Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Firefox Privacy IT

Firefox Now Shows What Telemetry Data It's Collecting About You (zdnet.com) 34

There is now a special page in the Firefox browser where users can see what telemetry data Mozilla is collecting from their browser. From a report: Accessible by typing about:telemetry in the browser's URL address bar, this new section is a recent addition to Firefox. The page shows deeply technical information about browser settings, installed add-ons, OS/hardware information, browser session details, and running processes. The information is what you'd expect a software vendor to collect about users in order to fix bugs and keep a statistical track of its userbase. A Firefox engineer told ZDNet the page was primarily created for selfish reasons, in order to help engineers debug Firefox test installs. However, it was allowed to ship to the stable branch also as a PR move, to put users' minds at ease about what type of data the browser maker collects from its users.
This discussion has been archived. No new comments can be posted.

Firefox Now Shows What Telemetry Data It's Collecting About You

Comments Filter:
  • by CrimsonAvenger ( 580665 ) on Monday February 03, 2020 @04:45PM (#59686738)

    Seems to me that if you're paranoid about what info your browser collects about you, you might just look at that page and decide that it is neither complete nor conclusive...

    In other words, why would someone who didn't trust their browser decide that "of course they put absolutely everything they're collecting about you on that page, and not keeping the really important things secret by just not displaying them...."?

    • If they're that paranoid and also on slashdot I expect them to be able to snoop on their own network traffic to find out.

      • by Luckyo ( 1726890 )

        I guess you never heard of encryption?

        • hurr, hurr, good wun

          • by Luckyo ( 1726890 )

            I guess you're not smart enough to understand that encryption specifically exists to prevent man in the middle attacks of the kind that traffic sniffing is.

            • If only you knew how to add your own trusted CA, then you could do that too. But you're already too smart, so it isn't possible that you would learn how to do it, or even ask why the thing you don't understand is true.

    • by infolation ( 840436 ) on Monday February 03, 2020 @07:44PM (#59687422)

      why would someone who didn't trust their browser decide that "of course they put absolutely everything they're collecting about you on that page, and not keeping the really important things secret by just not displaying them...."?

      I don't trust my browser, I trust that at least one of the independent people who inspect its source code will rat on the others if they find the browser doesn't do what it says on the tin

      That's why I trust this:

      about:telemetry#home-tab

      Telemetry is collecting release data and upload is disabled.

      Raw Payload (data:application/json;base64)

      null

      user_pref("app.update.lastUpdateTime.telemetry_modules_ping", 0); user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); user_pref("browser.newtabpage.activity-stream.telemetry.ut.events", false); user_pref("browser.ping-centre.telemetry", false); user_pref("devtools.onboarding.telemetry.logged", false); user_pref("security.certerrors.recordEventTelemetry", false); user_pref("security.identitypopup.recordEventElemetry", false); user_pref("security.ssl.errorReporting.url", ""); user_pref("services.sync.telemetry.maxPayloadCount", 0); user_pref("services.sync.telemetry.submissionInterval", 999999999); user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.bhrPing.enabled", false); user_pref("toolkit.telemetry.cachedClientID", "0"); user_pref("toolkit.telemetry.debugSlowSql", false); user_pref("toolkit.telemetry.enabled", false); user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); user_pref("toolkit.telemetry.hybridContent.enabled", false); user_pref("toolkit.telemetry.newProfilePing.enabled", false); user_pref("toolkit.telemetry.previousBuildID", "0"); user_pref("toolkit.telemetry.reportingpolicy.firstRun", false); user_pref("toolkit.telemetry.server", ""); user_pref("toolkit.telemetry.server_owner", ""); user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); user_pref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.updatePing.enabled", false); user_pref("datareporting.healthreport.infoURL", ""); user_pref("datareporting.policy.firstRunURL", ""); user_pref("privacy.trackingprotection.introURL", ""); user_pref("services.sync.fxa.privacyURL", ""); user_pref("toolkit.crashreporter.infoURL", ""); user_pref("toolkit.datacollection.infoURL", ""); user_pref("beacon.enabled", false); user_pref("webgl.disabled", true);

    • Because Firefox is open source. You (or someone else) can verify wether that page is lying or not, and publish their findings.
      • But the problem is, chasing down stuff like that is typically neither glamorous nor sexy, and so, much like writing documentation, it doesn't get done. Except by black-hats who have monetary incentives, or nation-states who have more complex goals.

        Yes, many of us CAN do it. But vanishingly (less than 1?) small numbers of people WILL do it.

  • Great! (Score:5, Interesting)

    by DigitAl56K ( 805623 ) on Monday February 03, 2020 @04:52PM (#59686770)

    So now I can see it creates a full profile of my system -- possibly revealing which CPU vulnerabilities it has, my addons, which security products my system is protected with (or not), which drivers I am using, which roots are trusted, what my search engine choice is... ... I mean sure, you could say

    The information is what you'd expect a software vendor to collect about users in order to fix bugs and keep a statistical track of its userbase.

    .. or you could say holy crap that's a lot of information. The kind of thing an attacker might love to know about a box.

