Closed resynth1943 closed 1 year ago
resynth1943
commented
4 years ago As an addendum: Matomo, an ethical and FOSS analytics project, has an Android SDK.
Matomo is a battle-tested, stable, alternative to Google Analytics. You can see more features of it here.
kbrosnan
commented
4 years ago The usage of these libraries are documented for users at https://support.mozilla.org/en-US/kb/send-usage-data-firefox-mobile-browsers We prefer open source sdks where available. When possible the in house Glean telemetry sdk is used. You can find a list of Glean telemetry collected at metrics.md.
Adjust is used to coordinate marketing campaigns and to evaluate the cost of running such campaigns. As Fenix is available to users in 100s of countries these marketing campaigns can be in hundreds of currencies and regions. This is a complex problem that is out of scope for Glean. When we did our evaluation of something that would meet the marketing needs Adjust was the only open sourced based product that met the requirements. You can read more about its usage at adjust.md
As far as I know Admob is not directly used by Fenix. It may be pulled in as part of the Adjust SDK where I see a mention of Admob in their source code and/or Google Firebase.
Firebase is used for Google Cloud Messaging. The only way to reliably receive push notifications on Android. The main user benefit is instant Sync for example instant send Tab to device. Without a push service the user needs to manually Sync or wait for the 3+ devices (2 devices and the Sync server) to synchronize. There is some work by F-droid to build a replacement but it is unclear how their service will be able to survive an OS that is increasingly clamping down on long running services to maintain battery life and limit user hostile behavior by apps.
Leanplum is used to show contextual recommendations while using Fenix. An example of this sort of recommendation is when first encountering a page that has elements blocked by tracking protection the tracking protection shield icon is explained to the user. You can read more about its usage at mma.md. This was removed for Firefox 90 in https://github.com/mozilla-mobile/fenix/issues/19040
I dislike needing to say this. Please use the 👍 action in the top level if you are interested in this issue vs commenting. Comments that fail to add substantially new information may be hidden by default. If this is a repeated issue then other moderation options may be used.
TheEvilSkeleton
commented
4 years ago Firebase is used for Google Cloud Messaging. The only way to reliably receive push notifications on Android.
I would disagree with that. I have been using Element and Tutanota for a while, which both implement their own push notifications service and they both work reliably. Notifications get received in time, with sound (if enabled), with their appropriate icon, etc. There is no breakage I have ever experienced when using both applications.
Both applications are open source, so you could dig through the source code to find their push service so you can use it on your Fenix builds.
ghost
commented
4 years ago I dislike needing to say this. Please use the 👍 action in the top level if you are interested in this issue vs commenting. Comments that fail to add substantially new information may be hidden by default. If this is a repeated issue then other moderation options may be used.
I don't understand how the reporter themselves are going to give a 👍 to themselves (yes, GitHub allows it). But my point here is that they just added a single comment below the issue, they still added some sort of solution and links to the related resources to somewhat solve the problem they are presenting. And I think it's not unrelated!
If Mozilla continues this sort of behaviour with their issue reporters I'm afraid users may not file any issues at all! Then you can forget about the users filing any feedback related to Fenix which Mozilla seems to be asking with a lot of passion since they say they care a lot about their users.
Mozilla Manifesto Principles; Principle 5, Principle 7, Principle 8 state this. And they are filing this issue under Principle 4 and Principle 7 which state a lot about security, privacy and open-source software.
Others may say that Mozilla already doing a lot of good things, won't you appreciate that? and yes, I agree with you there I appreciate and am grateful for all the good things they are already doing but instead stating all the good things they are doing, I think I'll point just point the things they are not doing correctly. There's no need to say anything about good things they are doing since they're already good and correct and I appreciate them for that.
Remember to please appreciate the critics as well since I think they are the true fans of Mozilla and they are pointing out what Mozilla is doing wrong and trying to correct them and pushing Mozilla to do the right thing. And that's what most of us need to remember and do. I too am a Mozilla's fan and I have a lot of appreciation for them for what they are doing, I'll appreciate them but I'll also criticize them when they are not continuing the good things they are doing. I'll try to make them accountable under their Mozilla Manifesto Principles' Principle 8.
