Introducing a terms of use and updated privacy notice for Firefox

> Acceptable Use Policy links to https://www.mozilla.org/about/legal/acceptable-use/ which says "You may not use any of Mozilla’s services to[

So the text of the policy itself limits its scope to Mozilla Services.

But the purpose of that section is unclear to me. If it just means you have to comply with that policy when using features that use Mozilla services, why is that section necessary, since the license for the services should already apply.

If it is trying to mean that all the terms for Mozilla services also applies to any use of Firefox... that is really clumisily written, and also just generally terrible.

Welp, they stopped being open source, then. From the OSD:

6. No Discrimination Against Fields of Endeavor

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

Mozilla's management and legal has always been amazing when it comes to unforced errors. These changes are actually pretty normal, but they're also worded more scarily by being more encompassing than they need to be. Mozilla has always sucked when it comes to communicating with the outside world.

> Either their legal team made a mistake, in which case they should correct it and issue an apology ASAP

I don't think it is a mistake but more the translation of a vision and strategy that took hundreds of meetings to be laid down very precisely.

I have nothing to back what I am gonna say but I am wondering if their strategy might be to truly become the default browser of governments who are uncomfortable having Chrome or Edge as the default browser. Especially since now they get augmented by a lot of AI.

Firefox has it largest market share in Europe and Germany it seems and with the concerns with are hearing over there about Big tech I wouldn't be surprised at some point some govs try to make their workstations Firefox only.

Also some governments are trying hard to restrict access to porn, violence and social media for children but we know it is almost impossible to do it at the network level. So they might try at the browser level with the help of Mozilla and some "sanctioned Internet AI safety" inside the browser?

I really don't know but think about it, Mozilla is a dead man walking with it's 2% market share and huge cost of maintaining one of the most complex piece of software. They have to do something about it.

What just tipped me off is reading on Wikipedia [0]:

> On February 8, 2024, Mozilla announced that Baker would be stepping down as CEO to "focus on AI and internet safety"[2] as chair of the Mozilla Foundation.

- [0] https://en.wikipedia.org/wiki/Mitchell_Baker

> It's against the Terms of Use to use Firefox to... watch porn?

Firefox isn't a Mozilla service. The Mozilla services are things like account sync, or the review tool they use.

I'm pretty sure this is about Mozilla services. AFAICT, Firefox itself is licensed under the https://de.m.wikipedia.org/wiki/Mozilla_Public_License and as such doesn't put any restrictions on how you use the software.

> I recommend switching to an alternative browser which is only a browser, like Dillo, Ladybird, or Netsurf.

Did not know any of those alternatives thanks for sharing.

After a quick online search, I see they could work for casual browsing and it's great that they don't rely on Chromium

But do you think these can be a full browser replacement without extension ecosystems like ublock origin et al.?

The applicable laws of North-Korea might differ than the applicable laws of Russia which may differ from the law of Qatar, etc. It might be even impossible to uphold this world wide even if you tried.

So i guess it's more a 'we at Mozilla don't want any trouble' thing.

Here's my question: in light of what Mozilla is doing, why don't other forks like Waterfox or Librewolf write a manifesto/contract saying they'll never sell your user data and won't turn "evil" (until they do, of course), and then decide to offer a paid version of their browser.

Two possible outcomes:

1. No one cares. No one pays for it. Nothing changes and nobody loses anything.

2. Enough people pay for it to keep the product healthy and the user-centric promise alive. The Internet is saved.

So why isn't anyone trying to replace Mozilla yet, with a more sane business model than living on the back of Google's fear of antitrust investigation? What's the worse that can happen?

Just sell a bonafide paid version alongside the free one, don't just rely on donations. There is a massive difference between offering a paid product and begging passers-by to spare some change.

Most of the other "forks" (e.g. Librewolf) are just patches on top of vanilla Firefox sources, so it's really not a whole lot to scrutinize by hand. I've skimmed at least most of the patch files personally just out of curiosity. In my distro of choice, NixOS, the sources are built by Hydra or my local machine, so I'm not trusting that their binaries match the source either.

That makes it a bit easier to trust, but it does run into the issue that it stops working if Mozilla hits a certain level of untrustworthiness.

They got more than $7B to build a browser.

"I appreciate the constant existential wobble Firefox faces"

I would also love to face $7B existential wobbles.

