Not a good look for Firefox. Third partners and device fingerprinting clearly mentioned in the documents.
The move is the latest development in a series of shifts Mozilla has undergone over the past year.
The gecko engine and Firefox forks, such as Tor, Mullvad, Librewolf, and Arkenfox, are stables of private, open source web browsing.
In fact, Mozilla’s is one of the few browser engines out there, in a protocol-heavy industry that many say only corporate or well-funded non-profits can reliably develop.
What is more, daily driving the more hardened-for-privacy Firefox derivatives can be frowned upon by many sites, including your bank and workplace.
Mozilla’s enshittification leaves the open source community without a good alternative to Firefox, after years of promoting it as a privacy-friendly alternative to spyware-cum-browser Chrome.
- THIS COMMENT IS NOT MINE - SOURCE: https://lemm.ee/comment/18521903 - Before everyone freaks out over “terms of use = Firefox bad now” (I’m citing the actual Terms of Use and Privacy Notice) - I’ll add emphasis as needed. - You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet. When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox. - This doesn’t mean you’re giving them a license to do whatever they want with your data, it means you’re giving them the ability to use that data explicitly as you choose to navigate the web. (e.g. you use Firefox to make a post, they have to process those keystrokes through Firefox to send it to the server, and thus could require permission to do that in the form of having a license) - They explicitly have the license only to use the information in line “with your use of Firefox,” and to “navigate, experience, and interact with online content.” not to do whatever they want. They should have worded this better, but this isn’t one of those “we own everything you ever put in your browser” kind of clauses. - If you give Mozilla any ideas, suggestions, or feedback about the Services, you give Mozilla permission to use them for free and without any additional obligations. - This is standard on basically every site, and kind of obvious. You shouldn’t be able to say “you should do this thing,” have them do it, and then say “actually I own the license to this and you have to pay me” - These Terms apply until either you or Mozilla decide to end them. You can choose to end them at any time for any reason by stopping your use of Firefox. Mozilla can suspend or end anyone’s access to Firefox at any time for any reason, including if Mozilla decides not to offer Firefox anymore. If we decide to suspend or end your access, we will try to notify you at the email address associated with your account or the next time you attempt to access your account. - Nothing requires you to stay in this contract after you stop using the services, and this is just reaffirming the fact that, yes, they can stop offering Firefox in the future if they simply can’t sustain it, without somehow breaking contract. More legalese just to protect them from frivolous lawsuits. - Your use of Firefox must follow Mozilla’s Acceptable Use Policy, and you agree that you will not use Firefox to infringe anyone’s rights or violate any applicable laws or regulations. - You agree to indemnify and hold Mozilla and its affiliates harmless for any liability or claim from your use of Firefox, to the extent permitted by applicable law. - This basically just means “don’t do crimes using our browser.” Again, standard clause that basically everything has to make sure that nobody can claim in court that Firefox/Mozilla is liable for something a user did with their software. - To the extent permitted by applicable law, you agree that Mozilla will not be liable in any way for any inability to use Firefox or for any limitations of Firefox. Mozilla specifically disclaims the following: Indirect, special, incidental, consequential, or exemplary damages, direct or indirect damages for loss of goodwill, business interruption, lost profits, loss of data, or computer malfunction. Any liability for Mozilla under this agreement is limited to $500. - Standard liability clause, basically everything also has this. - And that’s it. That’s the terms of use. Nothing here is out of the ordinary, uncalled for, or unreasonable for them to have. - Now let’s move on to the new Privacy Notice. - You have the option to use a third-party AI chatbot of your choice to help you with things like summarizing what you’re reading, writing and brainstorming ideas, subject to that provider’s terms of use and privacy notice. - If you choose to enable a chatbot in the sidebar and/or through a shortcut, Mozilla does not have access to your conversations or the underlying content you input into the selected chatbot. We do collect technical and interaction data on how this feature is used to help improve Firefox, such as how often each third-party chatbot provider is chosen, how often suggested prompts are used, and the length of selected text. - This just states that if you use the chatbots, you’re subject to their policies, and also Mozilla will collect very light amounts of data to understand how often and