Comment by 1vuio0pswjnm7

17 days ago

A "Firefox app" could "access browsing history", "steal cookies", whatever unless (a) the user removes the app's ability to "phone home" from the source code then compiles the app themselves and (b) the user controls the servers to which the app is allowed to connect

For example, Firefox app by default, without any input from the user, tries to make connections to Mozilla servers such as

   content-signature-2.cdn.mozilla.net
   firebaseremoteconfig.googleapis.com
   firefox.settings.services.allizom.org
   firefox.settings.services.mozilla.com
   services.addons.mozilla.org
   detectportal.firefox.com
   contile.services.mozilla.com

The opportunities for Mozilla app developers to send data, e.g., browsing history, cookies, usage statistics, crash reports, empty requests (pings), whatever, to Mozilla or to any third party are without limit unless (a) and (b) are addressed

Even uBlock Origin tries to connect to ublockorigin.pages.dev by default, i.e., without any input from the user

The user might want this connection to occur but because it is a default the user might also not even know the connection is being made. These connections are a developer choice not a user choice. The user might agree with the choice

1 comment

1vuio0pswjnm7

1vuio0pswjnm7 16 days ago

Correction: /googlepis.com/d (another third party server, not a Mozilla server)