Mozilla enabled ads in Firefox and they're active in Fedora

Richard W.M. Jones rjones at redhat.com
Mon Nov 17 14:32:39 UTC 2014 

On Mon, Nov 17, 2014 at 07:41:22AM -0600, Bruno Wolff III wrote:
> On Mon, Nov 17, 2014 at 12:05:35 +0200,
>  Nikos Roussos <comzeradd at fedoraproject.org> wrote:
> >
> >No. We are talking about the tiles. I didn't see anyone suggesting we
> >remove Google search. It's like the tiles feature crossed a line, which
> >is far from truth.
> 
> Firefox is really not set up with privacy as a high priority. Some
> bad things it does from a privacy perspective are:
> 
> If you type a name in the url bar and send, if the name dosn't match
> a domain google is contacted. (And it is google even if you have
> some other search engine set.)
> 
> OSCP is used to check for certificate revocations. For some threat
> models this cure is worse than the disease. There should be an easy
> way to disable this.
> 
> There is not a way to disable fetching all offsite references that
> aren't whitelisted. There is a hard way to do this for images, but
> there does not appear to be a way to do this for other object types.
> 
> The initial initial page is not set to about:blank, so that some
> site will be contacted (I think it is a Fedora page now.) before you
> have a chance to set it to about:blank in firefox. (It is possible
> to change this outside of Firefox, but it is hard.)
> 
> When firefox has a version update mozilla is contacted to present
> you with the release notes for the new version. It is possible to
> disable this, but it isn't really obvious how. (Even if you have
> done it before.)
> 
> Javascript is not easy to disable without installing a third party
> plugin, and the way that plugin works still leaves some exposure to
> javascript related issues.
> 
> There is a safe browsing feature that also will phone home.
> 
> If you look at the about:config menu you will see lots of URLs and
> it isn't clear when these URLs are used in many cases.
> 
> The referer header is sent by default. It isn't obvious how to disable that.
> 
> It isn't obvious how to disable remotes sites storing data locally.
> This feature can be used like cookies and should be easily
> controllable.

This is a good analysis.  However I hope people don't take away from
it "OMG there's nothing we can do".  We can work on making it better
incrementally, and fixing this advert tabs thing is a good place to
start.

Also having the Fedora policy be clear and unambiguous.  Who would
deal with that?  FESCO?  The Board (or whatever it's called these days)?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

More information about the devel mailing list