Introducing a terms of use and updated privacy notice for Firefox - https://news.ycombinator.com/item?id=43185909 - Feb 2025 (1060 comments)
THANK YOU California for this definition of selling data, which is accurate, and representative of what people think of when discussions of selling data come up.
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners
Ok, so that’s pretty straightforward. According to CA and other states Mozilla is collecting and selling your data. Which is exactly what everyone is upset about and means exactly what everyone thought it meant.
If you sell the information how many customers you have and how many shoes you've sold last month, are you selling your customer's personal data?
To make that analogy fair for the scope of what Mozilla's doing, the shoe store would have to be selling data about what color shirts people are wearing when they visit the shoe store.
Firefox is installed on my computer, not on a VPS owned by Mozilla. I'm not browsing Mozilla website. Why are they entitled to record and share everything I do?
> (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.
Most people would view a sale as Mozilla getting cash back for the data. But that "other valuable consideration" (which the AG declined to clarify or create a factor-based approach for deciding) makes Mozilla vulnerable to lawyers.
The same parasites that claimed that embedding a chatbot on your website violates the California wiretapping laws and have been extracting cash from sites will figure out a way to do the same to Mozilla. see the wave of CIPA chatbot lawsuits.
For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.
If a search engine partner wants to use search terms to improve their search engine, they only have to look at their own logs. They don't need Mozilla to collect, aggregate, and sell them any data to accomplish that. Mozilla doesn't need to worry about selling data if they never possess that data in the first place.
Your complaint about "other valuable consideration" is just a complaint that the law isn't crippled by stupid loopholes.
That's not the law. The search engine partner using those logs is probably valuable consideration and hence a sale. Mozilla doesn't even need to keep the data; just an api passthrough will qualify.
It's not a sale when the search engine doesn't get those logs from Mozilla. When a user sends a search query to Google using a Mozilla browser, it's Google's privacy policy that applies, not Mozilla's.
> Mozilla doesn't even need to keep the data; just an api passthrough will qualify.
There is no API passthrough in this scenario. Search queries go to the search engine directly without being relayed through Mozilla servers. Anything that does hit Mozilla's servers is entirely optional and unrelated to the purpose of satisfying the user's request for search results.
You don't need to speculate about how this could all be due to innocent ordinary operation of a web browser when Mozilla has already disclosed that they're voluntarily tracking users in ways that are not necessary for the operation of a web browser.
But I think the sense Mozilla are referring to is the more obvious and over-the-top things like selling your name, phone number, email, postal address, your Amazon purchasing history, or to ramp it up more, your passwords, your credit card info etc.
Now people will read even more carefully their privacy policy https://www.mozilla.org/en-US/privacy/firefox/#notice and may find things like:
> Firefox also shows its own search suggestions based on information stored on your local device (including recent search terms, open tabs, and previously visited URLs). These suggestions may include sponsored suggestions from Mozilla’s partners [...] or relevant URLs that are popular in your country.
> Mozilla processes [...] how many searches you perform, how many sponsored suggestions you see and whether you interact with them.
> Mozilla collects technical and interaction data, such as the position, size, views and clicks on New Tab content or ads, to understand how people are interacting with our content [...] This data may be shared with our advertising partners on a de-identified or aggregated basis.
> we share data across Mozilla-controlled affiliates and subsidiaries. We [...] disclose personal data as part of a corporate transaction, such as a merger, acquisition, sale of assets or similar transaction
> [...] retain personal data for more than 25 months, but actual retention periods may vary depending on the type of data and the purpose(s) for which it was collected
[Definitions]
> Technical data : Device type, operating system, IP address, ISP
> Settings: Enhanced Tracking Protection settings, cookie settings, permissions (location, camera, microphone), toolbar customization.
> Location : Country code, city.
> Precise Location: Your precise location (within a few feet or meters).
> Interaction data : How many tabs you have open or what you’ve clicked on. Click counts, impression data, attribution data, how many searches performed, time on page, ad and sponsored tile clicks.
> Browsing data: [...] websites and URLs you’ve visited. [...] (travel, shopping, social media), top level domains (example.com) or specific web pages visited.
> Firefox also shows its own search suggestions based on information stored on your local device
That data stays on your computer ...
> Mozilla processes [...] how many searches you perform, how many sponsored suggestions you see and whether you interact with them.
That description contains no user content: number of searches, number of ads, whether you interact says nothing about you - it doesn't say what you click on or see, just that you clicked.
> position, size, views and clicks on New Tab content or ads
Again, there is no content mentioned, just number of clicks and not what you click on.
> [Definitions]
This section defines terms; it doesn't say they are doing anything.
Advertiser: "Show this to users who like Candles."
Mozilla: "OK"
That's pretty standard and can be used to track people on the advertiser's side still, depending on how the ad itself is served and how clicks on the ad are processed.
If not, when it queries to find out which ads to serve, what data does is sent with that query (or prior to that query)?
https://www.mozilla.org/en-US/advertising/
https://www.mozilla.org/en-US/foundation/annualreport/2024/a...
Advertising is, unfortunately, necessary to funding most of the web, and targeting is necessary to advertising. As a result, users are surveiled and tracked heavily.
But imagine if the targeting could be done without surveillance and tracking - then users could largely use the web in private. It would be revolutionary. That's what Firefox has figured out and is investing more in:
https://www.adexchanger.com/privacy/mozilla-acquires-anonym-...
Yet the second one, which I think would be very much considered close to harmless from my perspective (compared to an alternative of "an ad is shown to everyone across the world"), would, I think, still fit into this metric of your data being sold.
Though maybe I'm misinterpreting what the CCPA's breadth would be.
I have been a bit disillusioned by FF for some time, and would like for them to figure out some version of a business model in order to survive, and so we can know the contours of that business model. Trying to play "we do not do business things at all" with them constantly shipping weird ad-ful features and stuff like Pocket... let's see if we can make this honest!
And I definitely don't want this:
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content. [0]
[0] https://www.mozilla.org/en-US/about/legal/terms/firefox/#you...
Why is my browser serving me advertising in the first place? Because Mozilla is an advertising company now.
I don’t use Firefox and this whole thing is distasteful, but I’m not sure how they’re supposed to cover operating expenses without indirect monetization, or what for of indirect other than ads would work.
Speak for yourself.
Give me a browser that clearly and unambiguously does not sell my usage of it in any way, and I will give you a monthly subscription.
There's a third way: screw revenue, dump all staff not related to browser development and documentation (MDN) and look for government grants to fund that.
Especially the EU may be a target for a well-written proposal, given the political atmosphere it would make sense to have at least one browser engine that is not fundamentally tied to the US and its plethora of bullshit like NSLs.
I would, if they offered a payment-only access to Firefox with no added services and no telemetry whatsoever. I'd pay 50€ a year for that.
Is there some interpretation where “for the purpose of doing as you request” means any purpose they want?
I don't want any language where they get to insert themselves into that chain of behavior. Curl doesn't need a TOS, why does Firefox?
