Note that if you follow the blog post's link to https://wiki.mozilla.org/ADI it says "Mozilla measures Firefox usage by the number of Firefox installations that retrieve blocklist updates from Mozilla's servers each day."

The "blocklist" in turn links to https://wiki.mozilla.org/Blocklist which says the following at the top: "Blocklisting is the ability to disable errant add-ons, plugins, and other third-party software for Firefox users. For graphics drivers, please see this policy."

Note that Thunderbird also can send telemetry data to Mozilla for performance data reasons/etc. This is notified by an infobar at first-run or upgrade that says "Would you like to help improve Mozilla Thunderbird by automatically reporting memory usage, performance, and responsiveness to Mozilla? Learn More" and then has "Yes" and "No" buttons.

relevant disclaimers since this touches on privacy stuff: I work for the Mozilla Corporation. I also previously worked on Thunderbird.

Right, but the fact seems to remain that Thunderbird is phoning home in a way I can't obviously switch off (I use few extensions, and don't feel any need for such a blacklist) and that wasn't disclosed.

I did turn off telemetry when I first installed Thunderbird, as I do for all software on any device I use where I'm not intimately familiar with exactly what it's really doing.

The privacy policy at https://www.mozilla.org/en-US/thunderbird/legal/privacy/ (which is linked to from the about dialog and perhaps other places as well) does explicitly call out the blocklist at https://www.mozilla.org/en-US/thunderbird/legal/privacy/#blo... and includes a link telling you how to disable it, https://support.mozilla.org/en-US/kb/thunderbird-makes-unreq....

Of course, you may have installed Thunderbird prior to the privacy policy existing in that form with those details. The specific privacy policy is from Oct 11, 2011 and the subversion log at http://viewvc.svn.mozilla.org/vc/projects/mozilla.org/trunk/... suggests it was a newish thing, although I would expect a privacy policy likely existed in other forms prior to that, but that's the limits of my subversion-fu.

By quite a few years, and apparently I'm not the only one.

But that's really not the point anyway. Burying opt-out phone home behaviour in nothing but legalese small print is a dark pattern. Having no way to disable it without going into obscure parts of the UI that no normal user (or even normal power-user) is ever likely to find is also a dark pattern.

Again, I appreciate your taking the time to share the links, but this is still a screw-up if Mozilla are trying to convince people they care about privacy. I don't think anyone can effectively defend general purpose software that includes covert, opt-out surveillance in any form in 2015. It's not so much that this particular feature is causing clear harm -- maybe it really is just an innocent feature that happens to expose a user count as a side effect -- it's the principle that doing stuff behind your user's back is OK, in a world full of malware that does stuff that very much is not OK.

I agree that "Burying opt-out phone home behaviour in nothing but legalese small print is a dark pattern." But I think you're mis-characterizing this specific instance of the blocklist ping as "covert, opt-out surveillance" and the arguably fairly readable privacy policy as "legalese small print".

Specifically, I think the blocklist feature paragraph is quite good and not weasel-words. It explains:

- Tersely what/when/why Thunderbird does the blocklist ping: "Thunderbird also offers a Blocklist feature. With this feature, once a day Thunderbird does a regularly scheduled, automatic check to see if you have any harmful add-ons or plug-ins installed."

- What Thunderbird does with that information: "If so, this feature disables add-ons or plug-ins that Mozilla has determined contain known vulnerabilities or major user-facing issues or fatal bugs (e.g., Thunderbird crashes on startup or something causes an endless loop). You may view the current list of Blocklisted items."

- The information included in the blocklist ping: "This feature sends Non-Personal Information to Mozilla, including the version of Thunderbird you are using, operating system version, build ID and target, update channel, and your language preference. This feature also sends Potentially Personal Information to Mozilla in the form of your IP address and a cookie."

- What Mozilla does with the information (which is indeed not trivially obvious): "In addition, Mozilla also uses this feature to analyze Thunderbird usage patterns so we may improve our products and services, including planning features and capacity."

- A disclaimer about the lack of UI: "Currently there is no basic user interface to disable the Blocklist feature."

And then we have 2 more sentences:

- The link on disabling and why you wouldn't want to disable: "This feature can be disabled by following the instructions in this article. Disabling the Blocklist feature is not recommended as it may result in using extensions known to be untrustworthy."

And that was all of it.

In regards to the UI, if there had been a discussion about whether we should have a basic UI affordance for disabling the feature (there was not, to my knowledge), I think the bulk of the Thunderbird team would have argued against it because the risk to the user of rogue plugins/extensions was and continues to be serious. (Plugins probably more than extensions; Thunderbird tends to pick-up all the plugins that Firefox would see and most adware/malware implementors seemed otherwise unconcerned with Thunderbird.) Now if the checkbox also entirely disabled extensions and plugin loading, that could provide a safe trade-off for the user. But then we run into the whole "supported configuration problem". Every option adds new permutations that can lead to new failures, etc.

