reminder that firefox:
- is funded in great part by google.
- ships with an hidden telemetry extension to send data about users having telemetry disabled (https://bugzilla.mozilla.org/show_bug.cgi?id=1487578),
- checks wether the sites you attempt to connect to are unsafe, according to a google database, updated from google’s servers every 30min (which sends them some nice cookies along with it),
- uses google analytics on the addons repository, thus tracking users attempting to install add-ons. They claim it is "extremely useful to us and we have already weighed the cost/benefit of using tracking.", so they entirely admit to not caring about user privacy,
- remotely installed an add-on without user permission (to advertise a tv show)
- can also change your settings remotely
- integrated pocket, a proprietary service, into the browser,
- by-passes user dns settings to instead redirect requests to cloudflare, a company whose goal is basically to transform the internet into the cloudflarenet.
- also collects a whole bunch of data by default among which some uniquely identifying information about your device but also your interactions with firefox. This can be disabled by opting out of their spying^Wtelemetry program.
Mozilla is not your friend, they’re first and foremost a corporation.
this doesn’t mean you should stop using firefox. but you also shouldn’t trust mozilla just because they claim to respect your privacy, which is a suspicious thing to claim in the first place
@papush aleast some user accessible configs allow to disable all of those nasty stuff, what is bad that they are brought by default like this
@Miaourt yes, and many of this needs messing about in about:config too, which isn’t the most user-friendly thing to do, while still being much better than needing compile-time patches like chrome of course.
@papush wonder if extensions can mess in this area mmh mmh
@webfreak i think most disable telemetry by default, or at least at hope. it’s the least they could do
@papush DuckDuckGo, Purism and some others claim the same thing too
idk how can this even be something to brag about, should be the norm
@papush all corporations should be assumed to fundamentally be against your interests
mozilla is not an exception
i do think they are much less bad than google or whatnot
but capitalism, by its very nature, corrupts everything, absolutely
@papush this is highly unfortunate
@papush What are good browsers to use instead? I'm on Debian.
@TwoVealCutlets i honestly don’t know how to answer that sadly. browsers are such complex beasts nowadays, it’s tough to fully trust any of them. as i said you can still use firefox but you might want to read up about ways to disable the various tracking features.
@papush @TwoVealCutlets There are some Firefox forks, but most either lack support or have idiotically over-aggressive developers (https://github.com/jasperla/openbsd-wip/issues/86). The rest is WebKit based in some form (Blink), which there are good reasons to avoid as well.
Yep, it looks bad. At least there *is* a version of Fennec (Firefox for Android, the old version) on F-Droid, which is free of anything proprietary.
Wasn't it WebKit based? Btw if I'd go back to a Blink-engine based browser, I probably go with Vivaldi. It's UI can be altered to more suit my needs, like moving the tabs to the side and the address bar to the bottom. All natively, instead of with an extension with Firefox 🙂
i’d say it’s just barely better, but otherwise yes
@hexmasteen well, a non-profit owning a for-profit, with millions of dollars involved, many of which coming from one of those huge global companies. but i still said they were better
@mmizore @a1batross @papush Another good option could be GNU Icecat if people don't want Mozilla. Hundreds of millions of people on this planet didn't understand the value of privacy, still using Google products and Facebook. They didn't know what they lost could cost them more and more with technology always evolving. They knew nothing.
@a1batross @papush With regard to datamining, that was a smear campaign by a rival company, Private Internet Access. With regard to support of standard protocols, I'm pretty sure that e-mail in and of itself is a standard protocol. The last claim is true enough, I guess, but since they have a committent to privacy, it figures it would extend to the encryption of mail.
- So what? As far as we know, the money Mozilla gets from Google is far from making them biased. Firefox even recommends extensions that block ads on YouTube
- Telemetry helps building software immensely. As long as it serves this purpose, and not another one like advertising, it is fine to me.
- They disabled the data sharing with Google on Google Analytics. Yes, you can do that. It's quite hidden, but it's there because of GDPR and because Google doesn't want a privacy-conscious competitor to take over. Data collection is not the only way Google makes money with Google Analytics, they also sell services related to it.
- This was a huge mistake they admitted to and it will certainly never happen again.
- You can disable remote settings. Disable "Use recommended performance settings."
- You can disable Pocket too. It's quite simple with the Firefox policy system. https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
- As I said, telemetry isn't inherently bad
@papush oh I forgot to address the Google Safe Browsing database.
So they only send HASHES of the domains you connect to, and their requests even include random dummy hashes to avoid Google figuring out what you're doing.
Google Safe Browsing is VERY IMPORTANT as sometimes, it's just impossible to take down malicious websites. We need a way to prevent people from accessing them.
@NekoSock telemetry is spying.
being able to disable some of those anti-features isn’t the point, they’re still there in the first place, it reflects on how little mozilla actually cares about user privacy.
the mr robot ad was a huge mistake that might very well happen again since they still have the ability to remotely control firefox installations in several ways, which is wrong on its own
safe browsing means connecting to a google-owned server to download a database, even if you don’t directly send the urls you browse it still allows them to track you
i also don’t trust google to decide for me what is safe. any google-owned website is unsafe to me
Mozilla cares about privacy. They're not here to make profit, what do you want them to do with your data?
Even when you enable telemetry, it is handled respectfully and privately. But telemetry isn't enabled by default. Firefox actually ASKS YOU when you install it if you want it enabled or not. So you're not just able to disable it, you're given the choice to not have it to begin with.
As for Safe Browsing, it's fine to not trust Google, but you have to admit there is a need to check websites for safety. It is unfortunate that there are no other services that are as good as Google Safe Browsing.
In this blog post https://blog.chromium.org/2012/01/all-about-safe-browsing.html Google explicitly states that the information collected as part of operating the Safe Browsing service is only used to flag malicious activity and is never used anywhere else at Google and that Safe Browsing requests won't be associated with your Google Account.
Firefox also stores cookies used by the service in a distinct storage. Google have no way to associate Safe Browsing queries with you in any ways.
@NekoSock well they also have to share their data with the nsa, rather conflicting. and no i don’t have to admit there is a need to outsource checks for safety, there isn’t.
@papush US companies don't *just* have to share data with the NSA, that would be insane. They have to get a subpoena for it. If this ever happens, it would be publicly known and we would just stop using them.
And if there is no need to check websites for safety, then how do we take down malicious websites? Often, they are registered with name registers that are unwilling to take down content and are hosted in shady servers in foreign countries. perhaps they could be blocked on a national or ISP level, but that is hard when DNS requests are encrypted lol
@NekoSock so, we stopped using google yet?
and don’t take down malicious sites, especially since i have a feeling google and i might disagree on what constitutes a malicious site.
@papush I have not heard of any controversial Safe Browsing takedowns. They didn't take down 8chan, gab, or any of that. Most of the websites there are phishing, scams, and malware websites.
@NekoSock idk if it still does, but it’s blocked the pirate bay in the past (and what does this have to do with taking anything down)
@papush Well, a Safe Browsing block is effectively a takedown, as most browsers, including Google Chrome, Safari, Firefox, Vivaldi, and GNOME Web, will refuse to connect to the website.
Also, I doubt Safe Browsing blocked TBP for piracy. Why would they care about piracy? They're not being hosted on Google servers.
We all know TPB can be sometimes extremely shady in their advertisement, they also run JS crypto miners, and it's likely they crossed a line to Google Safe Browsing. Anyway, right now, they are not banned.
@NekoSock five botnets blocking a site by default is completely different from the site being taken down. tpb has been upfront about its crypto-mining (not that i agree with it tho, but i thought they got blocked because of “piracy”). it’s not much different than google having me train their self driving car ai tbh.
looking it up it seems tpb was blocked for “Attackers on this site might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).”, which is funny because google does exactly the same
Welcome to your niu world ! We are a cute and loving international community Ｏ(≧▽≦)Ｏ !