I don’t understand how they are supposed to “sell your data” if you just never use a Mozilla account and uncheck all the telemetry. Its not like they can secretly steal your data, since its Open Source.
It seems to me like just more FUD that Google is spreading to undermine our trust in free software.
I’m a software developer, and understand the technicalities and options available to me. I am capable of forking Firefox and make myself a custom build with anything I don’t like stripped out. (Capable of, not wanting to.)
They removed “We don’t sell your data and we never will” from their FAQ and they added “We may sell your data” to the ToS.
I am unhappy about this change. It is a clear sign that the people in charge of Firefox want to sell user data, and that the irrecoverable enshittification path has been chosen. It means that at some point in the next few years, I can’t trust Firefox’ with my privacy. And they sure as fuck don’t have anything else going for them: The browser eats memory and freezes my camera during video conferencing, and is plain not supported in some of the software I use at work.
The rationale is probably something entirely reasonable, like “While we do not intend to sell user data, the phrasing was too vague and not helpful. What is selling, and what is user data, really?” An organization with strong privacy values would be so far from anything “bad” that the phrasing as it was would not be a problem for them.
It’s irrelevant that right now privacy settings and xyz and telmentry is clear and opt in etc. Because the point is that they are gearing up to change that. The settings will be less clear, user data will be separated into shit like “operability assistance”, “personal information”, “experience improvement metrics” with some of it enabled by default because, etc.
The rationalization they have given is that legally, they may have been seeking data all along, as some jurisdictions define it extremely loosely.
For example, if you use their translation feature, they are sending the page your looking at (data) to a third party, which provides a benefit to Mozilla. Thats technically a sale in some laws, but most would agree that is acceptable given the user asked for it to happen.
https://blog.mozilla.org/en/products/firefox/update-on-terms-of-use/
I’m overall concerned with Mozilla, but not sure this is malicious yet. But definitely needs to be closely scrutinized.
Here’s the crux of the problem.
Mozilla went from “explicitly not malicious” to “probably not malicious yet.”
What’s next?
Yup. And it doesn’t help that they have been throwing away good will for a while now, with their crypto/AI/etc bandwagon jumping. They are still the least worst option, as I dont trust the forks either, but its getting hard to trust them.
The privacy centric way for Mozilla to have address this would have been to:
Yup, its been terribly handled. Dunno if it was driven by a panicy lawyer, but those steps would have been much better. At a minimum, that blog post should have come first.
The current intention may not be malicious, but it leaves the way open for changes that are to slip in. If they were worried about services like translation being concidered ‘sales’, which is a reasonable concern, they should have split them out of the core browser into an extension and put the ‘might sell your data’ licence on that.
Yeah, its definitely wide open for abuse now. But the California law also seems way too vague as well. What about DNS lookup? That takes a users input and transfers it to someone else, is that a “sale”? Can hardly start separating that out of the browser? Http requests? Its all users initiated, but is it a “sale” in California? Not a lawyer, haven’t a clue.
DNS is fine as the exchange has to be for “monetary” or “other valuable consideration” to be considered a sale. The issue seems to be that Mozilla were profiting off of things like adverts placed on the new tab page, and possibly from the translation service too.
I’m not a lawyer, but “other valuable consideration” seems very broad. For DNS, getting the returned IP address is valuable. Ditto for http, getting the returned webpage is valuable?
I only suggested the translation thing because it (imo) fell under a “transfer of data for value provided”, which makes it a sale?
Getting an IP address or the HTTP payload is valuable to the user, not to Mozilla, so there’s no sale there. Likewise with translation data, but if the translation company then send Mozilla a kickback for sending users their way, it would become a sale. Adverts on the ‘new page’ tab would definately be a sale.
I think they’ve removed the clauses about not selling your data from the ToS for the reasons they’ve stated, but it leaves a wide open hole in their promises and a huge temptation to add more advertising/data-mining in the future. I would have prefered them to instead leave the browser ToS as it was and move the questionable aspects into optional extensions that were licenced separately.
The angle I was thinking along was that if Mozilla was prevented from making those data transfers, then their browser becomes worthless. So in reverse, by making the transfers, their browser gains value. The obvious problem with that interpretation is that its basically impossible not to make a sale, as every transfer provides value - which very much defeats the purpose of the definition. (Not a lawyer, just an internet idiot, and I very much hope your definition is correct)
Spinning them out would have been preferable to me as well, and tbh, at this stage, I think I would prefer if firefox was spun out of Mozilla entirely. It really deserves to be managed by something like the Linux foundation or some other not-for-profit steward.
Something to note, however, is that the new terms apply to the browser as a whole. If it was due to some of the opt-in services the browser includes (sync, account, translation, etc.), they could have specified the terms apply to those services instead.
Agree this isn’t necessarily malicious yet, but it definitely is not beneficial to users.
I love how California basically defines a sale as “exchanging things for money” and Firefox is like, “its such a craaazy world we can’t even agree on the definition of exchanging things for money out here! Some call it a ‘sale’ apparently, so if we’re gonna exchange your data for money I guess we have to call it a ‘sale’… Stupid California, changing things to mean what they’ve always meant”
Its even more broad than that, because its any exchange of data for valuable consideration. No money has to change hands, but if it benefits FF, its a sale. And the benefit could simply be “if we do this we will function correctly as a browser”.
Anything you say after this point is irrelevant. (Nothing personal, though.)
As soon as a company has to rationalise their legal back-pedalling, it is explicit evidence that they are intending to do wrong.
This will not end well.
If the legal definition of a term has changed such that their current activities now fall under it, changing the terms of use legal document does make sense.
They are pretty clear that under California law, they are “selling” data. They have two options, keep the ToU document the same, and try meet the new laws requirements (which as I’ve said in other comments, seems impossible for a browser - not a lawyer though), or update their ToU without changing their current behaviors.
They have gone with the latter, but it does also allow them to be far more “evil”. Its definitely the first step down a bad road, time will tell if they go further.
If you want to play it safe, block their domains via pihole: https://wiki.mozilla.org/Websites/Domain_List/Mozilla_Owned
Having seen this FAR too often, I have a different view:
Capitalism and greed will determine when they go further.
There is no “if” about it. Mitchell Baker is in it to get rich by destroying the platform, and is sharing enough of the corpse’s leavings with others to make sure they protect her.
“and we never will”
this should imply something that cant be changed. Such empty words should no longer be even considered no matter who says them, unless its paired with enforceable punishment for breaking the word
“Never” has a very clear and definite meaning. By undoing “never,” I feel like the Mozilla foundation is inviting a class-action lawsuit.