Browse the Telemetry that Firefox collects
The Mozilla Firefox web browser, like the majority of browsers available today, collects Telemetry data which Mozilla introduced in Firefox 7 in 2011,
Mozilla notes on its official Mozilla Wiki site that Telemetry is "helpful for Mozilla's engineers and decision-makers" as it is used to "measure how Firefox behaves in the real world".
Telemetry provides Mozilla with "performance and usage info". Firefox collects only "non-personal information" such as "performance, hardware, usage, and customizations" according to Mozilla.
Mozilla is more open about the Telemetry that it collects. Anyone may open the Telemetry portal to check out some of the data. The Firefox Public Data Report for example provides a weekly view of activity, behavior, and hardware configurations of Firefox users.
Firefox users who want to know more about the Telemetry that Mozilla collects on their own devices can open about:telemetry to find out about that.
The data that is presented to you on the page depends on a number of factors including the Firefox channel and the Telemetry settings in Firefox.
Firefox Stable users should see a listing similar to the one on the screenshot above. The sidebar lists different data sections such as Environment Data, Session Information, or Raw JSON.
Here is a quick overview of what that data:
- General Data -- Application specific data, e.g. Firefox version and architecture, and an ID.
- Environment Data -- Expands into different subsections such as Addons, Experiments, or Settings.
- Build -- Similar to General Data.
- Partner -- Partner information, e.g. distributor or partnerNames if available.
- System -- Detailed information about the system. Mostly hardware, e.g. available memory, CPU features, caches, graphics adapter and capabilities but also operating system and version.
- Settings -- Some settings including default search engine, some about:config preferences, languages.
- Profile -- Creation Date.
- Experiments -- Experiments, often staged rollouts and their value (state).
- Addons -- All addons, themes, and plugins and information about each (including system add-ons).
- Session Information -- Details about the active session including its length, ID, active add-ons.
- Scalars -- Important counters and settings (scalars track a single value), e.g. first paint timestamp, whether the startup is cold, or the startup profile selection reason.
- Keyed Scalars -- See scalars.
- Histograms -- Various histograms (numeric measurements), e.g. measurements for extension startups, caches, performance of various subsystems and more.
- Keyed Histograms -- See Histograms.
- Events -- Data provided in an event-oriented format (usually empty).
- Simple Measurements -- Performance related information, e..g how long it took to restore a session or until first paint.
- Raw JSON -- All data as a JSON file that can be exported and filtered.
Currently in Nightly (additionally)
- Add-on Details -- Add-on IDs and details (where the add-on is installed and how it was installed).
- Late Writes -- unclear.
Mozilla is very open about the Telemetry that it collects and that is a good thing (Microsoft made a u-Turn in regards to Telemetry on the company's Windows 10 operating system as well). Firefox users may furthermore disable Telemetry in the browser to prevent that Telemetry data is sent to Mozilla (read here why it may not be a good idea to do so under certain circumstances).
Mozilla revealed this month that it will introduce a feature in Firefox that enables users of the browser to delete all stored Telemetry (instead of Telemetry being deleted automatically by Mozilla).
“Mozilla is very open about the Telemetry that it collects and that is a good thing”
Sure. Just like it’s good when a spy waves nicely at you from time to time instead of merely frowning. Firstly, the hardware is compromised. Secondly, the operating system is compromised. Thirdly, the network is compromised. Fourthly, the browser is compromised.
That’s all.
I have none.
‘Cuz I turned it off.
You can do it too!
Or wail about something easy peasy to fix.
At least you can do this in Firefox, can’t natively in ANY Chromia.
No browser is private as provided.
@Iron Heart
Well from my admittedly limited viewpoint here’s how I see it. If my liberty or life depended on the ultimate in privacy my level of concern would be hightened, perhaps to the point that I would avoid the internet entirely since I could never be certain that some link in the communications chain would be compromised. Fortanately for me, that is not the case and I’d further wager that is not the case for most here or anywhere internet privacy is discussed ( I thought Scott McNeely buried that issue sometime back ).To my way of thinking I surrender my privacy when I enter the internet, despite any attempts at privacy “theater” on my part (which I admittedly do some of). It simply isn’t worth my time or patience to get too worked up about what’s going on under the “privacy hood”, in the end whichever product I choose will disappoint me in some way, I expect that. Security is vastly more important to me than any notion of privacy. If the most private browser in the world has a security flaw that the most obnoxious data sniffer doesn’t, I’ll take the latter every day of the week. Just my personal preference, others may differ. So I stick with the big name browsers with large development teams and leave the “boutique” stuff to others.
Anyway, I’ve run out of pennies for the meter on this subject and will leave it there.
Firefox Telemetry Slice & Dice, in Linux (partial) 1/5/2020
https://pastebin.com/raw/anZCprac
Quote from https://support.mozilla.org/en-US/kb/send-usage-data-firefox-mobile-browsers :
“We use third-party platforms for functionality and services that we can’t build internally or when it is more efficient to use another service. Learn more about our use of Firebase, adjust GmbH and Leanplum.”
