- This topic has 26 replies, 6 voices, and was last updated Jan 8-5:15 am by Anonymous.
-
Posts
-
ModdIt
First point, Telemetry is on by default in Firefox official direct downloads.
This can be changed at compile time or before distribution by an organisation.In Firefox nightly Telemetry is compiled in fully enabled. The user must accept that fact.
For other versions there are often variations in the level of data harvesting frequently including so called studies.You can find some info on below page but please be aware not all data collection is called telemetry, and the other methods
used by mozilla and associates are intensive and considered intrusive by many. This includes studys which are opt in by default
but can be enabled by an organisation.https://support.mozilla.org/en-US/kb/telemetry-clientid#firefox:linux:fx96
about:telemetry gives you some insight in to what has been sent to Mozilla under the telemetry label.If you use typeahead find or online spellchecking be aware of the fact that you are delivering every keypress to a remote server.
If you use mozilla VPN, you allow massive insights. To be as private as possible use tor but consider it comprimised. Big subject.
If you are interested in privacy, never start the browser after install or every update before checking settings, including those
in about:config. Never agree to letting Mozilla refresh your browser when their systems have detected your settings are broken.
Which they are able to do without taking your data !!!. Its magic.
Kuketz, G.Hacks and other sites are your friends for learning as is a heap of info here in the forum.For more privacy without study use LibreWolf or if it is stable on your system UngoogledChromium.
For users of 32 bit systems unfortunately there are not so many options. You can find information here in the forum.
Here in EU, not just Germany data protection laws apply. Corporations get away with far too much, individuals are often a target as
they are unable to afford good lawyers and certainly not dozens of them.
Remember, if you download or use a browser like Firefox, by doing so you agree to a privacy policy. Take a few days off to read it
including the policy of referenced partners and partners partners, policy ad infinitum.Anonymous
This page discusses use of a distribution.ini file toward overriding unwanted default preferences:
https://brashear.me/blog/2017/12/07/how-to-deploy-firefox-with-bookmarks-and-addons/
However, it does not provide an end-user -oriented explanation of how/when to place the distribution.ini file.
Place it immediately after program installation, PRIOR to ever launching the firefox program.
The contents of distribution.ini will not be applied to pre-existing user profiles. Its content will only be applied to profiles created after its placement.stevesr0
Thanks Moddit and skidoo,
Does an existing distribution.ini file start working if you upgrade a Firefox install or only if you remove Firefox and then reinstall after installing the distribution.ini file?
stevesr0
Please note the linked sample ini from below link
https://brashear.me/blog/2017/12/07/how-to-deploy-firefox-with-bookmarks-and-addons/enables telemetry and denies user choice… do not use as is.
For sure not skidoo intention. And illegal in EU, not just Germany.
https://gdpr.eu/what-is-gdpr/added for any doubters.
see entry# Telemetry: report everything, no prompting. toolkit.telemetry.enabled=true browser.crashReports.unsubmittedCheck.autoSubmit=true datareporting.policy.dataSubmissionPolicyBypassNotification=trueEdit, Added content
The original Mozilla wiki entry for an ini file is here:
https://wiki.mozilla.org/Distribution_INI_File
Created by Dan Mills February 2016, It contains no problematic content or suggestions.More globbets of information towards understanding the possibilitys here
https://mike.kaply.com/2012/03/26/customizing-firefox-distribution-ini/- This reply was modified 1 year, 4 months ago by ModdIt.
- This reply was modified 1 year, 4 months ago by ModdIt.
Well worth reading on Mozilla,
Telemetry related as quoted by mozilla many times for feature removal and intelligent comments on that
by an industry veteran
https://news.itsfoss.com/firefox-continuous-decline/What is missing is info on the continuos rise in the salary MB takes out of Mozilla foundation.
Be interesting to graph user base loss against USD 250000 a Month plus massive perks.The only thing rapidly rising is the salary of the chief leech CEO MB.
Does an existing distribution.ini file start working if
lets clarify “start working”:
After distribution.ini has been placed, its content is applied to any subsequently created firefox user profiles. In other words, it will have zero impact on pre-existing profiles.Hi skidoo,
To clarify my question –
If I have Firefox installed and in use and LATER create a distribution.ini file and then LATER upgrade Firefox to a newer version, does the newer version follow the “dictates” of the distribution.ini file or continue with the prior version’s profile.
In the latter case, removing and reinstalling Firefox will presumably remove the existing profiles and cause the new install to use a profile specified in the distribution.ini file?
