Firefox telemetry unstoppable in PPA?
Since the integrity environment gunk, I've switched all boxes over to use Firefox as primary. This took a lot of configuring, as Firefox out of the box brings… a lot of stuff I don't want.
One of those things is telemetry — whatever that means to Mozilla — that was tamed only with a combination of an enterprise profile (hi sudo!) and user.js hacks.
However, the policy and user.js changes don't work on the Ubuntu box, where I've installed Firefox from the PPA to get it out from under Snap (and thereby usable with a password manager). The policy locks down and disables the right configs and the configs all have the right settings, but it keeps pinging incoming.telemetry.mozilla.org. Two Macs and a Pop!_OS box don't ping Mozilla at all with these settings.
No harm no foul, I just blocked them in NextDNS and laugh in their general direction. I just wonder what else is different in the PPA.
Or just switch to LibreWolf.
i did try that but the never-dark mode blinded me. i understand the reasoning, but absolute anonymity isn't my own threat model; i'd like to be able to use themes and resize the window
That can be fixed at the cost of making yourself easier to fingerprint. There’s nothing LibreWolf does regarding privacy settings that you can’t undo, to my knowledge. But it will always be missing telemetry no matter what options you change.
thanks, i'll look again. it's not that i love the idea of being fingerprinted; i just think that five mylar bags, four tin hats and a partridge in a pear tree won't save me from that. i need my password manager, and once that's in, enforcing a generic screen is silly - cow's out of the barn. but not having the arms race against pocket and telemetry would be a big bonus.
Like the no default dark mode for websites? I just use the Dark Reader extension.
You can turn that off. Go into about:config and look around for relevant settings.
People speak very good thing about Firefox but they like to hide and avoid the shady stuff. Let me give you the un-cesored version of what Firefox really is.
Firefox is better than most, no double there, but at the same time it adds unique IDs to every installation: https://www.ghacks.net/2022/03/17/each-firefox-download-has-a-unique-identifier/
Another thing they do is a LOT of calling home. Just fire Wireshark alongside it and see how much calling home and even calling 3rd parties it does. From basic ocsp requests to calling Firefox servers and a 3rd party company that does analytics they do it all, even after disabling most stuff in Settings and config like the OP did.
I know other browsers do it as well, except for Ungoogled and because of that I’m sticking with it. I would like to avoid programs that need no snitch whenever I open them. ungoogled-chromium + ublock origin + decentraleyes + clearurls and a few others.
Now you're free to go ahead and downvote this post as much as you would like. I'm sorry for the trouble and mental break down I may have caused by the sudden realization that Firefox isn’t as good and private after all.
Phoning home isn't necessarily a bad thing (but I agree that it shouldn't do it without express consent) because a lot of app development nowadays is supported by analytics. Crash reports, A/B testing, feature discoverability, etc.
If anything, I generally trust FOSS projects that ask for analytics more than I trust the typical data farm.
the unique id is probably also not meant to be sinister either but that's definitely more of a red flag than phoning home in principle imo
Phoning home in snitching. It is unacceptable as you said unless authorized by the user and should never be configured by default. I really tell people to fire up Wireshark and see what Firefox does, and yes in includes analytics 3rd parties even after a TON of tweaks and stuff disabled.
How can this be even acceptable, whatever they say, they're simply serializing every instance of the app it will eventually get into some crash report, log or 3rd party analytics company...
You can type
about:telemetry
into the URL bar to see what it sends.well i feel stupid now for not doing the obvious. but…
on the PPA box, this is what it showed me (meanwhile it was attempting to connect to incoming.telemetry.mozilla.org). another symptom of displaying respect for enterprise policies but in fact ignoring them. (as i had mentioned, on this box all of the settings look locked down as they should be, but it's still attempting to send telemetry.)