Firefox is trying to gain back user trust with this video: https://www.youtube.com/watch?app=desktop&v=O-xyNkvIB9g
This is a legit question: Should anybody trust Firefox again unless they put “we won’t sell your data” back into the privacy policy? I’m actually not sure if they haven’t already done so, let me elaborate:
https://brave.com/privacy/browser/ Brave: “We do not sell, trade, or transfer your information to any third parties.” This seems to obviously be in the legally binding text part. As is this one: “It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers.” (Disclaimer: I’m not a lawyer.)
However, for Firefox it seems ambiguous to me, which worries me: https://www.mozilla.org/en-US/privacy/firefox/#notice There is no appearance of “sell” in the entire privacy document, excpet for the top summary where i’m not sure if it’s at all legally non-binding.
Does anybody know if it is legally binding? If Mozilla were serious about it, why would they leave it ambiguous whether it is…?
Based on that, I’m not sure if Mozilla’s video about getting users back is worth trusting. I wonder if it’s just me.
Update for clarification: I’m not using Brave myself, and this isn’t a suggestion anybody should blindly do so.
For them to sell your data, they need to collect it first. And as of now, all data collection can still be opted out of.
They collect personal data before you even have the chance to opt out which is a clear violation of the GDPR. They promise to delete it within 30 days when you opt out, but is was collected nonetheless.
I need to manually opt out?
That’s fair, but that requires the trust that they won’t add any collection without telling people. And it seems like they kind of want a license for all data I enter into the browser, which again Brave doesn’t seem to do. It’s like Mozilla is going out of their way to look shady and to harm trust. It’s sad. I’ve been using Firefox for a looong time until I left it behind.
It’s open source so you can inspect it. If you don’t know how to do that you can pay for a 3rd party audit.
Also if it were to be found out, even without being open source via some pack inspection (e.g. using a software that checks if data is being sent to a server, e.g. imagine starting Firefox on a virtual machine then checking if any data goes to e.g.
firefox.com) and it were to be published then their entire brand would be dead. So rationally speaking I don’t think that’s a worthwhile bet.Do you audit every release of any open-source program you use before you run it?
Open-source alone isn’t enough if the creators are known to do weird things.
I know you ask this question in jest but basically it cascades, e.g. if I trust Debian or F-Droid, then I trust that the applications they include in their distribution or store is both secure enough (no piece of software is perfectly secure) and actually does what it say it does. In turn I believe they do the same, namely that initially when an application is added to their collection, they do review the application and the code yes. Then each update is only a gradual check, if ever done, assuming nothing special happened, e.g. no main maintainer change. If it’s far from perfect, and as somebody linked else there are limits (e.g. https://en.wikipedia.org/wiki/XZ_Utils_backdoor ) but in “normal” situations it’s enough for me.
Anyway that’s just my perspective on the matter, on your problem specifically after a brief ~5min search I haven’t found exactly what you are looking for but here are still some examples of what I do find helpful :
Those though are mostly around security. They are definitely linked to privacy but still distinct. If I genuinely cared about the topic I would directly ask if organizations, non-profits, etc do think about the topic, e.g. Access Now, EFF, Exodus Privacy.
If by any chance you do find something helpful there please do share back.
The linked reports don’t seem too useful since 1. the first one seems some automated scan not a code review, and 2. the second one is “Firefox Accounts” and not a browser code review. My apologies if I"m missing something.
I personally think you shouldn’t run software that accesses such intricate personal information if you don’t trust it, if it can be updated to change to grab all that data.
Especially since Mozilla seems to potentially give itself a license to all your data, apparently.Update: This seems to only apply to “Mozilla Accounts”, my apologies for the error: https://www.mozilla.org/en-US/about/legal/terms/services/Yes, and you should also brush and floss your teeth, do physical activities, buy local produces, recycle everything, do your due diligence on all political candidates, etc, etc. In practice we ALL have to make pragmatic choices. There are not a lot of browsers and basically for fully featured engines there are (arguably) only 2, Chromium by Google and Firefox by Mozilla. One is an advertising for profit company, the other is not. If you genuinely care a lot about privacy though you might not have to use either, you might be perfectly fine with much simpler browsers like Links or even lynx and I can tell you with a lot greater confidence that there no data will leak. You can also containerize your browser using e.g. https://docs.linuxserver.io/images/docker-webtop/ and then run within there whatever you want.
That’s not correct, you mean some data from your browser usage. I think it’s important to be precise here otherwise through shortcuts you try to convince yourself, and others, about a problematic situation that just does not exist.
So which browser do YOU trust and why?
deleted by creator
While I can understand not wanting to trust corporations and Mozilla has definitely become more corporate over the years, if they ever start to collect data without the ability to opt out, by (european) law, they need to inform the user about the data collection. So for now, I don’t see much reason to be alarmed.