Thank you for listening to me! :) And yes, you can use your "Moderation tools" to delete this comment I made. You have my full permission!
Thank you! :)
And if anybody thinks that what I'm saying is very wrong and unrelated and if you dislike with me here then please I welcome you to give me as many dislikes as you may want. I'll appreciate them and please don't forget to correct me if you feel I'm wrong, okay?
Thank you! :)
TheEvilSkeleton
commented
4 years ago If Mozilla continues this sort of behaviour with their issue reporters I'm afraid users may not file any issues at all! Then you can forget about the users filing any feedback related to Fenix which Mozilla seems to be asking with a lot of passion since they say they care a lot about their users.
I second this, and worse, users may even stop using Mozilla products! I have left Firefox for Ungoogled Chromium because of the recent bugs (excessive RAM usage and slowdowns) in the latest Firefox releases (see Reddit issues). Off-topic, but Firefox actively promoted proprietary software (Pocket, Google SafeBrowsing, Google search engine, etc.), which is a very big disappointment.
Another thing that I would like to point out is that Fenix' source code is hosted on GitHub.
GitHub:
Hosting it on GitHub is something that Mozilla would and should be against ever since the acquirement of GitHub by Microsoft.
cadeyrn
commented
4 years ago Firefox actively promoted proprietary software (Pocket, Google SafeBrowsing, Google search engine, etc.), which is a very big disappointment.
Maybe you don't know but Pocket is owned by Mozilla. And Google is Mozilla's most important business partner. Please tell me one other search engine which is able - and interested! - to pay the same amount of money, then - and only then - it's possible to have a serious discussion about the default search engine. And by the way: You can use whatever search engine you want. The default choice shouldn't matter at all for you.
Another thing that I would like to point out is that Fenix' source code is hosted on GitHub. […]
You're kidding, right? GitHub is an excellent choice for open source projects and not only used by most open source projects, a big community of open source developers is active on GitHub so open source projects like this one benefit from being on GitHub. Also Microsoft is the world's biggest open source contributor. That's a fact. So your "argument" that "GitHub is bad because it's owned by Microsoft" is really not an argument.
Hosting it on GitHub is something that Mozilla would and should be against ever since the acquirement of GitHub by Microsoft.
I couldn't disagree more. Leaving GitHub would harm this project because Mozilla would lose many contributors. For a project like Mozilla the open source community is important. Also it's unclear why do you to think that GitHub is a bad choice only because it was acquired by Microsoft. Prejudices are not helpful but inappropriate in a serious discussion.
TheEvilSkeleton
commented
4 years ago Maybe you don't know but Pocket is owned by Mozilla.
I don't think that makes it any less proprietary.
And Google is Mozilla's most important business partner.
I am aware of that, but it doesn't mean that you have to promote them every time we use one of your services.
Please tell me one other search engine which is able - and interested! - to pay the same amount of money, then - and only then - it's possible to have a serious discussion about the default search engine.
None. You can use a metasearch engine like Searx. There are many Searx instances that you can use, and you can even create your own personal instance (which I would advise Mozilla to do so).
The default choice shouldn't matter at all for you.
Principle 4 Individuals’ security and privacy on the internet are fundamental and must not be treated as optional.
— https://www.mozilla.org/en-US/about/manifesto/
Are you sure about what you said?
Google search engine is neither good for both privacy and security. I'll let you think on the principle.
You're kidding, right? GitHub is an excellent choice for open source projects and not only used by most open source projects, a big community of open source developers is active on GitHub so open source projects like this one benefit from being on GitHub.
Why exactly would I be kidding? I'm not the one hosting my projects on a proprietary Git service that uses GA and then have the audacity to say that I care about privacy and freedom. Also, GNOME, KDE and Debian, for example, actually care about FOSS, which is why they use their own GitLab instance, just saying.
Also Microsoft is the world's biggest open source contributor. That's a fact. So your "argument" that "GitHub is bad because it's owned by Microsoft" is really not an argument.
So does that change the fact that Microsoft is monolithic and anti-private? I don't think so.