All these third parties that our telemetry data (including our IP address) is sent to, collect data from multiple sources and so can combine that data based on IP adresses to creat profiles of users.
https://firebase.google.com/
https://www.adjust.com/
https://www.leanplum.com/
For decades software companies asked users to send in crash reports and use feedback and customers surveys to improve their software. Telemetry is not needed and can give a false impression as some users disable telemetry as much as they can for their own software and that of friends of family.
That is one of the reasons Microsoft failed with the bad UI of Windows 8 and the first implementation of the ribbon on Office.
Arrogance and disrespect for users is another reason and it also affected Gnome 3 and Canonical Unity.
I use Firefox because it is the lesser evil of all the current browsers. But I disable telemetry because I do not want my data sent to third party tracking companies.
Because Mozilla sends their users data by default to these tracking companies, and other bad choices they make, I sadly no longer trust Mozilla.
Telemetry: Mozilla should buy the new GPU and browse the web with it for a week on most popular sites.
That’s a proper testing. I browse TEN sites in a week. My telemetry is useless.
Mozilla ORG is non-profit, but mozilla CORP is for PROFIT
Thanks Martin for posting this. It’s an interesting topic and brings up some really good ‘food for thought’ issues.
As for all the trolls spouting their moral outrage — Yawn…..
@svim
> As for all the trolls spouting their moral outrage — Yawn…..
Being critical of Mozilla = Trolling. :….D Mozilla has done enough questionable things in recent times to warrant criticism. You know it, and I know it as well. Whether this criticism is uttered in a moralizing way or not is of no consequence, as long as it’s based on facts.
Please accept that you won’t able to stop criticism of Mozilla here, we can’t stop the shills either. I think we have reached a nice equilibrium here – those who understand what Mozilla really is today and where their actual priorities are, and those who are either unwilling or unable to see through the shiny surface.
Criticsm is fine, it is part of what makes “the world go round”. When it decends to petty name calling ( pro=shill , con=troll) it’s tedius and rather pointless. I’d wager very few here , if any, can really “see through the shiny surface” of anything as complex as a modern browser to the depths necessary to truly evaluate security, privacy, etc. . If they could, they wouldn’t be wasting precious time arguing about it here.
Just one no-nothing’s two cents.
@Kent Brockman
> I’d wager very few here , if any, can really “see through the shiny surface†of anything as complex as a modern browser to the depths necessary to truly evaluate security, privacy, etc.
Well, there are some excellent insights available. Check out the ghacks-user.js on GitHub, they have an extensive list of about:config settings and what they do. There are also some very good comments here, namely the long comment of @Anonymous and the comment of @Sol Shine. I think those resources are already enough to roughly judge the privacy state of Firefox to some degree. If you are want to learn even more about the connections it establishes, check out the firewall of your OS or use something like Wireshark.
I do not think auditing the code is necessary in most cases, knowledge of about:config is usually sufficient for all those who are not developers.
> If they could, they wouldn’t be wasting precious time arguing about it here.
Disagree. If Firefox would be privacy-respecting, people would argue in favor of using it. If it were privacy-hostile (which I think it is for the most part), people would argue against it. Of course, “privacy” is relative and can’t be measured, and there are not any absolute states of privacy. That being said, most analysis I’ve read point to Firefox not being very privacy-respecting, certainly not to the degree it claims to be.
I understand that a discussion can be frustrating, especially when emotions are involved, but you need to understand that privacy is a topic some people care deeply about. Discussions are also made harder by people who just repeat the marketing claims of companies without bothering to check, and by useless straw man comparisons like “Well, it’s still better than Chrome” (which is not a very high bar, and which is not an excuse at all). If you know what is actually going on, these people are nothing but a frustration. Still, it can be worthwhile to share a critical viewpoint, no matter whether the naive and the ignorant like it or not.
@Iron Heart
Well from my admittedly limited viewpoint here’s how I see it. If my liberty or life depended on the ultimate in privacy my level of concern would be hightened, perhaps to the point that I would avoid the internet entirely since I could never be certain that some link in the communications chain would be compromised. Fortanately for me, that is not the case and I’d further wager that is not the case for most here or anywhere internet privacy is discussed ( I thought Scott McNeely buried that issue sometime back ).To my way of thinking I surrender my privacy when I enter the internet, despite any attempts at privacy “theater” on my part (which I admittedly do some of). It simply isn’t worth my time or patience to get too worked up about what’s going on under the “privacy hood”, in the end whichever product I choose will disappoint me in some way, I expect that. Security is vastly more important to me than any notion of privacy. If the most private browser in the world has a security flaw that the most obnoxious data sniffer doesn’t, I’ll take the latter every day of the week. Just my personal preference, others may differ. So I stick with the big name browsers with large development teams and leave the “boutique” stuff to others.
Anyway, I’ve run out of pennies for the meter on this subject and will leave it there.
Why does Moz. need any telemetery in regular FF ? Wtf is Nightly for ? “TheGuyWhoIsChill” ( But isn’t very chill at all ), saying we’re paranoid and they need to do it to provide a better browser for us users, BS, that’s what Nightly is for ! “TheGuyWhoIsChill” You sound like a shill for Mozilla.
