Many of these sites suggest making edits via “about:config”. The problem is it’s difficult to keep track of which settings you’ve altered. I highly recommend you use a user.js [1] file. The best part is you can make notes so later you knows why a setting was enabled or disabled.
The only downside is if you decide to undo a setting in user.js you’ll also have to make the same change in about:config.
Firefox's about:support page lists the about:config prefs that have non-default values ("Important Modified Preferences"). That includes prefs you've changed and internal prefs changed by Firefox code.
Unfortunately the info provided by about:support doesn’t separate changes made via the gui and changes made via about:config. It also includes settings that may have been altered by Add-ons.
Another benefit to using a user.js file is that your changes are persistent. If Mozilla changes a setting via an upgrade, like they did with experiments and plan to do with DoH, your changes aren’t overridden.
They are saved under the user profile directory in the `prefs.js` file. src[0] I have it symlinked to `~/.config/firefox/pref.js` (which also contains `chrome/userChrome.css`, also symlinked to from the firefox profile) in this way they get checked into git with the rest of my dotfiles.
As long as `chrome://global/content/config.xul` still exists, you can use it. I certainly do, since the new interface is horrible and Mozilla constantly dismisses the obvious usability issues.
>And it suggests you disable HTML5 EME, which has nothing to do with privacy at all.
DRM requires proprietary software, and effective DRM requires obfuscated proprietary software. How do you know it's not harming your privacy, even accidentally?
It looks like DNT is turned on automatically if tracking protection is on, so it probably doesn't identify you any more than "a Firefox browser with tracking protection on".
I just tested. With standard settings for "Content Blocking" (under "Privacy and Security") and "Only when Firefox is set to block known trackers" selected, Firefox does not send the DNT header in regular windows. It only sends it in private windows. Therefore if you don't want to stand out, you should not enable DNT.
Indeed. If you don’t want to stand out, you should use the defaults. Anything non-default will stick out as a 1%-or-less marker. Three or more non-default might well uniquely fingerprint you.
By that reasoning, what would be best would be to identify a few items of information exposed that are commonly used for tracking but that have little or no effect on browsing, and randomly alternate them between the default value and 1 or more other (or random) values.
If the data can't be relied on to contain any specific useful information (even whether it's default or not), then it's effectively useless for tracking, and you've not just hidden yourself in the largest category for those bits of tracking data, you've effectively made them entirely useless for tracking you (which is more effective than hiding in the biggest group).
That only works if you're synchronizing those changes with your other identifiers (cookies, local storage, ip, etc.) Otherwise you're going to be "that guy" that constantly changes his values with every page load.
Just based on a random seed set when the browser loads and the domain name being loaded (that is, external resource requests get the values for the sourcing page domain, which is already tracked in browsers for security purposes). You'll get persistent per-domain values per browser run. If they can already track you definitively beyond that (bookie, session, etc), you're not hurting yourself at all by doing it, but it will possibly help with all the other cases.
IIRC you should look into the Tor Browser’s work along these lines. It includes fun things like “provide a default untraceable screen size ignoring your own”, so that web pages render at the wrong resolution for your browser window in exchange for one less effective vector. I don’t know if Firefox has it under a config option or not.
I think you're talking about letterboxing, which Mozilla stole as a good idea from Tor a while back, and is gated behind the "privacy.resistFingerprinting" config option. It was covered here at the time.[1]
I figured someone might interpret that the wrong way. In my mind it was sort of a "Imitation is the sincerest form of flattery" mixed with "Good artists copy; great artists steal." I tried to allude to this with the "as a good idea" bit, so maybe it would come across as "that's a good idea, I'm stealing it!"
To summarize and clarify, I applaud their actions wholeheartedly. :)
Someone can explain what's the reason to disable telemetry? Telemetry data is anonymized and important for Firefox development. What and how is transferred is documented well. If certain measures are suggested, there should be given a reasoning.
While nice for supporting the development of Firefox, it adds nothing to your subjective browsing experience. As far as I understand, disabling it is also not a data point by which you could be fingerprinted.
You're taking it for granted that the reported data is adequately anonymized to the point of being impossible to make any inferences about individuals, which is a huge leap, not only in trust, but data science.
As mentioned later in the article, Mozilla is based in a country with sweeping surveillance legislation, and so should not be trusted to hold or process [potentially] personally identifying data, no matter how well intentioned they themselves may be.
> it adds nothing to your subjective browsing experience
Firefox decision makers actively consult the telemetry data when making decisions. If you've disabled telemetry and I haven't then my experiences count double and yours are discarded entirely.
For example, TLS 1.0 (and 1.1) is deprecated and will be disabled by mutual agreement among browser vendors in 2020. On the road there, Firefox are watching their telemetry to determine how many users are affected and how much effort it's appropriate to put into mitigating difficulties for those who have systems that can't be upgraded.
For me this will go fine, I don't have any systems that aren't capable of TLS 1.2 and very few that can't do TLS 1.3 so my telemetry data will show all is well. Maybe you are not so lucky. Too bad, you've disabled telemetry so nobody is coming to help. Bye.
> Firefox decision makers actively consult the telemetry data when making decisions. If you've disabled telemetry and I haven't then my experiences count double and yours are discarded entirely.
Yours won't count double unless there are only two users, in which case decision makers will likely disregard telemetry data all together.
You're right that the individual's usage pattern isn't directly considered, but for most users that won't matter because their usage patterns aren't uncommon. If you're one of a small group of users that do $weirdThing and that group is so small that your individual telemetry data contributes significantly, a) that group will likely be ignored and b) anonymizing is a problem you may not want to be involved in as a user.
Yeah, I don't really buy that telemetry is actually guiding design in the first place. Rather, I wager telemetry most often gets used to create post-hoc rationalizations for changes somebody already has their heart set on. And if the most relevant statistic plainly doesn't support the change, then a less obvious statistic is found instead and said to be more important (e.g. "telemetry says 85% of our users use this feature.... but telemetry also says that 90% of users close the application within five minutes of using this feature every time they use it, so users might think they like this feature but actually they're wrong and it drives down user engagement.")
I've not worked at Mozilla, but that's how I've seen it happen just about every time I ever saw telemetry get cited in situations I had some insider insight into.
FWIW, I work at Mozilla and I have used telemetry in the way it's meant to be used. I'm sure there are cases where it's misused the way you describe, but by no means are all the cases like that.
Relating to my other comment in this thread, when you used telemetry at Mozilla did you make or violate the default assumption of user equality? Were all users given equal weight, or were socially influential power users given a greater weight?
All users were given equal weight. From the dashboards at telemetry.mozilla.org you can't even tell which users are more socially influential. And to be precise, with many of the metrics that I've used, they tend to be per-pageload or per-action rather than per-user.
Edited to add: my comment makes it sound like there is some other way to tell from telemetry data which users are more socially influential. That's not the case as far as I know.
Has anybody at Mozilla been pointing out that "data-driven" design predicated on incomplete data, making incorrect assumptions about the relative importance of different users, might be contributing to the decline of Firefox?
A single power user who happens to be a system administrator for a public school district has the power to install or uninstall hundreds of firefox instances. And it was power users that spread word-of-mouth awareness of firefox the most during the days when firefox was actually growing. Continue to treat them as equals to all other users and I predict firefox will continue its tragic slide into obscurity.
Are you sure they know more about it than you, or do they just style themselves as knowledgeable? If mozilla really wants to be truly data driven, then maybe they should look at the data and realize that perhaps trying to be data-driven has contributed to Firefox's decline into relative obscurity.
The way I see it, "data driven" design is often similar to an over-reliance on standardized testing or zero-tolerance policies; a way of abdicating responsibility for a decision and covering your own ass. "Users hate this but I'm not to blame because I was just going off the data" has become the new "Sure everything ended up going sideways, but can you really blame me for buying IBM? Nobody gets fired for buying IBM."
Where is the data to suggest that data-driven design actually produces the desired results? That seems to be missing.
This is not a very productive discussion. I don't want to blow you off with a "trust the experts" kind of response, but that's basically what it boils down to. You are certainly entitled to second guess people whose livelihood it is to keep Mozilla going from your comfortable armchair, but I'm going to extricate myself from this discussion.
How Mozilla know how many people have activated telemetry? Maybe they are making decisions based only in the few minority of user that have activated it.
> it adds nothing to your subjective browsing experience
It increases the chances that Firefox developers address performance and other problems that are affecting you. If you disable telemetry, your problems "don't count" when doing data-driven prioritization of development work. (note: I'm a Mozilla employee, working on gecko)
Concrete example of this: Mozilla removing RSS support because "[it has] outsized maintenance and security costs relative to their usage"[1]. I suspect that there's a high correlation between "power users" that used RSS and went through the settings to disable telemetry.
It would hardly matter because such users are probably still, and always were, an absolute minority of Firefox users and, more importantly, data-driven design often assumes equality of users unless somebody has gone out of their way to justify violating that assumption. And the easiest/most common way to violate the assumption of user equality is to point at other data, such as "only 1% use that feature but 50% of those that do are whales who account for 90% of our income."
But when the matter is less concrete because the value of one particular minority demographic is hard to pin down in the collected data (from what in the mozilla's telemetry data can you persuasively derive the value of power users who tell their friends and family to use firefox? Uncovering those relationships would certainly violate users' privacy..) then "data driven" decision processes will by default assume all users have equal worth.
Another big example is Linux. If you ever wonder why developers don't bother to support your Linux distro, try turning on telemetry once in a while. It'll help.
The removal of RSS is just an example of poor management and decision making by Mozilla.
I think that even if telemetry had had different results, they would have then just ignored it for making that decision. Or they would have changed the interface to hide a feature, and then when users used it less, they would use that as justification to remove something.
There was really no good reason to remove it. They quantified the costs of keeping it at something like $5000. How much do they spend translating Firefox into obscure languages that nobody downloads? Or on catering for their galas and fundraisers? Or any other stuff not related to writing software?
> You're taking it on trust that it's anonymized to the point of being impossible to make any inferences about individuals, which is a huge leap, not only in trust, but data science.
I don't doubt that someone at Mozilla could de-anonymize that data, but I have enough trust in the organization that they won't
> Mozilla is based in a country with sweeping surveillance legislation, and so should not be trusted to hold or process [potentially] personally identifying data, no matter how well intentioned they themselves may be.
Even if Mozilla are completely trustworthy, nothing is stopping them from being forced to give up all that data with a national security letter (accompanied with the customary gag order), to be mined for insights by alphabet agencies.
Have a look through about:telemetry and let us know what you think the US government thinks is so valuable they would threaten powerful people with jail time to find out. Whether my CPU has MMX? Maybe times so far in this session there was auto-starting audio playback which you allowed even though Firefox defaults to never allowing this?
I can /maybe/ if I squint really hard, imagine some murder detective figuring out a way that a value in their suspect's telemetry data helps prove they did it. Only thing is, the murder cop can just ask a judge to let them go take the suspect's whole PC, no need to bother any Mozilla employees with crazy requests.
You are aware that it is publicly known that the US government has been practicing a "collect anything you can get your hands on about everyone" approach for a while now, right?
So your theory is that the US government's policy is to find the most convoluted difficult way to do this collecting and ignore all the easier ways?
"Boss, I just got done with that $500Bn compute job to work out a guy's password as you recommended, rather than just resetting it by email as I'd originally thought of doing. As you pointed out the government can just raise income taxes to pay for it"
"Cool, OK, now I want you to go threaten this company CEO. They collect optional telemetry data and we'd like to extort that CEO into telling us whether a user with this IP address has an Intel or AMD processor"
"Shouldn't I just get them to export the data from their software directly rather than bother with all this? Or just use any of these broadly available malware techniques to get the answer for the user we care about?"
"No, that would be simpler and cheaper, if we do it this way only a true genius like zAy0LfpBZLC8mAC would realise what we're up to, as ever our goal is collect anything but only in the most elaborate way possible so that it's tremendously expensive and difficult"
"OK, but what if the user has disabled telemetry?"
"Then we'll have to think of an even more expensive and elaborate way to collect data. We have a programme to teach goldfish to swim differently depending on whether they have recently seen anybody wearing a T-shirt with a specific logo design on it."
Okay, so we know that there's a 2017 MBP running firefox with IP 172.16.23.xx, and the users uses features a, b, c with frequencies x, y, z respectively. How can this be nefariously used?
A year or so ago, they started sending telemetry letting them know that you have telemetry disabled! [0]
That one pissed me off, just on principle.
I'm not sure exactly what's happened in the last 10 years or so but, at some point, everyone apparently just decided it was okay to start spying on their users (read: "telemetry"). Mozilla and some others, at least, allow you to "opt out" -- although you should never have to! -- as if that somehow makes it okay.
Then, a while back, they decided they were going to go ahead and send in some "telemetry" even if the user has explicitly disabled telemetry!
I can easily remember a time -- and it wasn't that long ago! -- when slipping in even the slightest hint of "telemetry" without a clear, explicit "opt-in" from the user would have been absolutely unheard of.
Mozilla doesn't have much of a user base left. You'd think they would try to avoid alienating us and pissing us off.
---
On a related note -- and with the above in mind -- I recently (within the last several days) started working on my own .js "preferences" to lock Firefox down as much as I can. I've just posted it [1] if anyone is interested (a lot of it was taken from [2]).
Disclaimer: it's very much still a work-in-progress, likely breaks things that I haven't noticed yet, and almost certainly is not what you want to use. I'm fairly happy with it at the moment, however. (There's a bunch of "notes to self" in there that I tried to remove; if I missed any, please just ignore them!)
I don't see any. I skimmed what was sent (about:telemetry) and didn't find anything too egregious. Yes, you can be uniquely identified by your telemetry pings, but that alone isn't really an issue. All it tells Mozilla is that you use Firefox. It doesn't tell them anything about your browsing habits. The biggest risk I can see is malicious actors getting the IP information associated with telemetry submissions and using it to deanonymize your browsing sessions by correlating telemetry submission IPs with other sites' IP information. To mitigate that risk, I would recommend batching telemetry submissions (every week/month rather than in real time) and using separate connection/proxy settings for telemetry submissions.
It's impossible to actually anonymize telemetry data, they can only promise they don't tie the data to your IP, FF account, or any other data their servers can't help but know specifically about you. A quick search will reveal plenty of historic examples of breaking promises just like that one, with very little repercussion.
> Interaction data: Firefox sends data about your interactions with Firefox to us (such as number of open tabs and windows; number of webpages visited; number and type of installed Firefox Add-ons; and session length) and Firefox features offered by Mozilla or our partners (such as interaction with Firefox search features and search partner referrals).
> Technical data: Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
> Read the telemetry documentation for Desktop, Android, or iOS or learn how to opt-out of this data collection on Desktop and Mobile.
This is pretty good -- there are a number of config options here that I didn't realize existed.
My only real quibble is that I don't think people should turn on DNT if they can help it. Most sites don't respect it, and for some sites it's actually another tracking vector on its own.
I believe if you turn on fingerprinting protection in Firefox it gets automatically enabled, so this isn't a suggestion anyone can practically act on. But if I had the choice to disable DNT, I would. I think we should deprecate any tracking protection that relies on good actors respecting our choices.
were DNT anywhere near widely accepted it would probably be possible to enforce it via GDPR. (That is, report the pants off websites that show GDPR popups as you've already told them you don't want that)
Ironically, making changes like this makes you far, far more fingerprintable, as the vast majority of users don't make changes like this. Thus, the users that do stick out like a sore thumb. The article does mention this.
A lot of Firefox's fingerprinting protection is genuinely helpful because the stuff it's blocking can be used to very, very precisely target you.
Canvas/WebGL fingerprinting is a good example of this. Yes, very few people block it, but the fingerprinting for canvas is so individualized to each device that there is no hiding in the crowd if you leave it enabled. You're hiding in a crowd of size 1.
Think of it like wearing gloves during the summer. Yes, that's unusual. But a human fingerprint (except in rare-ish cases) will usually be good enough to track an individual person. In a world where people are regularly collecting fingerprints or tracking them around town to figure out who's been in what stores, being unusual is preferable to being unique.
There are a few settings (normalizing screen sizes) where the benefits aren't so clear-cut. But at the very, very least, you should be doing stuff like turning off webRTC/webGL/canvas. The majority of changes being listed here are strict improvements to privacy.
I have only just taken an interest in the canvas fingerprinting. My understanding is that it relies on a unique hash of an "image" created using HTML5, including the time it takes to draw. Is it not possible to alter this hash by throttling or slightly modifying some GPU settings? I know this is a weird and most likely highly technical question. I'm just curious.
Long answer, I'm also curious about this. I feel like the future of fingerprinting resistance isn't refusing to give up information (since sites can block you or force you to turn the settings back on) -- it's lying. Don't block microphone access, just feed it white noise. Don't block the location, just spoof it.
BUT, a bunch of people who are smarter than me have decided that zeroing out the canvas is better than making it return random values, so for the moment, I assume there's something they know that I don't.
The CanvasBlocker extension which has been around for longer than Firefox started implementing anti-fingerprinting measures does exactly this: spoof canvas readout values. Since blocking Javascript is no longer an option for most people, blocking fingerprintable APIs simply breaks many sites. What we need is frictionless ways to spoof values for these APIs unless the user trusts the site in which case real values can be sent (example the site needs to work and fake values will not be useful to the user).
Improving privacy is reducing the quantity and quality of data collected about you. Making changes to Firefox improves privacy because web sites can collect less data about you.
Improving anonymity is reducing the odds that data can uniquely identify you. Making changes to Firefox harms anonymity because very few people deviate from defaults.
For example, turning off Javascript prevents a site from knowing much at all except header information like User-Agent. So it can't draw a canvas fingerprint nor measure your screen resolution, but it can still record the fact Javascript was disabled - a rare event.
OP is correct: the changes make one 'stick out like a sore thumb'; but incorrect in asserting users are 'more fingerprintable'. Improving privacy may reduce anonymity, but losing anonymity does not necessarily affect privacy.
Losing anonymity absolutely does affect privacy, that's the entire point to fingerprinting.
While anonymity and privacy are theoretically separate concepts, many current techniques used to compromise privacy on the internet are dependent on de-anonymization.
None of the data your browser leaks is being used to directly compromise privacy. Your screen resolution, user-agent, canvas fingerprints, etc aren't private information. Their only utility is to support de-anonymization, which in turn allows a compromise in privacy by aggregating your behavior.
Maybe a bit tangential, but I have been having a difficult time using Google Sheets lately in Firefox (like starting about 2-3 months ago). I keep track of my expenses (like groceries) in Google Sheets and always use Firefox to do data entry. Nowadays, Firefox browser freezes for a minute or two when I load/modify cells in Google Sheets.
I only have one extension, 'muBlockOrigin', installed in Firefox and have been using that for many years, so I'm sure the extension is not getting in the way of loading Google Sheets. So that leads me to believe that Google is probably supporting less and less of Firefox.
Google products (Sheets/Analytics/Gmail) simply run slower on FF these days. It's clear that Google optimizes their products to run well on Chrome, and doesn't bother benching performance on FF. I have a chromium portable laying around for the sole purpose of logging into google products that I need to access for work, and access everything else in FF.
I don't think Google is maliciously making FF slower on their products, but I believe they simply don't care to tweak/tune performance on FF like they would have years ago. As everything else google does, the devs metaphorically cover their ears and proclaim "lalalalalala we are google we don't care!" ...and it's more telling every passing year.
Create a fresh profile and install nothing into it and don’t change any defaults at all. If the problem still occurs, open a Webcompat issue about it. If the problem goes away, it’s either the addon or some sort of non-default config settings.
quickest fix if the top of my head would be to stop using google sheets :D
if you only need basic functionality then libreoffice would be a good place to start since it's cross platform and if youre running Windows then there's a portable version that you can bring around on a usb.
I use syncthing myself to sync my documents between all my devices. but there lots of other options around like resilio sync, nextcloud etc there's not really much of a reason to be tied to Google anymore
A word of caution, some of these settings break stuff.
I don't remember the exact items anymore, but seemingly innocous privacy-related changes I did some time ago from a list very much like this broke the ability to paste to google docs (which was a bit confusing, since I noticed it weeks later when it "just" didn't work with no messages hinting why) and the integration for the Evernote WebClipper plugin; and it was a bit of a hassle to find which changes I need to revert.
If someone else is in the habit of randomly selecting text and they're using linux, they may want to disable at least `clipboard.autocopy` if they don't use it. No reason to simply tell websites every selection you do, IMHO.
this article doesn't address the main issue with firefox and privacy: it sends your very complete fingerprint to google on its very first launch, before you get the chance to change any privacy settings. from that moment on, unless you have JS disabled, google will know your every move one way or another.
all their talk about privacy is hot air as long as that is true.
you install firefox and launch it for the first time. immediately, a page with google analytics opens up and google gets to fingerprint your browser and hardware before you've had a chance to implement any privacy measures.
I find it rather unlikely that mozilla needs GA on that page, considering that firefox is sending tons of telemetry to their own servers.
Has anyone worked out if Do Not Track is actually worth it's weight?
You're effectively flipping another bit that de-anonymises your browser a little bit more, and I can't why a bad actor (the people you're actually worried about) would honour it.
Enabling DNT is worth it, but not for the reason which seems obvious. The DNT header was created so Internet advertisers could point and say, "only 0.1% of users have enabled DNT - this is evidence that people don't care about or even WANT to be tracked" in the face of scrutiny by regulators. It's a single extra bit of information about your request; I wouldn't worry about "de-anonymization" resulting from enabling it, but would suggest enabling it as a token gesture anyway.
If Outline doesn't load, try enabling referrer headers. I always forget to do that and get annoyed when Outline links break. I should probably just switch to a different service at some point, since I refuse to leave referrer headers enabled permanently.
Same here except in Chrome - error is NET::ERR_CERT_AUTHORITY_INVALID and issuer is "Cisco Umbrella Secondary SubCA chi-SG". Windows is saying "the issuer of this certificate cannot be found".
You (or your employer) have Cisco Umbrella, which is MITMing your network connection. You can read about Cisco's Umbrella product by Googling for it. You should comply with your employer's rules about non-work browsing. You could try asking IT support to "fix" the problem if you want, although if what you're doing is against policy they probably won't.
Or - very much less likely - a bad guy is attempting to MITM you and they've decided to imitate Cisco Umbrella so that people aren't interested in helping you because they assume you're just at work goofing off on someone else's network.
Good info - yes my employer MITM's certs, but this is the only site I've run into with this. If I visit a site which violates policy, there's an error page that specifies which policy has been violated, it's not an obtuse cert error.
This is an ok guide for people who don't know what to do, however I'd argue using ghacks userjs, and also disabling the built in content blocking and safebrowsing entirely is in order, along with disabling captive portal detection, and dns over https.
These all call back to google and/or mozilla, cloudflare.
amiunique.org only checks whether your fingerprint is unique, but if some data that was used to create your fingerprint was random (as common with some anti-fingerprinting methods) then that doesn't mean you're identifiable.
Caution: I kept having problems in websites where timestamps were hours off, and every captcha was super annoying. It took me a while to figure out it was due to the fingerprint protection that I had enabled.
Yeah it's a joke. These settings might break a few websites, although I don't recall that ever happening to me. And any websites these settings break shouldn't be websites you're visiting anyway.
This breaks copy-paste for quite a few rich text editors (it was the reason why pasting into Riot didn't work for me for several months). So, some of these options can subtly break harmless websites.
There are settings in there that can^ lock you out of the browser UI and/or potentially destroy your profile data, if you are especially unlucky, potentially months or years after you made the change and since forgot that you did so. It’s usually possible to recover and it’s usually not so bad, but I imagine that’s why it’s a very scary warning.
^ webrender gfx all, for example, seems to break my Firefox Nightly every few months, which I duly report and see fixed the next day or so, but one time it took a couple weeks for them to find the crash!
The only downside is if you decide to undo a setting in user.js you’ll also have to make the same change in about:config.
[1] http://kb.mozillazine.org/User.js_file
Another benefit to using a user.js file is that your changes are persistent. If Mozilla changes a setting via an upgrade, like they did with experiments and plan to do with DoH, your changes aren’t overridden.
[0] https://support.mozilla.org/si/questions/965842
> The only downside is if you decide to undo a setting in user.js you’ll also have to make the same change in about:config.
You could change it to the inverse/default explicitly in user.js?
And it suggests you disable HTML5 EME, which has nothing to do with privacy at all. Whatever your views on DRM, that’s not a privacy concern.
This is yet another “opinionated guide to Firefox” that misleadingly uses privacy to convince people to read it.
Do not harm your friends and family’s experience by making the changes suggested in this guide.
DRM requires proprietary software, and effective DRM requires obfuscated proprietary software. How do you know it's not harming your privacy, even accidentally?
If the data can't be relied on to contain any specific useful information (even whether it's default or not), then it's effectively useless for tracking, and you've not just hidden yourself in the largest category for those bits of tracking data, you've effectively made them entirely useless for tracking you (which is more effective than hiding in the biggest group).
1: https://news.ycombinator.com/item?id=19323032
To summarize and clarify, I applaud their actions wholeheartedly. :)
Does the DRM really not leak data about the content you're watching to the license server?
You're taking it for granted that the reported data is adequately anonymized to the point of being impossible to make any inferences about individuals, which is a huge leap, not only in trust, but data science.
As mentioned later in the article, Mozilla is based in a country with sweeping surveillance legislation, and so should not be trusted to hold or process [potentially] personally identifying data, no matter how well intentioned they themselves may be.
Firefox decision makers actively consult the telemetry data when making decisions. If you've disabled telemetry and I haven't then my experiences count double and yours are discarded entirely.
For example, TLS 1.0 (and 1.1) is deprecated and will be disabled by mutual agreement among browser vendors in 2020. On the road there, Firefox are watching their telemetry to determine how many users are affected and how much effort it's appropriate to put into mitigating difficulties for those who have systems that can't be upgraded.
For me this will go fine, I don't have any systems that aren't capable of TLS 1.2 and very few that can't do TLS 1.3 so my telemetry data will show all is well. Maybe you are not so lucky. Too bad, you've disabled telemetry so nobody is coming to help. Bye.
Yours won't count double unless there are only two users, in which case decision makers will likely disregard telemetry data all together.
You're right that the individual's usage pattern isn't directly considered, but for most users that won't matter because their usage patterns aren't uncommon. If you're one of a small group of users that do $weirdThing and that group is so small that your individual telemetry data contributes significantly, a) that group will likely be ignored and b) anonymizing is a problem you may not want to be involved in as a user.
I've not worked at Mozilla, but that's how I've seen it happen just about every time I ever saw telemetry get cited in situations I had some insider insight into.
Edited to add: my comment makes it sound like there is some other way to tell from telemetry data which users are more socially influential. That's not the case as far as I know.
A single power user who happens to be a system administrator for a public school district has the power to install or uninstall hundreds of firefox instances. And it was power users that spread word-of-mouth awareness of firefox the most during the days when firefox was actually growing. Continue to treat them as equals to all other users and I predict firefox will continue its tragic slide into obscurity.
The way I see it, "data driven" design is often similar to an over-reliance on standardized testing or zero-tolerance policies; a way of abdicating responsibility for a decision and covering your own ass. "Users hate this but I'm not to blame because I was just going off the data" has become the new "Sure everything ended up going sideways, but can you really blame me for buying IBM? Nobody gets fired for buying IBM."
Where is the data to suggest that data-driven design actually produces the desired results? That seems to be missing.
It increases the chances that Firefox developers address performance and other problems that are affecting you. If you disable telemetry, your problems "don't count" when doing data-driven prioritization of development work. (note: I'm a Mozilla employee, working on gecko)
[1] https://www.gijsk.com/blog/2018/10/firefox-removes-core-prod...
But when the matter is less concrete because the value of one particular minority demographic is hard to pin down in the collected data (from what in the mozilla's telemetry data can you persuasively derive the value of power users who tell their friends and family to use firefox? Uncovering those relationships would certainly violate users' privacy..) then "data driven" decision processes will by default assume all users have equal worth.
I think that even if telemetry had had different results, they would have then just ignored it for making that decision. Or they would have changed the interface to hide a feature, and then when users used it less, they would use that as justification to remove something.
There was really no good reason to remove it. They quantified the costs of keeping it at something like $5000. How much do they spend translating Firefox into obscure languages that nobody downloads? Or on catering for their galas and fundraisers? Or any other stuff not related to writing software?
There is much more robust discussion on this already. https://news.ycombinator.com/item?id=18202028
I don't doubt that someone at Mozilla could de-anonymize that data, but I have enough trust in the organization that they won't
> Mozilla is based in a country with sweeping surveillance legislation, and so should not be trusted to hold or process [potentially] personally identifying data, no matter how well intentioned they themselves may be.
Even if Mozilla are completely trustworthy, nothing is stopping them from being forced to give up all that data with a national security letter (accompanied with the customary gag order), to be mined for insights by alphabet agencies.
I can /maybe/ if I squint really hard, imagine some murder detective figuring out a way that a value in their suspect's telemetry data helps prove they did it. Only thing is, the murder cop can just ask a judge to let them go take the suspect's whole PC, no need to bother any Mozilla employees with crazy requests.
"Boss, I just got done with that $500Bn compute job to work out a guy's password as you recommended, rather than just resetting it by email as I'd originally thought of doing. As you pointed out the government can just raise income taxes to pay for it"
"Cool, OK, now I want you to go threaten this company CEO. They collect optional telemetry data and we'd like to extort that CEO into telling us whether a user with this IP address has an Intel or AMD processor"
"Shouldn't I just get them to export the data from their software directly rather than bother with all this? Or just use any of these broadly available malware techniques to get the answer for the user we care about?"
"No, that would be simpler and cheaper, if we do it this way only a true genius like zAy0LfpBZLC8mAC would realise what we're up to, as ever our goal is collect anything but only in the most elaborate way possible so that it's tremendously expensive and difficult"
"OK, but what if the user has disabled telemetry?"
"Then we'll have to think of an even more expensive and elaborate way to collect data. We have a programme to teach goldfish to swim differently depending on whether they have recently seen anybody wearing a T-shirt with a specific logo design on it."
That one pissed me off, just on principle.
I'm not sure exactly what's happened in the last 10 years or so but, at some point, everyone apparently just decided it was okay to start spying on their users (read: "telemetry"). Mozilla and some others, at least, allow you to "opt out" -- although you should never have to! -- as if that somehow makes it okay.
Then, a while back, they decided they were going to go ahead and send in some "telemetry" even if the user has explicitly disabled telemetry!
I can easily remember a time -- and it wasn't that long ago! -- when slipping in even the slightest hint of "telemetry" without a clear, explicit "opt-in" from the user would have been absolutely unheard of.
Mozilla doesn't have much of a user base left. You'd think they would try to avoid alienating us and pissing us off.
---
On a related note -- and with the above in mind -- I recently (within the last several days) started working on my own .js "preferences" to lock Firefox down as much as I can. I've just posted it [1] if anyone is interested (a lot of it was taken from [2]).
Disclaimer: it's very much still a work-in-progress, likely breaks things that I haven't noticed yet, and almost certainly is not what you want to use. I'm fairly happy with it at the moment, however. (There's a bunch of "notes to self" in there that I tried to remove; if I missed any, please just ignore them!)
[0]: https://blog.mozilla.org/data/2018/08/20/effectively-measuri... (see the "Telemetry Coverage" section)
[1]: https://gitlab.com/snippets/1904354
[2]: https://github.com/pyllyukko/user.js
And where, and when. That's pretty sensitive information.
Both can be addressed by batching uploads, as described in the gp comment.
> the clientId, a UUID identifying a profile and allowing user-oriented correlation of data
[1] https://firefox-source-docs.mozilla.org/toolkit/components/t...
On line anonymity is a myth. Why do we keep spreading it?
Online anonymity is an entirely different topic than whether this one data set collected here is effectively anonymized.
> Technical data: Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
> Read the telemetry documentation for Desktop, Android, or iOS or learn how to opt-out of this data collection on Desktop and Mobile.
If that's OK for you, fine. Not for me.
https://www.mozilla.org/en-US/privacy/firefox/
My only real quibble is that I don't think people should turn on DNT if they can help it. Most sites don't respect it, and for some sites it's actually another tracking vector on its own.
I believe if you turn on fingerprinting protection in Firefox it gets automatically enabled, so this isn't a suggestion anyone can practically act on. But if I had the choice to disable DNT, I would. I think we should deprecate any tracking protection that relies on good actors respecting our choices.
But overall, good article.
Leaving it as default makes you hide in the crowd
Canvas/WebGL fingerprinting is a good example of this. Yes, very few people block it, but the fingerprinting for canvas is so individualized to each device that there is no hiding in the crowd if you leave it enabled. You're hiding in a crowd of size 1.
