Bug#882073: firefox: Disable Pocket by default: a non-free web service and privacy relevant that should require consent
Erich Schubert
erich at debian.org
Sat Nov 18 15:01:41 UTC 2017
Package: firefox
Version: 57.0~b9-1
Severity: normal
Tags: patch
The Debian package of firefox should disable Pocket by default, as this
encourages the use
of a non-free web service, and sends privacy relevant information
without prior agreement by the user.
The suggested change is simply to change the default setting in
/usr/lib/firefox/browser/defaults/preferences/firefox.js
pref("extensions.pocket.enabled", true);
to "false". Then users can enable pocket in their profile by setting
this to true if desired; but by default it will not use this non-free
service.
To by default disable the "Recommended by Pocket" part of the front
page, also add this:
pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
There may be other privacy-relevant settings of firefox to fine tune.
Unfortunately, Mozilla keeps on adding new extensions all the time that
transmit data.
But Debian should be a bit reluctant to enable such services by default,
but rather leave the decision to the user of whether (or not!) to enable
them.
With the current default, firefox will make requests to the Pocket API.
The default should be to not do so.
-- Package-specific info:
-- Addons package information
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8),
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages firefox depends on:
ii debianutils 4.8.3
ii fontconfig 2.12.3-0.2
ii libatk1.0-0 2.26.1-1
ii libc6 2.24-17
ii libcairo-gobject2 1.15.8-2
ii libcairo2 1.15.8-2
ii libdbus-1-3 1.12.0-1
ii libdbus-glib-1-2 0.108-3
ii libevent-2.1-6 2.1.8-stable-4
ii libffi6 3.2.1-6
ii libfontconfig1 2.12.3-0.2
ii libfreetype6 2.8.1-0.1
ii libgcc1 1:7.2.0-14
ii libgdk-pixbuf2.0-0 2.36.11-1
ii libglib2.0-0 2.54.2-1
ii libgtk-3-0 3.22.25-1
ii libgtk2.0-0 2.24.31-2
ii libhunspell-1.6-0 1.6.2-1
ii libjsoncpp1 1.7.4-3
ii libnspr4 2:4.16-1
ii libnss3 2:3.33-1
ii libpango-1.0-0 1.40.13-1
ii libsqlite3-0 3.21.0-1
ii libstartup-notification0 0.12-4+b2
ii libstdc++6 7.2.0-14
ii libvpx4 1.6.1-3
ii libx11-6 2:1.6.4-3
ii libx11-xcb1 2:1.6.4-3
ii libxcb-shm0 1.12-1
ii libxcb1 1.12-1
ii libxcomposite1 1:0.4.4-2
ii libxdamage1 1:1.1.4-3
ii libxext6 2:1.3.3-1+b2
ii libxfixes3 1:5.0.3-1
ii libxrender1 1:0.9.10-1
ii libxt6 1:1.1.5-1
ii procps 2:3.3.12-3
ii zlib1g 1:1.2.8.dfsg-5
firefox recommends no packages.
Versions of packages firefox suggests:
ii fonts-lmodern 2.004.5-3
ii fonts-stix [otf-stix] 1.1.1-4
ii libcanberra0 0.30-4
ii libgssapi-krb5-2 1.15.2-2
pn mozplugger <none>
-- no debconf information
More information about the pkg-mozilla-maintainers
mailing list