778
Mozilla is already revising its new Firefox terms to clarify how it handles user data
(www.theverge.com)
this post was submitted on 02 Mar 2025
778 points (97.2% liked)
Technology
63747 readers
3529 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
"I am doing things that are not selling your data which some people consider to be selling your data"
Why is he so cryptic? Neil, why don't you tell me what those things are and let me be the judge?
I’m pretty sure this person is making a joke using a fake exaggerated “answer” from a corporation to highlight the absurdity of their double speak. I doubt something this insane would come from an actual spokesperson.
I'm getting that now too. I don't know the players in Mozilla. The quote without context made me think this was one of those Mozilla execs.
Louis Rossmann had a good video about this. Basically, California passed a law that changed what "selling your data" means, and it goes way beyond what I consider "selling your data." There's an argument here than Mozilla is largely just trying to comply with the law. Whether that's accurate remains to be seen though.
Then how about putting that in the language? "We don't sell your data, except if you're in California, because they consider x, y and z things we might actually do as selling data."
Exactly!
Hetzner kind of does this, where there's a separate EULA for US customers that lays out precisely how they're screwing you in that jurisdiction (e.g. forced arbitration). I'm not happy about that, but I appreciate having a separate, region-specific TOS.
If some wording only applies in California, state that. Or if it's due to similar laws elsewhere, then state that. And then detail which features collect data, why, what control you have, and how you can opt-out. Maybe have a separate mini-TOS/EULA for each major component that gets into details.
But just saying "you give us a license to everything you do on Firefox" may appease their legal counsel, but it doesn't appease many of their users, especially since they largely appeal to people who care about privacy.
Some jurisdictions classify "sale" as broadly as "transfer of data to any other company, for a 'benefit' of any kind" Benefit could even be non-monetary in terms of money being transferred for the data, it could be something as broadly as "the browser generally improving using that data and thus being more likely to generate revenue."
To avoid frivolous lawsuits, Mozilla had to update their terms to clarify this in order to keep up with newer laws.
I think this is a reasonable explanation.
But I also believe a large part of the firefox user base does not want any data about them collected by their browser, no matter if it is for commercial purposes or simply analytics / telemetry. Which is why the original statement "we will never sell any of your data" was just good enough for them, and anything mozilla is now saying is basically not good enough, no matter how much they clarify it to mean "not selling in the colloquial sense"
Which is a ridiculous thing to want for most users and exposes how little so much of the self-identified "techie" crowd actually understands about how this stuff works.
I agree, I don't want my browser provider to collect any data on me at all, but if they absolutely must gather the absolute minimum system analytics stats or such they should NEVER pass it to a third party for ANY reason.
You make a desktop browser application, that's your job, to provide a portal to the world wide web, nothing more. Stay within your bounds and we'll never have any problem.
I mean...if they pay for the service of external analization of data in exchange of money, how is that a sale of goods/data?
Ask the lawmakers who wrote the laws with vague language, because according to them, that kind of activity could be considered a sale.
As a more specific example that is more one-sided, but still not technically a "sale," Mozilla has sponsored links on the New Tab page. (they can be disabled of course)
These links are provided by a third-party, relatively privacy protecting ad marketplace. Your browser downloads a list of links from them if you have sponsored links turned on, and no data is actually sent to their service about you. If you click a sponsored link, a request is sent using a protocol that anonymizes your identity, that tells them the link was clicked. That's it, no other data about your identity, browser, etc.
This generates revenue for Mozilla that isn't reliant on Google's subsidies, that doesn't actually sell user data. Under these laws, that would be classified as a sale of user data, since Mozilla technically transferred data from your device (that you clicked the sponsored link) for a benefit. (financial compensation)
However, I doubt anyone would call that feature "selling user data." But, because the law could do so, they have to clarify that in their terms, otherwise someone could sue them saying "you sold my data" when all they did was send a small packet to a server saying that some user, somewhere clicked the sponsored link.
I would definitely call that selling my data. The recipient can now add that to my profile as an interest.
The recipient doesn't get any identifying data about you, because the data that shows the link was clicked does not identify you as an individual, since it's passed through privacy-preserving protocols.
To further clarify the exact data available to any party:
There isn't much of a technical difference between this, and someone seeing an ad in-person where they type in a link, from a practical privacy perspective.
Their implementation is completely different from traditional profile/tracking-based methods of advertising.
"ChatGPT, I need your help. Please pretend to be a lawyer that recently suffered a severe concussion and write me something I can post online that will male this situation slightly weirder."
Neil doesn't need a chatbot with sparkles for that, he's plenty capable to take absolute piss himself. 😁
some people consider indirect, cryptic answers to be complete
Oh, it's perfectly clear. We got the message. Mozilla are not to be trusted with our data.
Really? I would think most would consider them for what they are: evasive and probably deceptive
all sorts of people are super satisfied with answers that don’t answer the question….
people tell me that all the time….
vague to be exact, keeping it vague, so its up for interpretation on thier part, and they can use the vagueness as an excuse.
Reread it, double negative.
Edit: oops, sorry. Removed this myself for being wrong.