Firefox ESR Tracking enabled in INI – Fix uploaded

[Member ModdIt]

Thanks to very fast reaction by anticapitalista a fixed distribution ini has been uploaded. Upstream Changes hade been made which
were not authorised or condoned by antiX team and are now removed.

After update, preferrably without an internet connection:
Recommend users to check in about:config for any enabled against user intent telemetry settings or replace user.js and prefs.js with
prefered sanitized versions. Those as text human readable readable files are located in the
/home/yourusername/.mozilla/firefox/something.default-esr folder. Users may also delete the mozilla config in home completely if wished,
It will be regenerated at next Firefox start. Again recommend to those concerned about privacy.
Start without internet, make settings, delete waiting pings or crash
reports before making a connection to the internet.

———————————————————————————————————————————–

In antiX 21 Firefox following settings found in THE ANTIX /usr/share/firefox-esr/distribution/distribution.ini.

# Telemetry: report everything, no prompting.
toolkit.telemetry.enabled=true
browser.crashReports.unsubmittedCheck.autoSubmit=true
datareporting.policy.dataSubmissionPolicyBypassNotification=true

1/ IN EU ILLEGAL, in Germany angry parent is reporting both me and antiX setting situation to Data Protection agency.
I am now forced to do same while protesting my being unaware of the setting.

Due this HIDDEN FROM USER setting Mozilla can with use of glean and the older anti privacy data reporting plus standard activated settings in about config get.

Unique installation ID,
Location information, not fully investigated but probably to house number and exact WLAN level.
Information to changed settings in about:config
Date and time of first usage and start and end times of usage.
As type ahead find is set to enabled all search terms directly.
DNS is set to mozilla.cloudflare in about:config means all searches are also sent through mozilla.

To understand the situation users please read up on mozilla glean as well as other user privacy undermining methods.
Admittedly difficult as packed in slime and referring to the mozilla privacy policy, which referrs to the (lack of) privacy policy
of its partners, google, cloudflare apple and others.

I really hope this is a situation anticapitalista was unaware of, it seriously undermines confidence and the reputation of the distro.
That it is fixed extremely quickly.

That it is made clear who is the directly responsible person, before questions come from German Parents, Data Protection Officials and Lawyers.
This is something for which Mozilla is hard to blame as the distribution ini is specific to antiX.

• This topic was modified 1 year, 4 months ago by ModdIt.

[Member blur13]

Helpful

Up

0

::

Its the same in antiX 19, should all those be set to “false”? No further action needed?

[Forum Admin anticapitalista]

Helpful

Up

0

::

You should report this to Debian since that is where we get the package from.

This is what antiX has in /usr/share/firefox-esr/distribution/distribution.ini.

# Partner Distribution Configuration File
# Author: Dan Mills <thunder@mozilla.com>

# id: short string unique to this distribution
# about: a short descriptive (ui-visible) string for this
# distribution
# version: version of the extra distribution pieces (not the version
# of Firefox)
# bookmarks.initialized.pref: (optional) name of a boolean pref used to determine if bookmarks should be created on startup. This option should not be used except to upgrade from previous customized distributions that did not use the distribution.ini method

[Global]
id=antiXLinux
version=19
about=Updates will come through package manager
about.en-US=Updates will come through package manager
#bookmarks.initialized.pref=cck.testpartner.initialized

[Preferences]
mozilla.partner.id="
app.distributor=
app.distributor.channel=
app.update.url.manual="The Oracle recommends using synaptic for updates."
browser.search.distributionID=
app.update.enabled=false
browser.search.searchEnginesURL="https://www.startpage.com"
browser.search.defaultenginename="Startpage"
extensions.update.enabled=true
intl.locale.matchOS=true
browser.shell.checkDefaultBrowser=false
browser.newtabpage.enhanced=false
media.mediasource.enabled=true
media.mediasource.webm.enabled=true
media.fragmented-mp4.ffmpeg.enabled=true
media.fragmented-mp4.gmp.enabled=false
media.fragmented-mp4.exposed=true

[LocalizablePreferences]
browser.startup.homepage="https://www.antixforum.com/"

# If a directory for the locale the browser is running in doesn't
# exist, Firefox will automatically try the 'default' locale, as defined
# by the distribution.searchplugins.defaultLocale preference.

# Bookmarks

# There are two "toplevel" sections, BookmarksToolbar and BookmarksMenu.
# These can reference other sections via the "folder" type item. These
# folder sections must be named "BookmarksFolder-<id>".

# Each section contains a list of numbered item settings, where each
# item represents a bookmark, livemark, separator, folder, or the default
# bookmarks in that container (if any). The default type is bookmark.