Hey, thank you for Waterfox! I'm using it a lot across all my machines. Well done!

> I appreciate the constant existential wobble Firefox faces

The wobble seems to somewhat artificial. I'm having trouble believing Firefox could ever not be able to afford to continue browser development — there are way too many interests at stake. Google alone would have no choice but to bail Firefox out because Chrome can't be the only browser without being regulated to hell and back.

I don't see how a regulated entity is better in any way than an individual.

We repeatedly see attacks on freedom and privacy by the people who are supposed to protect them, those so-called "regulators": chatcontrol, recent UK backdoor wishes, repeated French proposals to enforce DRM even on opensource. And I wouldn't even google Russia, China, or other less democratic states.

Regulated is probably worse than some anarchistic who-knows-by-whom software, but FOSS and auditable these days, tbh. Especially as everyone's audit capabilities grow day by day with AI. It's kind of good at grinding tons of code.

A heavily regulated entity with all licenses in the world might be more hostile toward users than some niche project.

> I should point out, it seems daft to me when others suggest using forks with no well-established governance of their own, essentially shifting trust from an organisation at least answerable to certain regulations, to individuals with no proper framework or guidelines

Individuals that care about these things have a far better track record than any business with employees, bills to pay, and investors.

>it seems daft to me when others suggest using forks with no well-established governance of their own

Yes, it may be that we are jumping from the frying pan into the fire. On the bright-side this opens up an opportunity for a company, or a suite of companies, to fund an alternative browser. Such an entity might have Signal at its lead, or similar, who's mission is solely to "tighten up" the software stack on which it runs.

Absolutely agree. The blog post is claiming the opposite to what their ToS is granting - but one is fluff (that will be forgotten soon) while the other is legally binding. I cannot imagine applications like browsers that would require such an unrestricted license for user input just to do its service. That clearly indicates some "other" future motive that is underlined by the notion to remove the FAQ entry and other past actions towards an advertising future at Mozilla.

Am looking forward to explore some of the alternatives. And no, I don't want a just a correcting/updating/informing follow-up blog post of how we the users got it all wrong. In fact, the current UPDATE makes it worse:

"UPDATE: We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice."

vs. the ToS:

"You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet. When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox."

No - you don't need a license for my input. Just pass the butter, it's not your job to "use that information" in any way, form or shape. How did you survive 26 years without any license to our input? What did legally change that would require that license? No one asked you to: "We use data to make Firefox functional and sustainable, improve your experience, and keep you safe." (from the blog). What does that even mean? If you have specific use-cases in mind state them clearly, instead of this overreaching general license, that may or may not be misused now or in future. As of this ToS you may very sell my data to AI companies to "help me navigate the internet" which is not even part of the Privacy Notice protection.

Reinstatement your privacy guarantees in the ToS and be transparent about explicit use-cases.

Meanwhile, so long, and thanks for all the fish.

> Finally, you are in control. We’ve set responsible defaults that you can review during onboarding or adjust in your settings at any time: These simple, yet powerful tools let you manage your data the way you want.

"simple yet powerful tools" (derogatory) is how i would describe the windows popup that gives you the choice between setting up a microsoft account now or being nagged about it later

Or they are taking the gamble that being able to continue to use µBlock outweighs the sale of customer data.

Based on this, Firefox has a 2.54% market share of browsers worldwide, so if their goal here is to shoot themselves in the foot and get that number under 2%, mission accomplished.

Firefox is still the lesser of two evils when compared to Chrome with all of its telemetry turned on. And at least it supports a proper implementation of uBlock origin, which Google just broke in Chrome.

https://gs.statcounter.com/browser-market-share

previous discussion from mid 2023 on low firefox market share: https://news.ycombinator.com/item?id=36759162

LibreWolf? It's Firefox without the Mozilla branding

Icecat is the GNU build of the open-source base of Firefox. I think that's the best bet until Ladybird is ready for daily diving.

Fennec on Android.

You can always buy old cars. Can’t use old browsers unless you really like getting pwned.

Brave is fantastic.

I generally wait before jumping on the outrage-train for this reason, but two things stand out:

- Mozilla explicitly deleting "we don't sell your data" statements across their documentation

- Following up to criticism that the statement is vague, bullshitty and open to interpretation with statements that are even more vague, bullshitty and open to interpretation.

