Who is the moron at Mozilla that thought it would be a good idea to sell user information, and how much does he make a year?
this post was submitted on 06 Mar 2025
426 points (98.9% liked)
Open Source
34045 readers
148 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
$6M, but if you look at the California law that spurred this change, the Privacy Policy that hasn't changed since July 2024, and the revised ToS, this looks mostly like a really, really, really stupid communication error.
It's one of those cases where legally, "sell" includes things that most people wouldn't consider a sale in normal parlance, but Mozilla has to comply with the overbroad legal definition; meanwhile, they don't appear to be fundamentally changing anything about how they're operating.
ETA: I'm still moving to LibreWolf (and maybe Ladybird later on). I'm not a lawyer, and expecting people like me to parse legal definitions of commonly understood words is just asinine.
The thing is, I don't want Mozilla to be "really this shouldn't be called selling" my info either. This was my call to jump ship to a fork that doesn't give any data to Mozilla in the first place by adopting a downstream fork.
I probably already wasn't giving Mozilla any data to "not sell" in the first place, since I've got telemetry disabled and used about:config to strip out all of their non-browsing functions. But why trust a "probably" that also inevitably needs more attention when they roll in some AI assistant nonsense I don't want (or whatever) when I can just find a fork of their FOSS product that's run by people that don't want my data in the first place?
That's kinda my feeling, too. It doesn't appear to be any worse than a year ago, but if you were already not impressed, this is not an improvement.
where legally, "sell" includes things that most people wouldn't consider a sale
Allowing access for valuable consideration is pretty cut and dry. What is the legislation defining beyond that?
To quote this wiki that did a very good job of breaking down this clusterfuck:
The CCPA defines "selling data" as:
“Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.
The sticking point is that last "other valuable consideration." The question that people should be asking is: "valuable to whom and in what capacity?" Value does not need to be for financial gain; knowledge is valuable to a contractor building a building, for example.
But I recommend reading that wiki breakdown or just watch this video. It's a mess that can't be untangled in a simple Lemmy comment.
I don’t want Mozilla to be handling my personal data in any way. Anonymized usage statistics? I could be convinced to relinquish that. But that’s it.
From what I understand, usage stats are anonymized, and you can opt out of telemetry. But as I personally move to more hardened and private ways to connect, I'm moving to LibreWolf to err on the side of caution.
It all feels like flying too close to the sun for my taste. I don't like the idea of normalizing policies that aren't cut and dry and easy to understand. Have a legal version and a version for dumb people like me if needed, but don't expect me to play lawyer and connect the dots.
Yes, you can opt out, you simply send an request with your data to Alphabet INC.
I’m with you. Those TOUs are unacceptable.
legally,"sell" includes things that most people wouldn't consider a sale in normal parlance
Like what, any specific examples?
I have been hearing this repeatedly as a talking point from people defending Firefox but without any specific example of what they do and don’t allow themselves to take and sell, it rings quite hollow.
https://blog.mozilla.org/en/products/firefox/update-on-terms-of-use/
The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
If they give anybody any information for any reason, they open themselves to litigation - however frivolous and unwarranted - because the laws are written to be intentionally vague, to capture a wide variety of scenarios, including those that the law does not explicitly state. There are tons of valuable exchanges that could occur other than strictly data for money, and those exchanges are therefore captured within this new legal definition. To protect themselves from frivolous lawsuits and to remain consistent within the new definitions of these laws, Firefox/Mozilla has changed their Terms of Use. Their uses of data are outlined within their Privacy Policy (linked within the above post).
I suppose this information is only valuable if one trusts Mozilla - one of the most stalwart, dedicated, and outspoken advocates for consumer rights in the digital age.
I'm not saying Mozilla is infallible or above reproach - nobody/nothing is or should be considered so - but if I'm gonna trust any group that says "I'm not fucking you over" it's gonna be the group that has a consistent and very clear history of championing the idea of not fucking people over
Doesn't the new wording also include monetary exchange as well. Wouldn't that mean they could sell your data at anytime even if they are currently not?
