Firefox sends your usage data, interaction metrics, and keystrokes to Mozilla by default. You can turn it off, but most people won't. The 'privacy browser' starts collecting data before you've changed a single setting. Google pays Mozilla $400-485M per year to be Firefox's default search engine. That's 86% of Mozilla's revenue. The 'privacy browser' is funded by the world's largest ad company. Firefox can't bite the hand that feeds it.
What they claim: Mozilla positions Firefox as 'the browser that respects your privacy'
What we found: Firefox ships with telemetry enabled by default. It sends technical data, interaction data, and crash reports to Mozilla. The Glean SDK collects usage metrics. Firefox Suggest sends keystrokes to Mozilla's Merino backend. Mozilla's privacy notice reserves the right to use data for 'developing and improving products.' Opt-out, not opt-in.
What they claim: Mozilla champions an 'open and accessible internet' free from surveillance
What we found: In 2024, Mozilla acquired Anonym, an ad tech company. They then added Privacy Preserving Attribution (PPA) — an ad measurement system — to Firefox, enabled by default without user consent. noyb filed a GDPR complaint with the Austrian DPA. The community backlash was severe. Mozilla went from blocking ads to building ad tech.
What they claim: Firefox uses DNS-over-HTTPS to protect your DNS queries from snooping
What we found: In the US, Firefox routes all DNS queries through Cloudflare by default. This means Cloudflare — a US company subject to the CLOUD Act — sees every domain you visit. You've replaced your ISP seeing your DNS with a US tech company seeing your DNS. The privacy gain is debatable; the jurisdiction shift is real.
What they claim: Mozilla is a nonprofit foundation building a browser 'for people, not profit'
What we found: 86% of Mozilla's revenue ($400-485M/year) comes from a single Google search deal. Google pays Mozilla to be the default search engine in Firefox. Mozilla's survival depends on the world's largest advertising company. This creates a structural conflict: Firefox can't block Google tracking too aggressively without risking the deal that funds its existence.
What they claim: Firefox uses Enhanced Tracking Protection to block trackers and fingerprinting
What we found: Firefox's tracking protection is blacklist-based — it only blocks known trackers on a list. Safari's Intelligent Tracking Prevention uses a blanket algorithmic approach that blocks unknown trackers too. New tracking domains that aren't on Firefox's list get through. Firefox also allows third-party cookies by default in 'Balanced' mode.
What they claim: Mozilla's February 2025 Terms of Use gave Mozilla a 'worldwide license' to user data
What we found: The original wording stated Mozilla receives 'a worldwide, royalty-free, non-exclusive license to use content you input, upload, or store in Firefox.' After massive backlash, Mozilla rewrote the terms within days, clarifying they meant technical permission to process data for sync/services. But the original drafting revealed how Mozilla's legal team thinks about user data.
What they claim: Mozilla is a nonprofit committed to transparency and community governance
What we found: Mozilla Foundation CEO compensation exceeded $6.9M. Mozilla holds $1B+ in reserves while Firefox market share declines below 3%. The Mr. Robot extension was silently installed in Firefox in 2017 without user consent as a marketing tie-in. Mozilla's IRS audit resulted in a $1.5M settlement.