Bug#882073: firefox: Disable Pocket by default: a non-free web service and privacy relevant that should require consent

Erich Schubert erich at debian.org
Sat Nov 18 15:01:41 UTC 2017 

Package: firefox
Version: 57.0~b9-1
Severity: normal
Tags: patch

The Debian package of firefox should disable Pocket by default, as this 
encourages the use
of a non-free web service, and sends privacy relevant information 
without prior agreement by the user.

The suggested change is simply to change the default setting in

/usr/lib/firefox/browser/defaults/preferences/firefox.js
pref("extensions.pocket.enabled", true);

to "false". Then users can enable pocket in their profile by setting 
this to true if desired; but by default it will not use this non-free 
service.

To by default disable the "Recommended by Pocket" part of the front 
page, also add this:

pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);

There may be other privacy-relevant settings of firefox to fine tune.

Unfortunately, Mozilla keeps on adding new extensions all the time that 
transmit data.
But Debian should be a bit reluctant to enable such services by default, 
but rather leave the decision to the user of whether (or not!) to enable 
them.

With the current default, firefox will make requests to the Pocket API. 
The default should be to not do so.

-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: buster/sid
   APT prefers unstable
   APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox depends on:
ii  debianutils               4.8.3
ii  fontconfig                2.12.3-0.2
ii  libatk1.0-0               2.26.1-1
ii  libc6                     2.24-17
ii  libcairo-gobject2         1.15.8-2
ii  libcairo2                 1.15.8-2
ii  libdbus-1-3               1.12.0-1
ii  libdbus-glib-1-2          0.108-3
ii  libevent-2.1-6            2.1.8-stable-4
ii  libffi6                   3.2.1-6
ii  libfontconfig1            2.12.3-0.2
ii  libfreetype6              2.8.1-0.1
ii  libgcc1                   1:7.2.0-14
ii  libgdk-pixbuf2.0-0        2.36.11-1
ii  libglib2.0-0              2.54.2-1
ii  libgtk-3-0                3.22.25-1
ii  libgtk2.0-0               2.24.31-2
ii  libhunspell-1.6-0         1.6.2-1
ii  libjsoncpp1               1.7.4-3
ii  libnspr4                  2:4.16-1
ii  libnss3                   2:3.33-1
ii  libpango-1.0-0            1.40.13-1
ii  libsqlite3-0              3.21.0-1
ii  libstartup-notification0  0.12-4+b2
ii  libstdc++6                7.2.0-14
ii  libvpx4                   1.6.1-3
ii  libx11-6                  2:1.6.4-3
ii  libx11-xcb1               2:1.6.4-3
ii  libxcb-shm0               1.12-1
ii  libxcb1                   1.12-1
ii  libxcomposite1            1:0.4.4-2
ii  libxdamage1               1:1.1.4-3
ii  libxext6                  2:1.3.3-1+b2
ii  libxfixes3                1:5.0.3-1
ii  libxrender1               1:0.9.10-1
ii  libxt6                    1:1.1.5-1
ii  procps                    2:3.3.12-3
ii  zlib1g                    1:1.2.8.dfsg-5

firefox recommends no packages.

Versions of packages firefox suggests:
ii  fonts-lmodern          2.004.5-3
ii  fonts-stix [otf-stix]  1.1.1-4
ii  libcanberra0           0.30-4
ii  libgssapi-krb5-2       1.15.2-2
pn  mozplugger             <none>

-- no debconf information

More information about the pkg-mozilla-maintainers mailing list