When I drill a hole in my wall, DeWalt don't tell anyone who I am, how large a hole it is, what material I drilled into or even the fact that I actually drilled anything. They don't know any of that, and neither should Mozilla know when my local copy of the browser makes a DNS, HTTP or any other request.
Why do you imply that Firefox showing ads is acceptable ?
Because it isn't acceptable.
The first thing I've done (for years now) when configuring Firefox is to turn off many of the defaults. Advertisements, pocket, search engine, online spell checker, translator, blah blah blah.
They're beholden to who gives them money, which is not us.
FF exists off of good will and the search deal. The more people stop using the browser the less they’re going to pull in from the deal.
Firefox exists off of google and their antitrust deal.
If they can't stop abusing their users, I will look for another browser, goddamnit.
* Blink (Google): Used in everything, from Chrome, Edge, Opera, Qt-Toolkit, Electron.
* Gecko (Mozilla): Firefox. And Waterfox? I assume Gecko is still hard to integrate.
* WebKit and WebKitGtk (Apple and Gtk): Safari, Epiphany and Gtk-Toolkit. Easy to integrate. And the only engine where I’m aware that actually two side actively cooperate in development.
Ladybird an another new engine, implemented in C++. But it is in alpha-state, only for developers. Everyone else who tries to show us a new browser means “use that Google thing with another name on it”.
(It is very usable already in combination with Tauri as alternative to Electron + Chromium)
I honestly think we need to shift our trusted computing base off of C/C++. There's no way a ragtag bunch of volunteers puts enough effort into security when every minor mistake is a disaster :-(
This seems to go beyond "can't stop" to "are actively plotting a course to continue." I've seen a lot of missteps from Mozilla over the years, but I never thought I'd see them selling my data. From seeing the news yesterday to today, I know now I have to stop recommending Firefox, and figure out a browser that I can trust.
Well do it, i had Firefox on all my machines for about 15 years, change to librewolf took like 20 minutes on all machines...and it even feels more responsive, and i dont have have to install uBlock manually and other settings by hand, like disable those experiments mozilla can install:
https://librewolf.net/#main-features
And if you de-install firefox on windows you can even tell them why you did it ;)
I use Firefox. I hate ads. I don't love that Mozilla engages in some level of affiliate deals to pay the bills, but it's the only viable alternative to Google controlling the entire web and doing much worse tracking/advertising at this point, unless Mozilla can figure out some other revenue stream.
Chromium-based "privacy-focused" browsers can only exist as long as they're not popular enough to move the needle on Google's ad business. Firefox derivatives can only exist as long as Mozilla can pay the bills, which they almost certainly can't do if nobody uses Firefox (no reason for Google to pay for search priority for an audience of zero, and no affiliate deals for an audience of zero).
The more people use Firefox forks, the sooner Google controls everything. You might personally benefit in the short term, with "complete" privacy, so I can understand why some might choose that option, but you need to accept that you're contributing to Google's dominance by doing so.
Mozilla could have added years ago a donation or subscription to fund the development of Firefox, but they don't want that. Mozilla wants all the money for its charitable activities instead.
There will be a time when they have no money anymore, but it's only their fault.
Although their $7 mil CEO could have found a way to handle this while not running afoul of the IRS, but she decided to play with a bunch of dead-end commercial endeavors instead. So that's on them.
Describing Mozilla's derailment as "charitable activities" is like describing the Mexican cartels as "self-help groups".
Never forget their "We need more than deplatforming".
Pretty sure that community project will get overwhelmingly big donations from all over.
They were doing fine as a business under Eich, whatever you think of him. They make over $500M just from their search box - and frankly, that is way more than you need to make a fantastic browser. And Thunderbird.
Baker took home over $7M a year for the past six years, and though she stepped down as CEO, we don't know if they even cut her pay, or what the other top tier salaries are [1]. Mozilla is a "open" company, but they announced that they will "not be disclosing salaries" after Baker stepped down.
Kagi makes a browser with 35 employees and ~200K inn sales. And I know, they are not building from scratch - but neither is FF at this point. It is ridiculous to suggest that Mozilla will go under if they don't become spyware.
If it's as innocent as "Firefox has to send HTTP packets to arbitrary web servers to achieve the fundamental function of loading a page" and that web server is considered 3rd party by CCPA, then everyone would understand... this is either poor communication or they are hiding something else (which everyone should rightly assume in this day and age).
Just tell us already Mozilla!
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
And remember, they’re citing CCPA’s definition as meaning “… in exchange for ‘monetary’ or ‘other valuable considerations’”. This is exactly what people mean by “selling”.
It’s not the innocent thing you’re contemplating, about a browser doing its job. It’s specifically about things like serving ads, making that browser “commercially viable”.
Mozilla is stopping claiming they’re never selling your data because they’ve been selling your data for the last few years.
Mozilla is helping perpetuate the illusion that online advertising necessarily includes collecting and selling data about the users who are shown the ads.
See for example,
https://www.adexchanger.com/privacy/mozilla-acquires-anonym-...
"That shared mission is predicated on the notion that advertising and privacy are not – or at least don’t have to be – mutually exclusive."
And it goes into detail on the investment and technology in that area.
> Mozilla collects technical and interaction data, such as the position, size, views and clicks on New Tab content or ads, to understand how people are interacting with our content and to personalize future content, including sponsored content. This data may be shared with our advertising partners on a de-identified or aggregated basis.
There's a lot of tracking data that does leave the user's computer, and Mozilla is trying to justify it by assuring us it's sufficiently anonymized and aggregated—assurances they would not need to make if the data wasn't changing hands.
It's also silly to suggest that targeting advertising without tracking users needs to be "pioneered". It's obvious that Mozilla could have the browser download this month's list of sponsored search keywords and have the browser check search strings against that list, without going off-device. There's no innovation required to implement that. All the attempted innovation is focused on how to exfiltrate data in a form that they can get away with selling.
It's meaningless data to you: It doesn't say what you click on, just where and how big the ads are, and how many times you click. It doesn't identify you or reveal anything about you, except that you clicked on some unknown ads.
> It's also silly to suggest that targeting advertising without tracking users needs to be "pioneered". It's obvious that Mozilla could have the browser download this month's list of sponsored search keywords and have the browser check search strings against that list, without going off-device.
These are the words of someone who hasn't done it. Look at the article; what advertisers want and what the privacy-destroying competition does is much more sophisticated than what you describe. For example,
Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling. (A trusted execution environment is the secure area of a main processor where code can be run safely and in isolation.)
To be fair, the major ad platforms have long offered attribution and measurement solutions, Mudd said. “But they required the data to come into their system,” he added. “In this world, that doesn’t have to happen.”
I'm not sure what you mean by "meaningless data to you". Obviously, the data Mozilla is collecting, aggregating, and selling is meaningful to the buyers. And you're straight up lying about the extent of the data, directly contradicting Mozilla's Privacy Notice.