to what degree the feature is used. The first part is functionally no different from saying “If you go to OpenAI’s website and use ChatGPT, you’ll be bound by their ToS.” Yeah, of course you will, that’s obvious. - Review Checker is a Firefox feature that helps you determine whether reviews are reliable when you shop online with sites like Amazon.com, BestBuy.com and Walmart.com. If you opt in to using Review Checker, Mozilla will process information about the website and the product identifier of the products you view using our privacy preserving technology called OHTTP. OHTTP combines encryption and a third party intermediary server, helping prevent Mozilla from linking you or your device to the products you have viewed. We also collect technical and interaction data on how this feature is used to help improve Firefox. - By opting in to using Review Checker you also agree to be shown product recommendations and sponsored content. If you do not want to receive product recommendations and sponsored content, you can opt out of this feature under Review Checker settings at any time. - Another optional feature that, if you choose to turn on and use yourself, will obviously have to collect data that is required for such a thing to work. It can’t check reviews if it can’t see the reviews on the website. As for the product recommendations and sponsored content, that’s not desirable, but they do very clearly mention that you can just turn it off in settings. - You can install add-ons from addons.mozilla.org (“AMO”) or from the Firefox Add-ons Manager, which is accessible from the Firefox menu button in the toolbar. We process your search queries in the Add-ons Manager to be able to provide you with suggested add-ons. If you choose to install any add-ons, Firefox will process technical, location and settings data, and periodically connect with Mozilla’s servers to install and apply the correct updates to your add-ons. We also collect technical and interaction data on usage of add-ons, to help improve Firefox. - If you search on their site for extensions, they have to process your search, and if you need to install addons, they’ll have to connect to Mozilla’s servers and collect the relevant data to make sure the extensions are available where you are. Shocking. /s - Mozilla runs studies within Firefox and makes certain experimental features available through Firefox Labs to test different features and ideas before they’re made available to all Firefox users or become part of the core Firefox offering — this allows us to make more informed decisions about what our users want and need. This research uses technical, system performance, location, settings and interaction data. - We also need to process data to keep Firefox operational, improve features and performance, and identify, troubleshoot and diagnose issues. For this we use technical, location and settings data, as well as interaction and system performance data (such as number of tabs open, memory usage or the outcome of automated processes like updates). In the rare situations where the information needed also includes limited browsing data (e.g., Top Level Domain annotations for page-load performance monitoring), it will be transmitted using OHTTP; this helps prevent Mozilla from linking you or your device to the data collected for this purpose. - This has been around for a while already. If you choose to use beta features, then yeah, they’ll collect some diagnostics. That’s why it’s in beta: to get data on if it’s working properly. - Because maintaining the latest version of Firefox helps keep you safe against vulnerabilities, desktop versions of Firefox regularly connect to Mozilla’s servers (or another service that you used to install Firefox) to check for software updates; updates for Android and iOS versions of Firefox are managed by Google’s Play Store and Apple’s App Store, respectively. - We also process technical data and settings data to protect against malicious add-ons. In addition to these standard processes, we use Google’s Safe Browsing Service to protect you from malicious downloads and phishing attacks, and validate web page and technical data with Certificate Authorities. As part of our work to improve privacy and security for all internet users, we collect technical data via OHTTP, to better understand, prevent and defend against fingerprinting. - Checking for updates and providing malicious site blocking requires connecting to servers to download the updates and having a list to block bad sites. Again, very shocking. /s - And that’s basically it for that. - I seriously don’t understand the reactionary attitude so many people have towards things like this. Read the policies yourself, and you’ll see that their explicit purpose is either: - Legally clarifying things to protect Mozilla from legal liability they shouldn’t have, and frivolous lawsuits.
- Making sure it’s clear that to do certain things, they have to, y’know, process the data for that thing.
- Explaining where different features might rely on parties outside Mozilla.
 - None of this is abnormal. - deleted by creator - Personal emails, messaging, anything 
 