I couldn't disagree more. Leaving GitHub would harm this project because Mozilla would lose many contributors.
Not really? For example, Debian, GNOME and KDE have tons of contributors and none of them host their stuff on GitHub.
Also it's unclear why do you to think that GitHub is a bad choice only because it was acquired by Microsoft.
Of course it's unclear, you have barely even read what I've wrote:
GitHub:
- is proprietary
- is owned by Microsoft, a monolithic, anti-freedom and anti-private corporation
- I. embeds Google Analytics, and Google Analytics are proprietary. II. Google is also a monolithic, anti-freedom and anti-private corporation.
resynth1943
commented
4 years ago And by the way: You can use whatever search engine you want. The default choice shouldn't matter at all for you.
What? If it doesn't matter, why does the default exist in the first place?
Furthermore, why is Google bribing Mozilla with $300 million to set them as the default search engine?
I would argue that the default is the most important option. It (is supposed to) sets a precedent for the level of privacy in the browser, and (is supposed to) keep users away from devious and unethical companies.
Please tell me one other search engine which is able - and interested! - to pay the same amount of money, then - and only then - it's possible to have a serious discussion about the default search engine.
I don't know why you, a contributor of this open-source project, keeps using money as an excuse. Money shouldn't even be a part of the discussion when it comes to the privacy and security of users.
But it is.
resynth1943
commented
4 years ago Are there any objections to creating a separate build, which delivers on the promise of privacy? Of course, it would be free of third-party tracking code, which the user was not informed of in the installation flow.
I am quite a fan of Fennec F-Droid, but sadly it's just not Fenix. It's lacking in features, speed and usability. But without an alternative free of unwanted tracking, we are forced to use it.
ghost
commented
4 years ago The comments we made are already hidden! The comments we made thinking they would be somewhat appreciated are already hidden/deleted! This is how it seems to be working nowadays or it may have been from the start. As soon as someone starts criticising or starts asking questions that they don't like here; the issue threads are marked as "off-topic", "heated", or something like that. Or we are just left without any answers. Even though we think what we are saying is "on-topic". We are left alone to scream in an endless chasm! I don't like to say this but this is how Mozilla seems to be working nowadays. I think, this is some very disrespectful behaviour towards their users and issue reporters. I hope everybody in Mozilla reads their own Mozilla Manifesto Principles: https://www.mozilla.org/en-US/about/manifesto/
I want to make Mozilla one thing clear: our time is very precious to us and we don't want to waste it here by saying...what you call "off-topic" comments and issues. So can you please tell us should we stop obeying and believing your own "Mozilla Manifesto Principles"?
Thank you!
...and one more thing to my friends here. Please say whatever you want as fast and as soon as you can because I don't know why but I'm getting a feeling that this issue thread is going to be locked very soon by marking it as "off-topic", "heated" or something like that. So please move fast...
...and can somebody please stop disliking the issues we are talking about here with your duplicate GitHub accounts? I mean seriously this is not a joke! I know those GitHub accounts were created just to dislike my previous issues #12228, #12380. Did you seriously think I won't notice?
Yes, that deleted GitHub account was mine.
lnicola
commented
4 years ago As far as I know Admob is not directly used by Fenix. It may be pulled in as part of the Adjust SDK where I see a mention of Admob in their source code and/or Google Firebase.
I think it might be used to retrieve the advertising ID, which is reported in telemetry (hashed, to be fair).
ghost
commented
4 years ago I dislike needing to say this. Please use the 👍 action in the top level if you are interested in this issue vs commenting. Comments that fail to add substantially new information may be hidden by default. If this is a repeated issue then other moderation options may be used.
I'm gonna put this here from the above comment from Mozilla. Please use your "Moderation Tools" on your comment please. Just as you did with ours.
The comment doesn't seem to add "substantial" informtion just as with the comment that Mozilla said.
Thank you!
opusforlife2
commented
4 years ago In a sense, this issue is a duplicate of #162, which asks for F-Droid support. The end goal is nearly the same, which is to get a Fenix build variant that excludes all non-free code, incidentally excluding most tracking SDKs.
