Not a good look for Firefox. Third partners and device fingerprinting clearly mentioned in the documents.
The move is the latest development in a series of shifts Mozilla has undergone over the past year.
The gecko engine and Firefox forks, such as Tor, Mullvad, Librewolf, and Arkenfox, are stables of private, open source web browsing.
In fact, Mozilla’s is one of the few browser engines out there, in a protocol-heavy industry that many say only corporate or well-funded non-profits can reliably develop.
What is more, daily driving the more hardened-for-privacy Firefox derivatives can be frowned upon by many sites, including your bank and workplace.
Mozilla’s enshittification leaves the open source community without a good alternative to Firefox, after years of promoting it as a privacy-friendly alternative to spyware-cum-browser Chrome.
If Mozilla wants to limit their use of my input, why the do I need to give them a full, non-exclusive license?
People are saying it is Bad News
So, uhh, you want to tell us who is saying it’s bad news?
gestures vaguely in a direction
Ehh, people, you know?
I have the feeling people are overreacting to anything Mozilla does these days, just to have an excuse to talk people into using (politically?) worse browsers.
THIS COMMENT IS NOT MINE - SOURCE: https://lemm.ee/comment/18521903
Before everyone freaks out over “terms of use = Firefox bad now” (I’m citing the actual Terms of Use and Privacy Notice)
I’ll add emphasis as needed.
You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet. When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.
This doesn’t mean you’re giving them a license to do whatever they want with your data, it means you’re giving them the ability to use that data explicitly as you choose to navigate the web. (e.g. you use Firefox to make a post, they have to process those keystrokes through Firefox to send it to the server, and thus could require permission to do that in the form of having a license)
They explicitly have the license only to use the information in line “with your use of Firefox,” and to “navigate, experience, and interact with online content.” not to do whatever they want. They should have worded this better, but this isn’t one of those “we own everything you ever put in your browser” kind of clauses.
If you give Mozilla any ideas, suggestions, or feedback about the Services, you give Mozilla permission to use them for free and without any additional obligations.
This is standard on basically every site, and kind of obvious. You shouldn’t be able to say “you should do this thing,” have them do it, and then say “actually I own the license to this and you have to pay me”
These Terms apply until either you or Mozilla decide to end them. You can choose to end them at any time for any reason by stopping your use of Firefox. Mozilla can suspend or end anyone’s access to Firefox at any time for any reason, including if Mozilla decides not to offer Firefox anymore. If we decide to suspend or end your access, we will try to notify you at the email address associated with your account or the next time you attempt to access your account.
Nothing requires you to stay in this contract after you stop using the services, and this is just reaffirming the fact that, yes, they can stop offering Firefox in the future if they simply can’t sustain it, without somehow breaking contract. More legalese just to protect them from frivolous lawsuits.
Your use of Firefox must follow Mozilla’s Acceptable Use Policy, and you agree that you will not use Firefox to infringe anyone’s rights or violate any applicable laws or regulations.
You agree to indemnify and hold Mozilla and its affiliates harmless for any liability or claim from your use of Firefox, to the extent permitted by applicable law.
This basically just means “don’t do crimes using our browser.” Again, standard clause that basically everything has to make sure that nobody can claim in court that Firefox/Mozilla is liable for something a user did with their software.
To the extent permitted by applicable law, you agree that Mozilla will not be liable in any way for any inability to use Firefox or for any limitations of Firefox. Mozilla specifically disclaims the following: Indirect, special, incidental, consequential, or exemplary damages, direct or indirect damages for loss of goodwill, business interruption, lost profits, loss of data, or computer malfunction. Any liability for Mozilla under this agreement is limited to $500.
Standard liability clause, basically everything also has this.
And that’s it. That’s the terms of use. Nothing here is out of the ordinary, uncalled for, or unreasonable for them to have.
Now let’s move on to the new Privacy Notice.
You have the option to use a third-party AI chatbot of your choice to help you with things like summarizing what you’re reading, writing and brainstorming ideas, subject to that provider’s terms of use and privacy notice.
If you choose to enable a chatbot in the sidebar and/or through a shortcut, Mozilla does not have access to your conversations or the underlying content you input into the selected chatbot. We do collect technical and interaction data on how this feature is used to help improve Firefox, such as how often each third-party chatbot provider is chosen, how often suggested prompts are used, and the length of selected text.
This just states that if you use the chatbots, you’re subject to their policies, and also Mozilla will collect very light amounts of data to understand how often and to what degree the feature is used. The first part is functionally no different from saying “If you go to OpenAI’s website and use ChatGPT, you’ll be bound by their ToS.” Yeah, of course you will, that’s obvious.
