We can only laud Mozilla for calling out Facebook over tracking, though I'm always left with the impression that the pervasive tracking Google engages in is a blind spot for Mozilla, at least in public statements.
One of the most unavoidable tracking services is reCAPTCHA, and the latest version works best when it is embedded in every page of a site. reCAPTCHA v3 collects sensitive personal data, such as mouse movements (which may reveal health issues), it maps how you interact with content, and your browsing history can be reconstructed from the pages you visit. Think of it as Google Analytics, but one from which you cannot opt out, because that means you're denied service on the respective site.
Given reCAPTCHA's popularity, this is effectively an inescapable data harvesting operation, since it uses Google's company-wide privacy policy, which gives them the right to use your data for ad personalization.
The turning point for Mozilla would be to call this out, and stand up against personal data collection for which consent cannot be freely given.
Mozilla are absolutely correct to ask for this. Luckily the Facebook Container keeps Facebook out of my browsing habits.
At the same time Facebook doesn't really give a fuck what Mozilla, you, or the EU, have to say. Maybe Mozilla is attempting to raise awareness with this petition, instead of getting Facebook to stop.
Really weird to see this posted on a site that uses Google Analytics. I performed a quick search and couldn't find a similar post from Mozilla complaining that people can't opt-out from Google Analytics. I guess the > $500M/year Mozilla gets from Google buys a bunch of selective outrage.
Yea. Mozilla is one of the very few good girls around, and your name connected to your email is probably in every public email dump already like everybody else's.
Edit: I changed my mind. Why is this page infected with google analytics?
Almost certainly, unless you trust Mozilla less than Twitter and LinkedIn, both of which you've trusted with your name and presumably email.
Mozilla seems to be one of the least un-trustworthy tech companies, at least in my opinion I'm honestly surprising to me that someone who's been in this scene so much longer than myself would ask this question about Mozilla.
It is quite possible to responsibly implement Facebook "like" buttons on your own pages without violating your users' privacy. I wish more people would do it. I suspect that including Facebook like Pages the way Facebook wants you to do it could be considered a gdpr violation, if it were interpreted that way perhaps people would actually fix it.
On the CII best practices badge site, we implement responsible links. As explained in our security assurance case,
"We do have links to social media sites (e.g., from the home page), but we do this in a privacy-respecting manner. It would be easy to use techniques like embedding images from external (third party) social media sites, but we intentionally do not do that, because that would expose to an external unrelated site what our users are doing without their knowledge. We instead use the approach described in "Responsible Social Share Links" by Jonathan Suh (March 26, 2015), specifically using share URLs. In this approach, if a user does not press the link, the social media site never receives any information. Instead, a social media site only receives information when the user takes a direct action to request it (e.g., a click), and that site only receives information from the specific user who requested it."
I don't mind people sharing information on Facebook, as long as they choose to do so. If they chose to do it, that's fantastic. What bothers me is Facebook being able to track people without their consent.
It's been a while but I remember going out of the way to strip all the JS surrounding both Like and Share buttons for Facebook. It was trivial to implement at the time. I did it because I didn't like being tracked and didn't want to inflict that on the users either. However, I had to fight for it. PM wanted the share count & page like count to show up. That can't be done without FB JS code.
There's also the advertising trackers that track every aspect of your website's users. These are usually added as is and for a variety of reasons - measure conversion, tag a user as converted to not show them ads anymore, retargeting...etc. Good luck convincing your marketing team to not add any of these trackers.
I did not have that problem, but I'm sure others do. I think the long-term solution is to make it clear that that is a gdpr violation, there is no reason that an unrelated third-party should get that information. Once people start getting serious fines, the bad behavior is more likely to stop.
We can only laud Mozilla for calling out Facebook over tracking, though I'm always left with the impression that the pervasive tracking Google engages in is a blind spot for Mozilla, at least in public statements.
One of the most unavoidable tracking services is reCAPTCHA, and the latest version works best when it is embedded in every page of a site. reCAPTCHA v3 collects sensitive personal data, such as mouse movements (which may reveal health issues), it maps how you interact with content, and your browsing history can be reconstructed from the pages you visit. Think of it as Google Analytics, but one from which you cannot opt out, because that means you're denied service on the respective site.
Given reCAPTCHA's popularity, this is effectively an inescapable data harvesting operation, since it uses Google's company-wide privacy policy, which gives them the right to use your data for ad personalization.
The turning point for Mozilla would be to call this out, and stand up against personal data collection for which consent cannot be freely given.
Dear Mozilla, don't route all our dns request to Cloudflare. We don't need more centralisation like Facebook, but decentralisation like Mastodon.
Isn't this an option you have to turn on manually?
And you can set another provider, Cloudflare is the default, though.
It's an option you have to turn off manually
Since when?
September
Just checked on a brand new profile for the release AND nightly channels, and neither have dns-over-https on by default.
Are you talking about DNS over https?
Mozilla are absolutely correct to ask for this. Luckily the Facebook Container keeps Facebook out of my browsing habits.
At the same time Facebook doesn't really give a fuck what Mozilla, you, or the EU, have to say. Maybe Mozilla is attempting to raise awareness with this petition, instead of getting Facebook to stop.
Really weird to see this posted on a site that uses Google Analytics. I performed a quick search and couldn't find a similar post from Mozilla complaining that people can't opt-out from Google Analytics. I guess the > $500M/year Mozilla gets from Google buys a bunch of selective outrage.
Dear Mozilla: stop sending to google a unique ID for my browser on first launch
edit: grammar
Genuinely worried, can you explain more? How does it work? HTTP headers i don't think as i check them for work often. I'm all ears, thanks.
This[0] thread should be enlightening. Also discussed here[1]
[0]: https://mobile.twitter.com/jonathansampson/status/1165858896...
[1]: https://news.ycombinator.com/item?id=20794937
I support this, but not enough to give my name and email to Mozilla to sign a petition. Am I being paranoid?
yes.
Yea. Mozilla is one of the very few good girls around, and your name connected to your email is probably in every public email dump already like everybody else's.
Edit: I changed my mind. Why is this page infected with google analytics?
Almost certainly, unless you trust Mozilla less than Twitter and LinkedIn, both of which you've trusted with your name and presumably email.
Mozilla seems to be one of the least un-trustworthy tech companies, at least in my opinion I'm honestly surprising to me that someone who's been in this scene so much longer than myself would ask this question about Mozilla.
Dear Mozilla stop including unblockable Google analytics in your browser.
Please explain what you mean.
https://news.ycombinator.com/item?id=14753546
> You might have seen a Facebook ‘like’ button on websites outside of Facebook.
Why not address this to webmasters?
Because it exists to raise awareness about FB's practices among the general public.
Why not raise awareness about webmaster practices among the general public?
Log on Google/Facebook/whatever in a private tab, surf in a normal window (with an adblocker): problem solved.
Alternative: log on in Chrome, surf with Firefox or the other way around.
It is quite possible to responsibly implement Facebook "like" buttons on your own pages without violating your users' privacy. I wish more people would do it. I suspect that including Facebook like Pages the way Facebook wants you to do it could be considered a gdpr violation, if it were interpreted that way perhaps people would actually fix it.
On the CII best practices badge site, we implement responsible links. As explained in our security assurance case, "We do have links to social media sites (e.g., from the home page), but we do this in a privacy-respecting manner. It would be easy to use techniques like embedding images from external (third party) social media sites, but we intentionally do not do that, because that would expose to an external unrelated site what our users are doing without their knowledge. We instead use the approach described in "Responsible Social Share Links" by Jonathan Suh (March 26, 2015), specifically using share URLs. In this approach, if a user does not press the link, the social media site never receives any information. Instead, a social media site only receives information when the user takes a direct action to request it (e.g., a click), and that site only receives information from the specific user who requested it."
Source: https://github.com/coreinfrastructure/best-practices-badge/b...
Suh's page: https://jonsuh.com/blog/social-share-links/#use-share-urls
I don't mind people sharing information on Facebook, as long as they choose to do so. If they chose to do it, that's fantastic. What bothers me is Facebook being able to track people without their consent.
It's been a while but I remember going out of the way to strip all the JS surrounding both Like and Share buttons for Facebook. It was trivial to implement at the time. I did it because I didn't like being tracked and didn't want to inflict that on the users either. However, I had to fight for it. PM wanted the share count & page like count to show up. That can't be done without FB JS code.
There's also the advertising trackers that track every aspect of your website's users. These are usually added as is and for a variety of reasons - measure conversion, tag a user as converted to not show them ads anymore, retargeting...etc. Good luck convincing your marketing team to not add any of these trackers.
I did not have that problem, but I'm sure others do. I think the long-term solution is to make it clear that that is a gdpr violation, there is no reason that an unrelated third-party should get that information. Once people start getting serious fines, the bad behavior is more likely to stop.