Mozilla promises to delete private data collected by Firefox fix and apologizes for add-on outage
A slip-up by Mozilla stopped Firefox add-ons from working last weekend, and the company issued a fix followed by an update to the browser to get things back to normal. Mozilla has now issued an apology, a detailed explanation about what happened, and made a promise to delete the private data collected by those who used the first fix.
The initial fix that was issued via Firefox's Studies system required users to enable telemetry. Many people have such data-collection options disabled for privacy reasons, and Mozilla says that it will delete any data that it collected for its entire user base.
- Mozilla issues new Firefox update to fix add-ons problems and warns users not to try dubious workarounds
- Mozilla explains why Firefox add-ons stopped working... and how to fix the problem
- Mozilla bans Firefox add-ons with obfuscated code
We already knew that the root cause of the add-ons problem was related to an issue with a security certificate, and Mozilla CTO Eric Rescorla provides a detailed explanation of exactly what happened in a post on the Mozilla Hacks blog.
In a separate post on the main Mozilla blog, Joe Hildebrand writes: "We strive to make Firefox a great experience. Last weekend we failed, and we're sorry". He goes on to provide a simpler explanation of what happened a week ago:
We've spent a great deal of time over the past few years coming up with ways to make add-ons safer and more secure. However, because add-ons are so powerful, we've also worked hard to build and deploy systems to protect you from malicious add-ons. The problem here was an implementation error in one such system, with the failure mode being that add-ons were disabled. Although we believe that the basic design of our add-ons system is sound, we will be working to refine these systems so similar problems do not occur in the future.
Hildebrand also issues assurances to anyone who might be concerned about private data collected by Firefox when the initial "emergency" fix was issued:
In order to address this issue as quickly as possible, we used our "Studies" system to deploy the initial fix, which requires users to be opted in to Telemetry. Some users who had opted out of Telemetry opted back in, in order to get the initial fix as soon as possible. As we announced in the Firefox Add-ons blog at 2019-05-08T23:28:00Z there is now no longer a need to have Studies on to receive updates anymore; please check that your settings match your personal preferences before we re-enable Studies, which will happen sometime after 2019-05-13T16:00:00Z. In order to respect our users' potential intentions as much as possible, based on our current set up, we will be deleting all of our source Telemetry and Studies data for our entire user population collected between 2019-05-04T11:00:00Z and 2019-05-11T11:00:00Z.
Mozilla also says that it will provide even more details about what happened. In a bid to win back user confidence, the company says that anything that comes up in the post mortem of the event will be made public.