cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
citb
Strollin' around
Status: Trending idea

Thunderbird should have the ability to disable ALL telemetry and other unknown connections, in fact this should be the default.  The only place Thunderbird should be connecting to is the email provider's POP and SMTP servers, and/or IMAP servers.    If it wants to connect to anything else there should be a way to get a full explanation of where it is going, why it is going there, and we should have the ability to block that connection if it is doing things we don't want it to do.  Some of us do NOT want it trying to sync anything to any online cloud service!

A connection that ONLY checks for updates to Thunderbird and does nothing else that would be fine too, but as it is Thunderbird just wants to connect to various thunderbird.net, mozilla.com, and firefox.com addresses with no explanation of why or what it's doing.

Thunderbird needs to be much more transparent about what it's connecting to, and give users the opportunity to opt out without having to use external connection blockers such as OpenSnitch (Linux) or Little Snitch (MacOS).  The "just trust us" mentality that many developers have just doesn't cut it in these times, particularly for anyone who values privacy.

17 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

MattAuSupport
Familiar face

Given that significant parts of Thunderbirds user interface (addons manager details,  welcome page, whats new on updates etc) are essentially served as web pages into Thunderbird, perhaps your expectations are becoming unreasonable.  The next version will come with Sync enabled.  If you use it or not is not relevant. Simply selecting the menu item will initiate a connection to sign in.

As for "only checks for updates"  that involves at least two if not more domains.  First is the actual Thunderbird product.  Then there are addons.  Most of these update from Thunderbird.net, but my understanding is an addon can have a custom update location.

At a personal level I would like to see significantly more anonymous telemetry not less.  Does anyone use this new feature willingly, that the developers are asserting is user demanded,  or are most simply doing their best to disable it because only a select few actually want it.  The quest for privacy should not trump the need for the development community to get feedback on who if anyone uses what features.  It is only through having data about usage that the developers can stop doing hugely unpopular things like ceasing support for features used by many.

 

 

 

 

 

BEEDELLROKEJULI
Making moves

Please don't remove the telemetry. Just make it opt-in.

fung0
Making moves

Absolutely! "Telemetry" is a technical euphemism for privacy violation.

Here's a thought: make telemetry opt-in, but be incredibly transparent about what data you want, and give users granular control. I'd be happy to share some technical details, but only if I have complete trust in the people gathering them. (I leave Steam running 24/7, because Valve has never, ever abused my trust. That kind of trust takes decades to build... and can be blown away in an instant.)

Another option: if you want my data as a revenue stream, give me outright purchase as an alternative. I don't mind paying a substantial fee for my software. But I do strongly resent renting it, or having it spy on me.

MasoudAhmadi20
New member
Like
s_hentzschel
Making moves

> Absolutely! "Telemetry" is a technical euphemism for privacy violation.

I'm not sure if anyone can really be serious about something like this, but no, simply no. Telemetry is not an euphemism for privacy violation. There is really no reason why it shouldn't be possible to have telemetry while preserving the privacy. Please educate yourself on how telemetry actually works in Mozilla products, outside of conspiracy theories.

As a user, I am the one who benefits the most from telemetry being enabled. Telemetry is an important tool for developers but it doesn't matter for the developers if *you* are included in the data not. They will work with the data they get. As a user, I *want* to be considered for product decisions and I really think it should stay enabled by default. It's great that everyone can opt-out, but most people are totally okay with sharing technical data. And since most people don't change default settings the default setting has to be made in the best interest for the users - and this means that the developers get representative data from real users unless people who really care about not sharing something opt-out from it.

Hemlock_Stones
New member

I concur with this request.  One needn't be a conspiracy theorist to feel it's rude for software to 'phone home' without explicit permission, irrespective of what "most people are totally okay with." 

Sure, I'm more concerned when Intuit snarfs up personal financial data than when Mozilla extracts anonymized usage and crash info.  "Most people" have probably become accustomed to being monetized as the price of "free" (as in beer) software, but at the core lies a question of basic respect.

