TL;DR: If you’re one of those people who only reads the title and bylines before bouncing off – don’t waste your time, here’s a quick fix: Ditch Firefox, install LibreWolf. It’s an open-source fork of Firefox that comes pre-hardened for privacy without all the bloat of the original browser. No more fiddling with settings to opt out of junk you didn’t ask for and that you don’t care about.
EDIT: For developers, an interesting alternative browser to keep your eye on is Ladybird. It’s currently deep in development, with an alpha release aiming for sometime within 2026. Ladybird’s focus is on performance, stability and security. Check out their GitHub page for more.
What happened?
Mozilla recently rolled out some major changes to Firefox’s Terms of Use and Privacy Policy… changes that left many users scratching their heads. If you’ve been keeping an eye on tech news you know the headlines already: Mozilla’s new policies appear to roll back their commitment to privacy. If you want to know more about the specifics of these changes, read this article.
What might seem like a minor legal update makes it clear that Mozilla’s new changes seem to give them a lot more leeway with your data than before. The new terms now claim that by using Firefox, you automatically grant them a license to process anything you type into the browser, all under the guide of helping you navigate the web. While some outrage online might seem overblown, a lot of users have good reason to be skeptical, especially when they changed their FAQ to remove the reassurance that they will never sell your data:
I think a lot of the outrage people have expressed online is unfounded, or is misdirected. Before I get lynched by privacy purists, I agree that Mozilla is bad at communication and should be raked over the coals for how they made their announcement.
Mozilla’s original terms stated: “You give Mozilla all rights necessary to operate Firefox including processing data as we describe in the Firefox Privacy Notice as well as acting on your behalf to help you navigate the Internet. When you upload or input information through Firefox you hereby grant us a non-exclusive royalty free worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.” This is absurdly permissive, it basically means that anything you type or upload through Firefox could be used in ways even Mozilla can’t fully predict. After that, Mozilla tried to “clear up” the confusion by issuing a follow-up statement: “We’ve seen a little confusion about the language regarding licenses, so we want to clear that up.” Horrible.
It’s one of these situations where, in trying to hedge their bets to be in compliance with the California Consumer Privacy Act, they wound up putting the stupidest thing on there possible and shooting their own reputation in the foot.
If you ever doubt how badly a company has botched its PR, just check out archive.org. While I was piecing together what Mozilla had done, archive.org crashed while loading mozilla.org. That, my friends, is a clear sign that PR is panicking. It shows just how many people were desperate to see the “old” Mozilla site.
Here’s are some excerpts taken from the FAQ:
“Is Firefox free? Yep! The Firefox Browser is free. Super free, actually. No hidden costs or anything. You donโt pay anything to use it.”
“Is Firefox safe? Not only is Firefox safe to use, it also helps keep your data and private information safe. The Firefox Browser automatically locks known third party trackers, social media trackers, cryptominers and fingerprinters from collecting your data.”
Here’s the segment the FAQ used to have before it was changed:
“Does Firefox sell your personal data? Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise.”
Yet on the new, updated FAQ page that segment is nowhere to be found. That’s horrific PR if you don’t explain it very well and they did a very poor job of doing that/ Also, the changes went up before users were notified. This went up on February 25th as a change, yet the article was put up on February 26th. Furthermore it says that by using Firefox that you are accepting these terms of use. This means that many people were technically ‘agreeing’ to a terms of use that they had never seen before, that they were never notified of.
There is an indescribably pain I feel when I see open-source projects drive themselves deeper into the ground. After the backlash, Mozilla added an update to the article: โWe’ve seen a little confusion about the language regarding licenses so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it we couldn’t use information typed in a Firefox. For example it does not give us ownership of your data or the right to use it for anything other than what is described in the Privacy notice. You give Mozilla the rights necessary to operate Firefox, this includes processing your data as we described in the Firefox privacy notice. It also includes a non-exclusive royalty-free worldwide license for the purpose of doing as you request with the content you input into Firefox. This does not give Mozilla any ownership in that content.โ Why didn’t they write that in the first place?
The CCPA
To really understand what’s happening, you need to know a bit about the California Consumer Privacy Act (CCPA). In everyday terms we think of “selling data” as some nefarious act: peddling personal details to the highest bidder. You probably imagine it’s something like “Brendan Craven went to steamyvideos.com with a VPN because he lives in Belgium and tried to search for lewd, deepfake AI-generated Robin-Pattinson-lookalike videos or whatever the hell sick interests he may be into, and that they have the ability to sell that information so that anybody else can pay 50 cents and find out I was looking for Robin-Pattinson-lookalike deepfake videos. But legally the CCPA defines “selling” much more broadly. Under this law, “selling” doesn’t just mean exchanging data for cash:
โSell,โ โselling,โ โsale,โ or โsold,โ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.