> Look at the article; what advertisers want and what the privacy-destroying competition does is much more sophisticated than what you describe.
Obviously? What I was describing was how it's possible to target an advertisement without doing any user tracking. What the advertisers want to do and are doing is tracking users as much as they can get away with. And that includes the ad tracking company Mozilla bought.
You are going too far in your 'pile on Mozilla' performance.
I decide whats meaningless to me. Not you. Not mozilla.
At what point does user data stop being user data? I don't think aggregation is enough in some of these discussions, but maybe I'm wrong.
If that's true then it sounds to me like there's some liability to sue for in California courts against Mozilla. I wonder if EFF would be interested
What is collected by telemetry is documented here for desktop [1].
[1] https://firefox-source-docs.mozilla.org/toolkit/components/t...
I feel like the people who understand Mozilla's true principles have long since moved on by this point, and the crowd of those unaware still use Firefox as a daily driver, for better or worse. That crowd might have just moved to Chrome without Firefox as an option anymore.
Although, as I understand it Firefox and Chrome will be closer to each other in terms of 3rd-party data selling from now on with this ToS change.
It became all about the authoritarianism of wokeness. They wasted so much money in ridiculous tangents and became extremely partisan and censorious.
It's still the best browser due to extensions and customization but it's sad to see these news making it not that better than chrome when it comes to privacy.
Absolutely. That would have allowed Firefox to fall to better stewardship.
https://assets.mozilla.net/annualreport/2024/mozilla-fdn-202...
The definition requires Mozilla to do it "in exchange for “monetary” or “other valuable consideration.”". What consideration is Mozilla receiving and from who?
With Mozilla, for example, displaying sponsored links using Firefox Suggest ( https://blog.mozilla.org/en/products/firefox/firefox-news/fi... ) means collecting and sharing personal data (like search keywords, browsing history or bookmarks). This data sharing, with another company, could either be the raw data or the processed data. In either case, it is a problematic issue for any privacy conscious and politically aware user because either party or multiple parties will (or can) create profiles from the data. "Anonymous" data collection doesn't have any meaning here because with enough data points from a particular user, you can reasonably identify a user (either to track them digitally or to even to identify their personhood in real life, for legal or political reasons). This is easier to do so if you also combine it with data from multiple sources. (Which is what the US NSA programs with US BigTech are doing, and why these companies are so valuable today - Data is the new oil).
> With Mozilla, for example, displaying sponsored links using Firefox Suggest ( https://blog.mozilla.org/en/products/firefox/firefox-news/fi... ) means collecting and sharing personal data (like search keywords, browsing history or bookmarks).
That article says it's only opt-in, so you are safe:
As always, we believe people should be in control of their web experience, so Firefox Suggest will be a customizable feature.
We’ll begin offering smarter contextual suggestions to a percentage of people in the U.S. as an opt-in experience.
"They" in this context is Mozilla the organization, not Firefox the process in memory. For Mozilla to collect information, information has to leave my computer and end up on Mozilla's computer.
Funny, I never opt-in to that garbage - and yet Firefox keeps trying to auto-recommend things to me. It does this even in the Firefox Quantum mobile browser.
I don't think Mozilla is being 100% honest.
If it's what I'm thinking, they do it without data about you ever leaving your computer. Look up how it's done - it's game-changing tech for privacy.
"we work with partners, service providers, suppliers and contractors"
But they won't disclose which partners and what Mozilla gets in exchange. Which is opaque, and probably intentionally so.
You can scroll down to the types of data and lawful bases they list for these data exchanges.
[1] https://www.mozilla.org/en-US/privacy/firefox/#how-is-your-d...
Seems safest to assume that if it can be tracked, it will be. And traded too.
JFC, it's funny they try to call this out as some kind of a "weird" definition when that's just... what selling is.
<completely unambiguous definition of selling follows>
50 states, plus Federal laws, and all the other countries of the world and internal jurisdictions is how many possible variations? And before you say "Yeah, but they all mean mostly the same thing", remember it's lawyers we're dealing with, who will happily charge large sums of money arguing over misplaced punctuation and legislators who will happily take bribes from those same lawyers.
This is the kind of clarification we need, the same way we need actual laws so that companies can't play with the definition of "purchase" to refer to what are actually rentals.
Mozilla might be doing very sketchy things with your data, but it's also very plausible that they are doing a reasonable job at anonymization of data but in a way that is still technically classified as selling personal data (in aggregate form).
Per: https://thecpra.org/#1798.145(a)(6)
> Exemptions: > (6) Collect, use, retain, sell, share, or disclose consumers’ personal information that is deidentified or aggregate consumer information.
I understand that people who have a vested interest in eroding any possibility of online privacy and data protection would want us to believe these laws are vague and overreaching - but that doesn’t mean they actually are vague and overreaching.
Like sorry, if your selling point is "privacy" then you can't show ads on the new tab page. Debian was onto something when they called this software "IceWeasel".
> selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information
Mozilla doesn't need my personal information at all to set a default search engine.
Under a loose interpretation, which is what they expressed concern about.
But anyway, if anyone thinks FF or any other browser can survive without such commercial deals needs to get ready to use Safari or other minor browser
What monetary or other valuable consideration does HN get from you when HN serves up someone's profile page to you?
It may also be relevant that Meta is recently upsetting people in Europe for tracking and targeting people in spite of Europe's data protection rules [1].
My guess (and this is just speculation at this point) is that Meta and Mozilla think they're being clever and getting away with some "private" ad tracking and are underestimating how much damage they're doing to Mozilla's reputation.
I doubt the Anonym tech has been built into Firefox yet, but it's clear that the corporate strategic direction is to bet on some concept of "acceptable ads" like Google did in the 90s.
[0] https://www.adexchanger.com/privacy/mozilla-acquires-anonym-...
[1] https://www.reuters.com/technology/digital-rights-activists-...
Their mission and plan for the future is so incomprehensible that it’s probably just easier to assume actual malice.
You can't donate to Mozilla Corporation at all, which is the entity maintaining Firefox and running these acquisitions. You can only donate to the Mozilla Foundation, which funds other campaigns.
The Mozilla Foundation is the parent of the Mozilla Corporation.
There is no indicuation that their current leadership salaries is saner and the fact that their only visibile response to the cricism has been to no longer publish saralies it should be assume that it isn't.
My guess is that they're aiming to pivot to become a Brave competitor, and either find a new (profitable) niche in the market, or just ride the business down to collapse.
Don't forget that private, hard-to-access data is now doubly valuable as AI training data.
That greatly misrepresents what the article says; really Mozilla acquired a company with a mission to get user data out of the advertising industry, which happened to be founded by former Meta employees:
Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla. ...
Mozilla had initially been talking to Anonym, which uses privacy-enhancing technologies to build measurement and targeting solutions, about a potential partnership.
“But that quickly turned into, ‘Wow, our missions are basically the same,’” Chambers said. “We realized that together we could move a lot faster.”