@NotAShill
> Why does Moz. need any telemetery in regular FF ?
They don’t. They pretend to protect your privacy, but they still use telemetry (which is opt-out instead of opt-in, no less) anyway. But telemetry is by far not the worst stunt they pulled off:
https://www.zdnet.com/article/firefox-tests-cliqz-engine-which-slurps-user-browsing-data/
> Wtf is Nightly for ?
Lessens to need to employ a big quality assurance team. Users are discovering and reporting the bugs for free. Microsoft has fired its QA team as well.
> “TheGuyWhoIsChill†(But isn’t very chill at all ), saying we’re paranoid and they need to do it to provide a better browser for us users,
He [Editor: please. Replaced your words with “He”] has no idea what he is talking about. Mozilla doesn’t give a damn about privacy – this attitude is not limited to telemetry; take a look at Firefox’s default about:config settings, for example. There are so many guides out there that describe how to make Firefox privacy-respecting, and they are only necessary because Firefox isn’t privacy-respecting out of the box.
[Editor: removed]
Thanks for this informative article (and the also informative comments) Ghacks.net ( Read Martin).
I really like to know where I can learn more about the two telemetry data histograms and keyed histograms. This because they have names like x25519 and WEBEXT_BROWSERACTION_POPUP_OPEN_MS_BY_ADDONID
( To name a few but there are many more) and I mostly can’t make sense of there function and also what there messaging back to Mozilla.
So I would really like a web address who explains the names clearly or maybe a good idea for a Ghacks.net article?
Maybe even an Ghacks.net article about when it’s possible to (and sensible) to block certain measurements and when not block, this because you are mention, that it’s not wise to block Martin?
The amount of time it takes for a BrowserAction popup to open, keyed by addon id.
https://probes.telemetry.mozilla.org/?optout=true&search=WEBEXT_BROWSERACTION_POPUP_OPEN_MS_BY_ADDONID
Shortlink: https://mzl.la/2RXfCFC
Be patient the site may take awhile to load.
Thanks 99,
Hopefully, I will understand now the meaning of all those abriviations.
1) Lots of misinformed people here who are emotional about the word telemetry and confuse the level of data being shared.
2) Some people on a (personal?) crusade against Firefox/Mozilla.
3) Much fear/uncertainty/doubt being spread.
4) Ego stroking
Wow, common sense and a decent grasp of logic, how rare!
@TheGuyWhoIsShill
Stop shilling Firefox here. Mozilla, developer of Firefox, is funded by Google. People who use Firefox as some kind of anti-Google statement (as they do not really differ in terms of functionality anymore) are deliberately ignorant regarding Mozilla’s financial background. Without Google, Mozilla would have died long ago. Google keeps them afloat so that no antitrust case can be filed against them due to them being a monopolist. For this reason alone they keep up Mozilla, as a controlled opposition that will do Google’s bidding no matter what (reason why the Firefox defaults are so bad in terms of privacy).
So Chrome users bashing Firefox is as silly as Firefox users bashing Chrome, as both belong to the same tech cartel. However, Mozilla needs to be exposed for what they are. We already know that Google is not working in our interest, but the idea that Firefox will be what saves us needs to go away for good. In order for this to be a valid idea, Mozilla would have to be independent from Google, but they are clearly not.
As for me personally, I’ve switched to Brave. It just works, and is more privacy-respecting than Firefox out of the box. I don’t have the illusion that Mozilla’s continued could change anything at all.
@Iron Heart [Editor: please be polite]
>Stop shilling Firefox here.
“Brave, Basic Attention Tokens, Advertisement trackers, unclear business model”
Okay dude might want to judge not, that you be not judged or plain hypocrisy.
Dude !! That’s microaggression at it’s worst !!
Hope no one at MozCo read your post.
Do you find city dwellers offensive ?
@TheGuyWhoIsShill
> Brave
Yeah… That’s kinda… the name of the browser? Not sure what you are on about.
> Basic Attention Tokens
A cryptocurrency, not really something bad either. Again, not sure what you are on about.
> Advertisement trackers
I’m afraid not. Brave ads are being served locally, no data is being transferred back to Brave or any middle-men. Also, being shown locally served ads in exchange for BAT (revolutionary, since it grants users their fair share for viewing ads, for the first time) is fully opt-in, meaning you have to consciously decide to use it, in stark contrast to Mozilla’s shady stuff, which is always opt-out.
> unclear business model
Not at all. If you choose to take advantage of BAT, then Brave gets a small share of the generated token rewards, this is how they finance themselves. You don’t know what you are talking about, once again.
> Okay dude might want to judge not, that you be not judged or plain hypocrisy.
Well, contrary to you, I am not advertising anything. I mentioned Brave to avert the silly question “So what if Firefox is BS, what to use then? Chrome? You can’t be serious!”, which inevitably pops up whenever someone dares to expose Mozzarella Firefox. Also, I chose Brave as a privacy-respecting alternative to Firefox… Check out the myriad of unsolicited requests that Firefox makes upon startup, of which only a tiny minority are warranted / legitimate. Use Wireshark and verify it yourself if you don’t believe me. Whereas Brave doesn’t make as many requests, and a high percentage of them are actually legitimate.
