I don’t understand how they are supposed to “sell your data” if you just never use a Mozilla account and uncheck all the telemetry. Its not like they can secretly steal your data, since its Open Source.
It seems to me like just more FUD that Google is spreading to undermine our trust in free software.
You’re right that being opensource doesn’t mean the binaries don’t include extra stuff.
However, are you seriously suggesting no one would notice Firefox transmitting telemetry? Seems unlikely.
We notice. They’re not hiding. The (numerous) endpoints are all presents in the about:config page. The actual content, though, is not that obvious to get. If we assume the binaries are compromised (I don’t believe they are for now, for the record), an outsider would only see a TLS session. At best we could get the vague amount of data exfiltrated, not really the content. But that’s hypothetical. For now.
As someone else said, reproducible builds is a great mitigating factor for this secret changes. Firefox does have telemetry, but is very transparent and lets you turn it all off (as far as I can tell anyway). Don’t want ads? Easy. Don’t want Mozilla services? Simple.