By now, they've had time to notice that something is not right and that they need to make a clear statement, and they haven't taken the opportunity.

So, what do you read the end of that sentence mean? Because the way I read it is worse:

> to help you navigate, experience, and interact with online content as you indicate with your use of Firefox."

I don't read that as a caveat, so I'm assuming it means something different to you. To reword slightly and hopefully show how that sentence is coming across to me:

> As you have indicated by using Firefox you have given us the right to...

That bit pretty much sounds like "by using the software you're agreeing to whatever"

Im fully on board that people should try to include or link as much of a story they can so that I can form my own opinion. There are way too many times that I read a reasonable take, then you read the original source, only to find that the reasonable take is completely off base.

In this case I don't have the reaction, but I will agree that in general its a good idea to include more rather than less.

The redacted part here looks to be a GDPR boilerplate for consent. GDRP require consent to be specific. In order to do so the lawyers of Mozilla seems to have used industry standard phrasing to comply with the law, such as "to help you navigate, enhance experience, and interact with {INSERT SERVICE/PRODUCT}".

For those with some interest in legal history, there is similar stories in other boilerplate texts that consumer get exposed to. I always find the background to the WARRANTY DISCLAIMER text to have a fairly funny historical background that is a few centuries old legal case regarding a mill axle. The current form we see now was created as the first example in a list from US regulation guidelines (which reference the mill axle case). A company can use any other form given in that guideline, but as it happens, everyone just jumped on the first example, slapped it onto stuff and shipped it. Lawyers know it is valid for US trade regulation and that was apparently enough for the rest of the world.

> "....to help you navigate, experience, and interact with online content as you indicate with your use of Firefox."

We weren't born yesterday, and companies pull this shit all the time. This sentence is meaningless. You could use this sentence to justify literally any behaviour.

One _easy_ way to read this change:

> "... to help you interact with online content"

Selling your data to have more relevant ads could easily be justified as helping you interact with online content

> as you indicate with your use of Firefox.

Using firefox indicates that you want us to do this.

Or,

we made it an opt-out that is quietly rolled out in an update.

are you replying to wrong post? the linked tweet says:

> Mozilla has just deleted the following:

> “Does Firefox sell your personal data?”

> “Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. "

That tweet is 100% correct, see https://news.ycombinator.com/item?id=43209001 for two links, all references to "not selling personal data" are gone. There is no missing context or truncation here, and this says nothing about terms-of-use (except commit message but that's immaterial)

I can’t take people seriously who think the little frilly PR bandaids that companies slap on these types of statements mean much of anything at all.

For example, “we promise”.

[flagged]

It is really unfortunate.

My Firefox install lately added links to what could be considered not so nice sites for grandmas like amazon.com and hotels.com to the start screen.

It is quite clear they see it as their program not mine program.

I dunno for how long I will stick to using the least worst alternative. To go for custom builds would be giving up on Mozilla.

edit: Toned down language

> You may not use any of Mozilla’s services to: Do anything illegal or otherwise violate applicable law,

No civil disobedience. Bad Mozilla! Bad, bad Mozilla!

I don't read it the way you say. The more restrictive terms are for use of services. If you use firefox, you have to agree not to use the Mozilla services for the prohibited categories, but there are many uses of the browser that are not using Mozilla services.

If you accessed graphic content using the browser, you are not violating the terms unless you put that content up on a mozilla service somewhere. The obvious issue would be some type of bookmark sync. If you bookmarked a graphic url you might violate the terms when it syncs to mozilla, but even then it would be hard to argue that you are granting access to your future self, so unless you used a bookmark sharing service provided by mozilla, I would say its a gray area. So disable bookmark sync. I typically disable all external services in my browser so this would not be relevant.

But my point is that even though you have to agree to the use policy when downloading the browser, it doesn't mean it governs all use of the browser.

IANAL

Isn't the internet for pr0n?

Firefox has Mozilla facilitated services in it, and the license is saying " we get to use the data we see to help the service".

I don't think their AUP considers the browser software a service.

They're covering their asses for something. That could also just mean that the old license/terms/privacy policy doesn't actually cover the data processing they're already doing (i.e. the opt-out telemetry, the account sync mechanism, etc.). If they publicly admit that their previous agreements didn't provide enough legal cover to allow their basic data processing, the class action lawsuit vultures would be all over them.

