Ryan BaumannSep 12, 2024

Mozilla, reading the room extremely well, seemingly just recently flipped the switch to enable-by-default sponsored weather results from AccuWeather in every new Firefox tab you open. Clicking "Learn more" takes you here, with zero information on if your location is sent to AccuWeather every time you open a new tab: https://support.mozilla.org/en-US/kb/customize-items-on-firefox-new-tab-page

Probably only noticed because I normally have a blank new tab page but this showed up after updating Firefox!

Customize items on your Firefox New Tab page | Firefox Help

Learn how to customize different items on your Firefox New Tab page.

Show threadRyan Baumann
Furthermore, would "hiding weather on new tab" actually stop this feature from still regularly sending my location to AccuWeather? Great question! I have no idea
Sep 12, 2024 at 3:22pmWeb
Show threadRyan BaumannSep 12, 2024
After checking about:config, "Hide weather on New Tab" sets the config value "browser.newtabpage.activity-stream.feeds.showWeather" to "false", but leaves "browser.newtabpage.activity-stream.feeds.weatherfeed" as the default of "true". So, my suspicion was correct, #Firefox is still sending your location off every 30 minutes to get the weather in the background by default even if you disable this new widget: https://searchfox.org/mozilla-central/source/browser/components/newtab/lib/WeatherFeed.sys.mjs #infosec #privacy
WeatherFeed.sys.mjs - mozsearch

Show threadRyan BaumannSep 12, 2024
I think "constantly broadcast my location to a 3rd party by default and don't tell me about it or what's happening with that data and then keep doing it when I think I've disabled it" is pretty obviously a terrible privacy default
Show threadAnna DorofeevaSep 12, 2024
@ryanfb Yeesh. I've been using Firefox precisely because it was a decent and non-invasive browser - don't even know where to go now that they've started doing this kind of thing.
Show threadRyan BaumannSep 12, 2024
@litteracarolina I'd be looking more at switching back to Safari, but I also love being able to use Firefox tab containerization for browsing privacy…
Show threadundead enby of the apocalypseSep 13, 2024
@ryanfb @litteracarolina how about librewolf? It’s a privacy focused Firefox fork, basically Firefox without the bullshit and with good defaults
Show threadundead enby of the apocalypseSep 13, 2024
@ryanfb @litteracarolina how about librewolf? It’s a privacy focused Firefox fork, basically Firefox without the bullshit and with good defaults
Show threadDraken BlackKnightSep 13, 2024
@enby_of_the_apocalypse @ryanfb @litteracarolina
Second for Librewolf. It was previously my throwaway browser but since got promoted after Firefuck's bullshit and Mullvad Browser is my new throwaway browser.
Show threadOpticalNail 🇵🇸Sep 13, 2024

@ryanfb @litteracarolina Librewolf. No need for apple's shit instead of Mozilla's shit.

Librewolf is basically the useful parts of Firefox as chosen by the guys maintaining the project - so not Mozilla. I heavily recommend it.

Show threadAnna DorofeevaSep 13, 2024
@arh @ryanfb Thanks, I'll check it out!
Show threadDrKylaraSep 14, 2024
@ryanfb @litteracarolina
Have you tried Opera lately?
It's got a couple different versions and a built in VPN, and I've not encountered 3rd party widgets.
Show threadMike McCaffrey Sep 14, 2024
@DrKylara @ryanfb @litteracarolina Opera has all these ads recently on podcasts to attract new users, and I can not think of a single above-board reason for a browser company to think they would get any sort of return on investment from that.
Show threadrootfakeSep 14, 2024
@mikemccaffrey @DrKylara @ryanfb @litteracarolina it's also just straight up chromium underneath, they're not maintaining their own browser engine anymore.
Show threadMike McCaffrey Sep 14, 2024
@rootfake @DrKylara @ryanfb @litteracarolina Yeah, so like what is their business model?
Show threadrootfakeSep 14, 2024
@mikemccaffrey @DrKylara @ryanfb @litteracarolina just from a cursory wiki glance, looks like they have their own integrated ad network, a bunch of ai and crypto stuff, and for some reason own a payment processor in Nigeria. I'd bet they're collecting a lot of tracking data.
Show threadGamey  Sep 16, 2024
@DrKylara @ryanfb @litteracarolina Sadly Opera is owned by a Nowegian company that's owned by a couple of Chinese companies and many of those are in the data buisiness. The integrations on the side and their VPN makes it even more worriesome because those give them access to evwn more data than a normal browser!
Show threadstibSep 13, 2024
@litteracarolina
The recent Mozilla shenanigans made me switch to #LibreWolf. Every week brings a new reason why I'm not regretting it one bit, even after a couple of decades of using FF.
@ryanfb
Show threadJigglyWyvernSep 13, 2024
@stib @litteracarolina @ryanfb did the same thing here. its sad to see FF kinda fall apart like this :/
Show threadJustin DerrickSep 13, 2024
@litteracarolina @ryanfb If privacy is important to you, consider sending them $20/month so they don’t have to resort to this sort of nonsense to pay the bills.
Show threaddweinandSep 13, 2024

@JustinDerrick

Well, If one could route the money to Firefox directly, I would have done it for more than a decade now. Unfortunately, our money ends up in the Mozilla Organisation. Looking this up a bit closer, shows this being more than a bit shady. So, unfortunately Firefox/Mozilla should be avoided these days IMHO.

Better off supporting @servo or even Vivaldi.

@litteracarolina @ryanfb

Show threadyoasifSep 13, 2024
@dweinand @JustinDerrick @servo @litteracarolina @ryanfb I don't get why supporting a closed source browser makes any sense.
Show threadZack BatistSep 13, 2024
@yoasif @dweinand @JustinDerrick @servo @litteracarolina @ryanfb Also, Vivaldi relies on a 3rd party AI-enhanced translation service, whereas firefox does translations entirely locally, which contradicts their pledge that so many people cite as their reason for switching
Show threadMaltimoreSep 14, 2024
@JustinDerrick @litteracarolina @ryanfb
Mozilla makes > 500 Million $ per year from google.
The CEO's salary increases by 2 Million $ every year. $20 per month extra, even by a lot of people, is a rounding error.
Show threadNekaīSep 13, 2024
@litteracarolina
I recently started using the DuckDuckGo browser. It has some neat features
@ryanfb
Show threadOsmoseSep 12, 2024

@ryanfb I dunno if it's documented anywhere and I'm not a fan of the widget, but according to someone on the Mozilla alumni Slack server it sends location data through a proxy such that your location is never tied to your IP address or any other info before AccuWeather sees it.

I really wish they put that on the settings for it, instead of just... not mentioning it. Ugh.

Show threadRyan BaumannSep 12, 2024
@Osmose Yeah I would expect 1) clicking "Learn More" tells me *exactly* what's happening with my location info and at what granularity and 2) disabling the widget disables sending my location (bonus points for using the widget display space with a placeholder to *ask* if I want a weather widget with a link to learn more instead of just enabling it by default)
Show threadjelteSep 13, 2024
@ryanfb @Osmose Not to mention that, once again, this should be implemented as an extension, and not bloat up the core browser.
Show threadAlex P. 👹Sep 13, 2024

@jelte @ryanfb @Osmose
so much of this shit could be solved by having a "default recommended set" of extensions that you can opt into or opt out of at installation time

i wouldn't even be that mad if they showed me a new list every time i updated

just… please let me cleanly separate "the browser" from "everything else you might possibly want to do," i'm begging you

Show threadsepSep 15, 2024
@saddestrobots @jelte @ryanfb @Osmose
Absolutly terrrible implementation all around. I guess mozilla is scrambeling to find other sources of revenue, as fast as possible. After google lost the search monopoly lawsuit. I doubt accuweather would pay for an extension.
Show threadClaude GohierSep 13, 2024

@ryanfb @Osmose

I see this in the weather section of the Learn More page:

"Do you share my IP address?

When weather suggestions are enabled, Firefox doesn’t share your IP address or any personally identifiable information outside Mozilla servers. When weather suggestions are disabled or hidden, Firefox doesn’t share your IP address or any PII related to the weather feature with Mozilla servers."

Show threadClaude GohierSep 13, 2024

@ryanfb @Osmose

Also:
"How is my location determined?