Hope that is clearer.
stevesr0
In the latter case, removing and reinstalling Firefox will presumably remove the existing profiles and cause the new install to use a profile specified in the distribution.ini file?
cause the new install to use a profile specified in the distribution.ini file?
distribution.ini does not provide a full profile, nor does it specify which profile, by default, shall be used.
It simply contains only a limited number of sets of prefname::value pairs. These are used to overwrite selected pairs within each subsequently created user profile.AFAIK, removingpurging and reinstalling the Firefox package [regardless whether the package provides a distribution.ini] does not disturb any existing profiles, nor any other files pathed within users $HOME directories. The only exception that I can think of, in antiX, is that an apt-hook probably triggers the menu-update script to remove/add a menu entry line within each user’s ~/{.fluxbox,.icewm,.jwm}/menu files.To wit: following an upgrade, ff often grumbles that some of the previously-installed addons associated with a given pre-existing profile are no longer compatible and have been disabled, right?
To confirm the outcome, You should / must TRY it.
Each version upgrade does not behave identically. Example: As I recall, ff53 (and ff v56?) introduced breaking changes and stomped pre-existing user profiles. Other versions, upon upgrade, seem to “preserve” existing profiles but sneakily overwrite/reset the values of various user-set prefs…skidoo wrote :following an upgrade, ff often grumbles that some of the previously-installed addons associated with a given pre-existing profile are no longer compatible and have been disabled.
Mozilla on occasion also disables extensions remotely. Recently one which affected the revenue model by blocking sending of search to google.
Version upgrades, for example LTS, will completely overwrite /usr/lib/firefox-esr. If you agree to a refresh same plus a new profile will be created in home, i.e. your privacy changes are effectively negated. Or put another way FF and associates feed freely on your data again.
Version change, ie from LTS to Latest, new profile will be created in home, distribution ini if present within the package used. LTS ini and Latest are to be regarded separately.
A Package directly downloaded from Mozilla has no distribution ini.Skidoo is right to say Try it/check it, each update will mean going through settings, removing hidden extensions, disabling others. You will on occasion find your BROKEN user profile has been quietly replaced with a fresh one. Broken, disturbing data harvesting by Moz and associates. The main one being an advertising company, along with goog and others.
Depending on about:config settings mozilla can, and does, remotely change settings to allow themselves further free accesss to chunks of your data. You will get no notice of such changes.
Preference names are frequently changed in about config. Some really crappy ways are used. Setting XXX on if off is one I saw recently, way down at the end of a list of hundreds of preferences and far from the pref it affected.
Do not think you can trust in Mozilla, do not think you can stop all data harvesting. Use several browsers. Use LibreWolf and Tor as well as FF if you need it.
Block moz sites in Hosts, be careful there is a setting in config telling the browser DNS, yes Browser not system to ignore said setting.
On top Block in a router whenever possible. And read logs, watch conky if it spikes when you start your browser ask yourself why..Mozilla has compiled a system called glean in to the browser, you can not block it entirely by settings. Gleaning is harvesting. Harvesting your data.
They have also a new shiny data analysis system for all the (non) privacy they offer those laid bare by trust in a devious net of half truths and downright lies.- This reply was modified 1 year, 4 months ago by ModdIt.
- This reply was modified 1 year, 4 months ago by ModdIt.
Brian Masinick
What’s your opinion on the Duck Duck Go web browser? Also use their search; it seems to use other resources without leaving a lot of visible trails on my hardware anyway…
I use it on my phone. Whatever it may or may not do, it seems to be willing to minimize the proliferation of cookie data; depends on how you set it up; I have been able to have it either keep a few things or completely wipe it clean after use (at least to the extent I can view on my own hardware).
Thoughts pro and con?
--
Brian Masinick
oops
My guess:
The general philosophy in the www now is: if you do not accept the rules, you do not have the full services. It’s a kind of protection for the end user (I guess) but not only, can also be used for commercial aspects.Wow,
So the bottom line is be prepared to MANUALLY modify every preference that concerns one, every time Firefox/Mozilla changes anything (with or without warning).
Sounds like it is best managed as an ongoing group project – with people (like Moddit [or anyone else]) posting new changes they have discovered, and ideally what to edit (and where) in “about:”.
Unpleasant to contemplate.
Thank you Mozilla.
Happy New Year <g>.
stevesr0
Be prepared to MANUALLY modify every preference that concerns one, every time Firefox/Mozilla changes anything (with or without warning).
That really depends on what you hope to acheive. Find information about changes, backup user.js and prefs.js. Make changes.Where in about:config is the easy part, just copy in a known preference and you get taken to it automagicaly, for hidden preferences you get a line
with choices. The difficult part is changes are often undocumented or obscure, or both.On ESR you can do a lot with an enterprise policy, that is sticky. Userchrome CSS is also very useful. Take a look at how LibreWolf is setup, you can
borrow many of the changes but not the url substitution or the complete prefs.js.Search is a moot point when DNS goes mozilla.cloudflare, means through moz.
network.trr.default_provider_uri I have all set to https://dnsforge.de/dns-query
network.trr.resolvers
network.trrr.urinetwork.trr.confirmation_telemetry_enabled set to false before connecting to internet
Tap in word telemetry, you will get a long list of set to false options. Tap in ping, same goes.Wish all a good start in new year.
Brian Masinick
Regarding the telemetry, yeah, the default, and the way the World Wide Web was created from the very beginning, made information very accessible, but yes, the complete and absolute security of what you’re doing, where you’ve been, etc. has always been in question from the very beginning.
I was aware of much of this information before the “famous” (or infamous, depending on your opinion) major, significant release of Windows 95, which, for better or worse, truly helped the masses for the first time gain access to the kind of computing information I’ve had access to since at least the early eighties, as far as the broadest reaches of the Internet, and longer than that, as far as industry-wide technology and information.
I remember when Microsoft made a marketing contract with the owners of the Rolling Stones tune, “Start Me Up!”. Very successful marketing campaign. That technology caused me to purchase my own personal computer for the first time, and it came with Windows for Workgroups 3.11, and I purchased a Windows 95 kit and a book about Slackware – “Linux: Configuration and Installation (Mis Press Slackware Series) by Eric Foster-Johnson, Patrick Volkerding, and Kevin Reichard.”
It was this book that got me actively into Linux, though I had been following it in literature for a few years. After that, my next door neighbor, also interested in Linux from a telephony perspective (he and a partner built a company and made their in house phone system based on a small business phone network based on Linux). He introduced me to a USA Linux Users Group called the USALUG. A friend there got me interested in Debian and some of it’s derivatives, and for me, the rest is history.
To this day I find Slackware to be pretty efficient, but I prefer Debian style packaging, so I use Debian-based distributions primarily, including both systemd and non systemd variants.
Back to telemetry and information compromise, in all of my years of using on line technology, purchasing products online and using computers, I’ve only been intruded upon twice, neither of which affected my long term safety. The first was my own local grocery store that got compromised; I changed my credit cards, etc. The second was a foreign scam that ALMOST caught me; I smelled a RAT, contacted a friend of mine at the local police department, gave them the information, and they cooperated with federal and international parties and eventually caught the specific perpetrators. In neither case did I personally suffer financial loss.
I am not afraid of my browsing or buying habits being challenged, other than the possibility of tracking my travel; however, now that I live in a well-protected senior living community, I needn’t be afraid of that either; the likelihood of personal property being stolen or compromised is minimal.
I share this long, drawn out story, including the stuff about Windows, Slackware, Debian, and Linux because I’ve used this stuff as long as most people here and longer than 99% of the world’s population. I purchased 100% of my holiday presents online, back before we had today’s security measures in place and whether someone knows a lot about me or not, I’ve not been physically or financially harmed by any of it, though a few have attempted to harm me; the only ones who succeeded in causing me financial harm were people I misjudged, not someone who took anything over the Internet from me.
Can telemetry data be used? Yeah, even the early founders discussed this. Java, with all of its capabilities, was also examined for trade-offs between effectively networking and connecting data versus opening potential holes. IBM, out of the oldest computing companies, once had the most secure systems because they were the LEAST open – their systems and networks did NOT connect to the world wide Internet until well after Microsoft, UNIX, and Linux systems (plus Digital Equipment Corporation, with their DECnet, before the TCP/IP Internet effectively wiped them out).
Data is available. It CAN be captured, but it’s not particularly easy to grab, and it’s harder to specifically identify to a particular user. The bad guys go after big hauls, usually of easy, “low hanging fruit” with poor security, or with payloads that make hard work yield millions, even billions, for a successful “heist”. Someone COULD potentially find, get, steal, “whatever” something from me. The effort to do it would almost certainly cost FAR MORE than the amount they could possibly gain from attempting to acquire any of my assets; they’re non-zero, but they’re not that much! Most of us are probably in a similar place; why worry? The bad guys can get much more, both in intelligence, information, and financial assets by looking elsewhere!
--
Brian Masinickoops
Regarding the telemetry…
… In neither case did I personally suffer financial loss.
…I share almost all of your opinion except here.
Insurance and reinsurance companies do not think like you (us).
- You must be logged in to reply to this topic.