Something something malice something incompetence.

What basic functionality are they talking about? Do they list it anywhere? Or is "basic functionality" the new "security reasons" for justifying every stupid rule or policy.

I have no idea what I am talking about but could it be related to future AI related features that process user data locally and/or on their servers? At least that would make some sense to me.

Definitely.

There's a hidden motive, or utter incompetence in managing this side of the licensing and communication (either by beginners "better cover you ass" MBA or lawyers thinking, which could mean it's the result of some consulting firm operation).

Either way, the sudden change without proper communication is suspicious.

Absolute bullshit.

Judging from nearby wording, this is primarily geared towards the Firefox account stuff as opposed to the Firefox browser.

(I'm not happy with Mozilla's decision to name everything Firefox, it makes things like this confusing.)

Here's the remaining paragraph:

> If we decide to suspend or end your access, we will try to notify you at the email address associated with your account or the next time you attempt to access your account

It seems like this is not about the browser itself, but rather about Firefox accounts. The wording is pretty ambiguous, though.

Let's not forget this post: https://web.archive.org/web/20210109032814/https://blog.mozi...

This likely refers to Firefox-the-product, not Firefox-the-open-source-project since there's no functional way to revoke your access to a mercurial checkout on your PC.

It's not unprecedented to have an open source license with revocation or termination clauses, either. I recall seeing ones that basically say "If you file a patent suit around this open software, your rights to use it are gone".

[dead]

I have seen discussions of this sort of wording so many times over the years. My understanding is as follows (and I could be wrong, but this is my understanding of why that wording is used). If you use Firefox to upload a file to a website then, legally speaking,the browser is acting as a "publisher"of that file. Because of Draconian laws in many countries, to publish a file you have to have a legal right to the file, therefore Mozilla have to establish that if you use them to upload a file that you are granting them the legal right to publish that file. It has to be worldwide because you may be uploading to anywhere in the world.

As the browser runs locally on our machine, surely its possible to just block firefox phoning home by DNS black holes or even hosts file or something?

At this point my trust in Mozilla is so low that I could almost believe they intent to run the text I download and upload through an LLM nanny that can scold or ban me if anything offends its Californian sensibilities.

> Your use of Firefox must follow Mozilla’s Acceptable Use Policy, and you agree that you will not use Firefox to infringe anyone’s rights or violate any applicable laws or regulations.

> You may not use any of Mozilla’s services to [...] https://www.mozilla.org/en-US/about/legal/acceptable-use/

[flagged]

Try going to gitlab.com with librewolf, you'll see a white page with no content. Librewolf is blocked off from half the internet that uses cloudflare, so it's kind of a useless browser.

Every browser that's not a majority browser will be associated with these kind of blocking risk. I can't risk access to my financially important accounts, nobody can. So to me this is not a feasible alternative.

The only way to build a browser is to act like one of the others, and to behave like one of the others. Can't use brave, given their history, but farbling approach is the most sustainable solution in my opinion.

My remaining hope is that ladybird will actively deny implementing web standards that can be used for fingerprinting.

Something as simple as overflow:hidden is used on every website to force people to get tracked by having to activate JS, and things like this should be something a web browser should protect its users from.

We need a CSS engine that denies setting these kinds of things, because JS fingerprint prevention isn't enough if every website breaks because of it.

If you want a headstart, I tried forking webkit and do exactly this. Project is unmaintained because couldn't work fulltime on it without funding. Maybe somebody else picks it up? [1]

[1] https://github.com/tholian-network/retrokit

I use librewolf as my daily driver after the Firefox "privacy preserving ad measurement" SNAFU last year [1,2]. The fingerprint resistant and anti-canvas functions were different, but I got used to them and I really appreciate the added features.

With that, having everything turned on can break some sites. If a site wasn't all that important and isn't respecting privacy, I just won't visit it. Otherwise, I'll keep another browser around just in case I absolutely must for business or something else.

When Firefox began opting people in by default to leak data to advertisers, it felt like the beginning of the end to me. After looking into canvas and other fingerprinting capabilities, it's somehow still surprising and alarming to me how far companies go to invade our privacy.

