Mozilla wants FTC to fine Big Tech's surveillance giants:
Mozilla's Chief Security Officer Marshall Erwin urged federal regulators to crack down on internet giants and web browser makers that don't protect their users' privacy — and to make them pay penalties for bad behavior.
"Privacy online is a mess, consumers are stuck in this vicious cycle in which their data is collected, often without their understanding, and then used to manipulate them," Erwin said during a US Federal Trade Commission (FTC) forum today on commercial surveillance and data security. "We see this rule-making process as a real opportunity to break that cycle."
The FTC is considering imposing stricter privacy rules on corporations to deter unwelcome online monitoring and shoddy data security. Thursday's public session was an early step in that rule-making process.
In August, the watchdog issued "advance notice of proposed rulemaking," and now, through October 21, it's seeking public comment about the "harms" related to businesses' collecting, analyzing, and monetizing people's information.
While any proposed rule will be put to a vote by FTC commissioners, it's worth noting that the regulator's choice of words — using the term "surveillance" rather than a euphemism such as "data gathering" — along with a recent lawsuit against data broker Kochava — seem to indicate it is inclined to codify some type of privacy regulations to limit companies' appetite for information harvesting.
[...] Erwin, who spoke as part of an "industry perspectives" panel on the topic, unsurprisingly touted Mozilla's pro-privacy Firefox browser. However, "we know that a large number of companies don't take the approach that Mozilla does, and more than half of consumers today are using browsers that don't have strong tracking protections in place or strong privacy protections," he said.
And speaking of tracking, Meta was supposed to weigh in on the industry panel but for some reason was "no longer able to participate," according to the FTC. Odd, you'd think it would have something to add.
Last month, however, the US giant offered to pay $37.5 million to settle a lawsuit that claimed its social media platform Facebook illegally harvested location data even when users explicitly did not consent to it. And days later, it settled a second lawsuit, for an undisclosed amount, brought as a result of Cambridge Analytica's mass slurping of people's profile data.
(Score: 2, Informative) by Anonymous Coward on Sunday September 11 2022, @03:47AM
If Mozilla really wanted to help user's privacy they could just have their browser return random shit whenever a website asks for tracking info. Block 3rd party cookies and return a standard user agent, font list, and standard any other info the website demands.
It wouldn't be that hard for them to make every instance of their browser look like one of maybe six standards. Tracking is useless if every user is the same one.
(Score: 1, Interesting) by Anonymous Coward on Sunday September 11 2022, @03:18PM (1 child)
Mozilla Firefox's defaults send a fair bit of data out...
See also: https://brave.com/popular-browsers-first-run/ [brave.com]
2799 is a lot more than 91.
Secondly like most other popular browsers Firefox in stock config does not warn you if say your bank's website cert is no longer a certificate signed by its usual CAs but a different certificate signed by a foreign CA. While you might be fine with say Chinese sites using certs signed by a Chinese CA you might like to be alerted if your US bank/corporation website suddenly appears to be using a cert that's signed by a Chinese CA.
p.s. yes I know certificate/public key pinning can be used to protect for this but pinning has some disadvantages and I prefer a user controlled solution, that does not depend on the site to use pinning.
(Score: 0, Redundant) by Anonymous Coward on Sunday September 11 2022, @08:27PM
Some clarifications about those numbers: most of those requests made by Firefox are for settings sync (which, granted, should be turned off by default). Sending default values of settings for sync'ing is sort of non-info because they are the same for everyone and thus can legitimately be taken out. If you subtract those, you are left with ~107 requests, which isn't _that_ much more than what the other browsers do.
As mentioned as well: most of those remnant requests are made to mozilla-owned domains, not to private surveillance actors.
On top of that, at least firefox also has a mechanism to neuter those outbound requests for the future via about:config. Chrome-based browsers do do not offer you that level of flexibility. I will also grant that these things _should_ be off by default, and _should_ be opt-in when they aren't.
Mozilla does not get a clean slate, not by a long-shot, they have much to be improved on. But let's also not do mindless slander either...
(Score: 1, Interesting) by Anonymous Coward on Monday September 12 2022, @02:02AM
And should be ignored.