23
votes
What happens when you launch a fresh install of Firefox?
@jonathansampson:
What happens when you launch a fresh install of Firefox? I was curious, so I did so with version 68.0.2, and monitored my network activity. Here's what I learned...
(Resident Firefox developer here)
I'm happy to answer any questions that I am capable of answering.
EDIT: And of course, these are my personal thoughts and not an official stance of Mozilla, etc.
Why this? Is it too difficult to just set up Piwik or something org-wide? (Honest question BTW, no passive-aggression)
Also, I think the Brave's feature of connecting to Google servers via a proxy they provide is neat. Any chance Mozilla adopt similar practice or are there non-obvious downsides to this?
We are looking into GA being used on the privacy page that is shown during first-run.
As for Mozilla's use of GA in general: I'm going from memory here, as this discussion happened via an ephemeral medium, so unfortunately I don't have any logs or notes to check. The people in charge of this evaluation did in fact look into self-hosted analytics services such as Piwik and concluded that they were not capable of meeting our needs. That discussion did not really go into depth about how that conclusion was arrived at, but it was.
Instead, the decision was made to go with GA. As part of the deal, Mozilla asked Google to prevent GA data collected from Mozilla's GA instance from being shared with the rest of Google. In fact, that opt-out has since been made available to all GA customers with enterprise contracts.
There is currently some discussion about this. I think one of the biggest hurdles will simply be scalability. It's much easier for Brave to do this at their current scale than it is for us.
EDIT: Also, we're wondering whether the SafeBrowsing APIs we use would work across a proxy.
As a bonus, here is a description of how SafeBrowsing works in Firefox.
Thanks a lot!
As a follow-up, I have learned that GA is being removed from our privacy policy page, the idea being that we shouldn't be collecting analytics data from people who have not yet been informed of the policy, nor have yet been given the option to opt out.
I was curious if a proxy was necessary, so I looked at Google's privacy policy for Safe Browsing. They say:
Standard log information is what a web server would collect, which does include IP address and user agent. Cookie information likely includes an associated Google account, if one is logged into.
My first thought was that I didn't like the idea of Mozilla man-in-the-middling a request like this. However if they are more strict about not logging server requests then I can see it as being an improvement.
Unrelated to the specific “phone home” pings upon launch, but what is the culture like at Mozilla (err, maybe the Firefox team, specifically)?
I ask because we see plenty of articles around Google’s internal dialogue/bickering nowadays. Firefox, though, is one of the only remaining browser competitors and we don’t hear much about the organization itself. I’ve personally worked with your company, so I have an idea that you’re a little more “do the right thing” vs. “don’t be evil”, but the dynamic must certainly different when dealing with external companies.
My thoughts on this are... complex, but I'll try to answer your question from within the context of Google's internal bickering and the current political climate:
Mozilla has the advantage of having already fought these internal battles long ago. In 2012, a Mozillian posted a blog post opposed to marriage equality. This post was picked up and syndicated by Planet Mozilla, which is an official RSS feed that aggregates blog posts from across the Mozilla community. The internal controversy surrounding this led to the development of our Community Participation Guidelines, the TL;DR of which is (more or less): "Believe what you want, but when it comes to your Mozilla activities, you leave it at the door."
By the time we reached 2014 and the Brendan Eich fiasco [Note: the link I provided is to the least inaccurate media account of what actually happened], IMHO us employees of the Mozilla Corporation felt more under siege from external forces than internal ones (The press did report on some "Mozilla employees" who were upset about Eich's appointment as CEO of MoCo, but the ones who were quoted were all employees of the Foundation, not the Corporation, and thus were not even subject to working under Eich in the org chart).
So now we get to today. I don't want to give the impression that everything is 100% harmonious, but those events from the past have positioned us well to stay mostly focused on furthering the Mozilla mission. I'm not saying that issues never come up, but for the most part I would say that everybody understands their responsibilities.
We're also lucky that we have an altruistic mission that guides us, so we don't need to worry about our employer becoming a defense contractor or helping governments to spy on their own people.
EDIT: Fixed incorrect cnet link
Why does Firefox claim to respect your privacy if so much tracking and telementry is enabled by default?
As @Wes mentioned, our telemetry respects privacy out of the box.
Unfortunately "telemetry" has become a bit of a loaded term that some people have used to imply (in the context of browser telemetry, at least) that the browser is phoning home with personally-identifiable information (PII) and information about user browsing activity. With the default telemetry settings that Firefox runs out of the box, that couldn't be further from the truth.
Properly-anonymized tracking can still respect your privacy.
Part of these URLs are accessed by a web page that Firefox opens only once after a new profile is created (which is in most cases only once after installation).
Unrelated, but I know that Humble Bundle released a Web Version of FTL as part of a Humble Mozilla bundle that can run on a Mobile phone, but has to have mouse controls. Is there an Addin or a Developer tool in Firefox for Android that will let it emulate mouse controls on a mobile phone, since Mobile FTL has kind of been my white whale for a while?
It should be possible for someone to make a Firefox extension which listens for touch events and then emits events that the game is watching for.
Yeah, the closest thing I can think of is to get something like Touch Punch, inject it into Firefox for Android with a greasemonkey script or extension, and try and get a game going.
I don't know, sorry.
Thank you for answering, I'll report back if I find anything substantial.
You could probably use a Bluetooth mouse or a USB otg cable to plug a USB one into your phone. Android supports pointing devices like mice and tablets as well as touch.
Yes, but a mobile game with a mouse kinda defeats the point.
Of course, to noone's surprise, Brave gets out of this with the least snark and negative comments. Truly a neutral and objective look at what browsers do during startup.
I think that's a bit unfair. Jonathan has been forthright about his employer from the beginning. It's not mentioned in these specific tweets, but they're part of a series he's doing from his personal timeline where he's been quite upfront. See his responses to Twitter replies and his comments on Hacker News.
Google Chrome: https://twitter.com/jonathansampson/status/1165493206441779200
Edge: https://twitter.com/jonathansampson/status/1166138692509065218
Opera: https://twitter.com/jonathansampson/status/1165353213308129281
Vivaldi: https://twitter.com/jonathansampson/status/1165358155922059266
Dissenter: https://twitter.com/jonathansampson/status/1165377063932637184
Brave: https://twitter.com/jonathansampson/status/1165391211999518720
HN Thread: https://news.ycombinator.com/item?id=20794937
This is... something. Thats a lot more from Firefox than I would expect.
I was expecting it to do better than Brave. There is Icecat which is maintained by gnu people and thats it, no other real alternative for me.