Mozilla & privacy.. or not?

General discussion and chat (archived)

Moderator: satrow

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24457
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Mozilla & privacy.. or not?

Unread post by Moonchild » 2015-03-25, 17:47

Mozilla has been touting the privacy edge for a while now. I didn't really respond to it so far but things are stacking up. So, I wanted to make a little post with what I know so far of the current Mozilla software, and in which way it doesn't guard your privacy at all when it comes to their own data gathering.

Did you know that:
  • Telemetry data is gathered inside Firefox even if you switch it off? It may not be sent, but it's still collected.
    What Pale Moon does about this: Telemetry is disabled at compile-time, meaning the collection is mostly halted. I'm also working on completely removing all telemetry code from the browser to put a complete stop to it and reduce dead weight of code.
  • Whenever you visit the Add-on manager in Firefox (which opens the discover pane), a full enumerated list of all of your add-ons is sent to Mozilla?
    What Pale Moon does about this: Pale Moon doesn't send any of this data.
  • Checking for add-on updates in Firefox sends a whole lot of data about your system that is not used or needed for checking for extension updates, but there solely for data gathering?
    What Pale Moon does about this: For requests that still include this extra data, Pale Moon's add-ons site, after checking for a match on its own site, sanitizes the request before forwarding the user to addons.mozilla.org with only the data needed for actual updates.
  • Similarly, checking for other updates send a lot of system data that is not needed? This includes application updates, getting new snippets for about:home, getting an update for the blocklist (with extra telemetry snuck in about number of checks and last check), etc.?
    What Pale Moon does about this: Pale Moon's requests to own servers are trimmed as much as possible and any data that could be collected and aggregated is not used in any way.
  • The proposed targeted advertising in Firefox will by its very nature need to have user data to target ads?
    What Pale Moon does about this: No ads in the browser, period.
So, after reading this (and I may really have missed a few things, to boot), you may understand how I find this saying they promote being "commited to your privacy" rather in conflict with what is happening in Firefox...
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

SvenG

Re: Mozilla & privacy.. or not?

Unread post by SvenG » 2015-03-25, 17:52

Ideals are nice to have, as long as it comes to money.

superA
Lunatic
Lunatic
Posts: 308
Joined: 2014-07-03, 12:34
Location: Greece

Re: Mozilla & privacy.. or not?

Unread post by superA » 2015-03-25, 18:50

I began to believe that MC would never make that statement..
and yes,there are some more..
For me the ''experiments.enabled'' pref was the last straw,since it kept changing some specific settings I made, to Firefox default.

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1033
Joined: 2013-04-19, 00:46

Re: Mozilla & privacy.. or not?

Unread post by Sajadi » 2015-03-25, 21:53

SvenG wrote:Ideals are nice to have, as long as it comes to money.
If Mozilla would not try to become a big number in the mobile sector and would refuse to be in a "cold war" with Google aka FirefoxOS and instead just to make sure that power and simple users get the same treatment and also not wasting tons of money for social networking/audio/video chat Web2.0 bloat features then there never would be the need to use the user's data for advertising reasons.

Mozilla is a typical case of a person which has bought too big boots for the feet and so they try to fill the unused space in a desperate way with anything in reach :thumbdown:

Mozilla always had a good existence supporting both pro and simple users - but their shift to mobile forced a certain usergroup to make more and more sacrifices just to make one single user group totally happy. And yet, even if they try to hard in doing so, they still fail miserable!

And.. a typical example for an organization which forces out capable guys for a various set of reason (many developers which clearly had real visions, Brendan Eich - who had a damn big knowledge of things and so on.....) - now almost all good guys are gone, and all what is left are money dedicated moronic marketing experts and lapdogs of the various share/stockholders - same situation in which Opera new is too :twisted:
Off-topic:
Once i loved Mozilla, for being an alternative offering to the poisonous IE and because they offered different values and a higher range of morals - These days they only make me sick to the bone - Mozilla = Open source movement being abused! Honesty - Sanity - Reliability - Common sense... not much of it left in Mozilla land these days sadly :thumbdown:

User avatar
New Tobin Paradigm
Off-Topic Sheriff
Off-Topic Sheriff
Posts: 5883
Joined: 2012-10-09, 19:37
Location: Sector 001

Re: Mozilla & privacy.. or not?