They could tell us precisely what they're selling, and to whom, and give us a button to say "hell no", and it'd be largely fine. Instead, it's a bunch of "oh, you wouldn't understand"
To be clear, I'm not particularly interested in defending Mozilla. This confusing mess is at least partly their fault, and I think users are right to hold them accountable. I just want people to be able to make informed decisions and not ones based on the internet blowing things up needlessly.
Rather than repeat myself, here's my comment to someone who asked basically the same thing.
load more comments
(9 replies)
I mean, for now...
If terms of use aren't regulated in any way apparently companies can change them whenever they fucking want to.
They can say this today and then a month from now completely backtrack just like Mozilla did....
Terms of use do not mean fucking anything.
Thunderbird May Disclose Information To: Mozilla Affiliates: Thunderbird is a project of MZLA Technologies Corporation, a subsidiary of Mozilla Foundation and an affiliate of Mozilla Corporation, and as such, shares some of the same infrastructure. This means that, from time to time, your data (e.g., crash reports, and technical and interaction data) may be** disclosed to Mozilla Corporation and Mozilla Foundation**. If so, it will be maintained in accordance with the commitments we make in this Privacy Notice.
DNS servers, Standard Autoconfiguration URIs, and Mozilla's Configuration Database: To simplify the email set-up process, Thunderbird tries to determine the correct settings for your account by contacting Mozilla’s configuration database as well as external servers. These include DNS servers and standard autoconfiguration URIs. During this process, your email domain may be sent to Mozilla's configuration database, and your email address may be disclosed to your network administrators.
Amazon Web Services: Thunderbird uses Amazon Web Services (AWS) to host its servers and as a content delivery network. Your device’s IP address is collected as part of AWS’s server logs.
Email address providers (Desktop Only Legacy): Prior to version 128, Thunderbird partnered with Gandi.net and Mailfence to allow you to create a new email address through Thunderbird. If you choose to use this feature, your email address search terms are sent to Gandi.net and Mailfence to return available addresses. In addition, your country location is also shared to provide the correct prices. You can learn more about Gandi.net’s and Mailfence’s data practices by reading their privacy notices.
Always good to read TOS and PP of an service.
I'm always confused when people are surprised by something like an account sync meaning that the operators have to store your data
Makes me wonder if they understand how Lemmy works...
Yes, naturally to create an account for Sync, they have to store your data. But it's not the same if they also share these with third parties.
If third parties means AWS, then every website you've accessed this year shares your data with third parties. This is why the GDPR exists.
Yes, but this is a different thing. It's clear that you are not private, even using TOR, if you use Google for search, post on Fakebook or use another page/service which logs and profile your activity, but it's different if the browser itself or/and its company is tracking you, sharing it with third parties. That is the point. GDPR limit this to an minimum, but don't avoid it completely. More than ever is important that you ALWAYS read TOS and PP of every app/service before using it. A good rule is: longer and more written in a legal jargon, difficult to understand and many external links, it is a sign that the app or service is trying to hide its activities and dark patterns by boring the user. A honest app/service don't need this tricks, using a short and clear text.
Are you under the impression that what you quoted is a long or unclear text?
That of Mozilla is enough clear, although not much better with several external links that must be checked separately. But in general it is a fairly valid rule that the site has things to hide if it puts a very long legal text. A normal user does not bother to read a text of 2 or more pages in a difficulty legal jargon.
Honest sides don't need to do it, good examples are the PPs of the SSuite (the shortest ever) or Andisearch, which are between the bests I know.
Depends. Every hostname accessed? Sure. Every full URL? Not with https being everywhere these days.
load more comments
(1 replies)
load more comments
(2 replies)
lol, what a shitshow. A product from the same company is distancing from the stench. Good on them, but it shows who did some things wrong.
MZLA is a different subsidiary of the Mozilla Foundation.
load more comments
(1 replies)
Wasn't sure if there were better places to post this, feel free to cross-post if you know other fitting communities :)
Thank you for posting it by the way. This is both good, and important news
This whole thing is concerning. Are there other real alternatives to FF or Chromium?
Forks.
I finally switched from Firefox to librewolf, which is a privacy focused fork of it. It’s basically Firefox with some of the iffy stuff ripped out, and with good default settings.
Firefox with proper settings is probably “fine” still, but the transition is super easy since it’s basically the same thing.
load more comments
(2 replies)
view more: next ›