Since the integrity environment gunk, I've switched all boxes over to use Firefox as primary. This took a lot of configuring, as Firefox out of the box brings… a lot of stuff I don't want.
One of those things is telemetry — whatever that means to Mozilla — that was tamed only with a combination of an enterprise profile (hi sudo!) and user.js hacks.
However, the policy and user.js changes don't work on the Ubuntu box, where I've installed Firefox from the PPA to get it out from under Snap (and thereby usable with a password manager). The policy locks down and disables the right configs and the configs all have the right settings, but it keeps pinging incoming.telemetry.mozilla.org. Two Macs and a Pop!_OS box don't ping Mozilla at all with these settings.
No harm no foul, I just blocked them in NextDNS and laugh in their general direction. I just wonder what else is different in the PPA.
People speak very good thing about Firefox but they like to hide and avoid the shady stuff. Let me give you the un-cesored version of what Firefox really is.
Firefox is better than most, no double there, but at the same time it adds unique IDs to every installation: https://www.ghacks.net/2022/03/17/each-firefox-download-has-a-unique-identifier/
Another thing they do is a LOT of calling home. Just fire Wireshark alongside it and see how much calling home and even calling 3rd parties it does. From basic ocsp requests to calling Firefox servers and a 3rd party company that does analytics they do it all, even after disabling most stuff in Settings and config like the OP did.
I know other browsers do it as well, except for Ungoogled and because of that I’m sticking with it. I would like to avoid programs that need no snitch whenever I open them. ungoogled-chromium + ublock origin + decentraleyes + clearurls and a few others.
Now you're free to go ahead and downvote this post as much as you would like. I'm sorry for the trouble and mental break down I may have caused by the sudden realization that Firefox isn’t as good and private after all.
Phoning home isn't necessarily a bad thing (but I agree that it shouldn't do it without express consent) because a lot of app development nowadays is supported by analytics. Crash reports, A/B testing, feature discoverability, etc.
If anything, I generally trust FOSS projects that ask for analytics more than I trust the typical data farm.
the unique id is probably also not meant to be sinister either but that's definitely more of a red flag than phoning home in principle imo
Phoning home in snitching. It is unacceptable as you said unless authorized by the user and should never be configured by default. I really tell people to fire up Wireshark and see what Firefox does, and yes in includes analytics 3rd parties even after a TON of tweaks and stuff disabled.
How can this be even acceptable, whatever they say, they're simply serializing every instance of the app it will eventually get into some crash report, log or 3rd party analytics company...