The Firefox Browser is not as private as you may think – especially on iOS and Android. Mozilla recently announced that they would be allowing any Firefox user a means to request Mozilla to delete stored telemetry data that is tied to said user. Mozilla maintains “strict limits” on how long they store this logged telemetry data, but any duration is too long if the telemetry data can be associated with an individual Firefox browser instance on a particular IP address through a government request. Sure, the collection of this telemetry data can be turned off, but the vast majority of Firefox users are not using Firefox with telemetry turned off, and are therefore incredibly vulnerable.
The change by Mozilla comes as a result of the California Consumer Privacy Act (CCPA), a state law which came into effect at the turn of the new year. 2020 is a year of clear vision, and we get to start it off with the revelation that Firefox stores telemetry data in a way that can be traced back to an individual user. After all, how else would Mozilla be able to delete just your telemetry data upon request? To answer this question, Privacy Online News reached out to Mozilla and a Mozilla spokesperson explained how the telemetry data is associated with your browser instance:
“By default, Mozilla collects limited data from Firefox to help us understand how people are using the browser, such as information about the number of open tabs and windows or number of webpages visited. This does not include data that can reveal sensitive information about users’ activity online, such as search queries or the websites users visit. The data collected is associated with a randomly generated identifier that is unique to each Firefox client. We refer to this as a clientID. That clientID is not linked to you personally or any sensitive data (for example to your name or phone number) but to your local Firefox software installation. It is never shared with third-parties. Full public documentation about this data collection, including the identifier, can be found here.
When users choose to delete their telemetry, the Firefox browser will submit this identifier to Mozilla and we will then delete data on our servers associated with this ID.”
Specifically, when you request your telemetry data be deleted from Mozilla’s servers, you do so by sending a “deletion-request” ping which by virtue of how internet pings work, includes a timestamp, your IP address and your unique client ID – as confirmed by Mozilla. That is all the information that’s needed to tie your telemetry data back to your specific browser instance. Mozilla confirmed to Privacy Online News that all this data is stored, but they don’t seem to consider it a privacy issue because they are stored separately. A Mozilla spokesperson explained how the IP address of all telemetry pings, not just the deletion-request ping, is stored:
When Facebook users learned last March that the social media giant had given their sensitive information to political-data firm Cambridge Analytica, Mozilla (parent company of the security-focused browser Firefox) reacted fast: Within eight hours, the product team had built a browser extension called the Facebook Container.
“Mozilla does initially receive the IP as part of telemetry technical data. The IP is then stripped from the telemetry data set and moved to an environment with restricted access for security and error review purposes only. By moving the IP address into this restricted environment this de-identifies the collected telemetry data.”
Firefox stores your telemetry data in a way that can be tied back to youWhile the fact that Firefox collects telemetry data may be well known to some security minded researchers, and even viewed as acceptable because of reasons such as “debugging,” it is quite the revelation that Mozilla actually maintains this data in a way that is matchable to an individual user’s IP address that is requesting said data be deleted.
Mozilla even tried to downplay the impact of their privacy decision, saying in their announcement:
“To date, the industry has not typically considered telemetry data “personal data” because it isn’t identifiable to a specific person, but we feel strongly that taking this step is the right one for people and the ecosystem.”
While it is arguable that telemetry data isn’t technically “personal data” when it is viewed on its own without other information; however, if there’s a way to link a given set of telemetry data to a particular Firefox browser instance and IP address – and Mozilla just revealed that there is – then that telemetry data all of a sudden becomes the most personal of data.
What does Firefox telemetry data include?
According to the Mozilla wiki, telemetry data includes all the information needed to answer the following questions:
- How long does it take Firefox to start?
- How long does it take Firefox to load a web page?
- How much memory is Firefox consuming?
- How frequently do the Firefox cycle collector and garbage collector run?
- Was your session successfully restored when you last launched Firefox?
What is Leanplum and why is it on Firefox for iOS and Android?Firefox on the popular mobile operating systems iOS and Android has even larger privacy concerns beyond the telemetry data that is stored by Mozilla. Leanplum is a mobile advertising company that also receives your personal information, courtesy of Mozilla. According to Mozilla Firefox’s support website:
Mozilla sends information to Leanplum under the guise of testing different features. More information, also from Mozilla’s support team, gets into the specifics:
“Leanplum tracks events such as when a user loads bookmarks, opens new tab, opens a pocket trending story, clears data, saves a password and login, takes a screenshot, downloads media, interacts with search URL or signs into a Firefox Account.”
The horror story continues:
“Leanplum receives data such as country, timezone, language/locale, operating system and app version.”
Starting in Firefox 70, Mozilla aims to have the browser report when any of your saved logins were found in data breaches. Compromised Password Notification in Firefox Lockwise Mozilla will also plans on displaying stats for the amount of data breaches your logins were involved in the browser's upcoming protection report.
“[…] we automatically collect certain information, which may include your browser’s Internet Protocol (IP) address, your browser type, the nature of the device from which you are visiting the Service (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, the Web site that you visited immediately prior to accessing any Web-based Service, the actions you take on our Service, and the content, features, and activities that you access and participate in on our Service. We also may collect information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message.”
The opening up of a privacy option to allow all users (not just Californian users) to delete telemetry data reveals a deeper, darker truth: that the popular browser actually keeps track of telemetry data in a way that can be connected back to your specific browser instance and IP address. Revelations like these are exactly what should be occurring after proper privacy laws are written, passed, and enacted. Just with this revelation, arguably, the CCPA has already done so much more than the GDPR for internet privacy. Firefox is not the privacy conscious browser that it has been masquerading as. Not on the desktop, and certainly not on mobile.