TL;DR:

• "all rights" has been replaced with "rights necessary"
• Overall language of "operate Firefox" still remains, with a link to their Privacy Notice.
• "nonexclusive, royalty-free, worldwide license" remains, but is explicitly limited to "the purpose of doing as you request with the content you input in Firefox"
• Removed references to their Acceptable Use Policy

Details from a developer and FOSS advocate POV:

This is not enough.

Mozilla has yet to comment on why this change was necessary, outside of some vague "legally we have to" language. While these updated Terms shift more control back to the user, it's simply not enough. The only reason Mozilla would need any sort of license from the user is if they are going to be doing something with it on their systems. Any local use is and continues to be fully covered by the Mozilla Public License, which is the current license used by Firefox.

The MPL includes an indemnity and liability clause, which protects Mozilla from anything you might do with their browser. I can't think of a single FOSS license that doesn't include these clauses.

Controlling an application within the confines of your local device does not require the application to have a license to your content. It is, from a legal perspective, a tool you are using to do your own stuff. We don't give chisels manufactures a license for statues we make, notebook companies licenses for stories we write. And on the other side of that coin, no one sues Mozilla or Google because someone accesses The Pirate Bay or fmovies using the browser.

But let's take Mozilla at their word for a second. Suppose there was a legal reason for licensing your data.

Does Mozilla intend to force the websites you visit to agree to their terms? There are two sides to the connection you make on a website. For the sake of argument, say I'm visiting Disney+, another company super picky about their copyrights. I enter "www.disneyplus.com" into my browser, agreeing to Mozilla license provision. In order to "operate Firefox", the license allows Firefox to go to Disney+, who then responds back with their catalog. If Mozilla needs a license from me for my data, surely they need a license from Disney for their data to "operate Firefox".

In what world do you think Disney is going to grant Mozilla a "nonexclusive, royalty-free, worldwide license"? Their argument for any sort of licensing being necessary falls flat with this example right here.

Quick Edit here: their TOU assumes that you are the only license holder of content you upload using the browser. You cannot grant licenses to other people's content. So, in essence, you cannot upload a picture taken by your friend and if you do, the nature of these Terms allows your friend to sue Mozilla for copyright infringement. The very nature of asking for this license exposes them to liability for violations against copyright. Most websites have a clause that says something along the lines of "you agree that you have permission to share the content you upload to our servers and grant us a license to use that content as if it were you own" etc.

This isn't about your data within the local browser. This is about your data flowing through Mozilla. That's why they need the license. Their additional clause "This does not give Mozilla any ownership in that content" does absolutely nothing. A license, by it's nature, means that Mozilla doesn't own the content and seeks your permission to use it.

To Mozilla's credit, they removed references to their Acceptable Use Policy, but remains in place their ability to terminate your license to use Firefox for any reason, keeping Firefox firmly in the "Source Available" category.

Each person will need to decide whether Firefox fits in within their personal use of the internet. I, for one, am tired of my content being used without my express permission. My goal is to move to Waterfox by the end of March, if not sooner.

cross-posted from: https://infosec.exchange/users/thenexusofprivacy/statuses/114084624503739574

Universities nationwide used pro-Palestine protests to expand surveillance

"In the aftermath of pro-Palestinian encampments last year, colleges across the country announced new policies that effectively ban many forms of protest. In addition to chilling dissent, the new university rules also allow for campus surveillance and overreach by law enforcement. "

https://prismreports.org/2025/02/26/universities-pro-palestine-protests-surveillance/

#surveillance #privacy #protest

cross-posted from: https://programming.dev/post/26136291

Mozilla has just deleted the following:

“Does Firefox sell your personal data?”

“Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. "

Source: Lundke journal.

Mozilla deletes promise to never sell Firefox data.

cross-posted from: https://lemmy.sdf.org/post/30014811

cross-posted from: https://lemmy.sdf.org/post/30014783

U.S. Federal Trade Commission urged to investigate Google’s RTB data in first ever complaint under new national security data law.

Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by Enforce and EPIC. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.

The complaint (open pdf) targets a major part of Google’s business: Google’s Real-Time Bidding (RTB) system dominates online advertising, and operates on 33.7 million websites, 92% of Android apps, and 77% of iOS apps. Much of Google’s $237.9 billion advertising revenue is RTB.

Today’s complaint reveals that Google has known for at least a decade that its RTB technology broadcasts sensitive data without any security, according to internal Google discussions highlighted in today’s complaint.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls (example) to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. Even Google’s so called “non personalized” data contains dangerous data.

[...]

cross-posted from: https://lemmy.blahaj.zone/post/22523265

There’s a reason that cookies and privacy policies (in the EU at least) have become such an online nuisance. These assurances of your safety and privacy are nothing more than a pretext to get consent. Your “anonymised” data is sold to an infinite regress of third parties, analysed, correlated and de-anonymised again. Any smart device you use, your browsing habits, banking transactions, your GPS position are all used to deduce fine grain information about you. Then weaponised against you for as much profit as possible.

The 2024 Tesla Model 3 has some of the most advanced navigation, autonomous driving, and safety features currently on the market, meaning it’s full of equipment that can record and track your surroundings—and you. How much data does Tesla collect? Where is it stored? And can you trust them to protect your sensitive information? WIRED decided to investigate.

cross-posted from: https://lemm.ee/post/56769139

cross-posted from: https://sopuli.xyz/post/23170564

cross-posted from: https://lemmy.blahaj.zone/post/22470723

The DHS quietly updated its policy manual earlier this month, removing LGBTQ+ identities from the section prohibiting surveillance based solely on immutable characteristics.

From the new terms:

When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

*With ‘better’ I mean that an encrypted solution is adequate in these cases because the mails are on other servers, and the companies/servers depend on the jurisdiction where they are located. But by hosting a mail server at home, even unencrypted, we are 100% in control of our data.

PS: is there a self-hosting mail server solution that stores everything encrypted? I already self-host almost everything I use, but not email.

It may seem like AI chatbots are taking over every digital application, whether we like it or not. You might have noticed more AI note-taking bots in online conferencing platforms, some of which offer end-to-end encryption (E2EE). Then Apple Intelligence plans were announced, promising application redesigns to offer AI features across its phone and laptop operating systems. The latest changes have come from Meta AI’s integration in WhatsApp, replete with “bots nobody wants.”

Any time new features are added to an E2EE messaging app, it raises concerns about privacy and security. So, what concerns are raised by the addition of AI bots? How can we evaluate those concerns? As AI becomes more embedded into encrypted services, is it possible to resolve the tension between the privacy users expect from E2EE and the data access needed for AI functionality? With our colleagues at Cornell and NYU, we set out to answer these questions.

We uncovered several facets of this question from both a technical and legal perspective and published a paper laying practical recommendations for E2EE messaging platforms and regulators. It’s also important that we outline the practical solutions and recommendations for the public. You can read the full preprint paper here.

cross-posted from: https://lemmy.world/post/26088944

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.

She made the claims in an interview with Swedish media SVT Nyheter which reported the government could legislate for a so-called E2EE backdoor as soon as March 2026. It could bring all E2EE messenger apps like Signal, WhatsApp, iMessage, and others into scope.

Whittaker said there is no such thing as a backdoor for E2EE "that only the good guys can access," however.

"Either it's a vulnerability that lets everyone in, or we continue to uphold strong, robust encryption and ensure the right to privacy for everyone. It either works for everyone or it's broken for everyone, and our response is the same: We would leave the market before we would comply with something that would catastrophically undermine our ability to provide private communications."

Sweden launched an investigation into its data retention and access laws in 2021, which was finalized and published in May 2023, led by Minister of Justice Gunnar Strömmer.

Strömmer said it was vital that law enforcement and intelligence agencies were able to access encrypted messaging content to scupper serious crime – the main argument made by the UK in pursuing its long-term ambition to break E2EE.

The inquiry made several proposals to amend existing legislation, including the recommendation that encrypted messaging must store chat data for up to two years and make it available to law enforcement officials upon request.

It would essentially mirror the existing obligation for telecoms companies to provide call and SMS data to law enforcement, as is standard across many parts of the developed world, but extend it to encrypted communications providers.

cross-posted from: https://fedia.io/m/firefox/t/1847796

We’re introducing a Terms of Use for Firefox for the first time, along with an updated Privacy Notice.