Mozilla betrays Firefox users and its nominal principles

December 15, 2017

Unusually, I'll lead with what I think that you should do and explain the background afterward. In Firefox, go to about:preferences#privacy (the Privacy & Security tab of Firefox Preferences), scroll down almost to the bottom to the 'Firefox Data Collection and Use' section, and untick 'Allow Firefox to install and run studies'. To be safe, you probably want to also untick 'Allow Firefox to automatically send technical and interaction data to Mozilla'.

(Apparently you're going to have to re-check this set of preferences every so often, because Mozilla may be quietly re-enabling one or both every so often, perhaps on version upgrades.)

You should also go into about:addons (your set of extensions) and if there is something called 'Looking Glass', delete it (if possible, and that qualifier is part of the problem).

This preference controls something that Mozilla calls SHIELD studies (also), which Mozilla describes as:

SHIELD studies let you try out different features and ideas before they are released to all Firefox users. Using your feedback, we can make more informed decisions based on what you actually need.

It appears that this preference (and the broader preference for sending data to Mozilla) is default-enabled in new Firefox profiles and installs, although I can't be entirely sure since my environment is somewhat unusual.

This preference sounds relatively harmless, and probably it used to be. Then very recently Mozilla pushed out a nominal SHIELD experiment in the form of a new extension called 'Looking Glass 1.0.3', with the helpful extension description text of 'MY REALITY IS JUST DIFFERENT THAN YOURS'. Unsurprisingly, a lot of people who noticed this extension appearing were quite alarmed, because it certainly does look like malware from surface appearances, and to add to the fun there was no particular sign in Firefox of what it did. People on Reddit who noticed it resorted to reverse engineering the extension's code in an attempt to figure things out, eg.

What this extension actually is is some kind of promotion from the Mr Robot TV show:

[...] Firefox and Mr Robot have collaborated on a shared experience to further your immersion into the Mr Robot universe, also known as an Alternate Reality Game (ARG). [...]

From the outside, this collaboration certainly seems like it was actually 'Mr Robot gave Mozilla a bunch of money and Mozilla abused its browser experiments system to inflict a Mr Robot promotional extension on people'. To make it worse, this is not just any old extension; this is an extension that apparently silently alters text on web pages (some text, only for a while).

There are two serious problems here, which are nicely summarized by Steve Klabnik in a tweet:

How can we claim to be pro-privacy while surreptitiously installing software on people's computers?

More importantly, how did management not see this as a problem?

The first problem is that Mozilla betrayed both the trust of Firefox users and its theoretical principles by abusing a system created for experiments to improve Firefox in order to stealthily install an extension that was completely unrelated to this purpose and that was instead (to all appearances) made for commercial reasons. Even assuming that Mozilla asserts that users 'opted in' to SHIELD experiments in any meaningful sense (given that the preference appears to default to on), all of Mozilla's documentation for SHIELD experiments says one thing about their purpose, and it is not doing commercial promotions. Users were not presented with a preference saying 'allow Mozilla to opt you in to promotions from people who pay us for this', so they have not in any way consented to this use of the system.

In short, Mozilla did not push this extension because they had consent from Firefox users, they pushed it purely because they had been trusted with the technical capability to do so. That is why you should turn off this preference; Mozilla has demonstrated that they cannot be trusted with it. It does not mean what it claims to mean; in practice the SHIELD preference means 'you've agreed that Mozilla can push random extensions to you if they feel like it'. You should not agree to this. Mozilla has additional technical capabilities to push extensions to you, but if they do so they are now clearly and undeniably doing so against your expressed wishes.

The bigger problem is that as an organization, Mozilla still does not appear to understand that they've done something bad or why it was bad. Mozilla (the entity) approved and actively collaborated in this abuse of trust and still doesn't seem to think there was anything wrong with it, or perhaps it thinks that at most the problems are technical (such as the extension description should have been clear or had links or whatever). An organization that understand that it had betrayed the trust of Firefox users would have a very different reaction than what little Mozilla has done. An organization that got it would be apologizing publicly, auto-removing the extension, and so on. It would not be having its marketing people say in public:

Here is Mozilla’s response, courtesy of Chief Marketing Officer Jascha Kaykas-Wolff: “Firefox worked with the Mr. Robot team to create a custom experience that would surprise and delight fans of the show and our users. It’s especially important to call out that this collaboration does not compromise our principles or values regarding privacy. The experience does not collect or share any data. [...]

This is the words of an organization that does not understand what having the trust of Firefox users means. Since it does not understand this, Mozilla is not worthy of this trust and cannot be trusted with it, which is the second and larger reason why you should turn off this preference and leave it off, and why you should probably turn off the top level preference for having Firefox send data to Mozilla at all. Whether you leave 'phone home' options like auto-update and addon auto-updates enabled is up to you, but if you're conscientious about keeping on top of that sort of thing, well, I don't think we can trust Mozilla as much as we used to.

I'm extremely disappointed in Mozilla here. If Chrome had pulled this shit, I would be sad and annoyed but unsurprised, because Chrome has always ultimately been a tool of its corporate overlords. But Mozilla has always claimed to stand for something better than that, and sometimes it even has. I won't say that Mozilla doesn't now, exactly, but it is now clear that standing for something better is not a particularly deep value in the portions of Mozilla that call the shots and that there is a critical mass of people working at Mozilla who do not have any problem with this sort of thing.

(See also this Github issue, while it lasts, helpfully summarized here in a screenshot.)

PS: As a corollary to what I've said about Chrome here, if you suggest that the sensible reaction to this is switching from Firefox to Chrome, I will laugh a lot (but a bit sadly).

Comments on this page:

I started using Waterfox last week... All pre-Quantum plugins work, no mozilla telemetry whatsoever.

Written on 15 December 2017.
« How we automate acmetool
Some questions someone should ask Mozilla »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Dec 15 20:56:41 2017
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.