AI Summary:
Overview:
- Mozilla is updating its new Terms of Use for Firefox due to criticism over unclear language about user data.
- Original terms seemed to give Mozilla broad ownership of user data, causing concern.
- Updated terms emphasize limited scope of data interaction, stating Mozilla only needs rights necessary to operate Firefox.
- Mozilla acknowledges confusion and aims to clarify their intent to make Firefox work without owning user content.
- Company explains they don’t make blanket claims of “never selling data” due to evolving legal definitions and obligations.
- Mozilla collects and shares some data with partners to keep Firefox commercially viable, but ensures data is anonymized or shared in aggregate.
Too late. That wasn’t a typo, Terms are going downhill from here. I’m gone.
Mozilla collects and shares some data with partners to keep Firefox commercially viable
How hard is it to be specific? People are concerned about this, can they not tell us the exact data they share and with whom, or is doing so going to make people more concerned so they are avoiding telling us?
“I am doing things that are not selling your data which some people consider to be selling your data”
Why is he so cryptic? Neil, why don’t you tell me what those things are and let me be the judge?
Louis Rossmann had a good video about this. Basically, California passed a law that changed what “selling your data” means, and it goes way beyond what I consider “selling your data.” There’s an argument here than Mozilla is largely just trying to comply with the law. Whether that’s accurate remains to be seen though.
Then how about putting that in the language? “We don’t sell your data, except if you’re in California, because they consider x, y and z things we might actually do as selling data.”
Exactly!
Hetzner kind of does this, where there’s a separate EULA for US customers that lays out precisely how they’re screwing you in that jurisdiction (e.g. forced arbitration). I’m not happy about that, but I appreciate having a separate, region-specific TOS.
If some wording only applies in California, state that. Or if it’s due to similar laws elsewhere, then state that. And then detail which features collect data, why, what control you have, and how you can opt-out. Maybe have a separate mini-TOS/EULA for each major component that gets into details.
But just saying “you give us a license to everything you do on Firefox” may appease their legal counsel, but it doesn’t appease many of their users, especially since they largely appeal to people who care about privacy.
At this point I care about ownership of what I do on my browser, Chrome under these guidelines is a better alternative (and that’s a low bar)
How is chrome better? It’s literally run by an ad company, and there’s no way they have a better TOS.
It’s not it’s just slightly less bad than Firefox on the perspective of ownership,
E.g.: under the new guidelines by Mozilla you’re not allowed to bookmark pornhub
This is thanks to Mozilla’s focus on “privacy respecting “ advertisement and ai, go to any open source conference and you’ll see a list of ai talks by them.
——
Don’t get me wrong I implore anyone to move to any browser that isn’t; Chrome, Edge, Firefox, Opera
Some jurisdictions classify “sale” as broadly as “transfer of data to any other company, for a ‘benefit’ of any kind” Benefit could even be non-monetary in terms of money being transferred for the data, it could be something as broadly as “the browser generally improving using that data and thus being more likely to generate revenue.”
To avoid frivolous lawsuits, Mozilla had to update their terms to clarify this in order to keep up with newer laws.
I mean…if they pay for the service of external analization of data in exchange of money, how is that a sale of goods/data?
Ask the lawmakers who wrote the laws with vague language, because according to them, that kind of activity could be considered a sale.
As a more specific example that is more one-sided, but still not technically a “sale,” Mozilla has sponsored links on the New Tab page. (they can be disabled of course)
These links are provided by a third-party, relatively privacy protecting ad marketplace. Your browser downloads a list of links from them if you have sponsored links turned on, and no data is actually sent to their service about you. If you click a sponsored link, a request is sent using a protocol that anonymizes your identity, that tells them the link was clicked. That’s it, no other data about your identity, browser, etc.
This generates revenue for Mozilla that isn’t reliant on Google’s subsidies, that doesn’t actually sell user data. Under these laws, that would be classified as a sale of user data, since Mozilla technically transferred data from your device (that you clicked the sponsored link) for a benefit. (financial compensation)
However, I doubt anyone would call that feature “selling user data.” But, because the law could do so, they have to clarify that in their terms, otherwise someone could sue them saying “you sold my data” when all they did was send a small packet to a server saying that some user, somewhere clicked the sponsored link.
I would definitely call that selling my data. The recipient can now add that to my profile as an interest.
That’s good and I’m genuinely glad they’re trying to clarify it, but it proves yet again that their top management is out of touch with reality and their users: somebody (most likely more than one person actually) had to sign off on these changes and the message they sent out - this whole thing could have been avoided if they understood their users better (and/or if they actually cared nore about what users think).
I didn’t sell your shit, I collected it and shared it to keep myself comercially viable.
Mozilla says that “there are a number of places where we collect and share some data with our partners” so that Firefox can be “commercially viable,” but it adds that it spells those out in its privacy notice and works to strip data of potentially identifying information or share it in aggregate.
Sounds like they’ve already been selling (or trading) data and this whole debacle is a way to retroactively cover their asses.
Yeah. And their privacy notice is basically a mix-match of ten or so sections that have no place in a web browser privacy policy, that allows them to do the things people reproach them for doing.
It’s like saying “we’re not doing that, because we’re limited by that document that allows us to do just that”. And now they’re tripling down on it.