- I refuted most of these points on this user’s post. - This is absolutely abnormal. No browser should require a license to my own data unless they plan on doing something with it. - No other FOSS includes this language and I would argue that Firefox executable is no longer FOSS. It’s now source available. - Yeah I am unconvinced of this line of thought. If I use (say) Kate Editor to edit a document, do the developers of Kate need a license to the content of that document in order to save it to my desktop? Since the text content is stored in a Qt widget does Qt also need such a license? Linux itself carries the data from the application to the disk, do the Linux developers (all of them?) also need a license? - They do not. Your use of the software, with software you “control” (edge cases of cloud compute, etc.) does not require you to grant a license to the software. 
 
 
- It is abnormal for a free software project to have an EULA (i.e. a contract that one must agree to in order to install and use the software). This particular EULA does not seem to be as onerous as most but it may still place substantial restrictions on use. - The acceptable use policy, for example, covers much more than just crime (including a prohibition on “graphic depictions of sexuality or violence”). However, it also specifically refers to “Mozilla services” so one could argue that it doesn’t apply to normal usage of Firefox; however, the Firefox EULA also specifically claims it does. Is Firefox itself a Mozilla service? I would assume not under the usually understood definition of such, but it’s not really clarified. - It’s far easier to use something unburdened by an EULA, so I’m typing this from Librewolf. 
- Nope sorry when a company is asking for to broad of rights it’s for a reason and Mozilla can fuck off. I wish ladybird was ready. 
- “Mozilla can’t do anything wrong”. And people keep swallowing. 
- Read the policies yourself - I suggest reading this diff to the FAQs instead, paints a much clearer picture: - https://github.com/mozilla/bedrock/commit/d459addab846d8144b61939b7f4310eb80c5470e - Basically removes all the language about not selling data and some about privacy. Down in the comments someone argues this is due to a narrow legal definition of that language in certain jurisdictions, but that couldn’t sound more like an empty excuse if they tried. Actually all the reactions from Mozilla I have seen on this so far sound like pure corpo PR bullshit to me. 
- Mozilla is going to surveil their users and feed the data to their AI/Ads systems. They needed people to opt-in, so they created a EULA. 
- You write a wall if text thinking you will shift the views of disgusted people turning their back to the product, a product at that which was iconic for their open source culture, and yet it somehow managed to alienate the niche that was more favorable to it. Good luck with that! - You: “Public opinion is tanking, so it must be true!” - Them: Provides detailed, sourced information that explains the situation - You: “Nerd, I don’t read that shit” - Are you following your emotions or are you truly trying to understand the changes? You seem to be attacking / strawmanning people left and right in this thread and are generally not interacting in good faith. 
 
 
- On the contrary, I think this is a responsible way to operate. The terms of use apply to the Mozilla distributed binary, not the open source version and open source forks, and I don’t think additional terms shut them out of that. The privacy policy is clear, concise as can be and links so that people can jump directly to what is being collected. 
- People are saying it is Bad News - So, uhh, you want to tell us who is saying it’s bad news? - gestures vaguely in a direction - Ehh, people, you know? 
- I have the feeling people are overreacting to anything Mozilla does these days, just to have an excuse to talk people into using (politically?) worse browsers. - Yeah, ususally at this point someone goes “ugh, I’m never using Firefox again because Mozilla don’t respect people any more… iT’s TiMe To iNsTaLl BRaVe!” 
- Strangely enough, that’s what I thought for a long time but not this time. Removing the lines I saw makes absolutely no sense unless you’re selling users data, which I strongly oppose to. - I’ve started to use librewolf, unsure if this is a good idea. 
 
