incoming.telemetry.mozilla.org [solved: sanitize profile\datareporting]

[Obegg]

I use Pi-Hole and I noticed that the incoming.telemetry.mozilla.org URL is being blocked:

This raises the question - why it's there in the first place?
I already use arkenfox and on top of that - in about:telemetry#raw-payload-tab there's nothing.
So now I'm even more confused, while there's no telemetry in about:telemetry, my Pi-Hole says my IP (this PC) is trying to contact incoming.telemetry.mozilla.org.

Clarification 1: This is a fresh install of Windows with only Mozilla Firefox + arkenfox.
Clarification 2: My DNS is Pi-Hole.

Any ideas?

[rusty-snake]

Everytime or just once? If it is just once it could be the installer.

Anyway, requesting the DNS record is not a privacy issue. Maybe it just does the DNS query unconditionally, IDK.

[Obegg]

Everytime or just once? If it is just once it could be the installer.

Every time I open Firefox.

[silverwings15]

i'd also like a technical answer if possible, instead of the usual handwaving and outright dismissal we tend to see

[Obegg]

By the way, you can also test it yourself by using DNSQuerySniffer

[Thorin-Oakenpants]

instead of the usual handwaving and outright dismissal

this ties into #1660 . Please don't describe my contributions and time on this as handwaving and outright dismissal, thank you. That really kinda offends me.

I get that some users want a "quiet" fox ... but I am concerned here with actual privacy issues, and a AFAIK (but will always check) is that there really are none (more discussion can be held on the other issue). That said the current state of arkenfox, using the master switch for telemetry and some extras, should cover anything of "concern" for those who want peace of mind.

---

Obegg .. on a new profile, before arkenfox has been added and applied, some telemetry can be collected. I tend to use portable windows versions and after setting up I remove everything manually - e.g. about:telemetry should have nothing, and with FF closed you can empty profile\datareporting, profile\crashes

• that said we do block sending backdated telemetry
• and you already checked :) 👍

There is also pingsender, which is a scheduled task on windows. From memory it uses the last setting read, so multiple profiles can affect it (it's all a bit hazy TBH) - https://docs.telemetry.mozilla.org/datasets/pings - not even sure what the endpoint is

If all it is doing is a DNS lookup, then there is nothing to even look at here - as @rusty-snake says ... "Maybe it just does the DNS query unconditionally, IDK". I wonder if Librewolf exhibits this, since they build with the disable telemetry flag.

Leaving open for now, but I honestly don't see anything for me to do here

[Thorin-Oakenpants]

maybe don't block it and inspect the payload if there is anything sent?

[Obegg]

This is interesting, it appears deleting the profile\datareporting folder does fix it.

that said we do block sending backdated telemetry

So... I guess I will be the only one who knows about it and fixes it....

scheduled task

Yes, I think the two are related, I did some tests and found out the following:
(Before installing Firefox) I add the policies that disables those scheduled tasks from being created:

if ((Test-Path -Path 'HKLM:\SOFTWARE\Policies\Mozilla\Firefox') -ne $true) {
    New-Item 'HKLM:\SOFTWARE\Policies\Mozilla\Firefox' -Force 
}
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Mozilla\Firefox' -Name 'DisableDefaultBrowserAgent' -Value 1 -PropertyType DWord -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Mozilla\Firefox' -Name 'BackgroundAppUpdate' -Value 0 -PropertyType DWord -Force

Now I install Firefox:

(New-Object System.Net.WebClient).DownloadFile('https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-US', "$env:TEMP\firefox.exe")
Start-Process $env:TEMP\firefox.exe -ArgumentList '/S' -Wait

(Open Firefox here, apply arkenfox)
and even if those scheduled tasks are created I delete them:

if ((Test-Path -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla') -eq $true) {
    Unregister-ScheduledTask -TaskName 'Firefox Background Update*' -Confirm:$false
    Unregister-ScheduledTask -TaskName 'Firefox Default Browser Agent*' -Confirm:$false
    $scheduleObject = New-Object -ComObject Schedule.Service
    $scheduleObject.connect()
    $rootFolder = $scheduleObject.GetFolder('\')
    $rootFolder.DeleteFolder('Mozilla', $null)
    Remove-Item -Path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla' -Force -Recurse -ErrorAction SilentlyContinue
}

This stops incoming.telemetry.mozilla.org even without deleting profile\datareporting folder.

But it also appears that by simply deleting profile\datareporting folder (without policy changes and scheduled tasks deleting) it also stops incoming.telemetry.mozilla.org, but I don't know for how long it will be stopped for (because don't forget - the scheduled tasks still exists)

I leave this information to you, maybe you will find a way to stop incoming.telemetry.mozilla.org for the rest of the users.

[Thorin-Oakenpants]

maybe you will find a way to stop incoming.telemetry.mozilla.org for the rest of the users

since I don't consider this a privacy issue, I'm not going to do anything else

profile\datareporting will rebuild itself, but of course contain nothing to send and not collect anything once AF is applied. then again, if it did have something I would have expected it to show something in about:telemetry - IDK, not really interested in the engineering - maybe the "ping" folder is treated differently :)

[Thorin-Oakenpants]

PS: let us know it it returns :)