Mozilla, Firefox & Data

Update 5/22/08: First, I do want to thank everyone for commenting & discussing — this is a serious and important subject that people should care deeply about.

To make a few things clear:

  1. There is no secret data project.
  2. There is no secret plan to collect user data.
  3. We are not already secretly collecting data.
  4. Yes, we are trying to figure out how to accumulate and open better data about how people use the web and their browsers; like everything Mozilla does, that starts with discussion like this, and we expect people to have many, many opinions.

As I told Mike, there’s no staff, no project plan, no nothing, really, except a desire to level the playing field in ways that open source itself has. Like everything else at Mozilla, anything we do will be rooted in the fundamentals of user control, data privacy, and transparency with our community and users.

——-

Had a great conversation with Mike Arrington from TechCrunch yesterday — resulted in a nice writeup of one of the projects we’ve been thinking about here at Mozilla over the last few months. He highlights the opportunity quite well, I think, and I’d like to add some context here so everyone knows where we’re coming from. One correction that I need to make up front: “stealth project” should read “very early stage project that Mozilla has been open about,” but that’s probably not quite as catchy a headline. :-)

Meeting Context
For most of our hour we spent was talking about the upcoming release of Firefox 3 — which is on the way very soon now, and is a release that everyone involved is very proud of.

Towards the end of our time, Mike asked: “What’s next?”

We answered similarly to our conversation with Matt Asay a while back, in that we’ve got about 4 things we’re spending a fair bit of time thinking about: (1) the future of Firefox and the technology that powers it (the new version we’re calling moz2), (2) mobile Firefox (code-named Fennec), (3) online services like Weave, and (4) data. Mike was particularly interested in the 4th item, data, and saw a lot of possibility in it.

Key Insight
The key insight is not so much that rich clients or web sites are able to collect information about what people do, but rather that this data is one of the most important pieces to faciliate understanding (and innovation), and is also one of the most under-explored areas of the modern web.

I’ll say it again another way: while technology has gotten cheaper & cheaper to deploy, and the connected nature of the global web means that you can start up a new worldwide service practically overnight for very little capital, there remain worlds of information about how people use the web that are locked up and not currently shared.

So we asked ourselves what we can do to help unlock some of this latent potential — and started thinking about whether there’s a project we can do at Mozilla that does a few things:

  1. Collects & shares data in a way that embodies the user control & privacy options which are at Mozilla’s core.
  2. Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.
  3. Helps move the conversation around data collection and web usage forward, to help consumers make more informed decisions.

It seems obvious to us that there’s lots to be done here, and lots that we can do, if we can work with our broad community to figure it out.

The Current Situation at Mozilla
First things first: we track very very little data today. I’ve posted before that we use our Application Update Service (AUS) pings to get a sense of where our main usage around the world is and to try to spot problems when they happen (it’s notable that this is a secondary usage of that system — the primary function of AUS is to enable timely updates to the softeware we release — in Firefox 3 and future versions of Firefox 2, we’ll watch instead an analogous ping that checks whether updates to add-ons are available.) Beyond that, we don’t collect much data in the product at all.

We’ve got a couple of projects started at a small level in this area — one is called Spectator, an add-on mostly used to improve the user interface of Firefox, and another is a project in Mozilla Labs called Test Pilot. They’re both early and very limited in scope.

Beyond that, we’re thinking about it and talking about it, but haven’t staffed it very much — we don’t even have a name for the project yet. What we do know is that data is important, and that there’s a ton of potential for everyone.

We’ve had most of the substance of these conversations in the open, like most everything we do, and we want to have more. Key to us doing anything is having even more conversations like this in public, and figuring out a set of core principles that go beyond just the level of opting-in.

So I’m glad that Mike wrote about it & sees some of the promise here. It’s early days, but it seems to me at least that opening up all sorts of data — from web usage to the social graph & beyond — is going to be the topic of conversation for a long time to come.

247 comments

  1. Go to hell with tracking data – we will stop this in Germany, if necessary, we will stop firefox.

  2. So basically Firefox will be spyware .. great move!

  3. Strange world where OpenSource meets Spyware.

  4. Rudiger, Tom, tekonaut, nobody plans to make this spyware, I tried to make it clear that we’d only do this by figuring out a way to be very very opt-in, the data would be open to everyone, and not personal in any way. That’s why we’re talking about it in the very early stages as we explore the space.

    I hear your concerns; take them very seriously. Feedback is what we’re after.

  5. This is the end of Firefox! RIP

    This sounds like the words of Walter Ulbricht in 1961:
    “No one has the intention to erect a wall”. Soon after the Berlin Wall was build.

    We all know that Google is behind this shit now. FY Google, fy Mozilla!

    Long live Opera!

  6. Go to hell with tracking data – we will stop this in Germany, if necessary, we will stop firefox.

  7. Hmm.. I dont want to say that i would deinstall firefox for this reason immedeately.. but i think over this possibility now more seriously in the future..

    And I am for sure not the only one with this thaughts – Is it really worth to destroy a community with possible dangerous spying acts like this?

    Only a point to think about.

    Saph

  8. So basically Firefox will be spyware .. great move!

  9. Strange world where OpenSource meets Spyware.

  10. Firefox protokolliert Userdaten…

    Ahoi,
    gerade habe ich gelesen, dass Mozilla plant mit ihrer Software Firefox, dem Open-Source-Browser schlechthin, Nutzerdaten zu sammeln. Protokolliert und geloggt werden sollen alle Websiten die User ansurfen. Lässt man mal den Datenschutz beiseiten…

  11. Thanks for the answer John. You have to understand privacy is a big topic in Germany ( and it should be everywhere ). So i think the right way to communicate this would be to say that it will be optional and turned off by default _upfront_.
    ( BTW the influx of negative commments is probably due to heise.de ( kinda german /. ) headlining “Mozilla wants to collect User data” ). Maybe you should complain to the aproriate reporter for blowing this out of porportion.

  12. Rudiger, Tom, tekonaut, nobody plans to make this spyware, I tried to make it clear that we’d only do this by figuring out a way to be very very opt-in, the data would be open to everyone, and not personal in any way. That’s why we’re talking about it in the very early stages as we explore the space.

    I hear your concerns; take them very seriously. Feedback is what we’re after.

  13. This is a really exciting opportunity to diversify Mozilla’s funding sources. This kind of aggregate browsing data is valuable to a far wider set of organizations than Mozilla can make search advertising affiliate deals with.

    Right now Mozilla is only minimally monetizing Firefox users – the potential to non-intrusively generate a little more revenue and then put that to use helping the Open Web is great news.

    Ian

  14. This is the end of Firefox! RIP

    This sounds like the words of Walter Ulbricht in 1961:
    “No one has the intention to erect a wall”. Soon after the Berlin Wall was build.

    We all know that Google is behind this shit now. FY Google, fy Mozilla!

    Long live Opera!

  15. John,
    please don’t.

    Mozilla is primarily an Open-Source-Project, and not a company. The company is only – only – there to foster the goals of the project. Privacy is one of the big values that the Open Source community shares and feels very strongly about. This is directly contradicting core goals of the whole Open-Source movement.

    This will also backslash in a wider audience. Don’t even ask for consent using using any popup or anything, and don’t promote it.

    Even speaking economically, I think your limiting factor is not money, but competent developers.

    Please concentrate instead on what *users* want, and do *only* that. The rest will follow. That’s how Mozilla got big, and how Netscape died.

  16. Tom, I don’t think the heise article blew anything out of proportion. given what TechCrunch wrote. heise just pointed people to it.
    Ian, you can hardly be any more intrusive than selling the browsing history. Unless you really meant “visible”.

  17. Hmm.. I dont want to say that i would deinstall firefox for this reason immedeately.. but i think over this possibility now more seriously in the future..

    And I am for sure not the only one with this thaughts – Is it really worth to destroy a community with possible dangerous spying acts like this?

    Only a point to think about.

    Saph

  18. hi ben — you’re right that privacy is core — it’s core to everything we do — and i don’t think that anything i’m writing here contradicts that.

    the web today collects *much* data about people in ways that aren’t helpful at all. what we’re trying to do is have a conversation about what that is, and to allow normal folks to have a say in what data gets collected, how it’s used.

    fwiw, i think that discussion of stuff like this *is* core to open source.

    this isn’t economics driving it — it’s trying to level the playing field more than it is today, and to have real discussion here.

    (btw, i wanted to connect with you directly, as i felt your writeup on heise was a little overharsh & didn’t really reflect the substance of the conversation that we’re having here)

  19. Firefox as spyware ;-) ?

  20. Ben .. not explaining heise readers: “Ask Firefox’s 170 million (and growing) user base if they would like to opt in to anonymous data collection on their surfing habits.”(techcrunch) & not mentioning that it will be “opt in” ( with proper german translation ) & the sensationalistic headline smells like misleading in my book. ( To tell you the truth I was pissed at first too .. but reading all links and talking to people helped. )
    But to be honest i would probably never activate such a “feature” and I think a lot of people have VERY bad association with data collection. You guys need to come up with other way to describe it.

    And John … it is true that data collection happens everywhere .. and that is mostly bad and I do not think that if Mozilla started to do it too it would lessen it anywhere else .. bottom line would be more data collection. There is so much misuse happening and I just do not want my personal data stored in the U.S. Best data protection is not collecting it in the first place.

  21. Thanks for the answer John. You have to understand privacy is a big topic in Germany ( and it should be everywhere ). So i think the right way to communicate this would be to say that it will be optional and turned off by default _upfront_.
    ( BTW the influx of negative commments is probably due to heise.de ( kinda german /. ) headlining “Mozilla wants to collect User data” ). Maybe you should complain to the aproriate reporter for blowing this out of porportion.

  22. John, yes, the web is collecting *too* much data. What we need are tools to *reduce* that, to avoid being profiled and collected. Insofar I agree that we need discussion, just in the other direction :).

  23. This is a really exciting opportunity to diversify Mozilla’s funding sources. This kind of aggregate browsing data is valuable to a far wider set of organizations than Mozilla can make search advertising affiliate deals with.

    Right now Mozilla is only minimally monetizing Firefox users – the potential to non-intrusively generate a little more revenue and then put that to use helping the Open Web is great news.

    Ian

  24. Hi Ben – while I’m sympathetic to that argument, and believe that users should have control over their own usage information (just like web providers should have control over who they offer their services to), I think reducing the information collected is at the moment a very very unlikely thing to happen. So I’d prefer to have a more textured conversation about what’s okay, what’s not okay, how it’s okay, how it’s not okay, etc.

    Because just collecting less information isn’t actually the answer. I myself would prefer that software vendors were more active in collecting crash data, for example, as it’s something that makes products better. (We’re trying to help other OSS projects do this, too, with our work on Brakepad and Socorro. We keep our own top crasher data open, and I’d hope that openness facilitates or will facilitate cross project insight on crashers that might be caused by shared components.)

    Anyway, it seems to me that “collect everything!” and “collect nothing!” are both straw men proposals, and we need to get a more nuanced conversation going. And that without going into the uncomfortable corners that elicit strong emotion (like I seem to have done), you can’t figure much out that’s really meaningful.

  25. John,
    please don’t.

    Mozilla is primarily an Open-Source-Project, and not a company. The company is only – only – there to foster the goals of the project. Privacy is one of the big values that the Open Source community shares and feels very strongly about. This is directly contradicting core goals of the whole Open-Source movement.

    This will also backslash in a wider audience. Don’t even ask for consent using using any popup or anything, and don’t promote it.

    Even speaking economically, I think your limiting factor is not money, but competent developers.

    Please concentrate instead on what *users* want, and do *only* that. The rest will follow. That’s how Mozilla got big, and how Netscape died.

  26. Good went bad…

    The large user community of Firefox results from a distrust in regard of the good intentions of Firefox and a the strong believe, that open source products are inherently good. But what browser should you use, when the CEO of Mozilla thinks about massi…

  27. Tom, I don’t think the heise article blew anything out of proportion. given what TechCrunch wrote. heise just pointed people to it.
    Ian, you can hardly be any more intrusive than selling the browsing history. Unless you really meant “visible”.

  28. hi ben — you’re right that privacy is core — it’s core to everything we do — and i don’t think that anything i’m writing here contradicts that.

    the web today collects *much* data about people in ways that aren’t helpful at all. what we’re trying to do is have a conversation about what that is, and to allow normal folks to have a say in what data gets collected, how it’s used.

    fwiw, i think that discussion of stuff like this *is* core to open source.

    this isn’t economics driving it — it’s trying to level the playing field more than it is today, and to have real discussion here.

    (btw, i wanted to connect with you directly, as i felt your writeup on heise was a little overharsh & didn’t really reflect the substance of the conversation that we’re having here)

  29. Firefox as spyware ;-) ?

  30. Ben .. not explaining heise readers: “Ask Firefox’s 170 million (and growing) user base if they would like to opt in to anonymous data collection on their surfing habits.”(techcrunch) & not mentioning that it will be “opt in” ( with proper german translation ) & the sensationalistic headline smells like misleading in my book. ( To tell you the truth I was pissed at first too .. but reading all links and talking to people helped. )
    But to be honest i would probably never activate such a “feature” and I think a lot of people have VERY bad association with data collection. You guys need to come up with other way to describe it.

    And John … it is true that data collection happens everywhere .. and that is mostly bad and I do not think that if Mozilla started to do it too it would lessen it anywhere else .. bottom line would be more data collection. There is so much misuse happening and I just do not want my personal data stored in the U.S. Best data protection is not collecting it in the first place.

  31. John, yes, the web is collecting *too* much data. What we need are tools to *reduce* that, to avoid being profiled and collected. Insofar I agree that we need discussion, just in the other direction :).

  32. Hi Ben – while I’m sympathetic to that argument, and believe that users should have control over their own usage information (just like web providers should have control over who they offer their services to), I think reducing the information collected is at the moment a very very unlikely thing to happen. So I’d prefer to have a more textured conversation about what’s okay, what’s not okay, how it’s okay, how it’s not okay, etc.

    Because just collecting less information isn’t actually the answer. I myself would prefer that software vendors were more active in collecting crash data, for example, as it’s something that makes products better. (We’re trying to help other OSS projects do this, too, with our work on Brakepad and Socorro. We keep our own top crasher data open, and I’d hope that openness facilitates or will facilitate cross project insight on crashers that might be caused by shared components.)

    Anyway, it seems to me that “collect everything!” and “collect nothing!” are both straw men proposals, and we need to get a more nuanced conversation going. And that without going into the uncomfortable corners that elicit strong emotion (like I seem to have done), you can’t figure much out that’s really meaningful.

  33. A good example how you can easily ruin years hard work to get the users confidence.

    Well done, John … :(

  34. Where is the benefit for the user???
    I hate spyware.

  35. If this data project is (as promised) purely “opt-in”
    objections from those with deep concerns about the
    effect new capability on their privacy
    should be answered.

    however, that segment of the Firefox user base
    probably will not trust the promise that it will
    not somehow be sneaked in under the covers.

    My personal belief, for what it’s worth, was
    stated by Scott McNealy back in the day
    to the effect: “there is no privacy on the internet,
    get over it.”

    If you want privacy in this age of ultra super computers
    CIA, FBI, MI6 and Patriot Act (in USA) virtually unlimited
    ability to monitor conversations in any form, your
    only option is to completely stop using the net, your mobile
    phone and credit cards. plan to ride a bike,
    pay in cash at stores you know do not hav survelliance
    cameras (good luck with that).

    your best bet would be to live in a jungle somwhere,
    eating the food you gather and animals/fish you can snag.

    Firefox Data when and if it happens will be
    the LEAST of your problems.

    Welcome to the 21st century.

    ron k jeffries

  36. A good example how you can easily ruin years hard work to get the users confidence.

    Well done, John … :(

  37. ron, I don’t think “get over it” and “Welcome to the 21st century” are the answer to anything. Because the world is what we make it.
    The Internet is so free and a source of free speech and user empowerment, because it was intentionally designed decentrally. This is not natural: The alternatives back then were AOL and other centralized counterparts in other countries.
    Today, we again see a move to centralism. Not because it’s natural, but because companies have a vested interest in the data that this gets them. Again, this is not in the user’s interest, observe the problems with AIM communicating with MSN, moving from myspace to facebook to linkedin as you grow, etc.. These problems would be avoided, if we were decentral. The privacy problems as well, to a large part. Life is what we make it.

    There are forces in both directions, due to certain circumstances like the financial system habits. Open Source and Mozilla has been a force in the direction of user empowerment, doing only what the user wants. That’s why Mozilla got big – it was an active statement of millions of users that they are fed with status quo and wanted something that works and that does what *they* want.
    This is what’s at stake here. Even thinking about other directions enganders that.

  38. Where is the benefit for the user???
    I hate spyware.

  39. If Mozilla tries to collect behavioural data about the users, there will be more than one public patch to drive this out of Firefox – keep in mind it’s open source. People will download the patched version from third-party sites rather than from the Mozilla Foundation. Be very careful with your plans, as Firefox users are not stupid.

  40. If this data project is (as promised) purely “opt-in”
    objections from those with deep concerns about the
    effect new capability on their privacy
    should be answered.

    however, that segment of the Firefox user base
    probably will not trust the promise that it will
    not somehow be sneaked in under the covers.

    My personal belief, for what it’s worth, was
    stated by Scott McNealy back in the day
    to the effect: “there is no privacy on the internet,
    get over it.”

    If you want privacy in this age of ultra super computers
    CIA, FBI, MI6 and Patriot Act (in USA) virtually unlimited
    ability to monitor conversations in any form, your
    only option is to completely stop using the net, your mobile
    phone and credit cards. plan to ride a bike,
    pay in cash at stores you know do not hav survelliance
    cameras (good luck with that).

    your best bet would be to live in a jungle somwhere,
    eating the food you gather and animals/fish you can snag.

    Firefox Data when and if it happens will be
    the LEAST of your problems.

    Welcome to the 21st century.

    ron k jeffries

  41. Was John Lilly wirklich gesagt hat – und warum er besser die Klappe gehalten hätte…

    Originaltext aus John’s Blog:
    So we asked ourselves what we can do to help unlock some of this latent potential — and started thinking about whether there’s a project we can do at Mozilla that does a few things:

    1. Collects & shares data in a…

  42. So wait… mozilla collecting information about firefox usage is going to somehow change what “useful data” other people are collecting?