A year ago, @st3fan asked about build flags to exclude non free code. Since then, there has been no progress on the issue.
@kbrosnan Since you modified the title to mention "build variants" I'm addressing you directly. To my knowledge, only one Mozilla employee, st3fan, has replied on that issue, while several F-Droid developers have outlined their concerns. It would be very helpful if you or someone else would hop on over there and work with the F-Droid devs to hammer out at least a rough plan of action regarding what needs to be done for Fenix to be distributed as 100% free software.
To everyone else: if you just want to vent your feelings, please make a post on r/firefox or something. Let's keep this and #162 focused on actionable points only.
ghost
commented
4 years ago To everyone else: if you just want to vent your feelings, please make a post on r/firefox or something. Let's keep this and #162 focused on actionable points only.
Thanks! You seem to be acting like you are the only one who seems to be thinking seriously about this, right?
We care about a lot about this and that's why we are talking about this here. Problems are here not on r/firefox. Is that community officially endorsed by Mozilla? no, it's an unofficial community, nobody will listen to us there! Just go here on this reddit thread and find out yourself (So how many replies did you get from Mozilla on that thread? Answer is probably none)! Why should we go there to talk about all of this. We are not "venting" here. Don't act like you are the only one who knows how to do things. Learn to respect others! We are not passing time here! Our time is very important to us.
Edit: For reference: refer this issue: https://github.com/mozilla-mobile/fenix/issues/11308 on why I think the discussion should be here on GitHub. Not somewhere else like r/firefox as someone seems to be suggesting...
resynth1943
commented
4 years ago To everyone else: if you just want to vent your feelings, please make a post on r/firefox or something. Let's keep this and #162 focused on actionable points only.
Who exactly are you referring to? Personally, I think we have been rather amicable.
Nevertheless, it looks like Mozilla isn't going to remove the tracking altogether. The issue title was modified for some reason, implying that we want another build variant.
I'm worried that we have somehow lost sight of the original issue, so I've reverted the title.
(btw. @ShatteredPixel can you email me?)
st3fan
commented
4 years ago I don't think this is high on our list, but if someone wants to start making contributions in this area, we would definitely support that.
What we prefer is probably build flags that allow you to enable/disable these features at compile time. For example, a build flag to disable Adjust would make sure we do not link against Adjust SDK, do not include Adjust specific code in the product. If build flags don't cover things completely, then we can also add a run-time feature flag that makes a decision while the app is running on device.
I'm, sure we are happy to take patches. However to guarantee success, please consider these recommendations:
Do know that we depend on these features to make Fenix better. I doubt Mozilla would do builds with these features disabled, but I assume it opens the door to get on alternative app stores where the rules around third-party dependencies are different.
kbrosnan
commented
1 year ago Moved to bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1811655
Change performed by the Move to Bugzilla add-on.
What is the user problem or growth opportunity you want to see solved?
Tracking. Why does your app bundle 4 SDKs, which are used to surreptitiously track users?
Find attached a list of these third-party SDKs, which you seem to include in your Firefox application:
I'm sure you're aware of the privacy issues which are present in Google's SDKs, e.g. Google Analytics. Yet these SDKs are quickly being added to the majority of your products.
Personally, I think it would be nice if we could work something out: how do you feel about removing Google Analytics from this product.
How do you know that this problem exists today? Why is this important?
As stated on Firefox's official website...
Where is the privacy in allowing Google, and various other ad companies, to track everyone that uses your app?
Why do you load tracking SDKs in an application that handles sensitive user data? One of the most important aspects of security is never to trust third-party, closed-source code. Especially when it's made by an advertising company, with the only goal of destroying the 'open web' you claim to support.
Personally, I would love to see this egregious, non-auditable, dangerous tracking code removed instantaneously.
I don't think I have anything more to add. The fact that only now I find out that you've allowed these advertising agencies to track my internet browsing is very disheartening, especially when I advocate for online privacy.
Who will benefit from it?
Your target market.
Many users see Firefox as an escape from corporate tampering and misdeeds. Right now, on the mobile app which claims to protect the privacy of the user, this really isn't the case.
┆Issue is synchronized with this Jira Task