browsers. Its developers have earned it a reputation for being a "privacy and security-based browser, respecting the user" - but is it justified, or just marketing? In fact, over the years they have made several anti-privacy (and generally anti-user) decisions, but this article will focus exclusively on spying. Version tested: 52.5.0, with the default settings. Program used for testing requests: Mitmproxy.
Whenever you start Firefox, it makes this request: <br><imgsrc="../images/request.png"><br> In fact, it makes it every time you go to a website, and even a few times in a row for a single website. So Firefox "phones home" all the time, without your knowledge. <b><fontcolor=orange>Can be disabled ONLY in about:config</font></b>. But, since you've already started Firefox, it will make this request at least once.
<h3>Automatic connections to some websites you've visited, including their trackers</h3>
<p>
Websites you visit most often are added to the New Tab panel. When you then open a new tab, Firefox will sometimes make requests to the sites in there, including some of their trackers. I haven't determined how it works yet. Sometimes it doesn't make the requests at all; other times you end up with hundreds of images, scripts, trackers, etc. loaded simply because you opened a new tab (without visiting any website explicitly).
<b><fontcolor=red>Was NOT able to find a way to disable this</font></b>, even in about:config.
<h3>Firefox tracks users with Google Analytics</h3>
<p>
Firefox has been integrated with the spyware platform called "Google Analytics"<sup><ahref="#1">[1]</a></sup>. Firefox has been confirmed to now send analytics to Google. According to a Firefox developer the spyware in Firefox is "extremely useful to us and we have already weighed the cost/benefit of using tracking." and that Firefox will not remove Google Analytics support entirely. Firefox's position on privacy is made very clear with this quote:
</p>
<p><i>"Wanted to address your position though:
We don't give the "data directly to Google". See the discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=858839. The short version is:
tl;dr: We now have an option to opt-out of Google doing anything with the data that Google Analytics collections on Mozilla websites. GA tracking is anonymous and at the aggregate level and we use it to improve the experience of our websites.
We are collecting aggregate and non-identifiable data in numbers to ensure our development/UX changes are met well. We can respect privacy and still have analytics; in fact Mozilla's aim is for an experience that values user privacy and usability (I'd say Apple also wants UX that fits that mold, as an example). We need some data, anonymised and aggregated, to do this.
The best takeaway to this is that Mozilla wants to pretend that including spyware in their program is somehow not a breach of privacy, and that Firefox could possibly be respecting user privacy while simultaneously collecting data on users and sending it to Google. It's strongly suggested to read the github thread and the further anti-privacy statements the Mozzilla employee makes while defending the spyware features in Firefox. It's very dangerous to assert that there is somehow a middle ground between respecting user privacy and datamining the user.
Allegedly used to protect you from "phishing" websites, but in the end, it makes a bunch of requests to Google every 30 minutes (according to Mozilla), including a POST request with your Firefox version and a unique, persistent, hidden cookie. Since whenever the current URL matches an entry in the cached local blacklist a request is made to Google servers, ostensibly to test whether that website is still on the master online blacklist, it allows Google to monitor specific websites transparently to the user by putting the URLs of interest on the local but not the online blacklist. <br><imgsrc="../images/safe_browsing.png"><b><fontcolor=orange>Can be disabled ONLY in about:config.</font></b>
From the horse's mouth: "For example, FHR sends data to Mozilla on things like: operating system, PC/Mac, number of processors, Firefox version, the number and type of add-ons. The data collected by FHR is tied to a Document ID that corresponds to a browser installation (explained above in question #4) so that the data can be correlated across a limited window of time."<sup><ahref="#2">[2]</a></sup> Also, according to Mozilla, new versions of Firefox will also collect telemetry data by default. <b><fontcolor=lime>Can be disabled through the GUI.</font></b>
violations would take up this whole article. There are similar services with better privacy policies, but in the end, they still store the things you view in "the cloud". A real privacy-based browser would not be integrated with them by default.
</p>
<fontcolor=yellow><b>Can be disabled in about:config</b></font><sup><ahref="#8">[8]</a></sup>
Firefox has a file with list of blocked addons that it considers "malicious" and it makes a request to update it every day (even if you don't have any addons installed). <imgsrc =../images/blocklist.png"> The request includes a <b>uniquely identifying</b> browser installation ID. <b><fontcolor=orange>Can be disabled ONLY in about:config.</font></b>
Firefox will send information about almost every basic operation that you do back to Mozilla. This is tagged with a unique client ID and an ID for your current session, and any relevant information related to this action.
Essentially, while this feature doesn't broadcast your search history to Mozilla, it proives an incedibly detailed walktrhough of exactly how you use Firefox's user interface. This can be disabled and is an opt-out spyware feature. You can disable it through the GUI as described here:
This reveiew is also accompanied by a page about how to configure Firefox to be more privacy respecting, and links to other projects that have been created to solve this
problem. You can read about that <ahref="/guides/firefox.html">here.</a> These are some of the flags in about:config mentioned earlier in the article, and the values that
If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <ahref="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
