Skip to content(if available)orjump to list(if available)

An update on Mozilla's terms of use for Firefox

dang

Recent and related:

Introducing a terms of use and updated privacy notice for Firefox - https://news.ycombinator.com/item?id=43185909 - Feb 2025 (1060 comments)

move-on-by

> The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”

THANK YOU California for this definition of selling data, which is accurate, and representative of what people think of when discussions of selling data come up.

> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners

Ok, so that’s pretty straightforward. According to CA and other states Mozilla is collecting and selling your data. Which is exactly what everyone is upset about and means exactly what everyone thought it meant.

saghm

They also said "Mozilla doesn’t sell data about you (in the way that most people think about “selling data”)", and I'm struggling to fathom what they could possibly think that "most people" think selling data could mean other than "giving your data to someone else for compensation", which seems pretty much exactly what the California law says. Yes, it's embedded in some legalese, but surely Mozilla has lawyers?

kmacdough

I think they're trying to make the distinction between "we sell your searches and clicks attached to your personal id" and "we sell derivative aggregated information like we have a lot of users of X style to advertise to". But it's kinda hard to sift through exactly what they can and can't sell under this.

luckylion

Wouldn't derivative aggregated information not be included in definitions like the one quoted because they specifically about personal data?

If you sell the information how many customers you have and how many shoes you've sold last month, are you selling your customer's personal data?

x0x0

CCPA/CPRA have a very broad definition of sale.

> (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.

Most people would view a sale as Mozilla getting cash back for the data. But that "other valuable consideration" (which the AG declined to clarify or create a factor-based approach for deciding) makes Mozilla vulnerable to lawyers.

The same parasites that claimed that embedding a chatbot on your website violates the California wiretapping laws and have been extracting cash from sites will figure out a way to do the same to Mozilla. see the wave of CIPA chatbot lawsuits.

For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.

wtallis

> For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.

If a search engine partner wants to use search terms to improve their search engine, they only have to look at their own logs. They don't need Mozilla to collect, aggregate, and sell them any data to accomplish that. Mozilla doesn't need to worry about selling data if they never possess that data in the first place.

Your complaint about "other valuable consideration" is just a complaint that the law isn't crippled by stupid loopholes.

bonoboTP

Most people don't think about this stuff and are simply uninformed. Referring to what "most people think" is a cop-out from their side.

But I think the sense Mozilla are referring to is the more obvious and over-the-top things like selling your name, phone number, email, postal address, your Amazon purchasing history, or to ramp it up more, your passwords, your credit card info etc.

wkat4242

The latter is a pretty high bar. Even Google doesn't do that.

fredzel

Most people probably envision selling data akin to shady person trading usb stick in dark alley or hackers selling huge batches of stolen data, so that statement will be true almost by default

LoganDark

most people I speak to about this tend to imagine selling data to be like people cold calling you with scams, getting suspicious advertisements that happen to be about stuff you just happened to be saying in the other room (which actually happened), and stuff like that. in Mozilla's case I'm pretty sure it's whatever Pocket is, considering how difficult it is in Firefox to turn that garbage off

rdtsc

This is a funny case where Mozilla thought they are clarifying their position by pointing out how ridiculously CA defines "sales" only for it to blow up in their face. This is not the first time it happens to companies where in an act of desperation they issue some "apology" or explanation only to make the whole thing worse.

Now people will read even more carefully their privacy policy https://www.mozilla.org/en-US/privacy/firefox/#notice and may find things like:

> Firefox also shows its own search suggestions based on information stored on your local device (including recent search terms, open tabs, and previously visited URLs). These suggestions may include sponsored suggestions from Mozilla’s partners [...] or relevant URLs that are popular in your country.

> Mozilla processes [...] how many searches you perform, how many sponsored suggestions you see and whether you interact with them.

> Mozilla collects technical and interaction data, such as the position, size, views and clicks on New Tab content or ads, to understand how people are interacting with our content [...] This data may be shared with our advertising partners on a de-identified or aggregated basis.

> we share data across Mozilla-controlled affiliates and subsidiaries. We [...] disclose personal data as part of a corporate transaction, such as a merger, acquisition, sale of assets or similar transaction

> [...] retain personal data for more than 25 months, but actual retention periods may vary depending on the type of data and the purpose(s) for which it was collected

[Definitions]

> Technical data : Device type, operating system, IP address, ISP

> Settings: Enhanced Tracking Protection settings, cookie settings, permissions (location, camera, microphone), toolbar customization.

> Location : Country code, city.

> Precise Location: Your precise location (within a few feet or meters).

> Interaction data : How many tabs you have open or what you’ve clicked on. Click counts, impression data, attribution data, how many searches performed, time on page, ad and sponsored tile clicks.

> Browsing data: [...] websites and URLs you’ve visited. [...] (travel, shopping, social media), top level domains (example.com) or specific web pages visited.

mmooss

Based on the parent, all the collected data preserves privacy:

> Firefox also shows its own search suggestions based on information stored on your local device

That data stays on your computer ...

