Hacker News new | past | comments | ask | show | jobs | submit login

> I'm not sure you can derive any useful conclusions from this post.

A striking one is that many browsers continue to claim to be privacy respecting, when in reality they are not even though it is easilly verifiable.

You are correct in saying that from the standpoint of privacy there is either zero telemetry or everything else. There are other drawbacks from having many unnecessary 'phone home' requests, like performance in slow connection environments.

And may I add - telemetry on by default is just not decent, browser is supposed to be my ("user") agent, not somebody else's.




Privacy is not a goal, but just a marketing tool these days.


Another striking conclusion is that even browsers that value privacy need to have some level of understanding about what features their users are using and what they are not.


Nothing wrong with that, it just needs to be opt-in or otherwise you can not claim to be a privacy-respecting browser by default.


That assumes an objective definition of "privacy respecting". I am of the opinion that telemetry can be privacy respecting.


Sure, but only if you opt-into it. If a browser sends your private information like IP address to a third party, without your consent, that is by default opposite of privacy-respecting. (there is no privacy being respected there).


I disagree.

1. I don't think an IP is particularly identifiable information for a browser vendor - the information they have is "this device currently associated with this IP uses our browser", which is not significant.

2. Just because the IP is sent doesn't mean it's collected and stored. They may drop it as soon as the data gets to the server - meaning that the IP may have been transferred but it in no way is analyzed to attribute any information to you.

That is entirely respectful of user privacy.


And I disagree.

- If it's not opt-in, it's not privacy respecting.

- IP is a significantly identifiable piece of information.

- Regardless, we have seen that as few as 4 pieces of individual data collected about a user is enough to identify someone 90% of the time (https://archive.nytimes.com/bits.blogs.nytimes.com/2015/01/2...)

- Browsers collect far more than 4.

User privacy is no longer something you can tiptoe around - it *has* to be informed and opt-in; i.e. if you slipped into someone's bed at night and had sex with them without consent, was it okay?


The point is that we disagree, not that one of us is right. Mozilla isn't using some objective term, they're using one that's highly subjective.

You didn't address the major point I had, which is that they can just drop your IP and not store it. Soooooo, anyway, I'm ignoring the rest of your post because I don't care about the debate, I was just trying to explain that telemetry is privacy respecting.


You didn't address the major point I had, which is that they can just drop your IP and not store it.

The point is that you don’t know that and you cannot guarantee it. You just assume the best case.

As analogy: is sending your bank password a privacy problem? You argue no, because they could just throw it away immediately, instead of going on a Christmas shopping spree. That's an insane argument to make.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: