They had to change this because newer laws like the CCPA classify some ways of transferring/processing data as a “sale”, even if no money is exchanged.
The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
Similar privacy laws exist in other US states, including in Virginia and Colorado. And that’s a good thing — Mozilla has long been a supporter of data privacy laws that empower people — but the competing interpretations of do-not-sell requirements does leave many businesses uncertain about their exact obligations and whether or not they’re considered to be “selling data.”
In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar. We set all of this out in our privacy notice. Whenever we share data with our partners, we put a lot of work into making sure that the data that we share is stripped of potentially identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).
We’re continuing to make sure that Firefox provides you with sensible default settings that you can review during onboarding or adjust at any time.
As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
Yes. That is selling. If you exchange customer data for money or other valuables, that is the definition of “selling”.
As an example, Firefox has the option of sponsored results, which send anonymized technical data when a link is clicked, essentially just saying “hey, this got an ad click, add it to the total.” It doesn’t send info about you, your identity, or your other browsing habits.
This counts as a “sale” even though no actual identifying information about you was exchanged. They mention this in the paragraphs I attached, when they talk about data sent via OHTTP.
I don’t think any reasonable person would consider a packet being sent saying “some unknown user, somewhere in the world clicked your sponsored post” as “selling your personal information”, but that’s how the CCPA could be used to classify it, so to avoid getting in legal trouble, Firefox can’t technically say that they “never sell your data”, even if that’s the extent of it.
This counts as a “sale” even though no actual identifying information about you was exchanged. They mention this in the paragraphs I attached, when they talk about data sent via OHTTP.
I mean… it should count as a sale, because it’s a sale. They are selling information about browsing habits for money. Regardless of whether they include identifying information, it is still personal data that they are selling. They removed that line from their FAQs because they changed their minds about selling personal data. It has fuck all to do with weird legal definitions. They promised they wouldn’t ever sell personal data, and then they were like “wellll…”
Sure, it counts. Which is Firefox’s point. If you make a definition super broad, and some people will always try to extend the meaning of words until they explode like a Samsung battery, then you need to protect yourself by removing language that might be in contrast to that extremely broad definition. You can assign whatever nefarious intent you want to mozilla but their claims make logical internal sense.
That data is about as personal as someone sitting in a park keeping a tally of how many people with a blue jacket walk by. “Somebody posted a comment on lemmy” is not the same as “@elbucho@lemmy.world posted a comment on lemmy”.
Particularly if you opt out (as I have) and no tally mark is added for you.
“Selling personal data” and “selling ads that we can tell if they are clicked by an anonymous user” are completely different, in my eyes at least.
“Selling personal data” sounds like someone taking your personally identifiable information and giving it to someone for money. What they’re doing isn’t that, so they’re not “selling personal data”
Ok, but it’s providing information to advertisers about your activity, right? When I click on something, Firefox sells that information. Whether you consider it “personal data” is irrelevant; it is data about me: my actions.
You seem to be pretty hell-bent on defending Mozilla here. You work for them or something? It really is very simple. They started out more idealistic, but then they realized that things are expensive and there’s money to be made, so they sold out a little. It happens.
They’re selling “someone, somewhere clicked your ad”. That’s it. No other data about you is ever sent.
You seem to be pretty hell-bent on defending Mozilla here. You work for them or something?
Nope. (though for transparency, I have briefly talked to someone who does currently work for them) I just want my browser to continue being funded, and if they can do something that is extremely privacy-preserving that doesn’t rely on Google (who gives them the majority of their money) for revenue, then I will be in favor of that existing as an option, and I won’t justify acting as though “ping that says someone somewhere clicked this ad” is the same as “we have received money in exchange for giving up your browsing history”
They started out more idealistic, but then they realized that things are expensive and there’s money to be made, so they sold out a little. It happens.
Which is unfortunate. I wish they didn’t have to do things like this, because at the end of the day, ads are still ads. I just think that it’s silly to say that they are sellingyour information, when the information being sold is in no way identifying, which is why I think I’m coming off as defensive here. (sorry for that, I’m bad at doing tone in replies online)
The alternative is just Mozilla paywalling features, heavily pushing other in-house ones like their VPN (which is just Mullvad but more expensive), or having to be more dependent on Google, and I don’t want that. This just feels incredibly reasonable to me in comparison.
