Hacker News new | past | comments | ask | show | jobs | submit login

Firefox’s source code is open. So is Visual Studio Code. Could you please tell us what is collected that could possibly be used maliciously?

You can get started here - https://github.com/Microsoft/vscode-extension-telemetry and https://github.com/Microsoft/vscode




I didn't say that I believe it's being used maliciously. I pointed out that "Second, Mozilla seems to use telemetry data responsibly and well." is an assumption that can't be justified by observing publicized uses of the telemetry. It presumes that published uses of telemetry encompass all uses of telemetry.

I have no reason to look at Mozilla's source because their stated policy already admits they collect information that could be considered sensitive, under certain circumstances:

> Category 3 “Web activity data”: Information about user web browsing that could be considered sensitive. Examples include users’ specific web browsing history; general information about their web browsing history (such as TLDs or categories of webpages visited over time); and potentially certain types of interaction data about specific webpages visited.

> Pre-Release: May be eligible for default on data collection, provided there is an opt-out.

> Release: Default off. On a case-by-case basis collections may be eligible to be "default on" if mitigations are identified. Mitigations may include UX changes that make users aware of additional risk, technical mechanisms that remove the risk, or a risk assessment done of a case-by-case basis that determines the risk is limited.

So here we have mozilla admitting that their default-on telemetry in pre-release copies of Firefox may include browsing history. This is information that COULD be used improperly. That's not to say Mozilla is, but confirmation that they aren't would require independent audits of the organization and their security practices. Simply reviewing their press releases is not enough to conclude that they haven't misused sensitive information.

(Frankly I don't give a damn about VSCode, at all.)


I think the important point is that software developers prefer to enable telemetry silently, without even notifying the user, let alone asking for a permission. If they think that telemetry is so useful, why not ask the user about it?


Firefox does notify the user, along with a button to disable it.


I don't disagree with you but this is a discussion about Firefox, what does Visual Studio Code have to do with anything?


It's a discussion about opt-in telemetry (that I started). I pointed out VS Code as another example of an app that gets a lot of hate on HN for using opt-out telemetry.


> Firefox’s source code is open.

So is its telemetry data: https://telemetry.mozilla.org/




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: