Mozilla does not respect user requests to stop tracking telemetry data

A Firefox system add-on called telemetry-coverage may still be sending your IP address data to Mozilla even if you explicitly turn off telemetry data – which has privacy implications most people aren’t aware of as Mozilla stores telemetry data with a unique identifier tied to your specific Firefox client. All Firefox clients come with preinstalled system add-ons that function just like add-ons that a user would install themselves from the Add-ons store, except they’re there by default. A Mozilla employee commented on the SuperUser forum attempting to defend this action:

“It is true that we’re now releasing some features internally as something we call “System Extension”, which technically is the same as an addon you could install on addons.mozilla.org, with the difference that these come pre-installed with Firefox and there is no way to disable them. We mainly do this to be able to ship updates faster, but it’s also nice that we have some features totally separated, which makes the development process easier for us!”

Since 2018, Firefox has come up with a way to use a system add-on called telemetry-coverage to estimate the “unknown portion of our users [that] do not report telemetry for a variety of reasons.” Mozilla claimed that there are two types of Firefox configurations that end up with telemetry disabled: some enterprise installations, and when a user manually goes in and disables telemetry. Mozilla stated in their blog post announcing their new way of measuring their telemetry coverage:

“We believe the large majority of clients do send telemetry but currently have no way of measuring this.”

Mozilla doesn’t need telemetry-coverage to understand their telemetry coverage – so why is it installed?

Why does Firefox even need to know what percentage of Windows users or Mac users or Linux users prefer telemetry off? As an explanation, Mozilla claims that “we need better insight into our opt-out rates for telemetry” to “ensure new features improve your user experience and to guide Mozilla’s business decisions.”

This reasoning flies in the face of logic. By default, Mozilla is able to measure the amount of people that manually go in and disable telemetry. Sure they may not be able to tell how many Firefox clients are being fired up by corporate entities and those clients won’t be able to have a say in what features come and go – but that’s clearly a tradeoff those enterprise users and especially the ones who manually turn off telemetry are willing to make.

The telemetry data provided by those that don’t care they are providing telemetry data or don’t know they’re providing telemetry data is more than enough data for Mozilla to gauge if new features improve the user experience. They already have the data to see if new updates and features increase bug reports – so the real reason isn’t that. The real reason Mozilla is so keen on having telemetry data that they run a study and install an unremovable add-on for those that have disabled telemetry the way they’re allowed to must be the latter reason: to guide Mozilla’s business decisions.

It’s entirely possible and dare I say likely that the business decision here is to try and get that telemetry data because the government often wants that telemetry data and will try to make Mozilla’s business very hard unless they work to provide it.

Didn’t I opt out of Firefox studies when turning off telemetry?

When turning off telemetry in Firefox’s privacy preferences (about:preferences#privacy) you need to uncheck the following three boxes:

• Allow Firefox to send technical and interaction data to Mozilla
• Allow Firefox to make personalized extension recommendations
• Allow Firefox to install and run studies

So even though a telemetry-disabling user explicitly tells Mozilla that they don’t want to “Allow Firefox to install and run studies,” Mozilla goes ahead and runs a study on telemetry coverage using their system add-on.

Mozilla intends to add a Unique User Identifier (UUID) to this telemetry data the users explicitly opted out of

While their blogpost announcing this system add-on did emphasize that it doesn’t send a client identifier, the bugtracker reveals Mozilla’s true intentions. If Mozilla was serious about running this study as a study and not as a nefarious way to siphon more identifiable information from users, they’d make sure that there would never be a UUID for this telemetry data that is sent after the user opts out of sending telemetry data. Fittingly, acomment by a Mozilla dev reads:

“After discussion we decided not to do a UUID, as this is one-shot and no retry mechanism etc.”

However, the immediate followup comment is:

“(To clarify we’d like to add this in the future but we wanted to simplify this to get it going a little sooner)”

Also, each telemetry-coverage “check” does contain an identifier in the form of a Document ID. Since each ping obviously includes the IP address of the ping originator – that’s still way more information than someone who has opted out of telemetry is comfortable with sharing with Mozilla.

The information isn’t just shared with Mozilla, BTW, it’s also shared with Amazon

Mozilla runs their telemetry-coverage study using Amazon Web Services (AWS). Those servers are guaranteed to be logging everything in case the government ever comes knocking (“good business decisions,” remember?) and now Amazon knows if your IP address is one of those IP addresses that prefers telemetry off. As Julien Voisin wrote a year and a half ago in a post titled: “Mozilla is still screwing around with privacy in Firefox,” when telemetry-coverage was released:

“No, I don’t want to leak details about my Linux distribution, nor at what time I’m using my browser, not my kernel version, nor my IP address to you, just because I’m using your browser. But when I say you, it actually includes other parties, like Amazon.”

The good news is that it is possible to turn off telemetry-coverage if you are one of the lucky 1% selected to have it installed. To do so, you need to manually create a preference to opt out of Firefox telemetry antics a second time. Information on how to do so isn’t so forthcoming, either. It’s buried in the bugtracker for the telemetry-coverage system add-on but has been tested as working by Mozilla’s devs:

“The only other thing to test here is that this extension has a special boolean opt-out pref: “toolkit.telemetry.coverage.opt-out”. This pref does not exist by default and must be created, if set to true then the extension should not send a payload as above for users in the 1% sample (such as the Telemetry client ID above will be)”

The bad news is that Firefox is a privacy nightmare despite all the posturing to the otherwise. It’s honestly incredibly similar to Apple pretending to be a privacy champion in the Western world while kowtowing to Communist China’s censorship demands in the Eastern world.

Featured image by Julien Voisin shared via CC By S.A. License 4.0