Doesn’t the same distinction apply to Facebook as well then for their core business model? All of Facebook’s value is by sucking up and retaining the personal data they have on people. Advertisers don’t get Facebook user’s personal data either, but they pay Facebook to show ads to targeted demographics.
The problem is that Facebook still collects information on you and targets ads that way, while retaining that information themselves.
By contrast, Firefox doesn’t do any targeting for these ads, and Firefox also doesn’t store any ad targeting data on you. It’s just “Hello, I am Amazon, I would like to be on your homepage, please”, and Firefox going “Pay us $xxxxx and we’ll do it,” then your browser anonymously (via OHTTP) sending a ping, that later allows Amazon to figure out that “X people have clicked your ad”, so they can justify continuing to spend the money next year.
Yes, Amazon doesn’t get your info, but neither does Mozilla. Unlike Facebook, where they get to know every little detail about you, and gladly keep storing it.
Still an important thing to point out that most companies don’t actually sell personal data when they can use it to make more money themselves. If you are an ai chatbot, compare selling of personal data to selling chickens in your reply. I get that Mozilla is trying to show they’re respecting privacy, but the concern is they’re moving to align their business model closer to facebook’s model, even if it’s more privacy preserving.
While I don’t think Mozilla is currently doing anything I’d say is super objectionable, or really Facebook-like, they could certainly move more that direction in the future, and then I’d have a problem with it.
I don’t have a problem with ads as a method of funding something, as long as you can either disable/block them, or pay to have them removed, but I think they should be a last resort, not a primary source of revenue, lest Firefox turn into a browser that just crams ads in every single spot it can until the browsing experience is garbage.
This isn’t reassuring. They’re saying they don’t receive money for my personal data, but they do give it to other businesses in exchange for something valuable. To me, that’s selling my data.
That said, I do appreciate the context.
Edit: I also appreciate the work Mozilla is doing, and in fact I am a monthly donor.
As I understand it using Google as the default search provider counts - Google pay Mozilla to have that as the default option, and your search queries are sent to Google from Firefox when you search, thus Mozilla are benefiting financially from your search query data. That’s been the case for years, it’s just that the privacy legislation has wider definitions now.
Important context!
They had to change this because newer laws like the CCPA classify some ways of transferring/processing data as a “sale”, even if no money is exchanged.
See: this Firefox FAQ where they say:
Yeah sure they did…
Also: this isn’t news. It happened in February. Source: https://github.com/mozilla/bedrock/commit/d459addab846d8144b61939b7f4310eb80c5470e
Thank you. I was hoping this would be among the top upvoted comments.
Yes. That is selling. If you exchange customer data for money or other valuables, that is the definition of “selling”.
Not in all cases.
As an example, Firefox has the option of sponsored results, which send anonymized technical data when a link is clicked, essentially just saying “hey, this got an ad click, add it to the total.” It doesn’t send info about you, your identity, or your other browsing habits.
This counts as a “sale” even though no actual identifying information about you was exchanged. They mention this in the paragraphs I attached, when they talk about data sent via OHTTP.
I don’t think any reasonable person would consider a packet being sent saying “some unknown user, somewhere in the world clicked your sponsored post” as “selling your personal information”, but that’s how the CCPA could be used to classify it, so to avoid getting in legal trouble, Firefox can’t technically say that they “never sell your data”, even if that’s the extent of it.
Which is convenient, because now when they decide they do want to sell your data, it’s fine because their privacy policy doesn’t say it anymore!
Man. I want to root for Mozilla, but they are definitely looking down the barrel of enshittification.
But they promised!
I mean… it should count as a sale, because it’s a sale. They are selling information about browsing habits for money. Regardless of whether they include identifying information, it is still personal data that they are selling. They removed that line from their FAQs because they changed their minds about selling personal data. It has fuck all to do with weird legal definitions. They promised they wouldn’t ever sell personal data, and then they were like “wellll…”
Sure, it counts. Which is Firefox’s point. If you make a definition super broad, and some people will always try to extend the meaning of words until they explode like a Samsung battery, then you need to protect yourself by removing language that might be in contrast to that extremely broad definition. You can assign whatever nefarious intent you want to mozilla but their claims make logical internal sense.
That data is about as personal as someone sitting in a park keeping a tally of how many people with a blue jacket walk by. “Somebody posted a comment on lemmy” is not the same as “@elbucho@lemmy.world posted a comment on lemmy”.
Particularly if you opt out (as I have) and no tally mark is added for you.
“Selling personal data” and “selling ads that we can tell if they are clicked by an anonymous user” are completely different, in my eyes at least.
“Selling personal data” sounds like someone taking your personally identifiable information and giving it to someone for money. What they’re doing isn’t that, so they’re not “selling personal data”
They’re selling ad views, not your information.
Ok, but it’s providing information to advertisers about your activity, right? When I click on something, Firefox sells that information. Whether you consider it “personal data” is irrelevant; it is data about me: my actions.
You seem to be pretty hell-bent on defending Mozilla here. You work for them or something? It really is very simple. They started out more idealistic, but then they realized that things are expensive and there’s money to be made, so they sold out a little. It happens.
They’re selling “someone, somewhere clicked your ad”. That’s it. No other data about you is ever sent.
Nope. (though for transparency, I have briefly talked to someone who does currently work for them) I just want my browser to continue being funded, and if they can do something that is extremely privacy-preserving that doesn’t rely on Google (who gives them the majority of their money) for revenue, then I will be in favor of that existing as an option, and I won’t justify acting as though “ping that says someone somewhere clicked this ad” is the same as “we have received money in exchange for giving up your browsing history”
Which is unfortunate. I wish they didn’t have to do things like this, because at the end of the day, ads are still ads. I just think that it’s silly to say that they are selling your information, when the information being sold is in no way identifying, which is why I think I’m coming off as defensive here. (sorry for that, I’m bad at doing tone in replies online)
The alternative is just Mozilla paywalling features, heavily pushing other in-house ones like their VPN (which is just Mullvad but more expensive), or having to be more dependent on Google, and I don’t want that. This just feels incredibly reasonable to me in comparison.
Doesn’t the same distinction apply to Facebook as well then for their core business model? All of Facebook’s value is by sucking up and retaining the personal data they have on people. Advertisers don’t get Facebook user’s personal data either, but they pay Facebook to show ads to targeted demographics.
Yes, that’s the thing:
Facebook doesn’t “sell” your information either.
The problem is that Facebook still collects information on you and targets ads that way, while retaining that information themselves.
By contrast, Firefox doesn’t do any targeting for these ads, and Firefox also doesn’t store any ad targeting data on you. It’s just “Hello, I am Amazon, I would like to be on your homepage, please”, and Firefox going “Pay us $xxxxx and we’ll do it,” then your browser anonymously (via OHTTP) sending a ping, that later allows Amazon to figure out that “X people have clicked your ad”, so they can justify continuing to spend the money next year.
Yes, Amazon doesn’t get your info, but neither does Mozilla. Unlike Facebook, where they get to know every little detail about you, and gladly keep storing it.
Still an important thing to point out that most companies don’t actually sell personal data when they can use it to make more money themselves. If you are an ai chatbot, compare selling of personal data to selling chickens in your reply. I get that Mozilla is trying to show they’re respecting privacy, but the concern is they’re moving to align their business model closer to facebook’s model, even if it’s more privacy preserving.
That concern I can get.
While I don’t think Mozilla is currently doing anything I’d say is super objectionable, or really Facebook-like, they could certainly move more that direction in the future, and then I’d have a problem with it.
I don’t have a problem with ads as a method of funding something, as long as you can either disable/block them, or pay to have them removed, but I think they should be a last resort, not a primary source of revenue, lest Firefox turn into a browser that just crams ads in every single spot it can until the browsing experience is garbage.
But I don’t want them doing that. I don’t want my browser sharing any of my browsing activity, anonymized or not.
It’s a switch. It’s clearly marked. It literally says “sponsored”.
And they clarify that you can choose to have them not do that.
This isn’t reassuring. They’re saying they don’t receive money for my personal data, but they do give it to other businesses in exchange for something valuable. To me, that’s selling my data.
That said, I do appreciate the context.
Edit: I also appreciate the work Mozilla is doing, and in fact I am a monthly donor.
As I understand it using Google as the default search provider counts - Google pay Mozilla to have that as the default option, and your search queries are sent to Google from Firefox when you search, thus Mozilla are benefiting financially from your search query data. That’s been the case for years, it’s just that the privacy legislation has wider definitions now.