this post was submitted on 14 May 2024
125 points (97.0% liked)

Firefox

17952 readers
290 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

To disable it in about:config

browser.search.serpEventTelemetry.enabled  =  false	
browser.search.serpEventTelemetryCategorization.enabled  =  false
all 29 comments
sorted by: hot top controversial new old
[–] joojmachine@lemmy.ml 51 points 6 months ago* (last edited 6 months ago) (5 children)

People really need to kill that notion that telemetry is automatically bad. If the information they are collecting is minimal, as non-identifiable as possible and actually being used to help develop the browser, it's a good thing.

Yes, turbo nerds in the back, specially being opt-out, opt-in telemetry is pretty much useless for trying to understand the majority of your user base.

[–] brisk@aussie.zone 37 points 6 months ago (1 children)

There is an actually moral alternative to opt-out that doesn't have the poor-sampling problem of opt-in: ask for consent explicitly.

[–] joojmachine@lemmy.ml -1 points 6 months ago (2 children)

It's the ideal solution morally-wise, but it still samples out a ton of users precisely because people are used to the idea of telemetry = bad

[–] davel@lemmy.ml 18 points 6 months ago

did-someone

I wonder why users would have such a bias, other than their experience over the last 25 years.
I’m a developer. I side with the users on this.

[–] thingsiplay@beehaw.org 14 points 6 months ago

It’s the ideal solution morally-wise, but it still samples out a ton of users precisely because people are used to the idea of telemetry = bad

And that's a good thing. Because that is the decision by the user. The freedom of choosing in opt in fashion is much more important than collecting some individual data for a specific use case of a specific company. Opt in is not just ideal solution morally-wise, its the best solution we have in general and every company should strife this solution. Plus the data should be presented before sending, so there is no ambiguity. Steam, a closed source program, does that in the best possible way.

[–] d_k_bo@feddit.de 20 points 6 months ago

Syncthing is one of the best examples of telemetry done well. On first startup, they ask if you agree to enable telemetry, they show the data that will be send and inform users that the collected data can be viewed at https://data.syncthing.net/

[–] thingsiplay@beehaw.org 13 points 6 months ago

People really need to kill that notion that telemetry is automatically bad.

I agree with you. There are projects where I opt in and enable telemetry, such as KDE or opt in the Steam survey whenever asked. Steam in particularly does a good job on representing the data in front of me that is sent back.

If the information they are collecting is minimal, as non-identifiable as possible and actually being used to help develop the browser, it’s a good thing.

Problem is, its a bit ghosty what is actually being collected and sent for most people. Is it really non-identifiable as we think now? You know, sometimes later things get revealed and suddenly the entire time you was living in a lie (Privacy mode thing, where people had a misconception). If its enabled by default, this is especially bad, because this should be opt in. Telemetry is not bad per se, but it is bad if its enabled without user agreement.

opt-in telemetry is pretty much useless for trying to understand the majority of your user base.

Wrong. In example Steam does an opt in and the data is somewhat representative. You don't need to watch every user to know what is going on. A small sample is enough to understand the majority of the user base by extrapolating the data. Telemetry does not need to be exactly perfect to be useful, it just needs to help understanding trends or huge bottlenecks.

[–] subtext@lemmy.world 9 points 6 months ago

Yeah I normally opt out of all tracking or telemetry, but when it’s a project that I feel like I can trust and want to make better I make sure to turn it on.

[–] kbal@fedia.io 0 points 6 months ago (3 children)

That must be why Mozilla and Microsoft famously serve the needs of their users so well.

[–] joojmachine@lemmy.ml 21 points 6 months ago* (last edited 6 months ago) (1 children)

Read what I said again. It is not automatically bad, and it doesn't mean it can't be poorly used or poorly understood by the ones collecting it. It just means that it is an effective way to understand how your users are using your product.

Putting Mozilla (which from what I can tell is doing as much as they can trying to collect this telemetry data in a way that can't be used to identify its users) in the same domain as Microsoft, which collects pretty much everything it can to sell to third party advertisers is ridiculous as best and disingenuous at worst.

[–] thingsiplay@beehaw.org 7 points 6 months ago

In case of Microsoft, this is a whole new dimension and not comparable to Mozilla. First Microsoft products are (usually) closed source. That alone is a black box and we don't know what is sent, compared to open source Mozilla projects we can actually understand what is going on and report. Secondly, Microsoft does it not only with the browser, but on the entire operating system, if you want it or not. It's not opt in, not opt out, its just selecting a few options to sent a few less data, that's all. Which BTW reset themselves sometimes for unknown reasons.

Putting Mozilla and Microsoft in the same sentence about privacy and telemetry is heresy (towards Mozilla)!

[–] Vincent@feddit.nl 2 points 6 months ago (1 children)

So which organisation with many userse serves the needs of their users better without collecting data?

[–] kbal@fedia.io 3 points 6 months ago* (last edited 6 months ago) (1 children)

Most free software does not have telemetry, and when it does it's almost always opt-in. Firefox is the one major exception to that rule.

[–] Vincent@feddit.nl 1 points 6 months ago (1 children)

Hmm, so what user-facing free software is at Firefox's scale? I think Ubuntu has telemetry, for example (though I think they even have fewer users).

[–] kbal@fedia.io 2 points 6 months ago (1 children)

Ubuntu telemetry is fairly minimal, as of last time I used it a few years ago. Not remotely comparable to what firefox does. They just want to know what hardware you have, there's no user behaviour tracking, and it's fully opt-in (you have to deliberately turn it on when installing). KDE and Gnome have a little something like that as well now, I think. Almost everything else does not.

Debian has a list (last updated 2023-10) of software among the 97000 packages they distribute which have been found to violate user privacy by "phoning home" for telemetry or other purposes:

  • gnome-calculator - fetches currencies
  • Firefox - multiple issues
  • Thunderbird - opt-out telemetry that is not yet patched for Debian
  • Chromium - phones home in various ways
  • syncthing - version check and lots more
  • cura - phones home in various ways, patched out in Debian
  • azure-cli - collects "anonymous" telemetry by default
  • glances - connects to several online services to discover public IP
  • webext-bulk-media-downloader - loads the website and sends version info
  • Golang - planning on implementing enabled-by-default telemetry
[–] Vincent@feddit.nl 2 points 6 months ago (1 children)

there's no user behaviour tracking

I mean, that depends on how you define user behaviour. It tracks which packages are frequently installed, for example, or how often people install Ubuntu in the first place. All of which I think is pretty legit, in my opinion, since that only involves aggregate user statistics that help prioritise work and detect common problems - but that's essentially what Firefox is doing too.

Debian is a great example of relatively commonly used free software that doesn't really collect data btw.

[–] kbal@fedia.io 1 points 6 months ago* (last edited 6 months ago)

Canonical apparently turned on enabled-by-default telemetry for new installs in 2018 which records basic system hardware stats and such. It's not that much compared to what Firefox sends, but adding it still did damage to their reputation.

Another thing Ubuntu has in common with Firefox is a continuing long-term decline in market share. As they do things like adding telemetry, flirting with the idea of putting advertising in the package manager, insisting that everyone use snap, et cetera, users have started to go elsewhere. As I did.

In the case of Ubuntu though, the company's main business is in serving their corporate customers. If it's little-used by the rest of us the company might still do well, as I hope they continue to do. Firefox does not share that advantage.

[–] kbal@fedia.io 20 points 6 months ago* (last edited 6 months ago) (2 children)

Never mind the controversy about telemetry in general, which I suppose has its uses even if it's too often over-used. This telemetry in particular — collecting data about how many times you searched for things involving shopping, travel, real estate — is ridiculous, and cannot be justified by vague platitudes about enhancing the browsing experience.

[–] Vincent@feddit.nl 12 points 6 months ago* (last edited 6 months ago)

collecting data about how many times you searched

I don't think this stores how many times you specifically have searched for something - just how many times something has been searched for in general. In other words, nobody will be able to tell anything about you from this data.

(Which is very different from e.g. the data Google collects about you and shares with its partners.)

[–] blii@lemmy.zip 3 points 6 months ago* (last edited 6 months ago) (1 children)

This measure is not linked with specific individuals and is further anonymized using a technology called OHTTP to ensure it can’t be connected with user IP addresses.

it's kinda ridiculous to see them emphasise this but get called out as if they are doing so. if anything they seem to be taking the most privacy focused approach I've come across, going forward as a decent example. Also makes me appriciate that they look for other feedback than user comments cause that seems like a notoriously unreliable source of info for data-driven decisions

[–] kbal@fedia.io 3 points 6 months ago (1 children)

Speaking of large numbers of user comments, I was just reading the hacker news discussion. Whatever you think of that site, it's full of the sort of people who used to be the core of the Firefox user base. People who would help their friends and family get it installed. Web developers who made sure their site works with more than one browser engine. People who know enough to be offended by changes like this one. People who Mozilla needs to reach if it wants to have a future in the web browser market.

Comments elsewhere are similarly negative. I encourage everyone who cares about Firefox to turn off all the telemetry, or perhaps even consider moving to one of the forks such as Librewolf. If they notice enough of a drop in incoming data collection after this latest move, perhaps there's still a chance that Mozilla will get the message that they need to change course before it's too late.

[–] blii@lemmy.zip 1 points 6 months ago* (last edited 6 months ago)

I think I share your view about course correction needed but if anything this seems to be a step in the right direction, I really do not see how Mozilla is being unreasonable (with this feature). To have a chance at the market outside of core geeks some telemetry is needed, and if we truly think that anonymoused (not connected to session, IP, or user, only distinguishable from others by timestamp of when data was recieved) counters based on a few narrow categories, then I think the userbase is a part of the problem.

should we really protest when they are doing it right? are we not being unreasonable if we take the stance that no telemetry is allowed?

the only step in a more privacy-direction I can see this feature taking is if it is opt in by default, but this being so incredibly trivial non identifiable info, I think maybe it's better for all parties for those to just use Librewolf then

[–] bappity@lemmy.world 13 points 6 months ago (1 children)

MOZILLA COME ON
don't say you're adding telemetry then end with a paragraph about "making the internet safer" >_>

[–] Asudox@lemmy.world 9 points 6 months ago

While I do think this is wrong, security != privacy

[–] HouseWolf@lemm.ee 7 points 6 months ago* (last edited 6 months ago) (2 children)

As a LibreWolf user I found the serpEventTelemetryCategorization to be disabled by default

But serpEventTelemetry was still enabled

Is this just me or can anyone else back me up?

(update) It's been fixed and will be pushed next update

[–] davel@lemmy.ml 5 points 6 months ago* (last edited 6 months ago) (1 children)

Confirmed. I just turned it off. It’s possible that LibreWolf never sends telemetry regardless of how this is set; I have no idea.

[–] possiblylinux127@lemmy.zip 2 points 6 months ago

It might be worth creating an issue