Firefox Now Shows What Telemetry Data It's Collecting About You (zdnet.com) 34
There is now a special page in the Firefox browser where users can see what telemetry data Mozilla is collecting from their browser. From a report: Accessible by typing about:telemetry in the browser's URL address bar, this new section is a recent addition to Firefox. The page shows deeply technical information about browser settings, installed add-ons, OS/hardware information, browser session details, and running processes. The information is what you'd expect a software vendor to collect about users in order to fix bugs and keep a statistical track of its userbase. A Firefox engineer told ZDNet the page was primarily created for selfish reasons, in order to help engineers debug Firefox test installs. However, it was allowed to ship to the stable branch also as a PR move, to put users' minds at ease about what type of data the browser maker collects from its users.
Put users mind at ease?? (Score:4, Insightful)
Seems to me that if you're paranoid about what info your browser collects about you, you might just look at that page and decide that it is neither complete nor conclusive...
In other words, why would someone who didn't trust their browser decide that "of course they put absolutely everything they're collecting about you on that page, and not keeping the really important things secret by just not displaying them...."?
Re: (Score:2)
If they're that paranoid and also on slashdot I expect them to be able to snoop on their own network traffic to find out.
Re: (Score:2)
I guess you never heard of encryption?
Re: (Score:2)
hurr, hurr, good wun
Re: (Score:2)
I guess you're not smart enough to understand that encryption specifically exists to prevent man in the middle attacks of the kind that traffic sniffing is.
Re: (Score:2)
If only you knew how to add your own trusted CA, then you could do that too. But you're already too smart, so it isn't possible that you would learn how to do it, or even ask why the thing you don't understand is true.
Re:Put users mind at ease?? (Score:5, Informative)
why would someone who didn't trust their browser decide that "of course they put absolutely everything they're collecting about you on that page, and not keeping the really important things secret by just not displaying them...."?
I don't trust my browser, I trust that at least one of the independent people who inspect its source code will rat on the others if they find the browser doesn't do what it says on the tin
That's why I trust this:
about:telemetry#home-tab
Telemetry is collecting release data and upload is disabled.
Raw Payload (data:application/json;base64)
null
user_pref("app.update.lastUpdateTime.telemetry_modules_ping", 0); user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); user_pref("browser.newtabpage.activity-stream.telemetry.ut.events", false); user_pref("browser.ping-centre.telemetry", false); user_pref("devtools.onboarding.telemetry.logged", false); user_pref("security.certerrors.recordEventTelemetry", false); user_pref("security.identitypopup.recordEventElemetry", false); user_pref("security.ssl.errorReporting.url", ""); user_pref("services.sync.telemetry.maxPayloadCount", 0); user_pref("services.sync.telemetry.submissionInterval", 999999999); user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.bhrPing.enabled", false); user_pref("toolkit.telemetry.cachedClientID", "0"); user_pref("toolkit.telemetry.debugSlowSql", false); user_pref("toolkit.telemetry.enabled", false); user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); user_pref("toolkit.telemetry.hybridContent.enabled", false); user_pref("toolkit.telemetry.newProfilePing.enabled", false); user_pref("toolkit.telemetry.previousBuildID", "0"); user_pref("toolkit.telemetry.reportingpolicy.firstRun", false); user_pref("toolkit.telemetry.server", ""); user_pref("toolkit.telemetry.server_owner", ""); user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); user_pref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.updatePing.enabled", false); user_pref("datareporting.healthreport.infoURL", ""); user_pref("datareporting.policy.firstRunURL", ""); user_pref("privacy.trackingprotection.introURL", ""); user_pref("services.sync.fxa.privacyURL", ""); user_pref("toolkit.crashreporter.infoURL", ""); user_pref("toolkit.datacollection.infoURL", ""); user_pref("beacon.enabled", false); user_pref("webgl.disabled", true);
Re: (Score:2)
Re: (Score:2)
But the problem is, chasing down stuff like that is typically neither glamorous nor sexy, and so, much like writing documentation, it doesn't get done. Except by black-hats who have monetary incentives, or nation-states who have more complex goals.
Yes, many of us CAN do it. But vanishingly (less than 1?) small numbers of people WILL do it.
Re: Put users mind at ease?? (Score:2)
Being the person who busts open a data-harvesting scam by inspecting code? OK, so you're not a rock star, or winning the super bowl, but for nerds that's actually pretty "glamorous."
Re: Put users mind at ease?? (Score:2)
Great! (Score:5, Interesting)
So now I can see it creates a full profile of my system -- possibly revealing which CPU vulnerabilities it has, my addons, which security products my system is protected with (or not), which drivers I am using, which roots are trusted, what my search engine choice is... ... I mean sure, you could say
The information is what you'd expect a software vendor to collect about users in order to fix bugs and keep a statistical track of its userbase.
.. or you could say holy crap that's a lot of information. The kind of thing an attacker might love to know about a box.
