A Mozilla spokesperson has denied a report from German newspaper Deutschlandfunk that the Foundation is collecting personal user data from iOS devices running Firefox Klar, the German version of Firefox Focus, a new privacy-focused browser launched last year.
The accusations were made in an interview with Deutschlandfunk by German security researcher Peter Welchering, who said Mozilla was collecting personal user details and then sending the data to a third-party, a local German data aggregation company named Adjust GmbH.
The researcher says the data collection feature is disguised under the "Send anonymous usage data" option in the browser's settings section, which comes enabled by default for all new users.
Welchering and another researcher, Hermann Sauer, said they analyzed the app and discovered that some of this data sent to Adjust is not anonymized and includes personal user details.
The two have not specified in depth what exact details the browser collects, which makes their accusations look a little bit shallow, but were adamant "the collection of personal user data is quite extensive" (translated text).
In a support page detailing data collection practices on mobile devices, Mozilla openly disclosed when and what data it collects from users. Mozilla even disclosed its relation with Adjust, admitting that all data is sent and saved to Adjust's backend, and not Mozilla's.
According to Mozilla, Firefox Focus includes the Adjust SDK, and this SDK is also included with Firefox for Android, Firefox for iOS, and Firefox Klar, the German version of Firefox Focus.
According to Mozilla's support page, the only somewhat "personal" details the SDK collects is the user's IP address at installation time. The rest is the type of data you'd expect, and we've seen other software products collect in the past, with a focus on how users interact with the apps.
German blogger Günter Born has thrown fuel on conspiracy theories that Mozilla was doing something shady when he pointed out that Mozilla's announcement for Firefox Focus included an image that was cut off right above the data collection feature, as to hide it, which was enabled by default.
Mozilla launched Firefox Focus in mid-November 2016 as a bare bone browser that comes with default features that blocked ad trackers, analytics trackers, and social media tracking code. Firefox Focus is currently available only for iOS devices.
Bleeping Computer has reached out to Mozilla for comment on the accusations and a Mozilla spokesperson said the German newspaper's report contained major factual errors.
"Like most web browsers, Klar keeps a local copy of your browsing history during a browsing session. [...] This browsing history does not get sent to Mozilla or Adjust through the Adjust SDK," Mozilla says.
"To deliver great products for our users, we need to understand how our product is working and how successful we are. The Adjust SDK allows us to measure installations and interactions with the browser," the spokesperson added.
Regarding on the reasons why Mozilla is collecting user data, the organization said that "Klar as a browser is a new product with the need for early market fit validation. We decided to take an opt-out approach to gain insight from a diverse group of users about their first interactions with the product. We believe such approach helps us gather usage information as unbiased as possible to really understand how Focus is being used and consequently can be improved."
The fact that Mozilla had previously publicly disclosed its data collection practices and that the researchers didn't present concrete evidence about what "personal details" Firefox Klar was collecting, makes this report unreliable.
Until the two researchers reveal what they found in more depth, Mozilla doesn't appear to be guilty of anything outside enabling this usage data collection feature by default.
Update: Article updated on February 13 with a new official statement from Mozilla.