You probably don't want to run Firefox Nightly any more

March 21, 2018

Some people like to run Firefox Nightly for various reasons; you can like seeing what's coming, or want to help Mozilla out by testing the bleeding edge, or various other things. I myself have in the past run a Firefox compiled from the development tree (although at the moment I'm still using Firefox 56). Unfortunately and sadly I must suggest that you not do that any more, and only run Firefox Nightly if you absolutely have to (for example to test some bleeding edge web feature that's available only in Nightly).

Let's start with @doublec's tweet:

Even if it is only Mozilla's nightly browser and for a short period of time I'm a bit disturbed about the possibility of an opt-out only "send all visited hostnames to a third party US company" study.
FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

(via Davor Cubranic)

In the mozilla.dev.platform thread, it's revealed that Mozilla is planning an opt-out DNS over HTTPS study for Firefox Nightly users that will send DoH queries for all hostnames to a server implementation at Cloudflare (with some legal protections for the privacy of this information).

This by itself is not why I think you should stop running Firefox Nightly now. Instead, the reason why comes up further down the thread, in a statement by a Mozilla person which I'm going to quote from directly:

It isn't explicit right now that using nightly means opting in to participating in studies like this, and I think the text of the download page antedates our ability to do those studies. The text of the Firefox privacy page says that prerelease products "may contain different privacy characteristics" than release, but doesn't enumerate them. [...]

Let me translate this: people using Firefox Nightly have less privacy protections and less respect for user choice from Mozilla than people using Firefox releases. Mozilla feels free to do things to your browsing that they wouldn't do to users of regular Firefox (well, theoretically wouldn't do), and you're implicitly consenting to all of this just by using Nightly.

That's why you shouldn't use Nightly; you shouldn't agree to this. Using Nightly now is pasting a 'kick me' sign on your back. You can hope that Mozilla will kick carefully and for worthwhile things and that it won't hurt, but Mozilla is going to kick you. They've said so explicitly.

Unfortunately, Mozilla's wording on this on the current privacy page says that these 'different privacy characteristics' apply to all pre-release versions, not just Nightly. It's not clear to me if the 'Developer Edition' is considered a pre-release version for what Mozilla can do to it, but it probably is. Your only reasonably safe option appears to be to run a release version of Firefox.

(Perhaps Mozilla will clarify that, but I'm not holding my breath for Mozilla to take their hands out of the cookie jar.)

I don't know what this means for people building Firefox from source (especially from the development tree instead of a release). I also don't know what currently happens in any version (built from source or downloaded) if you explicitly turn off SHIELD studies. Regardless of what happens now, I wouldn't count on turning off SHIELD studies working in future Nightly versions; allowing you to opt out of such things runs counter to Mozilla's apparent goal of using Nightly users as a captive pool of test dummies.

(I don't know if I believe or accept Mozilla's views that existing users of Nightly have accepted this tiny print that says that Mozilla can dump them in opt-out privacy invasive studies, but it doesn't matter. It's clear that Mozilla has this view, and it's not like I expect Mozilla to pay any attention to people like me.)

PS: I had a grumpy Twitter reaction to this news, which I stand by. Mozilla knows this is privacy intrusive and questionable, they just don't care when it's Nightly users. There are even people in the discussion thread arguing that the ends justify the means. Whatever, I don't care any more; my expectations keep getting lowered.

PPS: I guess I'll have to periodically check about:studies and the Privacy preference for SHIELD studies, just to make sure.

Comments on this page:

By sapphirepaw at 2018-03-26 10:14:44:

I understand where Mozilla is coming from; Nightly/Beta are specifically meant for testing, and they probably shouldn't roll out DoH completely blind to how it behaves in real-world usage.

However, any of these things could be dialed down (hashing hostnames, making collection opt-in, allowing the user to filter transmissions, using first-party infrastructure), and I can't condone Mozilla's choice of the worst possible combination.

I would be relatively okay with this on my work account. I would not want to participate at home, even if the hostnames were hashed and sent directly to first-party infrastructure. However, I already revoked all permission for studies after the Mr. Robot controversy. This is not making me want to reconsider.

(I use beta at work for work-specific things, and use release at home. Beta updates more rapidly than I turn on my home desktop. But, I assume this account structure is relatively rare.)

Written on 21 March 2018.
« Python and the 'bags of unstructured data' approach
Why seeing what current attributes a Python object has is hard »

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Wed Mar 21 02:18:58 2018
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.