- Your mastodon feed might be different that mine, lmao - Can you be more specific than pointing in a vague direction? - This is trolling. It is beyond self-evident that the Open Source fediverse has thoroughly criticized the latest Mozilla move. I myself point out device fingerprinting and third party vendors. You respond to neither approach. You want me to do homework and quantify the sentiment on the trending Mozillla hashtag? Sealioning. Diigressing the topic of conversation? Report and block you sad impotent spook troll. - Onus probandi. - You make the claims, you serve the proof. You can’t point at a vague, general direction and go “here, proof!”. Especially not a social media feed, that’s the most subjective, volatile “proof” you could provide. - Quote me the text, in its full context, where it says that Mozilla is selling the data they are “now collecting”, or that it was optional for them without degrading services. Because I can’t find it. - All I see is data that Mozilla is required to collect to provide existing services, they are now putting it in black on white. I don’t really care what the “general opinion” is, opinions do not automatically become facts once sufficient people hold them. - I’ve seen Mozilla do bad stuff, this is just a very standard privacy policy update. Let’s criticize them when they actually deserve it, and encourage them the rest of the time. - Also, nice strawman instead of simply answering my question. 🥰 
- deleted by creator 
 
 
 
 
- Librewolf doesn’t exist in mobile - And IronFox don’t exist on desktop. That’s why they’re listed together. - I see, thanks 
 
 
 
- Have you considered what is driving this change? - Looking from the sidelines, I think it’s all about money, specifically, how to make the development of Firefox sustainable. Yes, I’m aware of the cynical view that this is about lining the pockets of the CEO, I have no evidence for this. - I think that’s essentially caused by how we have licensed open source software and had limited resources to combat abuse at the industrial scale that silicon valley companies have monetized other people’s work. - Bruce Perens is attempting to erect “Post Open”, but I’m not yet sure if that is going to solve the fundamental issues. - Disclaimer: I’ve worked a little on the community standards document for the post open project. - Being halfway between both sides, I can see the need for a monetary model to sustain development, yet I am challenged by the opacity that this feels like. The OP’s point that it feels like a downward slide toward principles compromise is challenging. Especially in light of the enshittification of everything lately, Mozilla needs to do a better job communicating how this is not going down that path and yet also trying to sustain itself. - Being halfway between both sides - People really need to stop playing devil advocate, «Especially in light of the enshittification of everything lately». Mozilla has gone downhill for a good while now, being gentled by sweet Google money and spending it in trends far too late only to waste it, employees keep getting fired while the CEO gets a regular raise and Firefox barely got improved over the years. And now they want to jump head first into AI, way too late again, all the while we already know all AI compagnies run at a tremendous loss. Can you even call that « trying to sustain itself» at this point ? Seems surreal to me. - All I really see is another breach of trust in a full history of mistakes, probably the last one. 
- Centrism is apathy and sucks - Reductionism is lazy and sucks. You didn’t even read the comment you responded to, you’re just mad that not everyone is upset enough for you. - No, not particularly. I’m not that upset myself, I recently switched to Librewolf. I just get annoyed at what I perceive as statements that ride the fence. Privacy is not a place to give ground on. - Did it ever occur to you that people can have a mix of views that don’t fully conform to one ideology or another? It’s a spectrum, not riding the fence. Like politics, not everything is a team sport. 
- I suppose Mozilla should lock the doors and institute slave labor rather than find some way of paying their employees that might be construed by you to be giving up privacy - Now that’s a mental leap to get there. - Oh, I thought we have to take extreme positions 
 
 
 
 
- That’s an idiotic statement. Realism or understanding what realpolitik is in a political situation is far more likely to allow you find and develop change in an organization, as well keep you from wasting your time on useless leverage points. In this case knowing both frames of reference is valuable so that action can be taken, as opposed to just writing five words. - Privacy and defending it is a worthy thing to have an ideological stance on. 
 
 
 
 
- If Mozilla wants to limit their use of my input, why the do I need to give them a full, non-exclusive license? 
- Which Firefox fork do people recommend? Ideally it should be available as Flatpak, keep the Firefox version number and not have a separate user-agent. - LibreWolf seems to be the best on first glance? https://flathub.org/apps/io.gitlab.librewolf-community - Librewolf is the best ✅ 
- deleted by creator - It has a built in email client. Like, who does that? - Like Seamonkey! 😂 
- Unfortunately Vivaldi is proprietary, so it’s not an option for me. - deleted by creator 
 
 
- I started using Zen today, it seems fine. If you’re privacy conscious librewolf is definite the best - I installed Zen a while ago when Flathub recommended it to me. Didn’t really like the minimalist design, especially with the auto-hide title bar. - No way to change that? - deleted by creator 
 
 
- Nope is buggy. - Anything in particular? Maybe we can report the bugs 
 
 
- I switched to LibreWolf after seeing these news. It’s been working just as well as firefox and you can adjust the privacy functions as much or as little as you want. - I appreciate the recommendation. I’ve been using Firefox for many years but I admit it’s time in the sun is over. It hurts to leave it behind but I guess nothing lasts forever.  - Goodbye old friend - Yeah, I’ve been using firefox for as long as I can remember. Sad to see it go this way. 
 
 
- I wish librefox would come to android - I’m using Fennec on mobile and it seems to be working fine. 
 
- Hm, I might switch to this, this article worried me a bit 
 
- Well it’s been a nice time while it lasted but this should be a lesson that nothing is safe from enshitification and corruption. Fortunately there are a few options till something better arrives. Personally I’m waiting for Ladybug - Ladybug xD 
 
- I’m looking into Ladybird browser that everyone here is talking about and I can’t find anything about when they will release something. - Keep an eye on it, but it’s not ready yet. 
- Alpha will drop around 2026[site], but they have several contributors so who knows. Compiled it a few months ago at it was just a browser without engine, not sure how much it developed now but I’m hopeful 
 
- Does using a fork like Librewolf and Ironfox keep you safe from this? - I don’t think we understand very well the threat model here. Are we talking about having a Mozilla account or the web engine itself. If you have an account they will probably start doing mining shit with it. What about activists researching certain topics then? The content browsed can be visible to Mozilla if they use their account for syncing bookmarks. That should be a dealbreaker right there. No different than Meta user-profiling the fuck out of your engagement behaviors. Now if this is NOT the case and you haven’t a Mozilla account, I assume that the version of the web engine available back at the time of the fork is exactly the same. So far so good. - The problem is that browsers are hard, and there is a ton of web protocols to be implemented, various fixes for security, support extensions and other QOL features. WORD ON THE STREET is that tasks like these cannot be undertaken as solo/hobby projects, that funding and an organization structure is essential. The teams behind LibreWolf, Waterfox, etc have a track record of already lagging behind Firefox’s version updates. Same goes with user-profile and configuration sets like Arkenfox (if I am not wrong). You may tweak the conf all you want, but if privacy and anonymity is compromised at the web engine level, these forks will be left with little to do about it. Then the only option will be to keep using an old version of the web engine (sacrificing security and quality of life extensions), or ditching the gecko web engine altogether. - That is why people are looking for genuine alternatives to the web engine. 
 
- deleted by creator - The choice of C++ + Swift feels strange and off-putting to me. Swift, at least, is pretty safe as languages go, but does leave me scratching my head a bit. C++, though, frankly should have no place in a new browser project. For a piece of software whose whole purpose is to essentially download and run untrusted code, C++ is unacceptable. - It’s realistically not gonna happen, but what I’d really like to see is Servo developed into a full browser. - deleted by creator - Yeah, I know the history. And if they fully switch to Swift and manage decent performance, that would be acceptable, just strange. And it would also be fine to use whatever language if it were only a hobby project. I just reject the notion that C++ is an acceptable choice for new projects in security-critical positions. - deleted by creator - Yeah, it was ok when the project started. The issue begins once it transitions from a toy to a potential competitor with Firefox. - deleted by creator - And as I said, if they manage to entirely switch, I won’t have reservations. - As far as security in extant browsers and C++, see here: https://www.chromium.org/Home/chromium-security/memory-safety/ - The Chromium project finds that around 70% of our serious security bugs are memory safety problems. - It’s a serious issue. 
 