That shared mission is predicated on the notion that advertising and privacy are not – or at least don’t have to be – mutually exclusive.
“We both believe that privacy-preserving technologies are a critical part of the solution to the privacy problem in digital advertising,” Chambers said. ...
Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling. (A trusted execution environment is the secure area of a main processor where code can be run safely and in isolation.)
To be fair, the major ad platforms have long offered attribution and measurement solutions, Mudd said. “But they required the data to come into their system,” he added. “In this world, that doesn’t have to happen.”
Wow, "secure", "encrypted", and "trusted" all in one sentence. They're trying to make it sound as reassuring as possible, but they're still doing tracking.
There is no evidence of risk. A general freakout is not evidence of anything besides maybe some bad acid.
First of all, please don't try to pretend that claims that the data remains encrypted and secure and only in trusted environments are claims that should carry any weight. The data cannot only exist in encrypted form. The entire goal of these systems is to mangle and aggregate the data "enough", then share that result as plaintext with the highest bidder.
> I mean, everything you do on the computer is also in RAM - is that tracking too?
No, not everything I do on my computer is tracking. Most software doesn't keep a long-term record of detailed interaction data. I don't expect my window manager to log how much time each app spends in the foreground. But even for the stuff that is logged, you should be able to understand that the real concern comes from when that information is exfiltrated from my computer, processed by a third-party, and sold.
Your "no evidence of risk" is my "no evidence of a lack of risk", and at the end of the day, I don't see any reason to blindly trust any company on their claims of being benevolent, let anyone one operating in such a historically sketchy one like adtech.
Uh... what do you mean? It's not like every programs has free access to the RAM and can just whatever that's in it, there are boundaries. Just because something exists in RAM doesn't mean it can be read, collected and analysed by someone else.
Also, data existing in "encrypted form" and being executed in a "trusted execution environment" mean nothing either. People whose goal is to collect the data can still decrypt it and read it, and a "trusted execution environment" basically means nothing if they whatever they get by analysing that data in that "trusted execution environment" is going to be disseminated to third parties who may or may not have the capability to use that data to identify you.
It's not nice to accuse people of freaking out over "maybe some bad acid". Even if it's "freaking out", in this case it's actually safer to "freak out" and avoid it than taking your ill-reasoned advice.
But if the data was fully stripped of potentially identifying information, then it should not count as "personal information" under the California Consumer Privacy Act, therefore it should not trigger the "sale of personal information" requirement, regardless of how it's transmitted or what kind of compensation is involved.
The CCPA defines "personal information" as follows:
> “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
(It also includes a list of examples [1], but the examples are conditional on the same "linked, directly or indirectly, with a particular consumer or household" requirement.)
So, which is it? Is the data deidentified or is it not?
Is Mozilla just trying to reduce risk in case someone argues their deidentification isn't good enough? If so, I'd call that a cowardly move.
[1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
Tax this, and give the tax back as reverse income tax to individuals.
Since that is a resounding "yes" and they also have the extremely obvious finance incentive to do so...
You're acting like they didn't have the 2nd option of just not selling the data so the current wording is accurate...
You don't need a license for data you never see. When I use Firefox to type a comment on HN, that comment goes from me to HN. It doesn't go to Mozilla. Mozilla does not need a license. (And no, Firefox doesn't need a license either, because licenses are granted to people and organizations, not software.)
The only possible reason for Mozilla to need a license to the data I type into Firefox is if Mozilla intends to have Firefox send that data to them.
The fact they've issued this update and not clarified the scope as Mozilla services is disturbing.
> Here’s what the new language will say:
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.
They're still broadly referring to "Firefox" with alarming language.
> They're still broadly referring to "Firefox" with alarming language.
"alarming" is a low standard - people get alarmed because they see everyone else throwing a fit.
They say it's only for "doing as you request with the content you input in Firefox" - how is that alarming?
Nothing that I intend to do with Firefox requires any such statement. The mere existence of the statement is evidence that Mozilla's intentions are drastically out of line with what a web browser should be doing.
So what? Millions of people use Firefox. Lots of things in Firefox and their ToS don't apply to me, of course. None of my personal info will be collected at all, based on what I've read.
Less money, not going to happen.
The browser market is highly competitive, and Mozilla’s competitors have orders of magnitude more resources at their disposal. As we all know Firefox’s market share has been dropping over the past years and unfortunately the revenue supporting all of Mozilla comes predominantly from their Google deal (which itself has been risked by the ongoing case against Google)
Unfortunately as well - unfortunate for Mozilla, but fortunate for its mission and users :) - the Mozilla corporation is wholly owned by the foundation, so there is no easy way to raise funds (donations amount to so little compared to its Google revenue). Given no access to traditional fundraising, Mozilla has limited options on sustaining its business.
All this is to say, Mozilla seems to be trying to diversify its revenue hard, and its previous on-brand attempts (Firefox OS, VPN, etc) haven’t yielded the return they expected from them, so I’m not surprised Mozilla is trying to make money off of ads and selling data. I disable data collection, though if it came to it, I trust Mozilla a tad bit more than its competitors to protect my data - initiatives like ohttp give me a sign that at least they’re trying
The amount of money they've squandered is mind-boggling. If their goal had been to develop Firefox/Thunderbird/Mozilla Suite, and they had focused on how to sustainably do that, they never would've needed to diversify income sources.
They could have funded Firefox development for the next 100 years but they’ve pissed it away, and now they’re selling us out. It’s gross.
So - Firefox is the "only" thing they need to develop.
Implies that the browser is the mission, not some social cause is the mission
Google pays Apple 18 billion dollars per year to be the default search engine on Safari. If Firefox had managed to stay just as popular imagine how much more money they'd have been making on search deals these last 5 years and how much of that could have went to whatever mission they wanted. Instead they've got a whole lot of noise adding up to about nothing for income + a much smaller search deal than they should have. That's why "having a social mission" isn't inherently the issue, it's all about the management around balancing how the investment for the social mission is done.
I think GPs numbers are off by an order of magnitude or so though. I remember reading something like Mozilla spending 200 million/year on software development (not all Firefox) so it might take 300+ million/year just on Firefox to really have a big impact from status quo. Someone with the real numbers is invited to correct me on that. Browsers have huge teams of people, even Ladybird is using large components like Skia developed by other browser teams.
Ignoring adblock, I think you could flip it. Chrome and Firefox are basically interchangeable, so if there's little reason to choose Firefox, there's also little reason to choose Chrome.
Wikipedia is doing the same.
When Firefox/Firebird/Phoenix first came out, the org structure wasn't that weird yet. The hybrid structure came a few years later, and even then it was fine for a while, but somehow mission creep set in and they became this ginormous org that did nothing useful, but padded exec salaries at the expense of their only service that people actually cared about, the Firefox browser. They kept adding more and more ads and intrusive partnership and lost marketshare year after year until it became completely irrelevant.
