> We’ve been motivated by the improvements we’re seeing in our telemetry data, and we’re convinced that our efforts this year are having a positive effect on Firefox users.
Mozilla gets a lot of flak (especially around here!) for their sometimes heavy-handed usage analytics, but it's nice to see that used for its stated purpose! Great use of data here.
I'm not a fan of telemetry in any browser (I love Lynx because of this), but Mozilla is definitely more trustworthy than Google or Microsoft.
Edit: I'm not saying that Lynx should be a daily driver or that it's more secure, but it's a neat little project that avoids some of the bad patterns in modern browsers.
Taking stock of the connected devices and software that I am familiar with, I'd say there is a strong correlation between detailed user tracking and worse UX. It seems weird at first glance but I think there are some solid explanations for why that might be.
Data analysis is difficult to perform and understand well. It is easy to draw mistaken conclusions or to twist results to show the conclusion a person wants, and using detailed numbers can lead to a false sense of confidence in the results.
Companies are first and foremost optimizing for their benefit, not the user. Detailed tracking can uncover interesting ways for a company to make more money at the expense of the user.
Others have answered this, but I just wanted to point out the software devs have been managing to understand how their products are used for improvement purposes from long before telemetry was a realistic possibility.
Telemetry doesn't make it possible, it makes it less expensive.
Do you think it is the same asking a small subset of users than having info on all the users? I work as a Product Manager, and trust me, it is not the same.
How are companies that aren't software vendors and aren't able to spy on their customers able to do it? Did software companies not have good ways to do this before spying on their users?
1 and 2 are problematic because it's very hard to get representative data from either one. The people who have time for user studies or post on your forums are not representative users.
Only listening to data from 1 & 2 results in the sort of angry posts you frequently see on HN complaining that devs aren't listening to "real users" or have the wrong priorities.
You end up needing data from additional sources, telemetry being one of them.
You do not need it. This is a really weird attitude. Until like the late '00s "telemetry" was, full stop, spyware (still is, for those of us who didn't shift our attitudes with the prevailing winds). I wouldn't say that responsiveness to user needs and desires has improved since then, in software design.
But what is the problem? That I can know that you press the print button? That you chose the Edit menu? I really don't see the problem. Please, explain, I really want to understand.
You don't see the problem of someone recording the actions you take using your own computer in your own home or office? It's like having a stranger sitting over your shoulder watching you. It's creepy and weird, and it's gross that people try to do it at all.
It's one thing to argue over whether basic user facing software like an image compressor or a text editor should have telemetry, but a web browser is one of the least controversial scenarios for telemetry I can imagine. It is constantly sending and receiving data on your behalf with hundreds or thousands of servers spread across the internet as a user agent. Your usage patterns - i.e. is it crashing, is the feature you're trying to use failing to work for some reason, is it rendering at a good framerate, is it running out of memory, are you having trouble finding the information you're looking for - are going to be incredibly complex and specific to you.
Significant bugs can affect only 1% or 0.1% of a browser's userbase but at Chrome scale or even Firefox scale that's like a million people. If you don't have telemetry it is REALLY hard to hear from those people about their problems and understand them. There simply are not alternative solutions that work half as well as opt-in (or opt-out) telemetry. People who say web browsers don't need telemetry are simply ignorant of what it's like to ship one and try to keep it working in the face of a constantly shifting environment - broken drivers, broken VPNs, malicious websites, malicious extensions, broken hardware, and users who are confused or tired or simply just bad at using software. No one is speaking on their behalf, you have to dig their suffering out of the data by looking at crash reports and performance metrics.
Shipping a web browser used by a million (or a billion) users means that you have a responsibility to do a good job. If your browser is not well engineered and reliable and responsive to users' needs that can result in data breaches or third-party server outages when your browser misbehaves or incorrectly channels user intent.
I'm personally a fan of making usage telemetry opt-in instead of opt-out, but browsers are a case where I don't opt out because I know how important the data is for browser vendors to make informed decisions.
This is of course different from sending your browsing history to Google, Microsoft, or any other company. I encourage people not to opt in to that stuff and not to sync their history/bookmarks/etc to those companies.
> It's one thing to argue over whether basic user facing software like an image compressor or a text editor should have telemetry, but a web browser is one of the least controversial scenarios for telemetry I can imagine. It is constantly sending and receiving data on your behalf with hundreds or thousands of servers spread across the internet as a user agent.
It's probably no accident that spying on users got popular just as this became the case. Constant network traffic while web browsing didn't start to become the norm until late in the '00s, either. If you weren't clicking links, you could often open Wireshark or sniff with Netcat and see nothing. Not from your browser, not from anything. Certainly ~nobody was collecting heatmaps of where you move your mouse, or firing a network request if you selected text. Or recording entire user sessions for playback, or so you can watch them live (god, those tools are creepy as hell)
The prevalence of "every app you use is a web browser now" is absolutely a catastrophe for user privacy and software reliability for this reason, IMO. Every tiny component now has a thousand moving parts that can spy on you.
> But what is the problem? That I can know that you press the print button?
When the internet was young, and most people were using dial up connections, just collecting the dates and times that a person was online and using a program was (and still is) a massive violation of privacy. Software "phoning home", even just to check for updates (collecting IP addresses, timestamps, and version numbers) was enough to get your software branded as spyware.
No software company needs to know which hours I'm awake, when I'm using my computer, which hours I work, which hours I use their program, how long I use their program, how long it's been since I last used their program, etc. It's intrusive, entirely none of their business, and it's insane that they all feel entitled to that kind of information.
If I print something, don't print something, or what the things I print are is also none of their business. Neither is what I'm printing it for, where I put the printout after I take it from the printer tray, or if I use tape or a thumb tack to secure it in place, but you can bet that if software could easily collect that data it would and somehow it would be considered impossible to write good software without that information.
From a privacy standpoint telemetry is always invasive, which is why I disable it any way that I can. Even without the privacy aspect telemetry is a bad idea. I don't want program updates that remove features just because I (and others) don't use them very often. I don't want updates that constantly shuffle the UI around according to how they think "most" people have been using it this week. I don't want my workflow disrupted every few months because it's uncommon. I don't want the way I choose to use the software on my device to influence how other people are expected to use it either.
Telemetry is much better when it's limited to reporting errors and bugs, but even that should be opt-in only.
You don't need spyware just to improve a product. Dev teams were able to produce great software before we were constantly online.
If a team is so unfamiliar with their product and customer base that it cannot take action without telemetry, maybe they're not the right team to make that product. Statistics are not a substitute for domain knowledge.
By reading up on those decades-old bugs in the issue tracker, by making said issue tracker easier to vote on and pleasant to look at, by making other easy feedback submission mechanisms that don't become black holes themselves, by many other options mentioned elsewhere
Mozilla, the legally registered non-profit foundation with a mission statement[0], for sure is more trustworthy than a for-profit data behemoth whose sole revenue comes from collecting as much data a possible, or a for-profit tech company with a history of corporate abuse and user hostile behavior.
That's the Mozilla Foundation, the Mozilla Corporation is the for-profit developer of Firefox that's owned by the Foundation. If Mozilla never established the Corporation I'd give them more slack, but from a "it's nonprofit" perspective it's on the same level as IKEA, which is also owned by a nonprofit foundation.
Technically, google doesn't sell people's data. It uses data to train AIs to predict people's behaviour, modify that behaviour, modify attitudes/beliefs (it's an ad company), and eventually replace people
Thanks, I updated my original post because how they profit from the data is immaterial to the fact that they want it and they coax people into letting them collect it.
I'm not trying to be a contrarian, but Google paid Firefox lots of money to force Google as the default search. Likely an offer they would refuse at their own peril, but I really liked how my search engine settings persisted when I reinstalled. Now it defaults to google.
There's also a ton of promoted garbage on your homepage and privacy switches that need to be toggled off by default. Those settings don't carry-over when you sync your account settings.
I still prefer Firefox, but they are not immune to the encroaching enshittification.
I agree they're not immune whatsoever. In fact I hold them to a higher standard than the others because it's their mission to do it, so their failures sting much harder.
But I hold the others to zero standard. There is less than zero trust there. I expect to be abused by them because their mandate requires them to ignore my wishes. It's not a failure but a success to them.
Well wait, I don't think jeffbee was saying it's bad to enjoy things, but rather that the person they were responding to was implying something, namely "Lynx is (in some way) better than Firefox because it doesn't take telemetry data."
Lynx definitely takes less telemetry data than Firefox, but it also gets substantially fewer updates, including security updates. I think text-based browsing is pretty fun but I don't really use it in no small part because of the infrequency of updates.
I can see how the post could be interpreted that way. I've added an edit at the bottom to clarify that I'm not suggesting people actually use it as they main one.
Yeah, right after I hit post it occurred to me that assorted media codecs (pictures, video, audio) were probably the next largest attack surface that lynx would also necessarily be immune to :)
I don't know about Lynx, but terminal browsers can display images. w3m is able to do it on virtual terminals and terminal emulators that support it if you install the right packages (w3m-img on Debian for instance).
I don't know nothing about Lynx, except that I always wanted to write a CLI web browser that did support all web features like JavaScript, just to see if it'd work.
This advice mainly applies to people using old OSes or who don't update their browsers.
I just went through Lynx's the <20 CVEs over the last 20 years and couldn't find any that haven't been fixed. Same cannot be said for Chrome or Firefox which have dozens every year.
> Pseudonymous user so concerned about privacy that they use the browser with by far the greatest density of exploitable flaws.
"I love Lynx" is different from "I use Lynx for security-sensitive browsing," and "greatest density of publicly documented exploitable flaws" is, even if true (I don't know), not the same as "greatest density of exploitable flaws."
While you're probably right and we should be concerned, I'd say what is more concerning that than the quantity is the content.
Whenever I hear that an app is collecting telemetry I feel conflicted between leaving it on for maintainers to gain a better understanding of performance and potential issues, or off so that it's not used to profile me.
It would be nice if telemetry was somehow simply differentiated through some app options.
Chromium is open source. And unsurprisingly all the data collection bits are open source too. (They call it UMA metrics in the codebase.) Search in the codebase for things like UMA_HISTOGRAM_ENUMERATION or SCOPED_UMA_HISTOGRAM_TIMER and with a free afternoon you'll have a pretty good idea what kind of telemetry Google really collects.
Chrome is closed-source though. There’s no way to make a reproducible build of Chrome (the Google binary adds DRM and could be adding more).
I’m mentioning this, because this open-closed ambiguity is a typical Google strategy. Similarly, Android in the AOSP flavor is open, but the OS that actually ships on phones is different.
(Sorry I edited my comment before I saw your reply.)
That doesn't seem very useful for the metrics shown in that article. For hard to find bugs sure, for 95th percentile calculations and so on you can just buy a few computers at a retail store and get the same information.
New computers don't behave like old computers, and it's not worth trying to guess why that might be. Could be anything running in the background, old NAND, old battery, low disk space, satellite internet…
Once you do have a model of badness I agree it's better to try to set that up yourself.
That can get you 95th percentile calculations for brand new computers that you bought from the store in 2023 that are running Firefox alone, but that doesn't help you understand what your performance will look like when you're running on a 10-year-old machine running Windows 7 while the user is also running Microsoft Word, Excel, and Outlook at the same time. Your P95 numbers aren't especially meaningful if you've only tested ~10 different PC configurations.
Maybe you get the same result, but with the real user data, you can confidently say the performance has been improved without an disclaimer saying the data was collected in-house.
