@pluralistic @mozillaofficial Apparently it has to do with CCPA’s definition of “selling data” which simply includes data being transferred to any third party for any reason. Because Mozilla uses tools for collecting usage metrics and has some marketing and tracking stuff built in, any third party involved in this would receive this data, and the CCPA considers this “selling data”.

It can apparently be so over-broad that service providers have included this kind of language simply for your data being hosted in their services in a third party provider like Hetzner, AWS, etc.

So it appears to be some potentially over-broad definitions in law.

@bedast @pluralistic @mozillaofficial I don't buy it, sorry to say. There are graceful ways for orgs + lawyers to handle this. Rather than a broad clause like that, you can separate collection & usage into sections and describe it.

For ex, in cases where data is necessary for payment processing, email subs etc my orgs specify that collection + usage and the reason it's warranted.

Mozilla does telemetry I won't do, but still could've written that in specific terms. No one would have bat an eye.

@profdiggity @bedast @pluralistic @mozillaofficial

The question I have is what contract lawyers might make of the "and never will" and "that's a promise" bits of the old statement.

It was taken by the users as a binding commitment. We agreed (as much as anybody really does with shrink-wrap*) to those terms.

*One day I need to see this argument taken to a real judgement instead of a slimy settlement. A contract requires equity and a meeting of minds, not drive-by binding of victims.

@Fuzz_Ra @bedast @pluralistic @mozillaofficial Disclaimer: IANAL.

Those statements are less vague than "don't be evil" so possible it's actionable. But I very much doubt it.

ToU often have a clause that allows for updates without notification (because how would you notify a past visitor to a website or a browser user? etc) and it's probably proper for marketing copy that aligns with that ToU to then be changed to align with a new one... 1/2

@Fuzz_Ra @bedast @pluralistic @mozillaofficial ...plus those statements might be considered "puffery" though it's a weak argument.

Nearly all ToU and FOSS licenses have a disclaimer of warranty and/or limitation of liability - in MIT license it's most of the text. GPL and MPL have them. etc.

So proving injury would likely only be for extreme cases, not for data harvesting.

ToS with Mozilla customers is different and between those parties. Not sure if they sell services, FFox ESR, etc. 2/2