Stop using Google Analytics and reconsider the amount of data collected.

[FarisZR]

Hi, I have just discovered Firefox Private relay premium. Initially I had nothing but praise, the price is Great, the Design seems good, and Now you can reply to emails and use a custom domain. It seems perfect apart from missing a mobile app.

However, this changed when I read the privacy policy.

Google Analytics

Respecting Do not track is a nice touch, but DNT itself is not very effective on the web, and it can give users a unique browser Fingerprint while DNT itself is no longer available on all browsers. It might improve the user's privacy on Mozilla's sites, while making it worse in general due to easier tracking.

An organization/company the size of Mozilla should use its own analytics without relying on a 3rd party, especially Google. Still using it in a service from Mozilla, which criticized Google data collection and its anti-privacy practices repeatedly, while There are many alternatives out there is just unacceptable.

Too much telemetry

The amount of data collected in Firefox Private Relay is extraordinary compared to its competition. Anonaddy and simplelogin don't collect any type of user pings at all. While Firefox private relay collects almost any action in the web extension and website and sending that data to Google.

I really think this is a good service, it has almost everything a user would want, while being from a recognizable and trusted name like Mozilla. These data practices really undermine Mozilla's commitment to user's privacy. And don't instill confidence in where Mozilla's priorities are.

Edit: Google Analytics is now banned in multiple EU countries for breaking The GDPR

[groovecoder]

Thanks for the input - we appreciate that our Mozilla & Firefox users help keep us honest and remind us to continuously consider how we can improve our telemetry & privacy practices. Our legal team has been following GDPR and recent developments closely, and we've brought this to their attention as well.

On the product side of things ...

When you first install the Relay extension, you should have seen a "first run" page to opt out of ALL telemetry pings ...

You can also turn this off in the add-on settings panel:

This will prevent all of the telemetry data collection in the extension.

For users with interaction telemetry data enabled, the telemetry pings come to Mozilla's server - and Mozilla's server uses Google Analytics as a back-end data store. This means that even with interaction telemetery data enabled, Google does not receive any data from a Relay user's browser or add-on. All interaction data in Google appears to come from Relay's servers.

For the Relay website, we rely on the DNT signal to prevent loading of Google Analytics. This issue gives me an idea though... @Vinnl , @maxxcrawford , @codemist: can we have the website detect if the Relay user has set their add-on to NOT send interaction data, and prevent loading of GA in that case too? That will help mitigate the DNT-as-fingerprint-variable issue.

[maxxcrawford]

@groovecoder We can certainly listen for that preference in the add-on and respect it on the website. Great idea!

[FarisZR]

Thank you for your response.

Its reassuring that the data doesn't go directly to google, as IPs wouldn't be visible to google with a relay. I still think the data collected under telemetry is a bit too much, it's much closer to complete record of user actions, and it should be reduced by default.

can we have the website detect if the Relay user has set their add-on to NOT send interaction data, and prevent loading of GA in that case too? That will help mitigate the DNT-as-fingerprint-variable issue.

This would be great, it would negate the use of DNT for returning users. However, I think some sort of small notice with an option to stop tracking would be great for visitors and signed-out users. I think that is going to necessary any way with the latest Developments in the GDPR.

With these improvements Google tracking is limited, and it's clearer to the user how opt-out of telemetry and tracking. However, Google can still see user patterns in Mozilla's products and services, and with the latest developments regarding Google Analytics in the EU, I think it's no longer justifiable to use GA ethically or practically.

Since Mozilla is already hosting a relay, it clearly has the resources to host its own analytics. It doesn't need to be made in house, there are already multiple Open Source analytics projects which offer similar functionality to Google Analytics, while protecting users' privacy by being independent.