33
Firefox telemetry unstoppable in PPA? (poptalk.scrubbles.tech)
submitted 11 months ago by pootriarch@poptalk.scrubbles.tech to c/opensource@lemmy.ml
11 comments fedilink hide all child comments

Since the integrity environment gunk, I've switched all boxes over to use Firefox as primary. This took a lot of configuring, as Firefox out of the box brings… a lot of stuff I don't want.

One of those things is telemetry — whatever that means to Mozilla — that was tamed only with a combination of an enterprise profile (hi sudo!) and user.js hacks.

However, the policy and user.js changes don't work on the Ubuntu box, where I've installed Firefox from the PPA to get it out from under Snap (and thereby usable with a password manager). The policy locks down and disables the right configs and the configs all have the right settings, but it keeps pinging incoming.telemetry.mozilla.org. Two Macs and a Pop!_OS box don't ping Mozilla at all with these settings.

No harm no foul, I just blocked them in NextDNS and laugh in their general direction. I just wonder what else is different in the PPA.

top 11 comments
sorted by: hot top controversial new old
[-] CarbonatedPastaSauce@lemmy.world 19 points 11 months ago

Or just switch to LibreWolf.

[-] pootriarch@poptalk.scrubbles.tech 6 points 11 months ago

i did try that but the never-dark mode blinded me. i understand the reasoning, but absolute anonymity isn't my own threat model; i'd like to be able to use themes and resize the window

[-] CarbonatedPastaSauce@lemmy.world 9 points 11 months ago

That can be fixed at the cost of making yourself easier to fingerprint. There’s nothing LibreWolf does regarding privacy settings that you can’t undo, to my knowledge. But it will always be missing telemetry no matter what options you change.

[-] pootriarch@poptalk.scrubbles.tech 4 points 11 months ago

thanks, i'll look again. it's not that i love the idea of being fingerprinted; i just think that five mylar bags, four tin hats and a partridge in a pear tree won't save me from that. i need my password manager, and once that's in, enforcing a generic screen is silly - cow's out of the barn. but not having the arms race against pocket and telemetry would be a big bonus.

[-] eclipse@sh.itjust.works 1 points 11 months ago

Like the no default dark mode for websites? I just use the Dark Reader extension.

[-] priapus@sh.itjust.works 1 points 11 months ago

You can turn that off. Go into about:config and look around for relevant settings.

[-] TCB13@lemmy.world 7 points 11 months ago* (last edited 11 months ago)

People speak very good thing about Firefox but they like to hide and avoid the shady stuff. Let me give you the un-cesored version of what Firefox really is.

Firefox is better than most, no double there, but at the same time it adds unique IDs to every installation: https://www.ghacks.net/2022/03/17/each-firefox-download-has-a-unique-identifier/

Another thing they do is a LOT of calling home. Just fire Wireshark alongside it and see how much calling home and even calling 3rd parties it does. From basic ocsp requests to calling Firefox servers and a 3rd party company that does analytics they do it all, even after disabling most stuff in Settings and config like the OP did.

I know other browsers do it as well, except for Ungoogled and because of that I’m sticking with it. I would like to avoid programs that need no snitch whenever I open them. ungoogled-chromium + ublock origin + decentraleyes + clearurls and a few others.

Now you're free to go ahead and downvote this post as much as you would like. I'm sorry for the trouble and mental break down I may have caused by the sudden realization that Firefox isn’t as good and private after all.

[-] merthyr1831@lemmy.world 3 points 11 months ago

Phoning home isn't necessarily a bad thing (but I agree that it shouldn't do it without express consent) because a lot of app development nowadays is supported by analytics. Crash reports, A/B testing, feature discoverability, etc.

If anything, I generally trust FOSS projects that ask for analytics more than I trust the typical data farm.

the unique id is probably also not meant to be sinister either but that's definitely more of a red flag than phoning home in principle imo

[-] TCB13@lemmy.world -3 points 11 months ago* (last edited 11 months ago)

Phoning home in snitching. It is unacceptable as you said unless authorized by the user and should never be configured by default. I really tell people to fire up Wireshark and see what Firefox does, and yes in includes analytics 3rd parties even after a TON of tweaks and stuff disabled.

the unique id is probably also not meant to be sinister either

How can this be even acceptable, whatever they say, they're simply serializing every instance of the app it will eventually get into some crash report, log or 3rd party analytics company...

[-] Knusper@feddit.de 3 points 11 months ago

One of those things is telemetry — whatever that means to Mozilla

You can type about:telemetry into the URL bar to see what it sends.

[-] pootriarch@poptalk.scrubbles.tech 1 points 11 months ago

well i feel stupid now for not doing the obvious. but…

Blocked Page

Your organization has blocked access to this page or website.

on the PPA box, this is what it showed me (meanwhile it was attempting to connect to incoming.telemetry.mozilla.org). another symptom of displaying respect for enterprise policies but in fact ignoring them. (as i had mentioned, on this box all of the settings look locked down as they should be, but it's still attempting to send telemetry.)

this post was submitted on 21 Oct 2023
33 points (90.2% liked)

Open Source

30297 readers
1695 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml