While nice for supporting the development of Firefox, it adds nothing to your subjective browsing experience. As far as I understand, disabling it is also not a data point by which you could be fingerprinted.
You're taking it for granted that the reported data is adequately anonymized to the point of being impossible to make any inferences about individuals, which is a huge leap, not only in trust, but data science.
As mentioned later in the article, Mozilla is based in a country with sweeping surveillance legislation, and so should not be trusted to hold or process [potentially] personally identifying data, no matter how well intentioned they themselves may be.
> it adds nothing to your subjective browsing experience
Firefox decision makers actively consult the telemetry data when making decisions. If you've disabled telemetry and I haven't then my experiences count double and yours are discarded entirely.
For example, TLS 1.0 (and 1.1) is deprecated and will be disabled by mutual agreement among browser vendors in 2020. On the road there, Firefox are watching their telemetry to determine how many users are affected and how much effort it's appropriate to put into mitigating difficulties for those who have systems that can't be upgraded.
For me this will go fine, I don't have any systems that aren't capable of TLS 1.2 and very few that can't do TLS 1.3 so my telemetry data will show all is well. Maybe you are not so lucky. Too bad, you've disabled telemetry so nobody is coming to help. Bye.
> Firefox decision makers actively consult the telemetry data when making decisions. If you've disabled telemetry and I haven't then my experiences count double and yours are discarded entirely.
Yours won't count double unless there are only two users, in which case decision makers will likely disregard telemetry data all together.
You're right that the individual's usage pattern isn't directly considered, but for most users that won't matter because their usage patterns aren't uncommon. If you're one of a small group of users that do $weirdThing and that group is so small that your individual telemetry data contributes significantly, a) that group will likely be ignored and b) anonymizing is a problem you may not want to be involved in as a user.
Yeah, I don't really buy that telemetry is actually guiding design in the first place. Rather, I wager telemetry most often gets used to create post-hoc rationalizations for changes somebody already has their heart set on. And if the most relevant statistic plainly doesn't support the change, then a less obvious statistic is found instead and said to be more important (e.g. "telemetry says 85% of our users use this feature.... but telemetry also says that 90% of users close the application within five minutes of using this feature every time they use it, so users might think they like this feature but actually they're wrong and it drives down user engagement.")
I've not worked at Mozilla, but that's how I've seen it happen just about every time I ever saw telemetry get cited in situations I had some insider insight into.
FWIW, I work at Mozilla and I have used telemetry in the way it's meant to be used. I'm sure there are cases where it's misused the way you describe, but by no means are all the cases like that.
Relating to my other comment in this thread, when you used telemetry at Mozilla did you make or violate the default assumption of user equality? Were all users given equal weight, or were socially influential power users given a greater weight?
All users were given equal weight. From the dashboards at telemetry.mozilla.org you can't even tell which users are more socially influential. And to be precise, with many of the metrics that I've used, they tend to be per-pageload or per-action rather than per-user.
Edited to add: my comment makes it sound like there is some other way to tell from telemetry data which users are more socially influential. That's not the case as far as I know.
Has anybody at Mozilla been pointing out that "data-driven" design predicated on incomplete data, making incorrect assumptions about the relative importance of different users, might be contributing to the decline of Firefox?
A single power user who happens to be a system administrator for a public school district has the power to install or uninstall hundreds of firefox instances. And it was power users that spread word-of-mouth awareness of firefox the most during the days when firefox was actually growing. Continue to treat them as equals to all other users and I predict firefox will continue its tragic slide into obscurity.
Are you sure they know more about it than you, or do they just style themselves as knowledgeable? If mozilla really wants to be truly data driven, then maybe they should look at the data and realize that perhaps trying to be data-driven has contributed to Firefox's decline into relative obscurity.
The way I see it, "data driven" design is often similar to an over-reliance on standardized testing or zero-tolerance policies; a way of abdicating responsibility for a decision and covering your own ass. "Users hate this but I'm not to blame because I was just going off the data" has become the new "Sure everything ended up going sideways, but can you really blame me for buying IBM? Nobody gets fired for buying IBM."
Where is the data to suggest that data-driven design actually produces the desired results? That seems to be missing.
This is not a very productive discussion. I don't want to blow you off with a "trust the experts" kind of response, but that's basically what it boils down to. You are certainly entitled to second guess people whose livelihood it is to keep Mozilla going from your comfortable armchair, but I'm going to extricate myself from this discussion.
How Mozilla know how many people have activated telemetry? Maybe they are making decisions based only in the few minority of user that have activated it.