> no data is being transferred back to Brave or any middle-men
Last week I did a fresh install of Brave after having been away for awhile, and when it ran after installation, the very first thing it did with no input from me was try to connect to Google Analytics (my firewall stopped it and alerted me).
Web analytics aren’t really in my particular wheelhouse, so I’m not sure if this isn’t as disconcerting as it feels, but I was alarmed considering Brave is supposed to be all about privacy.
@Anonymous
> Last week I did a fresh install of Brave after having been away for awhile, and when it ran after installation, the very first thing it did with no input from me was try to connect to Google Analytics (my firewall stopped it and alerted me).
1) Are you sure that you haven’t used any website at all? Many websites do use Google Analytics, it isn’t necessarily the browser itself.
2) Are you sure that the Brave website that is being opened upon installation doesn’t use Google Analytics? Because it it’s the website, the browser itself is not at fault.
3) Are you sure you are not confusing it with Google SafeBrowsing, a security feature all browsers (including Firefox) use?
I am asking because Little Snitch didn’t see any connections to Google Analytics here, as long as I don’t browse to a website that does use Google Analytics (that would not be Brave’s fault then)…
> 1) Are you sure that you haven’t used any website at all? Many websites do use Google Analytics, it isn’t necessarily the browser itself.
2) Are you sure that the Brave website that is being opened upon installation doesn’t use Google Analytics? Because it it’s the website, the browser itself is not at fault.
I am certain of these. When Brave opened itself for the first time immediately after installation, it just opened the brave://welcome tab. I didn’t touch it in any way before Glasswire alerted me that Brave was trying to make it’s first network connection.
> 3) Are you sure you are not confusing it with Google SafeBrowsing, a security feature all browsers (including Firefox) use?
All I know is that Glasswire identified the URL it was trying to connect to as google-analytics and on port 443. It’s possible that Glasswire was wrong, but I’ve been using it for years and don’t have any reason to not trust it so far.
I just did two fresh reinstalls to test this again. The first time, the initial connection attempt was to something on the fastly.net domain. The second time, the initial connection was to clients.l.google.com. When I have some more free time, I’ll try a few more reinstallations to see if it tries to make the google-analytics connection again, but in any case it seems to make connections to different domains after a fresh installation, and one of two I just ran was still to a Google domain (and to reiterate, the only thing that opened was the local brave://welcome tab and I didn’t interact with the program at all). For a broswer that bills itself as privacy focused, I still find it a little troubling that the program is making it’s own connections to any Google services (as you said, if it were a website making the request then that wouldn’t be Brave’s fault, but that’s not the case here).
@Anonymous:
So, your comment left me thinking for quite some time. I decided to do a bit of research regarding the domains your Brave installation connected to, and I found out the following:
As far as “fastly.net” is concerned, this seems to be the server Brave downloads its updates from: https://github.com/brave/browser-laptop/issues/12304
This is a legitimate request, and you should leave that enabled, unless you are OK with updating Brave manually every single time an update is available.
As far as “clients.l.google.com” is concerned, this is the SafeBrowsing server, as I have suspected: https://forum.golem.de/kommentare/mobile-computing/android-smartphones-weg-mit-dem-google-zeug/clients.l.google.com/88858,3999798,3999798,read.html
This is also a legitimate request as it’s related to the Google SafeBrowsing security feature, which all browsers (including Firefox) use. You can disable Google SafeBrowsing in the Brave settings, but this will lower your overall security a bit.
Keep me updated regarding Google Analytics, that would be most interesting if that’s indeed the case (I still doubt that it’s the browser itself, though.). But the two domains you have mentioned so far are both legitimate and necessary.
You bet we’re on a crusade, to remove the ******* running the place.
Read the majordomo and her cabinets social media, it’s cringeworthy and NOTHING to do with producing a decent privacy focused browser.
1) You obviously haven’t read the Avast article on telemetry aka spying or the myriad of other examples.
2) Who cares? No different to the ff zealots where mozilla can do no wrong even when they do.
3) See 1.
4) Much like you then :)
1) False assumption, read it
2) Appeal to the Stone Fallacy
3) No effort on your end
4) Hardly, when i point out fallacies and erroneous statements
All telemetry should be opt-in, not opt-out. In any software, and of course even more in software made by a company that pretends to fight for privacy.
Mozilla thinks that they have a right to grab everything in this list by default because it’s not the most sensitive data and worse companies exist, but I don’t want things like my session length, active add-ons, profile creation date, settings, default search engine, what buttons I click on, system configuration, and so on be continuously transmitted and analyzed by someone else without my explicit permission, or anything else on this list. That’s NOT for you to take Mozilla. Stop the peeping, I’m not your guinea pig.
And is the most sensitive data really safe from Mozilla’s telemetry reach ? Mozilla plans for “origin telemetry”, a technical name for collecting browsing data:
https://chuttenblog.wordpress.com/2019/04/26/firefox-origin-telemetry-putting-prio-in-practice/
And the ghacks article list here does not include all the data collection from experiments, which could for example send more sensitive data browsing data to Cliqz or Cloudflare as it did before . But here is the trick: they just don’t call this part “telemetry”. Problem solved !
