I was looking at the Firefox source in firefox-135.0-1.fc40.src.rpm and noticed that the file “firefox-mozconfig” contains:
export MOZ_TELEMETRY_REPORTING=1
Why would Fedora explicitly enable third-party telemetry reporting to upstream servers (which are not controlled by Fedora) when building Mozilla Firefox? This sure seems like a bad choice for user privacy.
Thanks,
Doug
Yes but this should not be needed.
As a downstream we can do whatever we want and if that protects user privacy, I am all in for it.
Not as if Firefox would provide an RPM repo for us that we relied on
It is not that easy to find all the available build parameters.
I wonder if Telemitry is something needed for Firefox to be allowed to publish with official branding.
export MOZILLA_OFFICIAL=1
ac_add_options --enable-official-branding
Otherwise we would have the Debian+Iceweasel thing again, which I found odd in the past, but I think with good transparency it could be totally worth it.
I would like to contribute to make Fedora Firefox more private. We actually already added --enable-replace-malloc so it can be used with hardened_malloc.
Btw is this already used?
ac_add_options --enable-hardening
It is opt-out, and has been built that way forever. Mozilla’s TOS argument is not enough for me to change it. Whoever wants to, can opt out or simply use another browser.
Firefox uses Divvi Up which is gold standard for privacy-respecting telemetry. It’s not technically possible for Mozilla to deanonymize the data unless it were to collude with the Internet Security Research Group.
There’s a big cost to turning off telemetry by default: that will reduce the number of Linux users that Mozilla sees and could result in Linux being deprioritized relative to other operating systems.
Couldn’t Fedora proxy the Firefox (or any apps) telemetry to go to Fedora first, get “anonymized” to distro-user expectations, then be passed to Mozilla? They’ll still get the Linux metric.
I’m kind of getting the impression that this won’t be changed because of effort. Yeah users can change it, but is Fedora fine with it at default? People already have questions about Fedora’s OS-side telemetry F42, but apps included on the OS by-default can send whatever outside of that?
Debian’s the only OS taking this halfway seriously as far as I can see. There’s only so much spin possible behind removing a plaintext promise to not sell user data as a privacy-respecting browser 
The Divvi Up telemetry page says that it used two non-colluding servers to keep the data anonymous, but I only see a single single server, “incoming.telemetry.mozilla.org” in the Firefox source. @catanzaro Can you please point out the second server hostname at ISRG and the location of the anonymization code in the Firefox source? It’s a really big code base.
Oh, never mind, I found it, just had to grep a little harder. So in modules/libpref/init/all.js we see the URLs:
Unfortunately, I also see “toolkit.telemetry.dap_enabled” set to false. DAP is Distributed Aggregation Protocol and is documented here: GitHub - ietf-wg-ppm/draft-ietf-ppm-dap: This document describes the Distributed Aggregation Protocol (DAP) being developed by the PPM working group at IETF.
Does this mean that the Divvi Up client-side telemetry anonymization is disabled in current Fedora builds of Firefox?
Hm, I would guess yes. I didn’t realize it was not yet enabled, sorry. 
I found this old blog post indicating that it’s “in the works,” but I don’t see any announcement that it has actually shipped, so I guess I just assumed wrong.
I agree, at least in the short term. Mozilla is having a moment and having to deal with a real market threat. I think we need to see what Mozilla continues to do in response to community feedback. Of course the Fedora community has values that need to be taken into account, but we shouldn’t be making quick decisions on what has been the default browser for most of Linux history.
In the short term I think we need to just match upstream and continue to observe and give feedback to Mozilla.
I agree with you, but would add the side of the argument that actions like these are needed to build “pressure”.
They REALLY need to stop doing whatever sneaky stuff they always did and instead implement some real changes, instead of making their product worse
good point. I propose to focus on other aspects instead, like normandy, and not on the telemitry.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928433
these prefs seem to disable normandy
app.shield.optoutstudies.enabled false?
app.normandy.enabled false
the first one is a bit confusing but seems to override the second one
According to Mozilla’s documentation, it looks like these options will become more granular, with an option that controls “Send daily usage ping to Mozilla”, separate from "Allow Firefox to send technical interaction data to Mozilla. (Below image from: Manage daily usage ping data collection settings in Firefox | Mozilla Support)
As others have said, without the “daily ping” Fedora users will be invisible to Mozilla, which could have downsides. So personally, I would want to enable the “daily ping” while disabling the “technical and interaction data” if the latter is going to be used (even in anonymized “privacy-preserving” fashion) for advertising.
Do we know whether MOZ_TELEMETRY_REPORTING=1 will control the “daily ping”, or the “technical and interaction data”, or both?
