info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How Firefox violates the term "Free and Open Source"
225 views
Skip to first unread message
Joe Smith
Dec 11, 2017, 2:25:51 AM12/11/17
to gover...@lists.mozilla.org
Hi there,
I wanted to express my thoughts over Firefox. Firefox may be a great
browser especially with the new browser that has been released but there is
something that violates the term "Free (as in freedom, not beer) and Open
Source", is the fact that Firefox does not allow users to use the cloud
features such as sync etc if the user is below 13 years old.
If a software claims to be a "free and open source software", why does
Firefox violate that principle by preventing users from doing something. A
free and open source software should NEVER restrict a user from doing
something and/or has features that can be used against user(s).
Also may I suggest if a user wanted to use the cloud features, why doesn't
it use end-to-end encryption? Due to the massive surveillance program
conducted in countries such as USA and China, it is very important for
Firefox to start using end-to-end encryption.
Kind regards
Joe Smith
I wanted to express my thoughts over Firefox. Firefox may be a great
browser especially with the new browser that has been released but there is
something that violates the term "Free (as in freedom, not beer) and Open
Source", is the fact that Firefox does not allow users to use the cloud
features such as sync etc if the user is below 13 years old.
If a software claims to be a "free and open source software", why does
Firefox violate that principle by preventing users from doing something. A
free and open source software should NEVER restrict a user from doing
something and/or has features that can be used against user(s).
Also may I suggest if a user wanted to use the cloud features, why doesn't
it use end-to-end encryption? Due to the massive surveillance program
conducted in countries such as USA and China, it is very important for
Firefox to start using end-to-end encryption.
Kind regards
Joe Smith
Gervase Markham
Dec 13, 2017, 7:24:32 PM12/13/17
to Joe Smith
Hi Joe,
On 09/12/17 17:20, Joe Smith wrote:
> I wanted to express my thoughts over Firefox. Firefox may be a great
> browser especially with the new browser that has been released but there is
> something that violates the term "Free (as in freedom, not beer) and Open
> Source", is the fact that Firefox does not allow users to use the cloud
> features such as sync etc if the user is below 13 years old.
I haven't consulted our legal team, but the reason for this is probably:
https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act
> If a software claims to be a "free and open source software", why does
> Firefox violate that principle by preventing users from doing something.
It's not actually Firefox itself, it's the remote services which have
these conditions attached. If you can find some, you are welcome to
install addons or use websites via Firefox which do not have such
restrictions. A server running open source software does not mean it is
required that the server operators permit everyone to use the server.
> Also may I suggest if a user wanted to use the cloud features, why doesn't
> it use end-to-end encryption?
What makes you think that it doesn't?
Gerv
On 09/12/17 17:20, Joe Smith wrote:
> I wanted to express my thoughts over Firefox. Firefox may be a great
> browser especially with the new browser that has been released but there is
> something that violates the term "Free (as in freedom, not beer) and Open
> Source", is the fact that Firefox does not allow users to use the cloud
> features such as sync etc if the user is below 13 years old.
https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act
> If a software claims to be a "free and open source software", why does
> Firefox violate that principle by preventing users from doing something.
these conditions attached. If you can find some, you are welcome to
install addons or use websites via Firefox which do not have such
restrictions. A server running open source software does not mean it is
required that the server operators permit everyone to use the server.
> Also may I suggest if a user wanted to use the cloud features, why doesn't
> it use end-to-end encryption?
Gerv
Joe Smith
Dec 13, 2017, 8:52:57 PM12/13/17
to Gervase Markham, mozilla-g...@lists.mozilla.org
Hi Gervase,
There are plenty of Open Source messaging apps such as Signal that don't
restrict users from using the servers based on age. Not all countries
restrict people under 13 to use the Internet. At least the service could
have a check box that states that the user is abiding their country's laws.
So the cloud feature *does* use end - to - end encryption? As Google Chrome
for sure wouldn't use end - to - end encryption.
Kind regards
Joe
On Thu, Dec 14, 2017 at 11:23 AM, Gervase Markham <ge...@mozilla.org> wrote:
> Hi Joe,
>
> On 09/12/17 17:20, Joe Smith wrote:
There are plenty of Open Source messaging apps such as Signal that don't
restrict users from using the servers based on age. Not all countries
restrict people under 13 to use the Internet. At least the service could
have a check box that states that the user is abiding their country's laws.
So the cloud feature *does* use end - to - end encryption? As Google Chrome
for sure wouldn't use end - to - end encryption.
Kind regards
Joe
On Thu, Dec 14, 2017 at 11:23 AM, Gervase Markham <ge...@mozilla.org> wrote:
> Hi Joe,
>
> On 09/12/17 17:20, Joe Smith wrote:
> > I wanted to express my thoughts over Firefox. Firefox may be a great
> > browser especially with the new browser that has been released but there
> is
> > something that violates the term "Free (as in freedom, not beer) and Open
> > Source", is the fact that Firefox does not allow users to use the cloud
> > features such as sync etc if the user is below 13 years old.
>
> > browser especially with the new browser that has been released but there
> is
> > something that violates the term "Free (as in freedom, not beer) and Open
> > Source", is the fact that Firefox does not allow users to use the cloud
> > features such as sync etc if the user is below 13 years old.
>
> I haven't consulted our legal team, but the reason for this is probably:
> https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act
>
> https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act
>
> > If a software claims to be a "free and open source software", why does
> > Firefox violate that principle by preventing users from doing something.
>
> > Firefox violate that principle by preventing users from doing something.
>
> It's not actually Firefox itself, it's the remote services which have
> these conditions attached. If you can find some, you are welcome to
> install addons or use websites via Firefox which do not have such
> restrictions. A server running open source software does not mean it is
> required that the server operators permit everyone to use the server.
>
> these conditions attached. If you can find some, you are welcome to
> install addons or use websites via Firefox which do not have such
> restrictions. A server running open source software does not mean it is
> required that the server operators permit everyone to use the server.
>
> > Also may I suggest if a user wanted to use the cloud features, why
> doesn't
> > it use end-to-end encryption?
>
> doesn't
> > it use end-to-end encryption?
>
Eric Shepherd (Sheppy)
Dec 13, 2017, 10:49:12 PM12/13/17
to Joe Smith, mozilla-g...@lists.mozilla.org, Gervase Markham
On Wed, Dec 13, 2017 at 7:52 PM Joe Smith via governance <
gover...@lists.mozilla.org> wrote:
> Hi Gervase,
>
> There are plenty of Open Source messaging apps such as Signal that don't
> restrict users from using the servers based on age. Not all countries
> restrict people under 13 to use the Internet. At least the service could
> have a check box that states that the user is abiding their country's laws.
>
> So the cloud feature *does* use end - to - end encryption? As Google Chrome
> for sure wouldn't use end - to - end encryption.
Well... Of course, Firefox isn't Google Chrome. :)
gover...@lists.mozilla.org> wrote:
> Hi Gervase,
>
> There are plenty of Open Source messaging apps such as Signal that don't
> restrict users from using the servers based on age. Not all countries
> restrict people under 13 to use the Internet. At least the service could
> have a check box that states that the user is abiding their country's laws.
>
> So the cloud feature *does* use end - to - end encryption? As Google Chrome
> for sure wouldn't use end - to - end encryption.
Sheppy
--
Eric Shepherd
Senior Technical Writer
Mozilla
Blog: http://www.bitstampede.com/
Twitter: http://twitter.com/sheppy
Check my Availability <https://freebusy.io/eshe...@mozilla.com>
Joe Smith
Dec 13, 2017, 10:54:09 PM12/13/17
to Eric Shepherd (Sheppy), mozilla-g...@lists.mozilla.org, Gervase Markham
Oh ok thanks :) By the way when is Moziala going to court (as I heard
Verizon is trying to sue Mozila)?
Verizon is trying to sue Mozila)?
Ryan Kelly
Dec 14, 2017, 12:07:58 AM12/14/17
to Gervase Markham, mozilla-g...@lists.mozilla.org, dev-fxacct, Joe Smith
On 13 December 2017 at 18:23, Gervase Markham via governance <
this thread to the relevant dev mailing list. I can confirm that
compliance with laws such as the above is the reason for this restriction.
The implementation of this age restriction follows some pretty specific
instructions from our legal team, since (as I understand it) the details of
ensuring compliance are surprisingly complicated.
I'd personally love not to have this restriction, but I trust our lawyers
when they tell us that we need it.
> > If a software claims to be a "free and open source software", why does
> > Firefox violate that principle by preventing users from doing something.
>
open-source, and I know some users are successfully self-hosting these
services for a variety of reasons, following guides such as:
https://mozilla-services.readthedocs.io/en/latest/howtos/run-fxa.html
We could probably invest more heavily in this area than we do right now,
but it's definitely possible.
>
> > Also may I suggest if a user wanted to use the cloud features, why
> doesn't
> > it use end-to-end encryption?
>
client-side encryption in this post and the tech docs it links to:
https://blog.mozilla.org/services/2014/04/30/firefox-syncs-new-security-model/
So yeah, the answer here is very much "we do" :-)
Cheers,
Ryan
> > I wanted to express my thoughts over Firefox. Firefox may be a great
> > browser especially with the new browser that has been released but there
> is
> > something that violates the term "Free (as in freedom, not beer) and Open
> > Source", is the fact that Firefox does not allow users to use the cloud
> > features such as sync etc if the user is below 13 years old.
>
> > browser especially with the new browser that has been released but there
> is
> > something that violates the term "Free (as in freedom, not beer) and Open
> > Source", is the fact that Firefox does not allow users to use the cloud
> > features such as sync etc if the user is below 13 years old.
>
> I haven't consulted our legal team, but the reason for this is probably:
> https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act
>
I'm not a lawyer, but I do work on Firefox Accounts and Sync and am cc'ing
> https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act
>
this thread to the relevant dev mailing list. I can confirm that
compliance with laws such as the above is the reason for this restriction.
The implementation of this age restriction follows some pretty specific
instructions from our legal team, since (as I understand it) the details of
ensuring compliance are surprisingly complicated.
I'd personally love not to have this restriction, but I trust our lawyers
when they tell us that we need it.
> > If a software claims to be a "free and open source software", why does
> > Firefox violate that principle by preventing users from doing something.
>
> It's not actually Firefox itself, it's the remote services which have
> these conditions attached. If you can find some, you are welcome to
> install addons or use websites via Firefox which do not have such
> restrictions. A server running open source software does not mean it is
> required that the server operators permit everyone to use the server.
>
To pile on to this point, the code for all the Firefox cloud services is
> these conditions attached. If you can find some, you are welcome to
> install addons or use websites via Firefox which do not have such
> restrictions. A server running open source software does not mean it is
> required that the server operators permit everyone to use the server.
>
open-source, and I know some users are successfully self-hosting these
services for a variety of reasons, following guides such as:
https://mozilla-services.readthedocs.io/en/latest/howtos/run-fxa.html
We could probably invest more heavily in this area than we do right now,
but it's definitely possible.
>
> > Also may I suggest if a user wanted to use the cloud features, why
> doesn't
> > it use end-to-end encryption?
>
> What makes you think that it doesn't?
>
In the specific case of Firefox Sync, you can read about how we use
>
client-side encryption in this post and the tech docs it links to:
https://blog.mozilla.org/services/2014/04/30/firefox-syncs-new-security-model/
So yeah, the answer here is very much "we do" :-)
Cheers,
Ryan
Joe Smith
Dec 14, 2017, 7:21:11 AM12/14/17
to Ryan Kelly, mozilla-g...@lists.mozilla.org, dev-fxacct, Gervase Markham
Hi Ryan,
I am glad that our feelings are mutual :)
I wanted to ask you a question which is completely different in regards to
privacy issues concerning Firefox. According to Waterfox
<https://www.waterfoxproject.org>, they claim for their browser to have
disabled the following features:
- Disabled Encrypted Media Extensions (EME)
- Disabled Web Runtime (deprecated as of 2015)
- Removed Pocket
- Removed Telemetry
- Removed data collection
- Removed startup profiling
- Allow running of all 64-Bit NPAPI plugins
- Allow running of unsigned extensions
- Removal of Sponsored Tiles on New Tab Page
- Addition of Duplicate Tab option
- Locale selector in about:preferences > General
What sort of startup profiling and data collection does Firefox do by
default? Additionally what sort of telemetry services does Firefox run in
the background?
On Thu, Dec 14, 2017 at 4:07 PM, Ryan Kelly <rfk...@mozilla.com> wrote:
> On 13 December 2017 at 18:23, Gervase Markham via governance <
> gover...@lists.mozilla.org> wrote:
>
>> Hi Joe,
>>
>> On 09/12/17 17:20, Joe Smith wrote:
I am glad that our feelings are mutual :)
I wanted to ask you a question which is completely different in regards to
privacy issues concerning Firefox. According to Waterfox
<https://www.waterfoxproject.org>, they claim for their browser to have
disabled the following features:
- Disabled Encrypted Media Extensions (EME)
- Disabled Web Runtime (deprecated as of 2015)
- Removed Pocket
- Removed Telemetry
- Removed data collection
- Removed startup profiling
- Allow running of all 64-Bit NPAPI plugins
- Allow running of unsigned extensions
- Removal of Sponsored Tiles on New Tab Page
- Addition of Duplicate Tab option
- Locale selector in about:preferences > General
What sort of startup profiling and data collection does Firefox do by
default? Additionally what sort of telemetry services does Firefox run in
the background?
On Thu, Dec 14, 2017 at 4:07 PM, Ryan Kelly <rfk...@mozilla.com> wrote:
> On 13 December 2017 at 18:23, Gervase Markham via governance <
> gover...@lists.mozilla.org> wrote:
>
>> Hi Joe,
>>
>> On 09/12/17 17:20, Joe Smith wrote:
>> > I wanted to express my thoughts over Firefox. Firefox may be a great
>> > browser especially with the new browser that has been released but
>> there is
>> > something that violates the term "Free (as in freedom, not beer) and
>> Open
>> > Source", is the fact that Firefox does not allow users to use the cloud
>> > features such as sync etc if the user is below 13 years old.
>>
>> > browser especially with the new browser that has been released but
>> there is
>> > something that violates the term "Free (as in freedom, not beer) and
>> Open
>> > Source", is the fact that Firefox does not allow users to use the cloud
>> > features such as sync etc if the user is below 13 years old.
>>
>> I haven't consulted our legal team, but the reason for this is probably:
>> https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act
>>
>
> I'm not a lawyer, but I do work on Firefox Accounts and Sync and am cc'ing
> this thread to the relevant dev mailing list. I can confirm that
> compliance with laws such as the above is the reason for this restriction.
> The implementation of this age restriction follows some pretty specific
> instructions from our legal team, since (as I understand it) the details of
> ensuring compliance are surprisingly complicated.
>
> I'd personally love not to have this restriction, but I trust our lawyers
> when they tell us that we need it.
>
>
>> https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act
>>
>
> I'm not a lawyer, but I do work on Firefox Accounts and Sync and am cc'ing
> this thread to the relevant dev mailing list. I can confirm that
> compliance with laws such as the above is the reason for this restriction.
> The implementation of this age restriction follows some pretty specific
> instructions from our legal team, since (as I understand it) the details of
> ensuring compliance are surprisingly complicated.
>
> I'd personally love not to have this restriction, but I trust our lawyers
> when they tell us that we need it.
>
>
>> > If a software claims to be a "free and open source software", why does
>> > Firefox violate that principle by preventing users from doing something.
>>
>> > Firefox violate that principle by preventing users from doing something.
>>
>> It's not actually Firefox itself, it's the remote services which have
>> these conditions attached. If you can find some, you are welcome to
>> install addons or use websites via Firefox which do not have such
>> restrictions. A server running open source software does not mean it is
>> required that the server operators permit everyone to use the server.
>>
>
> To pile on to this point, the code for all the Firefox cloud services is
> open-source, and I know some users are successfully self-hosting these
> services for a variety of reasons, following guides such as:
>
> https://mozilla-services.readthedocs.io/en/latest/howtos/run-fxa.html
>
> We could probably invest more heavily in this area than we do right now,
> but it's definitely possible.
>
>
>>
>> these conditions attached. If you can find some, you are welcome to
>> install addons or use websites via Firefox which do not have such
>> restrictions. A server running open source software does not mean it is
>> required that the server operators permit everyone to use the server.
>>
>
> To pile on to this point, the code for all the Firefox cloud services is
> open-source, and I know some users are successfully self-hosting these
> services for a variety of reasons, following guides such as:
>
> https://mozilla-services.readthedocs.io/en/latest/howtos/run-fxa.html
>
> We could probably invest more heavily in this area than we do right now,
> but it's definitely possible.
>
>
>>
>> > Also may I suggest if a user wanted to use the cloud features, why
>> doesn't
>> > it use end-to-end encryption?
>>
>> doesn't
>> > it use end-to-end encryption?
>>
Gervase Markham
Dec 14, 2017, 8:02:32 AM12/14/17
to Joe Smith
On 13/12/17 19:52, Joe Smith wrote:
> There are plenty of Open Source messaging apps such as Signal that don't
> restrict users from using the servers based on age.
The entire point of Signal is that it collects no information about you
> There are plenty of Open Source messaging apps such as Signal that don't
> restrict users from using the servers based on age.
whatsoever. That isn't and cannot be true of the services we provide,
and I suspect that makes a big difference.
> So the cloud feature *does* use end - to - end encryption?
research rather than expect others to do it for you :-)
Gerv
Joe Smith
Dec 14, 2017, 6:12:46 PM12/14/17
to Gervase Markham, mozilla-g...@lists.mozilla.org
Hi Gervase,
End - to - end encryption is a type of encryption where the server does not
have the decryption key, only the computers that use the cloud features for
firefox have the decryption key.
On Fri, Dec 15, 2017 at 12:01 AM, Gervase Markham <ge...@mozilla.org> wrote:
> On 13/12/17 19:52, Joe Smith wrote:
End - to - end encryption is a type of encryption where the server does not
have the decryption key, only the computers that use the cloud features for
firefox have the decryption key.
On Fri, Dec 15, 2017 at 12:01 AM, Gervase Markham <ge...@mozilla.org> wrote:
> On 13/12/17 19:52, Joe Smith wrote:
> > There are plenty of Open Source messaging apps such as Signal that don't
> > restrict users from using the servers based on age.
>
> > restrict users from using the servers based on age.
>
> The entire point of Signal is that it collects no information about you
> whatsoever. That isn't and cannot be true of the services we provide,
> and I suspect that makes a big difference.
>
> whatsoever. That isn't and cannot be true of the services we provide,
> and I suspect that makes a big difference.
>
> > So the cloud feature *does* use end - to - end encryption?
>
>
pse...@mozilla.com
Jan 4, 2018, 7:29:34 AM1/4/18
to mozilla-g...@lists.mozilla.org
Thank you for your post. We appreciate your taking the time to express your concerns about Firefox and its accessibility to everyone. We wanted to specifically address your concern about users under the age of 13 having access to certain Mozilla services.
Mozilla, like other companies that provide online services where personal information may be shared, is bound by the Children's Online Privacy Protection Act (COPPA) (https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/kids-privacy-coppa). This federal law requires companies like Mozilla to protect the privacy of younger users by, among other things, imposing restrictions on how they collect or use the personal information (including, for example, an email address) of any user under the age of 13. This is a federal law with which Mozilla must comply. So, while we strive to provide our products and services to as many users as possible, we must still comply with this important law intended to protect the privacy of younger users. In some cases, we do not allow users under the age of 13 to use certain products or services due to the potential compliance challenges and/or privacy risks posed by such use of certain products or services. Since protecting user privacy is a core component of Mozilla's mission, we will always err on the side of caution in order to ensure that a user's privacy is always maintained and never compromised.
Please let us know if you have any additional questions or comments, and thank you again for your feedback.
0 new messages