Waterfox

Waterfox is a web browser that is a fork of Firefox.

Spyware Level: High

Waterfox is a fork of Firefox that claims to be more private and secure than Firefox. However, Waterfox contains telemetry and shares information about you with Mozilla, and has other spyware features.

Waterfox connects to spyware services when it is first run

If you start up Waterfox for the first time, it will make 109 requests^[5] to several spyware platforms, most notably Google Analytics, and Mozilla online services like its Geolocation service, and several other Mozilla services, as well as Waterfox's own update service. You can look at a list of these requests here or on a mirror here.

Waterfox has a communication problem

There has been some controversy over Waterfox's privacy policy^[1]. At the time of writing, it claims that Waterfox sends "Webpage data to Google's SafeBrowsing service," meaning that at one point, both Google and Waterfox were spying on all of your internet activity. However, according to this reddit thread^[2], this is no longer true: therefore, Waterfox's privacy policy does not necessarily reflect what information the browser currently collects. The lack of detail and clarity in the privacy policy is also very concerning. For example, in the abovementioned section titled "Webpage data to Google's SafeBrowsing service," there are links to a Firefox Knowledge Base article and Google's privacy policy, neither of which actually explain what data is sent by Waterfox to Google. If this were still accurate, it would have some serious privacy implications (and would certainly bump up the spyware rating of this program). An inaccurate and outdated privacy policy — i.e. one that does not correctly explain what information is being shared — is a serious red flag for any privacy-conscious user.

Waterfox "phones home" with information about your computer whenever you start it up

According to its privacy policy^[1], Waterfox collects the following information by default:

• Waterfox version
• Operating system
• Language settings
• Installed Waterfox Add-ons

Waterfox shares this information with Mozilla and will collect this information every time you launch Waterfox.

Waterfox offers spyware search engines to its users and uses Bing as its default search engine

By default Waterfox is using the spyware search engine Bing. Why would a privacy-based Web Browser offer this search engine by default? The other offered search engines are not much better- we have the option of searching with Google, which also logs your internet searches, and Ecosia, which also logs your internet searches (but it gives them to Bing). Luckily there are some more private search engines offered, like StartPage and DuckDuckGo. What is concerning is the attitude that the developer of Waterfox has towards these spyware search engines:

"Bing is actually quite good for privacy as well (let's not forget Mozilla even suggested them as a more privacy focused search back in 2009)."^[3]

It's very clear that while the browser advertises itself as very privacy focused, the actual words and actions of the developers aren't consistent with this claim.

Waterfox sends all website notifications through Mozilla's servers

If you enable notifications on a website, all of those messages will be sent through Mozilla's servers. According to Waterfox's privacy policy^[1], Mozilla cannot see the content of said messages. However, Mozilla will receive the following information:

• Number of Waterfox subscriptions and unsubscriptions to website notifications
• Number of messages sent
• Timestamps
• Senders (which may include specific website providers)

So, Mozilla can see who is sending notifications, when these notifications are being sent, how many notifications are sent, and how many websites you have enabled notifications on. Waterfox collects all of the above, and additionally sees your IP address for each notification sent.

Waterfox is integrated into the "Firefox Accounts" spyware platform

The "Firefox Accounts" platform allows you to sync a lot of sensitive information, such as your internet history, across all of your devices. This is, of course, all being stored on Mozilla's servers.^[4] This feature is opt-in spyware, but it should still be mentioned. If you don't want your internet history to be uploaded to Mozilla servers, don't use this feature.

Waterfox is self updating software

Self updates are a spyware feature since they are usually ways for the developer of a program to put spyware into their software without presenting it in a prominent way where the user can understand what they are giving up when they download the update. Given Waterfox's bad communication, this is especially likely to happen.

Sources

1. Improve security for users everywhere [web.archive.org] [archive.li]
2. What happened to Waterfox's devotion to user privacy? [web.archive.org] [archive.li]
3. Waterfox and Ecosia — Privacy Concerns [web.archive.org] [archive.is]
4. Access Mozilla Services with Firefox Account [archive.li]
5. How to choose a browser for everyday use? [web.archive.org] [archive.is]

---

This article was last edited on 6/2/2018

If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on Codeberg. All contributions must be licensed under the CC0 license to be accepted.

Back to catalog