“According to the Firefox support website, this version of Firefox collects and sends data to the Cliqz corporation including text typed in the address bar, queries to other search engines, information about visited webpages and interactions with them including mouse movement, scrolling, and amount of time spent; and the user’s interactions with the user interface of the Cliqz software. This data is tied to a unique identifier allowing Cliqz to track long-term performance. Interaction data collected and sent to the Mozilla corporation includes among other things, counts of visits to search engine pages, which search engines are used, and a Cliqz identifier. The data collection is enabled by default; users must actively opt-out if they do not wish the data to be transmitted.”
https://en.wikipedia.org/wiki/Cliqz#Integration_with_Firefox
https://support.mozilla.org/en-US/kb/cliqz-recommendations-firefox
Does this ghacks article list here talk clearly about Mozilla measuring user interactions with their commercial partners ?
“Last year we launched the in-content search probe, which counts the number of queries Firefox users issue to our search partners. Previously, this exclusively counted queries when users started their search using one of our built-in search tools, like the awesome bar. These are the searches that give Mozilla revenue. We’ve expanded this telemetry to include a count of the number of times a user directly navigates to a search provider.”
https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
From the same reference, Mozilla planning to count displayed ads and ad clicks:
“We also plan to count the number of times a search page displays ads and the number of times users click ads. These will be counts by user. Mozilla will not know the content of the search nor the content of the ads. This helps us both forecast Mozilla revenue and also understand the impact of ad blocking on the larger web ecosystem.”
From there too, the “Telemetry Coverage” experiment collecting telemetry on those… having disabled telemetry.
Did we mention Google Analytics in the browser ? No need, it’s not “Mozilla telemetry” !
https://www.ghacks.net/2017/07/13/privacy-blunder-firefox-getaddons-page-google-analytics/
Google Firebase Analytics in some versions of mobile Firefox including Firefox Preview together with some other third-party trackers that are also in standard mobile Firefox, Adjust and Leanplum:
https://reports.exodus-privacy.eu.org/reports/org.mozilla.fenix/latest/
https://reports.exodus-privacy.eu.org/reports/org.mozilla.firefox/latest/
And then there is all the sensitive data that Firefox sends by default while they shouldn’t but that is not telemetry. The keylogger to Google in the address bar (for search suggestions), the visited domains sent to Cloudflare (DNS hijacked by default in US), Google informed of half of the downloaded files (for “download protection”), and so on. But this part is off-topic, granted.
Firefox, a privacy browser ?
@Anonymous : excellent (who am I to distribute awards?!). Criticism, when documented and free of hate speech is really the best we an do. Firefox’s privacy as a question is the cherry on the cake. Nice.
Indeed, privacy is maybe no longer a valid slogan. Up to each of us to weigh the advantages and disadvantages of an application, more than ever perhaps. Just stating laconic choices based on ‘this is the best’ is nonsense, therefor all documented comments (as articles) participate to the technological education of all. Bravo.
@Tom Hawack
“free of hate speech” – you are another brain-washed, indoctrinated [Editor: please be polite].
@smaragdus, comments free of hate speech doesn’t mean they should be forbidden, IMO, only that hate speech doesn’t bring anything except a nervous relief for those who practice it : a highly egoistic behavior in fact. But I am the first to refuse all censorship. It’s just a pity to use one’s brains for so little.
@Tom Hawack
Seriously, you are writing an extremely long comment detailing how you made Firefox privacy-friendly (thereby implying that you were not satisfied with its default privacy settings), yet you still defend it every chance you get? Why? There are more privacy-respecting browsers out there (Pale Moon, Waterfox, Ungoogled Chromium, Brave etc.) which you don’t have to extensively modify to achieve some level of privacy.
Mozilla advertises itself as privacy-respecting – many comments here, including your own, outright deny that claim. Pretending to be something you are not is not commendable, and viewing Mozilla as deceitful is the logical conclusion. Discussing an organization which is deceptive in nature can cause anger indeed, although this “anger” doesn’t necessarily mean that the comments are not based on facts.
I think of you as someone who has used Firefox for ages, across many transitions resulting in a product that has nothing to with what it once was (aside from it being a web browser in essence), and that has gotten worse in terms of privacy over time. Why you do that, I don’t know. Could be nostalgia, the unwillingness to give up something you’ve used for ages, could be some special form of masochism, in that you enjoy Mozilla breaching into your privacy and then fixing it. Could be that you just like to hear yourself talk, because if they didn’t violate your privacy, you wouldn’t have an opportunity to share your wisdom here, regarding a fix for an issue that shouldn’t be there in the first place… As I said, I don’t know, but I suspect that it’s potentially any of these three, or a combination of them. I’ve lost a lot of respect for you because of that. You continue to be an apologist for a browser of which you know that it is spyware, a browser whose users in most cases have no idea of the privacy issue, and no idea how fix it.
I can’t decide or even influence what you use, and honestly I don’t care, but you being an apologist of Firefox in spite of it not being privacy-respecting at all, using for-privacy “arguments” (= fixing the broken state on your own), is not a good use of brain capacity either.
