|
|
Subscribe / Log in / New account

Mozilla reverses course on its terms of use

[Posted March 3, 2025 by jzb]

Mozilla has issued an update to its terms of use (TOU) that were announced on February 26. It has removed a reference in the TOU to Mozilla's Acceptable Use Policy "because it seems to be causing more confusion than clarity", and has revised the TOU "to more clearly reflect the limited scope of how Mozilla interacts with user data". The new language says:

You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.

Mozilla has also updated its Privacy FAQ to provide more detail about its reasons for the changes.


to post comments

The revised document was clearly untenable...

Posted Mar 3, 2025 16:26 UTC (Mon) by gwolf (subscriber, #14632) [Link]

Mozilla's user base seems to be those of us most sensible to data appropriation, people most sensitive to privacy-related issues. It was crazy to read the now famous diff! I am unsure whether Mozilla's reputation will go back to what it was, as this "slip" was quite a toral change in what we hold as the foundational definition of their mission.

But not the "won't sell your data to advertisers"

Posted Mar 3, 2025 16:37 UTC (Mon) by Jonimus (subscriber, #89694) [Link] (2 responses)

This was actually the bit I was most worried about personally. The Privacy FAQ still has the "we won't sell your data to advertisers" bits removed which I do not buy the "it was too vague in some jurisdictions" reasoning for its removal. Especially without a further explanation of what jurisdictions they mean or further details.
I highly suspect that this is related to the integrated AI chatbot bits that are supposedly coming. There is no reason that couldn't just be an extension other than if additional data sharing or similar was required or part of the deal for its integration.

But not the "won't sell your data to advertisers"

Posted Mar 4, 2025 21:44 UTC (Tue) by ralfj (subscriber, #172874) [Link] (1 responses)

They gave further explanation on which jurisdictions they mean and why at https://blog.mozilla.org/en/products/firefox/update-on-te... . However, I am not entirely convinced... that sounds like a classic lawyer move to me, prioritizing reduction of legal risk over anything else including reputation and common sense.

But not the "won't sell your data to advertisers"

Posted Mar 5, 2025 8:10 UTC (Wed) by kleptog (subscriber, #1183) [Link]

The argument appears to that with recent privacy laws the definition of "selling data" has been codified and since it might be codified differently in different places, the meaning of "don't sell data" is justification dependant.

Because they do sell data in the ordinary meaning, however they don't sell *personal data* since it's all either anonymised or aggregated. And they're apparently worried that that might fall foul of privacy laws.

I'm not really convinced. Whether what they're doing is ok is not dependant on what is in the notice, but on what they actually do and whether the notice matches what they say they do.

I don't see why they need to care about what other countries do since there's only one place they can be sued and that's where they're incorporated, so that's the only law that matters.

That said, I don't really understand how it works with different US states having different definitions. I'm used to the EU where being in compliance in any single state automatically means you're in compliance in all the others.

As a long-time Firefox user

Posted Mar 3, 2025 17:10 UTC (Mon) by rsidd (subscriber, #2582) [Link] (1 responses)

... and an exclusive Firefox user on my android mobile since 2019 (I have disabled chrome) and on linux desktop except when absolutely necessary, I am willing to give Mozilla the benefit of doubt here. Especially when the only plausible alternative is Chrome...

(... or Edge for Linux? Maybe in the 2020s that's actually less evil than Google?)

As a long-time Firefox user

Posted Mar 3, 2025 18:16 UTC (Mon) by tchernobog (subscriber, #73595) [Link]

A quick run of Wireshark after installing Edge on Linux does tell a sadly different story :-/

Are they really "reversing course"?

Posted Mar 3, 2025 18:00 UTC (Mon) by rrolls (subscriber, #151126) [Link] (13 responses)

AIUI, Mozilla are still going to be imminently adding a click-through Terms of Use / EULA to Firefox.

To me, "reversing course" would be if Mozilla decided to backtrack on the whole thing, i.e. not add an EULA. They may have adjusted it slightly, but they're still going to require we accept such a thing.

I've expressed previously [ https://lwn.net/Articles/1012529/ ] my hope for Debian to patch this out. Free Software, which is not inextricably tied to some external service, should not come with such agreements.

Please do correct me if I'm mistaken on my interpretation here.

Are they really "reversing course"?

Posted Mar 3, 2025 18:13 UTC (Mon) by jzb (editor, #7867) [Link]

That seems like a fair interpretation. "Reverses course" may be an overstatement on my part. I would not be surprised if it's patched out in some of the distribution releases.

Are they really "reversing course"?

Posted Mar 3, 2025 18:22 UTC (Mon) by alx.manpages (subscriber, #145117) [Link] (11 responses)

I revised their terms, and re-read my own Debian bug report (where I reported the violations of DFSG), and their new terms still violate the DFSG in the same exact way.

The security/privacy concerns are less egregious now, but still there too.

I used for some time LibreWolf, which supposedly patches out a lot of stuff from Firefox, and I hope that project will be able to patch out the new bs too. And I hope Debian will either package LibreWolf, or come up with something of their own. We'll see. I don't have any hopes in Mozilla, TBH.

Are they really "reversing course"?

Posted Mar 3, 2025 22:01 UTC (Mon) by Paf (subscriber, #91811) [Link] (8 responses)

Aren't you then worried about the viability of the Firefox project itself as a top end browser as well? It's clear that keeping up there is a lot of work

Are they really "reversing course"?

Posted Mar 3, 2025 22:11 UTC (Mon) by alx.manpages (subscriber, #145117) [Link]

I hope that the project will survive Mozilla. I expect the only path is to let it die, so that it can continue in the life of a fork, very much like happened with OpenOffice and LibreOffice.

Are they really "reversing course"?

Posted Mar 3, 2025 22:17 UTC (Mon) by mb (subscriber, #50428) [Link] (6 responses)

>Aren't you then worried about the viability of the Firefox project itself as a top end browser

Firefox is not a top end browser these days.

The *only* reason I use Firefox is because of their data protection policy.
And they are really working hard on destroying everything about that.

If Mozilla keeps on destroying their data protection policies, they will completely loose the game.
If I have to choose between evil corporation A and evil corporation B, I will choose Chrome, because it's the browser that works best.
If I have to choose between Mozilla as of 10 years ago and anything else, I will choose Mozilla.

You have the choice, Mozilla.

Are they really "reversing course"?

Posted Mar 3, 2025 22:57 UTC (Mon) by leromarinvit (subscriber, #56850) [Link] (4 responses)

> Firefox is not a top end browser these days.

May I ask why? Genuinely curious. Long time Firefox user (since it was called Phoenix) for many different reasons, but I wouldn't consider myself a zealot or fanboy.

I can't remember the last time I've had any sort of rendering issue. There are a few APIs Firefox doesn't support (WebSerial and WebUSB are the two I can think of right now, possibly others). That's a pity and annoying when you need them, but the vast majority of sites work perfectly fine (and very much the same in all modern browsers). Performance is similar to Chromium (subjectively at least, I haven't run any benchmarks and don't much care for numbers as long as any difference isn't actually noticeable).

Containers and proper ad blocking (manifest v2) are the killer features for me. Given these, I'd use it over Chromium even if the latter didn't have dubious corporate interests attached. (And incidentally, these two features are the reason I don't consider Ungoogled Chromium a realistic alternative for me either.)

Regarding the topic at hand, I can only agree that this is a bad move and their explanations have a very distinct weasel words smell. The partial backtracking (while keeping the most important parts of the actual changes) after seeing the backlash fits in character. Let's hope distros patch this out.

Are they really "reversing course"?

Posted Mar 4, 2025 4:49 UTC (Tue) by draco (subscriber, #1792) [Link] (1 responses)

I can't speak for mb, but I'm increasingly running into websites that don't work in Firefox but do work in Chrome. Though one of them suddenly started working recently 🎉

Heck, my own website that I've configured to require client certificates works in the desktop browser but still doesn't work on Android. Works perfectly in Chrome in either environment.

Are they really "reversing course"?

Posted Mar 4, 2025 6:51 UTC (Tue) by mb (subscriber, #50428) [Link]

>I can't speak for mb, but I'm increasingly running into websites that don't work in Firefox but do work in Chrome.

