I don’t understand how they are supposed to “sell your data” if you just never use a Mozilla account and uncheck all the telemetry. Its not like they can secretly steal your data, since its Open Source.
It seems to me like just more FUD that Google is spreading to undermine our trust in free software.
I would like to point out that they are free to modify the source code before building the binary they distribute. Being open source does not mean protection from secretly stealing data.
With chrome it is obvious because the closed part is called chrome and the open is chromium. But it is certainly possible to not make “stealing” magic on top public.
So what you’re saying is that I should compile Firefox from source?
You’re right that being opensource doesn’t mean the binaries don’t include extra stuff.
However, are you seriously suggesting no one would notice Firefox transmitting telemetry? Seems unlikely.
We notice. They’re not hiding. The (numerous) endpoints are all presents in the about:config page. The actual content, though, is not that obvious to get. If we assume the binaries are compromised (I don’t believe they are for now, for the record), an outsider would only see a TLS session. At best we could get the vague amount of data exfiltrated, not really the content. But that’s hypothetical. For now.
As someone else said, reproducible builds is a great mitigating factor for this secret changes. Firefox does have telemetry, but is very transparent and lets you turn it all off (as far as I can tell anyway). Don’t want ads? Easy. Don’t want Mozilla services? Simple.