[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The Spirit of Free Software, or The Reality

Nikolaus Rath writes ("Re: The Spirit of Free Software, or The Reality"):
> On Jul 15 2015, Jakub Wilk <jwilk@debian.org> wrote:
> > So I made this experiment with Iceweasel. These are the requests it
> > makes with a fresh profile, before you even type an URL: 
> >
> > POST https://location.services.mozilla.com/v1/country?key=no-mozilla-api-key
> > GET http://www.ebay.com/favicon.ico
> > GET http://en.wikipedia.org/favicon.ico
> > GET http://www.yahoo.com/favicon.ico
> > GET http://www.google.com/favicon.ico
> > GET http://www.amazon.com/favicon.ico
...
> 1. Were you surprised by this? I was certainly not, this is about what I
>    would have guessed. If a program does what I expect it to do, I'm not
>    sure if me starting it is "violating my privacy".

I was surprised that it would download the icons from the installed
search providers.  There is no need for it to do that.  And that means
that the mere presence of an unused but configured search provider,
causes every user's iceweasel to notify the search provider whenever
the user starts the browser.

This is not desirable.

> 2. Would it be ok if Firefox did all this at the time you visited the
>    first webpage, rather than at the time of startup?

I think that depends on what the first webpage is.

If the first webpage is (say)
  https://en.wikipedia.org/wiki/Embarrassing_medical_problem
  https://act.eff.org/login
  https://search.debian.org/cgi-bin/omega?DB=en&P=vulnerability+scanner
  https://fetlife.com/home/v4
then I don't see any reason why Ebay or Amazon would have to know even
that I am running Iceweasel.

To implement the unsafe sites protection, Google might need to know
that I am running Iceweasel, but measures described elsewhere in this
thread mean that its information about which actual URLs I am visiting
is limited.

>    If not, then what about all the tracking pages that Firefox is going
>    to load because they're referenced in the page you asked for?
>    Shouldn't you be much more worried about those?

It is obviously not practical for us to do very much about that, other
than by promoting (a) privacy-enhancing client-side tools
(b) privacy-respecting websites, where relevant and (c) political
change.

Ian.
Reply to: