On Wednesday we shared that we’re introducing a new Terms of Use (TOU) and Privacy Notice for Firefox. Since then, we’ve been listening to some of our community’s concerns with parts of the TOU, specifically about licensing. Our intent was just to be as clear as possible about how we make Firefox work, but in doing so we also created some confusion and concern. With that in mind, we’re updating the language to more clearly reflect the limited scope of how Mozilla interacts with user data.
Here’s what the new language will say:
You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.
In addition, we’ve removed the reference to the Acceptable Use Policy because it seems to be causing more confusion than clarity.
Privacy FAQ
We also updated our Privacy FAQ to better address legal minutia around terms li
33 Comments
plipt
Is Google paying Mozilla to sabotage themselves?
Stay in business, so monopoly arguments can be brushed aside.
But slowly erode privacy on the internet. And slowly lose user base.
move-on-by
> The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”
THANK YOU California for this definition of selling data, which is accurate, and representative of what people think of when discussions of selling data come up.
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners
Ok, so that’s pretty straightforward. According to CA and other states Mozilla is collecting and selling your data. Which is exactly what everyone is upset about and means exactly what everyone thought it meant.
blibble
and they continue to dig themselves a bigger hole
"we are selling your data, not necessarily anonymised, even though a month ago we had a text on our website said we NEVER would"
hysan
This pretty much confirms that this is what everyone thought the change was about. So we get clarity, but no actual change in course from Mozilla. Good. We now know very clearly where Mozilla and Firefox stand on privacy.
0manrho
> in the way that most people think about “selling data”
I quite frankly am opposed to any entity selling my data, in any way, for any reason, without my explicit consent because it implies you were taking my data in the first place, which is the core issue. It's my data. Not yours. Taking it (eg, telemetry) is what I object to. You selling it, I further object to. Stop. Without exception. To both. Period. The how and why of it does not matter. Worried about the breadth of the law opening you up to liability? Then stop chasing enshittification for your own gain. Don't collect the data in the first place. Its that easy.
issafram
this didn't make things better
Shank
> It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
I really struggle to understand what legal team believes this language is necessary in downloaded software. There is a lot of precedent for this kind of language in online hosted services, but not downloaded software.
> This does not give Mozilla any ownership in that content.
Yes, it’s a license. Nothing changes. There is no ambiguity about ownership in a perpetual nonexclusive worldwide license, but this doesn’t explain why this license is suddenly necessary now and wasn’t before.
Clearly the legal team at Mozilla is struggling with multiple issues in this update. Why are these changes being made now, and what is driving them?
Others have discussed the data sale issue, but I don’t see a reasonable explanation for the license issue, and the changing text doesn’t inspire confidence.
betaby
Time to move on. Mozilla lost latest pieces of relevancy.
Apparently, half a billion dollars per year can't get a modern browser nowadays.
At least in Mozilla case.
tofof
While this is confirming that Mozilla is already outright selling data, it at least DOES provide clarity on the issues around the acceptible use policy.
That language had been so broad that it forbade most use of the browser. For example, "send unsolicited communications" so no filing a bug report. "Deceive, mislead" so no playing Among Us. "Sell, purchase, or advertise illegal or controlled products or services" so no online refils of your antimigraine medication lasmiditan or your epilepsy medication (pregabalin) which are schedule V. "Collect or harvest personally identifiable information without permission. This includes, but is not limited to, account names and email addresses" so no browsing any forum where a username is displayed to you. And of course "access to content that includes graphic depictions of sexuality or violence" that rules out watching the nightly news, stream PG-13 and R movies, to watch classic Looney Tunes cartoons, to play Fortnight, and on and on.
comex
> Whenever we share data with our partners, we put a lot of work into making sure that the data that we share is stripped of potentially identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).
But if the data was fully stripped of potentially identifying information, then it should not count as "personal information" under the California Consumer Privacy Act, therefore it should not trigger the "sale of personal information" requirement, regardless of how it's transmitted or what kind of compensation is involved.
The CCPA defines "personal information" as follows:
> “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
(It also includes a list of examples [1], but the examples are conditional on the same "linked, directly or indirectly, with a particular consumer or household" requirement.)
So, which is it? Is the data deidentified or is it not?