Think of it like wearing gloves during the summer. Yes, that's unusual. But a human fingerprint (except in rare-ish cases) will usually be good enough to track an individual person. In a world where people are regularly collecting fingerprints or tracking them around town to figure out who's been in what stores, being unusual is preferable to being unique.
There are a few settings (normalizing screen sizes) where the benefits aren't so clear-cut. But at the very, very least, you should be doing stuff like turning off webRTC/webGL/canvas. The majority of changes being listed here are strict improvements to privacy.
Long answer, I'm also curious about this. I feel like the future of fingerprinting resistance isn't refusing to give up information (since sites can block you or force you to turn the settings back on) -- it's lying. Don't block microphone access, just feed it white noise. Don't block the location, just spoof it.
BUT, a bunch of people who are smarter than me have decided that zeroing out the canvas is better than making it return random values, so for the moment, I assume there's something they know that I don't.
WebGL fingerprinting, in my investigation, seems to be identifiable by gpu vendor, and potentially by generation, but not individual GPU.
So there's still bits of info, but not as bad as they used to be, or as bad as people generally fear.
Any chance you could point me to a source on this?
You're confusing privacy and anonymity. They can be mutually exclusive.
Improving anonymity is reducing the odds that data can uniquely identify you. Making changes to Firefox harms anonymity because very few people deviate from defaults.
For example, turning off Javascript prevents a site from knowing much at all except header information like User-Agent. So it can't draw a canvas fingerprint nor measure your screen resolution, but it can still record the fact Javascript was disabled - a rare event.
OP is correct: the changes make one 'stick out like a sore thumb'; but incorrect in asserting users are 'more fingerprintable'. Improving privacy may reduce anonymity, but losing anonymity does not necessarily affect privacy.
While anonymity and privacy are theoretically separate concepts, many current techniques used to compromise privacy on the internet are dependent on de-anonymization.
None of the data your browser leaks is being used to directly compromise privacy. Your screen resolution, user-agent, canvas fingerprints, etc aren't private information. Their only utility is to support de-anonymization, which in turn allows a compromise in privacy by aggregating your behavior.
I only have one extension, 'muBlockOrigin', installed in Firefox and have been using that for many years, so I'm sure the extension is not getting in the way of loading Google Sheets. So that leads me to believe that Google is probably supporting less and less of Firefox.
I don't think Google is maliciously making FF slower on their products, but I believe they simply don't care to tweak/tune performance on FF like they would have years ago. As everything else google does, the devs metaphorically cover their ears and proclaim "lalalalalala we are google we don't care!" ...and it's more telling every passing year.
if you only need basic functionality then libreoffice would be a good place to start since it's cross platform and if youre running Windows then there's a portable version that you can bring around on a usb.
I use syncthing myself to sync my documents between all my devices. but there lots of other options around like resilio sync, nextcloud etc there's not really much of a reason to be tied to Google anymore
I don't remember the exact items anymore, but seemingly innocous privacy-related changes I did some time ago from a list very much like this broke the ability to paste to google docs (which was a bit confusing, since I noticed it weeks later when it "just" didn't work with no messages hinting why) and the integration for the Evernote WebClipper plugin; and it was a bit of a hassle to find which changes I need to revert.
https://developer.mozilla.org/en-US/docs/Mozilla/Preferences...
If someone else is in the habit of randomly selecting text and they're using linux, they may want to disable at least `clipboard.autocopy` if they don't use it. No reason to simply tell websites every selection you do, IMHO.
all their talk about privacy is hot air as long as that is true.
so this pretty much invalidates my other two comments here.
sorry could you explain in more detail please ?
I find it rather unlikely that mozilla needs GA on that page, considering that firefox is sending tons of telemetry to their own servers.
You're effectively flipping another bit that de-anonymises your browser a little bit more, and I can't why a bad actor (the people you're actually worried about) would honour it.
Regardless, Outline link for anyone who can't read: https://outline.com/T3fGAk
If Outline doesn't load, try enabling referrer headers. I always forget to do that and get annoyed when Outline links break. I should probably just switch to a different service at some point, since I refuse to leave referrer headers enabled permanently.
Or - very much less likely - a bad guy is attempting to MITM you and they've decided to imitate Cisco Umbrella so that people aren't interested in helping you because they assume you're just at work goofing off on someone else's network.
These all call back to google and/or mozilla, cloudflare.
https://github.com/ghacksuserjs/ghacks-user.js
Once you've done your tweaking, have a look at https://amiunique.org/ to see how anonymous you really are.
But there's no denying that site is a good handy guide to things in Firefox that can be tweaked to suit one's privacy stance.
This breaks copy-paste for quite a few rich text editors (it was the reason why pasting into Riot didn't work for me for several months). So, some of these options can subtly break harmless websites.
^ webrender gfx all, for example, seems to break my Firefox Nightly every few months, which I duly report and see fixed the next day or so, but one time it took a couple weeks for them to find the crash!
There are plenty of good firefox forks out there.