Uh oh, I just learned that Mozilla injects Google Analytics tracking code into Firefox itself. When you go to about:addons, it sends tracking data to Googles servers.
Is there a way to get rid of that? It seems to be not blocked by a default umatrix for example.
I think we really need a browser by a more trustworthy party. Maybe Debian could make a Firefox fork that is more user friendly in terms of privacy? Is there a way for vote for this or sponsor such a development?
No, you cannot block it via umatrix or any other extension. If you read the whole discussion you will see that this only was possible in the old extension tech that Mozilla meanwhile replaced with webextension. And those can't.
They injected a non-removable external tracking system right into the browser that they market as privacy focussed.
Actually, if you read to the bottom of the discussion [0] you'll see that it was fixed, and FF respects the Do Not Track setting.
In addition, they negotiated with google special terms for their analytics. This is the description [1] and this is the resulting options they got [2].
It is not fixed. You still cannot disable the tracking via an extension like umatrix.
And no, I do not set the 'do not track' thing. Because that is one more bit of data sent out. To every website. Not just to Mozilla.
Actually more then a computer 'bit' by the way. What percentage of users use the 'do not track' setting? Let's say 1%. Voila. Setting it is worth about 7 bits of data to identify you.
I don't mean to be rude, but if you're worried about the "do not track" setting identifying, you honestly shouldn't be on the internet. Or you should be using it like rms does [1] (scroll to "How I use the internet").
I agree with you in that I don't like it - I was just providing some more information on the issue, from presumably the same source you made your comment from.
In terms of a Debian firefox etc, I would worry about two things:
1. You'd be fragmenting the non-corporate* browser market, weakening the good that can come of that. Mozilla are invited to the table at browser discussions, Debzilla probably won't be.
2. You're reliant on the upstream from Mozilla, so you're still needing them to be big enough to continue to generate the base software the fork is coming off.
I don't consider Mozilla to be a bad actor and in fact like them a lot (although you may feel differently) however they have done multiple anti-user actions I don't agree with (this would be one of the lesser ones).
How are firefox design choices steered? Is it just at the whim of the corporation? If not, what would be the best way to become politically active in steering design choices like these in a pro-privacy pro-user direction? It seems like there are enough people with a similar sentiment on Hacker News to provide political weight to these issues.
*yes, strictly speaking Mozilla are corporate but I would say there are appreciable differences between them and Google, Microsoft, etc
> 1. You'd be fragmenting the non-corporate* browser market, weakening the good that can come of that. Mozilla are invited to the table at browser discussions, Debzilla probably won't be.
You mean the tables where they then give in to making copyright a standard and giving legitimacy to that standard by staying on that table?
Firefox has a blacklist of sites that can't be modified by extensions, specifically addons.mozilla.org and testpilot.firefox.com (which can both install extensions). It's there to protect against malicious extensions that might try to install further extensions or otherwise escalate permissions by making use of those sites' permissions.
That block is also going to keep uMatrix from being able to block anything specifically on addons.mozilla.org
It's not for malicious reasons, FF blocks extensions from fucking around with various core mozilla sites like the Addon store and the Testpilot plugins. Otherwise malicious plugins could do a lot of damage there.
Can one block in hosts? Or does it use too many hostnames/IPs?
Edit: OK, so I've played some with Wireshark. And it seems that Firefox is talking to many Google servers. So blocking google-analytics.com in hosts seems to do nothing. But then, this is a Firefox install with several extensions, so it's impossible to say who's doing what. So hey, I guess I need to check this out in a LiveCD VM.
You cannot anonymize data and we've known this since the Netflix data was famously deanonymized. "Anonymized data" is what people call it when they're lying or don't know enough to be trusted with privacy. The primary issue is that data that seems harmless in isolation can be powerful in aggregate, that any data unique enough to be informative to a third party can be used to triangulate an individual's identity, and that data which cannot be matched up with a user today might be in the future when more information is available or statistical tools are improved. If Firefox actually does say they "anonymize" your data, that's a pretty damning indictment on their lack of trustworthiness and diligence.
I'm sure every tracking company out there says they do only good with the data they track. If that is what it takes to make tracking ok, then why bother at all?
No I’m not assuming either way. But we know the incentives are there for tracking to be effective as opposed to ineffective. I’d argue it’s more rational to take the landscape as it is, rather than how we wish it to be.
what does this mean? why is google interested in our about page behaviour? the only motive I can imagine is to understand what fraction of users they are missing and why? why should we tolerate handing out such strategic data?
Is there a way to get rid of that? It seems to be not blocked by a default umatrix for example.
I think we really need a browser by a more trustworthy party. Maybe Debian could make a Firefox fork that is more user friendly in terms of privacy? Is there a way for vote for this or sponsor such a development?