Thanks everyone for your active participation here. We knew this would have a lot of interest and so we’ve waited to dive into the conversation because we see some themes emerging that I’ll respond to broadly here. The main concerns I’m noting are around the license agreements we declare, our use of data for AI, and our Acceptable Use Policy. Below are a few clarifications to each of these areas.
“It does NOT give us ownership of your data”
Then why did it say that it does?
“When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.”
If we insist on having terms at all, then GOOD and user-respecting terms are ones which list clearly, precisely and exhaustively exactly what data will be used for what purpose under what circumstance.
BAD and corporate-favouring terms are ones which make broad, sweeping statements which can be interpreted any way the company likes in their favour - and where changes to how and what data is shared and transmitted can be made any time without updating the terms, because the terms are so broad they cover just about anything.
Pretty clear which one of those things the new terms are.
This is exactly why I don’t believe a single word they say about this new TOS.
Their MPL2 was perfectly fine. Moving their executable to a proprietary license with less freedoms was not going to go well.
Uhh, because without letting Firefox use the information you type, you would have a very shitty word processor instead of a web browser?
Imaging typing “www.google.com” and Firefox just sits there because without your permission to use the data you gave it, Firefox would ethically not be able send that text to a DNS server.
That’s what that means.
When you interact with your web browser as an application, the information you put into it - including any DNS queries or submitted data - is routed between your ISP, your DNS provider, and the provider of the website. And for non-mozilla websites then none of those are Mozilla.
“Firefox” as a browser sees that stuff, but “Mozilla” as an organisation, a busineas entity, does not need to see that.
Exactly the same that when you buy a bicycle you can ride it anywhere you like without the company who made the bike knowing where you are - sure they made the bike, but after that point, the relationship is over.
This is why historically there has not been any need to accept terms for a browser, because a browser is just a vehicle - what you use the browser for has actually no dependency with the company who made it.
A policy only starts to become necessary when the browser positions itself as an entity that you transact with directly; like creating an account to sync data with Mozilla services and store things in pocket, or to interact with AI services which Mozilla provides.
Effectively, mozilla have now started adding extra features to the bicycle which are useful but also need to communicate with Bike HQ to work. And they are being a little less than specific about what data that is or what they will do with it.
That’s what data usage policies are about - what data does Mozilla as an organisation collect, what do they use it for, and what third parties do they interact with to provide those services. And that’s what I’d hope to see, rather than a broad statement that in theory allows anything.
That’s the thing: you do interact with the web browser. It’s literally the first thing that has to happen before accessing the Internet.
You don’t type directly into Facebook; you don’t search Google directly. You type into a text box in web page rendered by your browser. Your browser handles the HTTPS encryption as well as sending everything you type to the next layer in the network stack. That’s what Mozilla’s policy is clarifying- the very act of typing data into Firefox means you’re giving data to Firefox, so they’re telling you what happens to that data when you do (which is not “send it to Mozilla”).
That’s what Mozilla’s response to the recent criticism tried to explain this as being, but that response itself is to me not at all plausible.
You do not need to give Firefox or Mozilla permission to “do” anything when you simply navigate to a website or perform a search, because the only entities involved in that transaction are yourself, your ISP and the website. NOT Mozilla.
To be super clear here: Yes, Firefox as an installed application has complete and total access and permission on anything you ever do or say or send, and always has done since day 1. And that is absolutely fine, because that data did not go back to Mozilla.
That’s how its been with web browsers since the web browser was invented - you don’t have to agree to let the browser do things for you, because just like a bike you are the one driving the browser and deciding where it goes and what requests the broswer makes when you drive it - you are in control.
The new terms and conditions have been added to cover data which is sent back from the browser to Mozilla, or to other partner services.
Your previous response couldn’t be more clear. At this point this guy is just trolling, and it’s never a good idea to feed trolls.
Again, as I’ve already pointed out this is not correct. You don’t interact with websites directly; you interact with them through your web browser.
Except you don’t know that. You can’t say what expectations you might have had with whatever data you provided because there was no policy published to say what Mozilla might have done with it. Now, there is.
Hmmm. How about no other program has ever required this? A program is not the company. I do not need to give away my right to my data to use a telephone or send a postcard.
You need to understand that what you wrote is utter bullshit and not how any of this works, or has ever worked.
Mozilla is not the software running on your computer and you having some sort of agreement with them is not even slightly required for the software running locally to connect to the third-party server that you, the user, directed it to connect to.
