Firefox doesn’t share browser history
“To provide our services as described above, we may disclose personal data to: Partners, service providers, suppliers and contractors”
List of data they share with partners:
Technical data
Location
Language preference
Settings data
Unique identifiers
System performance data
Interaction data
Search data
Browsing data
Wished people actually read the ToS instead of just believing a post.
I agree with this sentiment but in this case there is warranted criticism imo (as someone who read the TOS).
This is explicitly said here:
Firefox processes a variety of personal data in a way that does not leave your device, such as browsing history, web form data, temporary internet files, and cookies. This means the data stays on your device and is not sent to Mozilla’s servers unless it says otherwise in this Notice.
Notice how in the last line it says “unless it says otherwise in this Notice”. Upon reading the notice, it does in fact list multiple cases where such data is sent to Mozilla. And not only Mozilla, but in some cases their partners as well.
Learn more about what Campaign Measurement data is collected and shared, and how to opt out. Note: Firefox does not share information like your browsing history, search queries, or saved passwords with marketing technology partners. Mozilla only collects the data necessary to measure and improve our marketing campaigns.
This can mean whatever they want it to mean. Notice how broad that last line is, so many Big Tech companies include a sentence just like it within their TOS and simply use it as a blanket statement to justify collecting whatever they want. Not saying that this is what they’re doing, but to give an example one could argue that Firefox building an extensive user profile on all of their users falls in line with “data necessary to improve their marketing campaigns” because it helps them to better understand their consumer base.
Furthermore, they only say that they don’t provide browsing history and search queries to marketing technology partners. As we can see elsewhere in the TOS, they explicitly include search data and browsing data among the list of data they share with partners. If you ask me, providing data to Google, even if not as part of an established marketing relationship, might as well be providing data to “marketing technology partners”.
Going to the list of Mozilla Service Providers that @jonah provided, there are multiple parties with whom certain data is being shared that I find concerning, the most immediately concerning one being this:
Google Cloud Platform
Purposes of processing:
Cloud computing, including collaboration, hosting and analytics services, Key management, Content Delivery Network services:
Data Processed:
Browsing Data (yikes)
Interaction data
Language preference
Location data
Precise location
Search data
Settings data
System performance data
Technical data
Unique identifiers (big yikes)
Note that this is presumably a separate thing from the data you provide when you use Google search within Firefox, as we can see elsewhere on the same page that it is listed separately with the other search providers and with fewer data points being sent (though obviously using Google search itself will subject you to much more data collection than that, the ones they list I presume are just the ones they receive from Mozilla directly).
The actual implications of all of this is very vague seeing as there isn’t a section in the terms itself which outlines in exactly which cases this data is being sent over to Google, and which types of data are regularly being sent. Something like “unique identifiers” could simply be listed there to give them the option to send that information if they ever were to need to, even if that’s not something they regularly do.
Even if that’s the case, I still find its presence there somewhat concerning as that would technically allow them to send information like that over to Google whenever they wanted to without deliberately coming out to say they are doing so. As far as the legal side of this is concerned, they have already properly disclosed the fact that they may share that information with Google, so whether they do or do not already do that is largely irrelevant to whether or not they could do that.
I’d like a statement from Mozilla outlining what exactly they use this data for and in which cases it is sent. Until they do this, coming to any concrete conclusions about this is probably unproductive, we can’t possibly know if this is something to be concerned about or not until we have further details.
But like I said before, the fact that these things are there at all I find kind of concerning. Why would they put that there as something they may send over to Google if it’s not actually something they send to Google? Wouldn’t that just make them look bad, especially considering their customers are largely people with more of a focus on privacy?
This whole situation is just kind of odd and I think rightfully leads to people getting put off by it. It may not be a problem at all but I think it’s more than fair to want more details when they clearly list things like browsing data and unique identifiers as things they can send over to Google. Just looking at that fact from a surface level alone doesn’t exactly inspire confidence. There’s a chance they genuinely only send those data points in certain contexts and for good reasons, but we can’t know for sure until we have a better idea of what goes on behind the scenes, so we should be pressing to know more.
There are other companies listed among their service providers as well that I also find somewhat questionable, though they similarly may be fine depending on the context. A question I have is why they use so many of these providers in the first place. I think a lot of people forget that Firefox is just an interface for a search engine. Whenever you use something like DuckDuckGo, Firefox doesn’t (or shouldn’t) have a lot of presence in what you’re doing there, whatever Firefox is doing in the background with its “service providers” just feels kind of unwarranted.
I know that browsers have sort of evolved over time to become something more akin to a platform of their own rather than just a tool to use a platform, and that’s fine assuming that the “bloat” of the browser is cut off from the default functions of the browser. But I think something that would be important to know is how many of these “service providers” are actually being used for optional features of the browser, and how many are just baked into Firefox as part of the default experience.
For example, are they sending data over to “x” provider only when I use a certain optional feature of the browser, or is data being collected and sent to Mozilla/some of their partners whenever I do so much as perform a search? I think Mozilla needs to clarify these things because this whole situation could either be:
-
Absolutely fine, assuming data collection/sharing with partners only takes place when you go out of your way to use certain optional features (e.g. Mozilla accounts)
-
Something that puts Firefox’s branding as a “privacy-focused browser” into question at best, or at worst, an ecosystem with a lot of data collection that realistically isn’t that much better than what you’re getting from Google Chrome.
Like I said before, without further clarification from Mozilla we simply can’t know if this is bad or absolutely fine, or at least that’s how I see it.
As a kind of side tangent, I think this situation does a good job of outlining a lot of the problems with modern TOS and privacy policies, 99% of the time they are much too vague and leave way too much room for interpretation to be actually helpful. I can’t remember the last time I read a privacy policy and left feeling confident that I knew exactly what they were doing with my data, most of the time I’ll just end up using the service with the mindset that certain features are most likely using my data, even if I don’t actually know for sure, because of the TOS being worded in such a way that didn’t make it clear.
I feel like if you ever need to be having a conversation like this where you’re arguing whether or not a TOS says it is exploiting your data or not, it’s probably not a very well written TOS. If we can’t even agree on what we’re seeing after viewing the same TOS, how is that our fault, and not the fault of the TOS?
Even if Mozilla ends up being completely in the clear for this, I think there is a point to be made that they need to be more transparent about when certain data is collected and what it is being used for, rather than just using this blanket statement of “if you use Firefox, this is the data we can send to our partners.” I think it’s more than reasonable that anyone would have some questions over seeing things like “browsing data” and “unique identifiers” as things that they send over to Google, the fact that this is something they even need to clarify at all just shouldn’t even be happening in the first place imo.
I’m new here btw (long time lurker) so if I got anything wrong or broke any rules or something by posting this please let me know 
I probably won’t be super active on here as I prefer to lurk but this is something that I wanted to reply to.