  43. ron, I don’t think “get over it” and “Welcome to the 21st century” are the answer to anything. Because the world is what we make it.
    The Internet is so free and a source of free speech and user empowerment, because it was intentionally designed decentrally. This is not natural: The alternatives back then were AOL and other centralized counterparts in other countries.
    Today, we again see a move to centralism. Not because it’s natural, but because companies have a vested interest in the data that this gets them. Again, this is not in the user’s interest, observe the problems with AIM communicating with MSN, moving from myspace to facebook to linkedin as you grow, etc.. These problems would be avoided, if we were decentral. The privacy problems as well, to a large part. Life is what we make it.

    There are forces in both directions, due to certain circumstances like the financial system habits. Open Source and Mozilla has been a force in the direction of user empowerment, doing only what the user wants. That’s why Mozilla got big – it was an active statement of millions of users that they are fed with status quo and wanted something that works and that does what *they* want.
    This is what’s at stake here. Even thinking about other directions enganders that.

  44. If Mozilla stores the IP-addresses of Firefox users for longer than a couple of minutes and if Mozilla uses these IP-addresses in a not anonymous manner for statistical purposes this would be at least against German law. IP-addresses aren’t anonymous. The German federal ministry of justice for example got convicted for storing the IP-addresses of the visitors of his website.

    I strongly advise Mozilla to not store IP-addresses of Firefox users longer than necessary – necessary solely for running the update service.

    Otherwise I hope Mozilla modify the IP-addresses to make them anonymous instantly after using them for the update service. For instance by transforming the IP-addresses into hash values and by storing only those hash values for further statistical analysis.

    I know that it is common to see IP-addresses themselves as “anonymous” enough but they aren’t. IP-addresses can easily traced back to single persons. So, please Mozilla, don’t add another IP-address-”warehouse” to the internet.

  45. If Mozilla tries to collect behavioural data about the users, there will be more than one public patch to drive this out of Firefox – keep in mind it’s open source. People will download the patched version from third-party sites rather than from the Mozilla Foundation. Be very careful with your plans, as Firefox users are not stupid.

  46. Ian McKellar, take your vague bureaucratic doublespeak elsewhere.

  47. So wait… mozilla collecting information about firefox usage is going to somehow change what “useful data” other people are collecting?

  48. If Mozilla stores the IP-addresses of Firefox users for longer than a couple of minutes and if Mozilla uses these IP-addresses in a not anonymous manner for statistical purposes this would be at least against German law. IP-addresses aren’t anonymous. The German federal ministry of justice for example got convicted for storing the IP-addresses of the visitors of his website.

    I strongly advise Mozilla to not store IP-addresses of Firefox users longer than necessary – necessary solely for running the update service.

    Otherwise I hope Mozilla modify the IP-addresses to make them anonymous instantly after using them for the update service. For instance by transforming the IP-addresses into hash values and by storing only those hash values for further statistical analysis.

    I know that it is common to see IP-addresses themselves as “anonymous” enough but they aren’t. IP-addresses can easily traced back to single persons. So, please Mozilla, don’t add another IP-address-”warehouse” to the internet.

  49. Ian McKellar, take your vague bureaucratic doublespeak elsewhere.

  50. Leigh Mortensen

    Take off the rose colored glasses and look at the American government right now and ask yourself if this is really a good time for Mozilla to accumulate a handy pile of browsing data. Here’s a hint. If you say yes, you’re either lying, stupid or delusional.

  51. Leigh Mortensen

    Take off the rose colored glasses and look at the American government right now and ask yourself if this is really a good time for Mozilla to accumulate a handy pile of browsing data. Here’s a hint. If you say yes, you’re either lying, stupid or delusional.

  52. Hi John,

    This project is only acceptable if data collection is opt-in, and so strictly opt-in that it’s impossible to activate it accidentally. But in this case, I wonder what the use of opt-in data collection will be, after all, the user group will be heavily self-selecting.
    Spying on your users won’t help the (already excellent) quality of your software at all, better use the developer time for real end-user features.
    Otherwise, I will regard Firefox as just another piece of spyware crap and the Mozilla Foundation will destroy all trust built up over years.

    Please think about it once again.

  53. Hi John,

    This project is only acceptable if data collection is opt-in, and so strictly opt-in that it’s impossible to activate it accidentally. But in this case, I wonder what the use of opt-in data collection will be, after all, the user group will be heavily self-selecting.
    Spying on your users won’t help the (already excellent) quality of your software at all, better use the developer time for real end-user features.
    Otherwise, I will regard Firefox as just another piece of spyware crap and the Mozilla Foundation will destroy all trust built up over years.

    Please think about it once again.

  54. John,

    As you’re clearly aware (as are many of the commenters from Europe) given FF is a global data platform, if Mozilla wants to avoid a great deal of backlash, regulatory entanglements and legal woes, you’re going to have to take into account the highest privacy standards out there. At the moment, those are in the European Union and as you mention at the end of the post, this goes well beyond simple consent.

    The other principles beyond opt-in you’d want to take very seriously before proceeding would include: openness (to ensure consent is truly informed), individual access (to ensure users can validate data collected about them and amend it as needed), limitation on collection (gathering only that data that is necessary for the purpose), quality (data needs to be accurate), no secondary use or disclosure (personal information gathered for one purpose should not be ported to other organizations or subject to ‘mission creep’), security and accountability (Mozilla will need to be clear and open about who is responsible within the organization for the personal information that is collected).

    You’ll also want to take a close look at the EU Working Group responsible for data protection and their standards:
    http://www.dataprotection.ie/viewdoc.asp?m=u&am

    The OECD guidelines in their entirety can be referenced on their site: http://www.oecd.org/document/18/0,2340,es_2649_….

    Chris

  55. John,

    As you’re clearly aware (as are many of the commenters from Europe) given FF is a global data platform, if Mozilla wants to avoid a great deal of backlash, regulatory entanglements and legal woes, you’re going to have to take into account the highest privacy standards out there. At the moment, those are in the European Union and as you mention at the end of the post, this goes well beyond simple consent.

    The other principles beyond opt-in you’d want to take very seriously before proceeding would include: openness (to ensure consent is truly informed), individual access (to ensure users can validate data collected about them and amend it as needed), limitation on collection (gathering only that data that is necessary for the purpose), quality (data needs to be accurate), no secondary use or disclosure (personal information gathered for one purpose should not be ported to other organizations or subject to ‘mission creep’), security and accountability (Mozilla will need to be clear and open about who is responsible within the organization for the personal information that is collected).

    You’ll also want to take a close look at the EU Working Group responsible for data protection and their standards:
    http://www.dataprotection.ie/viewdoc.asp?m=u&fn=/documents/LEGAL/6aii.htm

    The OECD guidelines in their entirety can be referenced on their site: http://www.oecd.org/document/18/0,2340,es_2649_34255_1815186_1_1_1_1,00.html.

    Chris

  56. just curious, how would firefox’s data collection compare to that of other web browsers? is this something entirely novel?

  57. I have to concur with the people saying that “We’re going to collect data on you” is something terribly offensive, at least in the european culture, and that you should know better. If you are not extremely careful with this, the backslash will be devastating in terms of community, trust, image, support, … everything in what is for now one of your better footholds.

    I also don’t understand in which way users would benefit from this at all. It’s quite distressing that you don’t communicate on this, because I believe it is (or should still have been) the only thing of importance here.

    If you really want to do this, you should definately ship and advertize strongly the current “Private Browsing” project (http://wiki.mozilla.org/PrivateBrowsing) at the same time, and make sure the two features work well together. I don’t know if it would be enough, but it would mitigate things a little.

  58. just curious, how would firefox’s data collection compare to that of other web browsers? is this something entirely novel?

  59. I have to concur with the people saying that “We’re going to collect data on you” is something terribly offensive, at least in the european culture, and that you should know better. If you are not extremely careful with this, the backslash will be devastating in terms of community, trust, image, support, … everything in what is for now one of your better footholds.

    I also don’t understand in which way users would benefit from this at all. It’s quite distressing that you don’t communicate on this, because I believe it is (or should still have been) the only thing of importance here.

    If you really want to do this, you should definately ship and advertize strongly the current “Private Browsing” project (http://wiki.mozilla.org/PrivateBrowsing) at the same time, and make sure the two features work well together. I don’t know if it would be enough, but it would mitigate things a little.

  60. Ernst Wiedemann

    Horrible vision! Time for a new fork of the Mozilla Project? Nobody should waiste his time to support big companies collecting userdatas for commercial. Focus on feature and usability please. Should anybody really need this function, it could get realized as a plugin. Easily track how many user will install such a plugin. Is the testperiod really successful you can integrate it in FF but I’m sure it will not.

  61. Ernst Wiedemann

    Horrible vision! Time for a new fork of the Mozilla Project? Nobody should waiste his time to support big companies collecting userdatas for commercial. Focus on feature and usability please. Should anybody really need this function, it could get realized as a plugin. Easily track how many user will install such a plugin. Is the testperiod really successful you can integrate it in FF but I’m sure it will not.

  62. Reading all the strong feelings in these comments, I started to think about what kind of data collection is possible and what I, as a user, might want access to.

    What if I could access a pool of data (provided by willing users) that showed me how many women were using the internet, what add-ons they are using, and perhaps what bugs they are filing. That’s just a very broad example of what I might be interested in.

    Data collection options could lead to interesting census-style information repositories that could help anyone from a high school student who wants to know how many people in his pop. 1000 town are using the internet to the self-employed entrepreneur who is looking to see if there is a market for her product in Toronto.

    This information isn’t available at the library, it isn’t available (without a hefty price) from traditional data collection as it exists right now.

    So I say, bring on the dialogue – and the options for the little people who are each a part of this massive process that is internet usage.

  63. Reading all the strong feelings in these comments, I started to think about what kind of data collection is possible and what I, as a user, might want access to.

    What if I could access a pool of data (provided by willing users) that showed me how many women were using the internet, what add-ons they are using, and perhaps what bugs they are filing. That’s just a very broad example of what I might be interested in.

    Data collection options could lead to interesting census-style information repositories that could help anyone from a high school student who wants to know how many people in his pop. 1000 town are using the internet to the self-employed entrepreneur who is looking to see if there is a market for her product in Toronto.

    This information isn’t available at the library, it isn’t available (without a hefty price) from traditional data collection as it exists right now.

    So I say, bring on the dialogue – and the options for the little people who are each a part of this massive process that is internet usage.

  64. If you think that this is where innovation should happen you definitely should look again.

    Of course, all kinds of people need to make money, and for that, data collecting is always a good way. If people need to opt in and some guys get rich with this, ok.

    But don’t sell it to us as “innovation”.

  65. Fine. Will spyware removal programs remove FF then?
    If yes, all is well.

    There is hardly anything that will damage sympathy towards FF more than the greed for user data. If you want bad press and piss off your user base, go for it.

  66. Ralf (Germany)

    Hallo miteinander,

    (mabye someone can translate my text or what I mean, because I can’t say this in english)

    mir scheint hier doch einiges an der wesentlichen Idee und am wesentlichen Problempunkt vorbei zu gehen.

    Viele schimpfen über die Idee Daten zu sammeln und bekommen eine Gänsehaut und wollen FireFox gleich den Rücken zu wenden. Aber sie wissen, so glaube ich, überhaupt nicht was das Anliegen, die Gedanken von John oder der FireFox-Crew sind.

    Es werden bereits viele Daten im Internet automatisch gesammelt und man versucht mit Nachdruck dieses noch zu steigern, weil die Firmen und auch andere Institutionen und auch Eizelpersonen gerne mehr über den Internet-User und sein Verhalten wissen möchten. Viele natürlich mit reinen komerziellen, manche mit bösen und manche auch mit guten Absichten.

    Es ist aber eindeutig im Interesse des Internet-Users selbst das Erscheinungsbild seiner Person zu bestimmen. Und das scheint mir doch der Ansatzpunkt von FireFox zu sein.

    Das Schöne am Internet ist ja gerade, dass man sich durch eine Homepage, einen Blog, einen Nick-Namen und vieles andere mehr im Internet so geben kann, wie man sein möchte ! wie man gesehen werden will ! Deshalb sollte es eine Möglichkeit im Internet geben auch sein Internet-User-Profil selbst zu erzeugen und zu pflegen.

    Beispiel eines armen Trinkers: Er geht regelmäßig zum Kiosk um sich Bier zu kaufen, aber er möchte es eigentlich nicht und möchte davon loskommen. Er würde sich gerne als Gabelstablerfahrer bewerben um seiner Frau und Kinder willen, die er liebt, weiß aber nicht, wo er sich bewerben soll und ist mutlos danach zu suchen.

    Das automatisch gesammelte Profil sagt: User-X geht regelmäig zum Kiost und kauft Bier und mach sonst nichts.

    Die Werbebranche würde ihm sofort (rücksichtslos) Werbung für Bier und anderen Alkohol zusenden. Vielleicht auch noch Werbung für pornographische Zeitschriften, die es an diesem Kiosk gibt.

    Das von ihm selbst gewünschte Profil würde jedoch so aussehen: User-X sucht nach Angeboten für eine Stelle als Gabelstablerfahrer und möchte von Werbung für Alkohol bitte in Ruhe gelassen werden !!! (Und vieleicht unsichtbar: bitte bewahrt mich vor Pornographie, ich möchte meiner Frau treu bleiben und sie nicht verunehren.)

    Wir sehen, dass diese beiden Profile sich nicht nur unterscheiden, sondern 180° gegeneinander verdreht sind und in völlig andere Richtung zeigen !!!

    Es müsste eine Möglichkeit geben dieses selbsterstellte User-Profil für alle anderen Internet-User verbindlich zu machen, oder nicht ?

    Grüße aus Deutschland

    Ralf

  67. One of the basic arguments of Firefox WAS that it helps to support privacy. If this goes live, Firefox will loose its “trusted” status. It will be yet another user-data mining application.

    Opt-in or not, do users really want to double and triple-check everything just to be sure they haven’t overlooked or accidentially clicked some hidden check-button? I know I don’t.

    With too many internet-based applications you have to be very careful where you click, so you don’t install toolbars or agree to data mining. No matter how good the application is, this always makes it look shady and untrustworthy.

    This will create suspicion towards Mozilla products. I do not want to use a browser I can no longer trust. Mozilla can claim it to be as open as they want. Users simply cannot trust claims and promises of companies; especially on something this sensitive.

    Another marketing idea ruins a previously great product. Sad news indeed.

  68. If you think that this is where innovation should happen you definitely should look again.

    Of course, all kinds of people need to make money, and for that, data collecting is always a good way. If people need to opt in and some guys get rich with this, ok.

    But don’t sell it to us as “innovation”.

  69. Fine. Will spyware removal programs remove FF then?
    If yes, all is well.

    There is hardly anything that will damage sympathy towards FF more than the greed for user data. If you want bad press and piss off your user base, go for it.

  70. Ralf (Germany)

    Hallo miteinander,

    (mabye someone can translate my text or what I mean, because I can’t say this in english)

    mir scheint hier doch einiges an der wesentlichen Idee und am wesentlichen Problempunkt vorbei zu gehen.

    Viele schimpfen über die Idee Daten zu sammeln und bekommen eine Gänsehaut und wollen FireFox gleich den Rücken zu wenden. Aber sie wissen, so glaube ich, überhaupt nicht was das Anliegen, die Gedanken von John oder der FireFox-Crew sind.

    Es werden bereits viele Daten im Internet automatisch gesammelt und man versucht mit Nachdruck dieses noch zu steigern, weil die Firmen und auch andere Institutionen und auch Eizelpersonen gerne mehr über den Internet-User und sein Verhalten wissen möchten. Viele natürlich mit reinen komerziellen, manche mit bösen und manche auch mit guten Absichten.

    Es ist aber eindeutig im Interesse des Internet-Users selbst das Erscheinungsbild seiner Person zu bestimmen. Und das scheint mir doch der Ansatzpunkt von FireFox zu sein.

    Das Schöne am Internet ist ja gerade, dass man sich durch eine Homepage, einen Blog, einen Nick-Namen und vieles andere mehr im Internet so geben kann, wie man sein möchte ! wie man gesehen werden will ! Deshalb sollte es eine Möglichkeit im Internet geben auch sein Internet-User-Profil selbst zu erzeugen und zu pflegen.

    Beispiel eines armen Trinkers: Er geht regelmäßig zum Kiosk um sich Bier zu kaufen, aber er möchte es eigentlich nicht und möchte davon loskommen. Er würde sich gerne als Gabelstablerfahrer bewerben um seiner Frau und Kinder willen, die er liebt, weiß aber nicht, wo er sich bewerben soll und ist mutlos danach zu suchen.

    Das automatisch gesammelte Profil sagt: User-X geht regelmäig zum Kiost und kauft Bier und mach sonst nichts.

    Die Werbebranche würde ihm sofort (rücksichtslos) Werbung für Bier und anderen Alkohol zusenden. Vielleicht auch noch Werbung für pornographische Zeitschriften, die es an diesem Kiosk gibt.

    Das von ihm selbst gewünschte Profil würde jedoch so aussehen: User-X sucht nach Angeboten für eine Stelle als Gabelstablerfahrer und möchte von Werbung für Alkohol bitte in Ruhe gelassen werden !!! (Und vieleicht unsichtbar: bitte bewahrt mich vor Pornographie, ich möchte meiner Frau treu bleiben und sie nicht verunehren.)

    Wir sehen, dass diese beiden Profile sich nicht nur unterscheiden, sondern 180° gegeneinander verdreht sind und in völlig andere Richtung zeigen !!!

    Es müsste eine Möglichkeit geben dieses selbsterstellte User-Profil für alle anderen Internet-User verbindlich zu machen, oder nicht ?

    Grüße aus Deutschland

    Ralf

  71. midnightcoder

    FF as spyware… i don’t think that this it is whats on Johns mind.. But.. John? Whats on your and yours crew mind?

  72. One of the basic arguments of Firefox WAS that it helps to support privacy. If this goes live, Firefox will loose its “trusted” status. It will be yet another user-data mining application.

