve on the status?
The point is, if you provide an option to turn off telemetry, it should be off. No exception. In this case of an airport connection requiring a registration page intranetwork, this occurs via first request through their proxy with header redirect.
The point is, don’t lie about saying you respect privacy with half-baked options and telemetry for me but not for thee bs. If I turn off telemetry, you aren’t allowed to send telemetry. Of any kind. Not a crash log. Not an install token. Not a call home to see if maybe possibly your on an airport wifi and make-our-app-work-edge-case()
There is a distinct difference between telemetry and the captive portal requests Firefox makes. The captive portal checks have nothing to do with telemetry and contain no payload, which is why they are not covered by that setting.
Captive portal detection was only brought up by the non-constructive commenter and isn't part of the problem.
When the setting labelled "Allow Firefox to send technical and interaction data to Mozilla" is unchecked, the browser still sends out technical and interaction data through parameters added to various browser-provided/generated URLs (e.g. search results pages from built-in search providers, Firefox documentation links provided by the browser, DevTools compatibility panel links to MDN, etc.), by sending out pings when hovering over or clicking interactive browser-native interface elements, and in several other ways.
In summary: that setting is non-functional and should either be fixed, re-labelled, or removed entirely.