Unread post by New Tobin Paradigm » 2015-03-25, 22:14

For transparency on behalf of the Pale Moon Add-ons Team here is the current incarnation of the script that does the Add-on Update processing.

For the record though we still get all those bits of info on our server but they are simply dropped on the floor. Also, as a Personal Policy I do not log access to the server except when diagnosing an issue and then they are simply cleared because frankly.. I don't want to deal with them.

Code: Select all

<?php
// Debugging.. uncomment to enable it
// error_reporting(E_ALL);
// ini_set("display_errors", "on");

// Essentially main()
funcCheckClientID();

// This function is a sanity and pseudo-security check to make sure that we only process requests from a particular client ID
// Currently this is ONLY Pale Moon 25+
function funcCheckClientID() {
	//Get Client ID from the url request
	$varRequest_clientID = $_GET['appID'];
	
	// Actually do the check
	if ($varRequest_clientID == '{8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}') {
		funcCheckAddonID();
	}
	else {
		print('Unknown Client ID');
	}
}

// This function is what checks the ID against what we actually know
function funcCheckAddonID() {
	// Get Add-on ID from the url request
	$varRequest_addonID = $_GET['id'];
	
	// Setup an array of add-on ids corresponding to their site ids
	// This and the second array will be replaced with sql calls in the fullness of time
	$arrayAddonDB = array(
		'{016acf6d-e5c0-4768-9376-3763d1ad1978}' => 'pm-118',
		'bluemoonlinux@addons.palemoon.org' => 'pm-119',
		'aviary-addons-manager@addons.palemoon.org' => 'pm-129'
	);
	
	// Setup an array of add-on ids corresponding to location of the external update xml url
	$arrayExternalsDB = array(
		'commander@palemoon.org' => 'https://location.removed',
		'firefox-tabgroups@mozilla.com' => 'https://location.removed'
	);
	
	// Check if the Add-on ID matches any of the databases or if we should send it off to AMO
	if (array_key_exists($varRequest_addonID, $arrayAddonDB)){
		// Pass the Add-ons Site ID to build the url and redirect 
		funcPass2UpdateXML($arrayAddonDB[$varRequest_addonID]);
	}
	elseif (array_key_exists($varRequest_addonID, $arrayExternalsDB)){
		// Pass the URL and redirect
		funcPass2External($arrayExternalsDB[$varRequest_addonID]);
	}
	else {
		// Since the add-on ID does not match either list of known add-ons we send it off to AMO
		funcPass2AMO();
	}
}

// This function simply 302s to an update.xml file on the local server
function funcPass2UpdateXML($varAddonID) {
	// Build and redirect the url
	header('Location: https://addons.palemoon.org/location/removed/' . $varAddonID . '/update.xml', true, 302);
}

// This function simply 302s to an external's update.xml
function funcPass2External($varExternalURL) {
	// Redirect the url
	header('Location: ' . $varExternalURL , true, 302);
}

// This function is very important as it allows us to pass any unknown add-ons on to AMO
function funcPass2AMO() {
	// Get argument values that AMO cares about from the request and set them to vars
	$varRequest_addonID = $_GET['id']; 
	$varRequest_reqVersion = $_GET['reqVersion']; // This seems to always be '2'
	$varRequest_addonCompatMode = $_GET['compatMode']; // This is almost always 'normal' but it can be 'strict' for things like langpacks

	// We send Firefox GUID and a specific version number to AMO which is 24.9
	// $varRequest_clientID = $_GET['appID'];
	// $varRequest_clientVersion = $_GET['appVersion'];
	$varHardcode_firefoxID = '{ec8030f7-c20a-464f-9b0e-13a3a9e97384}';
	$varHardcode_firefoxVersion = '24.9';

	// *** These vars do not have any material effect on the generated update xml file from AMO so we are no longer passing them ***
	// $varRequest_updateType = $_GET['updateType']; // This seems to always be 112
	// $varRequest_addonVersion = $_GET['version'];
	// $varRequest_addonMaxVersion = $_GET['maxAppVersion'];
	// $varRequest_clientOS = $_GET['appOS'];
	// $varRequest_clientABI = $_GET['appABI'];
	// $varRequest_clientLocale = $_GET['locale'];
	// $varRequest_addonStatus = $_GET['status']; // This can be 'userEnabled' or 'userDisabled'
	// $varRequest_clientCurrentVersion = $_GET['currentAppVersion'];
	
	// Build and redirect the url
	header('Location: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=' . $varRequest_reqVersion . '&id=' . $varRequest_addonID . '&appID=' . $varHardcode_firefoxID . '&appVersion=' . $varHardcode_firefoxVersion . '&compatMode=' . $varRequest_addonCompatMode, true, 302);
}

?>
This script will be apart of the future Open Source repo which will house the future of the Add-ons site..