 
 
 
 
- Could you explain how their language choice affects the security of the software? Because it’s open source and easier to find cracks? - No, the industry consensus is actually that open source tends to be more secure. The reason C++ is a problem is that it’s possible, and very easy, to write code that has exploitable bugs. The largest and most relevant type of bug it enables is what’s known as a memory safety bug. Elsewhere in this thread I linked this: - https://www.chromium.org/Home/chromium-security/memory-safety/ - Which says 70% of exploits in chrome were due to memory safety issues. That page also links to this article, if you want to learn more about what “memory safety” means from a layperson’s perspective: - https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/ - Cool, it makes sense I guess. But why would other languages not also be succeptible to memory injections? - In simple terms, they just don’t allow you to write code that would be unsafe in those ways. There are different ways of doing that, but it’s difficult to explain to a layperson. For one example, though, we can talk about “out of bounds access”. - Suppose you have a list of 10 numbers. In a memory unsafe language, you’d be able to tell the computer “set the 1 millionth number to be ‘50’”. Simply put, this means you could modify data you’re not supposed to be able to. In a safe language, the language might automatically check to make sure you’re not trying to access something beyond the end of the list. 
 
 
 
 
- Correct me if I’m wrong but ladybird is focused on a new browser, and not a new browser that is privacy oriented? Their language is pretty specific about donations and independence, but I didn’t catch anything that specifically denotes privacy. - deleted by creator 
 
- @pyu @opensource @whydudothatdrcrane we have ‘brave browser’ and ‘librewolf’ too 
 
- Time for Ladybird to release their first alpha? 
- I keep Firefox, brave, Librewolf, and Vivaldi All configured and loaded with my plugins and bookmarks. - When Google pulled out of Firefox funding I expected them to go down a dark path. - I don’t know that any of those choices of browsers are going to be significantly better than the others long-term. I’m also hoping for ladybug eventually. - LW doesn’t seem to play nice with some of my sites and some of my plugins. It’s the one I want most to work. The last time I tried it, delivering pass keys out of bitwarden in it didn’t work. And that kind of makes it a no-go for me. I should try it again though it’s been at least a year. - I’m pretty sure brave would sell my kidneys if they could. But they are the only one on the list that’s truly funded and they keep up with the Joneses on YouTube ad blocking. And there also probably the strongest browser for anti-fingerprinting at the moment. - Vivaldi seems to work okay but it’s just a Google clone, they’ve only dedicated to not enforcing manifest V3 for “as long as they could.” - I thought Mullvad was the best in anti-fingerprinting. Anyone can check their own configuration with EFF’s “cover your tracks” site. - They slightly edge out brave on vanilla. Once you load all of your plugins and stuff braves a little better at lying about it. To be fair they’re both close enough it doesn’t matter either one will get the job done. I usually think of mull as a leave it vanilla and use it when you need to leave no trace. - Note just to be sure, Mull is a different thing than Mullvad. What you wrote makes sense for Mullvad, but I am not so sure if this is the case with Mull, the mobile app. - I’m only dealing with desktop browsers in this and trying to type with autocomplete from an uncomfortable position. I’m fairly certain privacy doesn’t really exist in OTC Android. 
 
 
 
 
- Doesn’t using tor or librewolf fingerprint you from the standpoint of using a rare browser? 
- Not an exhaustive list on the Gecko engine or its forks: - Mozilla Firefox (Windows, macOS, Linux, Android, iOS)
- LibreWolf (Windows, macOS, Linux)
- Waterfox (Windows, macOS, Linux)
- Tor Browser (Windows, macOS, Linux, Android)
- Pale Moon (Windows, Linux)
- Basilisk (Windows, Linux)
- K-Meleon (Windows)
- Midori (Windows, macOS, Linux)
- SeaMonkey (Windows, macOS, Linux)
- Floorp (Windows, macOS, Linux)
- CometBird (Windows)
- IceDragon (Windows)
- Flock (Windows, macOS, Linux)
- Capyloon (Windows, macOS, Linux)
- Ladybird (Windows, macOS, Linux, Android)
- QupZilla (Windows, macOS, Linux)
- Zen Browser (Windows, macOS, Linux)
- Comodo IceDragon (Windows)
- Otter Browser (Windows, macOS, Linux)
 - I thought Ladybird was its own seperate project and engine. 
 




