[BookmarksToolbar]
item.1.title=antiX Forum
item.1.link=https://www.antixforum.com/
item.1.description=
item.2.title=antiX Website
item.2.link=https://antixlinux.com/
item.2.description=

[BookmarksMenu]
item.1.type=folder
item.1.title=anticapitalista!
item.1.folderId=1
item.2.type=folder
item.2.title=antiX Linux
item.2.folderId=2

[BookmarksFolder-1]
item.1.title=anti-fascist
item.1.link=http://www.antiracismfascism.org/
item.2.title=Democracy Now!
item.2.link=http://www.democracynow.org/
item.3.title=CounterPunch
item.3.link=http://www.counterpunch.org/
item.4.title=New Left Review
item.4.link=http://newleftreview.org/
item.5.title=Monthly Review
item.5.link=http://monthlyreview.org/
item.6.title=Marxists Internet Archive
item.6.link=http://www.marxists.org/
item.7.title=The Noam Chomsky Website
item.7.link=http://www.chomsky.info/
item.8.title=Radical Philosophy
item.8.link=http://www.radicalphilosophy.com/

[BookmarksFolder-2]
item.1.title=antiX-forum
item.1.link=https://www.antixforum.com/
item.2.title=antiX Website
item.2.link=https://antixlinux.com/
item.3.title=antiX-videos
item.3.link=https://www.youtube.com/user/runwiththedolphin?feature=watch
item.4.title=old antiX-forum
item.4.link=https://www.tapatalk.com/groups/antix/ 
item.5.title=antiX-FAQ
item.5.link=file:/usr/share/antiX/FAQ/index.html
item.6.title=antiX-equivalents
item.6.link=file:/usr/share/antiX/equivalents.html

No mention of
toolkit.telemetry.enabled=true
browser.crashReports.unsubmittedCheck.autoSubmit=true
datareporting.policy.dataSubmissionPolicyBypassNotification=true

• This reply was modified 1 year, 4 months ago by anticapitalista.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Member ModdIt]

Helpful

Up

0

::

The problem is that once the browser starts with an active internet connection Mozilla harvests user data and claims allowed data transmission
by telemetry option on.

In Germany the present setup is definitely illegal, hidden opt out. Very probably in entire EU and many other countrys.

To stop telemetry and data reporting through firefox as far as possible these settings should always be false, better removed entirely before first start.
Plus
A lot of changes need making in about:config, again before starting FF with an internet connection, at present the only way for 32 bit users as privacy
respecting LibreWolf is only available in a 64 bit version. Further the pending reports must be deleted in user area or they are likely to still be sent
in disregard of user intent and setting changes. Just changing the normal user level settings is proven insufficient. Some transmission methods are compiled
in to the browser. Block telemetry.mozilla.org in hosts and if possible in router plus ad blocking extension. This is unlikely to be totaly effective.

Many of the LibreWolf changes can be used in LTS Firefox but not for example the url substitution which was transferred from tor uplift and is a compile patch.
Will give more on that as the limitations and implications become more clear.

[Forum Admin anticapitalista]

Helpful

Up

0

::

So what happens if you remove that file?
We have had this file for ever since all it was supposed to do was add custom bookmarks.

Ok, I see now that the file got changed somewhere down the line.
No idea why.
I’ll see how to fix it.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Forum Admin anticapitalista]

Helpful

Up

0

::

Could you check if this version would be acceptable? This is what it should have been. Thanks

# Partner Distribution Configuration File
# antiX bookmarks

[Global]
id=antiXLinux
version=21
about=Updates will come through package manager
about.en-US=Updates will come through package manager

[Preferences]

[LocalizablePreferences]
browser.startup.homepage="https://www.antixforum.com/"

# If a directory for the locale the browser is running in doesn't
# exist, Firefox will automatically try the 'default' locale, as defined
# by the distribution.searchplugins.defaultLocale preference.

# Bookmarks

# There are two "toplevel" sections, BookmarksToolbar and BookmarksMenu.
# These can reference other sections via the "folder" type item. These
# folder sections must be named "BookmarksFolder-<id>".

# Each section contains a list of numbered item settings, where each
# item represents a bookmark, livemark, separator, folder, or the default
# bookmarks in that container (if any). The default type is bookmark.

[BookmarksToolbar]
item.1.title=antiX Forum
item.1.link=https://www.antixforum.com/
item.1.description=
item.2.title=antiX Website
item.2.link=https://antixlinux.com/
item.2.description=

[BookmarksMenu]
item.1.type=folder
item.1.title=anticapitalista!
item.1.folderId=1
item.2.type=folder
item.2.title=antiX Linux
item.2.folderId=2

[BookmarksFolder-1]
item.1.title=anti-fascist
item.1.link=http://www.antiracismfascism.org/
item.2.title=Democracy Now!
item.2.link=http://www.democracynow.org/
item.3.title=CounterPunch
item.3.link=http://www.counterpunch.org/
item.4.title=New Left Review
item.4.link=http://newleftreview.org/
item.5.title=Monthly Review
item.5.link=http://monthlyreview.org/
item.6.title=Marxists Internet Archive
item.6.link=http://www.marxists.org/
item.7.title=The Noam Chomsky Website
item.7.link=http://www.chomsky.info/
item.8.title=Radical Philosophy
item.8.link=http://www.radicalphilosophy.com/
item.9.title=Jacobin
item.9.link=https://jacobinmag.com/
item.10.title=Catalyst
item.10.link=https://catalyst-journal.com/

[BookmarksFolder-2]
item.1.title=antiX-forum
item.1.link=https://www.antixforum.com/
item.2.title=antiX Website
item.2.link=https://antixlinux.com/
item.3.title=antiX-videos
item.3.link=https://www.youtube.com/user/runwiththedolphin?feature=watch
item.4.title=old antiX-forum
item.4.link=https://www.tapatalk.com/groups/antix/ 
item.5.title=antiX-FAQ
item.5.link=file:/usr/share/antiX/FAQ/index.html
item.6.title=antiX wiki
item.6.link=https://antixlinuxfan.miraheze.org/wiki/Main_Page
item.7.title=antiX-equivalents
item.7.link=file:/usr/share/antiX/equivalents.html

• This reply was modified 1 year, 4 months ago by anticapitalista.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Member ModdIt]

Helpful

Up

0

::

Hi anticapitalista, sorry but this is already somewhat out of controll.
Parents are involved as they pointed out the problem which I did not know about.

Checked again user machine and mine have as below, the install came from official channnel.
Further to that two other separate official installs all same.

My weight at debian is less than a feather, I have reported bugs without an answer in the past.

This reflects on directly antiX, I think they will not give a damn.

# Partner Distribution Configuration File
# Author: Dan Mills <thunder@mozilla.com>

[Global]
id=antiXLinux
version=21
about=Updates will come through package manager
about.en-US=Updates will come through package manager

[Preferences]

# Disable the bundled pocket extension
extensions.pocket.enabled=false

# Privacy: enable tracking protection, disable third-party cookies
network.cookie.cookieBehavior=1
privacy.trackingprotection.enabled=true
privacy.trackingprotection.introCount=20

# Telemetry: report everything, no prompting.
toolkit.telemetry.enabled=true
browser.crashReports.unsubmittedCheck.autoSubmit=true
datareporting.policy.dataSubmissionPolicyBypassNotification=true

# Disable first-run annoyances.
browser.rights.3.shown=true
browser.startup.homepage_override.mstone=”ignore”

[LocalizablePreferences]
browser.startup.homepage=”https://www.antixforum.com/&#8221;

# If a directory for the locale the browser is running in doesn’t
# exist, Firefox will automatically try the ‘default’ locale, as defined
# by the distribution.searchplugins.defaultLocale preference.

# Bookmarks

# There are two “toplevel” sections, BookmarksToolbar and BookmarksMenu.
# These can reference other sections via the “folder” type item. These
# folder sections must be named “BookmarksFolder-<id>”.

# Each section contains a list of numbered item settings, where each
# item represents a bookmark, livemark, separator, folder, or the default
# bookmarks in that container (if any). The default type is bookmark.

[BookmarksToolbar]
item.1.title=antiX Forum
item.1.link=https://www.antixforum.com/
item.1.description=
item.2.title=antiX Website
item.2.link=https://antixlinux.com/
item.2.description=

[BookmarksMenu]
item.1.type=folder
item.1.title=anticapitalista!
item.1.folderId=1
item.2.type=folder
item.2.title=antiX Linux
item.2.folderId=2

[BookmarksFolder-1]
item.1.title=anti-fascist
item.1.link=http://www.antiracismfascism.org/
item.2.title=Democracy Now!
item.2.link=http://www.democracynow.org/
item.3.title=CounterPunch
item.3.link=http://www.counterpunch.org/
item.4.title=New Left Review
item.4.link=http://newleftreview.org/
item.5.title=Monthly Review
item.5.link=http://monthlyreview.org/
item.6.title=Marxists Internet Archive
item.6.link=http://www.marxists.org/
item.7.title=The Noam Chomsky Website
item.7.link=http://www.chomsky.info/
item.8.title=Radical Philosophy
item.8.link=http://www.radicalphilosophy.com/
item.9.title=Jacobin
item.9.link=https://jacobinmag.com/
item.10.title=Catalyst
item.10.link=https://catalyst-journal.com/

[BookmarksFolder-2]
item.1.title=antiX-forum
item.1.link=https://www.antixforum.com/
item.2.title=antiX Website
item.2.link=https://antixlinux.com/
item.3.title=antiX-videos
item.3.link=https://www.youtube.com/user/runwiththedolphin?feature=watch
item.4.title=old antiX-forum
item.4.link=https://www.tapatalk.com/groups/antix/
item.5.title=antiX-FAQ
item.5.link=file:/usr/share/antiX/FAQ/index.html
item.6.title=antiX wiki
item.6.link=https://antixlinuxfan.miraheze.org/wiki/Main_Page
item.7.title=antiX-equivalents
item.7.link=file:/usr/share/antiX/equivalents.html

[Forum Admin anticapitalista]

Helpful

Up

0

::

That is from antiX-21 at build time, but why telemetry got added I really don’t know.
All you can do is tell users to either remove firefox-esr and its hidden folder in /home and /usr/share/firefox-esr/distribution/distribution.ini
and then reinstall it (the distribution.ini file will not get reinstalled). Or use another browser. Or remove antiX from their computers.

So sorry about this.

• This reply was modified 1 year, 4 months ago by anticapitalista.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Forum Admin anticapitalista]

Helpful

Up

0

::

So, removing or replacing /usr/share/firefox-esr/distribution/distribution.ini will not fix this problem?

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Member ModdIt]

Helpful

Up

0

::

quote: Could you check if this version would be acceptable?
This is what it should have been. Thanks

Looks fine and safe to me. I have absolutely no objection to the included bookmarks.
anyone who does not like them can quickly remove them.

Is it possible to replace the ini file without waiting for next FF update ?. Not sure when next debian LTS is scheduled.

Would like to prove fast issue resolving to parents complainants and if neccesary local government data protection office.

[Forum Admin anticapitalista]

Helpful

Up

0

::

I can add that to antix-libs package which will overwrite the old file with this new one once it hits the repos and is updated.
I feel such an idiot for this.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Member ModdIt]

Helpful

Up

0

::

# All you can do is tell users to either remove firefox-esr and its hidden folder in /home and /usr/share/firefox-esr/distribution/distribution.ini
and then reinstall it (the distribution.ini file will not get reinstalled). Or use another browser. Or remove antiX from their computers.

I see no reason to remove antiX, this is not about blame just to fix the problem as quickly and efficiently as possible. And openly prove it.

We will need to monitor for any further unauthorised change to distribution ini or other sneaky .js changes. I will watch it for sure.

Sad that it was found by a very IT savvy parent with owned high tech router, due logged connections to moz telemetry server.

thinking about it, We need to remove the corrupted ini, remove the ~/mozilla.config, to be safe better completely, delete the ~/.cache/mozilla
Reinstall browser and check for sanity. In our case remove hidden extensions, add a known privacy sanitized user.js prefs.js
and our userchrome css.
I will go through policy and other .js files, simplify as far as possible to give back user choice.
Which is what the whole distro is about.

Firefox is needed by students as the alternatives accepted by the university for online study are no go.

• This reply was modified 1 year, 4 months ago by ModdIt.

[Forum Admin anticapitalista]

Helpful

Up

0

::

We (antiX) should not and we do not touch the home user folder so we shouldn’t remove any files/folders in home.
Or did you mean that users should do that?

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Forum Admin anticapitalista]

Helpful

Up

0

::

I have sent the antix-libs debs with the ‘fixed’ version of distribution.ini to the repo master
Hopefully they will appear soon.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Member ModdIt]

Helpful

Up

0

::

I think the users will have to work in home, or a mini script be offered to make things easier.
User would have to run that.
Replace/restore config and privacy settings is the most bothersome part.

Put in perspective mozilla has in the past done way more than this to the detriment of users.
The present i9ssue may also by the mozilla man at head of the config file.

Maybe be nice to have an advice notice with fox update, something along the lines of,

due to an unauthorised upstream configuration change affecting user privacy, pls save your user.js prefs.js
if you have made changes, delete the home. mozilla config and cache folders. Check and/or replace your user
configuration .js files.
AntiX team is sorry for the inconvenience.

[Author]

Posts