A note about our add-ons manager's and geo privacy
Posted: 2017-07-14, 11:49
Since more than a few people have contacted us about what is just an assumed privacy issue without checking first, a few notes about our in-application privacy:
- Our add-ons manager does not use Mozilla's page to display add-on "discovery" content (we haven't used that for years now, since we have been removing reliance on Mozilla services as much as possible). As such, the recent stir about "Google analytics" being used on Mozilla's in-application page used in Firefox absolutely does not apply to us. You can open your add-ons manager as much as you like and Google will not get the first scrap of your data.
- Many people may not be aware of this, but Firefox also sends a full enumerated list of all your extensions and plugins to the add-ons server when opening the add-ons manager on its first request. Yes, that's right, just opening the "get add-ons" tab sends your full list of add-ons to Mozilla and by extension to any analytics service in use by Mozilla (all passed in plaintext in the requested URL). Pale Moon also does not do this.
- If an add-on update request is not served by our add-ons server itself, your request will be forwarded to Mozilla's add-ons server to check for extension updates, but with the difference that only the bare minimum of data needed to check for and request an update is being passed on. Everything else is dropped on the floor by us.
- When you use the add-ons manager search function, we currently still use the Mozilla add-ons API, so those requests are sent to Mozilla directly. We do plan to change this in the future, as well.
- Pale Moon, unlike Mozilla products, does not use Google for geolocation, and does not send detailed data about your local/wireless network to the geolocation provider (that Mozilla products do). Our geolocation is done with a simple, IP-based lookup using only public data (your internet-facing IP address). As a result it is slightly less accurate but fully respects your privacy.