To see weather suggestions for your location in the address bar, Firefox uses your IP address to determine your approximate location. This information is then used to provide relevant weather suggestions for your area. "

Show threadRyan BaumannSep 13, 2024
@claudegohier They (thankfully) updated the content at the Learn More link after I made my post.
Show threadCassandrichSep 13, 2024

@claudegohier @ryanfb @Osmose "Outside Mozilla servers" 🤔

I absolutely do not want it to be shared with Mozilla servers, specifically. An application making automated queries to a domain owned by or partnered with its creators is malware. This is somehow a principle everyone has forgotten. 🤦

Show threadDan VeditzSep 14, 2024

@dalias @claudegohier @ryanfb @Osmose

Firefox is already contacting Mozilla servers all the time to check for updates to the browser, addons, certificate revocation list for intermediates, the Pocket stories shown on the new tab page, etc.

You could turn it all off, but while some of it are just features you may not want, a lot of it makes the browser more secure.

Show threadCassandrichSep 14, 2024
@dveditz @claudegohier @ryanfb @Osmose Yes I turn all that off.
Show threadZack BatistSep 12, 2024
@Osmose @ryanfb It's documented for another weather-related feature here: https://support.mozilla.org/en-US/kb/get-your-local-weather-forecast-firefox-address-bar
Get your local weather forecast from the Firefox address bar | Firefox Help

Get real-time weather updates conveniently displayed within the Firefox address bar.

Show threadRyan BaumannSep 12, 2024
@zackbatist @Osmose they absolutely need to link to that from the weather section of the support page “learn more” currently links to from the weather widget
Show threadDanny ColinSep 13, 2024

@ryanfb @zackbatist @Osmose You know what's nice about support.mozilla.org is that you can contribute to it now that you know the answer.

You know what's even more mind blowing? You could have asked someone before going on a rant but hey I guess it's easier to shit on Mozilla than helping.

Show threadOsmoseSep 13, 2024
@dannycolin lol chill Moz doesn't need you to defend it
Show threadDanny ColinSep 13, 2024

@Osmose lol chill I'm not defending the org but the work of a lot of contributors on SUMO and some amazing humans that work for this org.

It's fine to have constructive criticism and I, myself, doesn't hesitate to critize some decisions but recently the only thing we see is people ranting for the sake of it.

Show threadApicultor 🐝Sep 13, 2024

@dannycolin As someone versed in privacy regulation (and also a huge privacy advocate myself), the optics of this are FUCKING TERRIBLE. Weather apps are one of the most common ways to constantly track location for monetization and abuse (by AccuWeather themselves no less, among many others) so this should have been CRYSTAL CLEAR about what was going on.

Mozilla fucked the dog on this release and they should give their head a shake.

#privacymatters #privacy #locationtracking

@ryanfb

Show threadDanny ColinSep 13, 2024
@apicultor @Osmose It doesn't share jack about you with AccuWeather 'cause there's a proxy in-between.
Show threadApicultor 🐝Sep 13, 2024

@dannycolin Unless you click it and then AccuWeather gets to drop a cookie or seven.

The fact that you are having to explain it here is proof that user expectations were very poorly managed. As I said, weather is super abused on mobile so this should have been approached with great caution, but nope.

I use Firefox exclusively (but am not in the US so dodged this one) so this hurts even more to see.

We don't want AI or weather widgets. We don't want sponsored shit.

#firefox

@ryanfb @Osmose

Show threadOsmoseSep 13, 2024
@apicultor @dannycolin unrelated but I'm newish to mastodon how do I stop ya'll from pinging me with every message besides blocking you lmao
Show threadDanny ColinSep 13, 2024
@Osmose @apicultor If you use the default web client, there's a three-dots icon on each post. Click on it and in the context menu that appears there's a "mute conversation" option.
Show threadApicultor 🐝Sep 13, 2024
@Osmose You can mute a thread, but sorry for the noise.
Show threadIgelSep 13, 2024
@dannycolin @apicultor @Osmose a "proxy" might be enough for cities, but as you have more rural areas it will, in fact, actually greatly and with ease track single individuals as you can either send the location (someone currently uses their browser in this location at this time and does so for n hours and adds a regular night session afterwards) or generalize it for a greater area which looses a ton of granularity and thus makes the "weather for location" part useless...
Show threadCassandrichSep 13, 2024
@dannycolin @apicultor @Osmose I'm mad enough that Mozilla is getting the data. Regardless of whether AccuWeather sees it too.
Show threadRichard JohnsonSep 13, 2024

@dannycolin @Osmose

Your dismissiveness and mischaracterization ("ranting for the sake of it") is rather offensive.