@Iron Heart, I continue to use Firefox as my main browser because I believe I’d have to tweak far more any other browser to achieve the global result I aim for. Comparison must include as many parameters as possible otherwise it’s always possible to th find better and worse on specific points.
I don’t care at all about a company’s morality in the same way a politician’s life, lies, hypocrisy doesn’t bother me as long as his action does the job. From there on you’ll understand that Mozilla’s spiritual life is non of my concern, no more than that of big tech companies : no hatred, no love, I use their products or not free of emotional considerations, concerned only by the ratio price (money or privacy) / efficiency regarding my expectations. This also explains why your political considerations presented as if they had relevance with a product’s pertinence leaves me stunned.
Of course Firefox is not perfect, what browser is? No love nor hatred as I said which is, free of demagogy and/or emotional faithfulness I point out my criticism when applicable.
Your lengthy paragraph all in trying to explain what of me you ignore is expressed with obviously an effort of tact (I was sure you were a nice guy!). If we accept to report a minimum of introspection I’ll admit that there’s a lot of work behind my ability to make Firefox behave as i wish, itself relying on what is becoming an in-depth knowledge of Firefox, that considering a similar work and time with other browsers marks a point in favor of Firefox. Yet, if I was convinced that another browser can achieve all what Firefox plus my tweaks can then I’d likely be interested, motivated and decided. But I just don’t happen to think so. I may be wrong, you may be right, winning is not in a rhetorical dialog but in a reality’s connection to our aspirations : what I mean is that I defend less a browser than the fact it suits my needs. Does that ansewer your wondering? I hope so :=)
I have totally blocked Firefox telemetry, about:telemetry leads to “Blocked Page – Your organization has blocked access to this page or website.”. If that were enough for peace of mind i’d likely be naive.
Telemetry and several other Firefox browser connections are blocked here, all settings performed with Firefox Autoconfig and Policy templates, the latter with the help of
the excellent ‘Enterprise Policy Generator’ Firefox extension.
If I consider my own Firefox environment I remain surprised to notice that the ‘cachedClientID’ appears in my about:config each time blocklist.xml and/or cert9.db have been updated (Firefox blocklist which includes updates for “revoked certificates”). The only way i’ve found to have this ‘cachedClientID’ removed from my about:config is to include the following in my Autoconfig (config.js) settings :
clearPref(“toolkit.telemetry.cachedClientID”);
clearPref is a setting available only with Autoconfig, won’t work with user.js. Funny thing is that it won’t work with a pref, or even a lockPref but only with clearPref.
Also, even though this tough privacy protection I’d get a datareporing file in my Firefox profile (same as above, that s when Firefox blocklists are updated). To circumvent this I’ve emptied (o byte) the datareporting file and set it as read-only.
Last but not least, but i’m uncertain this is related to privacy and i mention it because it bothers me, if I don’t block ‘firefox.settings.services.mozilla.com’ (in fact I block services.mozilla.com with an exception for ‘blocklists.settings.services.mozilla.com’ required for blocklist’s update) then every start of Firefox connects to this firefox.settings.services.mozilla.com and feeds accordingly my Firefox profile /storage/permanent/chrome\idb profile. No need for that, all related to Firefox’s newtab page which I bypass.
And I’m not mentioning extra stuff I have to deploy to avoid Firefox intrusions or what I consider as such. Am I right? All depends on what telemetry means, includes. telemetry, data collecting/gathering, tracking… how is a basic user to know when telemetry is or is not disguised data collecting for means of tracking as well? This is something developers seem to ignore : the fact that a non-expert user is unable to differentiate telemetry from tracking and, to avoid the worst may take measures to avoid the best (telemetry that provides useful and privacy conscious data).
I think it’s time that once and for all telemetry is to be totally abolished, putting aside the eternal leitmotiv that such gathering is for our good, when it actually could be as it could be not. As a Hertz 1960’s TV advertisement used to say ‘Hertz put you in the driver’s seat’ (I remember Jack Lemonn performing in that ad!) : well, perhaps Mozilla should start considering the idea of putting the Firefox user in the browser’s seat rather than its company’s developers.
Nevertheless I remain a Firefox user because, as it’s been said and repeated, the criteria is ‘the less worst’ so to say in an intentionally approximate semantic. Also because I appreciate many of Firefox’s specific advantages. But honesty requires to emphasize on the fact the era is that of data collection, Big Data, and that it may very well be likely that no company makes the exception.
Users are becoming increasingly fed up, and the trend is that those users get to include more than power-users which would invalidate what may be the very credo of company developers : “heck! only a minority will find out”. Well, more than a minority actually. remember, you developers, the ‘banner syndrome’, then the ‘cookie syndrome’ which led your companies to revise their polcies… once the masses started to yell and act accordingly. Why not anticipate and reconsider your very deployment policies before you get obliged to do so? Wouldn’t ne more honest but at least would definitely be smarter.
Tom Hawack, thumbs up for the post. Interesting observations.
I by principle have no problems with mozilla collecting telemetry data to monitor how their browser behaves on differing computer configurations,The end user will benefit in future versions.I would have a problem if it were forced with no way of opting out.
