Firefox maker Mozilla deleted a promise to never sell its users’ personal data and is trying to assure worried users that its approach to privacy hasn’t fundamentally changed. Until recently, a Firefox FAQ promised that the browser maker never has and never will sell its users’ personal data. An archived version from January 30 says:
Does Firefox sell your personal data?
Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise.
That promise is removed from the current version. There’s also a notable change in a data privacy FAQ that used to say, “Mozilla doesn’t sell data about you, and we don’t buy data about you.”
The data privacy FAQ now explains that Mozilla is no longer making blanket promises about not selling data because some legal jurisdictions define “sale” in a very broad way:
Mozilla doesn’t sell data about you (in the way that most people think about “selling data”), and we don’t buy data about you. Since we strive for transparency, and the LEGAL definition of “sale of data” is extremely broad in some places, we’ve had to step back from making the definitive statements you know and love. We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).
Mozilla didn’t say which legal jurisdictions have these broad definitions.
Yes, they allow full avoidance of any potential data collection through the browser, if they remove the collection features.
Mozilla would need to change their licensing terms to prevent forks from being able to remove things like that, and forks could just use the last version of the code before the license change and just backport new features.
Also Firefox is fully open source, unlike chromium which relies on a closed source binary blob in the middle. Some chromium forks have replaced the binary blob with open source code, but the default is for chromium forks to have a nice chunk in them controlled by google that no one can deeply inveatigate what it does. Firefox does not have this issue.
Mozilla can’t hide any potential data collection in Firefox due to the full open source nature (unlike chrome forks). They also can’t stop fork devs from stripping out any data collection functions. And as of today, they have not introduced any data collection that is not supremely anonymized, and they have not introduced any data collection that cannot be opted out of through the browser settings (and about:config).