Mozilla Installs Scheduled Telemetry Task On Windows With Firefox 75 (ghacks.net) 102
Mozilla says:
- "We're collecting information related to the system's current and previous default browser setting, as well as the operating system locale and version. This data cannot be associated with regular profile based telemetry data..."
- "We'll respect user configured telemetry opt-out settings by looking at the most recently used Firefox profile."
- "We'll respect custom Enterprise telemetry related policy settings if they exist. We'll also respect policy to specifically disable this task."
"Collecting telemetry is one way we're able to ensure we can understand default browser trends in a way that helps us improve Firefox. It's our hope that by better understanding more about our users and their choices around browser preferences, we can continue to build a better Firefox."
Long-time Slashdot reader AmiMoJo writes, "Opting out can be done via the Privacy & Security section of the preferences screen. You can view collected telemetry and view your current settings at about:telemetry."
Bleeping Computer also notes that by default, "For some time, Firefox has been collecting telemetry data about how you use the browser, such as the number of web pages you visit, safebrowsing information, the number of open tabs and windows, what add-ons are installed, and more. This telemetry data is kept for 13 months and IP addresses listed in server logs are deleted every 30 days.
"On my computer, Firefox has collected over 400KB of information."
Re:So..? (Score:5, Informative)
in about:config set the following to "false". Done. Can't say the same for Facebook..
browser.newtabpage.activity-stream.feeds.telemetry
browser.newtabpage.activity-stream.telemetry
browser.ping-centre.telemetry
toolkit.telemetry.archive.enabled
toolkit.telemetry.bhrPing.enabled
toolkit.telemetry.enabled
toolkit.telemetry.firstShutdownPing.enabled
toolkit.telemetry.hybridContent.enabled
toolkit.telemetry.newProfilePing.enabled
toolkit.telemetry.reportingpolicy.firstRun
toolkit.telemetry.server
toolkit.telemetry.shutdownPingSender.enabled
toolkit.telemetry.unified
toolkit.telemetry.updatePing.enabled
https://www.askvg.com/tip-disa... [askvg.com]
Re: (Score:1)
Jeez, that's a dark pattern if I ever saw one. You have to opt out 14 times?!
Re:So..? (Score:5, Funny)
"Jeez, that's a dark pattern if I ever saw one. You have to opt out 14 times?!"
Feels like a book-club.
Re: (Score:2)
Re: (Score:1)
You've never looked at a proper config before, have you?
Re:So..? (Score:5, Insightful)
When toolkit.telemetry.enabled is set to false, all of the child settings such as toolkit.telemetry.updatePing.enabled should be irrelevant.
Re: (Score:2)
You've never looked at a proper hierarchical config before, have you?
Well, that's rude. Have you verified your statement by looking through the Firefox source code? I mean, it's open source anyone can do it...
A lot of things "should" be that aren't. With Mozilla eagerly attempting to replicate Google and all their spyware, I wouldn't put it past Mozilla to make the settings purposefully obtuse and when two settings conflict, defaulting to the most privacy-invading.
If you don't want to do a full code audit, it's easier and safer to change 20 settings than it is to change one
Re: So..? (Score:2)
Re: (Score:2)
Re: (Score:2)
Who says they aren't? Haven't you ever seen checkboxes they grey out other checkboxes but otherwise leave your settings intact?
Anyone got a source code patch? (Score:4, Interesting)
Why not permanently patch it right out?
Find all code that references those config options, delete it, make a `diff -ur ` with the original source package (extracted again to another directory), and put into a bug tracker bug for in your distribution, to suggest it to the maintainer. /etc/portage/patches/www-browser/firefox/ and then `emerge firefox`.
Even if the bug would be closed imemdiately, people could still find it and pull it from there.
I don't know the process for other systems, but on Gentoo, you'd simply put the patch file in
No, you don't. I'll gladly compile it for you. (Score:2)
Really, I do. It's simple for me.
Only takes one person to compile it for all of you. (You'd have to trust me too, though.)
But on Gentoo, it is automatically done with `emerge firefox` anyway. Nothing to do, works just like a normal install, except you trade speed of installation for extreme customizability and complete runtime optimization.
I just use it, because I really want MY system to fit ME like a glove, and not be limited to choose between "dumbest common denominator" and "bloat".
If you don't need tha
Re:Anyone got a source code patch? (Score:4, Informative)
Because a) you have to write the patch, b) you have to compile the browser yourself, which is a non-trivial operation, c) you have to get the binary onto every machine you use, and d) you're then committing yourself to forward-porting that patch and compiling Firefox forever.
Writing the patch is the easy part. All the other bits you need to do in order to actually use, and keep using, the patch.are significantly more effort than writing the patch is.