    Opt-in or not, do users really want to double and triple-check everything just to be sure they haven’t overlooked or accidentially clicked some hidden check-button? I know I don’t.

    With too many internet-based applications you have to be very careful where you click, so you don’t install toolbars or agree to data mining. No matter how good the application is, this always makes it look shady and untrustworthy.

    This will create suspicion towards Mozilla products. I do not want to use a browser I can no longer trust. Mozilla can claim it to be as open as they want. Users simply cannot trust claims and promises of companies; especially on something this sensitive.

    Another marketing idea ruins a previously great product. Sad news indeed.

  73. Klaus Malorny

    I strongly disagree with the idea of collecting user data. Independent of how you name it, this is spyware, this is privacy invasion. It is bad enough that the industries and goverments around the world are spying on us where they can. Mozilla should not ease that. Do you remember the publication of the AOL search data for research? How few hours did it take until the alleged anonymous data revealed real identities and AOL had to withdraw the data quickly (leaving copies of it around in the Net)?

    The highest court in Germany has recently declared privacy as a basic right. You should respect this. The only way to prevent misuse of data is not to create the data in the first place. Opt-in is no safeguard for the uneducated people, who deserve privacy in the same way as experts.

    I am using Netscape/Mozilla suite/Firefox since nearly the beginning. I also created the flipping Mozilla throbber that was a prominent symbol for the Mozilla suite for many years (see also contributor list). The introduction of data collection will definitely mark the end of my use of and involvement in Mozilla.

  74. midnightcoder

    FF as spyware… i don’t think that this it is whats on Johns mind.. But.. John? Whats on your and yours crew mind?

  75. Klaus Malorny

    I strongly disagree with the idea of collecting user data. Independent of how you name it, this is spyware, this is privacy invasion. It is bad enough that the industries and goverments around the world are spying on us where they can. Mozilla should not ease that. Do you remember the publication of the AOL search data for research? How few hours did it take until the alleged anonymous data revealed real identities and AOL had to withdraw the data quickly (leaving copies of it around in the Net)?

    The highest court in Germany has recently declared privacy as a basic right. You should respect this. The only way to prevent misuse of data is not to create the data in the first place. Opt-in is no safeguard for the uneducated people, who deserve privacy in the same way as experts.

    I am using Netscape/Mozilla suite/Firefox since nearly the beginning. I also created the flipping Mozilla throbber that was a prominent symbol for the Mozilla suite for many years (see also contributor list). The introduction of data collection will definitely mark the end of my use of and involvement in Mozilla.

  76. Maybee this is the reason why you where so upset about Apple’s softwareupdate. Now People are warned and are more likley to read the opt in notification before they click OK!

  77. Maybee this is the reason why you where so upset about Apple’s softwareupdate. Now People are warned and are more likley to read the opt in notification before they click OK!

  78. Besser schlechte Presse als gar keine?…

    Mit der Ankündigung an einem Projekt zu arbeiten, um in Zukunft Nutzerdaten von Firefox-Usern sammeln und öffentlich zugänglich machen zu können, hat  Mozillas CEO John Lilly sogar die Aufmerksamkeit der Mainstream Medien, wie de…

  79. hello you all, PLEASE,

    BEFORE include _urgently & prioritaly_ in Mozilla products suite (firefox & thunderbird first) :

    . _*BETTER*_ MEMORY Manager !!! Mozilla firefox (and other) management are huge obese (very hardly fat) programs !!! (I dont use firefox any more for that one amongst others reason, but thanx for your nice programs)
    . ENTERPRISE WIDE DEPLOYMENT TOOLS : GPO on Windows/AD (or other on any other system (novell, linux…) + .MSI package PLEASE !!!! Actually as a Sys & Net admin, I have to patch your (good for home) job to agree with entreprise class computer systems management ! There is NOTHING to easily deploy the products & to easyly manage user’s profiles !!!! (I think about the crypted chain user’s profile directory name !)
    . and a system for integrate the addition of new features (plugins) with this .MSI packages methods (why not .MST packages or something like ?) or any other clever and clean method (adding of other .MSI…. besides .XPI yet used method !)

    Doing that will hardly increase your potential (as mozilla developers & users) to introduce yourself on the professional market as a more serious concurrent to MS-IE !! and will help yourself to do friends with the sys admins all around this planet !

    Not doing what I suggest you will make Firefox & Thunderbird better products but strongly restricted for home usage only ! it would be pity !

    So please think about all the sys admins that are waiting for this MAJOR requests. Please let drop the addition of new gadgets in this both products and consider the request for that 2 MAJOR features ! You will increase your chance to be the next IE killer app !

    Please consider how the IE entreprise management is integrated with AD and easily centraly managed from servers core infrastructure !
    Please consider tools like IEAK (IE Admin tooKit on http://www.technet.com) for firefox or thunderbird equivalents
    PLEASE consider to furnish tools as firefox.adm or firefox.admx for (windows) sysadmins
    and last but not the least, please consider to may be furnish a graphical equivalent to .adm/.admx in AD/GPO … why not ? why not making GPO configuration as easy as graphicaly configuring the original HMI (Human-Machine Interface) : see specopsoft.com or gpoanswers.com for help.

    The aim of all my suggestions is to have mozilla products with server/central centric management and not with client-side centric management.

    Thank you for all your profesionnal job already done !
    Thank you for your patience for reading me.
    Answer(s) would be appreciated if possible and if time allows (french is prefered :-) )

    Jean-Christophe

  80. hello you all, PLEASE,

    BEFORE include _urgently & prioritaly_ in Mozilla products suite (firefox & thunderbird first) :

    . _*BETTER*_ MEMORY Manager !!! Mozilla firefox (and other) management are huge obese (very hardly fat) programs !!! (I dont use firefox any more for that one amongst others reason, but thanx for your nice programs)
    . ENTERPRISE WIDE DEPLOYMENT TOOLS : GPO on Windows/AD (or other on any other system (novell, linux…) + .MSI package PLEASE !!!! Actually as a Sys & Net admin, I have to patch your (good for home) job to agree with entreprise class computer systems management ! There is NOTHING to easily deploy the products & to easyly manage user’s profiles !!!! (I think about the crypted chain user’s profile directory name !)
    . and a system for integrate the addition of new features (plugins) with this .MSI packages methods (why not .MST packages or something like ?) or any other clever and clean method (adding of other .MSI…. besides .XPI yet used method !)

    Doing that will hardly increase your potential (as mozilla developers & users) to introduce yourself on the professional market as a more serious concurrent to MS-IE !! and will help yourself to do friends with the sys admins all around this planet !

    Not doing what I suggest you will make Firefox & Thunderbird better products but strongly restricted for home usage only ! it would be pity !

    So please think about all the sys admins that are waiting for this MAJOR requests. Please let drop the addition of new gadgets in this both products and consider the request for that 2 MAJOR features ! You will increase your chance to be the next IE killer app !

    Please consider how the IE entreprise management is integrated with AD and easily centraly managed from servers core infrastructure !
    Please consider tools like IEAK (IE Admin tooKit on http://www.technet.com) for firefox or thunderbird equivalents
    PLEASE consider to furnish tools as firefox.adm or firefox.admx for (windows) sysadmins
    and last but not the least, please consider to may be furnish a graphical equivalent to .adm/.admx in AD/GPO … why not ? why not making GPO configuration as easy as graphicaly configuring the original HMI (Human-Machine Interface) : see specopsoft.com or gpoanswers.com for help.

    The aim of all my suggestions is to have mozilla products with server/central centric management and not with client-side centric management.

    Thank you for all your profesionnal job already done !
    Thank you for your patience for reading me.
    Answer(s) would be appreciated if possible and if time allows (french is prefered :-) )

    Jean-Christophe

  81. Hi, the reason why i switched to Linux and Firefox is the open discussion about the way, how things have to go and that the community decides almost always in fundamental things. So it is one of the most importent parts of Open Source to ask the user what he wants to improuve the product. This works pretty well with platforms like Ubuntu’s Brainstrom. So i think that it is okay to ask the user in an automatical way what he wants to use and how he is using the internet.
    The thing that i find really surprising in the post is the part about the use of the open datas. There is written, the companies will hopefully share there results? When i give my datas to a foundation which is responsible for Open Source i want that these datas aren’t used for anything else then for known and open reasons.
    In fact i think there are to very importent points.1.) It has to be clear why you want those datas 2.) So use need which datas to find it out? 3.) Who is using my datas and wWhat is he doing with them and can i forbid him to do it ?

    Bye, Fred

  82. Hi, the reason why i switched to Linux and Firefox is the open discussion about the way, how things have to go and that the community decides almost always in fundamental things. So it is one of the most importent parts of Open Source to ask the user what he wants to improuve the product. This works pretty well with platforms like Ubuntu’s Brainstrom. So i think that it is okay to ask the user in an automatical way what he wants to use and how he is using the internet.
    The thing that i find really surprising in the post is the part about the use of the open datas. There is written, the companies will hopefully share there results? When i give my datas to a foundation which is responsible for Open Source i want that these datas aren’t used for anything else then for known and open reasons.
    In fact i think there are to very importent points.1.) It has to be clear why you want those datas 2.) So use need which datas to find it out? 3.) Who is using my datas and wWhat is he doing with them and can i forbid him to do it ?

    Bye, Fred

  83. Dreadful, there’s no way I’m putting up with anything like this. The amount of tracking on the Web is bad enough already and Firefox should be doing something to filter and REDUCE the amount of tracking the user is exposed to, not increase it.

  84. Dreadful, there’s no way I’m putting up with anything like this. The amount of tracking on the Web is bad enough already and Firefox should be doing something to filter and REDUCE the amount of tracking the user is exposed to, not increase it.

  85. Personally, I think that this is a bad idea for a number of reasons you probably haven’t considered. First, only a few people are likely to opt-in and they are not likely to be representative of much of anything. Hence the value of data you can collect with an opt-in model is going to be close to 0. This means that to make the data worth anything you will have to make it opt-out and this raises all of the issues that people are raising here.

    This is the sort of project where you have to choose between modes of failure (backlash against spyware or inadequate value of data).

    If I can make a suggestion, I would think that these goals could be better reached by developing specific online services which collect and share this information among themselves in non-personal ways. A “Firefox community web-page” which would collect location information about users and let them decide how much information to share, but allow for social networing might be a good place to start.

  86. Personally, I think that this is a bad idea for a number of reasons you probably haven’t considered. First, only a few people are likely to opt-in and they are not likely to be representative of much of anything. Hence the value of data you can collect with an opt-in model is going to be close to 0. This means that to make the data worth anything you will have to make it opt-out and this raises all of the issues that people are raising here.

    This is the sort of project where you have to choose between modes of failure (backlash against spyware or inadequate value of data).

    If I can make a suggestion, I would think that these goals could be better reached by developing specific online services which collect and share this information among themselves in non-personal ways. A “Firefox community web-page” which would collect location information about users and let them decide how much information to share, but allow for social networing might be a good place to start.

  87. I couldn’t agree less with Chris Travers. The data collected via opt-in would be representative for a clearly defined population: people that surf the web using Mozilla, which like to generate anonymized behavioural data, to share with an open source community.

    Right now our online-behavioural data is collected by big corporations running centralized web-services like Facebook etc. and their user-data is not only economically but also socially of a very high value, and it is taken away from the user, artificially turned into a scarce good, to provide a few big companies with a revenue.

    An important question is: at which layer should user-data be collected? Collecting it inside the web-browser seems like a good idea, because the browser is at least potentially completely under the control of the user.

    In practice this means, that you would have to think about how the browser can inform the user which data is being collected at every single moment. Furthermore any user-data that is of economic interest (like a user-activity based page rank for websites) will turn into a target for malicious manipulation and spam. As soon as people let those usage statistics guide their own browsing behavior all those creepy Search-Engine-Optimization vampires will turn into User-Statistics-Optimization werewolves over night!

    It’s easy to imagine a future where bot-nets of zombie-Mozilla-mods surf the Web just to pimp up the open source statistics in their own interest. While a little of this activity may only bias the statistics slightly, the concerted effort of various spammers may render the user-data completely useless altogether. (Welcome to Spam 2.0)

    Also it’s a nontrivial issue to anonymize all user-activity in a way such that it cannot be mapped back to the individual in at least in some cases. While it is hard to identify people surfing on the top-ten web pages, the long-tail behavior of surfing personal websites, blogs and media of your friends colleagues etc, can make anonymization fail.
    (just think of the AOL search-query publication disaster)

    What John seems to consinder to implement on the browser level has already been done with an explicit focus on user empowerment by a Firefox-Plugin named Attention-Recorder. This Plugin provides the user with complete control over the tracked data, allowing everyone to establish a certified attention service that you may entrust with your tracking data.

    The asynchronous Attention Recorder is a very clever idea, because real-time is not really an issue for the statistics – and it allows you to save the tracking data to your own hard disk – so you can filter it later to remove data that you consider personal and you can decide whether you want to keep your data, share it with services you trust, or release it completely to the public domain.

    I am in no way associated with Attentiontrust.org, but I compeletly agree with their philosophy that attention equals value, and that *trust* is the core issue.

    John could have avoided the responses of all those angry Germans, by making clear that the primary concern is user-empowerment not user-exploitation. Too many people feel that tracking them can only benefit the evil-doers, and that’s why many of them are so concerned!

    If my online-behaviour-data goes open source, anyone – including the evil guys – can mess with it. That’s why the user needs to be in control of a twofold filter-mechanism. Data-filters which allow to select which data they want to share and trust-filters which allow to select their target audience.

    If user statistics are made publicly accessible, there should also be special licenses that determine how the data is supposed to be used. Some people may be inclined to entrust their data to a database that may only be used for noncommercial purposes, while others will agree to commercial use if they get some kind of reward in return…

  88. Track Me Harder writes:

    “The data collected via opt-in would be representative for a clearly defined population: people that surf the web using Mozilla, which like to generate anonymized behavioural data, to share with an open source community.”

    The problem is that this population is meaningless in terms of actually deriving meaningful answers from it.

    Can such a segment tell you anything about Mozilla users in general? Can it tell you anything about consumers in general? What about demographic information which may be collected?

    What meaningful answers can one possibly derive from a very small sample which is entirely self-selected? I would think that anyone with a basic knowledge of statistics would say “none.” Any possible answers you pull are easily impeached.

    If you want to collect data which can be meaningfully used in any way, you do it right. This current proposal does not do this and hence is largely a waste of time. It generates nothing but statistical noise.

  89. I couldn’t agree less with Chris Travers. The data collected via opt-in would be representative for a clearly defined population: people that surf the web using Mozilla, which like to generate anonymized behavioural data, to share with an open source community.

    Right now our online-behavioural data is collected by big corporations running centralized web-services like Facebook etc. and their user-data is not only economically but also socially of a very high value, and it is taken away from the user, artificially turned into a scarce good, to provide a few big companies with a revenue.

    An important question is: at which layer should user-data be collected? Collecting it inside the web-browser seems like a good idea, because the browser is at least potentially completely under the control of the user.

    In practice this means, that you would have to think about how the browser can inform the user which data is being collected at every single moment. Furthermore any user-data that is of economic interest (like a user-activity based page rank for websites) will turn into a target for malicious manipulation and spam. As soon as people let those usage statistics guide their own browsing behavior all those creepy Search-Engine-Optimization vampires will turn into User-Statistics-Optimization werewolves over night!

    It’s easy to imagine a future where bot-nets of zombie-Mozilla-mods surf the Web just to pimp up the open source statistics in their own interest. While a little of this activity may only bias the statistics slightly, the concerted effort of various spammers may render the user-data completely useless altogether. (Welcome to Spam 2.0)

    Also it’s a nontrivial issue to anonymize all user-activity in a way such that it cannot be mapped back to the individual in at least in some cases. While it is hard to identify people surfing on the top-ten web pages, the long-tail behavior of surfing personal websites, blogs and media of your friends colleagues etc, can make anonymization fail.
    (just think of the AOL search-query publication disaster)

    What John seems to consinder to implement on the browser level has already been done with an explicit focus on user empowerment by a Firefox-Plugin named Attention-Recorder. This Plugin provides the user with complete control over the tracked data, allowing everyone to establish a certified attention service that you may entrust with your tracking data.

    The asynchronous Attention Recorder is a very clever idea, because real-time is not really an issue for the statistics – and it allows you to save the tracking data to your own hard disk – so you can filter it later to remove data that you consider personal and you can decide whether you want to keep your data, share it with services you trust, or release it completely to the public domain.

    I am in no way associated with Attentiontrust.org, but I compeletly agree with their philosophy that attention equals value, and that *trust* is the core issue.

    John could have avoided the responses of all those angry Germans, by making clear that the primary concern is user-empowerment not user-exploitation. Too many people feel that tracking them can only benefit the evil-doers, and that’s why many of them are so concerned!

    If my online-behaviour-data goes open source, anyone – including the evil guys – can mess with it. That’s why the user needs to be in control of a twofold filter-mechanism. Data-filters which allow to select which data they want to share and trust-filters which allow to select their target audience.

    If user statistics are made publicly accessible, there should also be special licenses that determine how the data is supposed to be used. Some people may be inclined to entrust their data to a database that may only be used for noncommercial purposes, while others will agree to commercial use if they get some kind of reward in return…

  90. Track Me Harder writes:

    “The data collected via opt-in would be representative for a clearly defined population: people that surf the web using Mozilla, which like to generate anonymized behavioural data, to share with an open source community.”

    The problem is that this population is meaningless in terms of actually deriving meaningful answers from it.

    Can such a segment tell you anything about Mozilla users in general? Can it tell you anything about consumers in general? What about demographic information which may be collected?

    What meaningful answers can one possibly derive from a very small sample which is entirely self-selected? I would think that anyone with a basic knowledge of statistics would say “none.” Any possible answers you pull are easily impeached.

    If you want to collect data which can be meaningfully used in any way, you do it right. This current proposal does not do this and hence is largely a waste of time. It generates nothing but statistical noise.

  91. Mozilla, spend your time and effort to improve your products. You are not there to serve “researchers and entrepreneurs” by collecting user data. Let them do that on theirselves. You should not be a tool for market research. Otherwise you will lose the trust you have built for years.

  92. Mozilla, spend your time and effort to improve your products. You are not there to serve “researchers and entrepreneurs” by collecting user data. Let them do that on theirselves. You should not be a tool for market research. Otherwise you will lose the trust you have built for years.

  93. Track me Harder

    I live in a country based on a system of opt-in democracy. This means that everyone can have a say if she or he wants to, but may also chose to remain silent.

    Of course you might question the representativeness of a vote if only 1% of the population would go to the ballot, but democracy is not about statistical representation – it is about representation of the volitious citizen!

    I do not want to encourage anyone to confuse democracy with voluntary user-tracking but the core analogy is, that this feature should be about user empowerment (as is democracy) rather than user analysis (as is science and traditional marketing)

    I agree that old-school marketing may be very much interested in those 99% of Firefox users that would not opt in because they constitute the larger amount and they might easier be talked into buying some crap products.

    But anyone who really cares about their potential customers and has a deeper understanding of what marketing means in its original sense (bringing people together for communication and exchange) will be much more interested in this 1% of people who care to make a difference.

    This is not about being watched while surfing. It is about making an implicit statement which pages are worth my attention. So yes – it may be completly useless data from a scientific point of view, since it may be filtered by the subjects to reflect how they would like others to see them, but it is perfect for letting users communicate what they like and what they want without having to write a blog entry.

    Of course the question remains, whether the feature should be anchored in the browser at all. Due to the politically charged subject of user-tracking and the greedy desires of relentless old-school marketing guys, Mozilla might well run into problems keeping up its image of the “user’s browser”, and this would be a very big loss for everyone involved.

    So the best option might still be an extension provided by an independent third party. There is a lot to be done wrong but If this third party messes it up, you can’t blame it on Mozilla :-)

  94. Track me Harder

    I live in a country based on a system of opt-in democracy. This means that everyone can have a say if she or he wants to, but may also chose to remain silent.

    Of course you might question the representativeness of a vote if only 1% of the population would go to the ballot, but democracy is not about statistical representation – it is about representation of the volitious citizen!

    I do not want to encourage anyone to confuse democracy with voluntary user-tracking but the core analogy is, that this feature should be about user empowerment (as is democracy) rather than user analysis (as is science and traditional marketing)

    I agree that old-school marketing may be very much interested in those 99% of Firefox users that would not opt in because they constitute the larger amount and they might easier be talked into buying some crap products.

    But anyone who really cares about their potential customers and has a deeper understanding of what marketing means in its original sense (bringing people together for communication and exchange) will be much more interested in this 1% of people who care to make a difference.

    This is not about being watched while surfing. It is about making an implicit statement which pages are worth my attention. So yes – it may be completly useless data from a scientific point of view, since it may be filtered by the subjects to reflect how they would like others to see them, but it is perfect for letting users communicate what they like and what they want without having to write a blog entry.

    Of course the question remains, whether the feature should be anchored in the browser at all. Due to the politically charged subject of user-tracking and the greedy desires of relentless old-school marketing guys, Mozilla might well run into problems keeping up its image of the “user’s browser”, and this would be a very big loss for everyone involved.

    So the best option might still be an extension provided by an independent third party. There is a lot to be done wrong but If this third party messes it up, you can’t blame it on Mozilla :-)

  95. Try the Safari. A better, faster web experience that users should have. http://www.apple.com/safari/

  96. Niall MacAindreas

    Ian McKellar wrote:
    “Right now Mozilla is only minimally monetizing Firefox users”

    Quite frankly, this is the sort of “sentence” that really annoys me. The Mozilla Foundation is supposed to be not-for-profit and should therefore have no interest in “monetising” its users. Notwithstanding the made-up language, it’s offensive to refer to people as if they’re purely some sort of cash-producing livestock!

    Apart from anything else, as others have pointed out, this scheme will not produce meaningful data if it is “opt-in”. If it’s a stealth effort, Firefox will be forked very quickly as coders pick up the trojan code and write patches to remove it.

    John, I appreciate what you are trying to say, but I can’t see this working out for you. History to date has shown that “annonymising” data is very tricky and it’s almost always possible to come up with identifier correlations that can be tracked back to the individual user.

    I am not a target market.

  97. George Orwell used to live down the road from where I am now. His novel 1984 was derided as being too fanciful and too outlandish when it was reviewed in some of the British national newspapers, yet here we are fulfilling his thoughts.

    After using IE for a while in the late 90s I migrated on to Opera. It was good, but a bit clunky, so I moved across to Firefox at version 0.7 or thereabouts. Since then I’ve recommended Firefox to everyone I knew for because I trusted the organisation that created it and agreed with its values. Now you are talking about pulling the rug from beneath my feet. You say “reducing the information collected is at the moment a very very unlikely thing to happen” – that’s only because you say so. You don’t have to join the bandwagon just because it’s happening else where.

    And it’s not just Germany that will have a problem with this. Over here in the UK there have been numerous headlines about lost and stolen personal data, about Thelma Arnold who was identified after her anonymous data was put onto the net, and we have been dealing with a little company called Phorm that has found out what we think about being spied upon. It seems that as an organisation you too could quickly lose any moral high ground that you had. It’s not about opt-in or opt-out, it’s a matter of identifying with an organisation’s values. It’s a real shame, I like the browser, it does what I want, but I don’t want to be milked for all I’m worth to use it.

    Right now, though I don’t really want to, I’m going to revisit Opera to see how they have come on since I last used their browser.

  98. Have to say this is the worst news I’ve heard from Mozilla ever. It will start out as opt-in and then the usual temptation (and pressure from the companies paying for the data) will be to make it opt-out, or compulsory so more tracking stats (more money) can be achieved.

    Been using Firefox and recommending it for years. The first sign of this or any other marketing tracking software being incorporated into the browser and that will be the end of using, or recommending anything from Mozilla.

    Looks like you might be about to shoot yourself in the foot and have the browser with the least market share at this rate. Much as I dislike Opera, I will be changing at the first hint of this.

    To all the “you are always being tracked online” Yes there is tracking going on, and a lot of it happens because of this mentality. I refuse to actively aid any form of tracking and I will go out of my way to stop/discourage as much tracking as possible, by just saying it happens and ignoring it you are encouraging and helping it to happen.

  99. soonquadruples

    Dear me.

    Years of goodwill gone in the blink of an eye.

    Undo it, all of it, as quickly as possible and offer a lavish
    apology for even considering it. It is your only hope.

  100. Try the Safari. A better, faster web experience that users should have. http://www.apple.com/safari/

  101. Niall MacAindreas

    Ian McKellar wrote:
    “Right now Mozilla is only minimally monetizing Firefox users”

    Quite frankly, this is the sort of “sentence” that really annoys me. The Mozilla Foundation is supposed to be not-for-profit and should therefore have no interest in “monetising” its users. Notwithstanding the made-up language, it’s offensive to refer to people as if they’re purely some sort of cash-producing livestock!

    Apart from anything else, as others have pointed out, this scheme will not produce meaningful data if it is “opt-in”. If it’s a stealth effort, Firefox will be forked very quickly as coders pick up the trojan code and write patches to remove it.

    John, I appreciate what you are trying to say, but I can’t see this working out for you. History to date has shown that “annonymising” data is very tricky and it’s almost always possible to come up with identifier correlations that can be tracked back to the individual user.

    I am not a target market.

  102. George Orwell used to live down the road from where I am now. His novel 1984 was derided as being too fanciful and too outlandish when it was reviewed in some of the British national newspapers, yet here we are fulfilling his thoughts.

    After using IE for a while in the late 90s I migrated on to Opera. It was good, but a bit clunky, so I moved across to Firefox at version 0.7 or thereabouts. Since then I’ve recommended Firefox to everyone I knew for because I trusted the organisation that created it and agreed with its values. Now you are talking about pulling the rug from beneath my feet. You say “reducing the information collected is at the moment a very very unlikely thing to happen” – that’s only because you say so. You don’t have to join the bandwagon just because it’s happening else where.

    And it’s not just Germany that will have a problem with this. Over here in the UK there have been numerous headlines about lost and stolen personal data, about Thelma Arnold who was identified after her anonymous data was put onto the net, and we have been dealing with a little company called Phorm that has found out what we think about being spied upon. It seems that as an organisation you too could quickly lose any moral high ground that you had. It’s not about opt-in or opt-out, it’s a matter of identifying with an organisation’s values. It’s a real shame, I like the browser, it does what I want, but I don’t want to be milked for all I’m worth to use it.

    Right now, though I don’t really want to, I’m going to revisit Opera to see how they have come on since I last used their browser.

  103. I’m afraid I wouldnt trust an opt-in if this system was used. Call me paranoid but I’m sure it’s far too tempting for companies to ignore the rules and data track anyway.

    I would not take any risks and would ‘opt-out’ of Firefox altogether…

  104. Have to say this is the worst news I’ve heard from Mozilla ever. It will start out as opt-in and then the usual temptation (and pressure from the companies paying for the data) will be to make it opt-out, or compulsory so more tracking stats (more money) can be achieved.

    Been using Firefox and recommending it for years. The first sign of this or any other marketing tracking software being incorporated into the browser and that will be the end of using, or recommending anything from Mozilla.

    Looks like you might be about to shoot yourself in the foot and have the browser with the least market share at this rate. Much as I dislike Opera, I will be changing at the first hint of this.

    To all the “you are always being tracked online” Yes there is tracking going on, and a lot of it happens because of this mentality. I refuse to actively aid any form of tracking and I will go out of my way to stop/discourage as much tracking as possible, by just saying it happens and ignoring it you are encouraging and helping it to happen.

  105. Well if any of this data tracking comes into firefox by opt in or not/ ( and I’ve been using firefox happily since version 0.8, and recommending it since then).
    I would have to leave and try other alternatives as I don’t agree to the principle of building up a users browsing habits just because you can. You really have to respect someones privacy unless there is a really pressing need and then it should only be used to help the person.
    And the point that other companies do it does not mean that you (mozilla) should and it would destroy years of trust that the mozilla foundation have built up.
    So as i’ve said as soon as this gets past planning stage and starts getting serious the soon as i’m out of the door so to speak.
    So I would think carefully before doing this , why not encourage the rest of the world to be more open and stop using the data they have inappropriately and use that more effectively, rather than collect more.

  106. soonquadruples

    Dear me.

    Years of goodwill gone in the blink of an eye.

    Undo it, all of it, as quickly as possible and offer a lavish
    apology for even considering it. It is your only hope.

  107. Re. Tom 14/5/08 / 10am:

    “[heise.de's headline etc. being] misleading in my book. (To tell you the truth I was pissed at first too .. but reading all links and talking to people helped.)”

    One piece of advice: “Don’t Drink And Read”. ;-)

    BTW, I expect that the likes of Debian will remove any spyware code from Iceweasel.

  108. i have been using and promoting firefox for years, but now i don’t trust firefox anymore. how could you even think about collecting data? shame on you! never firefox again.

  109. so mozilla want to wipe themselves off the face of the net in 1 easy go. bye bye firefox if this is every implemented.

  110. I’m afraid I wouldnt trust an opt-in if this system was used. Call me paranoid but I’m sure it’s far too tempting for companies to ignore the rules and data track anyway.

    I would not take any risks and would ‘opt-out’ of Firefox altogether…

  111. Well if any of this data tracking comes into firefox by opt in or not/ ( and I’ve been using firefox happily since version 0.8, and recommending it since then).
    I would have to leave and try other alternatives as I don’t agree to the principle of building up a users browsing habits just because you can. You really have to respect someones privacy unless there is a really pressing need and then it should only be used to help the person.
    And the point that other companies do it does not mean that you (mozilla) should and it would destroy years of trust that the mozilla foundation have built up.
    So as i’ve said as soon as this gets past planning stage and starts getting serious the soon as i’m out of the door so to speak.
    So I would think carefully before doing this , why not encourage the rest of the world to be more open and stop using the data they have inappropriately and use that more effectively, rather than collect more.

  112. Re. Tom 14/5/08 / 10am:

    “[heise.de's headline etc. being] misleading in my book. (To tell you the truth I was pissed at first too .. but reading all links and talking to people helped.)”

    One piece of advice: “Don’t Drink And Read”. ;-)

    BTW, I expect that the likes of Debian will remove any spyware code from Iceweasel.

  113. BAD IDEA!!!! especially if it is automatically included in the browser! Even if the the user must turn it on, IMHO, it can be abused. It could end up as a new attack surface (like Javascript, XSS, etc).

    Now, if this is done through some kind of “add-on”; where the user must explicitly install it, then I am more comfortable.

    But, still, I EXTREMELY DISLIKE the idea that someone wants to “look over my shoulder” while I am browsing.

    An earlier poster made reference to Phorm (f/k/a 121 Media); if Firefox implements anything like Phorm, then we are all heading down “train wreck” road.

    I really like using Firefox, having used the version 3 betas since November; so please do not go backwards!!!!

  114. i have been using and promoting firefox for years, but now i don’t trust firefox anymore. how could you even think about collecting data? shame on you! never firefox again.

  115. This data project is exactly what the Internet DOESN’T need and is the perfect way to kill Firefox. Microsoft must be rubbing their hands with glee at the idea.

    I used to work for the foundation as a volunteer… I’ve done bug triage, extension programming and was a member of the volunteer marketing team before Firefox 1.0 was released. Major reasons to use Firefox are to improve security and privacy and this project would completely reverse those features. I have been using Mozilla browsers since the original Seamonkey betas long before Firefox was even conceived but if you go ahead with this plan I will be switching to Opera faster than you can say “betrayal of the community” and I’m sure most of the current userbase will be doing the same.

  116. so mozilla want to wipe themselves off the face of the net in 1 easy go. bye bye firefox if this is every implemented.

  117. So, not content with Phorm and Nebuad at the ISP level, we now have to contend with the browser data pimping. Jeez! I’d expect that from M$ never thought Moz would do it.

    Not wanted. If this gets of the ground, optional or not, users will jump ship.

  118. I start to wonder if someone is receiving back-handers from Opera and Microsoft as these are the only companies that will benefit from this move. I just hope Opera has enough bandwidth to cope with the mass downloading of its browser that will happen if this continues.

    I’ll not say R.I.P. mozilla yet, but it’s heading that way. Never thought I’d see the day that even netscape overtakes mozilla.

  119. Et tu, Brute?

    “one of the most under-explored areas of the modern web”

    What? Theres a reason why its under-explored. Its called my privacy.

    If I can’t trust your browser its gone.

  120. I found John’s statement really interesting. It shows how far he is away away from the ideas which I consider core of opensource.

    #1: “Because just collecting less information isn’t actually the answer.”
    #2: “I myself would prefer that software vendors were more active in collecting crash data, for example, as it’s something that makes products better.”

    I guess one could argue that collecting less information actually is the answer, thus giving consumers choice what is important to them. Also I guess if collecting data would make software so much better, then FF would have never stood a chance to M$’s IE. But all that would just lead the discussion in the wrong direction.

    For me this is just a key mentality difference between lots of Americans and Europeans (and I don’t mean this negative, just descriptive). In the US, if something helps achieve a “good” cause, you should do it (true in economy/politics/military). Whereas Europeans do have the same discussion (esp. rgd terrorism), most Europeans still agree that there are some means that should not be used however good the cause is. So therefore Track me Harder is wrong when he assumes that you only have to tell the “angry Germans” how much good giving data to the right guys can do…

    Collecting user data sounds so neutral. But it really is about total strangers spying on what interests me. And on what I do in my sparetime.
    I know there are people volounteering for all kinds of (market) research. But shouldn’t there be one browser for the non-exhibitionists?

    Oh, and don’t believe in this “anonymous”-promise. Data that is collected will be used. Things that can go wrong will go wrong.
    The only way you can make sure your data does not end up in wrong hands is by reducing data collection to the minimum (Customise Googel, NoScript, FF – at least until now). If even Senator Kennedy is refused from entering a plane by homeland security due to his overly common name, I bet it will not take long before some person is flown somewhere by officials because he/she went on the wrong websites just too often.

    John, I guess you proceeding with this plan, is the one option for a European company like Opera to come back in the game.
    Or maybe some clever guy will make an adapted FF version without the option to opt-in phoning home….
    Or wouldn’t you allow that?

    Oliver

  121. BAD IDEA!!!! especially if it is automatically included in the browser! Even if the the user must turn it on, IMHO, it can be abused. It could end up as a new attack surface (like Javascript, XSS, etc).

    Now, if this is done through some kind of “add-on”; where the user must explicitly install it, then I am more comfortable.

    But, still, I EXTREMELY DISLIKE the idea that someone wants to “look over my shoulder” while I am browsing.

    An earlier poster made reference to Phorm (f/k/a 121 Media); if Firefox implements anything like Phorm, then we are all heading down “train wreck” road.

    I really like using Firefox, having used the version 3 betas since November; so please do not go backwards!!!!

  122. This data project is exactly what the Internet DOESN’T need and is the perfect way to kill Firefox. Microsoft must be rubbing their hands with glee at the idea.

    I used to work for the foundation as a volunteer… I’ve done bug triage, extension programming and was a member of the volunteer marketing team before Firefox 1.0 was released. Major reasons to use Firefox are to improve security and privacy and this project would completely reverse those features. I have been using Mozilla browsers since the original Seamonkey betas long before Firefox was even conceived but if you go ahead with this plan I will be switching to Opera faster than you can say “betrayal of the community” and I’m sure most of the current userbase will be doing the same.

  123. So, not content with Phorm and Nebuad at the ISP level, we now have to contend with the browser data pimping. Jeez! I’d expect that from M$ never thought Moz would do it.

    Not wanted. If this gets of the ground, optional or not, users will jump ship.

  124. Do you think it would be ethical to have someone tap your phone line so they could deliver targeted telemarketing calls too you John?

    If so, what is so different about my web browsing that makes it at all ethical to tap my web browser to deliver targeted advertisements?

    It is my belief that there is no difference between a phone conversation and a TCP/IP session. The only difference is that there is no law yet prohibiting your eavesdropping of TCP/IP sessions.

    With your position as CEO, you are in a place to make a difference. My words will never hear the floor of the Senate, they will never reach a lobbyist. You have a chance to stand up and do the right thing, you have a voice that the right people can hear, and you bow like a coward because of what? your 6 figure salary?

