Seems like lots of FUD; how do Firefox Hello, Pocket and Geolocation "leak data about you" if you don't explicitly use them? How do DRM and Reader mode leak data at all?
Also, Safe Browsing, DRM, Search suggestions, Telemetry and Health report can be disabled in the preferences UI. Don't need sensationalist about:config protips for that.
Also, from the description of the Safe Browsing feature (as linked on the above page), it seems that it doesn't actually send (and thus leak) URLs; rather, it downloads a blacklist from Google periodically (~30min), and checks URLs against it locally... https://support.mozilla.org/en-US/kb/how-does-phishing-and-m...
(Though, for file downloads, some meta information seems to be sent if I'm reading correctly.)
I've worked with safebrowsing (v2) data/api before. It downloads and maintains lists of hash prefixes, which it checks locally for hashes of various versions of the url. When it gets a match, it downloads a chunk of all full hashes that start with that prefix, to see if the full url/variant hash is one of them. Usually that list very short, just one or two full hashes for a particular prefix.
I'm quite late with this, but this is incorrect. At no time is the URL sent to Google; in fact, at no time is even the hash of the full URL sent to Google. I'd suggest you re-read the safebrowsing protocol.
As ploxiln notes, if a hit is found with a matching prefix to the (canonicalized) URL, a request is made for all hashes of URLs beginning with that hashed prefix. The hash of the current URL can then be checked against that list locally.
I was oversimplifying, sorry. You are correct that the URL isn't ever explicitly sent.
However.
Generally there are only one or two URLs that start with the hash prefix that is explicitly sent to Google. Which means in practice it may as well be leaking the actual URL to Google.
Especially as there are multiple hashes per URL (5 worst-case?).
I would prefer it if they stripped out Hello and Pocket. They don't need to be there and their inclusion makes me wonder whay Mozilla's Firefox goals really are.
> I would prefer it if they stripped out Hello and Pocket. They don't need to be there and their inclusion makes me wonder whay Mozilla's Firefox goals really are.
In the case of Hello, the goal is to provide a fully FOSS video chat client built entirely on top of HTML5 APIs. That's huge! Skype, Hangouts, Facetime, etc. are all proprietary. Firefox Hello doesn't even require anyone to sign up for an account!
With Firefox Hello, I could paste a link in this comment that any reader with a WebRTC-enabled browser could click on and start a video chat with me. They don't even need to be using Firefox - they could be using Chrome on the laptop, or even Firefox for Android[0].
People keep bringing up the Telefonica branding, but that's kind of a red herring. Basically, since not all devices have globally addressable IP addresses (yet), they can't have it be fully P2P (yet), and they need some server that can facilitate the initial connection. Telefonica sponsors these servers, so they get their name listed alongside Hello.
What would "stripping out" Firefox Hello provide? It's built entirely on top of HTML5 APIs (which is why it works in all browsers with WebRTC support), so it doesn't actually increase the browser surface area at all.
[0] Yes, I can use my phone's FOSS web browser to place a video chat using a FOSS web client. If that doesn't sound amazing, I don't know what is!
Yes. Hello sounds amazing, but it could have been an extension along with hundreds of other amazing extensions for firefox. The point is there are extensions that I use and there are extensions that I do not use. There is no reason to stuff something down my throat however amazing they sound.
Then it doesn't need to be a irremovable part of the binaries, right?
"What would "stripping out" Firefox Hello provide? It's built entirely on top of HTML5 APIs (which is why it works in all browsers with WebRTC support), so it doesn't actually increase the browser surface area at all."
The question to ask is not "why should we remove it" but "why should we include it". And if it is just "built entirely on top of HTML5 APIs" then why should it need its privileged position above that of an addon?
That's the crux of this situation. Mozilla needs money. Unless they find another way to finance themselves, they will continue selling user data, directly or indirectly. This will not change however we cry out.
> Mozilla needs money. Unless they find another way to finance themselves,
Firefox Hello and Pocket are not attempts to "sell user data". In the case of the latter, Mozilla isn't even getting paid by Pocket, as they have said numerous times.
But yes, Mozilla is dependent on money, like all corporations. If you want to ensure that their funding sources are never in conflict with what users want, there's a very easy solution to that: https://sendto.mozilla.org/page/contribute/givenow-seq
(If every Firefox user gave $2, they wouldn't need their partnerships with Yahoo/Google for search integration, which has been their primary funding source for years).
They are selling the information what you are searching for to Yahoo, not directly but indirectly by configuring their software in a way such that Yahoo can collect your data easily. That information is incredible personal. This is the reason why Yahoo pays for it. There is no stretch at all in what I've said.
You have to use some search engine. Whatever search engine you choose is going to get that incredibly personal information.
Mozilla sold the default choice position to Yahoo. Any user who considers Yahoo to be more nefarious than some other choice can switch with about 10 seconds of effort.
Users use search engines. In fact it's pretty much a required feature to display a search bar proudly in the UI of a browser.
Users therefore give their search data to search engines. You can quibble about which corps are good corps and which corps are bad corps, but users cannot use search engines without giving search engines their search queries. Obviously.
Mozilla does no concomitant damage to users' privacy by allowing them to use their browser to use search engines. Mozilla, therefore, is not complicit in any wrongdoing which you ascribe to them.
If Mozilla made a deal with a manifestly worse option than the popular ones, measured either by results quality or by user abuse, the yes -- Mozilla would be reprehensible.
DDG is better, but it's not what users want.
> You know what would be nonsensical? If Yahoo didn't collect data about you.
Sure. Cool. That'd be neat.
> If Mozilla did not need to sell our data ...
Repeating that doesn't make it true. Mozilla does not sell your data. They sell placement of choice. We can agree that most users won't change the default choice, but we must also agree that almost no users will choose !google !yahoo !bing !ddg. In that order.
> ... it could ask which provider we want to use or integrate technology like YaCy.
The choice exists and is highly accessible. Are you suggesting a first-run dialog to ask the user to pick a search engine, a la Internet Explorer post-DOJ judgement? That's usability insanity.
YaCy doesn't even exist in Mozilla's user population's awareness. What's better? A good browser option or a dead browser?
Many of it can be found in Firefox Preferences, but providing a list of about:config entries seems more convenient to me than describing a way of how to disable things in menus, which are in different languages and change with time.
> Seems like lots of FUD; how do Firefox Hello, Pocket and Geolocation "leak data about you" if you don't explicitly use them? How do DRM and Reader mode leak data at all?
You really don't expect much from your browser at this point any more, do you?
I want a browser that connects only to the website I asked it to display and let me configure how any (ANY) third party connection will be handled.
Also, Safe Browsing, DRM, Search suggestions, Telemetry and Health report can be disabled in the preferences UI. Don't need sensationalist about:config protips for that.