Except they aren't harvesting personal information, nor is it without knowledge or consent. You are just spouting FUD.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Notice PingSender.exe on Your OS after FireFox
- Thread starter FrgMstr
- Start date
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
I am the author of the pingsender executable and I'd like to shed some light on it since there seems to be quite a few misconceptions. First of all the pingsender doesn't send any data that Firefox wouldn't normally send. It's just a minimalist tool that can be used to relay telemetry data when Firefox can't do it on its own which boils down to two scenarios: after Firefox crashed or when it's shutting down. Telemetry in Firefox is disabled by default and requires you to explicitly opt-in, it does not contain any privacy-sensitive data and it's mainly made of performance measurements that we use to improve Firefox. Furthermore it's anonymized and automatically deleted after 6 months. It is also completely transparent: all the data that's been gathered is visible under the about:telemetry page.
In the coming releases telemetry will be essentially restricted to nightly/beta versions with only a subset of it available in release builds. This subset which we used to call the Firefox Health Report is enabled by default, but only contains data about crashes (and stability in general) and core performance metrics (such as how long Firefox would take to start).
To those suggesting we could sell this data I can only say that it's not only commercially worthless (being non-privacy sensitive and anonymous) but it's also publicly available here https://telemetry.mozilla.org/ and here https://sql.telemetry.mozilla.org/
As for standing for the users, that's what we do, which is why we go to these extreme lengths to ensure that our telemetry practices are fully transparent and also entirely optional. On the other hand try asking Google/Microsoft/Apple/Facebook/etc... what they do gather and what they do with it.
Firefox does a good job at safeguarding your privacy when browsing - especially with tracking protection enabled - but if you really do care about privacy I suggest using the Tor Browser instead (which BTW is a fork of Firefox we've been actively cooperating with).
In the coming releases telemetry will be essentially restricted to nightly/beta versions with only a subset of it available in release builds. This subset which we used to call the Firefox Health Report is enabled by default, but only contains data about crashes (and stability in general) and core performance metrics (such as how long Firefox would take to start).
To those suggesting we could sell this data I can only say that it's not only commercially worthless (being non-privacy sensitive and anonymous) but it's also publicly available here https://telemetry.mozilla.org/ and here https://sql.telemetry.mozilla.org/
As for standing for the users, that's what we do, which is why we go to these extreme lengths to ensure that our telemetry practices are fully transparent and also entirely optional. On the other hand try asking Google/Microsoft/Apple/Facebook/etc... what they do gather and what they do with it.
Firefox does a good job at safeguarding your privacy when browsing - especially with tracking protection enabled - but if you really do care about privacy I suggest using the Tor Browser instead (which BTW is a fork of Firefox we've been actively cooperating with).
You say it's opt-in(funny how so many people seem to have it running...), but then in the next paragraph state that the health report is going to be enabled by default? That's not opt-in, that's opt-out.
On top of that is the matter of, can your software be trusted when phoning home to only actually be sending the data presented on the telemetry.mozilla.org site(no), and furthermore glancing at the about:telemetry page(which isn't exactly broadly advertised) in FF56...
I see a tracking ID, a list of addons, my default search engine, and a bunch of other info.
but you don't understand you opted to install the program thus you opted in. You misunderstood what is meant by opt in and that means that you decide to turn it on. Simple enough mistake to make.
https://betanews.com/2017/08/24/mozilla-firefox-telemetry-privacy/
maybe you missed a memo but this data is now opt out and not opt in as somebody on the Firefox team decided they didn't like that they couldn't see what sites all users where going to as they felt not enough people were deciding to opt in to give such data.
lilbabycat
2[H]4U
- Joined
- Jun 21, 2011
- Messages
- 3,810
D
Deleted member 245375
Guest
You can delete the following files from a Firefox installation (or portable which is all I ever use) without any issues:
maintenanceservice.exe
maintenanceservice_installer.exe
pingsender.exe
maintenanceservice.exe
maintenanceservice_installer.exe
pingsender.exe
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
Extended telemetry is opt-in (in fact starting from Firefox 56 it's off by default IIRC and cannot be enabled unless you edit the prefs by hand), FHR is opt-out. FHR contains a very small fraction of the information contained in telemetry and it's used exclusively for diagnosing stability issues.
Of course it can be verified, it's fully documented and all the code is available. In fact we have tests specifically made to ensure that no data can be sent unless it's been reviewed and approved as being non-privacy sensitive. See for yourself:
http://foxdocs.org/toolkit/components/telemetry/telemetry/index.html
http://searchfox.org/mozilla-central/source/toolkit/components/telemetry
This is extended telemetry which is off by default. The id you see on the "General data" page cannot be used for tracking because it's different for every installation and profile. If you have two Firefox installations, even on the same machine and even using the same user as your Firefox account they will have two different telemetry ids. It's there to allow us to delete your telemetry if you had opted in to extended telemetry and you decided to opt out; the id is sent to our servers and all the recorded telemetry tagged with it is removed. Furthermore that id is not included in any other type of data (such as crash reports or Firefox accounts) to prevent anybody from being able to correlate telemetry to users. We really do go to great lengths to ensure that your privacy is respected, it's no joke for us.
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
No, extended telemetry is opt-in and now off-by-default on release versions, FHR is opt-out.
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
Nope. That mentions a study that hasn't even started, not even on Firefox nightly, let alone on release, see the relevant bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1386566
Furthermore the only current motivation for it is to figure out how many sites are still using Flash so that we know when to kill it for good: https://bugzilla.mozilla.org/show_bug.cgi?id=1381595
Check the main bug if you don't believe me: https://bugzilla.mozilla.org/show_bug.cgi?id=1379180
Last but not least, if that becomes a thing (not a given since the study hasn't even started) and it's actually deployed in a release version it cannot be used to tell if a user has visited a specific site because the data is deliberately polluted to prevent that from happening. The only information it provides is statistical, as in "5% of Firefox users visited hardocp.com in the past week".
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
There's an easier way to disable the maintenance service: https://support.mozilla.org/en-US/kb/what-mozilla-maintenance-service
The practical effect of turning it of (or removing it) is that Windows will popup the UAC prompt when updating Firefox since background updates will be disabled.
That doesn't stop telemetry from being sent, if you want to turn off telemetry you can do it from the preferences: https://support.mozilla.org/en-US/kb/share-telemetry-data-mozilla-help-improve-firefox
That being said extended telemetry used to be opt-in but is now off-by-default in Firefox 56 (i.e. you cannot enable it from the pref unless you go fiddle in about:config). The chances that you have it on are very slim unless you deliberately turned it on before Firefox 56. The only thing that can be easily enabled in Firefox 56 is the FHR (i.e. stability & performance data only).
Yet the machine that I checked the other day was not one that I opted-in on, intentionally went out of my way to enable telemetry, or anything of the sort. All I did was start firefox on that system, update it from 54 to 56, and then check the about:telemetry page I first saw in your post.
So you can't even make up your mind here? In the same sentence you claim that the extended telemetry is opt-in(I'd still like to know when I somehow opted-in for it on that machine), but there's still telemetry data(FHR) that is opt-out.
You can try to spin this all you want, whoever you are, but if telemetry is on by default then it's on by default.
In other words, it IS a unique identifier that can be used to track users and you specifically do use it to track users so you can supposedly delete their data if they opt out after the fact that they somehow mysteriously opted in to have all their data sent back.
I'm supposed to trust that some third party who won't admit that a unique identifier can be used to do anything other than identify that my data belongs me(which is the whole point), will actually delete my data if I request it? Bullshit.
But you are wrong. Going to the page that you gave use above on how to turn stuff on by default on an install that nobody has ever touched to turn on anything extra firefox is sending data back and making you part of studies.
What is on that page is the default setting. Technical and interactive data along with any thing that firefox wants to install and run behind the scene for data collection are on. Thus they are opt-out. The only opt-in option that uses have is do you want to send a crash report. Everything else is being done without the user's content. Now I will give you the benefit of the doubt and maybe you are just doing a terrible job trying to use words to explain what you are trying to. However from where we all stand, you are pissing on us and trying to tell us that it is raining out and then getting upset that we are watching you piss on us and calling you out on it. It could also be raining but that doesn't change that fact that you are still pissing on us. We are referring the fact that there is a check box there by default, to which you are trying to tell us isn't there and that we don't see.
The collection of data of any type period IS on by default. If this is all data or only half if it is irrelevant to the discussion. Our point is that there is data being collected that we did not ask to be turned on. No matter what the reason it is still being collected. Don't care if it helps determine that 5% of users go to a site or that people are still using flash sites. If you don't ask people if they want to give you that information you are still forcing them into it without their knowledge and having them have to go turn the feature off.
Sending cpu type, vivaldi version used, screen resolution, and anonymous id. As for the first part of the ip, ok sure get a general geographic location - middle/west of the US.