User avatar
nana2
Fanatic
Fanatic
Posts: 224
Joined: 2011-09-02, 03:45
Location: Canada eh?

Re: Mozilla & privacy.. or not?

Unread post by nana2 » 2015-03-27, 02:42

Talking about privacy, see what Mozilla has in store for version 37. It's called HEARTBEAT :lol: http://forums.mozillazine.org/viewtopic ... &t=2923931

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 3975
Joined: 2011-10-03, 10:19
Location: Texas, USA

Re: Mozilla & privacy.. or not?

Unread post by Night Wing » 2015-03-27, 03:44

"Heartbeat" is nothing more than a marketing ploy and it's going to be "opt-out" too. In other words, does Heartbeat benefit the users of Firefox or the head honchos at Mozilla. The answer: The head honchos at Mozilla.
Linux Mint 19.2 (Tina) Xfce 64 Bit (Default Distribution OS) with 64 Bit linux Pale Moon
Windows 7 Home Premium & Ultimate SP1, 64 Bit (Backup OS) with 32 Bit windows Pale Moon

superA
Lunatic
Lunatic
Posts: 308
Joined: 2014-07-03, 12:34
Location: Greece

Re: Mozilla & privacy.. or not?

Unread post by superA » 2015-03-27, 09:57

nana2 wrote:Talking about privacy, see what Mozilla has in store for version 37. It's called HEARTBEAT :lol: http://forums.mozillazine.org/viewtopic ... &t=2923931
Yeah,it's a kind of strange..
Whenever a new ''future'' comes in Firefox,the official Mozzila forum is always ready to suggest users how to..disable it..

Supernova

Re: Mozilla & privacy.. or not?

Unread post by Supernova » 2015-03-27, 10:15

It's not the official Mozilla forum. Though Mozilla give it officially as somewhere where one can seek help.
Anyway, even those who hate Pale Moon say it's just marketing bs from Mozilla. I guess it shows how wrong Mozilla has gone if even these who think "TINA" (there is no alternative [to following FailFox]) say Mozilla is doing marketing BS.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24457
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Mozilla & privacy.. or not?

Unread post by Moonchild » 2015-03-27, 10:44

You know, I like my "Experience Flow" just fine with Pale Moon and don't need the ENGAGEMENT (note the all caps) that HEARTBEAT offers ;P

HEARTBEAT: "How ENGAGEMENT And Random Telemetry Bullshit Ends All Things"
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1033
Joined: 2013-04-19, 00:46

Re: Mozilla & privacy.. or not?

Unread post by Sajadi » 2015-03-27, 11:15

Oh nice, that will anger for sure lot's of users again and adds unnecessary bloat to the browser. And for all this "nice shiny new age stuff" customization had to leave? :evil:

Guess Failzilla Failfox is not the right description anymore... How about Crapzilla Crapfox? :twisted:
Off-topic:
That name would fit a certain other "official Mozilla Forum" also rather good :angel:


superA
Lunatic
Lunatic
Posts: 308
Joined: 2014-07-03, 12:34
Location: Greece

Re: Mozilla & privacy.. or not?

Unread post by superA » 2015-03-27, 18:43

Its working IF you have the safebrowsing thing enable.
Its a matter of trust,if you trust Mozzila you use them both.
I really can't get the reason of this offer since you can get the same protection just installing the Disconnect addon,which by the way i find descent.
Anyway I dont like the offer since I dont know the blaclist,what is actually blocked and what is not (since nothing is shown),what data would be collected and from whom,plus the use of Google's blacklisting.

Edit
That is the way currently this protection works(if you enable it),i havent tried Nightly recently.

