Firefox maker Mozilla deleted a promise to never sell its users’ personal data and is trying to assure worried users that its approach to privacy hasn’t fundamentally changed. Until recently, a Firefox FAQ promised that the browser maker never has and never will sell its users’ personal data. An archived version from January 30 says:
Does Firefox sell your personal data?
Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise.
That promise is removed from the current version. There’s also a notable change in a data privacy FAQ that used to say, “Mozilla doesn’t sell data about you, and we don’t buy data about you.”
The data privacy FAQ now explains that Mozilla is no longer making blanket promises about not selling data because some legal jurisdictions define “sale” in a very broad way:
Mozilla doesn’t sell data about you (in the way that most people think about “selling data”), and we don’t buy data about you. Since we strive for transparency, and the LEGAL definition of “sale of data” is extremely broad in some places, we’ve had to step back from making the definitive statements you know and love. We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).
Mozilla didn’t say which legal jurisdictions have these broad definitions.
Users complain: “Not acceptable”
Users criticized Mozilla in discussions on GitHub and Reddit. One area of concern is over new terms of use that say, “When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.”
Mozilla also took heat from users after a Mozilla employee solicited feedback in a connect.mozilla.org discussion forum. “This isn’t a question of messaging or clarifying,” one person wrote. “You cannot ask your users to give you these broad rights to their data. This agreement, as currently written, is not acceptable.”
Mozilla announced the new terms of use and an updated privacy policy in a blog post on Wednesday. After seeing criticism, Mozilla added a clarification that said the company needs “a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.”
One of the uses described in the privacy notice has to do with users’ location data. Mozilla says it takes steps to anonymize the data and that users can turn the functionality off entirely:
Mozilla may also receive location-related keywords from your search (such as when you search for “Boston”) and share this with our partners to provide recommended and sponsored content. Where this occurs, Mozilla cannot associate the keyword search with an individual user once the search suggestion has been served and partners are never able to associate search suggestions with an individual user. You can remove this functionality at any time by turning off Sponsored Suggestions—more information on how to do this is available in the relevant Firefox Support page.
Some users were not convinced by Mozilla’s statements about needing a license to use data to provide basic functionality. “That’s a load of crap and you know it. ‘Basic functionality’ is to download and render webpages,” one person wrote in response to Mozilla’s request for feedback.
We asked Mozilla today for more information on changes to its privacy policy and use of personal data and will update this article if we get a response.