On 13 December 2017 at 18:23, Gervase Markham via governance < governance@lists.mozilla.org> wrote:
> Hi Joe, > > On 09/12/17 17:20, Joe Smith wrote: > > I wanted to express my thoughts over Firefox. Firefox may be a great > > browser especially with the new browser that has been released but there > is > > something that violates the term "Free (as in freedom, not beer) and Open > > Source", is the fact that Firefox does not allow users to use the cloud > > features such as sync etc if the user is below 13 years old. > > I haven't consulted our legal team, but the reason for this is probably: > https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act > I'm not a lawyer, but I do work on Firefox Accounts and Sync and am cc'ing this thread to the relevant dev mailing list. I can confirm that compliance with laws such as the above is the reason for this restriction. The implementation of this age restriction follows some pretty specific instructions from our legal team, since (as I understand it) the details of ensuring compliance are surprisingly complicated. I'd personally love not to have this restriction, but I trust our lawyers when they tell us that we need it. > > If a software claims to be a "free and open source software", why does > > Firefox violate that principle by preventing users from doing something. > > It's not actually Firefox itself, it's the remote services which have > these conditions attached. If you can find some, you are welcome to > install addons or use websites via Firefox which do not have such > restrictions. A server running open source software does not mean it is > required that the server operators permit everyone to use the server. > To pile on to this point, the code for all the Firefox cloud services is open-source, and I know some users are successfully self-hosting these services for a variety of reasons, following guides such as: https://mozilla-services.readthedocs.io/en/latest/howtos/run-fxa.html We could probably invest more heavily in this area than we do right now, but it's definitely possible. > > > Also may I suggest if a user wanted to use the cloud features, why > doesn't > > it use end-to-end encryption? > > What makes you think that it doesn't? > In the specific case of Firefox Sync, you can read about how we use client-side encryption in this post and the tech docs it links to: https://blog.mozilla.org/services/2014/04/30/firefox-syncs-new-security-model/ So yeah, the answer here is very much "we do" :-) Cheers, Ryan _______________________________________________ governance mailing list governance@lists.mozilla.org https://lists.mozilla.org/listinfo/governance