Adding Mozilla ToS to Firefox is like putting “vegan” labels on tomatoes: it’s not just pointless, but also suspicious.
It’s suspicious, because you think those tomatoes have dairy or meat in them?
Seems weird. Should the linux kernel be getting my permission to send what I type from the keyboard to Firefox? What about when the kernel sends what firefox does through my wifi card? It gets silly real quick.
is this your first interaction with lawyers?
hahaha
Should they not? Do you want everything you type on your computer, even stuff that’s not meant to be seen publicly, to be sent somewhere without your knowledge?
A few months ago everyone was in an uproar because Microsoft wanted to do that very thing with Windows Recall. Why is that idea preposterous just because Firefox is telling you about it?
Should that license then also clarify that the kernel will not clean my dishes for me?
Not having some feature/behaviour doesn’t need a license. A license, a form of contract, is only necessary when two or more parties interact. I interact with Mozilla when I download and install Firefox, so I have to conform to some distribution license for example. Maybe they restrict me from redistributing the binary they provide me (made-up example). But after that, I no longer interact with Mozilla, so anything I do with Firefox should not require a license.
Of course it should. It should also clarify that you’ll only get a blowjob on your birthday and you’ll have to do your own taxes, you deeply unserious person. 🙄
So for the last 20 plus years before this new wording, Firefox has not been a functional browser?
That’s not what I said. But making a policy explicit rather than implicit seems to me like a good move for privacy. Isn’t it better to know exactly what Firefox is doing with what you type, rather than just assuming?
If they make it more exact such that it’s not ambiguous whether they can use our data for whatever, that would be fine.
I agree, and so does Mozilla. From the linked blog post:
Here’s the Privacy Notice referenced above. While I agree with you that they are vague about their “Partners, service providers, suppliers and contractors” they supply data to (read: Google) they do provide ways for you to request that data.
Does Notepad need a license to interpret your keystrokes and save them to a file? Interpreting my keystrokes and formatting them as an HTTP request to the search engine should not require any online service, and if the data does not leave my machine, it doesn’t need a license nor privacy policy. They have done just fine without a license for decades, because it would be absurd to require a license for fully local operations.
Oh look at that, a privacy policy in Notepad that tells you how Microsoft uses the data you type into Notepad.
It doesn’t. The policy covers what happens after that. Sure, open up Firefox and type whatever you want in the address bar and you can be as private as you want. The second you press Enter is when Firefox does stuff with what you typed, and Mozilla is saying that when you push Enter you give them permission to do that stuff. You’re giving Mozilla permission to send your search to Google for midget porn, or to post your pro-Trump rant to Facebook, or email your great-Grandma’s secret oatmeal raisin cookie recipe to your ex-wife.
It’s turning an implicit use of a web browser (“Of course we’re sending your search to Google and nowhere else wink”) into an explicit use (“When you provide data to Firefox, we’re gonna do this with it, cool?”)
Except the terms don’t promise that. The terms don’t really say anything at all about what Mozilla (the corporation) or Firefox (the software) won’t do with data I enter into Firefox. They do however say that I grant Mozilla a license to use data that I enter into Firefox for several purposes, which means Firefox could reasonably send the search request I intended for Google to Mozilla as well.
I admit, not the best example. I was implicitly referring to Notepad from Windows 10 and earlier, which didn’t have any online functionality yet, and thus would be excluded from large amounts of the license terms. The linked License Terms and Privacy Policy are written to apply to any and all Software from Microsoft.
In order to make our interpretation efforts easier, let’s use a non-Microsoft example, Notepad++: During the installation, you are presented with the GNU GPLv3 license, which pertains only to the distribution of the (parts of the) program. Even after the installation, the only mention of a license is the GNU GPLv3. There is no Notepad++ Usage License or Privacy Policy, because there is no other party i interact with.
If I use cURL to send a request to Google, cURL doesn’t need a license to pinky-promise it actually does what I tell it to do. cURL is not a party, it is a tool. I do need a license for Google, because they process, store and use my provided information beyond the search itself.
The web request is sent by Firefox, not Mozilla. Mozilla is not acting on my behalf when issuing a web request. One might argue Firefox is, but that is no different from the Linux kernel acting on its behalf to issue that request to the Ethernet card, and the cards firmware to act on the kernels behalf to do what it says. None of these parts have license terms that restrict, let alone mention these processes.
There is no reason why Firefox needs these license terms to operate.
@billiam0202 in this age of data pillaging to fuel AI models and target ads, people rightfully assume the worst. If that’s Firefox’s intention then better wording is required.