    • possibly revealing which CPU vulnerabilities it has

      Which has been shown time and time again, that you need to first break into the system first to reliably deploy these kinds of attacks first. These kinds of attacks are major security risks for boxes that have a lot of shared customers like cloud computing. Even the current application of Spectre via network "NetSpectre" provides about 15 bits per hour transmission. I'm so sick of people remembering those viruses and forgetting how they're actually used.

      my addons

      The add-on system in Firefox is way more robust tha

    • So now I can see it creates a full profile of my system -- possibly revealing which CPU vulnerabilities it has, my addons, which security products my system is protected with (or not), which drivers I am using, which roots are trusted, what my search engine choice is... ... I mean sure, you could say

      Eh, what? It doesn't "create" that. The hardware choice is readily available to every binary running on your computer and the other stuff is all thing it either needs to know or you have told it. How on earth do

  • by UnknownSoldier ( 67820 ) on Monday February 03, 2020 @04:54PM (#59686778)

    Is this like the same bullshit in Windows where:

    * You have opt out, and
    * There is no option to set none. (Only Some or Full.)

    Or does it default to respectable settings like:

    * Defaults in opt OUT
    * Defaults to NO telemetry.

    Anyone know?

    • by Dutch Gun ( 899105 ) on Monday February 03, 2020 @05:31PM (#59686932)

      Mozilla apparently allows Firefox users to completely opt out of telemetry gathering altogether. It's a simple checkbox indicating on/off, not a less/more option like in Windows 10 (except for Enterprise editions, which can turn it off completely).

      I keep Firefox telemetry and crash reporting on, as I think it's helpful for the developers to know how I use the browser. It's essentially soft-voting for the features you use most. But I did turn "studies" off after Mozilla mis-used that feature with that Mr Robot nonsense.

      • Re: (Score:2, Troll)

        by DigitAl56K ( 805623 )

        I just went and installed Firefox on a clean VM.

        There was no checkbox during the installation.
        If I go to "Privacy Protections" on the main menu, there's nothing in there to control telemetry.
        If I go to "Options" then "Privacy & Security" there are several check boxes on by default towards the bottom of the page.

        So I assume it's only "a simple checkbox indicating on/off" if you know it exists and can find it. And has it sent stuff before you've had a chance to turn it off? I don't know.

        I find people tend

      • I keep Firefox telemetry and crash reporting on, as I think it's helpful for the developers to know how I use the browser. It's essentially soft-voting for the features you use most. But I did turn "studies" off after Mozilla mis-used that feature with that Mr Robot nonsense.

        It's more than that, because nothing is ever black and white. Firefox need to be able to compete with Chrome. If they fail in this we will be in a google monopoly and have a repeat of IE5, which took a decade to recover from. The thing

  • Because it makes too many peoples jobs easier.

  • by ftobin ( 48814 ) on Monday February 03, 2020 @05:05PM (#59686820) Homepage

    This is exactly the sort of information that every well-intentioned app should provide. I'm much more willing to provide telemetry data to developers if the actual data being uploaded is available to me in a clear fashion.

    Another possibility is to have all telemetry data sent to a trusted aggregator that could anonymize it before passing it on to the developers. It could also hold it for presentation to the user. If the app only needed internet access for telemetry data, this data path could be whitelisted as a "trusted connection", allowing data paths to be segregated into "trusted" and "untrusted". Apps that only had "trusted" connections could be considered more trusted in a privacy-sense.

    • Wow, did you really look at everything it collects, or just think "golly, they told me about it, so it must all be OK?"

      • by ftobin ( 48814 )

        I did look at about 80% of it. The data is fairly well organized.

        Additionally, just like in the open source world, it doesn't matter if I look at everything -- I can generally rely on someone in the crowd looking it and raising an alarm if there's a problem.

  • Why on earth would Firefox need to know what processes are running on my system? What's next installed applications and search history?
    • Sounds like something Chrome does.
      I just looked at about:telemetry in Firefox. The only info it shows about "processes" are Firefox specific ones. Such as the parent process, the ones in charge of drawing the content, running the extensions, etc. Unless it's not showing everything, I think it was a poor choice of wording in the original article.

    • Firefox spawn processes. Not every process on your system. Just FYI.

  • Disable & Not "New" (Score:4, Informative)

    by markdavis ( 642305 ) on Monday February 03, 2020 @05:44PM (#59686970)

    I will point out, if you don't like telemetry being collected, open Preferences-> Privacy and look at "Firefox Data Collection and Use". Thankfully, this is included in the article (but most of us knew about it, anyway, I think).

    There you can unclick the 3 boxes and leave Firefox sending no telemetry at all to Mozilla. It is not the default, but it will remember it in your profile. It is your choice.

    Despite the article/summary implies, "about:telemetry" is not new. It has been around a long time now.

  • As long as it doesn't show latitude, longitude and a rapidly decreasing time to target.
  • I think the article has things a bit mixed up, the about:telemetry page exists since Firefox 19 shipped in 2012 (https://bugzilla.mozilla.org/show_bug.cgi?id=661881)

You do not have mail.

Working...