Meanwhile, the Mozilla org tried to become some sort of EFF-wannabe, but heavy on the virtue signaling and low on producing anything of actual value.
At this point, I think Firefox would be better off spun off and managed by another FOSS entity altogether, not whatever the husk of Mozilla is today.
I'm not gonna claim that donations would have rivaled the Google revenue otherwise, but they will certainly be many many times higher than what they are. Lots of people are willing to and even want to set up a regular donation to Firefox as the lone non-Chrome bulwark in the FOSS space. There would have been grassroots efforts to get more people to donate on the regular, hell I would have put in serious work on such efforts if we actually had a way to donate to keep Firefox alive and healthy.
(And others would support exactly the opposite, I’m sure. But no one gets to sponsor what they personally care about.)
I have a lot of trouble seeing what you are trying to defend here -- I really tried but couldn't. I find it pretty hypocritical to say that you disabled data collection while you trust them over your competitors to protect your data -- so you are saying that you trust them but you won't adjust your bottom line to help them succeed anyway?
I really mean well: sometimes you just shouldn't try to appear to be reasonable to a situation that isn't, it actually makes things worse for everyone. I used to do that and have learned some hard lessons.
And that's exactly the problem: treating it like a market. I don't want browsers to be a competitive market, in the same way that I don't want libraries, primary schools, firefighters or healthcare to be a competitive market.
In modern society, they're essential needs, which need to stop catering to the capitalist overlords and need to focus on the needs of the many.
The network effects between website and viewers make the market real and failing to gain a significant market share results in you effectively being cut out and failing to serve the needs of most of your users (unless you can match Chrome's insane pace of development bug-for-bug).
“Interesting to note that the Mozilla CEO earned nearly as much ($5.6 M) as Mozilla received in donations ($7 M)” [1].
[1] https://lunduke.locals.com/post/4387539/firefox-money-invest...
I disagree. There's one dominant player with ~66% of the market, a distant secont place at ~18%, an embarrassing third place at 5%, and then a bunch of also-rans making up the rest [0]. This doesn't look like a particularly healthy, nor competitive, market.
would that be more than my data are worth?
I really like Firefox and u would like it to improve over time and as this is one of my main tools for my work I could consider to spend a little on it
I really struggle to understand what legal team believes this language is necessary in downloaded software. There is a lot of precedent for this kind of language in online hosted services, but not downloaded software.
> This does not give Mozilla any ownership in that content.
Yes, it’s a license. Nothing changes. There is no ambiguity about ownership in a perpetual nonexclusive worldwide license, but this doesn’t explain why this license is suddenly necessary now and wasn’t before.
Clearly the legal team at Mozilla is struggling with multiple issues in this update. Why are these changes being made now, and what is driving them?
Others have discussed the data sale issue, but I don’t see a reasonable explanation for the license issue, and the changing text doesn’t inspire confidence.
Exactly. Even if nothing is changing at Mozilla, their legal team has invented a new interpretation of copyright law. That’s a huge deal from a legal perspective—Apple, Google, Microsoft, etc need to be rushing to add corresponding terms to their applications.
Mozilla PR is dropping the ball completely by trying to sweep this under the rug as ‘standard legal boilerplate’ because it’s not a clause in any other application I’ve ever seen.
Since I use FireFox at work, I don’t even have permission to give Mozilla a license to the content I create on the clock, so I will be switching browsers.
They have their own external repository indexed by extrepo, but "no warranty is made by the Debian project as to the security or quality of the software in these third-party repositories."
That said, I'm not suggesting Mozilla isn't also being wildly hypocritical in their behavior, and hamfisted in their PR.
Of course the question then shifts to, do we need AI in the browser sidebar?
I actually disagree, fundamentally.
This is digital content, so "ownership" isn't the same as for physical stuff.
Lets look at analogies: "piracy isn't theft" (because the original owner still keeps their copy!). Also, surely if Mozilla can sell your data, they must have owned it first! But you also keep your data!
So clearly, to "own" digital stuff is different from "owning" physical stuff.
Then, how do we define "own" for digital stuff? I'd say a sufficient definition would be, "possess and can do whatever".
So when Mozilla says "nonexclusive, royalty-free, worldwide license [...] necessary to operate Firefox", and then in subsequent paragraphs argue that selling ads is necessary to operate Firefox... Yes, we can add two and two together.
Now, apologists will claim that the literal statement in new terms is "nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox", but obviously, the DO NOT NEED A LICENSE for doing as you request in Firefox (i.e. sending POST requests directly to third parties), so clearly there's some shady business involved.
Tbf, any softwares that send your input to an external (like browsers...) should disclose like this too. The thing that sends those data is your software, not you. Otherwise, after you click on the button "Purchase" with your credit card information, the only way to not grant your software the rights to send that information is you driving to the stores and give them your credit card by yourself.
That's why they use these words, which actually can include more activities inside browser
> for the purpose of doing as you request with the content you input in Firefox.
There's a reason I won't interpret serious things by myself if I face legal entities without a proper lawyer.
Yes, Mozilla has been developing and acquiring a host of other services, many of which do involve Mozilla taking possession of user data and processing it. Those services need legal policies that cover Mozilla doing stuff with your data. A web browser does not, because the vendor of the web browser does not need to know what you're doing with your copy of the browser.
Mozilla the legal entity that can be the recipient of a nonexclusive, royalty-free, worldwide license is not the same as Firefox with PID 3808 on my machine. PID 3808 does not need, and cannot need, and cannot receive a nonexclusive, royalty-free, worldwide license to anything. PID 3808 is not a legal person. This fundamental distinction between code I'm running on my machine and services provided by Mozilla is why the legal terms of use for Firefox should not be lumped in to the same document as the terms of use for Mozilla's various services.
Mozilla the legal entity does not need a nonexclusive, royalty-free, worldwide license to the comments I post to HN using my copy of Firefox, any more than Netgear the legal entity needs a license to those comments because a Netgear box is transmitting those packets.
Yes, I know that, you know that, we all know that. This has always been our implicit agreements between us and the softwares. The thing is, are you sure your argument would help Firefox and Mozilla in the court? Can you be Firefox' lawyers when other legal entities approach them nowadays? I don't see any laws that specifically allow those implicit agreements automatically in browsers. Like Epic founder said:
> The license says that when you type stuff, the program can use the stuff you typed to do the thing you asked it to do. This is what programs ordinarily do, but nowadays lawyers tend to advise companies to say it explicitly.
https://x.com/looking5452/status/1895458253854711854
Firefox is made by Mozilla Corporation (https://www.mozilla.org/en-US/firefox/faq/), the codes that run the browser are made by Mozilla Corporation, a taxable subsidiary of Mozilla Foundation. It integrates other services like Password Manager (which includes "Alerts for breached websites" feature), Autofill payment method, Deceptive Content and Dangerous Software Protection, Query OCSP for certificates validation, DoH, DRM, their up-coming AI Chats... All of these would potentially be targeted in legal confrontations. And where would those legal disputes be sent to? Mozilla Corporation, even when those activities are in your Firefox PID 3808. The activities do not limit in just sending data.