Yes, this is exactly what I meant.

It's probably directly caused by the massively dropping market share and website builders not checking their sites on "small browsers".

Firefox used to be the gold standard for compatibility, but a couple of years ago I was forced to install chromium due to the occasional websites that don't work correctly in Firefox.
I used to have a Firefox-(Mozilla/Netscape)-only install since the very beginning up until then.

Are they really "reversing course"?

Posted Mar 4, 2025 12:21 UTC (Tue) by tux3 (subscriber, #101245) [Link]

Perhaps only tangentially related, but $WORK has started enforcing some corporate policy that in practice locks Firefox out completely.

There is this Google feature called Context-Aware Access (CAA) and a Chrome plugin called Endpoint Verification that you need to install. This thing does some checks on your local device (is this a company device? is it setup in a safe configuration?), and then communicates the result to Google.
My understanding is that Firefox could in principle support CAA, there doesn't seem to be any particular obfuscation or attempt to make it unworkable for non-Google browsers.

If I want to continue using Firefox — and I do, then I have to switch between it and Google Chrome whenever I access CAA-gated pages.
Or, somehow reverse this Security™ feature and attempt to port it to Firefox myself, which may or may not break in a year when Google decides to tweak their protocol slightly.

Using Firefox is walking down the hard path, at every turn.

Are they really "reversing course"?

Posted Mar 4, 2025 16:32 UTC (Tue) by rbtree (guest, #129790) [Link]

> Performance is similar to Chromium

Generally it is, but there's a massive difference in how they handle loading thousands of web requests. It is a niche use case, but the slowdown on FF is bad enough that I keep a copy of a Chromium-based browser just for this.

I work on a fat SPA most of the time, and its dev server does not do bundling and serves each file in a separate HTTP request. The difference in page load time is about 10 seconds on Firefox vs. 1 second on Chromium (same cache and privacy settings, same lack of an adblocker, etc).

Consider yourself fortunate that your employment options allow you to avoid working on "modern" web stuff, I guess.

Are they really "reversing course"?

Posted Mar 4, 2025 13:56 UTC (Tue) by jengelh (subscriber, #33263) [Link]

>Firefox is not a top end browser these days.

That's ok, because the web is not a top end medium these days. ;^)

Are they really "reversing course"?

Posted Mar 4, 2025 9:17 UTC (Tue) by eru (subscriber, #2753) [Link] (1 responses)

And I hope Debian will either package LibreWolf, or come up with something of their own.
Return of the Iceweasel?

Are they really "reversing course"?

Posted Mar 4, 2025 9:22 UTC (Tue) by alx.manpages (subscriber, #145117) [Link]

I'd love that! :-)

Link to Firefox Privacy Notice

Posted Mar 3, 2025 19:44 UTC (Mon) by egoforth (subscriber, #2351) [Link]

It's not immediately obvious from the FAQ page, since it's not styled as a link, but the full Firefox Privacy Notice is at https://www.mozilla.org/en-US/privacy/firefox/ It does mention some of the things brought up, like the AI chatbots.

Legal definition of sell

Posted Mar 4, 2025 4:34 UTC (Tue) by pabs (subscriber, #43278) [Link] (5 responses)

Dear Mozilla: maybe stop collecting user data, then the legal definition of "sell" will be irrelevant to you.

Legal definition of sell

Posted Mar 5, 2025 15:44 UTC (Wed) by higuita (guest, #32245) [Link] (4 responses)

Most of user data is metrics about the firefox working and what features the site request.
Like what TLS version used, what ciphers, what root CA are used, site of screen, number of tabs, what features are used (is the new AI being used? in what models? horizontal tabs or vertical tabs? DoH , cloudflare dns ou own dns?) How many times a thread crashed or even the browser crashed? engine resource load times, memory leaks, add on installed and their crashes, etc

many of this metrics is used to find problems, corner cases and see what needs more urgent work and is less important to work on

It is easy to say they don't need any of that, but if you work in a large project, you need metrics, working on your own metrics only will hide many problems as you only see one side

