Thanks everyone for your active participation here. We knew this would have a lot of interest and so we’ve waited to dive into the conversation because we see some themes emerging that I’ll respond to broadly here. The main concerns I’m noting are around the license agreements we declare, our use of data for AI, and our Acceptable Use Policy. Below are a few clarifications to each of these areas.
Uhh, because without letting Firefox use the information you type, you would have a very shitty word processor instead of a web browser?
Imaging typing “www.google.com” and Firefox just sits there because without your permission to use the data you gave it, Firefox would ethically not be able send that text to a DNS server.
That’s what that means.
When you interact with your web browser as an application, the information you put into it - including any DNS queries or submitted data - is routed between your ISP, your DNS provider, and the provider of the website. And for non-mozilla websites then none of those are Mozilla.
“Firefox” as a browser sees that stuff, but “Mozilla” as an organisation, a busineas entity, does not need to see that.
Exactly the same that when you buy a bicycle you can ride it anywhere you like without the company who made the bike knowing where you are - sure they made the bike, but after that point, the relationship is over.
This is why historically there has not been any need to accept terms for a browser, because a browser is just a vehicle - what you use the browser for has actually no dependency with the company who made it.
A policy only starts to become necessary when the browser positions itself as an entity that you transact with directly; like creating an account to sync data with Mozilla services and store things in pocket, or to interact with AI services which Mozilla provides.
Effectively, mozilla have now started adding extra features to the bicycle which are useful but also need to communicate with Bike HQ to work. And they are being a little less than specific about what data that is or what they will do with it.
That’s what data usage policies are about - what data does Mozilla as an organisation collect, what do they use it for, and what third parties do they interact with to provide those services. And that’s what I’d hope to see, rather than a broad statement that in theory allows anything.
That’s the thing: you do interact with the web browser. It’s literally the first thing that has to happen before accessing the Internet.
You don’t type directly into Facebook; you don’t search Google directly. You type into a text box in web page rendered by your browser. Your browser handles the HTTPS encryption as well as sending everything you type to the next layer in the network stack. That’s what Mozilla’s policy is clarifying- the very act of typing data into Firefox means you’re giving data to Firefox, so they’re telling you what happens to that data when you do (which is not “send it to Mozilla”).
That’s what Mozilla’s response to the recent criticism tried to explain this as being, but that response itself is to me not at all plausible.
You do not need to give Firefox or Mozilla permission to “do” anything when you simply navigate to a website or perform a search, because the only entities involved in that transaction are yourself, your ISP and the website. NOT Mozilla.
To be super clear here: Yes, Firefox as an installed application has complete and total access and permission on anything you ever do or say or send, and always has done since day 1. And that is absolutely fine, because that data did not go back to Mozilla.
That’s how its been with web browsers since the web browser was invented - you don’t have to agree to let the browser do things for you, because just like a bike you are the one driving the browser and deciding where it goes and what requests the broswer makes when you drive it - you are in control.
The new terms and conditions have been added to cover data which is sent back from the browser to Mozilla, or to other partner services.
Your previous response couldn’t be more clear. At this point this guy is just trolling, and it’s never a good idea to feed trolls.
Again, as I’ve already pointed out this is not correct. You don’t interact with websites directly; you interact with them through your web browser.
Except you don’t know that. You can’t say what expectations you might have had with whatever data you provided because there was no policy published to say what Mozilla might have done with it. Now, there is.
You need to understand that what you wrote is utter bullshit and not how any of this works, or has ever worked.
Mozilla is not the software running on your computer and you having some sort of agreement with them is not even slightly required for the software running locally to connect to the third-party server that you, the user, directed it to connect to.
Adding Mozilla ToS to Firefox is like putting “vegan” labels on tomatoes: it’s not just pointless, but also suspicious.
So for the last 20 plus years before this new wording, Firefox has not been a functional browser?
That’s not what I said. But making a policy explicit rather than implicit seems to me like a good move for privacy. Isn’t it better to know exactly what Firefox is doing with what you type, rather than just assuming?
If they make it more exact such that it’s not ambiguous whether they can use our data for whatever, that would be fine.
I agree, and so does Mozilla. From the linked blog post:
Here’s the Privacy Notice referenced above. While I agree with you that they are vague about their “Partners, service providers, suppliers and contractors” they supply data to (read: Google) they do provide ways for you to request that data.
Does Notepad need a license to interpret your keystrokes and save them to a file? Interpreting my keystrokes and formatting them as an HTTP request to the search engine should not require any online service, and if the data does not leave my machine, it doesn’t need a license nor privacy policy. They have done just fine without a license for decades, because it would be absurd to require a license for fully local operations.
Oh look at that, a privacy policy in Notepad that tells you how Microsoft uses the data you type into Notepad.
It doesn’t. The policy covers what happens after that. Sure, open up Firefox and type whatever you want in the address bar and you can be as private as you want. The second you press Enter is when Firefox does stuff with what you typed, and Mozilla is saying that when you push Enter you give them permission to do that stuff. You’re giving Mozilla permission to send your search to Google for midget porn, or to post your pro-Trump rant to Facebook, or email your great-Grandma’s secret oatmeal raisin cookie recipe to your ex-wife.
It’s turning an implicit use of a web browser (“Of course we’re sending your search to Google and nowhere else wink”) into an explicit use (“When you provide data to Firefox, we’re gonna do this with it, cool?”)
Except the terms don’t promise that. The terms don’t really say anything at all about what Mozilla (the corporation) or Firefox (the software) won’t do with data I enter into Firefox. They do however say that I grant Mozilla a license to use data that I enter into Firefox for several purposes, which means Firefox could reasonably send the search request I intended for Google to Mozilla as well.