Mozilla has been hitting the headlines a little too much these past few weeks. The company is one of the very few tech companies that are considered pro-privacy by their users, not just by themselves. However, the Firefox maker recently came under fire for pushing a hidden add-on to its users to promote Mr. Robot, a popular drama–thriller television series focusing on cybersecurity.
With that episode now behind us, Firefox is back in the news. Apparently, the browser had been collecting crash information from users since March 2017, even if its users had chosen to avoid submitting crash reports. Mozilla engineers wrote that this has been happening since Firefox 52 and was due to a bug.
The company's response to this bug, however, shows why Mozilla continues to win its users trust in an era where cybersecurity disasters are rampant and user privacy has become a myth. Mozilla said last week that the bug that automatically send crash reports to the company has now been fixed with the release of Firefox 57.0.3. It also added that Mozilla will be deleting all the telemetry data collected during those nine months.
Firefox will delete all telemetry data to avoid any privacy concerns
This data includes even the reports that were sent with user permission. "We do not know the exact impact of 1424373 (bug report), as we cannot distinguish between users that chose to auto-submit crashes and users that triggered the bug," the company wrote. This is notable because it leaves the company with no data whatsoever from the past several months.
Mozilla said this is being done to ensure that no one can be identified using this data. "While we designed the crash reporting system to be difficult to map back to individuals, we need to be mindful that crash dumps contain the contents of the crashing tab," it wrote.
With low frequency they may contain private or identifying information.
Crash reports contain information about the active page that was being viewed at the time of the crash and a dump file of the browser's memory contents, which may contain data that can identify a user. Since the company can't distinguish who agreed to send this data and who chose not to, it has decided to delete all the telemetry data collected during the time this bug was present.
The company is also modifying its servers to reject any additional data resulting from this bug from browsers that may not have been updated yet.
We will add measures to discard new, automatically submitted crashes from affected versions, and then delete all crash reports collected prior to that deploy. Our goal is to have this data deleted in the next ten days.
Many privacy focused users choose not to send crash reports because of privacy concerns. While these reports help browser makers to spot bugs and improve performance, they can also potentially connect individual users with their web history. With the tech industry excessively obsessing over user data, Firefox's decision will be taken as a pleasant surprise by its devoted users who continue to prefer the browser over offerings by major tech companies like Google, Apple, or Microsoft.