Re: Anyone got a source code patch? (Score:2)
I'm actually doing it for years now. I'd do it even for you. So don't tell me if it is hard for you.
a) As I said, you don't "write" that patch. You merely delete the files, directories and some lines of code that tie them in. When you compile, it tells you with errors what else you need to remove to make it work. :)
Also, you don't have to do shit. People like me would do that.
b) As I said, compilation is trivial for me.
Modern Gentoo even makes cross-compilation trival. Doing it for my RPi all the time.
And c
Re: (Score:1)
Hey, BAReFOOt. Just post the patches on GitHub/GitLab. Won't cost you anything to host it, since you're not making any money off it. Publicize your work on Reddit - no out-of-pocket there. Keep the patches up-to-date every time the Mozilla Foundation makes a change, or my distro does. Include clear instructions on just how to compile it for at least Debian and Fedora and their derivatives.
I could probably live with this. I've been hacking Linux etc since, well, Bell Labs UNIX system 6 (employer's corporate
Re: (Score:2)
Re: (Score:2)
The easiest way would be to just take advantage of someone's else work? I would be reasonably sure that GNU IceCat [gnu.org], the completely free and open version of Firefox, has already patched that crap out. On Gentoo you should just be able to 'emerge icecat' and be done with it.
Granted, it's not as easy on other OS's like Windows - there are unofficial builds of IceCat but then you have to trust whoever built them.
Re: (Score:2)
Re: (Score:1)
WARNING:. I keep my tinfoil hat on my hat rack, but when it comes to browsers, I put it on. I had already unchecked Allow Firefox to Send ... items in my Preferences page. When I processsed this list, some of the items were on, so I flipped them off. Of course, I have no idea whether they existed before the 75 update, but given that I turned everything off with the Allow entries, I would've expected any new ones to be added in an off status.
So from one paranoid AC to another, thank you.
PS The link you sup
Re: (Score:3)
When I go into about:config, I see that the setting "toolkit.telemetry.enabled" has a padlock next to it and it won't let me change the setting. Any idea what this is about?
I've changed it by editing my "user.js" file, but I'm still curious to know why I'm not allowed to change a setting in "about:config" using the GUI. In total, there are 5 config settings that have this padlock.
Re: (Score:2)
Re: (Score:2)
You can't change it because it's a build flag. It's only in there so that other code can detect that Firefox was compiled with that option.
The good news is that it doesn't mean telemetry is force-enabled, it just means that the telemetry code is compiled in to Firefox. You can disable it in the Firefox preferences.
Apparently they plan to rename it to make it clear it's a build flag at some point.
Re: (Score:2)
Re: (Score:2)
Mozilla is planning to be abusive? (Score:4, Interesting)
Is Mozilla moving in the direction of Windows 10 and Facebook?
Re: (Score:2)
So by your logic, "one little murder" is alright? (Score:2)
Because Stalin was far worse?
And mind you, that I would be OK with it, and maybe even opt in, if it was actually opt-in. (Opt out is not legal around here in Germany, period.)
Your reasoning is still wrong.
Discount for opting in (Score:3)
(Opt out is not legal around here in Germany, period.)
Is it legal in Germany to sell a product or service for 50 euros with a 50 euro discount for opting in?
Re: (Score:2)
No. GDPR is clear, permission to process personal information has to be freely given. It can't be incentivized, it can't be encouraged by tying it to some benefit or using deception.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Why? (Score:2, Insightful)
Re: Why? (Score:2)
So they can actually see the plight of the users, when they beg and scream.
Because what else would they fap to? :D
Re: (Score:1)
Re: (Score:2)
Its not like they've actually cared about what users want or need or how to even be profitable for years now so why do they need all this personalized data?
No, it's not like they actually listened to you personally whining. They actually exist which makes them a long way from perfect and they're fighting a very well funded and aggressive adversary, to the point that they've seen off their old aggressive, well funded adversary. And yet they still manage to produce the best product in the category. I guess th
Re: Why? (Score:1)
Oh God... (Score:4, Insightful)
Re: (Score:2)
Re: Oh God... (Score:2)
GDPR for starters
Re: (Score:1)
Re: (Score:2)
It used to be opt-in but nobody opted in so they changed it to opt-out.
https://wiki.mozilla.org/Progr... [mozilla.org]
Re: (Score:3)
I happily opt in to Mozilla's telemetry. I encourage everyone else to do the same.
Now I can appreciate the privacy nuts, but from a distance. I like what RMS has given the world and I can appreciate his single minded devotion to privacy with the hardware he runs etc. I don't have quite that inclination. I don't have the time or money etc (I would quite like a Talos II, mind, but I'm not getting one). I do however value a good deal of my privacy. Not as much as some, but like most people I'm prepared to make
Oh Frak ! (Score:1)
Just my 2 cents
Re: Oh Frak ! (Score:3)
You did not read one word from TFS, did you?
Re: (Score:1)
look, why they need to collect the info when I'm not running firefox?
they had some deal with someone on how to make money from this info. that's the only sensible explanation really. and to say that something thats sent from your computer to their servers couldn't in some cases be connected to you is a laugh.
Going down? (Score:2)
Re: Going down? (Score:2)
But if that means the end of humanity, isn't that honestly rather a good thing? :)
So they are criminals now... (Score:4, Interesting)
The DGPR states clearly that any such thing must be "opt-in" and may not be "opt-out". What they are doing is illegal all over Europe.
Re: (Score:2)
Re: (Score:3)
Good thing they're grabbing locale data then, so they'll know who to stop watching. /s
They are not allowed to do that either. They must default to no collection.
Re: (Score:1)
Re: (Score:3)
GDPR makes specific allowances for technical data required to maintain the service if I remember correctly. Mozilla will likely argue that this falls under that umbrella if it's ever challenged.
Re: (Score:2)
So what is the big bad EU going to do with a company based in the USA? Write them a letter?
Re: (Score:2)
Re: (Score:2)
So what is the big bad EU going to do with a company based in the USA? Write them a letter?
Fine the crap out of them. Google was fined £2.1Bn in 2017 for online shopping antitrust rules, £3.9Bn in 2018 for using Android to cement the dominance of its search engine and in 2019 they were fined £1.27 Bn when Google placed exclusivity clauses in contracts with publishers which it says prohibited them from placing any search adverts from competitors on their search results pages. If they want to continue to operate in the worlds first/second largest market they have to pay the fines.
Re: (Score:2)
Indeed. In theory, Mozilla could decide to lose any and all revenue coming from the EU, but that is not really practical and they need that money.
Re: (Score:2)
I have contacted them at compliance@mozilla.com asking them for their justification for making it opt out. Looking at their privacy policy they don't justify it anywhere. The only way they can do it is if they have a legitimate business need such as preventing abuse or to provide a service the user requested, neither of which apply here.
Re: (Score:2)
Thanks. Will be interesting to see whether they respond. From some IT audits I did recently, I have the impression that quite a few developers and IT people have not yet realized what the GDPR actually requires of them.
Re: (Score:2)
Honest question: What would be the legal standing of this situation:
American company distributes freely downloadable and free-to-use software. The installer says clearly that "This product handles data in ways that conflict with GDPR. If you live in a country covered by GDPR, do not use it.". Then a German citizen installs and runs it anyway.
Is the American company still liable?
Firefox is being sabotaged (Score:4, Insightful)
Re: Firefox is being sabotaged (Score:2)
Hmm, I actually liked the "awesome bar" back then, that everybody here complained about because it was different.
I disliked them failing to absolutely make sure that the new safer add-on API was as powerful as the old one, and instead killed Firefox's very point and advantage it had ridden to success on. (Firebug , Greasemonkey, Stylish and Adblock(!!) literally allowed us to take back the web, and changed the whole game OMG Greasemonkey was great. Everyone who never used it, truly missed something.)
Re: (Score:2)
Hmm, I actually liked the "awesome bar" back then, that everybody here complained about because it was different.
I dislike many things that it does that I don't want and can't disable (or enable, like limiting the drop-downs to typed only) anymore, but hate it simply because they call it the "awesome bar".
Not possible. That's a contradiction (Score:4, Informative)
> make sure that the new safer add-on API was as powerful as the old one
You do understand that's impossible as stated, right?
It can't be both safer and as powerful. Safer means people can't do as many bad things. As powerful means people can still do all the same things.
It's the same as saying "make sure the new lighter basket is as heavy as the old one", a contradiction.
Basket with same capacity (Score:3)
It's the same as saying "make sure the new lighter basket is as heavy as the old one", a contradiction.
I think what people ask for is the counterpart to "make sure the new lighter basket is rated to carry at least the same payload weight as the old one."
Re: (Score:2)
In any case it's not technically possible because the old add on API let them do all kinds of unsafe, crazy stuff that introduced their own vulnerabilities.
Mozilla does in fact offer more control than the Blink/Chrome API does. For example they have a way for add-ons to delete site data on a per-site basis. Chrome can delete cookies on a per-site basis but not other stored data which is used for tracking.
Re: (Score:2)
OK. I want an extension API to allow me to disable CTRL-Q again, or at least to make it ask "Do you really want to close all # of your browser windows and lose all that work?" If allowing an extension to override a key is too dangerous, then why isn't it too dangerous to allow web pages to override my keys for text search, scrolling, page navigation, etc?
