From the article: > According to our telemetry data, the notifications prompt is by far the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta in the month from Dec 25 2018 to Jan 24 2019. Not even 3% of these prompts got accepted by users.

The decision seems very clearly based on the collected data.

> May have been

That’s a huge assumption. I’m going with a smaller assumption that Mozilla wouldn’t publicly lie for no obvious gain.

Well, there is little proof that they decided something and then went looking for data unless you can find some statement by mozilla that supports your theory?

He's also failing to acknowledge that using telemetry in a constructive way does not preclude using that telemetry in a malicious way as well.

Firefox’s source code is open. So is Visual Studio Code. Could you please tell us what is collected that could possibly be used maliciously?

You can get started here - https://github.com/Microsoft/vscode-extension-telemetry and https://github.com/Microsoft/vscode

I didn't say that I believe it's being used maliciously. I pointed out that "Second, Mozilla seems to use telemetry data responsibly and well." is an assumption that can't be justified by observing publicized uses of the telemetry. It presumes that published uses of telemetry encompass all uses of telemetry.

I have no reason to look at Mozilla's source because their stated policy already admits they collect information that could be considered sensitive, under certain circumstances:

> Category 3 “Web activity data”: Information about user web browsing that could be considered sensitive. Examples include users’ specific web browsing history; general information about their web browsing history (such as TLDs or categories of webpages visited over time); and potentially certain types of interaction data about specific webpages visited.

> Pre-Release: May be eligible for default on data collection, provided there is an opt-out.

> Release: Default off. On a case-by-case basis collections may be eligible to be "default on" if mitigations are identified. Mitigations may include UX changes that make users aware of additional risk, technical mechanisms that remove the risk, or a risk assessment done of a case-by-case basis that determines the risk is limited.

So here we have mozilla admitting that their default-on telemetry in pre-release copies of Firefox may include browsing history. This is information that COULD be used improperly. That's not to say Mozilla is, but confirmation that they aren't would require independent audits of the organization and their security practices. Simply reviewing their press releases is not enough to conclude that they haven't misused sensitive information.

(Frankly I don't give a damn about VSCode, at all.)

I think the important point is that software developers prefer to enable telemetry silently, without even notifying the user, let alone asking for a permission. If they think that telemetry is so useful, why not ask the user about it?

Firefox does notify the user, along with a button to disable it.

I don't disagree with you but this is a discussion about Firefox, what does Visual Studio Code have to do with anything?

It's a discussion about opt-in telemetry (that I started). I pointed out VS Code as another example of an app that gets a lot of hate on HN for using opt-out telemetry.

> Firefox’s source code is open.

So is its telemetry data: https://telemetry.mozilla.org/