> Mozilla processes [...] how many searches you perform, how many sponsored suggestions you see and whether you interact with them.

That description contains no user content: number of searches, number of ads, whether you interact says nothing about you - it doesn't say what you click on or see, just that you clicked.

> position, size, views and clicks on New Tab content or ads

Again, there is no content mentioned, just number of clicks and not what you click on.

> [Definitions]

This section defines terms; it doesn't say they are doing anything.

koolala

I wish this was more obvious that they don't identify what the 'clicked' New Tab content is. And for Search it could be stored local information and be tracked for suggestions. I wish they clarified the things you clarified instead of failing to mention them.

the_other

How do they decide which sponsored ad to show you?

EasyMark

When you keep the ip address, that often gives people everything that they need, along with "fingerprinting" data. Especially governments and huge corps like facebook/google/amazon, as they have you IP @ {date}/{time} as well. Match it up and you have the golden calf.

rtpg

I feel like there _is_ some daylight between what people hear when someone says "Firefox is selling your data" and, for example, Firefox using your IP address to put you in a rough country-level geoblock to determine whether to show you an ad that was sold to all users in a country.

Yet the second one, which I think would be very much considered close to harmless from my perspective (compared to an alternative of "an ad is shown to everyone across the world"), would, I think, still fit into this metric of your data being sold.

Though maybe I'm misinterpreting what the CCPA's breadth would be.

I have been a bit disillusioned by FF for some time, and would like for them to figure out some version of a business model in order to survive, and so we can know the contours of that business model. Trying to play "we do not do business things at all" with them constantly shipping weird ad-ful features and stuff like Pocket... let's see if we can make this honest!

0xFEE1DEAD

I chose firefox because I don’t want my browser to build an ad network to sell targeted ads.

And I definitely don't want this:

> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content. [0]

[0] https://www.mozilla.org/en-US/about/legal/terms/firefox/#you...

ttpphd

Exactly.

Why is my browser serving me advertising in the first place? Because Mozilla is an advertising company now.

brookst

It’s a weird term, but I’m not sure how “for the purpose of doing as you request” is terrible. To me that means that when you type a url, they have the right to do a DNS lookup for it.

Is there some interpretation where “for the purpose of doing as you request” means any purpose they want?

yencabulator

And I chose Librewolf because I didn't want that, either.

EasyMark

this is why I use librewolf

eps

> Firefox using your IP address ... to show you an ad

Why do you imply that Firefox showing ads is acceptable ?

kehrin

They have been doing for at least a decade by now (e.g Amazon). So why imply it suddenly isn’t acceptable to show ads (in any form)?

rtpg

I mean they integrated pocket right? They sold the default search engine position for billions. That’s something! Not all money making efforts are created equal, though. We judge based on what the effort is in context!

drpossum

> let's see if we can make this honest!

They're beholden to who gives them money, which is not us.

rtpg

It could be us, either directly with money, or even just indirectly by “being the product” but being able to just walk away.

FF exists off of good will and the search deal. The more people stop using the browser the less they’re going to pull in from the deal.

chinathrow

Mozilla, then Phoenix, then Firefox user for over 27y or so.

If they can't stop abusing their users, I will look for another browser, goddamnit.

ho_schi

They are only three viable web-engines left over from the second browser-war:

  * Blink (Google): Used in everything, from Chrome, Edge, Opera, Qt-Toolkit, Electron.
  * Gecko (Mozilla): Firefox. And Waterfox? I assume Gecko is still hard to integrate.
  * WebKit and WebKitGtk (Apple and Gtk): Safari, Epiphany and Gtk-Toolkit. Easy to integrate. And the only engine where I’m aware that actually two side actively cooperate in development.
Epiphany is small and nice, but they need a lot more developers. And I think they should use ffmpeg, gstreamer seems to be a source of issues for many years. But again, they need us, every helper capable of C++ is welcome.

Ladybird an another new engine, implemented in C++. But it is in alpha-state, only for developers. Everyone else who tries to show us a new browser means “use that Google thing with another name on it”.

rapnie

Though not yet ready for the public don't forget the promising https://servo.org

(It is very usable already in combination with Tauri as alternative to Electron + Chromium)

ajdude

WebKit is also used in Orion, but that browser is macOS/iOS only.

yencabulator

I'm still hoping for something to come out of Servo.

I honestly think we need to shift our trusted computing base off of C/C++. There's no way a ragtag bunch of volunteers puts enough effort into security when every minor mistake is a disaster :-(

IYasha

Some more:

* Librewolf, Palemoon, Falkon.

JadeNB

> If they can't stop abusing their users, I will look for another browser, goddamnit.

This seems to go beyond "can't stop" to "are actively plotting a course to continue." I've seen a lot of missteps from Mozilla over the years, but I never thought I'd see them selling my data. From seeing the news yesterday to today, I know now I have to stop recommending Firefox, and figure out a browser that I can trust.

BSDobelix

> I will look for another browser, goddamnit.

Well do it, i had Firefox on all my machines for about 15 years, change to librewolf took like 20 minutes on all machines...and it even feels more responsive, and i dont have have to install uBlock manually and other settings by hand, like disable those experiments mozilla can install:

https://librewolf.net/#main-features

And if you de-install firefox on windows you can even tell them why you did it ;)

WhyNotHugo

Librewolf is a Firefox fork with this crap removed.

scottbez1

And if everyone switches to Librewolf, Librewolf will die because Mozilla will no longer make money and won't be able to devote resources towards maintaining upstream Firefox.

I use Firefox. I hate ads. I don't love that Mozilla engages in some level of affiliate deals to pay the bills, but it's the only viable alternative to Google controlling the entire web and doing much worse tracking/advertising at this point, unless Mozilla can figure out some other revenue stream.

Chromium-based "privacy-focused" browsers can only exist as long as they're not popular enough to move the needle on Google's ad business. Firefox derivatives can only exist as long as Mozilla can pay the bills, which they almost certainly can't do if nobody uses Firefox (no reason for Google to pay for search priority for an audience of zero, and no affiliate deals for an audience of zero).

The more people use Firefox forks, the sooner Google controls everything. You might personally benefit in the short term, with "complete" privacy, so I can understand why some might choose that option, but you need to accept that you're contributing to Google's dominance by doing so.

KingOfCoders

Yes, here too, add Mosaic and Netscape there. Switched to Waterfox, would pay for a full fork.

tannhaeuser

You're saying "will" but what are you waiting for? How many data points do you need to leave FF now they're admitting to collect data and willing to display their own targetted ads, that they make deals with Facebook in addition to making deals with Google, that they're green-washing and pushing Google's efforts to take over the web as a targetted ad medium which has resulted in abandonment of almost all browser development and their own browser share drop to low single-digit figures, with funds directed towards nebulous virtual signalling campaigns but mostly to their management and certainly not towards development or the better of the web?

EasyMark

there are many offshoots, zen, floorp, librewolf (if you want that classic feel), waterfox, etc

ants_everywhere

Mozilla is continuing to dig its own grave

null

[deleted]

tomxor

If they would simply tell us what part of Firefox is affected by the CCPA's definition of "selling user data", there would be no room for misinterpretation and this would be over.

If it's as innocent as "Firefox has to send HTTP packets to arbitrary web servers to achieve the fundamental function of loading a page" and that web server is considered 3rd party by CCPA, then everyone would understand... this is either poor communication or they are hiding something else (which everyone should rightly assume in this day and age).

Just tell us already Mozilla!

chrismorgan

From the article:

> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.

And remember, they’re citing CCPA’s definition as meaning “… in exchange for ‘monetary’ or ‘other valuable considerations’”. This is exactly what people mean by “selling”.

It’s not the innocent thing you’re contemplating, about a browser doing its job. It’s specifically about things like serving ads, making that browser “commercially viable”.

Mozilla is stopping claiming they’re never selling your data because they’ve been selling your data for the last few years.

wtallis

Selling ads isn't even the problem. They could do that and still truthfully, legally claim they never sell your data.

Mozilla is helping perpetuate the illusion that online advertising necessarily includes collecting and selling data about the users who are shown the ads.

inetknght

> Mozilla is stopping claiming they’re never selling your data because they’ve been selling your data for the last few years.

If that's true then it sounds to me like there's some liability to sue for in California courts against Mozilla. I wonder if EFF would be interested

abdullahkhalids

Most of what is collected is recorded in about:studies and about:telemetry. You can disable studies in Settings, and I think most of telemetry.

What is collected by telemetry is documented here for desktop [1].

[1] https://firefox-source-docs.mozilla.org/toolkit/components/t...

xvf33

[flagged]

doright

Would it have been better if Firefox/Mozilla went under as a result of never compromising on their principles for income 5 years ago, as opposed to continuing to exist in this less than optimal form today? If the business incompetence of where to put all the existing money were resolved.

I feel like the people who understand Mozilla's true principles have long since moved on by this point, and the crowd of those unaware still use Firefox as a daily driver, for better or worse. That crowd might have just moved to Chrome without Firefox as an option anymore.

Although, as I understand it Firefox and Chrome will be closer to each other in terms of 3rd-party data selling from now on with this ToS change.

isaacremuant

Mozilla died as a principled company the day they fired Brendan Eich because he had once donated to a cause they didn't agree with.

It became all about the authoritarianism of wokeness. They wasted so much money in ridiculous tangents and became extremely partisan and censorious.

It's still the best browser due to extensions and customization but it's sad to see these news making it not that better than chrome when it comes to privacy.

account42

> Would it have been better if Mozilla went under

Absolutely. That would have allowed Firefox to fall to better stewardship.

yencabulator

Mozilla had $1,006,854,000 invested at end of 2023. Drawing 5% of that annually for developer salaries would pay a lot of Firefox developer salaries, even with no incoming cash whatsoever. I'd like to believe a world exists between "Firefox is a volunteer-only effort" and "Mozilla CEO is yet another sociopath robber baron".

https://assets.mozilla.net/annualreport/2024/mozilla-fdn-202...

Idesmi

> the people who understand Mozilla's true principles have long since moved on by this point

Where to?

dharmab

I'm really liking Orion browser, unfortunately it doesn't support Windows or Linux yet

xnx

Hasn't Mozilla gotten enough money that if they hadn't wasted it they could've been living solely off interest by now?

account42

Yes but how could their CEO's family have possibly survived then. You don't want them and the other leadership to starve if they can't have their millions per year, do you?

KingOfCoders

$7B was not enough to be "commercially viable" it seems.

koolala

But then they would need to be given more money.

ants_everywhere

It may be relevant that Mozilla recently acquired a Meta-created ad tracking company and is now awash with Meta ad execs. [0]

It may also be relevant that Meta is recently upsetting people in Europe for tracking and targeting people in spite of Europe's data protection rules [1].

My guess (and this is just speculation at this point) is that Meta and Mozilla think they're being clever and getting away with some "private" ad tracking and are underestimating how much damage they're doing to Mozilla's reputation.

I doubt the Anonym tech has been built into Firefox yet, but it's clear that the corporate strategic direction is to bet on some concept of "acceptable ads" like Google did in the 90s.

[0] https://www.adexchanger.com/privacy/mozilla-acquires-anonym-...

[1] https://www.reuters.com/technology/digital-rights-activists-...

cmcaleer

Mozilla mentioned their viability in this statement, but one has to wonder how much more viable they’d be had they not wasted tens of millions of dollars on acquisitions such as this, Pocket, and of course their former CEO’s salary. I would happily donate to a company that focussed on just making Firefox and Thunderbird, but the reason why I don’t and probably will not donate to Mozilla ever again is that I have no idea what hare-brained acquisition they’ll do next.

Their mission and plan for the future is so incomprehensible that it’s probably just easier to assume actual malice.

debugnik

> but the reason why I don’t and probably will not donate to Mozilla ever again is that I have no idea what hare-brained acquisition they’ll do next.

You can't donate to Mozilla Corporation at all, which is the entity maintaining Firefox and running these acquisitions. You can only donate to the Mozilla Foundation, which funds other campaigns.

gabeio

> You can't donate to Mozilla Corporation at all, which is the entity maintaining Firefox and running these acquisitions. You can only donate to the Mozilla Foundation, which funds other campaigns.

The Mozilla Foundation is the parent of the Mozilla Corporation.

https://en.wikipedia.org/wiki/Mozilla_Corporation

Vegenoid

> it’s probably just easier to assume actual malice

The easiest assumption to make is greed and foolishness.

dns_snek

Dishonesty in pursuit of greed equals malice.

mmooss

What is their profit or loss from Pocket?

account42

> their former CEO’s salary

There is no indicuation that their current leadership salaries is saner and the fact that their only visibile response to the cricism has been to no longer publish saralies it should be assume that it isn't.

nerdponx

> "private" ad tracking

My guess is that they're aiming to pivot to become a Brave competitor, and either find a new (profitable) niche in the market, or just ride the business down to collapse.

Don't forget that private, hard-to-access data is now doubly valuable as AI training data.

JumpCrisscross

Facebook is sort of tech’s Enron / McDonnell Douglas.

mmooss

> It may be relevant that Mozilla recently acquired a Meta-created ad tracking company and is now awash with Meta ad execs. [0]

That greatly misrepresents what the article says; really Mozilla acquired a company with a mission to get user data out of the advertising industry, which happened to be founded by former Meta employees:

Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla. ...

Mozilla had initially been talking to Anonym, which uses privacy-enhancing technologies to build measurement and targeting solutions, about a potential partnership.

“But that quickly turned into, ‘Wow, our missions are basically the same,’” Chambers said. “We realized that together we could move a lot faster.”

That shared mission is predicated on the notion that advertising and privacy are not – or at least don’t have to be – mutually exclusive.

“We both believe that privacy-preserving technologies are a critical part of the solution to the privacy problem in digital advertising,” Chambers said. ...

Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling. (A trusted execution environment is the secure area of a main processor where code can be run safely and in isolation.)

To be fair, the major ad platforms have long offered attribution and measurement solutions, Mudd said. “But they required the data to come into their system,” he added. “In this world, that doesn’t have to happen.”

wtallis

> Anonym also has technology that allows ad platforms and advertisers to securely share encrypted impression and conversion data within a trusted execution environment for attribution, causal lift measurement and lookalike modeling.

