You can't advertise as a "private browser" an get away with that PR bullshit. "Anonymous" usage data is anything but when the server receiving it can easily tell who it's coming from. Mozilla is not the user, it breaks the entire idea of privacy.
As people below have already added their comments, I just want to give my two cents. This is not PR bullshit, but the Focus team can consider asking users on first run.
This private browser, having been using it since beta on iOS, is nothing more than just a private browsing window like the one offered in Desktop version (I am not here to debate the technical implementation since I do not know).
Telemetry does not break privacy. Privacy is a contract between the user and the product creator. In this case, Mozilla offers opt-out and does its best effort to document. User has the right to opt out or even choose not to use the software.
To me, this is a positive user feedback, but not some PR bullshit (frustration I get it). When someone says your session is private under TLS, well, your IP and user-agent are almost guaranteed captured in server logs, but you can choose to believe/not believe the service provider promises in the respective ToS.
Part of the problem is when Mozilla gives data to Google, there is no way of knowing what Google does with it.
If you want to trust Mozilla AND Google AND trust that no gag orders have been issued to the above companies by the NSA, CIA, FBI et al, fine. That's the way 99% of apps work. They all have privacy policies, and people generally trust them.
The whole point of explicitly "private" or "anonymous" software is that there are a bunch of users that do NOT trust the above.
Calling your software "private browsing software" and then having Google-anything embedded in it is like serving vegetables cooked in chicken broth and calling your dish "vegetarian". Although 90% of the population will gladly eat your chicken broth, it's disingenuous to sell it to actual vegetarians.
As mentioned elsewhere in this thread, the Google SDK is only used to record whether the app was installed by way of an ad campaign Mozilla is running on Google. All other telemetry data goes directly to Mozilla servers, and contains things like "feature X was used"—not browsing data.
That is not actually what I said. The only component we use for campaign tracking is Adjust which has nothing to do with google services. Adjust has gone through a very tough vetting process.
> - Adjust SDK: an install attribution tool (aka install referrer tracking). This is only used to determine whether the app was installed as the result of a specific (google-hosted) ad campaign. Adjust depends on play-services-analytics. ( https://www.adjust.com/glossary/install-referrer/ ).
play-services-analytics is what I meant by "the Google SDK" in question; sorry if that was unclear!
You include an untrusted, proprietary binary from Google. Not directly, but as a recursive dependency: com.google.android.gms:play-services-analytics
So, yes, you give data to Google. The Google analytics dependency you include could literally be malware, and you could not test, or know. And you never know if it doesn’t just decide to steal your data and transmit it all, be it by Google’s decision or because an NSL was issued to demand Google do that.
So, yes, as soon as you include this dependency, the entire browser has to be considered compromised, and you might as well just use Google Chrome.
I'd like to see some actual evidence that we can act upon rather than a strong unsubstantiated opinion. If we really leak anything than I will stand corrected and the team will fix that promptly.
Because that library is there does not mean that we are giving data to Google. It does not even mean that it is active or that it is sending anything.
This is a very strange conclusion that you present. I feel you are just twisting and turning to come to an unfavourable outcome here.
Even Google has decent data collection policies. They will not randomly make an application collect data without the developer opting in. We did not opt in. We are not including any sort of google analytics api key to enable anything.
> Even Google has decent data collection policies.
I’m not sure if you’re trying to intentionally ignore the issue here.
You are asking people to trust Google. If people trusted Google, they’d use Google Chrome in the first place. Your entire userbase is people that don’t trust Google, at all.
If you use Google proprietary software in Firefox, and tell people to just trust Google, you just entirely destroyed every value Firefox ever had, and your own job.
The whole purpose of Firefox is that I don’t have to trust Google. That I don’t even have any kind of interaction with Google. That I can exist without having to use Google’s technology.
If you use Google Analytics in Firefox’ Addon menu, or in Firefox Focus, and say "but Google doesn’t technically track people because we have a contract with them", then I can just as well use Chrome. If I trusted Google to keep their word, I’d use Chrome.
Chrome runs far faster, looks better, is easier usable, has better addon support, works with more websites because everyone only supports Chrome anymore, it actually supports 10 bit video, oh, and it even does hardware video decoding on Linux.
The entire reason anyone still uses Firefox is because they don’t trust Google. If you ask people to trust Google, you’re literally telling them to just use Google Chrome.
That is the elephant in the room that everyone at mozilla tries to ignore by putting Google Analytics into the addon menu of Firefox (and, as result, also in the Tor browser), and by importing a Google Analytics library into Firefox Focus. This destroys the one single value that Firefox has in the current world: It’s not Google.
I don't think they're ignoring the issue, I think you're pushing an issue that they've already explained in parts of their statement that you chose not to quote.
>
st3fan: Because that library is there does not mean that we are giving data to Google. It does not even mean that it is active or that it is sending anything.
Having gone through the comment chain in other places it seems like your entire position in the debate between you and st3fan is based on ignoring what he's actually saying in general. In response to their request for evidence your responded
>That's pretty simple. Don't use proprietary software.
which sidesteps the query entirely and does nothing to lend credibility to your original position.
I don't expect to change your mind and frankly I don't have a reason to, but if your goal is to have productive or persuasive conversations then you may want to evaluate your current communication strategy.
It is disappointing that it seems the Mozilla representative on this thread does not appreciate that Google cannot be trusted on this. Anyone who has been a Chrome user for a period of time, and tried to use its privacy settings to stay private, will have noticed that they do not observe their own policies. Their entire business is based on monitoring people to improve targeting of advertising. I am technical (former CTO) and have put a lot of time into carefully tweaking settings for privacy, and there is no question that Google "cheat" on this.
I thought Firefox Focus was a great step forward in privacy, but I am dismayed to see it includes Google code, that it uses a third party analytics library, and that the developers do not see either of those as a big problem.
Well, the browsing is private. The way you obtain and use the browser isn't necessarily. It's an important distinction, though it's certainly still enough to be a dealbreaker for some.
I don't have to trust them if the code is open source and it doesn't send any data back to them or anyone else unless I explicitly allow it. I will try this browser and I will turn off telemetry, just like I do with Firefox. What makes me angry is why call it a "private browser" and not take it all the way? You can accomplish everything this browser does with Firefox except you have to configure it, why leave this one last thing enabled by default? I know no one at Mozilla really thinks "you can trust us" is a valid claim in the privacy game so something else is up, probably not a conspiracy, but at the very least, the wrong people are making some calls.
Reading that link it says nothing about disabling Google analytics, which is what the parent post implies is at play here. It is not clear that is the case, but if it is, the disable button does nothing to help you.
Firefox's about:config does not seem to work on FF Focus either.
If you recursively import a proprietary binary, it still ends up in the resulting apk. I’ve checked the APK, the Google Analytics libary ends up in it, and it is not in any way sandboxed from the rest of the browser.
It may end up in the APK but that does not mean it is actually used. This is the unfortunate side effect of pulling in dependencies with dependencies.
I can assure you that Adjust does not talk to google analytics behind our backs. It may have that option, but we did not configure it to use that functionality. What would it talk to, we did not configure an API key.
I will find out if we can remove this dependency to avoid confusion.