1. https://news.ycombinator.com/item?id=40971247 2. https://news.ycombinator.com/item?id=40974112

thanks for the research. I just quickly tried them all. I have an older mac with older FF. Results: librewolf and waterfox wont run (10.15 min) and the floorp (react) website crashes. IceCat runs! and seems to use LibreJS for javascript, so my first few tests failed because you have to individually allow scripts per site. I quite like that idea! although my quick test of breakout (HN yesterday) runs slow/stuttery. A couple other sites are throwing up js console errors, so I need to play around with it more. It did enable me to access the floorp website, but also 10.15 min. I guess this helps me migrate faster to my asahi setup, although I've been trying to keep that one away from daily browsing and the little web of horrors.

I wonder if this FF change is pre AI infection, which might end up affecting these other builds too. Pretty disappointing after such strong privacy promises for so long, whatever the reason for these changes.

you should add zen browser[1] too, i tried some from your list, librewolf breaks some websites (online banking doesn't work) floorp is a good one, but in my experience zen is better.

1: https://github.com/zen-browser/desktop

Iceweasel has been around for sometime:

https://github.com/adonais

https://sourceforge.net/projects/libportable/files/Iceweasel...

Forks can be healthy for a number of reasons =3

[dead]

What's the purpose of gating "we don’t sell access to your data" by "if switch('firefox-tou')"?

        {% if switch('firefox-tou') %}
          <p>Firefox is independent and a part of the not-for-profit Mozilla, which fights for your online rights, keeps corporate powers in check and makes the internet accessible to everyone, everywhere. We believe the internet is for people, not profit. You’re in control over who sees your search and browsing history. All that and exceptional performance too.</p>
        {% else %}
          <p>Firefox is independent and a part of the not-for-profit Mozilla, which fights for your online rights, keeps corporate powers in check and makes the internet accessible to everyone, everywhere. We believe the internet is for people, not profit. Unlike other companies, we don’t sell access to your data. You’re in control over who sees your search and browsing history. All that and exceptional performance too.</p>

"No better place to leave for" seems an apt way to put it.

I think/fear that in the long run, there will be fewer and fewer ways to participate in activities and communities on the web on your own terms, as only a vetted, allowlisted set of client builds (that may be "open source" on the tin, but by that point it is effectively meaningless) will be able to pass CDN "anti-abuse" restrictions. It will not be a better web, but it sure will be more profitable for some.

Yes, I’ll be leaving. I used to prefer Firefox but have long since moved to Safari for browsing and <insert Chromium based browser> for web dev. Every year I give switching to FF a try. I’ve been using it for everything since mid-December but it’s honestly a pretty bad user experience. This is the move that’s gonna make me stop for this year’s trial run and all future ones. It’s simply not worth my time if their ideals don’t align with mine anymore. Safari and Chromium have their issues but I know what benefits I’m trading off for. Without ideals, FF has no standout features compared to the alternatives (for me).

I'll look for somewhere else. Web browsers aren't as special as they used to be, there's a lot more choice now. Funny thing was, I was paying for Firefox through some of their services (VPN) that I had no intent to use.

I quit the original l"Firefox" a long time ago, I've been using librewolf since its release and now zen (also a firefox fork) and I keep ungoogled chromium in case a site is broken on firefox.

I'll stay for the time being because there is no better alternative.

> To HN: Will you be quitting firefox over this change, or is there simply no better place to leave for?

Not to be overly whataboutistic, but we tolerate sooo much more from other players. It's annoying how we hold some to a higher standard, but ignore others doing worse. I get people are disappointed in Mozilla and wants them to do better, but it's a bit like the "we live in a society meme", where those doing good must be perfect or else..

I'll keep using firefox simply because I keep it behind a proxy server with all pocket, mozilla, firefox and google domains blocked.

The larger impact I suspect this will have in my life, is that I'll increasingly turn to not using websites, opting instead to using tools like yt-dlp.

These changes didn't just happen because of a bunch of greedy ad pushers. This and many other changes over the last few decades came about by taking my tax money and pouring it into these companies to gain compliance to state agendas. This isn't something the 'community' will be able to stave off.

If the internet is just going to become another medium like TV, Radio and newspapers were for so many years, adding on top the ability of the producers to watch me watching them, then it's over. The tech community is full of intellectual dishonest sellouts. Game over. Let's push letsencrypt again in response to the state backdooring the certificate authorities, duuurrr. "AI", duurrrr.