Full context, from the link you provided: ""Mozilla doesn’t sell data about you (in the way that most people think about “selling data“), and we don’t buy data about you. Since we strive for transparency, and the LEGAL definition of “sale of data“ is extremely broad in some places, we’ve had to step back from making the definitive statements you know and love."
I don't think that's an unreasonable stance, and they're still explicitly saying "We are as close to not selling data as it is legally possible to be". This is reiterated in the linked Privacy FAQ on their official site: https://www.mozilla.org/en-US/privacy/faq/
I would expect that the default search engine deals that Firefox mostly relies on for financing could be interpreted as such.
Mozilla gets money, and as a result of the deal, the searches (data) of anyone who didn't change the default go to the company running the default search engine.
>What "sale of data" falls under a legal definition but would be understood by everyone to not be selling data? An example?
I assume probably data that's anonymized (in some sense) and/or aggregated (in some sense). But there's so much grey area there that it's a lot less reassuring than a straight up blanket statement that they used to be able to make.
The real problem is that they are collecting too much data in the first place. Really, the company making the browser should receive no data at all - even auto-update servers can be handled by other non-profit organizations like universities.
> Mozilla doesn’t sell data about you (in the way that most people think about “selling data“), and we don’t buy data about you. Since we strive for transparency, and the LEGAL definition of “sale of data“ is extremely broad in some places, we’ve had to step back from making the definitive statements you know and love. We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP)."
How is sharing data with partners in order to make Firefox commercially viable (i.e. getting money in exchange) not "selling data"? Anonymized or aggregated data is still data, and it's quite disingenuous of them to try to weasel it in by changing the definition.
> We are as close to not selling data as it is legally possible to be.
Normally when you say "as close to X as legally possible", that means you want to do X fully, but you can't because the law forbids you to. X in this case is "not selling data". But "not selling data" is not illegal at all. What are they even trying to say here?
(Also I don't find that sentence on their FAQ page)
I think the key is the "about you" part, not the "selling data" part. Based on the rest of the statement, your personal information (name, age, ___location, personal files (uploads/downloads), that kind of data) isn't shared, which is what most people would think of when they hear "your data". It sounds like the information they do share may be associated with you, but isn't about you in the colloquial sense - even if it is about you in the legal sense.
>I think the key is the "about you" part, not the "selling data" part
They're certainly attempting to articulate that as a conceptual distinction, but I don't think that division is as real as would be implied by trying to separate the one thing into two different words. Aggregated data is "about you" too, in many of the senses that matter in the context of privacy, and I would reject attempts at conceptualizing this into two things to imply otherwise.
I agree that this is a huge breath of fresh air because you are (1) actually reading what Mozilla said and (2) making sober nuanced distinctions absent from most criticisms.
But that said, these reassurances run into a "who ordered that" problem. No advocate for privacy was ever advocating on behalf of anonymized data any more than personally identifying data. Anonymous averaging over interests of groups still involves privacy compromises; and metrics, fingerprints and learning algorithms can mix and match that in ways that still cross the line. Abstracted profiling still works, and digs deeper than you might suspect (I recall the netflix data that could predict interests across different categories, like people watching House of Cards also liking It's Always Sunny in Philadelphia). Preferences can hang together in a measurable way, which is exactly why ad companies want them.
It's also just part of the long slow, death by one thousand cuts transformation into a company that doesn't have categorical commitments to privacy.
> How is sharing data with partners in order to make Firefox commercially viable (i.e. getting money in exchange) not "selling data"? Anonymized or aggregated data is still data, and it's quite disingenuous of them to try to weasel it in by changing the definition.
This situation isn't perfect, but I disagree that this is particularly weasely or disingenuous. It's not black & white and there are meaningful differences here.
I think the assumption of 'selling data' and primary concern from most users is the sale of their identifiable personal data - i.e. telling advertisers "this user is interested in X", using their privileged position as a browser to track and collect that information. This is absolutely what Facebook is doing when they sell your data, for example.
The description here is suggesting that Firefox are still committed to never doing that or anything similar. That is the main thing I'd want to know, so that's great.
However, it sounds like they may be selling generic anonymous data in some way - for example telling Pocket what percentage of people use the Pocket extension, or telling Google what percentage of people change their search engine away from Google. Both of those are cases where you can imagine they might receive significant extra income from partners given that data, and they feel this is reasonable but means they can technically no longer say the 'never sell your data'.
You could consider that level of data sharing problematic of course. That said, there is spectrum of problems here, and personally (and I think for most people) I am much more concerned about the tracking & distribution of actual personal identifiable data than I am about generic metrics like those, if that is what's happening (unfortunately, they haven't explained much further so this is still somewhat speculation - I fully agree more precise language would be very helpful).
>The description here is suggesting that Firefox are still committed to never doing that or anything similar.
This runs into what I'm calling the "who ordered that" problem, because this represents a retreat from a stronger commitment to privacy, and is not a conception of privacy that anyone was asking for, or that satisfies anyone who is concerned about privacy.
I don't want my interest in sci-fi to be made to conflict with my preference from buying locally, and influence campaigns urging me buy books through Preferred LArge Retailer and pushing me toward that clash are a problem whether the data powering them is personal or fed into an abstracted anonymized group.
And depersonalized profiling that "knows" I can be sorted into a specific "type of guy" bucket may involve learning things about me that I don't want to be inputs into marketing. They can still, for instance, make inroads into judgements about things like self esteem (e.g. colognes and beauty products), financial precarity, and can work to socialize groups into consumerist self-conceptions. They probably can be used to make inroads into classic forms of privacy violations like "looking to buy a home" or "trying to get pregnant" or other such aspects of identity that I don't want marketing to touch.
The problem is that ‘anonymized data’ is quite a big spectrum, and may be able to be deanonymized quite easily.
See this submission from earlier this month: Everyone knows your ___location: tracking myself down through in-app ads (26 days ago, 1957 points) – https://news.ycombinator.com/item?id=42909921
> I don't think that's an unreasonable stance, and they're still explicitly saying "We are as close to not selling data as it is legally possible to be". This is reiterated in the linked Privacy FAQ on their official site: https://www.mozilla.org/en-US/privacy/faq/
It's actually super simple and needs no obfuscation or verbal esoterica. Don't engage in a contract where data Firefox has collected from users is transferred to a third party.
Done. Easy as.
The sister comment on search engine data transfer is FUD -- the browser can of course send queries to a default search engine without needing to pipe any information to Firefox. Firefox would need no usage monitoring whatsoever, just do a firm fixed price contract and the details are settled.
I don't think that's an unreasonable stance, and they're still explicitly saying "We are as close to not selling data as it is legally possible to be". This is reiterated in the linked Privacy FAQ on their official site: https://www.mozilla.org/en-US/privacy/faq/