In article <[EMAIL PROTECTED]>, Dave Martel wrote: > On Tue, 08 Jan 2002 08:37:57 GMT, [EMAIL PROTECTED] (MOTAR the > imperious) wrote: > >>On Mon, 07 Jan 2002 19:49:55 -0700, Dave Martel <[EMAIL PROTECTED]> >>wrote: >> >>>>The PC version appeared to be a data collection tool. Perhaps the >>>>FreeBSD version is culmination of all the Windows user's syphoned >>>>feedback? >> >>>Perhaps, but since Mozilla is open-source you shouldn't have any >>>trouble proving your case by showing us the code snippets that form >>>this "data-collection tool". The full source is on >>><ftp://ftp.mozilla.org/pub>. >> >>You work off the assumption MOTAR said their software was doing >>secretive data collection. MOTAR never said that. MOTAR said the >>program connects back to the Netscape/AOL servers which use ordinary >>web scripts. Passive continuous data collection from AOL is more >>annoying to MOTAR than aggressive obvious data collection from many >>other sources. > > I just wanted to get things real clear before asking the good folks in > netscape.public.mozilla.general to confirm this supposed spying. > > How say you, Mozilla users? Is Mozilla being used by AOL to spy on > you? >
I highly doubt it. A quick review of issues discussed earlier in this thread in a.p.s: 1) Mozilla = Netscape = AOL Well, sort of yes and sort of no. Realistically, Netscape will always have serious clout in what goes on in Mozilla as long as they supply the bulk of the development effort, whether the server is hosted by Netscape or a kiwi plantation in New Zealand. In practice, I think it's highly unlikely that be able to suck useful marketing data off mozilla.org servers without one of the independent mozilla.org higher-ups noticing; furthermore, I don't consider it proven that such data exists. 2) Mozilla loads the "red star" images from a mozilla.org server. This has to do (AFAIK) with trying to avoid shipping the images as part of the MPL-licensed packages, for some complex licensing reasons (retaining trademark on the logo or something). Unfortunately, the Opera evangelist you're following up to didn't provide details beyond that, so I don't know what other parts of the Mozilla site it's supposedly trying to contact, although I'd be happy to check it out with more details. One issue that you *should* be aware of is the "What's Related" bar in the Sidebar. There was a longstanding issue where this bar contacted Alexa even with the sidebar closed, which has thankfully been fixed. (See bug 53239). There's also a pref for this somewhere, but somewhat broken; see bug 78821. Given that Alexa seems to be a privacy gray-hat, I'm not terribly thrilled that Mozilla ships with this, but it is removable. You could also look at bug 71270, which has been hotly debated. Basically, code exists in the Mozilla tree providing an extra hook intended for a *legitimate* tracking application. People have argued that it should come out because it can be exploited by other spyware; OTOH, I'd counter that: 1) If you download another piece of spyware onto your machine, it can (well, on a Win9x machine, anyway) do whatever it pleases in terms of scooping up your data. 2) The security provided by *not* having this code is entirely accidental, due to the decision not to use native widgets for Mozilla. All other browsers using native widgets (IE, NS 4.x, Opera) are just as vulnerable to 3rd-party spyware. The only other issue I can think of is talkback data; if you download a talkback-enabled build, it will send data back to Mozilla if the browser crashes. IIRC, by the nature of talkback (basically a memory snapshot at the time of the crash), you're inherently running the risk of sending sensitive data off, although access to the talkback data is limited. -- Chris Hoess