Nothing nefarious and even if it were why would mozilla offer this functionality.Sure there may be a slight lack of complete transparency but of course the tin foil hat brigade will disagree.
Thanks for doing so, I respect people who help improve Firefox and share their statistics, whilst leeches like myself opted out.
>Firefox users may furthermore disable Telemetry in the browser to prevent that Telemetry data is sent to Mozilla
Do note that Mozilla does not have a good track history of honouring that setting, and it can enforce it, at any time, without user consent or knowledge, back to ON:
https://www.ghacks.net/2018/09/21/mozilla-wants-to-estimate-firefoxs-telemetry-off-population/
Again? OMG, turn it off! Telemetry, that is. Saying any Chromia is superior to FF in acheivable privacy is beyond laughable. Categorically wrong.
Everything Google makes is designed to collect data and serve ads. Spend some time with a chromebook, the most onerous piece of junk obvious data scraping device ever made.
Google is an ad company, read their annual reports.
Little Snitch > all processes > deny connections > box.com, firefox.com, mozilla.com, mozilla.net, mozilla.org, mozillademos.org, mozillazine.org
Just block all their telemetry servers in hosts file.All my packages have “sendfailure: eUnreachable”
https://i.imgur.com/5W4HPPD.png
I mean this is a site supposed to be frequented by IT-Professionals?
Guys and ladies, this is so easy to block! Who literally gets angry about this anymore?
> Guys and ladies, this is so easy to block! Who literally gets angry about this anymore?
Defaults matter. Advanced users can be angry that most users are exploited because they don’t know.
Advanced users can be angry that most users are exploited because they don’t know
Well said. Before I left this browser I tried to block as much of its malicious functionality as possible. No user js memes, no config options, strictly relying on something superior to this ptogram, that being the OS. And it worked. It damn fucked firefox showing all sorts of error-returning pages, and its updater went berzerk not knowing what to do anymore, but eventually it settled down and did only what my OS allowed it to. That doesn’t mean I’m going to use this crap, or that I’m going to put anyone else, regardless of their computer experience to go through all these absurd workarounds to get a somewhat decent, half broken web browsing experience. I’ll find something better to recommend, and to use. I don’t want to contribute to that 9% of abusive market share mozilla still owns to this date.
I blocked it by switching to other, superior, browser. It is by far the best way of dealing with mozilla. Let them fade into the pits of irrelevance.
@Yuliya
>I blocked it by switching to other, superior, browser.
So you are one of these people that jump at every Firefox news to tell the world what a terrible company Mozilla is and that all Firefox users are inferior?
I mean come on, you called your browser superior to ours. I don’t want to argue about this, but jeez do people hear themselves anymore?
Yes I am a worthless Firefox user
(sad fox face emoji) .w.
I merely let people know about my experience with this browser, which abruptly ended after being my main browser for 5+ years. It is completely their choice which browser they decide to use. But the grass is indeed greener on the other side of the fence. You just won’t notice until you take a look.
Hold on a second. Just because they display some telemetry data to users, it doesn’t mean they are transparent. They could have 100 more telemetry points hidden from the users. Do they? We can’t know, we need to trust them. Also, if they don’t collect “non-personal” information then why would they assign a unique ID to each of the machines where the telemetry data is coming from? Why would they need a unique ID? The only scenario I can imagine is they want to track patches and how they affected certain configurations…but an ID is definitely not required to do that. You just search for a config with specific issues, apply a patch and test it. They need it to track YOU. The ID is your digital fingerprint.
There should be 3 levels of telemetry, disregard of the object to measure. Be it a browser, an OS or whatever. This would make this game bit more fair.
1. Completely disable telemetry. No data is sent anywhere, none, even the “necessary”. If you want to respect your userbase privacy, this option needs to be available, period.
2. Selective telemetry, chosen by users. People share only what they want.
3. Enable telemetry. No limits. Most people would have it enabled, that means the Mozilla’s engineers and decision-makers would still receive telemetry data in order to fix their product. But this is not what this is about, is it?
Anything else is fake privacy.
The amount of paranoia in this post.. just open the JSON file yourself on the hard disk! Just enable TLS inspection and capture the telemetry package with Wireshark.
Yes telemetry sucks, yes it is needed to improve the browser, but is it forced and spying? In Mozilla’s case clearly no. However Microsoft’s Windows 10..
You could have saved yourself this wall of text and ego stroking just by linking the ghacks userprefs.
“However Microsoft’s Windows 10..”
If Microsoft or Google were ever forced to reveal the full list of “telemetry” that they collect they would both be in prison. They are getting away with it because the US government wants the data.
Like most people who play the “paranoia” card, you don’t know the meaning of the word. Paranoia is when a person is certain that something bad is happening which in actuality may or may *not* be happening. Anon’s message is only that of somebody who’s cautious. Don’t confuse caution with paranoia. And yes, I agree with Anon’s message in it’s entirety.