If I just make a program for myself or for others but without any big entities behind, I won't need to think about anything. But if my program is backed by a taxable company, any implicit agreements between my program and other users would leave legal concerns for me and my company for sure.
That language had been so broad that it forbade most use of the browser. For example, "send unsolicited communications" so no filing a bug report. "Deceive, mislead" so no playing Among Us. "Sell, purchase, or advertise illegal or controlled products or services" so no online refils of your antimigraine medication lasmiditan or your epilepsy medication (pregabalin) which are schedule V. "Collect or harvest personally identifiable information without permission. This includes, but is not limited to, account names and email addresses" so no browsing any forum where a username is displayed to you. And of course "access to content that includes graphic depictions of sexuality or violence" that rules out watching the nightly news, stream PG-13 and R movies, to watch classic Looney Tunes cartoons, to play Fortnight, and on and on.
why you think that filing bug reports in place inviting bug reports is "unsolicited communication"?
Stay in business, so monopoly arguments can be brushed aside.
But slowly erode privacy on the internet. And slowly lose user base.
They’ve taken billions of dollars from Google since 2005, and now they’re turning their back on user privacy.
Building a browser is expensive, that's why there's only two of them. Even Microsoft considered it too expensive to continue.
However, Microsoft’s mission is profits for shareholders so their calculus ought to be different than Mozilla’s.
It makes sense for a profit-seeking entity to surrender if they don’t see a path for a return on the investment, not so for Mozilla.
Then why post strong comments about how much funding Mozilla needs?
The calculus is very different. IE could be developed at a 100% loss for the company if it still otherwise helped Microsoft, which is what happened. Chrome operates similarly.
Firefox needs to generate enough money to sustain itself indefinitely. So when there are signs their main source of funding may vanish, they need to keep a war chest together and have investments to weather any oncoming storm. Otherwise they just collapse.
They _should_ collapse if the only way for them to continue is to abandon their mission.
That much revenue from a single source was always a significant vulnerability, a vulnerability that leadership failed to address. Poor leadership and wasteful spending is the problem, not revenue.
My recollection is of leadership repeatedly trying to address it, generally for the community to get furious at them and say they shouldn't remotely think of anything except Firefox.
If you're full of methods for Firefox to magically generate several hundred million dollars a year, I believe they're still looking for a new CEO. Be warned though, if you take any of that money for yourself the community will eternally scorn you.
> Mozilla can suspend or end anyone’s access to Firefox at any time for any reason, including if Mozilla decides not to offer Firefox anymore.
This is a direct contradiction of Freedom 0, and is at best a meaningless clause (very bad in a ToS) and at worst a reframing of Firefox to be non-free, either by casting it as a service or something else.
Changed it to ask every time instantly, and I'm not going to be giving Mozilla nearly as much trust ever again.
I don't buy it. I hope some day business schools begin teaching that this ploy is a very bad idea. And if this really is the corporate lawyers being greatly insensitive then force PR and others to review every change they make to any policies that could destroy the company.
Going from "We never sell your data" to whatever those weaseling paragraphs attempt to say, is quite obvious that the users are going to be the product. And it would be better if they'd be straight about it.
I wish they'd rather say "pay us $100 a year, and you'll get a modern browser on all platform that will stop ads and make tracking difficult".
Do I understand it correctly that they can now use everything I read or type in the browser as they please, including for AI training?
Considering that I do most of my work in webbased enail, issue tracker and other internal tools, this sounds like a direct violation of my NDA.
> Do I understand it correctly that they can now use everything I read or type in the browser as they please, including for AI training?
Have you requested that?
I'm presuming there's no catchy legal gotcha around the "doing as you request" clause.
Mozilla should commit to stop doing anything like that. Then we can have a nice clear Terms of Use that promises to not sell data. I think that would alleviate community concerns.
It's webkit-based, and you can pay for it ($150 for a lifetime license).
Will Debian's default browser get switched out for LibreWolf?
I'm still confused about the scope of what this means. Is this post I'm writing now considered "content I input in Firefox"? If I upload an image to my own website, is that content I input in Firefox?
From my perspective, I'm not submitting anything "to Firefox", I'm submitting the content to remote servers and websites. I don't use Firefox cloud services or bookmarks or Mozilla account or anything. Even my bookmarks, I use raindrop.io at the moment.
Anything less and people stop using Firefox.
If other Mozilla services need broader terms, those should be separate.
"we are selling your data, not necessarily anonymised, even though a month ago we had a text on our website said we NEVER would"
These are the places they say they sell user data to be commercialy viable. Search history data is the most valuable data they could steal. Selling it for suggestions turns giving it away to companies into a feature. You can turn off 'showing' the suggestions but the feature could still be active.
That doesn't say search history is sold. And elsewhere they say the provide sponsored suggestions without any data leaving your computer.
{
"@type": "Question",
"name": "Does Firefox sell your personal data?", 1
"acceptedAnswer": {
"@type": "Answer",
"text": "Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. " 9+
}
},In reality there’ll probably be nothing from this, though I’d love to see companies get punished for walking back statements like these.
I'm worried that Mozilla is asserting it needs a license for the information input into Firefox for Firefox to do it's job, since that's factually untrue. So either Mozilla is genuinely confused about this point, which I find unlikely, or they have some ulterior motive. I can't say with any confidence what the ulterior motive is, but I can be pretty sure there is one, and that worries me about the future of the browser landscape.
Weak sauce. Mozilla ought to be apologising here, not blaming its community for being upset at Mozilla's efforts to impose restrictions on its binaries that are in direct conflict with the core principles of Free and Open Source software.
We were discussing this yesterday. [0] It's not 'confusion'. We saw what they were up to, and we weren't happy about it.
I don't mind Firefox doing what it needs to to fund itself. I do mind when it seems like they try to hide what specifically that is. Saying that some places define "sell" as more broad than what you think of is a total cop-out.
Just put up a page that describes every single thing that is taken from the browser for revenue purposes. Maybe it's reasonable, maybe it's not, but it seems like everyone is defaulting to unreasonabl, so..
That being said I'm surprised they dropped the Servo project, it seemed like a step in the right direction?
I actually think working adblockers is a great pitch, not sure what sites specifically the Manifest v2 version of uBlock Origin doesn't work on, but "download Firefox to watch ad-free YouTube" is a great pitch to convince people to use it. Sucks that Apple limited custom browser engines on iOS to just the EU, otherwise Mozilla could focus on full-fledged extension parity on iOS and the pitch would be to get sync + ad-free.
if it's not, why are you putting trust on them more than firefox?
Literally this article. I care about my privacy more than open source. And I care about honesty above both. If open source can’t deliver, so be it.
open ... "about:telemetry"
Blocked Page
Your organization has blocked access to this page or website.
