this post was submitted on 30 Jul 2024

3 points (80.0% liked)

Firefox

20839 readers

105 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 5 years ago

MODERATORS

k_o_t@lemmy.ml

golden_zealot@lemmy.ml

Mozilla adds stupid AI stuff with horrible T&C (lemdro.id)

submitted 1 year ago by astro_ray@lemdro.id to c/firefox@lemmy.ml

68 comments fedilink hide all child comments

PSA (?): just got this popup in Firefox when i was on an amazon product page. looked into it a bit because it seemed weird and it turns out if you click the big "yes, try it" button, you agree to mandatory binding arbitration with Fakespot and you waive your right to bring a class action lawsuit against them. this is awesome thank you so much mozilla very cool

https://queer.party/@m04/112872517189786676

So, Mozilla adds an AI review features for products you view using Firefox. Other than being very useless, it's T&C are as anti-consumer as it possibly can be. It's like mozilla saying directly "we don't care about your privacy".

(page 2) 21 comments

sorted by: hot top controversial new old

[–] jet@hackertalks.com 0 points 1 year ago* (last edited 1 year ago) (2 children)

"strategic partnerships"

https://support.mozilla.org/en-US/kb/review-checker-review-quality

Protect your privacy

Firefox is committed to empowering you with information about review reliability while respecting your privacy. We use Oblivious HTTP (OHTTP) for Review Checker.

When Review Checker is turned on, we use information about the products you visit on Amazon, Best Buy and Walmart to analyze the reviews, but by using OHTTP we ensure Mozilla cannot link you or your device to the products you have viewed. OHTTP uses encryption and a third party intermediary server to offer a technical guarantee that this is the case: all Mozilla learns from this network request is that someone, somewhere, looked at a given product.

[–] jet@hackertalks.com 0 points 1 year ago* (last edited 1 year ago) (1 children)

Here is a talk on OHTTP (OHAI) https://www.youtube.com/watch?v=_HEzpnktAwY

and a OHTTP recap https://www.youtube.com/watch?v=qjLwo4Ufp8s

Basically, if you trust the OHTTP Proxy (mozilla) and the OHTTP service provider (fakespot) to not collude, then OHTTP protects your data.

If you think Mozilla and fakespot might collude, then this doesn't give you any privacy. (Update - Someone pointed out Mozilla has purchased fakespot, so this comes down to Trusting mozilla with 100% of your data for their privacy promise and OHTTP is totally pointless here)

Depends on your threat model.

If they actually cared about privacy they would have the OHTTP model, sure, but also a TOR hidden service endpoint that anyone could use as well ; Removing all the links between the user and the service shouldn't be a problem, since they are not monitizing user behavior, right? RIGHT?!?!?

[–] GenderNeutralBro@lemmy.sdf.org 0 points 1 year ago* (last edited 1 year ago)

Mozilla says they use a third-party OHTTP intermediary. In the blog post linked above, they name Fastly as their partner. So it's not as bad as Mozilla + Mozilla-wearing-funny-glasses.

Personally, I still think this is the wrong approach to privacy, even though I've used Fakespot on my own many times over the years. Largely because I don't think any of this needs to be built into a web browser.

I would prefer my web browser to minimize information leakage by default, to the greatest degree that it can while still remaining useful as a web browser. Mozilla keeps adding bloat to Firefox, and bloat always comes at a cost. I'd much prefer these to be browser extensions that people can download if they want them, rather than built in by default. The baseline Firefox should be lean. Less "stuff" = smaller attack surface. Simplicity is best.

I mean, the Fakespot browser extension has existed for a long time, and I've never seriously considered installing it. I'd much rather just take an extra three seconds to load their web site and paste in a URL than have it constantly monitoring my activity and doing god-knows-what with it. That way I have better knowledge and control of what is happening with my data. Even if I trust their intentions, I don't implicitly trust their competence (all software has bugs) and I don't trust that they will never go rogue in the future.

And also, I just don't find this claim all that compelling in principle:

By processing the data jointly across two independent parties, they ensure neither party holds the information required to reveal sensitive information about someone.

I mean...sure. That's fair. Buuuuuut handing half the data to your "partner" doesn't give me a whole lot of confidence. Especially since literally nobody reads all of the privacy policies they are subject to. See:

https://www.theatlantic.com/technology/archive/2012/03/reading-the-privacy-policies-you-encounter-in-a-year-would-take-76-work-days/253851/

https://www.npr.org/sections/alltechconsidered/2012/04/19/150905465/to-read-all-those-web-privacy-policies-just-take-a-month-off-work

https://www.techradar.com/computing/cyber-security/you-need-a-whole-workweek-every-month-to-read-privacy-policiesand-thats-bad-news

Minimizing privacy policies should be a high-priority goal for any organization that claims to value privacy.

Furthermore, how many additional parties have access (legally or otherwise) to both Mozilla and Fastly? 🤷

load more comments (1 replies)

[–] 01189998819991197253@infosec.pub 0 points 1 year ago (2 children)

I actually use fakespot a lot, but will never install an add-on for this.

I got that notice a few months ago, but I didn't use either button on the bottom. I used the X on the top, and haven't seen it since.

I thought we were done with the age of Toolbars, but here we are, back there. An app or add-on for every damn thing. No, I don't want this integrated into my browser. No, I don't need your HTML5 app on my phone to do less than the webpage does. No, I don't want your spyware app to view the one-off Twitter, Facebook, or Instagram link a friend sends me. No, I don't mean 'maybe later', I mean 'no forever'.

load more comments (2 replies)

[–] z3rOR0ne@lemmy.ml 0 points 1 year ago (1 children)

Please tell me there's an about:config setting to turn this bs off.

[–] Dirk@lemmy.ml 0 points 1 year ago (1 children)

I got this linked on Mastodon: https://kitsunes.club/notes/9wbyqywt28

load more comments (1 replies)

[–] Professorozone@lemmy.world 0 points 1 year ago

Thanks.

[–] ZeroHora@lemmy.ml -1 points 1 year ago (10 children)

Fakespot is from Mozilla, if you trust Mozilla, why don't you trust Fakespot?

And why is it useless? With the amount of fake AI reviews an AI to detect them is not completely useless.

But the popup is annoying.

[–] laughterlaughter@lemmy.world 0 points 1 year ago (1 children)

And why is it useless?

It's not useless. It's just that it's bloatware that's unnecessary for many.

Like a car with a bright orange "Order Bird Food" button in the middle of the dashboard. If you don't own any birds, then it sucks.

[–] ZeroHora@lemmy.ml -1 points 1 year ago (1 children)

Nothing new in the helm of browsers. Pockets is a extension baked into the browser.

Many browsers have VPN/Ad Block native to the browser. Opera GX have all that bullshit that surprising can deceive a lot of normies to use it.

Sadly this type of bloat sells as "features" to some people and Mozilla gains users with it. Btw I'm not defending this practice I just seeing for what it is, marketing.

load more comments (1 replies)

load more comments (9 replies)

[–] MrQuallzin@lemmy.world -1 points 1 year ago (1 children)

I actually love Fakespot. I've had it installed as an extension for years, but now it's native

load more comments (1 replies)

load more comments