Re: (Score:3)
possibly revealing which CPU vulnerabilities it has
Which has been shown time and time again, that you need to first break into the system first to reliably deploy these kinds of attacks first. These kinds of attacks are major security risks for boxes that have a lot of shared customers like cloud computing. Even the current application of Spectre via network "NetSpectre" provides about 15 bits per hour transmission. I'm so sick of people remembering those viruses and forgetting how they're actually used.
my addons
The add-on system in Firefox is way more robust tha
Re: (Score:2)
So now I can see it creates a full profile of my system -- possibly revealing which CPU vulnerabilities it has, my addons, which security products my system is protected with (or not), which drivers I am using, which roots are trusted, what my search engine choice is... ... I mean sure, you could say
Eh, what? It doesn't "create" that. The hardware choice is readily available to every binary running on your computer and the other stuff is all thing it either needs to know or you have told it. How on earth do
Same bullshit as Windows 10 or diff? (Score:3)
Is this like the same bullshit in Windows where:
* You have opt out, and
* There is no option to set none. (Only Some or Full.)
Or does it default to respectable settings like:
* Defaults in opt OUT
* Defaults to NO telemetry.
Anyone know?
Re:Same bullshit as Windows 10 or diff? (Score:5, Informative)
Mozilla apparently allows Firefox users to completely opt out of telemetry gathering altogether. It's a simple checkbox indicating on/off, not a less/more option like in Windows 10 (except for Enterprise editions, which can turn it off completely).
I keep Firefox telemetry and crash reporting on, as I think it's helpful for the developers to know how I use the browser. It's essentially soft-voting for the features you use most. But I did turn "studies" off after Mozilla mis-used that feature with that Mr Robot nonsense.
Re: (Score:2, Troll)
I just went and installed Firefox on a clean VM.
There was no checkbox during the installation.
If I go to "Privacy Protections" on the main menu, there's nothing in there to control telemetry.
If I go to "Options" then "Privacy & Security" there are several check boxes on by default towards the bottom of the page.
So I assume it's only "a simple checkbox indicating on/off" if you know it exists and can find it. And has it sent stuff before you've had a chance to turn it off? I don't know.
I find people tend
Re: (Score:3)
I keep Firefox telemetry and crash reporting on, as I think it's helpful for the developers to know how I use the browser. It's essentially soft-voting for the features you use most. But I did turn "studies" off after Mozilla mis-used that feature with that Mr Robot nonsense.
It's more than that, because nothing is ever black and white. Firefox need to be able to compete with Chrome. If they fail in this we will be in a google monopoly and have a repeat of IE5, which took a decade to recover from. The thing
And that's why spying always wins (Score:2)
Because it makes too many peoples jobs easier.
Every app should have this (Score:5, Interesting)
This is exactly the sort of information that every well-intentioned app should provide. I'm much more willing to provide telemetry data to developers if the actual data being uploaded is available to me in a clear fashion.
Another possibility is to have all telemetry data sent to a trusted aggregator that could anonymize it before passing it on to the developers. It could also hold it for presentation to the user. If the app only needed internet access for telemetry data, this data path could be whitelisted as a "trusted connection", allowing data paths to be segregated into "trusted" and "untrusted". Apps that only had "trusted" connections could be considered more trusted in a privacy-sense.
Re: (Score:2)
Wow, did you really look at everything it collects, or just think "golly, they told me about it, so it must all be OK?"
Re: (Score:2)
I did look at about 80% of it. The data is fairly well organized.
Additionally, just like in the open source world, it doesn't matter if I look at everything -- I can generally rely on someone in the crowd looking it and raising an alarm if there's a problem.
Re: (Score:2)
Except, they've been raising the alarm for years and warning you to turn the telemetry off.
Running Processes? (Score:1, Troll)
Re: (Score:1)
Sounds like something Chrome does.
I just looked at about:telemetry in Firefox. The only info it shows about "processes" are Firefox specific ones. Such as the parent process, the ones in charge of drawing the content, running the extensions, etc. Unless it's not showing everything, I think it was a poor choice of wording in the original article.
Re: (Score:3)
Firefox spawn processes. Not every process on your system. Just FYI.
Disable & Not "New" (Score:4, Informative)
I will point out, if you don't like telemetry being collected, open Preferences-> Privacy and look at "Firefox Data Collection and Use". Thankfully, this is included in the article (but most of us knew about it, anyway, I think).
There you can unclick the 3 boxes and leave Firefox sending no telemetry at all to Mozilla. It is not the default, but it will remember it in your profile. It is your choice.
Despite the article/summary implies, "about:telemetry" is not new. It has been around a long time now.
Re:Disable & Not "New" (Score:4, Interesting)
It will still have transferred a full report on your system unless you turn off networking after installation and before running it, until you get the settings set.
I might be one of three people in the world to do that.
Re: (Score:3)
Re: (Score:2)
Thanks for posting the link, one can only hope that we become four.
Pffft (Score:2)
About:telemetry exists since Firefox 19 (2012) (Score:1)