For a long time, I didn't even know Thunderbird had a privacy policy, and I've been using it for years. Why would anyone expect software they installed locally to need one? Thunderbird is a mail client, so why would they expect it to send data to anyone other than e-mails to their chosen recipients? And even if they knew the privacy policy existed, did anything suggest to them that they might want re-read that policy to find these changes when they were added? I assume the details were also on display in my local planning department in Alpha Centauri.

Incidentally, if you're reading this and thinking that I'm naive and/or over-reacting, you might want to stop and consider the company you're keeping. What other types of people use software that does things the user doesn't expect, collect data without advertising it, and make arguments about implied consent, the relevant disclosure being available somewhere hardly anyone will ever look, or how it's all done to improve the user's experience somehow? How many of those people do most of us like?

In any case, from both a practical and probably a legal perspective, anything that is not actively presented to a user is the electronic version of small print at best. You can rationalise this as much as you like, but the facts are:

1. Thunderbird is phoning home.

2. The user is not informed of this explicitly.

3. The user is certainly not actively giving their consent.

4. This still appears to be the case even if the user has explicitly opted out of sending telemetry when the software was first installed.

IMHO, any such policy is indefensible in 2015 if you want to be taken seriously as an organisation that protects privacy. This particular behaviour may be a minor infraction, but it's the general principle (and, frankly, your enthusiasm for defending it) that is of greater concern.

Edit:

the risk to the user of rogue plugins/extensions was and continues to be serious. (Plugins probably more than extensions; Thunderbird tends to pick-up all the plugins that Firefox would see and most adware/malware implementors seemed otherwise unconcerned with Thunderbird.)

WTF??!! Thunderbird is apparently automatically running a whole bunch of plug-ins that I only installed for Firefox and have long ago set (in Firefox) not to run automatically, or in some cases that I didn't even voluntarily install at all. None of these things have any business being in any sort of e-mail client at all. When and how the [multiple expletives deleted] did this happen? I thought you (generic 'you') were concerned about someone installing an extension that had a buggy update and caused a hang on start-up or something. The idea that someone could send, say, an HTML e-mail with something like Flash/Java/Silverlight embedded in it and have it run by default is moderately terrifying.

Also, Thunderbird permits neither JavaScript nor plugins to run in emails. It does permit plugins in cases such as displaying an RSS feed inline.

But I have eight plug-ins installed in Thunderbird, and some of them I don't even know what they do. Why does Google need an update plug-in that I never requested or gave permission for to be installed in Firefox and Thunderbird?

As long as it's phoning home to tell them that someone is using it, and not that I specifically am using it, I'm fine with that. From the description in the post it sounds like that's the case, and I generally trust Mozilla to Do The Right Thing™ in these cases, but if you're concerned you could monitor the ping to confirm what it does and doesn't send.

The problem may be due to a new feature in auto-complete that searches for matches that include the entered string, not just ones that match the beginning of address book fields, which was the old method.

When auto-complete shows multiple options, arrow down till you come to the correct one and then hit the Tab key. This will make sure you have the correct email address in your recipients list.

> it is more than a little creepy that Thunderbird is apparently phoning home every day to tell them I'm using it. Not cool, Mozilla.

You can opt-out if you like:

https://support.mozilla.org/en-US/kb/how-stop-firefox-automa...

Yes, I'm quite sure it is. At the same time, Thunderbird developed an infuriating habit of matching apparently arbitrary entries in my address book that had the letters I'm typing in there somewhere, with no logical priority order that I have been able to determine, and certainly not prioritising an address that exactly matches what I'm typing over half a dozen others that don't really look much like what I'm typing but apparently match according to whatever heuristics they are now using.

When auto-complete shows multiple options, arrow down till you come to the correct one and then hit the Tab key. This will make sure you have the correct email address in your recipients list.

No, it won't. Clearly that was the intention, but it doesn't work properly if you type/move too quickly. I suspect there is some sort of race condition where some autocomplete-related process is still searching for things if you hit tab too quickly and/or without moving down the list so you just get the default shown, and can then override what you thought you were explicitly selecting. (Again, if this had happened once or twice and I couldn't reproduce it I'd assume it was human error, but I've seen this way too many times to believe that by now.)

You can opt-out if you like:

I appreciate the link, but I'm not sure referring to a page that describes how to opt out of 14 different phone-home mechanisms for a different piece of Mozilla software is a great counter to concern over whether Thunderbird is doing creepy things behind its users' backs (however useful and/or well-intentioned those things may have been when some developer added them).

If you're going to claim to promote privacy, as Mozilla make a point of doing, then I believe you should start from a default policy of full disclosure and requiring opt-in. Anything less on either count and you damage your credibility, even if in reality you thought what you were doing was innocent and users wouldn't mind.

If you install the add-on MoreFunctionsForAddressBook, it will give you an option to match the beginning of address book fields.

https://freeshell.de//~kaosmos/morefunctionsforAB-TB3-0.7.1....