    Not only are you disgusting, you are morally bankrupt.

  125. “Helps move the conversation around data collection and web usage forward, to help consumers make more informed decisions”

    Only way your users are going to want this conversation to go is towards the “No way are we ever going to do anything like this” declaration from Mozilla, together with an apology for even considering it.

    Boy, you guys are out of touch!

  126. Joshua Cranmer

    It seems to me that there is an intense mischaracterization of the project going on here. At least 80% of the comments I’m reading seem to be speaking out against Mozilla collecting data to sell to other companies… which, AFAICT, is not what anybody is proposing (and if someone was, well, the comments here would be partially justified).

    What is being suggested is data, again, AFAICT, is data for academic purposes. The cited example of Spectator (AFAICT) collects data on UI usage so as to better improve it. Another example I can think up is to find which features are used more heavily, so as to better trim the bloat FF is so often accused of. Although my imagination is currently vacationing, I’m sure that many people can think of other excellent information to collect from a browser that does not involve what most people would constitute as privacy invasions.

    Using the crutch of Thunderbird to explain my viewpoint (as it is more my area of expertise), one can collect data to see whether or not people have multiple RSS accounts or have multiple RSS feeds point to one folder, neither of which would actually require tracking what feeds you are viewing. I’m not suggesting, however, that one would be collecting details of the messages you’re getting and seeing whether or not you’re sending more messages to the person whose last name is the same as yours or to another person of the opposite gender with messages whose content is vaguely suggestive of extramarital affairs. I believe Mozilla is more advocating the former over the latter.

  127. I start to wonder if someone is receiving back-handers from Opera and Microsoft as these are the only companies that will benefit from this move. I just hope Opera has enough bandwidth to cope with the mass downloading of its browser that will happen if this continues.

    I’ll not say R.I.P. mozilla yet, but it’s heading that way. Never thought I’d see the day that even netscape overtakes mozilla.

  128. Et tu, Brute?

    “one of the most under-explored areas of the modern web”

    What? Theres a reason why its under-explored. Its called my privacy.

    If I can’t trust your browser its gone.

  129. I found John’s statement really interesting. It shows how far he is away away from the ideas which I consider core of opensource.

    #1: “Because just collecting less information isn’t actually the answer.”
    #2: “I myself would prefer that software vendors were more active in collecting crash data, for example, as it’s something that makes products better.”

    I guess one could argue that collecting less information actually is the answer, thus giving consumers choice what is important to them. Also I guess if collecting data would make software so much better, then FF would have never stood a chance to M$’s IE. But all that would just lead the discussion in the wrong direction.

    For me this is just a key mentality difference between lots of Americans and Europeans (and I don’t mean this negative, just descriptive). In the US, if something helps achieve a “good” cause, you should do it (true in economy/politics/military). Whereas Europeans do have the same discussion (esp. rgd terrorism), most Europeans still agree that there are some means that should not be used however good the cause is. So therefore Track me Harder is wrong when he assumes that you only have to tell the “angry Germans” how much good giving data to the right guys can do…

    Collecting user data sounds so neutral. But it really is about total strangers spying on what interests me. And on what I do in my sparetime.
    I know there are people volounteering for all kinds of (market) research. But shouldn’t there be one browser for the non-exhibitionists?

    Oh, and don’t believe in this “anonymous”-promise. Data that is collected will be used. Things that can go wrong will go wrong.
    The only way you can make sure your data does not end up in wrong hands is by reducing data collection to the minimum (Customise Googel, NoScript, FF – at least until now). If even Senator Kennedy is refused from entering a plane by homeland security due to his overly common name, I bet it will not take long before some person is flown somewhere by officials because he/she went on the wrong websites just too often.

    John, I guess you proceeding with this plan, is the one option for a European company like Opera to come back in the game.
    Or maybe some clever guy will make an adapted FF version without the option to opt-in phoning home….
    Or wouldn’t you allow that?

    Oliver

  130. “I tried to make it clear that we’d only do this by figuring out a way to be very very opt-in, the data would be open to everyone, and not personal in any way.”

    We saw how well AOL anonymized their data as well. The trust of the matter is that as long as there is any code inside of firefox or any other mozilla product that has the ability to transfer data back to mozilla, or any one else, about browsing habits I simply won’t use it. I don’t know anyone else that would either. Firefox will end up just like Alexa and every other tracking mechanism, automatically flagged, and potentially removed by AdAware, SpyBot, and every other spyware, adware tracker on the market.

    This is the worst idea I’ve heard in ages, what boggles the mind is that it was obvious ISP’s would want to start doing this, but the browser vendor wanting too…. unbelievable.

  131. @Joshua Cranmer you mention the date is for academic use. well I beg to differ as Johns quote from the top of the page reads

    “from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.”

    I hardly see “entrepreneurs” and “capitalist types” as being very academic.

    If you are happy with someone collecting and selling your data after “deriving insight” from it.(is that a dodgy vague phrase which can be used to cover almost anyything or what) that’s fine for you, but as I think you can see the majority of people who have bothered to take the time to post here feel completely the opposite.

  132. Do you think it would be ethical to have someone tap your phone line so they could deliver targeted telemarketing calls too you John?

    If so, what is so different about my web browsing that makes it at all ethical to tap my web browser to deliver targeted advertisements?

    It is my belief that there is no difference between a phone conversation and a TCP/IP session. The only difference is that there is no law yet prohibiting your eavesdropping of TCP/IP sessions.

    With your position as CEO, you are in a place to make a difference. My words will never hear the floor of the Senate, they will never reach a lobbyist. You have a chance to stand up and do the right thing, you have a voice that the right people can hear, and you bow like a coward because of what? your 6 figure salary?

    Not only are you disgusting, you are morally bankrupt.

  133. “Helps move the conversation around data collection and web usage forward, to help consumers make more informed decisions”

    Only way your users are going to want this conversation to go is towards the “No way are we ever going to do anything like this” declaration from Mozilla, together with an apology for even considering it.

    Boy, you guys are out of touch!

  134. Joshua Cranmer

    It seems to me that there is an intense mischaracterization of the project going on here. At least 80% of the comments I’m reading seem to be speaking out against Mozilla collecting data to sell to other companies… which, AFAICT, is not what anybody is proposing (and if someone was, well, the comments here would be partially justified).

    What is being suggested is data, again, AFAICT, is data for academic purposes. The cited example of Spectator (AFAICT) collects data on UI usage so as to better improve it. Another example I can think up is to find which features are used more heavily, so as to better trim the bloat FF is so often accused of. Although my imagination is currently vacationing, I’m sure that many people can think of other excellent information to collect from a browser that does not involve what most people would constitute as privacy invasions.

    Using the crutch of Thunderbird to explain my viewpoint (as it is more my area of expertise), one can collect data to see whether or not people have multiple RSS accounts or have multiple RSS feeds point to one folder, neither of which would actually require tracking what feeds you are viewing. I’m not suggesting, however, that one would be collecting details of the messages you’re getting and seeing whether or not you’re sending more messages to the person whose last name is the same as yours or to another person of the opposite gender with messages whose content is vaguely suggestive of extramarital affairs. I believe Mozilla is more advocating the former over the latter.

  135. Christopher Smith

    Excuse me. You, a private company want to collect information on me? And only if I choose? And it will remain private?

    First off, you do NOT have my permission to collect data on me, EVER! Not about my browsing habits or anything else. If… IF I decide to give it to you, then maybe I would be willing to install an add-on that permits this.

    Second, what happens if it turns out that enough people DO NOT agree to opt-in? Will it then become an opt-out feature? Please don’t say it can’t happen, because it has happened numerous times, and most likely will again.

    Third, I have only YOUR say-so that this info will in no way be able to be traced back to me, but in that case, if you can’t track what browser it came from, how can you accurately track the browsing habits? No, I smell something rotten in the air, and it seems as if what you are trying oh so reasonably to get us to agree to is… well.. spyware. Call it by any name you like, but if it tracks me, it’s spyware. Do you have a warrant?

  136. Does no one ever read anything anymore?

    **sigh**

  137. Well, sounds like a PR nightmare either waiting to happen or perhaps even happening. Not why I’m posting.

    Sometihng AneOnim mentioned above struck a chord. Tools to manage enterprise deployment would be pretty handy.

    The ability to do unattended installs with an answer file would be a start, but I could imagine that a more complete solution would be a very big win. I know of a few largish places that would switch from 100% IE to 100% Firefox if they could manage the installs and updates remotely.

    I’m surprised there’s much enterprise take-up at all without that ability actually. Just a thought.

  138. The fact that you would even suggest this in a open source project tells me that you are terribly out of touch with your users, perhaps you should consider resigning.

  139. “I tried to make it clear that we’d only do this by figuring out a way to be very very opt-in, the data would be open to everyone, and not personal in any way.”

    We saw how well AOL anonymized their data as well. The trust of the matter is that as long as there is any code inside of firefox or any other mozilla product that has the ability to transfer data back to mozilla, or any one else, about browsing habits I simply won’t use it. I don’t know anyone else that would either. Firefox will end up just like Alexa and every other tracking mechanism, automatically flagged, and potentially removed by AdAware, SpyBot, and every other spyware, adware tracker on the market.

    This is the worst idea I’ve heard in ages, what boggles the mind is that it was obvious ISP’s would want to start doing this, but the browser vendor wanting too…. unbelievable.

  140. @Joshua Cranmer you mention the date is for academic use. well I beg to differ as Johns quote from the top of the page reads

    “from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.”

    I hardly see “entrepreneurs” and “capitalist types” as being very academic.

    If you are happy with someone collecting and selling your data after “deriving insight” from it.(is that a dodgy vague phrase which can be used to cover almost anyything or what) that’s fine for you, but as I think you can see the majority of people who have bothered to take the time to post here feel completely the opposite.

  141. What worries me here is the average users ability to click yes without actually reading what the text of to which they are agreeing, especially when it comes to something they trust like Firefox. Because of this it is a constant battle to get stuff that is spy/adware off users machines. In my opinion you will need to have an opt in system that actively required the users to change a value during install and if someone just clicks yes/OK to all the install pop ups the data mining should not end up activated.

  142. This is quite possibly the worst idea that I’ve ever heard. Most people that write and/or use open source software enjoy their privacy.

  143. Christopher Smith

    Excuse me. You, a private company want to collect information on me? And only if I choose? And it will remain private?

    First off, you do NOT have my permission to collect data on me, EVER! Not about my browsing habits or anything else. If… IF I decide to give it to you, then maybe I would be willing to install an add-on that permits this.

    Second, what happens if it turns out that enough people DO NOT agree to opt-in? Will it then become an opt-out feature? Please don’t say it can’t happen, because it has happened numerous times, and most likely will again.

    Third, I have only YOUR say-so that this info will in no way be able to be traced back to me, but in that case, if you can’t track what browser it came from, how can you accurately track the browsing habits? No, I smell something rotten in the air, and it seems as if what you are trying oh so reasonably to get us to agree to is… well.. spyware. Call it by any name you like, but if it tracks me, it’s spyware. Do you have a warrant?

  144. Does no one ever read anything anymore?

    **sigh**

  145. Well, sounds like a PR nightmare either waiting to happen or perhaps even happening. Not why I’m posting.

    Sometihng AneOnim mentioned above struck a chord. Tools to manage enterprise deployment would be pretty handy.

    The ability to do unattended installs with an answer file would be a start, but I could imagine that a more complete solution would be a very big win. I know of a few largish places that would switch from 100% IE to 100% Firefox if they could manage the installs and updates remotely.

    I’m surprised there’s much enterprise take-up at all without that ability actually. Just a thought.

  146. Sunny Rabbiera

    Just what in the hell is this, what the hell is Mozilla thinking?
    I have been a big supporter of Mozilla for some time now but if this becomes a standard I will use something else…
    Iceweasel is sounding real good right now, and if firefox does do this I hope debian releases a windows binary and iceweasel kicks the crap out of mozilla.

  147. The fact that you would even suggest this in a open source project tells me that you are terribly out of touch with your users, perhaps you should consider resigning.

  148. Sunny Rabbiera

    I mean seriously, what the hell is the reason for doing this?
    I enjoy my privacy, thats why I use open source software in the first place!
    I have been using both Linux AND mozilla firefox as they provided me much better then anything made by Microsoft.
    For me this is what microsoft would do, not what is allegedly open source software.
    Already Mozilla has taken a step backward for some people with all that stuff that went down with Debian.
    Now we have to take another one?
    If mozilla does this it goes against all what open source is about, and I will not stand for it… no way in hell.

  149. Please see Robert Accettura’s post on this whole thing.
    http://robert.accettura.com/blog/2008/05/19/no-
    At the very least, this posting has given me some user data, and that is that no one actually reads articles before commenting on them, and that people are far too quick to jump to conclusions.

  150. What worries me here is the average users ability to click yes without actually reading what the text of to which they are agreeing, especially when it comes to something they trust like Firefox. Because of this it is a constant battle to get stuff that is spy/adware off users machines. In my opinion you will need to have an opt in system that actively required the users to change a value during install and if someone just clicks yes/OK to all the install pop ups the data mining should not end up activated.

  151. This is quite possibly the worst idea that I’ve ever heard. Most people that write and/or use open source software enjoy their privacy.

  152. These arguments are such BS.

    Reduce “Data Collection” – the web is Client-Server, therefore at the very least it is incumbent on the Server to do some access control verification, therefore it will always be able to “choose” and never be “forced”, as to what data as part of your request it collects.

    As for voluntary data collection – why not? If I get to choose exactly what fields I share – I help Mozilla generate a revenue that gives me free open software.

    The rest of the comments here are ill-informed nonsense. How can Firefox share data you haven’t given it? Ever seen a name, address and phone number field inside Firefox itself? No.

    Big deal so FF has your browsing History, so some advertiser knows that a Facebook user, who occasionally uses Yahoo mail searched on Google for “Large Vibrators” – that infringes your privacy how? Yeah you and a billion other internet users, especially if you’ve chosen to share this data.

    Go for it. Create this thing as a Firefox XPI that helps Mozilla generate some revenue – I’ll install it, just like I run “Folding@Home” because it can make a difference to the project.

  153. Sunny Rabbiera

    Just what in the hell is this, what the hell is Mozilla thinking?
    I have been a big supporter of Mozilla for some time now but if this becomes a standard I will use something else…
    Iceweasel is sounding real good right now, and if firefox does do this I hope debian releases a windows binary and iceweasel kicks the crap out of mozilla.

  154. Sunny Rabbiera

    I mean seriously, what the hell is the reason for doing this?
    I enjoy my privacy, thats why I use open source software in the first place!
    I have been using both Linux AND mozilla firefox as they provided me much better then anything made by Microsoft.
    For me this is what microsoft would do, not what is allegedly open source software.
    Already Mozilla has taken a step backward for some people with all that stuff that went down with Debian.
    Now we have to take another one?
    If mozilla does this it goes against all what open source is about, and I will not stand for it… no way in hell.

  155. Please see Robert Accettura’s post on this whole thing.
    http://robert.accettura.com/blog/2008/05/19/no-secret-data-project/
    At the very least, this posting has given me some user data, and that is that no one actually reads articles before commenting on them, and that people are far too quick to jump to conclusions.

  156. These arguments are such BS.

    Reduce “Data Collection” – the web is Client-Server, therefore at the very least it is incumbent on the Server to do some access control verification, therefore it will always be able to “choose” and never be “forced”, as to what data as part of your request it collects.

    As for voluntary data collection – why not? If I get to choose exactly what fields I share – I help Mozilla generate a revenue that gives me free open software.

    The rest of the comments here are ill-informed nonsense. How can Firefox share data you haven’t given it? Ever seen a name, address and phone number field inside Firefox itself? No.

    Big deal so FF has your browsing History, so some advertiser knows that a Facebook user, who occasionally uses Yahoo mail searched on Google for “Large Vibrators” – that infringes your privacy how? Yeah you and a billion other internet users, especially if you’ve chosen to share this data.

    Go for it. Create this thing as a Firefox XPI that helps Mozilla generate some revenue – I’ll install it, just like I run “Folding@Home” because it can make a difference to the project.

  157. I’ve done my best to read and understand what’s going on here. There’s a lot of miscommunication on all sides, people are talking past each other. And a lot of it stems from the fact that there aren’t any solid plans yet. Some people think this data is being collected “for academics” and some people are excited about its use by businesses. Nobody knows exactly what is going to be sent and collected.

    The anti-collection people talk about the worst that could happen and pro-collection people talk about the best. The anti-collection people see that at the time you send this data if it can be intercepted through the compromise of either the browser or Mozilla Foundations servers, then it can be de-anonymized (techically true, right? and the browser is already a lightning-rod for hackers), and think people might bother to do it and harm them personally (probably a stretch for most, maybe a legit concern for a very few). The pro-collection people each see the data being used in the intended way by whoever it is they’re excited about using it.

    What if data is collected, the anonymizing works perfectly, and it gives web designers a better idea of who is visiting their websites and what they’re doing there? What if that allows them to make better websites? The two sides disagree on the answer. Web designers want to make better sites, more effective sites; they want their ads to make an impression, if they’re selling things they want their layout to lead people to buy. If they’re trying to build a userbase they want to draw people in. Making their sites better is a good thing for them, if not financially, then just for their sense of pride. But the other side, and this is what’s not being said, doesn’t think that’s a good thing. It’s probably worth noting this is the side I’m on, right now.

    The Internet is sexy. It’s addictive. It’s my weakness. If a website is the greatest thing ever I don’t want to know about it, because once I get hooked I’ll waste hours, hours that I know I’ll later wish I spent away from the computer. For some people it’s not the time-waste of social networking, blogs, and video sharing, it’s the siren call of consumerism. Better understanding of how people navigate the web leads to more effective web sales and marketing, which leads to more technolust, more overconsumption. More throwaway junk they’ll regret, less money saved for things that will make them more happy in the long run, or even more credit card debt.

    I would rather have web designers and marketers in the dark. I would rather not be understood by everyone; when I make decisions I want to make them because I’ve looked at my desires critically and reasoned logically from them, not because my mind has been tickled by the psychological trick of a flashy web page.

  158. This sounds like a horrible move. You should never, ever adopt it. The whole beauty of Firefox, and open-source in general, is the freedom from the vampirism and greed of the “consumer-oriented” corporate world. Money isn’t everything. Launch a separate browser if you like, but leave Firefox what it is – a free and superb alternative to IE, first and foremost. And free like Richard Stallman wanted it to be.

    Launch a volunteer program, something like Folding-at-Home, let the users contribute by their own free will on their free terms. Call it something like “Help Firefox become ever better and more widespread.” Whatever.

    It must be community based, community decided.

    Rony

  159. Are you trying to pull a Phorm/Netflix/AOL/Facebook here?

    I think you need to have a very very long discussion with some serious security and privacy researchers about the implications of what you’re suggesting here, because it sounds like you don’t know what kind of a mess you’re getting yourself into here.
    How many more bad examples of companies trying to track consumers do you need before you’ll think twice about this?

    There is no such thing as ‘anonymized data’, it’s a myth. I DARE YOU to find a single security researcher in the world who will bet his reputation that he can make a data tracking stream totally anonymous. There’s ALWAYS a way to correlate or extract enough data to track people or even identify them.
    It’s absolutely absurd to believe that you can somehow disguise the tracking information in a database built on tracking information.

    Furthermore there’s the issue of the software itself. There’s no way to make a bugfree tracking system, there’s always going to be flaws in the software. Despite Mozilla’s relatively fast response to high-risk security flaws, you’re still putting yourself in a position where you only need ONE serious outbreak of data leakage for Firefox’ reputation to be tarnished forever.

    Why is a NON-PROFIT organization like Mozilla even thinking about creating a platform that makes it easy for greedy corporations and governments to sell/steal my data?

  160. I’ve done my best to read and understand what’s going on here. There’s a lot of miscommunication on all sides, people are talking past each other. And a lot of it stems from the fact that there aren’t any solid plans yet. Some people think this data is being collected “for academics” and some people are excited about its use by businesses. Nobody knows exactly what is going to be sent and collected.

    The anti-collection people talk about the worst that could happen and pro-collection people talk about the best. The anti-collection people see that at the time you send this data if it can be intercepted through the compromise of either the browser or Mozilla Foundations servers, then it can be de-anonymized (techically true, right? and the browser is already a lightning-rod for hackers), and think people might bother to do it and harm them personally (probably a stretch for most, maybe a legit concern for a very few). The pro-collection people each see the data being used in the intended way by whoever it is they’re excited about using it.

    What if data is collected, the anonymizing works perfectly, and it gives web designers a better idea of who is visiting their websites and what they’re doing there? What if that allows them to make better websites? The two sides disagree on the answer. Web designers want to make better sites, more effective sites; they want their ads to make an impression, if they’re selling things they want their layout to lead people to buy. If they’re trying to build a userbase they want to draw people in. Making their sites better is a good thing for them, if not financially, then just for their sense of pride. But the other side, and this is what’s not being said, doesn’t think that’s a good thing. It’s probably worth noting this is the side I’m on, right now.

    The Internet is sexy. It’s addictive. It’s my weakness. If a website is the greatest thing ever I don’t want to know about it, because once I get hooked I’ll waste hours, hours that I know I’ll later wish I spent away from the computer. For some people it’s not the time-waste of social networking, blogs, and video sharing, it’s the siren call of consumerism. Better understanding of how people navigate the web leads to more effective web sales and marketing, which leads to more technolust, more overconsumption. More throwaway junk they’ll regret, less money saved for things that will make them more happy in the long run, or even more credit card debt.

    I would rather have web designers and marketers in the dark. I would rather not be understood by everyone; when I make decisions I want to make them because I’ve looked at my desires critically and reasoned logically from them, not because my mind has been tickled by the psychological trick of a flashy web page.

  161. I assume the following implementation to make it according to at least german privacy law:

    1. Make it so, that I can disable it in the settings.
    2. Promt me with a huge dialoge-box (after updateing or installing) to inform me about this change.
    3. Make me to confirm this.

    Don’t write somewhere in the dark of the license-agreement. Otherwise Mozilla will lose reputation. This lost of reputation will hurt OpenSource a general.

    Ask your lawyers before.
    Ask lawyers from other countries.

    An technically, of course: Encrypt the data, use anonymized ways to transfer it, don’t record the users IP adress …

  162. This sounds like a horrible move. You should never, ever adopt it. The whole beauty of Firefox, and open-source in general, is the freedom from the vampirism and greed of the “consumer-oriented” corporate world. Money isn’t everything. Launch a separate browser if you like, but leave Firefox what it is – a free and superb alternative to IE, first and foremost. And free like Richard Stallman wanted it to be.

    Launch a volunteer program, something like Folding-at-Home, let the users contribute by their own free will on their free terms. Call it something like “Help Firefox become ever better and more widespread.” Whatever.

    It must be community based, community decided.

    Rony

  163. Are you trying to pull a Phorm/Netflix/AOL/Facebook here?

    I think you need to have a very very long discussion with some serious security and privacy researchers about the implications of what you’re suggesting here, because it sounds like you don’t know what kind of a mess you’re getting yourself into here.
    How many more bad examples of companies trying to track consumers do you need before you’ll think twice about this?

    There is no such thing as ‘anonymized data’, it’s a myth. I DARE YOU to find a single security researcher in the world who will bet his reputation that he can make a data tracking stream totally anonymous. There’s ALWAYS a way to correlate or extract enough data to track people or even identify them.
    It’s absolutely absurd to believe that you can somehow disguise the tracking information in a database built on tracking information.

    Furthermore there’s the issue of the software itself. There’s no way to make a bugfree tracking system, there’s always going to be flaws in the software. Despite Mozilla’s relatively fast response to high-risk security flaws, you’re still putting yourself in a position where you only need ONE serious outbreak of data leakage for Firefox’ reputation to be tarnished forever.

    Why is a NON-PROFIT organization like Mozilla even thinking about creating a platform that makes it easy for greedy corporations and governments to sell/steal my data?

  164. Opt-in or opt-out, I do not trust any data collected to be truly anonymous and such data should not be collected. Period.

    If Mozilla do re-invent Firefox as a form of spyware (which seems likely having read this article), then I for one will be dropping Firefox or finding some way to poison the data collection to protect my anonymity.

    I always thought Google was the new Evil Empire, perhaps I was wrong.

  165. I assume the following implementation to make it according to at least german privacy law:

    1. Make it so, that I can disable it in the settings.
    2. Promt me with a huge dialoge-box (after updateing or installing) to inform me about this change.
    3. Make me to confirm this.

    Don’t write somewhere in the dark of the license-agreement. Otherwise Mozilla will lose reputation. This lost of reputation will hurt OpenSource a general.

    Ask your lawyers before.
    Ask lawyers from other countries.

    An technically, of course: Encrypt the data, use anonymized ways to transfer it, don’t record the users IP adress …

  166. 1. What about the extra traffic? I use FF because it has small traffic amounts. (no pics, no flash)

    2. Why do they need the data and what are they doing with it?

    3. What is send (harvested)?
    websites, ff plugins, amount of clicks on websites, “text written on websites ;)” , interlinks between websites, bookmarks, history, searchphrases on google and msn, ad tracing, phrase tracing??

    I guess there’s only one answer:
    A network with 20 computers without FF but with Opera/Safari now.

  167. Opt-in or opt-out, I do not trust any data collected to be truly anonymous and such data should not be collected. Period.

    If Mozilla do re-invent Firefox as a form of spyware (which seems likely having read this article), then I for one will be dropping Firefox or finding some way to poison the data collection to protect my anonymity.

    I always thought Google was the new Evil Empire, perhaps I was wrong.

  168. If this watching option comes built-in with Firefox, then it’s is the worst option and will lead me to leave Mozilla.

    If Mozilla really wants to collect data from users (though, I think, collecting data must not be Mozilla’s interest; if you need money, ask community to donate as it was in Firebird times) it should be done after opting in for several times: INSTALL AN ADD-ON, activate the add-on that comes disabled at first, agree that you really want to let Mozilla watch you, be notified that you are started being watched.

  169. Phorm, Google, Charter, NebuAd, Vobile, AT&T, CopySense, Ellacoya, Cisco, Facebook, MediaSentry, and now Mozilla.

    Firefox should be a tool that prevents the privacy invasions of these megacorps, not a way for Mozilla to join their ranks.

    If you really want to do something worthwhile, develop a method to prevent the fraudulent cookies that come from Phorm and NebuAd.

    I have no faith in the terms “opt-in” and “opt-out” anymore. They’ve been totally twisted and perverted to hide the fact there is often no choice at all.

    This is beyond disappointing. Mozilla has sold out. Looks like I’ll be using Opera.

  170. 1. What about the extra traffic? I use FF because it has small traffic amounts. (no pics, no flash)

    2. Why do they need the data and what are they doing with it?

    3. What is send (harvested)?
    websites, ff plugins, amount of clicks on websites, “text written on websites ;)” , interlinks between websites, bookmarks, history, searchphrases on google and msn, ad tracing, phrase tracing??

    I guess there’s only one answer:
    A network with 20 computers without FF but with Opera/Safari now.

  171. Well John,
    Mozilla is open source, so if you insist in tracking user habits, i hope that there will be a code fork immediately, which does not include the ‘spying’ part.
    And just like what happened with xfree86 most of the developers will hopefully wander away to to the new project.

    I would change to the “new” browser faster than could finish saying “project data”, and donate and support it wherever i can.

    The loss of trust you achieved by just thinking about its implementation will be nearly impossible to overcome. And if you really put that code in Firefox i am sure that it will be the end of Mozilla.

    Al this blah,blah about the data being open for everyone is just bull****, because a user, even if he has access to the data, will not be able to do anything with it. The only people with real interest in the browsing habits of users are big advertising and spyware corporations with the means and the money to analyze them (We all know them and they have been been mentioned in the above comments).

    It seams that the $500.000+ / year that some of the upper level “executives” of Mozilla are earning are creating a rift between “vendor” and users, where, like with MS-Ballmer et al, from their POV the user simply has to “swallow” whatever they dictate.

    John, i hope you scrap this project immediately , and apologize to the users, promising not to include this “feature” in any future releases.
    Otherwise i see an upcoming campaign (which i will support) calling for your dismissal on the grounds of you being “ethically unfit” for your present job.

  172. I consider myself a fairly intelligent person, able to see both sides of a given situation.

    The writeup above just smells like “Here’s how we’ll spin this to look as though we won’t just collect and then sell our user’s personal data.”

    You’re foolish to think that after years and years of privacy issues on the internet, that you could come along and change the status quo. I don’t think people will even give Firefox a *chance* to prove the information above.

    Also, Michael Arrington is a douchebag, haven’t you heard?

  173. If this watching option comes built-in with Firefox, then it’s is the worst option and will lead me to leave Mozilla.

    If Mozilla really wants to collect data from users (though, I think, collecting data must not be Mozilla’s interest; if you need money, ask community to donate as it was in Firebird times) it should be done after opting in for several times: INSTALL AN ADD-ON, activate the add-on that comes disabled at first, agree that you really want to let Mozilla watch you, be notified that you are started being watched.

  174. Phorm, Google, Charter, NebuAd, Vobile, AT&T, CopySense, Ellacoya, Cisco, Facebook, MediaSentry, and now Mozilla.

    Firefox should be a tool that prevents the privacy invasions of these megacorps, not a way for Mozilla to join their ranks.

    If you really want to do something worthwhile, develop a method to prevent the fraudulent cookies that come from Phorm and NebuAd.

    I have no faith in the terms “opt-in” and “opt-out” anymore. They’ve been totally twisted and perverted to hide the fact there is often no choice at all.

    This is beyond disappointing. Mozilla has sold out. Looks like I’ll be using Opera.

  175. Jubal Kessler

    “I’d prefer to have a more textured conversation”

    “opening up all sorts of data — from web usage to the social graph & beyond — is going to be the topic of conversation for a long time to come”

    Get rid of the weasel words and ambiguous talk, and get right to the point. You’re in control of this conversation. You’re the CEO of Mozilla. You’re the decision-maker. You push the decisions down to the implementation level. You’re curious about how to make use of all this data floating around, but you’re missing the forest for the trees.

    This data is often intensely personal and specific, and the possibility of misuse by correlation is so great that it is nigh impossible to make a guarantee about safeguarding it.

    Lost opportunity? Perhaps. Peace of mind? PRICELESS.

  176. Well John,
    Mozilla is open source, so if you insist in tracking user habits, i hope that there will be a code fork immediately, which does not include the ‘spying’ part.
    And just like what happened with xfree86 most of the developers will hopefully wander away to to the new project.

    I would change to the “new” browser faster than could finish saying “project data”, and donate and support it wherever i can.

    The loss of trust you achieved by just thinking about its implementation will be nearly impossible to overcome. And if you really put that code in Firefox i am sure that it will be the end of Mozilla.

    Al this blah,blah about the data being open for everyone is just bull****, because a user, even if he has access to the data, will not be able to do anything with it. The only people with real interest in the browsing habits of users are big advertising and spyware corporations with the means and the money to analyze them (We all know them and they have been been mentioned in the above comments).

    It seams that the $500.000+ / year that some of the upper level “executives” of Mozilla are earning are creating a rift between “vendor” and users, where, like with MS-Ballmer et al, from their POV the user simply has to “swallow” whatever they dictate.

    John, i hope you scrap this project immediately , and apologize to the users, promising not to include this “feature” in any future releases.
    Otherwise i see an upcoming campaign (which i will support) calling for your dismissal on the grounds of you being “ethically unfit” for your present job.

  177. I consider myself a fairly intelligent person, able to see both sides of a given situation.

    The writeup above just smells like “Here’s how we’ll spin this to look as though we won’t just collect and then sell our user’s personal data.”

    You’re foolish to think that after years and years of privacy issues on the internet, that you could come along and change the status quo. I don’t think people will even give Firefox a *chance* to prove the information above.

    Also, Michael Arrington is a douchebag, haven’t you heard?

  178. Jubal Kessler

    “I’d prefer to have a more textured conversation”

    “opening up all sorts of data — from web usage to the social graph & beyond — is going to be the topic of conversation for a long time to come”

    Get rid of the weasel words and ambiguous talk, and get right to the point. You’re in control of this conversation. You’re the CEO of Mozilla. You’re the decision-maker. You push the decisions down to the implementation level. You’re curious about how to make use of all this data floating around, but you’re missing the forest for the trees.

    This data is often intensely personal and specific, and the possibility of misuse by correlation is so great that it is nigh impossible to make a guarantee about safeguarding it.

    Lost opportunity? Perhaps. Peace of mind? PRICELESS.

  179. Opt-in? Not bloody likely once some greedy bastard realizes how much “data” is worth. Googles “Do no evil” has been outed as BS and now you guys go down the same road. Buhbye, gtg, have 12.000+ users to migrate to Opera…

  180. Opt-in? Not bloody likely once some greedy bastard realizes how much “data” is worth. Googles “Do no evil” has been outed as BS and now you guys go down the same road. Buhbye, gtg, have 12.000+ users to migrate to Opera…

  181. *Sigh*

    Ok, time to leave Firefox behind, shame, when I read that this has been removed I will consider coming back.

    Thanks at least for telling us this is happening so I have been able to make my choice, appreciate you being upfront about it.

  182. *Sigh*

    Ok, time to leave Firefox behind, shame, when I read that this has been removed I will consider coming back.

    Thanks at least for telling us this is happening so I have been able to make my choice, appreciate you being upfront about it.

  183. Things to consider
    1. Treachery & the drought of goodwill & trust
    2. It’s not wise to tease the tiger – The french revolution
    3. Your loss – will be my gain.
    4. The Tower of Babel: 6IM & AIC & DASSOM
    5. For every action – there is an equal and opposite reaction

  184. Things to consider
    1. Treachery & the drought of goodwill & trust
    2. It’s not wise to tease the tiger – The french revolution
    3. Your loss – will be my gain.
    4. The Tower of Babel: 6IM & AIC & DASSOM
    5. For every action – there is an equal and opposite reaction

  185. I also have been a user of firefox since it was Mozilla. I must agree with the commenters who argue that it is an issue of trust. To even consider collecting browsing and/or usage habits has greatly undermined my trust in Mozilla. I never install the crash tracking as it is. wtf would I want it if I’m not using a beta?

    I am now somewhat less keen to look at FF3 lest I find myself having to uninstall it later due to the inclusion of spyware. opt-out / opt-in makes no difference. Just the mindset of a company that would include this stuff in the code is enough to send me running.

    Great pity since there isn’t really anything else at present. If you go ahead with this in any form other than a plugin I have to install separately then I’ll be hoping for a code fork to save me from Opera or IE. (IE has many failings but I’m pretty sure it doesn’t profile me…yet).

  186. I also have been a user of firefox since it was Mozilla. I must agree with the commenters who argue that it is an issue of trust. To even consider collecting browsing and/or usage habits has greatly undermined my trust in Mozilla. I never install the crash tracking as it is. wtf would I want it if I’m not using a beta?

    I am now somewhat less keen to look at FF3 lest I find myself having to uninstall it later due to the inclusion of spyware. opt-out / opt-in makes no difference. Just the mindset of a company that would include this stuff in the code is enough to send me running.

    Great pity since there isn’t really anything else at present. If you go ahead with this in any form other than a plugin I have to install separately then I’ll be hoping for a code fork to save me from Opera or IE. (IE has many failings but I’m pretty sure it doesn’t profile me…yet).

  187. This is clearly no way to go and I want no part, already I am looking at alternative browsers.

    If they say they are not collecting this or that, opt in or opt out, just how can we believe them with open source.. what else are they doing behind out back?

    From this day on FF has become a security risk, after this can we really take what they ever say at face value, just what add ons are they adding on without our knowledge?

  188. This is clearly no way to go and I want no part, already I am looking at alternative browsers.

    If they say they are not collecting this or that, opt in or opt out, just how can we believe them with open source.. what else are they doing behind out back?

    From this day on FF has become a security risk, after this can we really take what they ever say at face value, just what add ons are they adding on without our knowledge?

  189. Don’t let a few small-minded zealots who can’t envisage an “off button” for this feature spoil what is an opportunity to create an open base of information regarding web browsing habits.

    No other project is in a position to be able distribute and act as a clearing house for studies on such data, as the commercial entities involved in their creation would not allow it on the grounds of sensitivity.

    I think it’s naive to assume that closed-source projects like Safari and Internet Explorer are not already secretly gathering the kind of metrics being discussed.

    Openly sharing the information gathered in this way would go some way towards ensuring that outside entities have no opportunity to receive non-anonymous information, while the open-source nature of Firefox would make it more difficult to secretly gather personal information since the code can be examined by anyone.

  190. Don’t let a few small-minded zealots who can’t envisage an “off button” for this feature spoil what is an opportunity to create an open base of information regarding web browsing habits.

    No other project is in a position to be able distribute and act as a clearing house for studies on such data, as the commercial entities involved in their creation would not allow it on the grounds of sensitivity.

    I think it’s naive to assume that closed-source projects like Safari and Internet Explorer are not already secretly gathering the kind of metrics being discussed.

    Openly sharing the information gathered in this way would go some way towards ensuring that outside entities have no opportunity to receive non-anonymous information, while the open-source nature of Firefox would make it more difficult to secretly gather personal information since the code can be examined by anyone.

  191. Hi John I came here after defending you and the FF team in the BadPhorm forums.

    “First off lets remember this is the Firefox guys – they have earned a lot of trust.
    I would need to be convinced that this was phorn like.
    To recap – the firefox team have my trust – they have earned it. “Trust but verify ” is still a good idea though :)

    I have been a longtime user and evangelist for FF and my default mode is to trust you.

    I came here to verify, below is my report to BadPhorm:

    Did some checking… I would like to say “Story was complete *********”, as the thereg didn’t have a link so you could verify what the person quoted *actually* said, see the real story here:
    http://john.jubjubs.net/2008/05/13/mozilla-fire

    But reading through what he said and his replies to comments, it looks like a cockup not conspiracy.
    I am willing to give him the benefit of the doubt as to *his* initial motivation. It looked to him as a tool to help build a better browser – like crash reporting…

    BUT

    I think he has [messed] up big style.

    The road to hell is paved with good intentions.

    I don’t think there is a chance of this now being implemented, given the huge storm of protests it has generated.

    TBH I don’t think there was a chance that this would have made it to code in any case – none of the FF devs would have stood for this.

    I hope John just stops digging.

    ” 1. Collects & shares data in a way that embodies the user control & privacy options which are at Mozilla’s core.
    2. Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.
    3. Helps move the conversation around data collection and web usage forward, to help consumers make more informed decisions.”

    … sounds way to much like phorm’s marketing bs.

    Best quote from the comments is from Klaus Malorny:

    “The only way to prevent misuse of data is not to create the data in the first place. Opt-in is no safeguard for the uneducated people, who deserve privacy in the same way as experts.”

    http://www.badphorm.co.uk
    http://petitions.pm.gov.uk/ispphorm/

  192. John,

    With all due respect, despite the perceived advantages of such data collection, this is a recipe for user distrust, and software choice revolt against Mozilla.

    IMHO, if you should decide to pursue this, such code should be part of a plugin system, and not part of the main Mozilla code. This should be the opt-in based system.

    “Rudiger, Tom, tekonaut, nobody plans to make this spyware, I tried to make it clear that we’d only do this by figuring out a way to be very very opt-in, the data would be open to everyone, and not personal in any way. That’s why we’re talking about it in the very early stages as we explore the space.

    I hear your concerns; take them very seriously. Feedback is what we’re after.”

  193. Hi John – I have looked at a lot of what you have to say.

    “Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.”

    “It’s early days, but it seems to me at least that opening up all sorts of data — from web usage to the social graph & beyond — is going to be the topic of conversation for a long time to come.”

    I am sorry to say that you have lost my trust.

    Not the Firefox team just you.

    I think you need to do the honorable thing and resign.

  194. Hi John I came here after defending you and the FF team in the BadPhorm forums.

    “First off lets remember this is the Firefox guys – they have earned a lot of trust.
    I would need to be convinced that this was phorn like.
    To recap – the firefox team have my trust – they have earned it. “Trust but verify ” is still a good idea though :)

    I have been a longtime user and evangelist for FF and my default mode is to trust you.

    I came here to verify, below is my report to BadPhorm:

    Did some checking… I would like to say “Story was complete *********”, as the thereg didn’t have a link so you could verify what the person quoted *actually* said, see the real story here:
    http://john.jubjubs.net/2008/05/13/mozilla-firefox-data/

    But reading through what he said and his replies to comments, it looks like a cockup not conspiracy.
    I am willing to give him the benefit of the doubt as to *his* initial motivation. It looked to him as a tool to help build a better browser – like crash reporting…

    BUT

    I think he has [messed] up big style.

    The road to hell is paved with good intentions.

    I don’t think there is a chance of this now being implemented, given the huge storm of protests it has generated.

    TBH I don’t think there was a chance that this would have made it to code in any case – none of the FF devs would have stood for this.

    I hope John just stops digging.

    ” 1. Collects & shares data in a way that embodies the user control & privacy options which are at Mozilla’s core.
    2. Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.
    3. Helps move the conversation around data collection and web usage forward, to help consumers make more informed decisions.”

    … sounds way to much like phorm’s marketing bs.

    Best quote from the comments is from Klaus Malorny:

    “The only way to prevent misuse of data is not to create the data in the first place. Opt-in is no safeguard for the uneducated people, who deserve privacy in the same way as experts.”

    http://www.badphorm.co.uk
    http://petitions.pm.gov.uk/ispphorm/

  195. John,

    With all due respect, despite the perceived advantages of such data collection, this is a recipe for user distrust, and software choice revolt against Mozilla.

    IMHO, if you should decide to pursue this, such code should be part of a plugin system, and not part of the main Mozilla code. This should be the opt-in based system.

    “Rudiger, Tom, tekonaut, nobody plans to make this spyware, I tried to make it clear that we’d only do this by figuring out a way to be very very opt-in, the data would be open to everyone, and not personal in any way. That’s why we’re talking about it in the very early stages as we explore the space.

    I hear your concerns; take them very seriously. Feedback is what we’re after.”

  196. Hi John – I have looked at a lot of what you have to say.

    “Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.”

    “It’s early days, but it seems to me at least that opening up all sorts of data — from web usage to the social graph & beyond — is going to be the topic of conversation for a long time to come.”

    I am sorry to say that you have lost my trust.

    Not the Firefox team just you.

    I think you need to do the honorable thing and resign.

  197. Hi! I am a Japanese. Though I looked for English study in various ways, I commented because contents were interesting. I was able to enjoy it very much. In addition, I come to look. Please keep it for us. Thank you!

  198. Hi! I am a Japanese. Though I looked for English study in various ways, I commented because contents were interesting. I was able to enjoy it very much. In addition, I come to look. Please keep it for us. Thank you!

  199. Hmmm, all this whining about privacy and yet I bet you all use Google to search.

  200. Why do more research? Sing along boys and girls, we all know what browsers want…

    “The internet is for porn.”
    “The internet is for porn.”
    “So grab your dick and double click.”
    “The internet is for porn.”

    This is why they don’t want their browser history shown, you’ll see how big of perverts we really are. Like the South Park recently where there was “no internet.” Once you’ve seen Internet porn, there’s no going back to Playboy or Penthouse.

    If you really want to make money, just set up a decent XXX site. Since it’s inception, the only industry that has consistently made money on the internet is;

    PORN!

    -S

  201. Hmmm, all this whining about privacy and yet I bet you all use Google to search.

  202. Why do more research? Sing along boys and girls, we all know what browsers want…

    “The internet is for porn.”
    “The internet is for porn.”
    “So grab your dick and double click.”
    “The internet is for porn.”

    This is why they don’t want their browser history shown, you’ll see how big of perverts we really are. Like the South Park recently where there was “no internet.” Once you’ve seen Internet porn, there’s no going back to Playboy or Penthouse.

    If you really want to make money, just set up a decent XXX site. Since it’s inception, the only industry that has consistently made money on the internet is;

    PORN!

    -S

  203. I’ve read all these comments from people who say they appreciate what John is saying. Personally i can’t figure out what John is saying at all because he is using obfuscated made up management-speak. That alone makes me distrust him. I will watch Mozilla a lot more carefully from now on. that this proposal could be generated at all is very disturbing to me.

  204. John, I am glad that there are no secret projects or plans to collect user data. I hope it stays that way, as it is my belief that data collection is an invasion of privacy. One should only give up that privacy at their own bequest — which I would never do — and not as an automatic feature of an application being used.

    “…there remain worlds of information about how people use the web that are locked up and not currently shared.

    So we asked ourselves what we can do to help unlock some of this latent potential…

    …Beyond that, we’re thinking about it and talking about it, but haven’t staffed it very much — we don’t even have a name for the project yet. What we do know is that data is important, and that there’s a ton of potential for everyone….”

    Potential for whom? I don’t see any possible benefit to myself — the user — that is worth the loss of my privacy. The reason this data is important is because it is private data collected at the server side and thus a scarce resource. This is why it’s important to businesses — but not people in general.

    ” …and started thinking about whether there’s a project we can do at Mozilla that does a few things:

    1. Collects & shares data in a way that embodies the user control & privacy options which are at Mozilla’s core.
    2. Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.
    3. Helps move the conversation around data collection and web usage forward, to help consumers make more informed decisions.

    It seems obvious to us that there’s lots to be done here, and lots that we can do, if we can work with our broad community to figure it out.”

    Here’s a thought — try not following the herd! Don’t be a lemming!

    Why does a browser need to spy on its users’ surfing habits to determine how to make the browser application itself better? Oh, wait — you don’t explicitly state that this is for what Mozilla would be collecting that data.

    “We’ve had most of the substance of these conversations in the open, like most everything we do, and we want to have more. Key to us doing anything is having even more conversations like this in public, and figuring out a set of core principles that go beyond just the level of opting-in.”

    I was very glad to read this. I’m involved in this conversation, and I’m spending my precious time giving you my feed-back. I wouldn’t do so if it (my privacy) wasn’t important to me.

    “So I’m glad that Mike wrote about it & sees some of the promise here. It’s early days, but it seems to me at least that opening up all sorts of data — from web usage to the social graph & beyond — is going to be the topic of conversation for a long time to come.”

    It will be a topic of conversation only as long as Mozilla continues down the path of modifying their applications (I haven’t forgot that Mozilla supports Thunderbird and other applications beyond Firefox) to collect and store users’ surfing and usage habits. And then “phoning home” with that data. The conversation will end with sighs of relief and much applause as soon as you announce that the applications WILL NOT and NEVER WILL be modified to include this functionality.

    There are better ways to collect information to make the applications better, if that’s what Mozilla really wants — one is user surveys. Those users that care about improving the applications will sign up for the surveys and give their feedback. Those that don’t won’t, just as those that don’t want to bother with reporting bugs don’t do so. Each user has the Freedom to choose. Doesn’t Mozilla already use surveys and other forms of user feedback to determine what’s important to their users? If so, then why do they want to collect this data all the time from within the applications?

    I guess Mozilla could create plug-ins to ‘watch’ users to gain better understanding of their habits. But such plug-ins shouldn’t be (and wouldn’t need to be) part of the core applications themselves. Users that wanted to participate could manually download and install such plug-ins and allow them to observe their usage patterns and habits. Those users could also manually uninstall them when they decided they didn’t want to continue to participate. What better form of opt-in could you want? What gives the user more Freedom and more choice?

    Wait — didn’t I read in the comments that such a plug-in already existed? Then why is this conversation taking place? Oh, that’s right –

    “…2. Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.”

    It doesn’t sound like you want Mozilla to collect data to improve the applications, but to make such data available to others. This is the same thing that Phorm and other programs do. Do you want to make Mozilla an also-ran?

    “…1. Collects & shares data in a way that embodies the user control & privacy options which are at Mozilla’s core.”

    I never realized that spying on users was at Mozilla’s core. Silly me, I thought one of Mozilla’s core precepts was privacy and user control. Collecting data on such application usage habits (browsing, email, RSS feeds, etc.) has only one thing to do with my privacy — invading it.

    I’ve read all of the other feedback comments. I found almost all of them to be negative about including data collection in Mozilla applications and to echo my own beliefs. Many of the most negative comments equated modifying Mozilla applications to collect private data to making them into Spyware. It made me wonder what kind of feedback Mozilla was getting on their user and community pages. I further note that the information being presented in this form of feedback is nothing that any automatic data collection feature could record.

    I did find some comments upon which I’d like to remark.

    Tom 05.14.08 / 8am

    “Thanks for the answer John. You have to understand privacy is a big topic in Germany ( and it should be everywhere )…”

    Privacy is a big deal in the US, too; at least for many of us. I’m sure it’s as important in the rest of the world, but with differing levels of discussion and action. It’s an ongoing fight that seems to remain an uphill battle, but it is happening. Every time another incident where private data is loosed upon the “wild wild web” due to bad procedures or sheer human incompetence, those of us that are for the strictest of privacy laws and procedures are proven right in our beliefs and the warnings that we voice. We are not just voices in the wilderness crying “Wolf!”. The tide is turning, but it hasn’t yet started to show.

    Ian McKellar 05.14.08 / 8am

    “This is a really exciting opportunity to diversify Mozilla’s funding sources. This kind of aggregate browsing data is valuable to a far wider set of organizations than Mozilla can make search advertising affiliate deals with.

    Right now Mozilla is only minimally monetizing Firefox users – the potential to non-intrusively generate a little more revenue and then put that to use helping the Open Web is great news.”

    W-W-What?!!! I thought the Mozilla Foundation was a non-profit organization — what need does a non-profit have to “diversify funding resources” or “monetize users”?
    If Mozilla needs money, then they should ask the community to step up and help out. I agree with one of the comments that raised the question that maybe the Foundation’s executives are being paid too much, if they need to resort to “monetizing users” to preserve funding. There is no need to collect private data about its users and sell it to raise funds. I agree with the comment that stated that “we are not livestock”.

    I also agree 100% with the comments made by Ben Bucksch . Unfortunately, your replies to his comments continue to muddy the issue. You speak about collecting data to “level the playing field” and that “this isn’t economics driving it”. Yet, again, how does collecting and storing private data about users’ application usage and browsing habits improve the applications and “level the playing field”?

    The fact that you state

    “the web today collects *much* data about people in ways that aren’t helpful at all”

    in one of your replies shows, to me, that you may be out of touch with what users want. The web today collects too much data about people and that invasion of privacy isn’t helpful at all.

    I agree with Ben when he says:

    “…the web is collecting *too* much data. What we need are tools to *reduce* that, to avoid being profiled and collected. Insofar I agree that we need discussion, just in the other direction :)”

    I wholeheartedly disagree with you, John, when you reply:

    “…Anyway, it seems to me that “collect everything!” and “collect nothing!” are both straw men proposals, and we need to get a more nuanced conversation going…”

    Collect nothing is where I want to be. A “more nuanced conversation” isn’t where I’d like the conversation to go. As I and others have stated, if people want to opt-in to a ‘watcher’ program by downloading and installing a plug-in — that’s their choice. It’s would never be mine, but I would allow others that Freedom. Don’t ask me to give up my Freedom or choice by embedding that functionality within the applications themselves. I agree with others that the risk is too great that such an opt-in program could silently morph into an opt-out program without notice — or could be silently modified by some malicious person or applet. It;s not a ris

    In summation: let each user have the Freedom to choose without endangering those who do not wish to participate. Don’t modify the Mozilla applications to collect or upload any data about users’ application usage, browsing habits, use of RSS feeds, etc. If users want to answer surveys, let them. If users want participate in a program to collect this data, let them. They can do so through the most favorable opt-in methodology — a plug-in that they would need to manually download and install, and that would completely remove itself when uninstalled. As others have stated, to do otherwise will damage the trust that the Mozilla Foundation has earned in the last decade, and trust, once lost, is not easily regained.

    John, I’m glad you asked for my feedback. I hope you’re not too disappointed.

  205. I’ve read all these comments from people who say they appreciate what John is saying. Personally i can’t figure out what John is saying at all because he is using obfuscated made up management-speak. That alone makes me distrust him. I will watch Mozilla a lot more carefully from now on. that this proposal could be generated at all is very disturbing to me.

  206. John, I am glad that there are no secret projects or plans to collect user data. I hope it stays that way, as it is my belief that data collection is an invasion of privacy. One should only give up that privacy at their own bequest — which I would never do — and not as an automatic feature of an application being used.

    “…there remain worlds of information about how people use the web that are locked up and not currently shared.

    So we asked ourselves what we can do to help unlock some of this latent potential…

    …Beyond that, we’re thinking about it and talking about it, but haven’t staffed it very much — we don’t even have a name for the project yet. What we do know is that data is important, and that there’s a ton of potential for everyone….”

    Potential for whom? I don’t see any possible benefit to myself — the user — that is worth the loss of my privacy. The reason this data is important is because it is private data collected at the server side and thus a scarce resource. This is why it’s important to businesses — but not people in general.

    ” …and started thinking about whether there’s a project we can do at Mozilla that does a few things:

    1. Collects & shares data in a way that embodies the user control & privacy options which are at Mozilla’s core.
    2. Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.
    3. Helps move the conversation around data collection and web usage forward, to help consumers make more informed decisions.

    It seems obvious to us that there’s lots to be done here, and lots that we can do, if we can work with our broad community to figure it out.”

    Here’s a thought — try not following the herd! Don’t be a lemming!

    Why does a browser need to spy on its users’ surfing habits to determine how to make the browser application itself better? Oh, wait — you don’t explicitly state that this is for what Mozilla would be collecting that data.

    “We’ve had most of the substance of these conversations in the open, like most everything we do, and we want to have more. Key to us doing anything is having even more conversations like this in public, and figuring out a set of core principles that go beyond just the level of opting-in.”

    I was very glad to read this. I’m involved in this conversation, and I’m spending my precious time giving you my feed-back. I wouldn’t do so if it (my privacy) wasn’t important to me.

    “So I’m glad that Mike wrote about it & sees some of the promise here. It’s early days, but it seems to me at least that opening up all sorts of data — from web usage to the social graph & beyond — is going to be the topic of conversation for a long time to come.”

    It will be a topic of conversation only as long as Mozilla continues down the path of modifying their applications (I haven’t forgot that Mozilla supports Thunderbird and other applications beyond Firefox) to collect and store users’ surfing and usage habits. And then “phoning home” with that data. The conversation will end with sighs of relief and much applause as soon as you announce that the applications WILL NOT and NEVER WILL be modified to include this functionality.

    There are better ways to collect information to make the applications better, if that’s what Mozilla really wants — one is user surveys. Those users that care about improving the applications will sign up for the surveys and give their feedback. Those that don’t won’t, just as those that don’t want to bother with reporting bugs don’t do so. Each user has the Freedom to choose. Doesn’t Mozilla already use surveys and other forms of user feedback to determine what’s important to their users? If so, then why do they want to collect this data all the time from within the applications?

    I guess Mozilla could create plug-ins to ‘watch’ users to gain better understanding of their habits. But such plug-ins shouldn’t be (and wouldn’t need to be) part of the core applications themselves. Users that wanted to participate could manually download and install such plug-ins and allow them to observe their usage patterns and habits. Those users could also manually uninstall them when they decided they didn’t want to continue to participate. What better form of opt-in could you want? What gives the user more Freedom and more choice?

    Wait — didn’t I read in the comments that such a plug-in already existed? Then why is this conversation taking place? Oh, that’s right –

    “…2. Enables everyone — from individual researchers and entrepreneurs (both the social and capitalist types) to the largest organizations in the world — to take usage data, mix it up, mash it up, derive insight, and hopefully share some of that insight with others.”

    It doesn’t sound like you want Mozilla to collect data to improve the applications, but to make such data available to others. This is the same thing that Phorm and other programs do. Do you want to make Mozilla an also-ran?

    “…1. Collects & shares data in a way that embodies the user control & privacy options which are at Mozilla’s core.”

    I never realized that spying on users was at Mozilla’s core. Silly me, I thought one of Mozilla’s core precepts was privacy and user control. Collecting data on such application usage habits (browsing, email, RSS feeds, etc.) has only one thing to do with my privacy — invading it.

    I’ve read all of the other feedback comments. I found almost all of them to be negative about including data collection in Mozilla applications and to echo my own beliefs. Many of the most negative comments equated modifying Mozilla applications to collect private data to making them into Spyware. It made me wonder what kind of feedback Mozilla was getting on their user and community pages. I further note that the information being presented in this form of feedback is nothing that any automatic data collection feature could record.

    I did find some comments upon which I’d like to remark.

    Tom 05.14.08 / 8am

    “Thanks for the answer John. You have to understand privacy is a big topic in Germany ( and it should be everywhere )…”

    Privacy is a big deal in the US, too; at least for many of us. I’m sure it’s as important in the rest of the world, but with differing levels of discussion and action. It’s an ongoing fight that seems to remain an uphill battle, but it is happening. Every time another incident where private data is loosed upon the “wild wild web” due to bad procedures or sheer human incompetence, those of us that are for the strictest of privacy laws and procedures are proven right in our beliefs and the warnings that we voice. We are not just voices in the wilderness crying “Wolf!”. The tide is turning, but it hasn’t yet started to show.

    Ian McKellar 05.14.08 / 8am

    “This is a really exciting opportunity to diversify Mozilla’s funding sources. This kind of aggregate browsing data is valuable to a far wider set of organizations than Mozilla can make search advertising affiliate deals with.

    Right now Mozilla is only minimally monetizing Firefox users – the potential to non-intrusively generate a little more revenue and then put that to use helping the Open Web is great news.”

    W-W-What?!!! I thought the Mozilla Foundation was a non-profit organization — what need does a non-profit have to “diversify funding resources” or “monetize users”?
    If Mozilla needs money, then they should ask the community to step up and help out. I agree with one of the comments that raised the question that maybe the Foundation’s executives are being paid too much, if they need to resort to “monetizing users” to preserve funding. There is no need to collect private data about its users and sell it to raise funds. I agree with the comment that stated that “we are not livestock”.

    I also agree 100% with the comments made by Ben Bucksch . Unfortunately, your replies to his comments continue to muddy the issue. You speak about collecting data to “level the playing field” and that “this isn’t economics driving it”. Yet, again, how does collecting and storing private data about users’ application usage and browsing habits improve the applications and “level the playing field”?

    The fact that you state

    “the web today collects *much* data about people in ways that aren’t helpful at all”

    in one of your replies shows, to me, that you may be out of touch with what users want. The web today collects too much data about people and that invasion of privacy isn’t helpful at all.

    I agree with Ben when he says:

    “…the web is collecting *too* much data. What we need are tools to *reduce* that, to avoid being profiled and collected. Insofar I agree that we need discussion, just in the other direction :)”

    I wholeheartedly disagree with you, John, when you reply:

    “…Anyway, it seems to me that “collect everything!” and “collect nothing!” are both straw men proposals, and we need to get a more nuanced conversation going…”

    Collect nothing is where I want to be. A “more nuanced conversation” isn’t where I’d like the conversation to go. As I and others have stated, if people want to opt-in to a ‘watcher’ program by downloading and installing a plug-in — that’s their choice. It’s would never be mine, but I would allow others that Freedom. Don’t ask me to give up my Freedom or choice by embedding that functionality within the applications themselves. I agree with others that the risk is too great that such an opt-in program could silently morph into an opt-out program without notice — or could be silently modified by some malicious person or applet. It;s not a ris

    In summation: let each user have the Freedom to choose without endangering those who do not wish to participate. Don’t modify the Mozilla applications to collect or upload any data about users’ application usage, browsing habits, use of RSS feeds, etc. If users want to answer surveys, let them. If users want participate in a program to collect this data, let them. They can do so through the most favorable opt-in methodology — a plug-in that they would need to manually download and install, and that would completely remove itself when uninstalled. As others have stated, to do otherwise will damage the trust that the Mozilla Foundation has earned in the last decade, and trust, once lost, is not easily regained.

    John, I’m glad you asked for my feedback. I hope you’re not too disappointed.

  207. John, what in the world are you thinking? This goes against everything that we know about Mozilla. What’s next? “Genuine Advantage” snoopware to find out what other software we have installed?

    Seriously, John, even thinking about this is a major mistake. About the only think I can see coming out of this is getting your products banned from any companies’ networks and losing the support / usage / advocacy of FOSS enthusiasts everywhere.

    Any reporting should be STRICTLY voluntary, and turned off by default. Maybe it should even be a separate download. Users should easily be able to turn it off at any time. I think the best thing you could do is to swear off data collection permanently, and begin to market your products as “on your side, not the corporations’ side”. Combine that with highlighting the ways in which competitors funnel user data to marketers, and you will see an uptick in usage.

  208. John, what in the world are you thinking? This goes against everything that we know about Mozilla. What’s next? “Genuine Advantage” snoopware to find out what other software we have installed?

    Seriously, John, even thinking about this is a major mistake. About the only think I can see coming out of this is getting your products banned from any companies’ networks and losing the support / usage / advocacy of FOSS enthusiasts everywhere.

    Any reporting should be STRICTLY voluntary, and turned off by default. Maybe it should even be a separate download. Users should easily be able to turn it off at any time. I think the best thing you could do is to swear off data collection permanently, and begin to market your products as “on your side, not the corporations’ side”. Combine that with highlighting the ways in which competitors funnel user data to marketers, and you will see an uptick in usage.

  209. Out of curiosity, is this the sort of open discussion where attention is paid to what the userbase says, with policy being adjusted according? Or is this one of those discussions where the decision has already been made, and the only question is how to spin the announcement to lose the fewest users?

    I think the reaction here is clear an unambiguous, don’t you? So now we get to see where mozilla corp’s priorities lie; with the users, or with its corporate partners.

    One thing you can be sure of: your users will vote with their feet.

  210. Out of curiosity, is this the sort of open discussion where attention is paid to what the userbase says, with policy being adjusted according? Or is this one of those discussions where the decision has already been made, and the only question is how to spin the announcement to lose the fewest users?

    I think the reaction here is clear an unambiguous, don’t you? So now we get to see where mozilla corp’s priorities lie; with the users, or with its corporate partners.

    One thing you can be sure of: your users will vote with their feet.

  211. Such a sucky approach with all that sickening management speak about texture and nuance in an effort to broach as
    comfortably as possible a subject reviled among the internets more aware users as FF owners are. Go ahead and implement this rubbish and watch FF go down the drain.

  212. Such a sucky approach with all that sickening management speak about texture and nuance in an effort to broach as
    comfortably as possible a subject reviled among the internets more aware users as FF owners are. Go ahead and implement this rubbish and watch FF go down the drain.

  213. Hey John, I know of some extremely valuable internet usage data related to browsing habits that has never been available until now!

    And I’ll share it freely with you. No, wait. You shared it with me. Wha…??

    Yea. The data appears on this page in the comments above this one. And the clear, unrefutable conclusion of that data is that an overwhelming proportion of responders do not want FireFox to collect usage data in any form.

    My question is what are you going to do with *this* data. If it’s something different than backing off from your position, then I have to say I would never trust your assurances that data you intend to collect would be used in the best interests of FireFox users.

    Look, your arguments just don’t make sense. You claim this is not about economics, but about “leveling the playing field.” What does that even mean? The playing field is not level because +90% of computers come with a default browser other than FireFox. The playing field will not be level while that continues, and collecting FireFox browsing usage data will not change that.

    How will dealing with the inevitable fork to a non-tracking version of FireFox make FireFox community stronger?

  214. Hey John, I know of some extremely valuable internet usage data related to browsing habits that has never been available until now!

    And I’ll share it freely with you. No, wait. You shared it with me. Wha…??

    Yea. The data appears on this page in the comments above this one. And the clear, unrefutable conclusion of that data is that an overwhelming proportion of responders do not want FireFox to collect usage data in any form.

    My question is what are you going to do with *this* data. If it’s something different than backing off from your position, then I have to say I would never trust your assurances that data you intend to collect would be used in the best interests of FireFox users.

    Look, your arguments just don’t make sense. You claim this is not about economics, but about “leveling the playing field.” What does that even mean? The playing field is not level because +90% of computers come with a default browser other than FireFox. The playing field will not be level while that continues, and collecting FireFox browsing usage data will not change that.

    How will dealing with the inevitable fork to a non-tracking version of FireFox make FireFox community stronger?

  215. Anonymous Guest

    John,

    On exactly which release did Firefox versions start
    sending out unauthorized UDP and TCP packets to
    the Internet? I refer specifically to unauthorized
    outgoing DNS requests on port 53 and also to
    surreptitious outgoing TCP-SYN connection-attempts to distant Mozilla servers on
    port 80.

    I must admit it does seem rather clever, to have all
    Firefox browsers designed to send unauthorized outgoing packets to the Internet when they are launched. Perhaps this is now or will oneday become some form of regular Firefox “heartbeat”.

    Of course it is even more clever to send out
    user-unauthorized TCP-SYN packets to Mozilla
    servers (pseudo-randomly) on occasions when users
    click a mouse-button or press enter, the resulting
    connections to Mozilla’s servers would have received state along with the connections that
    users actually did seek to make. A very clever
    mechanism to effectively defeat stateful firewalls.

    Between Netfilter and PF I believe i’ve been able to
    filter and drop all of the DNS packets and at least
    some of the TCP-SYN packets.

    I’ve noted the packets seeking to travel via ports 53
    and 80, have I somehow missed any packets on port
    443, or will you make use of this port too only in
    future releases?

    When configured not to use DNS, Firefox should
    not be sending DNS packets out. When not
    configured to initiate TCP connections with
    distant Mozilla servers, Firefox should not be
    doing so surreptitiously, without a user’s permission.

    Sir, your packets betray you.

  216. Anonymous Guest

    John,

    On exactly which release did Firefox versions start
    sending out unauthorized UDP and TCP packets to
    the Internet? I refer specifically to unauthorized
    outgoing DNS requests on port 53 and also to
    surreptitious outgoing TCP-SYN connection-attempts to distant Mozilla servers on
    port 80.

    I must admit it does seem rather clever, to have all
    Firefox browsers designed to send unauthorized outgoing packets to the Internet when they are launched. Perhaps this is now or will oneday become some form of regular Firefox “heartbeat”.

    Of course it is even more clever to send out
    user-unauthorized TCP-SYN packets to Mozilla
    servers (pseudo-randomly) on occasions when users
    click a mouse-button or press enter, the resulting
    connections to Mozilla’s servers would have received state along with the connections that
    users actually did seek to make. A very clever
    mechanism to effectively defeat stateful firewalls.

    Between Netfilter and PF I believe i’ve been able to
    filter and drop all of the DNS packets and at least
    some of the TCP-SYN packets.

    I’ve noted the packets seeking to travel via ports 53
    and 80, have I somehow missed any packets on port
    443, or will you make use of this port too only in
    future releases?

    When configured not to use DNS, Firefox should
    not be sending DNS packets out. When not
    configured to initiate TCP connections with
    distant Mozilla servers, Firefox should not be
    doing so surreptitiously, without a user’s permission.

    Sir, your packets betray you.

  217. Thanks John for your honesty ;-)

    1. There is no secret data project.
    -you say thats the data project is official know and it is running!

    2. There is no secret plan to collect user data.
    -you allready collect user data, the plan isn’t secret anymore!

    3. We are not already secretly collecting data.
    -not you John, we understand that, google do this! we understand! … not anymore secretly!
    -also you like to do this not secretly anymore at person, we understand the pressure is hard to carry!

    4. Yes, we are trying to figure out how to accumulate and open better data about how people use the
    web and their browsers; like everything Mozilla does, that starts with discussion like this, and we expect people to have many, many opinions.

    -John, it’s not a question anymore of discussion or if you expect people to have many opinions! You know and you try to hurt peoples privacy. John, you and Google will be successfull with this, only by users who did not read this consciously, because you did not making it public on the mozilla-pages. You are not interested in a real discussion. You are only figure out, how strong the resisted part of conscious users is! By the way, to realise these functions with the title “anti-pishing” and “anti-malware” is inexcusable and also undiscussable!

    John, you are getting better in this, then microsoft, did you know that? But you also know, your firm is only a dummy and your commercial interests are secure behind the foundation. Taxfree!

    But maybe in future more people understand the title of your blog: “…stream of consciousness” !!!

  218. Thanks John for your honesty ;-)

    1. There is no secret data project.
    -you say thats the data project is official know and it is running!

    2. There is no secret plan to collect user data.
    -you allready collect user data, the plan isn’t secret anymore!

    3. We are not already secretly collecting data.
    -not you John, we understand that, google do this! we understand! … not anymore secretly!
    -also you like to do this not secretly anymore at person, we understand the pressure is hard to carry!

    4. Yes, we are trying to figure out how to accumulate and open better data about how people use the
    web and their browsers; like everything Mozilla does, that starts with discussion like this, and we expect people to have many, many opinions.

    -John, it’s not a question anymore of discussion or if you expect people to have many opinions! You know and you try to hurt peoples privacy. John, you and Google will be successfull with this, only by users who did not read this consciously, because you did not making it public on the mozilla-pages. You are not interested in a real discussion. You are only figure out, how strong the resisted part of conscious users is! By the way, to realise these functions with the title “anti-pishing” and “anti-malware” is inexcusable and also undiscussable!

    John, you are getting better in this, then microsoft, did you know that? But you also know, your firm is only a dummy and your commercial interests are secure behind the foundation. Taxfree!

    But maybe in future more people understand the title of your blog: “…stream of consciousness” !!!

  219. It’s quite simple really. I’ll stop using Firefox, whether or not the system is opt-in or out. A shame as it’s better than the others – including Opera and Safari, and I’ve been using it for years.

    I’ve long been a supporter of privacy, and for that reason have stayed away from Gmail et al. I’ve nothing to hide, but it’s the principle that counts. The recent advent of Phorm and others give concern for the future and I never thought that I would be reading about Firefox in a similar vein. Different, but similar. (And yes I do realise that there is actually no privacy on the web, and that at any point in time data can be read.) But the recent trends are different. They are wholesale scanning of data (MY data) to gain commercial advantage or income. When I put a letter in the snail mail, it is not read (actually illegal apart from pretty boring anyway), so why when I use electronic mail or use the web, does every man and his dog seem to think my data is suddenly become theirs to abuse?

    I do not browse the web to be targeted with ads or have my profile collected, no more than when I drive my car does Toyota find out where I have driven.

    The purpose of the browser is to facilitate MY quest for information (both work and home related) and to deliver that information to my screen. In the days gone past. I would have used the printed version of yellow pages or gone to the local library, or stuck to a very limited source of known data (yep, I’m well past 50!). Fortunately those days have long gone and the internet is now a valuable tool. Please don’t abuse it!

  220. It’s quite simple really. I’ll stop using Firefox, whether or not the system is opt-in or out. A shame as it’s better than the others – including Opera and Safari, and I’ve been using it for years.

    I’ve long been a supporter of privacy, and for that reason have stayed away from Gmail et al. I’ve nothing to hide, but it’s the principle that counts. The recent advent of Phorm and others give concern for the future and I never thought that I would be reading about Firefox in a similar vein. Different, but similar. (And yes I do realise that there is actually no privacy on the web, and that at any point in time data can be read.) But the recent trends are different. They are wholesale scanning of data (MY data) to gain commercial advantage or income. When I put a letter in the snail mail, it is not read (actually illegal apart from pretty boring anyway), so why when I use electronic mail or use the web, does every man and his dog seem to think my data is suddenly become theirs to abuse?

    I do not browse the web to be targeted with ads or have my profile collected, no more than when I drive my car does Toyota find out where I have driven.

    The purpose of the browser is to facilitate MY quest for information (both work and home related) and to deliver that information to my screen. In the days gone past. I would have used the printed version of yellow pages or gone to the local library, or stuck to a very limited source of known data (yep, I’m well past 50!). Fortunately those days have long gone and the internet is now a valuable tool. Please don’t abuse it!

  221. John I hope you are readers can help me. When I upgraded firefox all of my bookmarks dissapared . I cannot use there e-mail system. Would you know their phone #, or address?

  222. Well I am using firefox and I like it very much