vaguerant

Certainly, but there’s a couple of problems with that line of thinking.

Firstly, “When you upload or input information through Firefox” is far more broad than covering the specific things you type into the address bar. That language covers pretty everything you can possibly do in a web browser. Every link you click, every social media post, every file upload is information input through Firefox. Certainly, you can argue that Firefox is being exceedingly broad just in case they expand the types of information they collect about you, but the terms as written now already give them license to everything.

Returning to the address bar, browsers traditionally send what you type into the address bar to a search engine, not to the author of the web browser (obviously discounting the situation where those are the same people, e.g. Microsoft with Edge & Bing and Alphabet with Chrome & Google). Mozilla doesn’t offer a search engine or any sort of live search facility. The things you type into the address bar are (optionally) sent to the search provider of your choosing, whether that’s Google, Bing, DuckDuckGo or Dogpile. What good reason is there for Mozilla to receive that information?

I’ve been following this story for the last couple of days, and I disagree. For one thing, most users don’t consider a web browser’s job to be “sending anything to someone’s service”; it’s local software that runs on your machine. There’s no reason for somebody else to gain a license to the things you create on your own computer just because you created it inside a specific piece of software, but these Firefox terms are written extremely broadly, such that Mozilla would have a license to use this post I’m writing right now if I happened to type it into Firefox (for reference, I did not).

Besides which, there is additional context here like the many changes made in this pull request (16018). This PR removes a whole bunch of language saying that Mozilla doesn’t sell your data, implying that they’re either about to start selling the data you put in via Firefox, or at the very least that they’re open to it. Here’s all the parts that were removed by the above-linked PR:

Unlike other companies, we don’t sell access to your data.

Does Firefox sell your personal data? Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise.

The Firefox browser is the only major browser backed by a not-for-profit that doesn’t sell your personal data to advertisers while helping you protect your personal information.

Is Firefox free? Yep! The Firefox browser is free. Super free, actually. No hidden costs or anything. You don’t pay anything to use it, and we don’t sell your personal data.

All of this taken together can really only mean that Firefox wants to sell the data you enter into your personal web browser running on your computer.

I just switched to LibreWolf (desktop) and IronFox (Android) as a result of this news yesterday and today. LibreWolf has no Android version and IronFox has no desktop version, so they complement each other quite well. It’s pretty much been a drop-in replacement, with the only real friction being configuring my settings all over again. IronFox is quite new, being forked off from the discontinued Mull browser, which was previously the go-to privacy-conscious version of Firefox. There was a discussion among LibreWolf contributors about forking Mull and maintaining it themselves, but IronFox ultimately filled that gap instead.

Both LibreWolf and IronFox err on the side of caution as far as privacy and security. The defaults are very strict, e.g. LibreWolf deletes all cookies and history on exit by default, IronFox disables the JavaScript JIT compiler–in English, a potentially exploitable way to make browser go fast, etc. It’s somewhat counter-intuitive to switch to a privacy-focussed browser then go through rolling back privacy features, but I’ve reached a happy medium that suits my needs. The IronFox readme (at the link above) has a section Issues inherited from Mull that still apply to IronFox which I recommend checking out as it lists off a few about:config settings you can change to trade functionality for security/privacy as much as you are comfortable with doing so.

On that note, I believe Firefox Sync to be minimally concerning from a security perspective. It’s end-to-end encrypted, so Mozilla can’t see what you have in Sync to sell it even if they wanted to. If you are worried, Firefox Sync can also be self-hosted. Both LibreWolf and IronFox will happily sign in to Firefox Sync (option must be enabled in LibreWolf settings first; on IronFox it’s already available), which will provide you access to your synced extensions, history, passwords, etc. You can also share tabs between LibreWolf for desktop and IronFox for Android, just as you would with mainline Firefox on each. Pretty good time.

What a cool service, thanks for sharing. You can also check the Exodus database via web if you can’t or don’t want to install the native Android app.