Is Mozilla just trying to reduce risk in case someone argues their deidentification isn't good enough? If so, I'd call that a cowardly move.
[1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm…
vitehozonage
>there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar
Mozilla should commit to stop doing anything like that. Then we can have a nice clear Terms of Use that promises to not sell data. I think that would alleviate community concerns.
Silhouette
I'm sad and disappointed that simply charging a fair price in return for offering something of value – with no other strings attached – has become so out of fashion in tech world.
Almost everyone running tech businesses seems to assume that subscriptions or data capitalism are the only way to make any money these days. But I have paid for good software in the past and I know plenty of indie developers who still sell software like a product and do OK with that model. Copies of great software like Firefox could surely be sold – for actual money – to the kind of people who value its independence, privacy, and user focus. Offer free security updates for some reasonable period similar to an LTS release. The web moves fast enough that a lot of people will want to buy upgrades quite regularly anyway just for the new features.
Firefox appears to have close to 200M active users based on Mozilla's published data at https://data.firefox.com/dashboard/user-activity. If they could get 1/20 of those users to pay them an average of $10 per year – that's less than one month of a standard subscription to a major streaming service in most Western countries – then that's $100M/year in revenues. Based on the public financial statements that's on the same scale as their subscription and advertising revenue and their annual spend on development activities.
Another possibility might be to hide some of the developer resources behind some token paywall. Almost everyone I know who works in web dev uses MDN regularly. Firefox dev tools have a lot of useful things about them. Then maybe you can even keep the main browser free and get some revenue from devs – who are mostly going to file it as a business expense anyway and whose employers benefit greatly from the continued existence and maintenance of these resources.
Sure everyone would complain – just as everyone complains about paying a few bucks for a good text or graphics editor they use for hundreds or thousands of hours per year to make 1000x the asking price. But the value is obviously there to many people. I think a lot of Firefox users in particular would probably respect the transparent attempt to keep the lights on without compromising on the USPs that make Firefox attractive to those users in the first place.
GNOMES
I thought the initial wording/hype was around poorly phrased lawyer speak for "you give FF permission to interact (post/get requests) with a web page as a browser. Don't sue us".
The whole some may consider it "legally selling your data" proves this is not just a Terms of Use change in good faith.
hajile
In what countries is this FAQ (removed in their PR) not seen as a legally-binding contract with all current Firefox users? It seems like a very clear contractual obligation in the US.
teshaq
While I agree with folks that this is a step backwards in privacy, I think it’s a good exercise to zoom out and understand Firefox’s position.
The browser market is highly competitive, and Mozilla’s competitors have orders of magnitude more resources at their disposal. As we all know Firefox’s market share has been dropping over the past years and unfortunately the revenue supporting all of Mozilla comes predominantly from their Google deal (which itself has been risked by the ongoing case against Google)
Unfortunately as well – unfortunate for Mozilla, but fortunate for its mission and users :) – the Mozilla corporation is wholly owned by the foundation, so there is no easy way to raise funds (donations amount to so little compared to its Google revenue). Given no access to traditional fundraising, Mozilla has limited options on sustaining its business.
All this is to say, Mozilla seems to be trying to diversify its revenue hard, and its previous on-brand attempts (Firefox OS, VPN, etc) haven’t yielded the return they expected from them, so I’m not surprised Mozilla is trying to make money off of ads and selling data. I disable data collection, though if it came to it, I trust Mozilla a tad bit more than its competitors to protect my data – initiatives like ohttp give me a sign that at least they’re trying
rbc
Maybe this will provide some momentum to SeaMonkey or other browsers?
techjamie
I use Firefox Nightly on Android, and originally had location sharing on for the handful of websites where I'm fine with sharing it. But today, my phone notified me that Nightly updated what it does with location data on the play store to include using location for marketing or advertising purposes.
Changed it to ask every time instantly, and I'm not going to be giving Mozilla nearly as much trust ever again.
ants_everywhere
It may be relevant that Mozilla recently acquired a Meta-created ad tracking company and is now awash with Meta ad execs. [0]
It may also be relevant that Meta is recently upsetting people in Europe for tracking and targeting people in spite of Europe's data protection rules [1].