Wow, "secure", "encrypted", and "trusted" all in one sentence. They're trying to make it sound as reassuring as possible, but they're still doing tracking.

mmooss

They're not, in fact. That's the whole point of their business. Where does it say they are tracking anyone - which means recording personal information?

_aavaa_

Ahh, the Unity game engine special.

comex

> Whenever we share data with our partners, we put a lot of work into making sure that the data that we share is stripped of potentially identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).

But if the data was fully stripped of potentially identifying information, then it should not count as "personal information" under the California Consumer Privacy Act, therefore it should not trigger the "sale of personal information" requirement, regardless of how it's transmitted or what kind of compensation is involved.

The CCPA defines "personal information" as follows:

> “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

(It also includes a list of examples [1], but the examples are conditional on the same "linked, directly or indirectly, with a particular consumer or household" requirement.)

So, which is it? Is the data deidentified or is it not?

Is Mozilla just trying to reduce risk in case someone argues their deidentification isn't good enough? If so, I'd call that a cowardly move.

[1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

ranger_danger

How about don't send ANYONE's personal information, anonymized or not, to anyone including themselves? I think that's what people want. But that will never happen because you can't make money from it.

tomrod

Nor should you make money from data transfer.

Tax this, and give the tax back as reverse income tax to individuals.

mmooss

How will Sync or their VPN operate, for example?

wtallis

This is about Mozilla's Terms of Use for Firefox, not Firefox Sync and Mozilla VPN. Those services need their own Terms of Use that doesn't apply to using Firefox without using those add-on services.

amanaplanacanal

I dunno, if legal recommends wording for your TOS you should probably listen to them.

winwang

Then comes the question: would it also obviously expand their domain of allowable actions to trespass on their users?

Since that is a resounding "yes" and they also have the extremely obvious finance incentive to do so...

saagarjha

Legal is there to advise you. Sometimes what legal tells you is not in the best interests of your company. A good legal team will work with you to identify when maximal risk-averseness is not the right strategy.

teddyh

A normal legal team (as opposed to a good one) will always recommend whatever is virtually guaranteed not to come back to bite them.

rendaw

Yes, so you claim you can do whatever you want with everything you can get your hands on and then social media blows up because it's batshit insane, but don't worry because you're _legally in the clear_.

You're acting like they didn't have the 2nd option of just not selling the data so the current wording is accurate...

saghm

On the other hand, if legal recommends that they reword their TOS, their users also should probably listen to them.

diggernet

> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.

You don't need a license for data you never see. When I use Firefox to type a comment on HN, that comment goes from me to HN. It doesn't go to Mozilla. Mozilla does not need a license. (And no, Firefox doesn't need a license either, because licenses are granted to people and organizations, not software.)

The only possible reason for Mozilla to need a license to the data I type into Firefox is if Mozilla intends to have Firefox send that data to them.

usr1106

Right. Some people want Sync, Pocket, oneline translation, etc. Others like me just want a browser. There should be a simple option to choose between a browser and some multifunction beast that some people and even more managers at Mozilla are dreaming of.

diggernet

Those things are Mozilla services. If they spoke of operating Mozilla services and data you input into Mozilla services, it'd be fine and expected. But instead they speak of operating Firefox and data input into Firefox, which is much more broad, and just happens to give them coverage for all kinds of data collection and abuse.

The fact they've issued this update and not clarified the scope as Mozilla services is disturbing.

usr1106

Thanks for the terminology clarification. So ideally the services would be used by an extension that users are offered to download. Next best would be a simple choice do you want any services or not. If yes, all of them or customize.

mmooss

I thought they removed the reference to Firefox?

KingOfCoders

"There should be a simple option to choose between a browser"

Less money, not going to happen.

teshaq

While I agree with folks that this is a step backwards in privacy, I think it’s a good exercise to zoom out and understand Firefox’s position.

The browser market is highly competitive, and Mozilla’s competitors have orders of magnitude more resources at their disposal. As we all know Firefox’s market share has been dropping over the past years and unfortunately the revenue supporting all of Mozilla comes predominantly from their Google deal (which itself has been risked by the ongoing case against Google)

Unfortunately as well - unfortunate for Mozilla, but fortunate for its mission and users :) - the Mozilla corporation is wholly owned by the foundation, so there is no easy way to raise funds (donations amount to so little compared to its Google revenue). Given no access to traditional fundraising, Mozilla has limited options on sustaining its business.

All this is to say, Mozilla seems to be trying to diversify its revenue hard, and its previous on-brand attempts (Firefox OS, VPN, etc) haven’t yielded the return they expected from them, so I’m not surprised Mozilla is trying to make money off of ads and selling data. I disable data collection, though if it came to it, I trust Mozilla a tad bit more than its competitors to protect my data - initiatives like ohttp give me a sign that at least they’re trying

ndriscoll

Mozilla were pulling in ~$500M/year on those search deals. So on year one, spend $15M on a team of 20+ highly competent full time developers for Firefox, put $450M into a trust to fund future development, and find something to waste $35M on. Then for the next 15 years, find something to waste $500M on.

The amount of money they've squandered is mind-boggling. If their goal had been to develop Firefox/Thunderbird/Mozilla Suite, and they had focused on how to sustainably do that, they never would've needed to diversify income sources.

sonofhans

Yes, this is how I see it, too. They’ve been operating as if their money hose from Google was (a) infinite and (b) cost-free. Turns out neither is the case, and now they’re dependent on it Google owns them.

They could have funded Firefox development for the next 100 years but they’ve pissed it away, and now they’re selling us out. It’s gross.

NullPrefix

>spend $15M on a team of 20+ highly competent full time developers

Implies that the browser is the mission, not some social cause is the mission

zamadatix

It implies maintaining the browser would better fund the mission in the long run than selling user data to adtech now as the user count continues to decline.

Google pays Apple 18 billion dollars per year to be the default search engine on Safari. If Firefox had managed to stay just as popular imagine how much more money they'd have been making on search deals these last 5 years and how much of that could have went to whatever mission they wanted. Instead they've got a whole lot of noise adding up to about nothing for income + a much smaller search deal than they should have. That's why "having a social mission" isn't inherently the issue, it's all about the management around balancing how the investment for the social mission is done.

I think GPs numbers are off by an order of magnitude or so though. I remember reading something like Mozilla spending 200 million/year on software development (not all Firefox) so it might take 300+ million/year just on Firefox to really have a big impact from status quo. Someone with the real numbers is invited to correct me on that. Browsers have huge teams of people, even Ladybird is using large components like Skia developed by other browser teams.

rolobio

This is exactly it, millions spent on the product, but no noticeable changes? The money is going elsewhere.

Wikipedia is doing the same.

Dylan16807

If they've had any non-code projects that had costs in the millions, they were catastrophic failures, so they shouldn't have had such a mission.

einpoklum

They've not developed the suite for... between 15 and 20 years I believe; and Thunderbird for over 10 years. For the past several years, Thunderbird is back under the MZLA Technologies Corporation, but - it is funded by donations (and doing rather well in that respect it seems).

So - Firefox is the "only" thing they need to develop.

solardev

Their weird org structure is their own fault. Millions of dollars squandered on things most people simply do not care about, while neglecting Firefox for a decade.

When Firefox/Firebird/Phoenix first came out, the org structure wasn't that weird yet. The hybrid structure came a few years later, and even then it was fine for a while, but somehow mission creep set in and they became this ginormous org that did nothing useful, but padded exec salaries at the expense of their only service that people actually cared about, the Firefox browser. They kept adding more and more ads and intrusive partnership and lost marketshare year after year until it became completely irrelevant.

Meanwhile, the Mozilla org tried to become some sort of EFF-wannabe, but heavy on the virtue signaling and low on producing anything of actual value.

At this point, I think Firefox would be better off spun off and managed by another FOSS entity altogether, not whatever the husk of Mozilla is today.

EasyMark

I too wish they would have spent money only on the improving the browser, obvious things like sync, and probably web standards, that's all they really need to do. They don't need to be doing stuff like "social equality" or web DEI or any of that. They don't need to be dabbling in a dozen side businesses.

sundarurfriend

"donations amount to so little" is very misleading stated like that because Mozilla just doesn't give us any way to donate to Firefox development or even just their FOSS efforts in general. Mozilla is one of the very few companies I've donated to even when I had little in the way of discretionary income, and is one of the first options people think of when they think of FOSS software they want to donate to. But then I learnt that any donations like this are highly unlikely to be spent on the software we're donating it for, and at that point I might as well donate to a random local charity instead.

I'm not gonna claim that donations would have rivaled the Google revenue otherwise, but they will certainly be many many times higher than what they are. Lots of people are willing to and even want to set up a regular donation to Firefox as the lone non-Chrome bulwark in the FOSS space. There would have been grassroots efforts to get more people to donate on the regular, hell I would have put in serious work on such efforts if we actually had a way to donate to keep Firefox alive and healthy.

kstrauser

It doesn’t help that they make it hard to donate to a specific product’s development. I’d donate to Firefox. I wouldn’t give a penny to anything of their other distractions.

(And others would support exactly the opposite, I’m sure. But no one gets to sponsor what they personally care about.)

saurik

(Would others? I don't think I have ever seen anyone defend that part of the equation. With Wikipedia's similar insanity--begging for donations to keep their servers on when they don't spend the money on that--I have at least seen some people who like what they do spend their money on as important to them, but I don't think I have ever seen anyone actively want to donate money to Firefox's random side projects instead of Firefox.)

zihotki

You don't need to go far. Just look at the Thunderbird. People are donating to support it.

kstrauser

Probably not, but you know if I left that out, someone would claim the opposite just for contrariness.

h4ny

Reasonable people want people running the product they love to succeed, too. But when the equation involves obscene executive salaries, back tracking on _promises_, terrible decision that lost money, and overall just too much money to justify what's being done. The end result is what you see now: a lot of upset people and there is nothing _unfortunate_ for Mozilla.

I have a lot of trouble seeing what you are trying to defend here -- I really tried but couldn't. I find it pretty hypocritical to say that you disabled data collection while you trust them over your competitors to protect your data -- so you are saying that you trust them but you won't adjust your bottom line to help them succeed anyway?

I really mean well: sometimes you just shouldn't try to appear to be reasonable to a situation that isn't, it actually makes things worse for everyone. I used to do that and have learned some hard lessons.

WhyNotHugo

> The browser market is highly competitive

And that's exactly the problem: treating it like a market. I don't want browsers to be a competitive market, in the same way that I don't want libraries, primary schools, firefighters or healthcare to be a competitive market.

In modern society, they're essential needs, which need to stop catering to the capitalist overlords and need to focus on the needs of the many.

kevincox

But that ignores the reality. Chrome is implementing new (often privacy harmful) features and because the Chrome market share is high enough websites depend on them. Then the average user has to pick Chrome because "Firefox is broken".

The network effects between website and viewers make the market real and failing to gain a significant market share results in you effectively being cut out and failing to serve the needs of most of your users (unless you can match Chrome's insane pace of development bug-for-bug).

EasyMark

Firefox isn't broken, I literally use it all day long as my browser for work and home usage. Rare occasions I pull out brave, maybe once a month, for something that has an issue, and usually that's not it, it's an extension or something.

JumpCrisscross

> donations amount to so little compared to its Google revenue

“Interesting to note that the Mozilla CEO earned nearly as much ($5.6 M) as Mozilla received in donations ($7 M)” [1].

[1] https://lunduke.locals.com/post/4387539/firefox-money-invest...

tiltowait

> The browser market is highly competitive

I disagree. There's one dominant player with ~66% of the market, a distant secont place at ~18%, an embarrassing third place at 5%, and then a bunch of also-rans making up the rest [0]. This doesn't look like a particularly healthy, nor competitive, market.

[0] https://gs.statcounter.com/browser-market-share

Shank

> It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.

I really struggle to understand what legal team believes this language is necessary in downloaded software. There is a lot of precedent for this kind of language in online hosted services, but not downloaded software.

> This does not give Mozilla any ownership in that content.

Yes, it’s a license. Nothing changes. There is no ambiguity about ownership in a perpetual nonexclusive worldwide license, but this doesn’t explain why this license is suddenly necessary now and wasn’t before.

Clearly the legal team at Mozilla is struggling with multiple issues in this update. Why are these changes being made now, and what is driving them?

Others have discussed the data sale issue, but I don’t see a reasonable explanation for the license issue, and the changing text doesn’t inspire confidence.

MatthiasPortzel

> I really struggle to understand what legal team believes this language is necessary in downloaded software.

Exactly. Even if nothing is changing at Mozilla, their legal team has invented a new interpretation of copyright law. That’s a huge deal from a legal perspective—Apple, Google, Microsoft, etc need to be rushing to add corresponding terms to their applications.

Mozilla PR is dropping the ball completely by trying to sweep this under the rug as ‘standard legal boilerplate’ because it’s not a clause in any other application I’ve ever seen.

Since I use FireFox at work, I don’t even have permission to give Mozilla a license to the content I create on the clock, so I will be switching browsers.

usr1106

Switching to what? Honest question, not asking for a friend.

Semaphor

Not OP, but we had a waterfox thread yesterday: https://news.ycombinator.com/item?id=43205110

nativeit

Not for nothing, it is standard legal boilerplate. I just checked two randomly selected terms of service--one for ReadAI, the other for Google--and they both include a very similar clause with those exact parameters.

That said, I'm not suggesting Mozilla isn't also being wildly hypocritical in their behavior, and hamfisted in their PR.

teovall

Both of your examples are cloud services, not software run locally on users' own hardware. If they intend the license to be limited to cloud services like Firefox Sync, then they should say so.

gtirloni

You can't download Google.

abdullahkhalids

They have for example recently added AI chat sidebar via Firefox Labs. So in effect, the browser itself is collecting and sending information to third parties. And I imagine Mozilla is or will get some money for these integrations. I would guess this is how they will try to diversify their income away from Google Search integration.

Of course the question then shifts to, do we need AI in the browser sidebar?

tomp

> This does not give Mozilla any ownership in that content.

I actually disagree, fundamentally.

This is digital content, so "ownership" isn't the same as for physical stuff.

Lets look at analogies: "piracy isn't theft" (because the original owner still keeps their copy!). Also, surely if Mozilla can sell your data, they must have owned it first! But you also keep your data!