> it adds nothing to your subjective browsing experience
It increases the chances that Firefox developers address performance and other problems that are affecting you. If you disable telemetry, your problems "don't count" when doing data-driven prioritization of development work. (note: I'm a Mozilla employee, working on gecko)
Concrete example of this: Mozilla removing RSS support because "[it has] outsized maintenance and security costs relative to their usage"[1]. I suspect that there's a high correlation between "power users" that used RSS and went through the settings to disable telemetry.
It would hardly matter because such users are probably still, and always were, an absolute minority of Firefox users and, more importantly, data-driven design often assumes equality of users unless somebody has gone out of their way to justify violating that assumption. And the easiest/most common way to violate the assumption of user equality is to point at other data, such as "only 1% use that feature but 50% of those that do are whales who account for 90% of our income."
But when the matter is less concrete because the value of one particular minority demographic is hard to pin down in the collected data (from what in the mozilla's telemetry data can you persuasively derive the value of power users who tell their friends and family to use firefox? Uncovering those relationships would certainly violate users' privacy..) then "data driven" decision processes will by default assume all users have equal worth.
Another big example is Linux. If you ever wonder why developers don't bother to support your Linux distro, try turning on telemetry once in a while. It'll help.
The removal of RSS is just an example of poor management and decision making by Mozilla.
I think that even if telemetry had had different results, they would have then just ignored it for making that decision. Or they would have changed the interface to hide a feature, and then when users used it less, they would use that as justification to remove something.
There was really no good reason to remove it. They quantified the costs of keeping it at something like $5000. How much do they spend translating Firefox into obscure languages that nobody downloads? Or on catering for their galas and fundraisers? Or any other stuff not related to writing software?
> You're taking it on trust that it's anonymized to the point of being impossible to make any inferences about individuals, which is a huge leap, not only in trust, but data science.
I don't doubt that someone at Mozilla could de-anonymize that data, but I have enough trust in the organization that they won't
> Mozilla is based in a country with sweeping surveillance legislation, and so should not be trusted to hold or process [potentially] personally identifying data, no matter how well intentioned they themselves may be.
Even if Mozilla are completely trustworthy, nothing is stopping them from being forced to give up all that data with a national security letter (accompanied with the customary gag order), to be mined for insights by alphabet agencies.
Have a look through about:telemetry and let us know what you think the US government thinks is so valuable they would threaten powerful people with jail time to find out. Whether my CPU has MMX? Maybe times so far in this session there was auto-starting audio playback which you allowed even though Firefox defaults to never allowing this?
I can /maybe/ if I squint really hard, imagine some murder detective figuring out a way that a value in their suspect's telemetry data helps prove they did it. Only thing is, the murder cop can just ask a judge to let them go take the suspect's whole PC, no need to bother any Mozilla employees with crazy requests.
You are aware that it is publicly known that the US government has been practicing a "collect anything you can get your hands on about everyone" approach for a while now, right?
So your theory is that the US government's policy is to find the most convoluted difficult way to do this collecting and ignore all the easier ways?
"Boss, I just got done with that $500Bn compute job to work out a guy's password as you recommended, rather than just resetting it by email as I'd originally thought of doing. As you pointed out the government can just raise income taxes to pay for it"
"Cool, OK, now I want you to go threaten this company CEO. They collect optional telemetry data and we'd like to extort that CEO into telling us whether a user with this IP address has an Intel or AMD processor"
"Shouldn't I just get them to export the data from their software directly rather than bother with all this? Or just use any of these broadly available malware techniques to get the answer for the user we care about?"
"No, that would be simpler and cheaper, if we do it this way only a true genius like zAy0LfpBZLC8mAC would realise what we're up to, as ever our goal is collect anything but only in the most elaborate way possible so that it's tremendously expensive and difficult"
"OK, but what if the user has disabled telemetry?"
"Then we'll have to think of an even more expensive and elaborate way to collect data. We have a programme to teach goldfish to swim differently depending on whether they have recently seen anybody wearing a T-shirt with a specific logo design on it."
Okay, so we know that there's a 2017 MBP running firefox with IP 172.16.23.xx, and the users uses features a, b, c with frequencies x, y, z respectively. How can this be nefariously used?
You're taking it for granted that the reported data is adequately anonymized to the point of being impossible to make any inferences about individuals, which is a huge leap, not only in trust, but data science.
As mentioned later in the article, Mozilla is based in a country with sweeping surveillance legislation, and so should not be trusted to hold or process [potentially] personally identifying data, no matter how well intentioned they themselves may be.