My guess (and this is just speculation at this point) is that Meta and Mozilla think they're being clever and getting away with some "private" ad tracking and are underestimating how much damage they're doing to Mozilla's reputation.
I doubt the Anonym tech has been built into Firefox yet, but it's clear that the corporate strategic direction is to bet on some concept of "acceptable ads" like Google did in the 90s.
[0] https://www.adexchanger.com/privacy/mozilla-acquires-anonym-…
[1] https://www.reuters.com/technology/digital-rights-activists-…
JumpCrisscross
Hard uninstall. Can’t believe I’m mainling Kagi’s Orion browser. Yet here we are.
koolala
How do you turn off getting your search history sold? You can turn off seeing the suggestions. Can you request they don't sell it though? The company they sell your search profile to could then sell that to someone else.
diggernet
> You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox.
You don't need a license for data you never see. When I use Firefox to type a comment on HN, that comment goes from me to HN. It doesn't go to Mozilla. Mozilla does not need a license. (And no, Firefox doesn't need a license either, because licenses are granted to people and organizations, not software.)
The only possible reason for Mozilla to need a license to the data I type into Firefox is if Mozilla intends to have Firefox send that data to them.
wilkystyle
From the page:
> TL;DR Mozilla doesn’t sell data about you (in the way that most people think about “selling data”)
Three paragraphs later:
> In order to make Firefox commercially viable, there are a number of places where we collect and share some data with our partners, including our optional ads on New Tab and providing sponsored suggestions in the search bar.
Sharing our data with advertisers in return for money is exactly the way most people think about "selling data".
user3939382
Fixed headline: Mozilla adds insult to injury by trying to PR-talk their way out of their Judas-level piece of shit license change
dietr1ch
BS we're sorry you noticed announcement.
There's a few ff forks that may work for you. So far I'm quite happy with Librewolf since I migrated this morning, there's other forks that also cover Android, but there's more privacy-related research to do there as alternatives like Waterfox have past drama.
You can delete your Mozilla account here if you want to send a strong signal that privacy matters,
– https://support.mozilla.org/en-US/kb/how-do-i-delete-my-fire…
—
I'm quite concerned about the web becoming closed at this point. Bigger websites are mostly walled gardens, there's an increasingly big amount of generated crap (even before LLMs), and on top of that Chromium is the new IE, which on it's own a bit better than before since the core is open, but still a bad cherry on top, especially since the Ad push from Google. I don't want `chrome://settings/adPrivacy` on my browser as the optimal amount of ads and tracking is zero.
sabareesh
Hate to say it but seems Safari might be the alternative. Only missing piece is ublock origin
solardev
TLDR Firefox has been selling your data all along in exchange for ad money, but now state laws with more teeth forced them to come clean about this behavior.
lurk2
The one thing I haven't seen in any of these threads is where privacy-conscious users are supposed to go now. Are there any viable alternatives to Firefox?
noisy_boy
Don't care, already moved on and happy with Librewolf (https://librewolf.net/)
acheong08
Submitted and helped with debugging my first bug report to Ladybird browser today. Starting to use it with as many sites as possible. I really hope it can grow to replace Firefox
elchief
I cant see Mozilla surviving this. This is something monopolies get away with, not also-rans
cryptonector
How many times have we seen this ploy? First you have a nice policy, then you change it to something extreme that causes outrage, then you walk back most of the change saying you had legal or whatever baloney reasons to make the change in the first place and somehow couldn't wordsmith the language well enough the first time.
I don't buy it. I hope some day business schools begin teaching that this ploy is a very bad idea. And if this really is the corporate lawyers being greatly insensitive then force PR and others to review every change they make to any policies that could destroy the company.
exodust
> "…for the purpose of doing as you request with the content you input in Firefox"
I'm still confused about the scope of what this means. Is this post I'm writing now considered "content I input in Firefox"? If I upload an image to my own website, is that content I input in Firefox?
From my perspective, I'm not submitting anything "to Firefox", I'm submitting the content to remote servers and websites. I don't use Firefox cloud services or bookmarks or Mozilla account or anything. Even my bookmarks, I use raindrop.io at the moment.
dang
Recent and related:
Introducing a terms of use and updated privacy notice for Firefox – https://news.ycombinator.com/item?id=43185909 – Feb 2025 (1060 comments)