So clearly, to "own" digital stuff is different from "owning" physical stuff.

Then, how do we define "own" for digital stuff? I'd say a sufficient definition would be, "possess and can do whatever".

So when Mozilla says "nonexclusive, royalty-free, worldwide license [...] necessary to operate Firefox", and then in subsequent paragraphs argue that selling ads is necessary to operate Firefox... Yes, we can add two and two together.

Now, apologists will claim that the literal statement in new terms is "nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox", but obviously, the DO NOT NEED A LICENSE for doing as you request in Firefox (i.e. sending POST requests directly to third parties), so clearly there's some shady business involved.

eipi10_hn

> not downloaded software

Tbf, any softwares that send your input to an external (like browsers...) should disclose like this too. The thing that sends those data is your software, not you. Otherwise, after you click on the button "Purchase" with your credit card information, the only way to not grant your software the rights to send that information is you driving to the stores and give them your credit card by yourself.

wtallis

The problem here is that Mozilla has used language that is what you'd expect if the browser is sending data to Mozilla; there's no need for such language if the browser is acting purely as a user agent and sending data to the address you put in the URL bar.

eipi10_hn

Yeah, legal words are frustrating like that. When the law comes to their house, using "acting purely as a user agent and sending data" will just help them on reddit but not on court. And no, you don't always send the data to the "address in URL bar", there can be services that are in iframes or with other add-on services like their Pocket, VPN, AI chats (ChatGPT...), similar to any client softwares sending data to other services that are not their own.

That's why they use these words, which actually can include more activities inside browser

> for the purpose of doing as you request with the content you input in Firefox.

There's a reason I won't interpret serious things by myself if I face legal entities without a proper lawyer.

tofof

While this is confirming that Mozilla is already outright selling data, it at least DOES provide clarity on the issues around the acceptible use policy.

That language had been so broad that it forbade most use of the browser. For example, "send unsolicited communications" so no filing a bug report. "Deceive, mislead" so no playing Among Us. "Sell, purchase, or advertise illegal or controlled products or services" so no online refils of your antimigraine medication lasmiditan or your epilepsy medication (pregabalin) which are schedule V. "Collect or harvest personally identifiable information without permission. This includes, but is not limited to, account names and email addresses" so no browsing any forum where a username is displayed to you. And of course "access to content that includes graphic depictions of sexuality or violence" that rules out watching the nightly news, stream PG-13 and R movies, to watch classic Looney Tunes cartoons, to play Fortnight, and on and on.

matkoniecz

> "send unsolicited communications" so no filing a bug report

why you think that filing bug reports in place inviting bug reports is "unsolicited communication"?

xvilka

At this point, I believe, it's important to accelerate development of Servo[1], which not only provides better browser security because of memory safety (getting rid of the stupid mistakes like OOB access or UAF), but is also managed[2] by Linux Foundation Europe[3], which gives more hope from the privacy standpoint.

[1] https://github.com/servo/servo

[2] https://servo.org/about/

[3] https://linuxfoundation.eu/

plipt

Is Google paying Mozilla to sabotage themselves?

Stay in business, so monopoly arguments can be brushed aside.

But slowly erode privacy on the internet. And slowly lose user base.

boomboomsubban

They just lost a monopoly case because they paid Mozilla all that money, this theory has always made little sense and sticking to it now makes even less.

EMIRELADERO

In fact, one could argue that Google losing its case is what caused this. Google provided a substantial amount of revenue to Mozilla. With that now gone, new ways(TM) to get money are needed.

Zamiel_Snawley

They really don’t need more revenue. They are nominally a not-for-profit and in 2023, they had 250 million cash and a billion more in investments.

They’ve taken billions of dollars from Google since 2005, and now they’re turning their back on user privacy.

EasyMark

that's true, but now google will appeal it and with the new regime in place they will withdraw the case and give google a win.

asddubs

they also couldn't have timed this better with the manifestv3 thing

slig

Yes, of course. If Mozilla decided to do what other user here suggested (`spend $15M on a team of 20+ highly competent full time developers for Firefox, put $450M into a trust to fund future development`) I doubt that the 500M/year would continue flowing.

null

[deleted]

techjamie

I use Firefox Nightly on Android, and originally had location sharing on for the handful of websites where I'm fine with sharing it. But today, my phone notified me that Nightly updated what it does with location data on the play store to include using location for marketing or advertising purposes.

Changed it to ask every time instantly, and I'm not going to be giving Mozilla nearly as much trust ever again.

danlitt

I get that people are hung up on the "licensing" clause, but for me it is not the most egregious part. They say elsewhere,

> Mozilla can suspend or end anyone’s access to Firefox at any time for any reason, including if Mozilla decides not to offer Firefox anymore.

This is a direct contradiction of Freedom 0, and is at best a meaningless clause (very bad in a ToS) and at worst a reframing of Firefox to be non-free, either by casting it as a service or something else.