In a story published yesterday your humble Reg writer wrongly confused Mozilla's Telemetry project with the open-source outfit's so-called Metrics Data Ping proposal. Mozilla has been in touch to clear things up. The org's global privacy and policy boss Alex Fowler kindly explained the differences between the two systems to us …
Sorry, don't understand
"fewer than 30 non-personal data elements" - What on earth can you collect from my browser that numbers up to 30?
"introduce a UUID to enable longitudinal analysis" I've never heard being able to tie data to a particular user called that before.
How does any of this help to improve Firefiox features or performance?
It's just the old "vertical"/"horizontal" knowledge term.
You've got lots of stacks of data (vertical), which if fully anonymised don't allow you to cross-reference people's (for instance) average tab count to their daily crash total. Adding a UUID (but not necessarily being less anonymous) allows them to add that horizontal connection.
True, it's nasty marketing talk, but I can see why they'd be interested in considering it.
As long as Fx users are able to see what is potentially sent about them, it seems harmless. Although, I personally always opt out of "anonymised usage collection" schemes.
So they will tell the users...
And the bulk of users will hear "Argle flargle argle flargle, we will fleen your ogglefloggle" and click OK. Convenient for Mozilla, that.
How can they possibly make this "opt-out"?
If it were opt-in, I would consider using it.
If they make it opt-out, I will patch that code out and build my own non-spyware variant.
 I already rebuild my browser for other reasons. Somehow, I don't think I'll be the only one to want a patch to remove this code.
Is it just me, or are more and more "mainstream" companies adopting the old spammer model -- opt-out -- for their tracking and data collection schemes?
It's worth reading Mozilla's reasoning. They really are, by a gigantic shot, the least evil browser vendor. The other two just ain't in it.
The problem with opt-in is the opposite of the problem with opt-out. The problem with opt-out, from the tin foil hatter's point of view, is that most people don't bother opting out (see the argly flargly comment above). The problem with opt-in, from the vendor's point of view, is that almost no-one bothers opting in. More particularly, only a certain *type* of user is likely to opt in - someone who cares enough to read the pop up, understand it, *and* not be tin foil hat-y enough not to mind opting in. So by requiring opt-in, you've introduced a very strong selection bias into the results, which consequently become a lot less useful.
call me tinfoil-hatty if you want...
But I've had personal experience with opt-out, way back in the day, when I was naive enough to click a "remove" link in a spam email once -- just once. Man, did I ever learn my lesson, but quick.
Data mining and user-tracking outfits -- like their bottom-feeding spammer bretheren -- insist on the opt-out model because they know that if properly-informed 'Net users with two brain cells to rub together were given the choice to opt in, their business models would be pretty much stillborn. This is why you hear so much pissing and moaning from those companies -- and their bottom-feeding spammer bretheren -- when legions of users get fed up and raise hell, and insist that they be given the choice to opt in, because when asked, nobody in their right mind is going to answer "Yes, I'd like for all my available bandwidth to be overrun with marketing sludge and to be tracked and harassed everywhere I go on the Web".
Clicking on a link in an email you know you don't know who it came from
falls under the category of asshattery, not the tinfoil brigade.
There are legitimate reasons to collect data from users that don't involve spam or marketing. That doesn't mean spam and marketing aren't the majority of them. On the rare occasion when a valid one arises you need to evaluate it. If you think you'll benefit in the long run, you do it. I did many, many moons ago when the house I was living in was selected to be an actual Neilson ratings house.
Mozilla, POUND SAND
I'll be lobbying my company to remove and ban Firefox from all our systems.
Only 25% to go and we'll be Mozilla free.
What else are you going to use?
What's your alternative? Browsers from Google and Microsoft, who have much stronger privacy protections and much more open debate about potentially controversial changes to their browser? Excuse me, I must rush to the hospital - I just laughed my sides off.
Telemetry is funstuff
Saw the talk about it at Fosdem last weekend. Several nice graphs that quickly showed how vital this was for the project. They compared it to their own testserver results and the conclusion was (clearly) that the Telemetry data was much better.
Only one right opti(o)n
Given the potential for abuse or at least unforeseen consequences, such data gathering should be subject to informed user consent. Opt-out is not that, since you can be sure most users would not even think to look for the opt-out. It must be opt-in.
The justification for opt-out seems to be that opt-in would lead to self-selection and skewed statistics. What about the impact to the stats of a significant number of clued-in users abandoning firefox because of the method used to gather the statistics (and the subsequent loss of all those that they might have converted from IE)? That skews the statistics somewhat.
All that aside, I'm very impressed with the openness of the debate and the info provided on the mozilla site.
For those interested in what the (current) Performance Date collects, just install this:
Seems to me like pretty boring data...but I guess useful for the moz guys
We track to keep your privacy????
ANY tracking, takes away some kind of privacy.
Tracking location, takes away much more than just what you think...
No matter what 'they think'... it give someone else a way to either track you, or find out where you have been.
Especially in this day and age, with governments being catered to by supporters in corporate entities, the warning alarms should be ringing off the wall.
I did note, finding where I can turn it off is not just where you might think...
For anyone interested, you can find a list of stuff the proposed tracking would actually track here:
it's mostly fairly dull stuff, although I suspect the data on your system hardware and Firefox settings would be enough to identify someone fairly strongly, given the research that's been done on browser ID strings.
As far as location goes, it specifies "Geo Location - country + region, from server end. -to be done on the server" - note 'country and region', so this is your typical 'derive an approximate location from IP address' geolocation thing (commonly done by web server admins on their server logs too), it's not going to use your precise position, by the looks of things. That would be a lot more worrying indeed.