This extension is listed under about:debugging.. the same place where you'll see other features like Pocket, Form Autofill, and Firefox Screenshots.
It's a new Firefox feature. It's not alarming, and it's not Firefox installing things without your permission.
Complaining about this is literally complaining that the new version you just installed has a new feature. If a new version didn't change anything, they wouldn't need a new version.
> Complaining about this is literally complaining that the new version you just installed has a new feature.
A hundred times this.
The article is misleading click-bait taking advantage of people's historical aversion towards drive-by downloads of malicious add-ons. Mozilla could have just as easily implemented this directly in the browser and this article probably wouldn't have been written, or if it was, it would have at least focused on the legitimate question about telemetry.
There is a legitimate debate worth having here, but basing the complaint on the good code hygiene practiced by Mozilla developers is silly.
Meanwhile, every web page you visit leaks the fact of your existence a hundred different ways and 99% of us don't care much.
That post isn't explicitly about a Firefox Monitor extension, and I could only find this rollout to US users mentioned on 3rd party websites. Those posts include BugZilla links, but they're restricted.
I can easily disable Pocket, Autofill, and Screenshots in about:config, and Firefox support explains that. With this extension, I'm missing a "extensions.fxmonitor.enabled" option.
I understand it's good to build in optional security features like this, but I don't see how it's acceptable to not notify users or provide an opt-out.
They are missing the about:config setting.. but it's early. Might be a bug, or maybe its not being used(?)
Eventually it'll display a popup in the UI that will notify you if the website you're on has been breached. I think we can all agree that would be useful.
So reading that ghacks article, it goes live to all EN-US users on the 25th Sept (my browser already has it), but we can't switch it off yet via: about:config?filter=extensions.fxmonitor.enabled
Pretty poor to roll it out without the option of disabling it, especially as I also ticked no tracking.
Sure, it's a useful feature, but my password manager (1Password) already does it. I'm OK with testing out this extension regardless, but wouldn't be if I wanted to limit my data use like the post's author.
Not taking sides on this, but this is what Mozilla has to say about this. About "hidden addons" [1]:
> It is true that we're now releasing some features internally as something we call "System Extension", which technically is the same as an addon you could install on addons.mozilla.org, with the difference that these come pre-installed with Firefox and there is no way to disable them. We mainly do this to be able to ship updates faster, but it's also nice that we have some features totally separated, which makes the development process easier for us!
And about these particular addons [2]:
> we will measure Telemetry Coverage, which is the percentage of all Firefox users who report telemetry. The Telemetry Coverage measurement will sample a portion of all Firefox clients and report whether telemetry is enabled. This measurement will not include a client identifier and will not be associated with our standard telemetry.
>we will measure Telemetry Coverage, which is the percentage of all Firefox users who report telemetry. The Telemetry Coverage measurement will sample a portion of all Firefox clients and report whether telemetry is enabled. This measurement will not include a client identifier and will not be associated with our standard telemetry.
It's just a matter of time until some developer poses the question:
"Are people who opt out of telemetry more likely to use Linux? Or live in Europe? Or have NVidia GPUs? Or... "
and gosh darn everyone else at Mozilla begins to wonder the same thing, and the best way to answer that question is to include it in your "totally not telemetry" telemetry reports, and then we're back to Square One.
> This measurement will not include a client identifier
That cannot be correct unless they have figured out a way to transfer the user's data without using IP. The Source Address and other fields in the IP header can easily be enough to fingerprint the user[1]. Mozilla may not be storing the data in the current version, but they are still collecting a de fact client identifier.
(it wouldn't surprise me if the data is submitted over HTTPS, which might include headers with additional bits fingerprintable entropy)
> and will not be associated with our standard telemetry
Just because they are not currently intending to correlate the databases doesn't prevent them (or others) from doing so in the future. This kind of claim isn't worth much without a Ulysses Contract[2][3] binding their future actions.
Mozilla's answer is clearly some PR attempt again. Anyone with basic technical understanding knows that any form of communication includes ways ot identifying and tracking.
The dishonesty of silently installing telemetry to monitor people who disable telemetry is a telltale sign of this attitude.
Once again it is weakening the leftover trust in mozilla and pushes long time supporter away to alternatives such as waterfox. It raises the question again of mozilla " making far-reaching and very short-sighted decisions in a vacuum." taking control away from users, not respecting privacy and user choice.
Yeah, this is absurd. If I am opted out of telemetry, that means don't send any fucking telemetry. That includes the fact that I opted out of telemetry.
If you aren't going to let me opt out of telemetry, don't give me the option. It's clear Mozilla is absolutely desperate to get 'telemetry' data to justify the continued Mickey Mousing of Firefox and I will happily cast aspersions from here about how I'm sure they'll say "well only 2% of users don't send telemetry, so whatever data we get from it lets us drive all our development".
Edited to add: From the bug, you can go into about:config and add a New>Boolean pref "toolkit.telemetry.coverage.opt-out" and set it to true to opt out of this totally-not-telemetry telemetry.
Eh, they snuck in a hidden extension to specifically send telemetry for people who don't want to send telemetry, and expressed publicly that that was the intent behind the extension.
I'm not really assuming much malice there. I am assuming malice in how they'll use the data, but given their past track record of removing features based on telemetry data, I don't think I'm making too big a leap.
But if they embedded the feature into the core rather than into an extension, that would have been okay? Seriously, you're complaining about an implementation detail.
You mistaken, the issue is not about extension or core, the issue is that they specifically added code to track and monitor people who expressedly choose not to be tracked or monitored by mozilla.
telemetry used to be opt in, it's been changed to opt out. And now those who have opted out have their own special telemetry that cannot be disabled.
Unless you never use your web browser to visit any website ever, I just don't see what the issue is here. The information they're gathering is outrageously trivial and thoroughly anonymised.
This whole discussion shows an absurd lack of perspective by some people, particularly in the light of what Chrome does... or what Android does... or what LITERALLY EVERY SINGLE TCP CONNECTION TO LITERALLY ANYTHING ELSE ON THE INTERNET does...
Hardly anyone sets out to do something malicious. They do something that they didn't think anyone would object to. Even if it's the same class of thing that they've been slapped for in the past, this time is different.
The effect of malice is frequently separate from the intent of malice.
How could they possibly believe that people would not object to ? there's a long list of people objecting to telemetry when it is raised as a justification for poor choices imposed by mozilla such as dropping alsa and forcing pulseaudio on linux user.
This is one reason why GNU is so important. Some people might think they're zealots about free software, but if you have to trust someone with your software, wouldn't you rather trust someone who has built their reputation on respecting privacy and freedom? It goes beyond the debate about software licensing.
I have also opted out of data collection for firefox, but the mentioned extensions in the article can not be found for me.
I can, however, find one under the telemetry heading called "follow on search".
EDIT: I'm using Firefox quantum 60.2.0esr.
Just because the add-on is installed does not make it active though, I can't see it as being active (or I can not find an option to enable / disable it anyway)
Firefox doesn't do this. Third party software on your system (look at downlaoders, anti-virus apps, etc.) is doing this to Firefox. Firefox's search default is Google and if it's changed by you you'll know it and if it's changed by an extension you installed it'll say so in the Search preferences. I may be able to tell you which piece of malware on your system did this to Firefox if you'll do a search for something and paste the address here so I can look at the search address parameters.
Firefox did change default search engine to yahoo at some point, IIRC it was around the time yahoo was trying to sell itself at the best possible price.
I remember having to go through a dozen clients to fix their custom settings for search engines that had been switched to yahoo and eventually migrating some of them from firefox to waterfox.
Did you originally install Firefox through a Yahoo ad? Yahoo used to run ads for Firefox keywords to get you to download their version of the browser. The ads looked like search results, so it was easy to visit the wrong download page.
I don't know, but I haven't seen the search change to Yahoo on my computer, except when I briefly tried Linux Mint many years ago. Mint had set Firefox and Chromium to Yahoo and made it extremely difficult to remove. It was both browsers, so I'm assuming that it was Mint that did it and not Mozilla.
Me? I'm not having trouble with Firefox. The Yahoo problem with Linux Mint was many years ago. My search engines in Firefox haven't switched on me since I uninstalled Mint.
Web is already an exploitative platform. Mozilla's just trying to keep their end up.
Most of the good stuff is libre anyway. Self-host a Wikipedia mirror and some python docs, use lynx, and let Google/Mozilla/Yahoo/et.al. put that in their pipes and smoke it.
https://blog.mozilla.org/futurereleases/2018/06/25/testing-f...
This extension is listed under about:debugging.. the same place where you'll see other features like Pocket, Form Autofill, and Firefox Screenshots.
It's a new Firefox feature. It's not alarming, and it's not Firefox installing things without your permission.
Complaining about this is literally complaining that the new version you just installed has a new feature. If a new version didn't change anything, they wouldn't need a new version.