I like that it's all spelled out tbh
At some point, there will be a consumer push (or a lawmaker push) which will force software companies to SHOW when data is being transmitter and to whom it is being sent. A pop up window with a message, e.g., "Google.exe wants to send your browsing history to google.com: can it? Yes/No." After users see floods of these messages, then that consumer exploitation will be slowed down.
Really, all these data-mining routines need to be shown...every time they are being used.
Edited to add: This is, to me, similar to the abuse of telephone solicitations and what was done when that industry failed to self-regulate.
Really, all these data-mining routines need to be shown...every time they are being used.
Edited to add: This is, to me, similar to the abuse of telephone solicitations and what was done when that industry failed to self-regulate.
Last edited:
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
All this bitching and moaning about FF sending telemetry data when most of you are running an OS that sends telemetry data that's far more invasive with no way to opt out whatsoever and, unlike FF, doesn't inform you as to what is being sent....
WTF?!
WTF?!
oopspowsurprise
Weaksauce
- Joined
- Jan 21, 2012
- Messages
- 111
With the Comodo firewall, I've seen the popup about pingsender wanting to connect to the Internet. I just deny it access to the Internet.
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
about:telemetry contains the telemetry data stored in the browser, that doesn't mean it has been sent. If you have never opted in into extended telemetry then that data was never sent.
FHR is opt-in, it's not on by default. When you first start Firefox on a fresh installation you're presented with a "Choose what I share" toolbar, like this one:
Clicking on it opens up the data choices preferences where you now only have the FHR button which is checked by default. Until you do that and restart the browser all telemetry is off. If you don't you'll get the same toolbar every time you start Firefox and all forms of telemetry will stay off.
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
To track a user you need to correlate that id with something that identifies that user, such as an IP address, e-mail or some other privacy-sensitive data. Nothing of that sort is gathered so the only one who can track anybody is you, because you're the only one who knows which telemetry ID your Firefox installation is using. Additionally if you have multiple Firefox installations, or multiple profiles, they will all have different IDs which makes it impossible to correlate the data even between them. Furthermore that ID is not stored anywhere else and tracking IDs are used to track a user across different web sites, services, etc... If an ID is present only within one dataset it's not a tracking ID by definition.
"The whole point" of a tracking ID is not to identify which data belongs to you, it's to identify you as you move through separate services and datasets. That's why it's called "tracking", it's used to track you. If you consider "identifying which data belongs to me" as the definition of a tracking ID then by your definition your e-mail address is a tracking ID because it's used to identify which e-mails belong to you on a mail server. Likewise is your handle on this forum because it's used to identify which posts you made.
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
It's not done without the user consent, the FHR is not enabled until you click on the "Choose What I Share" button as I've shown above that brings you directly to this page. Every fresh Firefox installation goes through that and it's been enabled since the introduction of telemetry. Shield studies are installed automatically but they never start without the user consent. If a user is chosen for one he is presented with a page like this one:But you are wrong. Going to the page that you gave use above on how to turn stuff on by default on an install that nobody has ever touched to turn on anything extra firefox is sending data back and making you part of studies.
What is on that page is the default setting. Technical and interactive data along with any thing that firefox wants to install and run behind the scene for data collection are on. Thus they are opt-out. The only opt-in option that uses have is do you want to send a crash report. Everything else is being done without the user's content.
It gives detailed instructions on what is happening and how to opt out, and it's very hard to miss since it's the first window that gets shown and the study does not start until you click "Start Now" and restart the browser so that you get the chance to opt out before anything happens.
That premise is false, in every fresh Firefox installation the data choice is shown upon launch no data is gathered before you get to see it and restart your browser. That being said there are people here that mistakenly suggested deleting pingsender to stop telemetry and I explicitly pointed out that doesn't stop telemetry and explained how to actually turn it off. Do you call that pissing on your head?
Except that it was not done without the user knowledge, it's always explicitly shown.
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
My default FF telemetry settings, I haven't changed thing:
It's not done without the user consent, the FHR is not enabled until you click on the "Choose What I Share" button as I've shown above that brings you directly to this page. Every fresh Firefox installation goes through that and it's been enabled since the introduction of telemetry. Shield studies are installed automatically but they never start without the user consent. If a user is chosen for one he is presented with a page like this one:
It gives detailed instructions on what is happening and how to opt out, and it's very hard to miss since it's the first window that gets shown and the study does not start until you click "Start Now" and restart the browser so that you get the chance to opt out before anything happens.
That premise is false, in every fresh Firefox installation the data choice is shown upon launch no data is gathered before you get to see it and restart your browser. That being said there are people here that mistakenly suggested deleting pingsender to stop telemetry and I explicitly pointed out that doesn't stop telemetry and explained how to actually turn it off. Do you call that pissing on your head?
Except that it was not done without the user knowledge, it's always explicitly shown.
Never once seen that screen. Honestly I rarely use Firefox so I am pretty sure I jumped up 12 releases when I opened it to see what everyone here was talking about. So this doesn't effect me since I might open Firefox 3 times a year. And actually watching it kill the first computer I opened it on by using up 100% of the CPU and memory to run a bunch of crap in the background trying to talk to Google is part of the reason why I avoid the program. So I have installed it about 3 or 4 years ago on most machines in the event that I need it. Somewhere through the upgrades over the years those got checked without me clicking on the choose what to share or having been given a screen like that telling me to go to about:addons. The fact that multiple people here are saying that we have had installs for years and see this checked and you are telling us that we are full of shit and turned that on just to tell you that it is on by default, yes I will call that you pissing on our heads. Maybe new clean fresh installs don't have that on but I can't confirm that as I just uninstalled Firefox and reinstalled it and the setting is still checked. So uninstalling the program doesn't appear to actually remove all the files to give me a true clean install and I don't feel like going through everything by hand to full remove the program to prove or disprove anything.
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
So you had an issue three or four years ago and now FF is shit, even though that was three or four years ago!
That's right up there with Linux was shit twenty years ago, so it's still shit now!
Come off it, you're arguing for the sake of arguing, you lost this little battle.
lilbabycat
2[H]4U
- Joined
- Jun 21, 2011
- Messages
- 3,810
NSA and Google (among others) have those things and your "innocent" unique ID is just another vector for their tool set.
I think you misread something there. I INSTALLED this copy of firefox 3 or 4 years ago. I have had issues with Firefox and its performance for 14 years. (or however long it has been around). Back in the days of v2 and 3 it suffered from horrible memory leaks where if you had it open for a little while it would just eat up all your memory resulting in a restart every few hours. This was normal behavior for many people. Over time as computers got faster and faster and people started to have more and more memory the slow leak meant less and less as suddenly that 200Mbs the program was trying to use after 3 hours wasn't more RAM than you had in your system so you didn't notice it was much. Some people have had no issues, others have noticed all types of issues with performance. Some people just dealt with them and knew don't leave Firefox open overnight when you leave work with 20 tabs open otherwise your computer will be out of resources come morning. And just dealt with the issues. Due to these issues I have only ever used Firefox on my machine when I have a site that I need to access that won't open in anything else correctly, which in this day and age is less and less of an issue. If anything I have more trouble with stuff running in Firefox than I have that requires it. As I said, when this thread was posted I selected one computer that I had access to that had firefox installed on it and started it up to see what everyone was talking about. Suddenly that computer got really really slow. So I launched task manager to see what was going on and seen about 10 processes using up all the CPU referencing a long file name with googl as part of it running from the firefox folder. As soon as I closed out of firefox once I looked up what Privacy setting I has set suddenly the computer went back to normal behavior.
That said, that is just why I don't choice to use it as my day to day browser of choice and has no barring on if a setting is enabled or not. I might drive a Chevy as my daily car but if I get behind the wheel of a Ford one day and the door falls off when I go to open it, the door still fell off. Just the same, if I don't use a browser day in and day out, a setting being checked when I do use it is still a setting checked.
I am not trying to argue for the sake of arguing. I am however trying to drive a point home for no other reason that the user base is being called a bunch of liars. Had the response to this thread by a part of the team not been, fuck all of you lying pieces of shit that isn't how any of that works and stop spreading lies, I wouldn't have posted anything more than my joke comments about how to understand PR BS. But as soon as it turned into a call out of what people are seeing I decided to keep pushing. Because regardless if it is the intended behavior or unintended behavior that is the behavior that people are seeing. We see stuff checked without going through screens that supposedly are the only way to get these things checked.
It's actually kind of funny if you think about it. We have no reason to believe this Gabriele Svelto is really who they claim to be, what their relationship with the dev team is, or anything of the sort. What this person has done, is call out people as liars as if we have something to gain from complaining about FF's data collection when we don't use the thing.
For all we know, this person could have nothing to do with FF, and could very well only be posting for the sake of riling up negative posts(which they've kind of succeeded at) about FF.
BulletDust
Supreme [H]ardness
- Joined
- Feb 17, 2016
- Messages
- 6,057
Ok, so the solution is to uninstall, then re-install firefox in the event some older version was opt-out? Wonderful
No, the problem was 100% your fault.
