Firefox 138.x Update: Enhanced Privacy Controls and User Consent Changes

The latest update to Mozilla Firefox is set to deliver a significant change in how users interact with the browser’s terms and data-sharing options—a move that is already sparking considerable debate within privacy and tech communities. With the release of Firefox version 138.x across all official desktop platforms, including Windows, Mac, Linux, and MSI installers, Mozilla introduces not just a user experience tweak, but a fundamental shift in user onboarding and consent procedures. The new notification at startup explicitly prompts users—particularly those new to Firefox or creating fresh profiles—to review, accept, or modify their agreement with the browser’s newly rewritten Terms of Use and its updated Privacy Notice.

What Changes Are Coming with Firefox 138.x?​

Starting with version 138.x, Mozilla will display a dedicated prompt at first launch or when a new browser profile is created. This prompt contains three crucial segments:

• Read our Terms of Use: Links directly to the full legal documented terms.
• Read our Privacy Notice: Directs users to the updated privacy policy detailing what personal and technical data may be collected.
• Manage Diagnostic and Interaction Data: Allows users not only to review what is being shared with Mozilla but also to opt out of certain data collections.

To proceed, users click “Continue,” effectively signaling their consent for Mozilla to collect certain types of data. However, the system is designed with user choice in mind—at least on the surface. Users can opt out of data collection at any time by navigating to Firefox’s settings under Privacy & Security > Firefox Data Collection and Use.

Analysing Mozilla’s New Onboarding Approach​

Strengths: Transparency, Granular Controls, and User Agency​

One of the chief strengths of this new onboarding is its upfront transparency. Instead of burying data collection under layers of settings or incorporating terms solely as part of a lengthy installation process (a practice common across much of the software industry), Firefox confronts the user with a readable breakdown at first run.

• Transparency: Each element—terms, privacy notice, and data management—can be expanded for more details. Clear, direct language replaces legalese, at least in the notification itself.
• User Control: The inclusion of toggles for telemetry and diagnostic data means users are not railroaded into blanket consent. Opt-outs are presented at the start, not retroactively.
• Alignment with Privacy-First Branding: This move maintains consistency with Mozilla’s public image as an advocate for user rights and privacy, potentially reinforcing brand loyalty among privacy-conscious users.

Potential Risks and Controversies​

However, the changes are not without their controversies or potential pitfalls.

• Consent Fatigue and User Understanding: There’s a risk that, faced with yet another pop-up, users may reflexively click “Continue” without fully comprehending what they're consenting to. Similar issues have plagued cookie consent banners in Europe, where user understanding and meaningful choice are often debated.
• Personalized Ads and Data Use: The updated terms explicitly mention that Mozilla may use data to display personalized ads on the New Tab Page and send technical or interaction data back to Mozilla servers. This is a nuanced shift for an organization that has traditionally positioned itself in opposition to tracking-heavy competitors.
• Default Settings Favoring Data Collection: By default, telemetry and interaction data collection remain enabled unless the user proactively opts out—raising concerns among privacy advocates. Some reports suggest that a significant number of users never change default privacy settings, thereby granting Mozilla more data than many realize.
• Backlash from Core User Base: Early responses on forums indicate some long-time Firefox users feel betrayed, interpreting the new ToS as an erosion of the browser’s privacy-first promise, especially regarding “personalized extension recommendations” and possible ad targeting.

Multiple credible sources confirm these features are planned for Firefox 138.x. According to the official Mozilla release notes and reporting by Windows Report, the prompt will appear for new users or when a new profile is created, and management options for data sharing will be prominent and editable from the initial notification or later within settings. Reports from Bleeping Computer and Ars Technica echo these facts, though opinions differ on the severity and impact of the change.

Comparison with Other Major Browsers​

How does Mozilla’s approach compare to that of other mainstream browsers like Google Chrome or Microsoft Edge?

• Google Chrome: Chrome collects vast telemetry and user data by default, only offering scattered opt-out controls buried deep within advance settings. Consent is implied via use, with explicit notices reserved for new feature rollouts or legal compliance prompts.
• Microsoft Edge: Edge surfaces telemetry notices during setup but heavily nudges users toward “recommended” data sharing. Critically, Microsoft’s consent process is intertwined with Windows 11 onboarding, muddying the distinction between OS-level and browser-level telemetry.
• Apple Safari: While Safari boasts strong privacy credentials, its controls are minimal—users are neither prompted with granular opt-in settings nor offered detailed up-front notices unless a new privacy feature is introduced.

Firefox’s new onboarding approach, then, arguably sits between the “dark patterns” of competitors (where consent is nudged, not chosen) and the “do-nothing” approach (where information control is out of sight, out of mind).

Implications for User Privacy and Data Sovereignty​

The heart of this debate remains the issue of user privacy and genuine data sovereignty. Mozilla, despite its reputation, has increasingly leaned on data-driven growth strategies, including:

• Personalized New Tab ads: Data from browsing or extension installs can influence which “sponsored” content users see.
• Extension Recommendations: Telemetry about browsing patterns and extensions can be analyzed to push third-party add-ons, raising concerns about profiling and potential unintended consequences, such as exposure to low-quality or even malicious add-ons if vetting processes falter.
• Diagnostic and Usage “Pings”: The sharing of behavior metrics, ostensibly for product improvement, also generates comprehensive datasets about how, when, and where the browser is used.