Lots of sane defaults that actually respect privacy and security.
uBlock Origin is installed by default.
No information is sent back to Mozilla.> TL;DR Mozilla doesn’t sell data about you (in the way that most people think about “selling data”)
Three paragraphs later:
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
Sharing our data with advertisers in return for money is exactly the way most people think about "selling data".
Of course this might change with these announced plans, but I want to know if the current baseline can be safe to use (without patching), or whether it's already rather far-gone.
But in this case they are damaging something especially valuable, one of the leading privacy and freedom organizations in the world, during a very dangerous time. (And also one that doesn't buy or organize an army of 'grassroots' support.)
Cui bono?
I think Mozilla has made clear that they use the data for things the user requests. If someone thinks otherwise, please quote the current language (not the language from two days ago).
They also are innovators in privacy-preserving advertising. Almost anything else on the web is much worse: it has ads and collects personal data. Not only does Mozilla not collect personal data, if they can create effective privacy-preserving advertising, they could transform privacy (again) by not only sharing this technology but demonstrating to government that the privacy violations are unnecessary for business profitability.
Yet people are throwing all that out for the energy and excitement of piling on. That's a really bad choice, as far as I can see. If that's not what's happening, why are almost all posts expressed that way? How about some reasonable, calm discussion?
These things aren't as impossible to anticipate as you pretend. This backlash is 100% predictable, 100% Mozilla's fault, and 100% deserved.
But that's not what happened; that's the piling on. Mozilla says they will can use the data to do things that you request them to do.
There's a few ff forks that may work for you. So far I'm quite happy with Librewolf since I migrated this morning, there's other forks that also cover Android, but there's more privacy-related research to do there as alternatives like Waterfox have past drama.
You can delete your Mozilla account here if you want to send a strong signal that privacy matters,
- https://support.mozilla.org/en-US/kb/how-do-i-delete-my-fire...
---
I'm quite concerned about the web becoming closed at this point. Bigger websites are mostly walled gardens, there's an increasingly big amount of generated crap (even before LLMs), and on top of that Chromium is the new IE, which on it's own a bit better than before since the core is open, but still a bad cherry on top, especially since the Ad push from Google. I don't want `chrome://settings/adPrivacy` on my browser as the optimal amount of ads and tracking is zero.
The original IE was closed source, yet it wasn't anything more than just a browser, and people trusted MS on that.
When Flash was killed, enthusiasts re-implemented it entirely from scratch. I'm sure if Mozilla exploded today people would take the source code and continue maintaining Firefox. I'm aware maintaining a browser is complicated, but maintaining an operating system is even more-so, and that never stopped GNU.
I quite frankly am opposed to any entity selling my data, in any way, for any reason, without my explicit consent because it implies you were taking my data in the first place, which is the core issue. It's my data. Not yours. Taking it (eg, telemetry) is what I object to. You selling it, I further object to. Stop. Without exception. To both. Period. The how and why of it does not matter. Worried about the breadth of the law opening you up to liability? Then stop chasing enshittification for your own gain. Don't collect the data in the first place. Its that easy.
The whole some may consider it "legally selling your data" proves this is not just a Terms of Use change in good faith.
For me, sharing my data even with "privacy preserving way" is not ok with the spirit I expected from something like Firefox.
Even just something like "someone open new tabs 50 times with your advertisement there" or "someone went to your website last Friday" is not ok to share about me and my activity!
So sad that corporate assholes took control of the project and try to confuse us with bullshit.
Every home network needs a MITM proxy too.
Once retrieved, I load the DNS data into the memmory of the "MITM proxy". This eliminates the need for DNS queries to be immediately proceeding associated HTTP requests for web pages, etc., or within some DNS cache duration period.
When I use other sources of DNS data^1, I eliminate the need for remote DNS queries altogether.
1. For example, I extract DNS data from Common Crawl data.
Indeed, it does not seem like DoH was implemented to improve life for computer users but, at least for me, it can be useful. It can also be useful for example to computer users who use remote DNS servers where their ISP is hijacking port 53.
1. Test: https://defo.ie
I have been running one for long time now. I depend on it so much that I cannot imagine using the internet without it. It is much smaller and easier to compile than a graphical browser.
Others will have different opinions but I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies that profit from data collection, surveillance and online advertising services, and the CDNs that collaborate with them. While it can be used to protect a computer owner's sensitive data from eavesdroppers as it transits across the open internet, e.g., during "e-commerce", in practice TLS is used to conceal data exfiltration from the computer owner for commercial purposes by so-called "tech" companies. Not to mention the issue of "Certificate Authorities".
IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser,^1 but in practice it provides the most value to so-called tech "companies" that are using it to control _someone else's_ browser to allow unauthorised and/or concealed data collection and surveillance.
1. https://raw.githubusercontent.com/bambax/hntitles/refs/heads...
I think TLS can be helpful (for both sides of a communication), but the browser should not require it, and most servers also should not require it (but should allow it, if you deliberately choose to connect with TLS). HSTS is especially bad (I managed to disable it on my computer by using a hex editor so that the browser would no longer recognize the Strict-Transport-Security header).
Certificates can be helpful if you actually know which ones you specifically trust for a specific purpose (rather than being automatic), and if they will tell you information about a business (although as far as I know, Let's Encrypt does not do this and only verifies the domain name). However, sometimes if a certificate is changed or superseded, due to expiry, or change in ownership, etc, and it does not prevent the server operator from sending you malware; it only prevents spies from doing so. If a domain name is sold to someone else, that does not prevent cookies and other stuff from being sent, or from them adding malware, etc; however, it would be possible for end users to know the certificate to trust and avoid this problem (if a browser can be programmed to do this).
Client certificates could be helpful for authentication too, but this is rare with HTTPS (but it is commonly used with Gemini protocol). But, it does prevent someone who takes over the domain name from being able to use your information to log in, since a private key is required in order to use a client certificate.
Furthermore, the browser really should allow unencrypted proxies for encrypted connections, in order that if you deliberately want MITM then you do not need to encrypt and decrypt the data multiple times.
> IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser ...
Yes, as well as other programming languages (if a browser supports it, which most don't).
(I disable JavaScripts on my computer, except for the scripts that I wrote by myself. I did write scripts to replace GitHub's UI (in much less lines of code than GitHub uses themself), and other things.)
I agree completely.
Google pushed HTTPS because it ensures that they are the only ones who can spy on users.
This doomsday scenario thinking really doesn’t help the discussion.
At least the most useless, overpaid person in SV is finally gone and no longer collecting her $7M salary.
Not like money has ever been a problem at Mozilla - they're sitting on over $1.5B in assets, $500M or so in cash alone. That's despite a plunging market share...
Almost everyone running tech businesses seems to assume that subscriptions or data capitalism are the only way to make any money these days. But I have paid for good software in the past and I know plenty of indie developers who still sell software like a product and do OK with that model. Copies of great software like Firefox could surely be sold - for actual money - to the kind of people who value its independence, privacy, and user focus. Offer free security updates for some reasonable period similar to an LTS release. The web moves fast enough that a lot of people will want to buy upgrades quite regularly anyway just for the new features.