User avatar
loxodont
Astronaut
Astronaut
Posts: 510
Joined: 2014-07-26, 23:03
Location: Mare Serenitatis

Re: Mozilla & privacy.. or not?

Unread post by loxodont » 2015-03-28, 14:54

I'm not a FF user anymore, so I could care less about Heartbeat, but I didn't really get it from the mentioned mozzine post and out of curiosity I found this:

https://wiki.mozilla.org/Firefox/Input/Heartbeat
Heartbeat
(This is rough sketch. I need a template for doing this better.)
Summary
The telemetry experiments tool allows people to deploy add-ons to users based on user profile, version, OS, set sample rates, etc. We will be using this tool as a platform to deliver in-product polls that ask a for very simply happy/sad or star rating for a specified question. Gathering sentiment from our overall user base on a daily/weekly basis is what we are calling Firefox Heartbeat.

"in-product polls"? ... "daily/weekly"? - How many feedback functions do they need to realize what people do (not) want in a browser? They have a crash reporter, their own support sites with feedback options, a number of forums with enough users, who feel ignored or even silenced, Firefox input with tons of complaints,etc. ... and now they collect our profile, OS and more data to search our feelings? :sad+::thumbdown:

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 3975
Joined: 2011-10-03, 10:19
Location: Texas, USA

Re: Mozilla & privacy.. or not?

Unread post by Night Wing » 2015-03-28, 15:14

"Heartbeat", while a marketing ploy for Mozilla, is basically more "bloatware" incorporated into Firefox.
Linux Mint 19.2 (Tina) Xfce 64 Bit (Default Distribution OS) with 64 Bit linux Pale Moon
Windows 7 Home Premium & Ultimate SP1, 64 Bit (Backup OS) with 32 Bit windows Pale Moon

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1033
Joined: 2013-04-19, 00:46

Re: Mozilla & privacy.. or not?

Unread post by Sajadi » 2015-03-28, 15:30

Misleading name btw. Mozilla's heart is already ripped out and replaced with a big paycheck instead :twisted:

User avatar
loxodont
Astronaut
Astronaut
Posts: 510
Joined: 2014-07-26, 23:03
Location: Mare Serenitatis

Re: Mozilla & privacy.. or not?

Unread post by loxodont » 2015-03-28, 15:35

Hm... even for marketing reasons it would make more sense to me if they'd simply rename it to "Happyfox" or something, to bloat up the good feelings

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24457
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Mozilla & privacy.. or not?

Unread post by Moonchild » 2015-03-28, 16:12

Keep in mind that from their own description page they are going to ask the overall rating, and are only going to "engage" the people who are happy with Firefox. They don't want to hear from unhappy users, so the unhappy users will not be further engaged and be directed to self-help resources instead, from what I gathered.
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1033
Joined: 2013-04-19, 00:46

Re: Mozilla & privacy.. or not?

Unread post by Sajadi » 2015-03-28, 17:02

Moonchild wrote:Keep in mind that from their own description page they are going to ask the overall rating, and are only going to "engage" the people who are happy with Firefox. They don't want to hear from unhappy users, so the unhappy users will not be further engaged and be directed to self-help resources instead, from what I gathered.
So they do again in Australis style... Picking only users who do praise them and the end result is something like that: "What do you want users, everything alright in Mozilla land, so you better STFU!"

Clever Mozguys... VERY clever :roll:

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 3975
Joined: 2011-10-03, 10:19
Location: Texas, USA

Re: Mozilla & privacy.. or not?

Unread post by Night Wing » 2015-03-28, 21:40

Off-topic:
Since "Heartbeat" is supposed to be incorporated into Firefox 37 (if I'm correct), which should be on March 31, the desktop market share for Firefox by NetMarketShare for the month of April will be interesting since Heartbeat will have been in use for a full 30 days.

If Firefox shows another severe percentage drop, this (in my opinion) will be the cause (or one of the causes). I'll be interested in seeing what Firefox's desktop market share percentage is when NetMarketShare shows the desktop market share percentage for Firefox for the month of April on May 1, 2015.
Linux Mint 19.2 (Tina) Xfce 64 Bit (Default Distribution OS) with 64 Bit linux Pale Moon
Windows 7 Home Premium & Ultimate SP1, 64 Bit (Backup OS) with 32 Bit windows Pale Moon

Locked