Privacy experts from the Electronic Frontier Foundation and PrivacyTools.io largely applaud greater transparency, but warn that true consent hinges on three factors: comprehension, agency, and reversibility. In its current form, Firefox’s new onboarding achieves transparency but perhaps falls short on real agency unless the opt-out is clearly communicated and default settings are privacy-centric.
Notably, data collected via telemetry is governed by Mozilla’s public data practices, which pledge never to sell user data to third parties and limit internal access. These claims have, to date, held up under independent audits and GDPR scrutiny.

Customizing Firefox: Steps to Maximum Privacy​

For those wishing to minimize data sharing with Mozilla, the process is straightforward:

• Open the Firefox menu and select Settings.
• Navigate to Privacy & Security.
• Scroll to the section labeled Firefox Data Collection and Use.
• Disable:
• Allow Firefox to send technical and interaction data to Mozilla.
• Allow Firefox to make personalized extension recommendations.
• Allow Firefox to install and run studies.
• Allow Firefox to send daily usage pings.
• Periodically review these settings after major updates, as defaults can occasionally shift or new options appear.

This process can be accomplished at any time, regardless of whether the ToS notification has been previously accepted. If a user has already clicked “Continue,” opting out afterward still prevents further data collection as per Mozilla’s documentation.

Community Feedback and Mozilla’s Response​

User reactions—particularly within the privacy community—are mixed. On forums such as Reddit’s r/firefox and uservoice platforms, skeptics question Mozilla’s motives and the necessity of collecting behavioral data in an ostensibly privacy-first browser. Others recognize that some telemetry is essential for debugging, crash reports, and improving overall stability.
Mozilla has responded by emphasizing its “lean data” approach, asserting that collected diagnostics are anonymized wherever possible and never sold to third parties. In a recent blog post, the organization reaffirmed its commitment to open-source values and offered detailed documentation on how diagnostic data is handled. However, critics point out that for data to remain truly anonymous, rigorous safeguards must be constantly maintained, and even “anonymized” data can be de-anonymized when cross-referenced with external datasets, especially in niche usage scenarios.

The Broader Context: Software Consent in 2025​

Firefox’s new onboarding notification, for better or worse, reflects a wider trend in software and digital services—one in which companies seek legally robust, auditable consent from users regarding data-handling practices. Regulatory frameworks such as Europe’s GDPR or California’s CCPA have made explicit, opt-in style consent the norm for personal data collection.
Yet critics highlight a contradiction: even when such consent is obtained, power asymmetries and confusing processes often mean users aren’t genuinely empowered. As attorney and privacy scholar Woody Hartzog notes, “Consent alone can rarely achieve meaningful privacy—only substantive, enforceable limits can.”
Mozilla, with its open-source heritage, appears to be striving for a middle path. The new notification is more transparent than many major competitors, yet the company must still contend with the challenge of turning transparency into genuine user empowerment.

A Sidebar: April Fools’ Logo and Taskbar Tabs​

In a lighter aside, Mozilla originally planned to display a unique April Fools’ logo in this release, though this was reportedly withdrawn for unclear reasons. More substantially, Mozilla is also experimenting with Progressive Web Apps (PWAs) on Windows 11, internally referred to as “Taskbar Tabs,” designed to improve multitasking and integration. This initiative is currently in testing, with mixed community response; some praise the feature’s utility, while others worry about further blurring between web apps and native system processes. Neither of these features is directly connected to the ToS notification, but they exemplify Mozilla's ongoing innovation for Windows users.

Conclusion: Balancing Innovation, Privacy, and Trust​

The introduction of a mandatory Terms of Use and Privacy Notice notification in Firefox 138.x marks a significant inflection point in the browser’s evolution and, arguably, in industry-wide approaches to consent. On the positive side, Mozilla’s clear upfront notification, contextual opt-out options, and transparent language represent meaningful steps towards user awareness and control. These features are, for the most part, verifiable and consistent with Mozilla’s longstanding advocacy for privacy and open web standards.
However, questions remain about whether the form of consent—especially given default-on data sharing—amounts to genuine user agency or simply another layer of legal compliance. Ongoing vigilance from the privacy community and independent audits will be essential to ensure Mozilla lives up to its reputation.
For most Windows users, the update will bring a small yet important pause—a clear chance to review, understand, and shape the data relationship they enter with their browser. Those wishing for maximum privacy retain the tools to opt out, but must be proactive. As with all consent in digital spaces, the challenge will be ensuring this choice remains meaningful, understood, and respected over time.
Ultimately, the evolution of Firefox’s onboarding will resonate beyond the open-source ecosystem, setting new expectations and, possibly, sparking fresh debates on what true user empowerment looks like in an increasingly data-driven world. For now, the best defense remains an informed, engaged user base—one that thinks twice before clicking “Continue” and takes full advantage of the controls Firefox continues to provide.