>However Microsoft’s Windows 10
Allows you to disable it, without forcing it back on to you: https://i.imgur.com/LSfYZUe.png
Unlike mozilla did back in 2018: https://www.ghacks.net/2018/09/21/mozilla-wants-to-estimate-firefoxs-telemetry-off-population/
You didn’t answer his question. He’s asking who says what’s in the JSON file or what they show in the portal is what they actually receive. In the case of ff it probably is but generally isn’t a given when you look at the shady practices companies are using.
I disagree that telemetry is needed to improve the browser or any app. Companies managed perfectly well for many, many years without it and still improved their products and killed bugs. The only thing they collected were crash reports. Then suddenly they all decided they needed to spy on you to improve and look what’s happening with that data mining, they are monetizing it.
@suzy
Yes I answered his question. You might not know what Wireshark is. If I see the data they send and intercept the TLS connection (i can on my own machine, with my own data, those are my session keys).
>I disagree that telemetry is needed to improve the browser or any app.
And I disagree with you on that. If you can pay millions of beta testers with money, yes telemetry is useless. But you can never catch all bugs and all performance issues with automated test.
You are getting upset about a completely free-choice opt-out data collection.
They simply need data as your specific graphics card. I well do remember particular models and version of NVIDIA drivers causing crashes:
https://bugzilla.mozilla.org/show_bug.cgi?id=1419264
Do you want Mozilla to buy every graphics card and build every system possible just to beta test?
Impossible to pay.
Impossible to find the time.
Telemetry sucks, we all know. But it helps when used fair and right.
@TheGuyWhoIsChill: Wireshark, seriously? Do you expect regular people, who may be concerned about privacy, to use a complex app like that? I am by no means a novice, and I am not a geek either, but I can tell you Wireshark is unusable for someone like me, never mind senior citizens.
The same goes for that JSON file: not apt for seniors.
So, Anon made a good point.
Wireshark……complex? Maybe, the first time you run it, like any unfamiliar app. But it’s certainly not so complex that any noob should consider it too technical or involved for them to understand.
Personally, I find it no more complicated to interact with than setting up a firewall, or configuring a system proxy.
In any case, I would say that any person of the ‘regular’ variety that recently had the sense and the conviction to switch to a Linux OS from Windows, can do without the sentiment that some very useful app’s ie Wireshark, are somehow above them.
Apt for senior citizens!
How do I open a JSON file?
Whenever you want to open JSON files, all you have to do is import the files into your browser. If you use Windows, you can open JSON files with Notepad or other type of text editor to view the contents. Simply right click on the file and then choose Open With from the drop-down menu.
Is JSON human readable?
In computing, JavaScript Object Notation (JSON) is an open-standard file format that uses human-readable text to transmit data objects consisting of attribute–value pairs and array data types (or any other serializable value).
>>> Anon made a good point.
Anon made a sh*t point, every telemetry action is very well documented
e.g.
https://telemetry.mozilla.org/
@99: I did not say I needed a lesson about what a JSON file is and how to open onee, I am aware of it. I was referring to senior citizens; non-tech novices would also not know. So, many thanks for the lesson, I learned nothing. Not to worry, next time better ;-)
Original sound Mr. Vaak
>>>I was referring to senior citizens;
Your supposed “killer argument” refers to the prejudices faced by older adults in the digital world. Generational segregation naturalizes youth as digitally adept and the old as digital dunces. A case of digital ageism.
>>>I learned nothing.
Well, another proponent of the use of pointy hats.
@Klaas Vaak
Wireshark is a tool to read contents sent/received by the computer. However you can’t see the contents if the destination is https. You need to do complicated things to read the https contents(which is the point of https over http).
Also, I don’t know that ghacks are only allowed to be visited by IT proffesionals..
@Anonymous: Ghacks is for anyone ranging from IT professionals to complete novices, and the comments show that the almost the full range does visit.
@Klaas Vaak
>Do you expect regular people, who may be concerned about privacy, to use a complex app like that?
On a site directed at IT-professionals, or your average tabloid press newspaper?
>Wireshark is unusable for someone like me, never mind senior citizens
Well, I can respect that, but the discussion you joined was about analyzing if more data is sent than claimed. And I was debunking ramblings of the paranoid others.
So, with all respect, when someone claims more data is sent I had to step in and stop this obvious FUD. Again, not directed at you, my senior non-Wiresharky friend.
I have a problem with my Firefox on Android (latest stable version) moving huge volumes of data (hundreds of megabytes at a time) when I visit certain web pages. A notification icon appears in the notification strip at the top. Apparently the text of the web page is being turned into speech, but there is no audio coming from my phone.
I went into settings to block autoplay, did not help. Thinking it might have to do with settings on my Desktop Firefox (since the two browsers are synced), I set accessibility.force_disabled in Desktop Firefox to “1” in order to disable text-to-speech. Unfortunately the uncommanded behavior persisted.
Examples of web sites where this happens (not always, and sometimes not right away): http://www.forbes.com, http://www.newyorker.com
No problem here; the sites loaded promptly.
However, I have noticed several sites display a yellow bar across the top with some message about loading the site. The bar disappears within a second or two, so I can’t read the message in detail.
Reading about the Avast collection and selling data last night is much more disconcerting even though I don’t use Avast. Obviously, I would like an opportunity to invest in “data harvesting” companies!