What's great about it? They can't tie to a specific website, the data is dirty with other factors (as they acknowledge themselves), so what's the benefit vs just testing in on an sample of actual websites to see what is slow?
Happy to see the top comment on a Mozilla/Firefox article not being somebody grinding their axe with Mozilla (and I say that as somebody definitely having a few) :)
I just don't like being bullshitted. Constant marketing about privacy while they're phoning home a bunch of data when you start and stop the browser. I did at some point find a doc page with a zillion steps to disable all of it but that doesn't remediate the hypocrisy IMHO.
What telemetry are you objecting to? Telemetry has good and bad uses. For example, sending in automatic crash reports helps companies find bugs. It can also expose sensitive information which was in ram at the time of the crash.
Another example is usage telemetry tells developers what part of the app is being used and can help them focus popular features or on working to let people know about useful but under used portions of the app.
My main complaint about people who dislike telemetry is they never acknowledge its good uses and they never state what telemetry is objectionable.
> My main complaint about people who dislike telemetry is they never acknowledge its good uses and they never state what telemetry is objectionable.
There's a good reason for that: it is an asymmetric relationship.
The person who enabled telemetry isn't necessarily the user of the software. Ie. it can be mandated or put on by a sysadmin (even by mistake), without user's say. On top of that, the user of the software and/or sysadmin are unable to assess whether they want to share the data because they cannot analyze the data beforehand. They lack the expertise in doing so.
Meanwhile I have to disable telemetry every friggin' time I use Mozilla Firefox. It gets old, having to say 'no' all the time, ya know? I now realize how it feels being a young woman on the market. Geez, I feel sorry for my daughter. The shit she'll have to endure, sayin' 'no' all the time.
Religion seems like a needlessly incendiary example that is going to bring up some strong rhetoric.
But I mean I’m an atheist and I think religion is, on net, bad. But we’ve allowed a sort of less dangerous version of it to persist in most advanced countries, in the form of separation of church and state. If it was really just all bad, I suppose we’d ban it altogether.
I think people can generally see that there are some pros to things they don’t like. Not engaging with the aspects of something that are inconvenient to your case puts you in the realm of propaganda and rhetoric, not good faith discussion.
Probably because there's little disagreement about the existence of the benefits of it or what they are. That's not the issue.
For me, the issue (as with all things like this) is about consent. Opt-in telemetry? I have no issue with it. Opt-out telemetry? Very sketchy, but at least you can opt out. Undisclosed or mandatory telemetry? Completely unacceptable.
That's some of it but not all of it. If you uncheck those and proxy FF when it's starting you'll see the chatter. I have the doc page I'm talking about somewhere but I have no idea where it is. Fully disabling it is a long complex process involving about:config.
* Found this: https://github.com/K3V1991/Disable-Firefox-Telemetry-and-Dat... I haven't compared their list to the one I've used before but it's along the same lines and explains the discrepancy between the config settings and Firefox's actual behavior.
> Telemetry data is stored locally by default. As long as the relevant options in the settings' UI are unchecked, or datareporting.healthreport.uploadEnabled is set to false in about:config, this data won't be sent. <https://medium.com/georg-fritzsche/data-preference-changes-i...>
There's likely to still be some non-telemetry chatter, like checking for available Firefox/plugin updates etc.
If there is one thing we should have learned over the past decade, it should be that if the data is collected, it will be sent.
I followed the argument and I understand what you are saying. What I am saying is that it was not that long ago that FF decided to disable plugins remotely ( I think we even discussed it on HN[1]). What makes you think they won't one day push an update to just upload that local data?
Click the menu button Fx89menuButton and select Settings.
Select the Privacy & Security panel.
Scroll to the Firefox Data Collection and Use section.
Deselect the Allow Firefox to send technical and interaction data to Mozilla checkbox.
You can get directly there by copying into the url bar
Mozilla gets a lot of flak (especially around here!) for their sometimes heavy-handed usage analytics, but it's nice to see that used for its stated purpose! Great use of data here.