vaguerant

Would it be possible to reset the purge timer for individual users based on activity? e.g. A user who comments or up/downvotes something gets their purge timer reset, so that active users never get purged unless they change their password or similar. Not sure how easy it is to tie activity data to a login token, I have no idea how Lemmy or anything else works.

In positive news, the title database has expanded their Unicode coverage.

It’s true this is a thing that you can do, but the experience seems pretty degraded vs. just registering an account with a Lemmy/Mbin/PieFed/Sublinks (did I miss any?) instance which is natively configured for the kind of threaded conversations that exist on this segment of the fediverse. The instructions basically amount to “Go to a Lemmy instance and use its interface to find a community you’re interested in, then copy the link to the discussion you want to interact with and paste that into your Mastodon instance’s search bar, then reply to the post that appears. It’s that simple!”

If you only interact with threads occasionally or you just want to try it out from Mastodon, this is workable, but you need a lot of patience for the busywork that’s involved.

Sounds like he was hoping to compete.

The Leta FAQ confirms this:

Did you make your own search engine from scratch? We did not, we made a front end to the Google and Brave Search APIs.

Our search engine performs the searches on behalf of our users. This means that rather than using Google or Brave Search directly, our Leta server makes the requests.

Searching by proxy in other words.

My guess is that there’s a bot (or very bored person) monitoring a few major communities and they just DM everybody who posts there. I took a bit of a break from social media a while ago and the first time I commented after that, two fediverse chick DMs. Seems like they are responding to activity.

Yeah, I keep seeing that phrasing used everywhere and it bothers me, too. I’m pretty sure it’s not accurate to the UK system either: they have a standard parliamentary setup like most of Europe where the party or coalition of parties who earn a majority of the seats is able to form government, which most people would consider to be what winning an election means. I’m not well-versed in the history of UK parliament, but it may just be that the situation has never occurred there, so they’re unfamiliar with it?

I think somebody has misunderstood a comment made by Zelenskyy at the International Summit on the Support of Ukraine, held this February just passed. Zelenskyy said:

We remember that Russia has violated the ceasefire more than 25 times since 2014.

Zelenskyy is talking about the ceasefire which formed part of the Minsk agreements. Representatives from both Ukraine and Russia signed these agreements, with the final protocol’s first point being:

1. To ensure an immediate bilateral ceasefire.

This is the ceasefire agreement which Russia has violated. That is to say, there haven’t been 20 separate ceasefire agreements, there was one which Zelenskyy told the Summit Russia had violated more than 25 times.

And worst of all, Rob Schneider is there.

I see your point but think it’s also valid to use Lemmy or other social media to engage only with memes or whatever else people enjoy. Absolutely, everybody should stay informed and passionate about the rapidly crumbling world, but there’s no rule that they specifically must do that via Lemmy. If someone chooses to use their social media as a haven from the real-world issues they encounter everywhere else, then unless Lemmy is their entire life, I don’t see that as a problem.

I think the part I’m unclear about is what definition of selling Mozilla was using before. Here’s the update they posted to clarify the changes: https://blog.mozilla.org/en/products/firefox/update-on-terms-of-use/

Mozilla doesn’t sell data about you (in the way that most people think about “selling data”), and we don’t buy data about you. We changed our language because some jurisdictions define “sell” more broadly than most people would usually understand that word. […]

The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”

I’m not trying to be a dick or anything–that comes naturally–but yeah, Mozilla. Exchanging a good or service for money is called selling it. Since this has already been Mozilla’s practice for a while and they’re only now removing the promise because the definition of “sell” has apparently become so muddied, I don’t follow how Mozilla was describing it before now.

In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar. We set all of this out in our Privacy Notice. Whenever we share data with our partners, we put a lot of work into making sure that the data that we share is stripped of potentially identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).

I think this is really the important part and Mozilla is burying the lede by focussing on the word “sell”. I think there’s an argument to be made that “your data” is no longer “your data” once it has been de-identified. I don’t agree with that argument, but I find it more convincing than this Clinton-esque “It depends on what the meaning of the word ‘sell’ is” stuff. Mozilla isn’t selling “your data” in the sense of your name and phone number, but they are selling “all data types”, de-identified, anonymized, pseudonymized and/or in aggregate, about you.

I would still argue that that is your data and that by selling it, Mozilla is and has been selling your data. It’s nice that Mozilla isn’t blasting anybody’s actual personal biographical details to all their advertising partners, but it’s misleading to say that’s the only way “selling data” is understood.

If all you’re doing is “unchecking” then there’s more you’re missing:

https://github.com/K3V1991/Disable-Firefox-Telemetry-and-Data-Collection

The whole advanced configuration settings in about:config are probably never seen by the majority of users. Ultimately though, you’re right: for the most part, privacy-focussed forks aren’t offering anything that you couldn’t manually configure for yourself in mainline Firefox, assuming you have the time, energy and interest.

Certainly, if you’re in the habit of policing all of these relatively undocumented flags with each update to be sure you haven’t been opted in to any telemetry you don’t know about and assuming that all of it remains optional, you’re absolutely unaffected. However, they now have a license to everything you do within Firefox which they state they will only use to “help” you. Does training their AI model to make targeted suggestions to users count as “helping”?

On another note, taking back a promise not to sell users’ data, even if your personal data is protected because you rigorously police the about:config page, is not something many people are enthusiastic about. Just because I’m safe, doesn’t mean everybody else is.

Ditto.

If we take the most charitable view of Mozilla possible, as you clearly do, then it can be argued that the license terms are very strictly aimed at allowing Firefox to do the things that a web browser does. If we like, we can then follow that up with a separate discussion: because it is so normal for license terms that sign away your private data to be extremely permissive in favor of the entity receiving the license, does that mean that it’s good and/or OK?

Next problem: Mozilla explicitly does not need a license to allow software running on my computer to do anything at all. At no point in the exchange is it necessary for the Mozilla Corporation to obtain a license to my data, because the Firefox browser is not the Mozilla Corporation. Put simply, the Mozilla Corporation is not running on my PC. Which leads me to:

what legal right does the makers of Firefox have to suddenly send what you type there to some other third party service?

You’ve made a category mistake here. The makers of Firefox are not sending anything anywhere. Firefox is. My address bar searches do not need to go via the Mozilla Corporation to get to their destination. This license agreement certainly opens up the possibility that they will go via Mozilla, since the new terms explicitly grant them that license, but that is strictly unnecessary for a web browser to function.

Certainly, but there’s a couple of problems with that line of thinking.

Firstly, “When you upload or input information through Firefox” is far more broad than covering the specific things you type into the address bar. That language covers pretty everything you can possibly do in a web browser. Every link you click, every social media post, every file upload is information input through Firefox. Certainly, you can argue that Firefox is being exceedingly broad just in case they expand the types of information they collect about you, but the terms as written now already give them license to everything.

Returning to the address bar, browsers traditionally send what you type into the address bar to a search engine, not to the author of the web browser (obviously discounting the situation where those are the same people, e.g. Microsoft with Edge & Bing and Alphabet with Chrome & Google). Mozilla doesn’t offer a search engine or any sort of live search facility. The things you type into the address bar are (optionally) sent to the search provider of your choosing, whether that’s Google, Bing, DuckDuckGo or Dogpile. What good reason is there for Mozilla to receive that information?

How many have you been in now?

I’ve been following this story for the last couple of days, and I disagree. For one thing, most users don’t consider a web browser’s job to be “sending anything to someone’s service”; it’s local software that runs on your machine. There’s no reason for somebody else to gain a license to the things you create on your own computer just because you created it inside a specific piece of software, but these Firefox terms are written extremely broadly, such that Mozilla would have a license to use this post I’m writing right now if I happened to type it into Firefox (for reference, I did not).

Besides which, there is additional context here like the many changes made in this pull request (16018). This PR removes a whole bunch of language saying that Mozilla doesn’t sell your data, implying that they’re either about to start selling the data you put in via Firefox, or at the very least that they’re open to it. Here’s all the parts that were removed by the above-linked PR:

Unlike other companies, we don’t sell access to your data.

Does Firefox sell your personal data? Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise.

The Firefox browser is the only major browser backed by a not-for-profit that doesn’t sell your personal data to advertisers while helping you protect your personal information.

Is Firefox free? Yep! The Firefox browser is free. Super free, actually. No hidden costs or anything. You don’t pay anything to use it, and we don’t sell your personal data.

All of this taken together can really only mean that Firefox wants to sell the data you enter into your personal web browser running on your computer.

I just switched to LibreWolf (desktop) and IronFox (Android) as a result of this news yesterday and today. LibreWolf has no Android version and IronFox has no desktop version, so they complement each other quite well. It’s pretty much been a drop-in replacement, with the only real friction being configuring my settings all over again. IronFox is quite new, being forked off from the discontinued Mull browser, which was previously the go-to privacy-conscious version of Firefox. There was a discussion among LibreWolf contributors about forking Mull and maintaining it themselves, but IronFox ultimately filled that gap instead.

Both LibreWolf and IronFox err on the side of caution as far as privacy and security. The defaults are very strict, e.g. LibreWolf deletes all cookies and history on exit by default, IronFox disables the JavaScript JIT compiler–in English, a potentially exploitable way to make browser go fast, etc. It’s somewhat counter-intuitive to switch to a privacy-focussed browser then go through rolling back privacy features, but I’ve reached a happy medium that suits my needs. The IronFox readme (at the link above) has a section Issues inherited from Mull that still apply to IronFox which I recommend checking out as it lists off a few about:config settings you can change to trade functionality for security/privacy as much as you are comfortable with doing so.

On that note, I believe Firefox Sync to be minimally concerning from a security perspective. It’s end-to-end encrypted, so Mozilla can’t see what you have in Sync to sell it even if they wanted to. If you are worried, Firefox Sync can also be self-hosted. Both LibreWolf and IronFox will happily sign in to Firefox Sync (option must be enabled in LibreWolf settings first; on IronFox it’s already available), which will provide you access to your synced extensions, history, passwords, etc. You can also share tabs between LibreWolf for desktop and IronFox for Android, just as you would with mainline Firefox on each. Pretty good time.

What a cool service, thanks for sharing. You can also check the Exodus database via web if you can’t or don’t want to install the native Android app.

It strikes me that if you’re trying to be a stooge for a foreign government, you probably shouldn’t tell your superiors about it…