Review Checker is a Firefox feature that helps you determine whether reviews are reliable when you shop online with sites like Amazon.com, BestBuy.com and Walmart.com. If you opt in to using Review Checker, Mozilla will process information about the website and the product identifier of the products you view using our privacy preserving technology called OHTTP. OHTTP combines encryption and a third party intermediary server, helping prevent Mozilla from linking you or your device to the products you have viewed. We also collect technical and interaction data on how this feature is used to help improve Firefox.
By opting in to using Review Checker you also agree to be shown product recommendations and sponsored content. If you do not want to receive product recommendations and sponsored content, you can opt out of this feature under Review Checker settings at any time.
Another optional feature that, if you choose to turn on and use yourself, will obviously have to collect data that is required for such a thing to work. It can’t check reviews if it can’t see the reviews on the website. As for the product recommendations and sponsored content, that’s not desirable, but they do very clearly mention that you can just turn it off in settings.
You can install add-ons from addons.mozilla.org (“AMO”) or from the Firefox Add-ons Manager, which is accessible from the Firefox menu button in the toolbar. We process your search queries in the Add-ons Manager to be able to provide you with suggested add-ons. If you choose to install any add-ons, Firefox will process technical, location and settings data, and periodically connect with Mozilla’s servers to install and apply the correct updates to your add-ons. We also collect technical and interaction data on usage of add-ons, to help improve Firefox.
If you search on their site for extensions, they have to process your search, and if you need to install addons, they’ll have to connect to Mozilla’s servers and collect the relevant data to make sure the extensions are available where you are. Shocking. /s
Mozilla runs studies within Firefox and makes certain experimental features available through Firefox Labs to test different features and ideas before they’re made available to all Firefox users or become part of the core Firefox offering — this allows us to make more informed decisions about what our users want and need. This research uses technical, system performance, location, settings and interaction data.
We also need to process data to keep Firefox operational, improve features and performance, and identify, troubleshoot and diagnose issues. For this we use technical, location and settings data, as well as interaction and system performance data (such as number of tabs open, memory usage or the outcome of automated processes like updates). In the rare situations where the information needed also includes limited browsing data (e.g., Top Level Domain annotations for page-load performance monitoring), it will be transmitted using OHTTP; this helps prevent Mozilla from linking you or your device to the data collected for this purpose.
This has been around for a while already. If you choose to use beta features, then yeah, they’ll collect some diagnostics. That’s why it’s in beta: to get data on if it’s working properly.
Because maintaining the latest version of Firefox helps keep you safe against vulnerabilities, desktop versions of Firefox regularly connect to Mozilla’s servers (or another service that you used to install Firefox) to check for software updates; updates for Android and iOS versions of Firefox are managed by Google’s Play Store and Apple’s App Store, respectively.
We also process technical data and settings data to protect against malicious add-ons. In addition to these standard processes, we use Google’s Safe Browsing Service to protect you from malicious downloads and phishing attacks, and validate web page and technical data with Certificate Authorities. As part of our work to improve privacy and security for all internet users, we collect technical data via OHTTP, to better understand, prevent and defend against fingerprinting.
Checking for updates and providing malicious site blocking requires connecting to servers to download the updates and having a list to block bad sites. Again, very shocking. /s
And that’s basically it for that.
I seriously don’t understand the reactionary attitude so many people have towards things like this. Read the policies yourself, and you’ll see that their explicit purpose is either:
- Legally clarifying things to protect Mozilla from legal liability they shouldn’t have, and frivolous lawsuits.
- Making sure it’s clear that to do certain things, they have to, y’know, process the data for that thing.
- Explaining where different features might rely on parties outside Mozilla.
None of this is abnormal.
It is abnormal for a free software project to have an EULA (i.e. a contract that one must agree to in order to install and use the software). This particular EULA does not seem to be as onerous as most but it may still place substantial restrictions on use.
The acceptable use policy, for example, covers much more than just crime (including a prohibition on “graphic depictions of sexuality or violence”). However, it also specifically refers to “Mozilla services” so one could argue that it doesn’t apply to normal usage of Firefox; however, the Firefox EULA also specifically claims it does. Is Firefox itself a Mozilla service? I would assume not under the usually understood definition of such, but it’s not really clarified.
It’s far easier to use something unburdened by an EULA, so I’m typing this from Librewolf.
(e.g. you use Firefox to make a post, they have to process those keystrokes through Firefox to send it to the server, and thus could require permission to do that in the form of having a license)
A better example would be stored credentials, credit card information, and other PII type data.
Personal emails, messaging, anything
I refuted most of these points on this user’s post.
This is absolutely abnormal. No browser should require a license to my own data unless they plan on doing something with it.
No other FOSS includes this language and I would argue that Firefox executable is no longer FOSS. It’s now source available.
Yeah I am unconvinced of this line of thought. If I use (say) Kate Editor to edit a document, do the developers of Kate need a license to the content of that document in order to save it to my desktop? Since the text content is stored in a Qt widget does Qt also need such a license? Linux itself carries the data from the application to the disk, do the Linux developers (all of them?) also need a license?
“Mozilla can’t do anything wrong”. And people keep swallowing.
On the contrary, I think this is a responsible way to operate. The terms of use apply to the Mozilla distributed binary, not the open source version and open source forks, and I don’t think additional terms shut them out of that. The privacy policy is clear, concise as can be and links so that people can jump directly to what is being collected.
I’m looking into Ladybird browser that everyone here is talking about and I can’t find anything about when they will release something.
Keep an eye on it, but it’s not ready yet.
Have you considered what is driving this change?
Looking from the sidelines, I think it’s all about money, specifically, how to make the development of Firefox sustainable. Yes, I’m aware of the cynical view that this is about lining the pockets of the CEO, I have no evidence for this.
I think that’s essentially caused by how we have licensed open source software and had limited resources to combat abuse at the industrial scale that silicon valley companies have monetized other people’s work.
Bruce Perens is attempting to erect “Post Open”, but I’m not yet sure if that is going to solve the fundamental issues.
Disclaimer: I’ve worked a little on the community standards document for the post open project.
Being halfway between both sides, I can see the need for a monetary model to sustain development, yet I am challenged by the opacity that this feels like. The OP’s point that it feels like a downward slide toward principles compromise is challenging. Especially in light of the enshittification of everything lately, Mozilla needs to do a better job communicating how this is not going down that path and yet also trying to sustain itself.
Centrism is apathy and sucks
Reductionism is lazy and sucks. You didn’t even read the comment you responded to, you’re just mad that not everyone is upset enough for you.
No, not particularly. I’m not that upset myself, I recently switched to Librewolf. I just get annoyed at what I perceive as statements that ride the fence. Privacy is not a place to give ground on.
Did it ever occur to you that people can have a mix of views that don’t fully conform to one ideology or another? It’s a spectrum, not riding the fence. Like politics, not everything is a team sport.
That’s an idiotic statement. Realism or understanding what realpolitik is in a political situation is far more likely to allow you find and develop change in an organization, as well keep you from wasting your time on useless leverage points. In this case knowing both frames of reference is valuable so that action can be taken, as opposed to just writing five words.
Privacy and defending it is a worthy thing to have an ideological stance on.
Time for Ladybird to release their first alpha?
deleted by creator
The choice of C++ + Swift feels strange and off-putting to me. Swift, at least, is pretty safe as languages go, but does leave me scratching my head a bit. C++, though, frankly should have no place in a new browser project. For a piece of software whose whole purpose is to essentially download and run untrusted code, C++ is unacceptable.
It’s realistically not gonna happen, but what I’d really like to see is Servo developed into a full browser.
deleted by creator
Yeah, I know the history. And if they fully switch to Swift and manage decent performance, that would be acceptable, just strange. And it would also be fine to use whatever language if it were only a hobby project. I just reject the notion that C++ is an acceptable choice for new projects in security-critical positions.
deleted by creator
Yeah, it was ok when the project started. The issue begins once it transitions from a toy to a potential competitor with Firefox.
deleted by creator
And as I said, if they manage to entirely switch, I won’t have reservations.
As far as security in extant browsers and C++, see here: https://www.chromium.org/Home/chromium-security/memory-safety/
The Chromium project finds that around 70% of our serious security bugs are memory safety problems.
It’s a serious issue.
Correct me if I’m wrong but ladybird is focused on a new browser, and not a new browser that is privacy oriented? Their language is pretty specific about donations and independence, but I didn’t catch anything that specifically denotes privacy.
deleted by creator
Looks like Mozilla has decided they can no longer ignore the money they can gain from having more and more data to sell.
Joining Google on the ad/data sales Evil Side.
🤷♂️ 🤷♂️ 🖕
Will be very sad if they continue down this slippery slope. I guess my last donation will stay just that 🫠
