A deep dive into Firefox's new Terms of Use

As of writing, Firefox's Terms Of Use has undergone significant changes over the past couple of days. This blog post is my attempt to:

1. Document most if not all of Mozilla's changes to their Terms Of Use
2. Give my personal opinion on Mozilla's ToU (Terms of Use)

Clearing the air on clickbait

In traditional fashion, Mozilla's situation has lead several prominent people to add clickbait title's to their Youtube videos, including but not limited to:

• Theo - t3.gg (Firefox just gave up on privacy)
  • Note: Prior to their current title, they titled their video "BREAKING: Firefox drops new TOS that allows them to use your data"
• ThePrimeTime (FireFox Changes ToS - They Will Sell Your Data)
• Mental Outlaw (The Worst Firefox Update Ever)

While there's nothing too inherently deceptive about these, their designed to make you have an immediate gut reaction and assume the worst. Maybe that's a fair assumption to be making, but we'll cover that later. Additionally, while it seems inconsequential, the difference between ToS (Terms of Service) and ToU (Terms Of Use) is quite large. ToS implies that Firefox is a service provided to you by Mozilla, and ToU implies that Firefox is a product that you have access to.

How this blog post is formatted

In this blog post, I will go from the newest iteration of the ToU, and make a note about any changes that Mozilla had made to the relevant section. I'm using the Wayback Machine so that I can accurately know what was changed, and when.

Mozilla Gives You Certain Rights and Permissions

Mozilla grants you a personal, non-exclusive license to install and use the “Executable Code" version of the Firefox web browser, which is the ready-to-run version of Firefox from an authorized source that you can open and use right away.

This statement alone is riddled with ambiguity. Specifically, Mozilla talks about an authorized source. They give no direct mention as to what an authorized source includes, and more importantly, what it doesn't include.

For example, back in the day Mozilla had an issue with the Debian Linux distribution, whereby Debian Maintainers distributed versions of Firefox with modified source code, whilst still using Mozilla's branding for Firefox. Subsequently, the Debian Maintainers applied custom branding to Firefox, calling it "Iceweasel". This has since been reverted due to relaxed pressures from Mozilla.

In the example above, Mozilla disallowed the Debian Maintainers to distribute the Firefox software, making them an unauthorized source for Firefox. So, by that logic, anyone distributing Firefox who:

• Hasn't received any complaints from Mozilla
• Uses custom branding

Could be considered an authorized source. They then go on to explicitly use this definition to state:

These Terms only apply to the Executable Code version of Firefox, not the Firefox source code.

Some people have used this as an argument to say that forks of Firefox aren't affected by Firefox's ToU. However, at least to me, this line implies that the ToU doesn't apply to the actual lines of code within Firefox's source, and only to the Executable Code. This leaves the ToU open to the possibility of applying to forks because, as mentioned earlier, the definition of "Executable Code" is unclear about what is and isn't an authorized source.

You Give Mozilla Certain Rights and Permissions

You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.

This section of Firefox's ToU is one of the most controversial. Specifically, it garnered a lot of attention before it was edited by Mozilla. The original version reads as follows:

You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet. When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

The first part of those two snippets, regarding processing of data in accordance to the Firefox Privacy Notice is still the same, but the newest rendition sounds nicer. The second part is different. The original rendition of the ToU says

to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

In comparison, the newest version says

for the purpose of doing as you request with the content you input in Firefox.

The original version of this term says that the data you input and upload is collected and processed in accordance with your use of Firefox. This is implicit in the sense that if your using Firefox, your giving them the right to use the information they collect to help you navigate, experience, and interact with online content. However, they now say that they can use the information they collect per your request.

So for example, before, if Firefox collected some art I made and uploaded to Discord, they could use it to train their AI. However, with their new wording, they can only use it to train their AI if you ask them to. This is a pretty big distinction all things considered, and could be used as legal leverage if you were to take Mozilla to court.

You Are Responsible for the Consequences of Your Use of Firefox

You agree that you will not use Firefox to infringe anyone’s rights or violate any applicable laws or regulations.

This is the second most controversial part of Firefox's ToU. To understand why it was met with as much public backlash as it was, we need to see the original section from the ToU

Your use of Firefox must follow Mozilla’s Acceptable Use Policy, and you agree that you will not use Firefox to infringe anyone’s rights or violate any applicable laws or regulations.

The only difference here is Your use of Firefox must follow Mozilla's Acceptable Use Policy. If we want to see why that's a big deal, we need to, of course, look at Mozilla's Acceptable Use Policy. There's some normal stuff in here, like Do anything illegal or otherwise violate applicable law and Exploit or harm children, but there's also some not so normal things. Specifically:

Upload, download, transmit, display, or grant access to content that includes graphic depictions of sexuality

By this, Mozilla means porn. That's it. They use graphic depictions of sexuality, but in layman's terms, they just mean porn. Now, according to the initial rendition of Firefox's ToU, while using Firefox you had to conform to the Acceptable Use Policy, and therefore couldn't use Firefox to watch porn. Personally, I don't think that's their decision to make.

In the current rendition however, you just can't use any of Mozilla's services, which they describe as:

• Mozilla VPN
• Firefox Relay
• Firefox Monitor
• Firefox Notes
• Firefox sync
• Pocket

So you can't sync your browser sessions if they have bookmarks to porn sites, for example.

End of Firefox's ToU

So, I've shown you the important parts of Firefox's new ToU, and if your grossed out, I don't blame you. In case you wish to do some extended reading, you can visit these sites I used to access Firefox's Terms of Use and Mozilla's Acceptable Use Policy respectively

• Archived copy of Firefox's original Terms of Use
• Current copy of Firefox's Terms of Use
• Current copy of Mozilla's Acceptable Use Policy

However, the story doesn't end here. As it turns out, Mozilla is an open source company. Every change they make, is freely available to anyone who wants to see it. Unfortunately for Mozilla, this includes everything they don't want you seeing too.

One example of this is a commit on the official source code for Mozilla's website. You can view the whole commit here, but here's some highlights

diff
Copy
- <h2 class="c-section-title">The best privacy</h2>

+ {% if switch('firefox-tou') %}
+ 	<h2 class="c-section-title">Always protected</h2>

diff
Copy
- Firefox is independent and a part of the not-for-profit Mozilla, which fights for your online rights, keeps corporate powers in check and makes the internet accessible to everyone, everywhere. We believe the internet is for people, not profit. Unlike other companies, we don’t sell access to your data. You’re in control over who sees your search and browsing history. All that and exceptional performance too.

+	Firefox is independent and a part of the not-for-profit Mozilla, which fights for your online rights, keeps corporate powers in check and makes the internet accessible to everyone, everywhere. We believe the internet is for people, not profit. You’re in control over who sees your search and browsing history. All that and exceptional performance too.

diff
Copy
-	{
-		"@type": "Question",
-		"name": "Does Firefox sell your personal data?",
-		"acceptedAnswer": {
-			"@type": "Answer",
-			"text": "Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. "
-		}
-	},

Conclusion

If you still think that Mozilla has your best interest in mind, I don't know what to tell you. The people currently in charge of the company aren't the same people who ran Mozilla all those years ago. If your worried about whether the Terms of Use applies to forks, I'd suggest moving to a chromium-based browser, something like Thorium or ungoogled-chromium. If your not wanting to leave Firefox, maybe check out Mercury or Zen.