Crash report was one of the first user data reports and it helped insanely to find and solve problems. Many design decision where based in real user metrics. Chrome team even found that certain countries were faking google certificates to spy on users (and harcoded ssl hash in the browser to detect those cases if they mismatch)

what mozilla could do is put in the browser a list of all metrics, a tooltip on why it is needed and a checkbox, so people can enable or disable those. That would increase the trust and any more troublesome metric, the end-user could disable it if they wanted

Legal definition of sell

Posted Mar 5, 2025 16:59 UTC (Wed) by excors (subscriber, #95769) [Link]

> what mozilla could do is put in the browser a list of all metrics, a tooltip on why it is needed and a checkbox, so people can enable or disable those.

That sounds like the about:telemetry page, which shows all those metrics and the values it has collected from your system, and has links to documentation of every entry. You can't disable individual metrics, but if you object to telemetry enough that you'd spend hours reading through the thousands of items to decide which specific ones you don't like, you ought to just turn it off entirely and save everyone the hassle.

They do sell data to third parties

Posted Mar 5, 2025 17:45 UTC (Wed) by rschroev (subscriber, #4164) [Link] (1 responses)

> We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).

(from Mozilla’s Data Privacy FAQ at https://www.mozilla.org/en-US/privacy/faq/)

"share with our partners (which we need to do to make Firefox commercially viable)" doesn't sound like telemetry. That sounds like giving data and getting money in return, i.e. selling data.

It seems to me there's quite a difference between what they say if you take it all at face value, and what they actually allow themselves to do if you dig a bit deeper. It's not just telemetry, it's not just allowing them to send search queries to search engines or stuff like that. They actually send data to third parties. Yes, anonymized and/or aggregated, but still not something I would expect from an organization that claims "We Stand for People Over Profit" and "Individuals’ security and privacy on the internet are fundamental and must not be treated as optional".

They do sell data to third parties

Posted Mar 5, 2025 20:01 UTC (Wed) by raven667 (subscriber, #5198) [Link]

A major problem trying to discuss this is defining _what_ "data" we are talking about, without a specific example and a threat model around it everyone can imagine different things and not effectively communicate with one another, let alone make a value judgement whether something is good or bad. I'm not sure even the people in the data broker industries know what exactly they are collecting or selling or what the impact of that might be, let alone any *user* being able to exercise _meaningful_ judgement about what should or should not be allowed.

The data broker industry likes it that way because there can be no pressure to change their practice if people don't understand exactly what they do.

Legal definition of sell

Posted Mar 11, 2025 18:31 UTC (Tue) by Zhaley (guest, #176454) [Link]

"Chrome team even found that certain countries were faking google certificates to spy on users (and harcoded ssl hash in the browser to detect those cases if they mismatch)"

Oh, of course, then onlythem are allowed to spy on other country's users! (and the Five Eyes, of course)

Communication is the key

Posted Mar 4, 2025 8:38 UTC (Tue) by Che0t (subscriber, #125738) [Link] (1 responses)

Communication with the Firefox users and the Internet community obviously should be a crucial part of such a product like Firefox and Mozilla organisation. I am surprised how bad did they do it recently with all these changes and vague wording.

Communication is the key

Posted Mar 6, 2025 11:53 UTC (Thu) by kpfleming (subscriber, #23250) [Link]

Including 'operate Firefox', which is a phrase that makes no logical sense. Unless it has been redefined somewhere by Mozilla, 'Firefox' is software that runs on the end user's computer and Mozilla is not involved in 'operating' it at all.

This is *NOT* a reversal.

Posted Mar 7, 2025 23:16 UTC (Fri) by mirabilos (subscriber, #84359) [Link]

It’s not Mozilla which operates Firefox.

It’s me, on my local machine. Mozilla is not party to any operating of Firefox I do, nor to any communication between me and the servers I use Firefox to communicate with. (Thanks to dalias for mostly the wording.)

Some other more-than-questionable points are also still left, according to people who replied to my toot stating basically the same as above, but this was bad enough for me to stop reading.

It might just be time to bring out Iceweasel again, without any Mozilla services phoning home.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds