Yeah, as I said a truly libre and privacy friendly browser would not come
with a ton of antiprivacy nonsense and a user should not have to do such a
hard work to 'clean it up'.
Taking a look at outgoing connections is not enough to deem how
privacy-respectful a feature is. And that feature has advantages too. A
compromise has to be sought. What I am saying is: details matter.
Take Safe Browsing for example. The feature you manually disable after
copying pyllyukko's user.js. That feature aims to warn a user who is about
to access a page that is known for phishing or about to download known
malware. Let us agree it is a useful feature.
Now, you know Google is actually managing the lists of pages known for
phishing or of known malware. If you stop your investigation at that point,
you may believe that every URL that ends up in your address bar is sent to
Google along with your IP address. *That* would be a privacy nightmare not
worth the enhanced security... but SafeBrowsing, in Firefox, does not work
that way.
https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
explains how it works. And anybody can check whether it is true, thanks to
freedom 1. In the case of phishing:
Every 30 minutes, Firefox downloads, from a Safe Browsing server, a list of
4-byte hashes of URLs, which were deemed unsafe since the last update;
Whenever the user is about to visit a page, the hash of its URL (excluding
what is following a possible "?" in the URL) is compared with those in the
local lists (no outgoing connection here);
If it is not found, the page is displayed; otherwise the 4-byte hash is sent
to a Safe Browsing server which returns all unsafe URLs matching the hash
(there may be several: hashes suffer from collisions) and Firefox locally
checks whether one of them is the URL to be accessed (if so, the warning is
displayed; otherwise the page);
To enhance privacy, Firefox requests, from time to time, the URLs of random
hashes taken in the list.
So, through Safe Browsing, Google only knows:
every 30 minutes, that an IP address has a Web browser opened;
that the user may (or not: because Firefox adds noise) have visited a URL
whose hash was sent: it may be one of the unsafe pages having this hash or a
safe page with the same hash.
Not the privacy nightmare a naive implementation would yield. Safe
Browsing's protection against malware is more intrusive. To block malware,
even if it comes from unlisted pages, metadata about all binaries Firefox is
about to download are sent to a Safe Browsing server. The risk of installing
malware for GNU/Linux is probably not worth the privacy loss. That is why
Abrowser disables that part of Safe Browsing by default.
You see: a compromise is sought between security, privacy, performance and
ease of use (Firefox's preferences only propose a global switch to disable
Safe Browsing as a whole). The balance between those features (again:
security, privacy, performance, ease of use, ... are features/capabilities,
not freedoms) cannot suit every user. But it not "antiprivacy nonsense": for
most users, being warned that a page is phishing (maybe imitating the page of
your bank) is worth having Google know every 30 minutes that they have a Web
browser opened and having it possibly guess (with a rather small probability)
that they visited some specific pages.
Especially when Google has many more reliable ways to do profile users (i.e.,
I very much doubt Google uses Safe Browsing to so): the advertisement it
displays on most of the Web, the Google+ buttons, the Google fonts most of
the Web pages download from Google, Google Analytics, which dominates the
market, etc.
In Firefox's preferences, the check box "Allow Firefox to send technical and
interaction data to Mozilla" globally enables/disables Mozilla's telemetry.
heyjoe's bug, filed against the "telemetry" component, pretended the
opposite. He had not understood that the settings in about:config depend on
each other: if datareporting.healthreport.uploadEnabled (the setting that can
be set from the preferences) is false, no telemetry is sent, whatever the
values of other entries in about:config that stands for more specific tunings
of the telemetry component. That is why the bug was closed with the status
"WORKSFORME". Telemetry allows the developers to discover bugs and know how
the browser is used. They can then make it evolve the way the community
wants it to evolve. https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c4
says "[Mozilla] only collect[s] anonymous usage statistics like how often
Firefox crashes and how quickly the javascript garbage collector runs". It
continues:
But you don't have to trust us, you can check:
If you enjoy reading bugs, please browse "Toolkit::Telemetry" for bugs about
preferences and what they do. If you enjoy reading C++ and JavaScript, please
browse the source code to toolkit/components/telemetry/ and examine the
constraints we place on collection in TelemetryHistogram.cpp and the
constraints on sending in TelemetrySend.jsm. If you enjoy looking at graphs,
you can see the daily aggregated versions of the data we collect at
https://telemetry.mozilla.org
That is the beauty of freedom 1. I have not sought to understand how
telemetry works (like I did for Safe Browsing). If the collected are indeed
anonymous, the gains brought by telemetry can supersede its minor
anti-privacy side effects. Again: details matter. Looking at outgoing
connections is not enough.