I can't see why allowing a web extension I install to improve the UI like tab mix plus or the old tab-sets that used to be built into firefox is bad, bu
Re: (Score:2)
You can make it ask you by setting these preferences:
browser.sessionstore.warnOnQuit=true
browser.warnOnQuit=true
Re: (Score:3)
Re: (Score:2)
By companies that only want one browser engine to exist (Blink/Chromium) so they can track and drm the web for profit.
Unfortunately the public is too stupid. One look at the modern PC gaming landscape and it's monuments to the fact that the public is a bunch of morons, they'd been stealing (aka client servering) PC game ssince the late 90'ss with ultima online and everquest. They saw it print money which lead us to steam, valve has been infecting PC games with malware since 2004. Stealing games outright since 2009 with TF2 and dota 2. The internet has made stealing software and hacking everyones computer by client-s
Re: (Score:2)
Also while we're talking about choice in browser engines, why? Developers naturally coalesce around a single engine for a reason. It's just easier to test for. It was IE a decade ago, now it's chromium. With web technology it's pretty much proven at this point that simple standards aren't enoug
Well, in the EU it'd better be opt-in! (Score:2)
With a detailed info dialog in front of it, telling us what is collected, by whom, and why.
Otherwise it'd be flat-out illegal.
(By the way: How is Windows handling that? I did not see them do this, but I didn't install Windows anywhere for a long time now.)
Re: (Score:3)
There are allowances for technical data collection needed to maintain the service. It's the same thing as "required tracking" on websites that you can't turn off.
and? (Score:2)
Re: Didn't happen on my Firefox 75 install (Score:2)
Are the settings default differently depending on the region the browser is running in? Geolocation of ip for GDPR?
Re: (Score:1)
The proper amount of telemetry to collect is 0 (Score:1)
Re: (Score:2)
Money. When someone's livelihood depends on not understanding something, it's very hard to make them understand that something.
I'm telling y'all it's sabotage (Score:2)
This stinks of an internal effort to kill Firefox.
That's odd (Score:2)
I don't remember ever looking at the setting, and when I look at mine the telemetry is disabled. It's possible that I went through my security settings a long time ago and disabled it--but if it's new with version 75, how is that possible?
Here's a novel idea (Score:2)
Instead of spying on your users, how about asking them if you need information?
Reassuring (Score:2)
"We'll also respect policy to specifically disable this task."
I like how organizations have to explicitly tell us, over and over, that they'll actually honor their policies.
Reminds me of how the checkbox to disable offline data storage literally does not work, and you have to set multiple about:config settings instead (and if you miss one of the settings, the thing will remain fully enabled -- great when they decide to sneak in yet another new setting in a new version).
I don't trust Mozilla anymore. I switched to a Firefox fork a long time ago.
Re: (Score:2)
I would wager a guess it's same reason as MS and Google.
He who wouldn't like to become more wealthy based off their work may cast the first stone.
Telemetry. (Score:5, Interesting)
I'm happy to have telemetry enabled in Mozilla to help make it better. I hope they somehow manage to stay alive, seeing as they're our last feeble defense of an open WWW which is alarmingly close to becoming the Google Wide Web.
Re: (Score:2)
At least someone here understands. Most of Slashdot is simply filled with people who don't understand why Mozilla don't understand how they use their browser and at the same time complain about the fact that Mozilla try.
Re: (Score:3)
You really believe telemetry makes things better? MS collected telemetry for years and the end result was Windows 8.
Users have complained for years openly in public that they hate the UI redesigns, and the organization just doesn't listen. Remember the clusterfuck that was Lightspeed? People made it clear that was NOT popular, and Mozilla has been slowly implementing those changes anyway.
Re: (Score:2)
Telemetry is the ultimate in democracy. It does work, but only if you're in the majority group that voted that way. As th
Nothing new (Score:2)
Anyway Firefox 75 has a bigger problem which is that stupid looking incredible-expanding-address-bar. It looks ridiculous when Firefox launches or a user opens a new tab or window.
This is how to disable it (Score:1)
Having telemetry disabled won't stop the new scheduled task from being installed. And disabling or deleting the task only works until the next firefox update, which re-enables it. This will stop it from doing that:
Firefox 75 has a new policy setting, DisableDefaultBrowserAgent, set it to 1.
There are a few ways of creating firefox policies. On my Win 7 box, I added the following registry entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]
"DisableDefaultBrowserAgent"=dword:00000001
Re:This is how to disable it - do before update! (Score:2)
I put this Registry entry in -before- installing the Firefox 75 update and it did not install the Scheduled task mentioned at bleepingcomputer [bleepingcomputer.com] I also renamed C:\Program Files\Mozilla Firefox\browser-agent.exe to C:\Program Files\Mozilla Firefox\browser-agent.ex_. Problem solved.