Firefox appears to have close to 200M active users based on Mozilla's published data at https://data.firefox.com/dashboard/user-activity. If they could get 1/20 of those users to pay them an average of $10 per year - that's less than one month of a standard subscription to a major streaming service in most Western countries - then that's $100M/year in revenues. Based on the public financial statements that's on the same scale as their subscription and advertising revenue and their annual spend on development activities.
Another possibility might be to hide some of the developer resources behind some token paywall. Almost everyone I know who works in web dev uses MDN regularly. Firefox dev tools have a lot of useful things about them. Then maybe you can even keep the main browser free and get some revenue from devs - who are mostly going to file it as a business expense anyway and whose employers benefit greatly from the continued existence and maintenance of these resources.
Sure everyone would complain - just as everyone complains about paying a few bucks for a good text or graphics editor they use for hundreds or thousands of hours per year to make 1000x the asking price. But the value is obviously there to many people. I think a lot of Firefox users in particular would probably respect the transparent attempt to keep the lights on without compromising on the USPs that make Firefox attractive to those users in the first place.
This is really just the core of it. I probably trust Mozilla about as much as I trust Google at this point. Leadership is non-existent. Mission and goal is lost. Pointless acquisitions galore. Wasting money on innumerable social programs.
They’ve been at this for maybe a decade at this point. I want to believe things will change, but…
I also think you're overselling how many devs would pay for their resources. Individual contractors? Sure. But anybody salaried? My employer's response wouldn't be "sure, we'll pay for MDN & Firefox dev tools for all our devs"; it'll be "go use Chrome or Edge to debug, and use GitHub Copilot if you've got questions on how the web works". (I recognize that Copilot is crap as an MDN substitute, but the beancounters will take "we're already paying for that" over "new expense" any day.)
So was search.
Look at Kagi now.
To most users yes, but a group of power users like me can make them life-changing money. I'd happily pay a monthly subscription for my web browser.
It just does not need to be a U.S. entity. Otherwise, people without a Visa or Mastercard will be left out.
Crypto is fine for this use case.
I stumbled upon their Orion docs, I find the following concerning:
Orion is a free, lightning-fast, privacy-protecting browser for Apple users, open to the web and all its standards and protocols. One day, we hope everyone will say Orion is the best browser for all Apple devices. We're glad you're here!
I think Apple is still very much a thing in the EU and the Anglosphere. What platform are you on?
Apple doesn't have official stores around here like they do in the U.S., so Apple doesn't enjoy of the market forces like other vendors do.
Just to single out an example, Samsung here takes device trade-ins of both Samsung and Apple devices. If you wanted an iPhone you'd have to buy it at full price new always. Not even carriers offer discounts for Apple devices.
For starters, Samsung in this country has a factory/assembly line making it cheaper for locals, so your device is put together here and also exported to the neighbours.
If you want my claim backed up with numbers: https://bigthink.com/strange-maps/android-vs-apple/
Consider how many other similarly popular software programs charge small fees for their app... I can't even think of a single one. And you can only really charge for binaries, because as soon as one person gets the source, they can distribute it, and then they (or others) can make their own (free) binaries, and then why would anyone pay money anymore.
As for other apps - for my own small development businesses we have spent a lot more than $10/user on all-day-every-day development tools like text editors and diff tools. Also on several other areas like graphics, business admin and communications. For a browser and related resources that we also use on a daily basis whenever we're working on web projects it would be a very quick decision.
I don't accept your premise about only charging for the binaries. You're not going after the people who would rip you off anyway with this model. You're going after the people who genuinely value your product and want to support its continued development. They're going to pay a modest amount without much thought just as we do for several of the software packages we use - despite almost all of them having free (but not necessarily as good in our opinion) competitors available.
Highly disagree... I think if you've been providing a free and open source product to your loyal fans for over 20 years, then suddenly start charging for it, isn't going to get people stepping over each other to hand their money over.
> The reason we’ve stepped away from making blanket claims that “We never sell your data” is because in some places, the LEGAL definition of “sale of data” [is the transfer] of a consumer’s personal information [from one business to another in exchange for something of value].
> [...]
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
This is them saying "it's not that we've suddenly become more evil... we've been doing this for a while... we gotta make money somehow, and advertising and sharing your data is how we do that, but now state privacy laws make us have to be clearer about it".
Firefox gets almost all of its money from Google Search sponsorships and other ads. (https://www.investopedia.com/articles/investing/041315/how-m...). It's not really that different from any other adtech company. It's just one degree away, but most of that sweet user data still flows to Google in the end. Sure, they might obscure some of the PII... but so did FLoC, Google's controversial attempt to keep tracking users after third-party cookies.
Firefox is just a privacy laundering operation for Google and some smaller advertisers. Then Mozilla uses most of that money on unrelated marketing and virtue signaling, pretending like they're some sort of privacy / civil rights champion, when in reality they're not really very different from any other ad-based browser maker — except that they're horribly inefficient at using their millions. All that money and Firefox has still fallen way behind, all while Mozilla keeps pretending they're some sort of enlightened think tank. Nobody actually pays attention to any of their think-tank related work or their other services. Either as a browser maker or a privacy-oriented nonprofit, they're completely ineffective.
If Google stops funding them, they'd shut down overnight, losing 90% of their revenue. And maybe that's a good thing... it's time for a more capable org to take the reins. Mozilla has been a terrible steward, and Firefox went from the thing that saved the internet (from a Microsoft IE monopoly and the super-bloated app suite that Netscape Communicator / Mozilla Suite became) to then crumbling under the poor leadership of its lost decade.
Firefox does nothing else? Mozilla does nothing else? You're going way too far, and by joining the mob and piling on, you're going to destroy all those other very valuable things that Mozilla and Firefox do.
This isn't serious analysis, it's just 'I have my pitchfork and torch; let's burn it all down!'.
It's not pitchforking, it's a legitimate frustration towards the tragic downfall of my once favorite browser. I grew up with Firefox and I'm really sad about what it's become.
As a user, I'm sick of all the spam and advertising and bundled crapware. Every time I launch it or god forbid download it on a new machine, I'm bombarded with a dozen pop-ups for things I don't want, like whatever the hell Pocket is or a dozen new tab ads. Somehow Chrome, from the world's largest advertising company, still manages to be way less spammy.
As a frontend dev, it's been a decade since I've had to resolve any major differences between Webkit and Blink, or Safari and Chrome. But every year, multiple issues with Firefox arise, usually related to graphics performance. Multiple teams and companies I've worked at have deprecated Firefox support because of them, when every other desktop and mobile browser did not have those issues.
Shrug. Maybe the mob is justified in this case. Mozilla's mismanagement drove Firefox from global love and popularity into complete irrelevance. When Edge is more popular, you're really doing something wrong...