Mozilla is planning to collect domain-level browsing history on an opt-out basis

https://groups.google.com/forum/#!topic/mozilla.governance/81gMQeMEL0w

They're not planning to collect URLs, just top-level+1 domains (e.g. images.google.com). And sure, there's no problem with images.google.com because it's generically innocuous. But what about pornhub.com for users in Saudi Arabia? Or some Japanese site that's essentially child porn for users in the US? The top-level+1 domain in many cases is totally incriminating.

This is a horrible development. If Mozilla starts collecting this sort of data on an opt-out basis, it will put many users at risk. Seriously, WTF?

 

Maybe they didn't hear about GDPR coming to effect in Europe next year? All personal data collecting should be allowed by user with opt-in option.

 

How do Japanese sites get away with child porn I thought that was internationally illegal already

 

Use Waterfox!

The developer sure to block this

 

Privacy for privacys sake. I don't want google mozilla or anyone else collecting my movements no matter how generically innocuous it is and I don't want to be lumbered with a stupid opt out. Mozilla is on a continual slippery slope.

I absolutely agree. The thing is with opt out, the onus is on you to know there's an option to start with. Then they make it as annoying as possible so you won't bother and/or bury it to make it as hard as possible to find.

 

Or you reach a point where you may as well dump Firefox and use Chrome because the reason you started using Firefox in the first place no longer exists.

 

Googles Chrome? That would be far worse than FF and that's saying something.

 

Whether they tell you or not. It's the same.

Where is this supposed opt-out option? If not available now please someone post link when/if available.

It'll be worth a laugh to "opt-out".

 

Makes you wonder who really calls the shots at Mozilla.
The Mozilla Foundation has (or had) a list of principles that were supposed to define their purpose, one of which said,

IMO they have consistently failed to live up to that standard and worse, ignored it and worse still, acted in opposition to it.

 

The mainframe owns you - abandon the illusion that your smart-dumb client could ever escape.

 

This is a bit exaggerated, IMHO. Yes, I, too, would prefer opt-in. On the other hand the important aspect here is how they are planning to do it (and it is still a plan). They are planning to use Differential Privacy and if that Wikipedia article is not completely wrong this seems to be a sound and accepted concept to protect one's privacy. It surely depends on how they will implement it. But since the source code is openly available it will certainly be deliberately scrutinized by the EFF or whoever.

 

This **** is flying so fast through the doors one can't count on the EFF nor anyone.

Considering Firefox & EFF are just a couple of the many players.

Privacy at best is a tube of toothpaste with millions of pinholes. Many people like ME don't know how & are too lazy to brush without that paste. But I floss so I know what's there & am not deluded.




I love creative writing but I can't seem to translate my writings to quippets in long form mostly just postings.

 

Lol! I think this has been happening for a while.

 

I've noticed this for a while now.

 

and if too many folks opt out, updated version of the browser ignores the established prefkey
~~ superceding it with a newly-introduced "yadda.something2.enabled" prefkey.

dance, dance, dance...

 

Waterfox is an interesting alternative, I agree.
It is a mature project (577,000+ github commits, spanning several years https://github.com/MrAlex94/Waterfox )
and AFAICT it has been pulling in the "Tor Privacy Uplift" patches, through ff v55
and states a goal of maintaining support for "legacy addons", unlike TorBrowser which is already
https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~ff59-esr
tracking/planning to rebase on ff59-esr

 

Good point. Someone commented that they would file a complaint under GDPR

 

I don't know. Is there really such a thing as "internationally illegal"? Who would get to say? The UN?

 

Yes, that's been a common reaction. So what's the next best option, now?

 

I don't think that this is implemented yet. This is the public comment phase. Maybe the wave of criticism will deter them.

 

I gather that developers are really hot for this. They argue that they can't optimize Firefox without reliable data about where it doesn't work well.

 

Mozilla Testing New Default Opt-Out Setting for Firefox Telemetry Collection.

Firefox team has decided it will implement a technique called "differential privacy" for
collecting the extra user data it needs.
Support for "differential privacy" will be done by embedding Google's RAPPOR project
(Randomized Aggregatable Privacy-Preserving Ordinal Response) which is currently used for
collecting anonymous usage data from Google Chrome users.

Responses to the Google Groups discussions on opt-out setting have been generally negative.

https://www.bleepingcomputer.com/ne...out-setting-for-firefox-telemetry-collection/

 

Sure. That's all fine, in theory. But the idea of collecting all of that data, from users who are too clueless to opt out, is just plain creepy. The history of data depersonalization is not encouraging

 

Cool! I'll check it out. Thanks

 

That sounds like bs to me. If they want to know how well it works all they need to do is set up test websites and use it but as usual in these kinds of scenarios we will never know who these developers are and what their real agenda is.
I have been meaning to try to trace through the Mozilla forums and bugzilla who decided it was an "improvement" to remove the browser feature that allowed the user to view the site certificate and fingerprint information. They replaced it with a message that just said this connection is secure.
That right there is a smoking gun. It is evidence of a deliberate action to weaken security.
Everyone in the industry knows who Steve Gibson is and everyone in the industry knows about his fingerprint service that breaks MITM attacks. IF you can view the site cert fingerprint in your browser.
I'm truly sick of this **** and no one wants to say anything. It makes me wonder has everyone had their ****** cut off or are they just putting something in the water nowadays?