At one stage, you 'opted into' telemetry and simply upgrading FF does not opt you out. Furthermore, we can see what FF are sending, we cannot 'see' what your fav OS is sending back to MS, yet you seem fine with that in some outrageous form of spinelessness.
So on an installation of a previous version, where I would have just hit next next next etc. during the installer, there may have been a box checked that I didn't notice, for telemetry?
If the box is pre-checked, that's not opt-in.
For shits and giggles I just downloaded https://ftp.mozilla.org/pub/firefox/releases/50.0/win64/en-US/
Why download an older version? To prove my point that firefox was collecting telemetry as opt-out.
Oh look at that,is IS collecting data by default. Well, let's update to the latest firefox and see if it's still opt-out.
So not only was firefox previously using an opt-out scheme for data collection, when I updated from 50 to 56 it actually by default included MORE garbage for this installation and running of "studies" by default that I the user need to opt-out from without being told of this whatsoever.
If they were concerned about doing the right thing, they'd have turned that crap off on update and then asked users to opt-in. I have no reason to sit here and lie about firefox, if Google, MS, or some other developer were paying me that'd be awesome but they aren't.
Anyone else can can whatever version of firefox they want from mozilla's public FTP just like I did, and check the same damned thing on their own system. Gabriele Svelto is a liar and got caught.
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
Let's go back to my first post:
See, that's exactly what your picture above shows. Telemetry button not checked, FHR checked so I'd like you to tell me what I lied about. I'm really not sure what you're arguing against anymore; I've tried to be helpful because there were people on the thread that wanted to turn off telemetry but were erroneously deleting pingsender instead and I pointed them out to the proper way to turn off telemetry. Also, I've never called anybody a liar, as you claim, and added links to prove every one of my claims.
Gabriele Svelto
n00b
- Joined
- Oct 20, 2017
- Messages
- 10
Could you point out the exact post in which I've insulted you or anybody else, or called anybody a liar, please?
D
Deleted member 245375
Guest
Telemetry is defined as any data collected from the user's usage of the product and transmitted back to the manufacturer of the product, period. Firefox by default has been collecting telemetry and sending it for years now and most folks just accept it - the Health report qualifies as telemetry, for the record - and this is all well known up to this point by most of us that have been paying attention. If you start up any piece of software and it connects to the company that manufactured it for any reason, guess what, they're collecting telemetry.
And you're still sitting here lying.
It's either collecting data or it isn't. In this instance it is, and by default. Telling people repeatedly that it's "opt-in" when anyone can install a version and check for themselves that it's opt-out is insulting, and the fact that you have the gall to continue lying to us while even agreeing with what I showed in the screenshots is disgusting. That really is the definition of pissing on someone and telling them it's raining... piss.
Not using words directly is not different than not using them. When myself and others post pictures showing that the boxes for "Allow Firefox to automatically send technical and interactive data to Mozilla" and "Allow Firefox to install and run studies" are checked without us checking them you keep coming back and telling us that no they aren't. By repeatedly telling us that we are not seeing what we are seeing that is calling us liars. That the only way any of those 3 boxes are checked is if we checked them ourselves as under no circumstance would any of those boxes be checked and that if we did check them that there is still a super secret hidden 4th check box to add in even more data. At the same time you keep going in circles about what is and isn't actually supposed to be checked. You say looking at that picture that telemetry isn't checked and that whatever FHR is checked. As other pointed out above telemetry is any data being sent. So sending a report of how long the software takes to load and any other information is telemetry. On top of that the only box NOT checked is the one in regards to crashes which is what you make FHR sound like it is for. The one that IS checked is the one to send whatever data firefox wants and to allow it to install its own add-ons.
I even said before that I was willing to give you the benefit of the doubt that you were trying to explain something and just doing a terrible job of trying to get your actual meaning across but after awhile telling people over and over again that they are wrong about what they see and trying to correct what is obviously being seen is insulting them.
Now yes, people might have been trying incorrectly to turn off a feature, but that doesn't change that you keep saying yourself that something is being sent back without the user's consent while also trying to say that nothing is checked or on by default. You are changing the meaning of the word telemetry so that you can say that it isn't on. If you watch the series Red vs Blue a running joke in the show is that a character named Donut isn't wearing pink armor it is lightish red. Every time somebody calls his armor pink he would correct them that he wasn't given pink armor it is just lightish red. That is basically what your comments here have been like.