Accuweather is a known and deliberate privacy violation mill.

Mozilla in bed with it... is a bad thing.

Mozilla sending location data to it without getting consent in advance... is a bad thing.

Calling Mozilla out for this is not "ranting for the sake of it". Sheesh man, grow up.

Show threadIgelSep 13, 2024
@dannycolin @Osmose that's exactly the orgs problem: I bet that no "open source contributor" / "volunteer" has added that feature but an org exec decided that its needed
Show threadRyan BaumannSep 13, 2024
@dannycolin good to know that this is actually MY problem that I personally need to fix for everyone because I’m the one who raised it, and not Mozilla’s for shipping a feature to wide release in this sorry-ass poorly-documented state. And fixing the docs doesn’t fix the underlying pref behavior or defaulting to being newly enabled without consent on every install
Show threadDanny ColinSep 13, 2024

@ryanfb And throwing rocks at people on the web doesn't fix the underlying problem either. At the very least, you could have asked someone and/or file a bug as I said earlier. Someone would actually have been more than happy to help fix the issue because SURPRISE it got filed pretty quickly when folks at Mozilla discovered it https://bugzilla.mozilla.org/show_bug.cgi?id=1918539

Again, I guess it's easier to blame the world and enjoy your feeling of entitlement. That's definitely how we'll reclaim the internet.

1918539 - Update the common questions for weather integration on the new tab article

NEW (seburo3) in support.mozilla.org - Knowledge Base Content. Last updated 2024-09-12.

Show threadRyan BaumannSep 13, 2024

@dannycolin yes, I do actually believe I’m entitled to use my web browser without it newly-defaulting to constantly broadcasting my location, and that turning the feature off should turn the broadcasting off. Those expectations were violated and I felt that other privacy-conscious Firefox users would like to be aware of this new behavior and how to actually disable it.

If Mozilla doesn’t need my consent to enable it by default, I certainly don’t need their consent to publicly complain about it.

Show threadDanny ColinSep 13, 2024

@ryanfb My issue isn't that you're critizing Mozilla. It's that your tone implies some sort of malice in the way it was implemented. There are still good people in this org and that kind of tone is simply burning them and yes it makes me angry because I know some of them personally and care about their well being.

So on a less antagonistic note to end this, what I said is simply reach to them or some contributors, we'll be more than happy to help escalate the issue.

Show threadabeorchSep 13, 2024
@dannycolin
@ryanfb - Taking a risk here but .. When you get used to organisations doing crappy things you get habituated to that and expect organisations to do that and prepare yourself to jump on it when it happens.. the #agencyproblem creates the motivation for companies to screw you over - people become primed to respond. - But with #foundations and #coops - The motivation isnt there but people have still been primed to expect it . It takes time to relax and get used to the idea.
Show threadDelricSep 14, 2024
@dannycolin @ryanfb so because you have personal and emotional connections to mozilla employees, users shouldn’t criticize them public. Do you see how absurd your position is?
Show threadJustin DerrickSep 13, 2024
@ryanfb @dannycolin That sensation of entitlement comes with a price. How much have you contributed to Mozilla this year? Because developers don’t work for free, servers don’t pay for themselves, bandwidth doesn’t grow on trees.
Show threadRyan BaumannSep 13, 2024
@JustinDerrick Because that sensation of entitlement arises from what are recognized by many governments as basic human rights to privacy, it does not, in fact, come with a price.
Show threadJustin DerrickSep 13, 2024
@ryanfb Excellent. Great way to look at it. I'm looking forward to your release of a secure, private browser that works across a dozen hardware platforms that you give away for free, without concern for how you'll earn a living and pay your bills.
Show threadPaulSep 13, 2024
@JustinDerrick @ryanfb @dannycolin It is worth considering that the person that helped resolve that bug is a volunteer contributor, as are the many Mozillians all over the world that will take the updated text of the support article and localise it into their own language.