“Valuable consideration” can mean anything from money to perks or even benefits that improve business relationships. This means that many of Mozilla’s existing practices, such as their search engine partnerships with Google, can technically fall under the definition of selling data. Even though Mozilla has always been upfront about these deals, the new terms risk blurring the lines. Mozilla now explains that the license is required to operate core functionalities in Firefox. They argue it doesn’t give them ownership of your data, it just lets them process it to help you navigate online. One has to wonder if this data exchange is legal under the CCPA, why does it feel so invasive?
Legal definitions are usually confusing, and purposely so, in many ways. When you read the detailed language in the CCPA you realize that what Mozilla calls “valuable consideration” might include things like the financial benefits they received from search deals or ad clicks. In short, while Mozilla insists your data is anonymized and aggregated, the fact remains that they’re benefiting from your interactions in many other ways. This isn’t new, it’s been happening for years. But with the updated terms, it’s now legally framed in a way that can allow even more data sharing in the future.
How does this work? We need to discuss the specifics of how Mozilla makes money with Firefox. A big part of their revenue comes from deals with search engines, especially Google. Every time you use Firefox, your search queries are sent along with a little “referrer” tag that tells Google you’re a Firefox user. Even if this data is anonymized, it’s still a form of data exchange that can be classified as a sale under the CCPA. Mozilla also runs sponsored content programs like Pocket Sponsored Stories which pop up on your New Tab page. They display paid website shortcuts, process search queries, even share de-identified interaction data with advertising partners. In their own words they claim this data is “aggregated and de-identified” before it’s shared. But even if your data isn’t directly linked to you, the very fact that Mozilla benefits from it means privacy has taken a backseat. The promise Mozilla made has now been watered down to unclear statements that leave the door open for future monetization. While Mozilla maintains all data sharing is done in a privacy-preserving manner, the approach they’ve chosen feels more like a legal shield than a genuine commitment to privacy.
All of this is why I believe that a lot of the outrage is misdirected. My outrage is focused on their communication. It is unacceptable that an organization that brings in tens of millions of dollars and pays their chief executive over $6 million a year does not have a PR team that can muster even a shred of common sense to figure out how to make statements to the public. That’s what’s truly unacceptable. The frustrations that Mozilla is going out there and selling your data directly… not true. Even their own Privacy Policy as it is written is not going to allow them to do that. Even if it’s conceded that the incompetence shown on Mozilla’s side is an indicator of trustworthiness, just switch to LibreWolf and you’ll be fine.
Complacency
Beyond the legal technicalities, the deeper issue here is complacency. Mozilla is displaying a corporate attitude that’s become alarmingly out of touch. When you see a company like this, flush with cash from partnerships and royalties and investments, you wonder if they even care about their users’ trust anymore.
As Louis Rossmann explains, money for nothing is a dangerous game: You eventually lose the drive to keep yourself grounded. For Mozilla, the influx of cash from search deals and investments has, in my opinion, created an environment where performance and user experience are no longer top priorities. Executives are raking in millions, with salaries that seem disproportionate to the value added to the actual product. I highly doubt Mitchell Baker has revolutionized browsers or open-source in a way that gives her claim to a $6 million a year slice from the Mozilla net profit pie. This financial cushion means Mozilla doesn’t feel the pressure to constantly innovate or listen to user concerns. They can afford to be sloppy with their communication, and users end up paying the price for this stupidity. Instead of striving for excellence and transparency, the company seems more interested in covering its legal bases and maintaining the status quo. This complacency is why, even when faced with opportunities to outdo their competitors at a pivotal moment in history for browsers (read: Google shifting to Manifest V3), Mozilla instead fumbled with poorly communicated policy changes.
This situation with Mozilla is not, as claimed, about a sudden and malicious plan to sell your data (although that’s not entirely off the table yet). It’s about a series of poor decisions, lack of clear communication, and a corporate structure that’s become stagnant, too comfortable in its current position to make the bold, important decisions that will keep it a force to be reckoned with. The technical and legal shifts in Firefox’s policies are emblematic of an entity that has lost its connection with its users. And when that happens, the natural response from all of us should be to hold these entities accountable, or failing that to look for alternatives that actually prioritize the privacy we deserve.
The timing of all this is impeccable. Google is moving over to Manifest V3 at the moment. This is being done to, as Google sees it, once and for all kill off ad blockers on Chrome. If Mozilla had their heads screwed on properly they’d have been able to pull off a great marketing stunt with this and defiantly kick back against Chrome’s behaviour. Instead what they decided to do is destroy their reputation and their users’ trust.
Final thoughts
This was a harsh lesson in how money can dull you, how it can erode the principles you once stood by, the principles that made great products… well, great. Firefox is still a very capable browser, but its reputation has taken a hit. This can only be mended through genuine, user-focused changes and continued commitment to those changes. For those who have neither time nor patience to sift through all of this… LibreWolf isn’t running away anytime soon (I hope).
As for me, I’m holding out for something better. Having said that, I think it might be time to jump ship. A browser is, after all, a service: It should work FOR you, not against you.