So I vote for opt-in telemetry, with available detailed disclosure of what will be transmitted.

fung0
Making moves

> Telemetry is not an euphemism for privacy violation. 

I'm not talking conspiracy theories, just simple logic. Data on MY device is MY data. Period, end of story. I should be free to give it or withhold it as I choose - that's what "mine" means, right there in the dictionary. (Perhaps I should use less loaded terms. Okay: telemetry is a "partial surrender of my right of privacy." But it is most certainly a "violation" if not done transparently and voluntarily. Which, in practice, is almost never the case.)

I agree that it is entirely possible to implement telemetry in a benign fashion. And I certainly don't mind helping developers who are making great products for me to use. But the reality is that even the most 'benign' developers have come to take "telemetry" for granted, as a default, as a right. Worse, the term itself is being misused, especially by the largest corporate developers, to greenwash the gathering of far more than just basic technical data. Data that is not only not documented, but cunningly obfuscated to ensure that users cannot know exactly what information is being taken from them.

So the intent of my message is not to challenge the basic concept of gathering user data in order to improve a product. Or to single out Mozilla as a particular offender. It is to challenge the way 'telemetry' is being done across the board: by default, with few options and minimal transparency. I'm tired of seeing a blanket disclaimer telling me "we gather only technical details", without any explanation of those "details", let alone any way for me to monitor or control the data that is flowing outward from my device into the hands of strangers who may or may not have my best interests in mind, and who may or may not be anonymizing or securing that data as well as I would wish.

Had big corporate developers - especially Microsoft - come clean from Day One, my attitude toward "telemetry" would undoubtedly be very different now. But the reality is that the bar has been lowered across the entire developer world.

Thunderbird - in fact, all software - should at a minimum:

  • a) tell me in complete detail what data it wants to gather;
  • b) give me the ability to confirm and monitor that this and only this is what is being gathered; and
  • c) give me granular control, especially if some of the data items could potentially be more sensitive than others.

This is entirely possible, and not particularly difficult to implement. (Check how Valve does it with the Steam hardware survey.) In fact, I'm absolutely fine with data collection being an installation default... as long as it meets my three criteria.

All this should be uncontroversial. The fact that I have to explain it at all shows how far we've deviated from a reasonable norm.

Email is how I communicate privately with friends, family, love-interests, colleagues, political fellow-travelers and more. There is nothing more sensitive on my device than my email. Ergo, I should be able to trust my email app beyond a shadow of a doubt. If that seems like an onerous requirement to anyone, they are simply demonstrating that my qualms are not unfounded.

Aftermath
Making moves

Opt-in will just reduce the code quality, and then the people who wanted it to be an opt-in will change to another project with opt-out telemetry because "it just works, thunderbird doesn't and it's bloatware"

It should probably be a vote with yes or no, rather than an idea with only thumbs up

ed2718
New member

Telemetry is a touchy subject.  It can be very helpful for developers and doesn't need to compromise privacy, but in practice this rarely happens. The problem is not the telemetry itself, the problem is that most software is written by profit maximizing corporations. If your sole goal is to maximize profit of course you will use technical telemetry as an excuse to scoop up all the personal information you can get your hands on. We are all so used to this that we just assume telemetry means sucking up personal information and we forget the reason we invented telemetry in the first place.

This puts Mozilla in a real bind. Telemetry can make development more efficient and make the end product better, but in order to collect telemetry Mozilla needs to overcome the cynicism that predatory capitalism has left us all with.  One solution is to make telemetry opt in, but as a practical matter no one bothers to opt in to anything. It would be nice if we could just tell everyone that we aren't actually sucking up personal information, but everyone says that and most people are lying.

I don't have a good solution for this. Maybe dumping all the telemetry in a more or less human readable text file would help. Most people will never look at the text file, but anyone who does can verify that the telemetry is reasonable. If the telemetry goes to Mozilla in the same format as the text file some people will pull out Wireshark and make sure the text file matches the data actually sent.  This is a waste of network bandwidth and disk space, but it would help a lot with transparency. There still needs to be an opt out button for people who have been abused so much they don't even trust Mozilla.

It would be a shame if we had to make telemetry opt in, that would leave us with data only from people who bother to opt in, and that leaves us with no data on how unsophisticated users actually use Thunderbird. These are exactly the users who need the most help, and exactly the users who don't know how to ask for it.

fung0
Making moves

a) Yes, I agree that telemetry should be available to developers - ideally. I am enormously grateful to any group that supplies me with software that is useful, feature-rich, flexible and secure. And I'd really like their work to be made as easy as possible.

b) Unfortunately, as users we've been abused in so many ways, for so long, that no one should be surprised we've become leery. Microsoft has been by far the worst offender: claiming "telemetry" as an absolute right; refusing to allow users to disable it (while allowing "enterprise" customers to do so); and making it as difficult as possible to discover what information is being sent. However, vanishingly few publishers are 100% blameless. I only discovered by accident that Firefox was sending out telemetry by default, and that config edits were the only way to disable this. (Please correct me if I'm wrong, or out of date.)

c) Nonetheless, I'm okay with "telemetry ON" being a default - as long as a great big dialog box pops up during installation, and offers me a clear choice between "ON" and "OFF." (I believe this is becoming a requirement in the EU.) Now, if developers want me to select "ON," the onus is on them to gain my trust. Trust is slow to build, easy to destroy - but total transparency about what's being collected would be a great start. As ed2718 points out, there are experts who will gladly verify the content - and they will create a cascade of trust among knowledgeable users.

It would be nice if users simply trusted their software providers, but that ship has sailed - and been scuttled. The sad reality is that privacy has been eroding dramatically over the past couple of decades, and users are clearly not wrong to be cautious. It's a shame that this does make extra work for developers, but that work can bring large dividends in the long run. Honest, non-corporate developers like Mozilla can lead the way into a better online world, where users once more know who to trust. Hey, guys: if you don't, who will?

Thanks again for all your hard work. The digital world would be a dismal, barren place if not for software like Thunderbird.

jojje
Strollin' around

How to provide telemetry in a trustworthy manner is a solved problem, and it has been used by very trusted companies for decades to help both the developers and users with trouble shooting.

  1. User has decided they have a need to share the telemetry information for specific purpose.
  2. App surfaces a "send diagnostic information" button or menu item that the app, such as under the Help menu (or app menu on Mac)
  3. User clicks the widget.
  4. Application explains what data it gathers and why, while gathering telemetry data and storing it locally.
  5. App asks the user if s/he wants to review the information, and presents a way of doing so, along with a Submit button that users may have grown to trust the vendor may want to use, when they already know what sort of telemetry data is being sent by this feature.
  6. User clicks the Submit button
  7. App uploads the telemetry bundle.

This sort of approach is the only respectful and trust-building approach to telemetry of someone else's device.

If you're a company like Lime/Voi, Uber, United airlines or any other company that need to instrument your own devices, then anything goes. Software running on others' machines has a Much higher bar for acceptable telemetry gathering. Hidden automatic collection is in essence no different than malware.

Status changed to: Trending idea
Jon
Community Manager
Community Manager

Quick update…

This is now a “Trending idea” here on Mozilla Connect, which means it’s one step closer to reaching our internal teams for review—learn more about The Idea Journey.

Please keep the conversation going (the more details to support your case, the better) and stay tuned for updates 😀

MattAuSupport
Familiar face

Here are the published results of telemetry in Thunderbird. https://stats.thunderbird.net/#telemetry

Where is your privacy invaded?  Before assuming that someone is looking,  which they might be.  Perhaps read the source documents on telemetry published by Mozilla.

 

radmanno
New member

Radmanno

If this suggestion is implemented, I recommend adhering to the "KISS" principle.  A simple opt in/out choice.  Developers can offer their reasons for making the choice they recommend.  Let the user make the decision.