Firefox now tells Mozilla what your default browser is every day
bleepingcomputer.comI really wonder why Mozilla employees think it is acceptable to do that without informed consent for users running Windows. No one would tolerate Mozilla installing a binary in ~/bin/ and configuring it to be run via user crontab on Linux.
Oh well - time to go clean up my Windows installs. sigh
They install "allow any connections to anywhere" firewall rules on Windows too. Fortunately, it's "just" for the Firefox process but still...
---
I used to keep one last Windows 7 box around. It had the default firewall policies set to block everything by default and I had even went so far as to disable all the default rules that Windows creates and added explicit rules to only allow the specific traffic to the specific internal services I actually needed.
Then, I installed Firefox one day so I could use it to access a few internal web sites. Shortly afterwards, I went to add new firewall rules to allow connections to these internal web sites and discovered that the installer had automatically added new firewall rules for Firefox allowing it to connect to anything anywhere! Fortunately, this host was on a subnet which was blocked in the "real" firewall anyways, so -- in this case -- no actual harm done (it couldn't get out to the Internet anyways) but I was still a bit surprised to discover that.
Can you imagine the fallout and calls for beheading that would occur if Firefox for Linux added new rules to your Linux hosts' iptables firewalls!?
Does Firefox collect so-called "telemetry" data with real, informed consent, and with the default setting being "private?"
Or has Mozilla adopted a dark pattern where all the privacy-violating checkboxes are automatically "chosen" by default?
Not only do they collect telemtery by default -- and even send them telemtry data when you disable telemetry! -- they can also remotely change your Firefox settings and/or install "experiments", at any time, without any notice to you!
Hell, if you have a "clean" host/VM, I encourage you to install Firefox, start a packet capture, launch Firefox for the first time, then just sit and wait for 30 seconds or so -- not doing anything or interacting with it in any way -- before closing Firefox. Then, go take a look at your packet capture. I think you'll be quite surprised at all of the connections it makes...
This is really not the Mozilla Firefox I envisioned or expected way back when I first started supporting and advocating for it (when it was first announced!).
Are you telling me Firefox is not better than using edge/chrome in terms of data collection? Are they using to improve their service or serve ads? Still with Mozilla because I'm trying to back this against the Goliath Google.
> Are you telling me Firefox is not better than using edge/chrome in terms of data collection?
Did I mention Chrome, Edge, or any other browser? No, I said nothing of the sort.
Is t as bad as Chrome or Edge? Absolutely not. It's starting to look like Mozilla is actively working towards that goal, however.
I still prefer and use Firefox over any of the others but it's to the point where I'm using it not because it is the "best" browser but because it "sucks less" than any of the others.
>and even send them telemetry data when you disable telemetry! -- they can also remotely change your Firefox settings and/or install "experiments", at any time, without any notice to you!
Please don't spread fud and lies.
While Firefox makes some connections on start-up, it will not send any telemetry data or install studies once you've disabled them.
You can check about:telemetry and about:studies
Mozilla is quite transparent about what is being collected.
See https://telemetry.mozilla.org/ and https://data.firefox.com/
Having said this, I fully agree with you. A browser (or any other piece of software) should not make any connections anywhere unless instructed by the user.
> Mozilla is quite transparent about what is being collected.
You're right. In fact, according to Mozilla themselves [0]:
> Finally, we need better insight into our opt-out rates for telemetry. We use telemetry to ensure new features improve your user experience and to guide Mozilla’s business decisions. However, an unknown portion of our users do not report telemetry for a variety of reasons.
> ...
> To address this, we will measure Telemetry Coverage, which is the percentage of all Firefox users who report telemetry.
Fortunately, this totally-not-telemetry telemetry can be disabled too [1]:
> ... this extension has a special boolean opt-out pref: "toolkit.telemetry.coverage.opt-out".
Just create that pref and set it to true.
---
[0]: https://blog.mozilla.org/data/2018/08/20/effectively-measuri...
[1]: https://bugzilla.mozilla.org/show_bug.cgi?id=1487578#c1
So they push this background addon to 1% of users that tells them if Telemetry is enabled or not. This is much better than some vague claim.
What about the other things you mentioned?
>changing your Firefox settings and/or install "experiments", at any time, without any notice to you!
Never had this happen to me.
Look up "Firefox Normandy" and "Firefox Shield".
What's to look up?
Firefox studies was called project Shield before.
Disable studies and it's gone.
No checkboxes or confirmation on the common flow, just a little warning message on firstboot.
Some telemetry is on by default, at least in the official releases.
Wow, I had always assumed that Firefox didn’t use telemetry.
This is worrisome. Is there a modern browser available that doesn’t try to spy on you?
Pretty much every time I've installed a fresh Firefox, all the telemetry is enabled by default. Opt out instead of opt in. Surprising considering what they sell themselves as.
edge seems the safer choice at the moment.
No, firefox is still the most private browser out of the big three.
Instead of copying and pasting the registry entry into a text file, merging ("running") it, then deleting the text file, the following (PowerShell) command should do the same thing:
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox" -Name DisableDefaultBrowserAgent -PropertyType DWord -Value 1
schtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB"
Note: The above are untested as I don't run Windows (partly because of all the spyware -- excuse me, "telemetry" -- bullshit!).
(Edit: Sorry, changed forward slashes to back slashes.)
spyware that firefox seem to emulate quite well given these news.
BTW, your suggestions do not in the firefox I have:
New-ItemProperty : Cannot find path 'HKLM:\SOFTWARE\Policies\Mozilla\Firefox' because it does not exist. At line:1 char:3 + New-ItemProperty -Path "HKLM:/SOFTWARE/Policies/Mozilla/Firefox" -N ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (HKLM:\SOFTWARE\Policies\Mozilla\Firefox:String) [New-ItemProperty], ItemNotFoundException + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.NewItemPropertyCommand
ERROR: The specified task name "\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" does not exist in the system.
Sorry,
might be neccesary first, if Firefox didn't already create it. Or it could be because I originally used forward slashes instead of back slashes (now fixed!).New-Item -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox"