https://old.reddit.com/r/firefox/comments/1e43w7v/a_word_about_private_attribution_in_firefox/ jump to content my subreddits edit subscriptions * popular * -all * -random * -users | * AskReddit * -pics * -funny * -movies * -gaming * -worldnews * -news * -todayilearned * -nottheonion * -explainlikeimfive * -mildlyinteresting * -DIY * -videos * -OldSchoolCool * -TwoXChromosomes * -tifu * -Music * -books * -LifeProTips * -dataisbeautiful * -aww * -science * -space * -Showerthoughts * -askscience * -Jokes * -IAmA * -Futurology * -sports * -UpliftingNews * -food * -nosleep * -creepy * -history * -gifs * -InternetIsBeautiful * -GetMotivated * -gadgets * -announcements * -WritingPrompts * -philosophy * -Documentaries * -EarthPorn * -photoshopbattles * -listentothis * -blog more >> reddit.com firefox * comments Want to join? Log in or sign up in seconds.| * English [ ][] [ ]limit my search to r/firefox use the following search parameters to narrow your results: subreddit:subreddit find submissions in "subreddit" author:username find submissions by "username" site:example.com find submissions from "example.com" url:text search for "text" in url selftext:text search for "text" in self post contents self:yes (or self:no) include (or exclude) self posts nsfw:yes (or nsfw:no) include (or exclude) results marked as NSFW e.g. subreddit:aww site:imgur.com dog see the search faq for details. advanced search: by author, subreddit... this post was submitted on 15 Jul 2024 180 points (92% upvoted) shortlink: [https://redd.it/1e43] [icon-spons]promotedabout ATF Submit link Submit text Get an ad-free experience with special benefits, and directly support Reddit. get reddit premium firefox joinleave189,308 readers 375 users here now Get Firefox Get Firefox Help Firefox Contribute to Firefox Answer questions on Support Mozilla Join Mozilla Rally Social Chat on Matrix Official Mozilla Discourse Discuss Firefox Get Support r/Firefox wiki - (basic troubleshooting) Ask for help on Support Mozilla Report a bug a community for 16 years [icon-spons]promotedabout BTF MODERATORS * message the mods discussions in r/firefox <> X 179 * 82 comments A Word About Private Attribution in Firefox 218 * 28 comments Chromium browsers have been quietly sending user information to Google ( a group that includes Google Chrome, Microsoft Edge, Opera and Brave) 223 * 168 comments [PwrQOpMI] "Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again 23 * 2 comments New User loving Firefox 306 * 15 comments BEWARE: There is a FAKE uBlock Origin on the Firefox Add-Ons website iOS: bug in latest FF...? 2 * 1 comment Any plans to support the Scan for Nearby Devices permission on Firefox for Android? 3 * 3 comments [MMa9Tj45] Change color of inactive tab when highlighted 2 * 1 comment TAB Behavior - Switching back to last focused tab when current tab is closed, how? How to permanently disable review checker? Welcome to Reddit, the front page of the internet. Become a Redditor and join one of thousands of communities. x 179 180 181 A Word About Private Attribution in FirefoxDiscussion (self.firefox) submitted 3 hours ago * by bholley_mozilla Mozilla Employee Firefox CTO here. There's been a lot of discussion over the weekend about the origin trial for a private attribution prototype in Firefox 128. It's clear in retrospect that we should have communicated more on this one, and so I wanted to take a minute to explain our thinking and clarify a few things. I figured I'd post this here on Reddit so it's easy for folks to ask followup questions. I'll do my best to address them, though I've got a busy week so it might take me a bit. The Internet has become a massive web of surveillance, and doing something about it is a primary reason many of us are at Mozilla. Our historical approach to this problem has been to ship browser-based anti-tracking features designed to thwart the most common surveillance techniques. We have a pretty good track record with this approach, but it has two inherent limitations. First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win. Second, this approach only helps the people that choose to use Firefox, and we want to improve privacy for everyone. This second point gets to a deeper problem with the way that privacy discourse has unfolded, which is the focus on choice and consent. Most users just accept the defaults they're given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples' privacy remains compromised. Cookie banners are a good example of where this thinking ends up. Whatever opinion you may have of advertising as an economic model, it's a powerful industry that's not going to pack up and go away. A mechanism for advertisers to accomplish their goals in a way that did not entail gathering a bunch of personal data would be a profound improvement to the Internet we have today, and so we've invested a significant amount of technical effort into trying to figure it out. The devil is in the details, and not everything that claims to be privacy-preserving actually is. We've published extensive analyses of how certain other proposals in this vein come up short. But rather than just taking shots, we're also trying to design a system that actually meets the bar. We've been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we've hit the mark. This work has been underway for several years at the W3C's PATCG, and is showing real promise. To inform that work, we've deployed an experimental prototype of this concept in Firefox 128 that is feature-wise quite bare-bones but uncompromising on the privacy front. The implementation uses a Multi-Party Computation (MPC) system called DAP/Prio (operated in partnership with ISRG) whose privacy properties have been vetted by some of the best cryptographers in the field. Feedback on the design is always welcome, but please show your work. The prototype is temporary, restricted to a handful of test sites, and only works in Firefox. We expect it to be extremely low-volume, and its purpose is to inform the technical work in PATCG and make it more likely to succeed. It's about measurement (aggregate counts of impressions and conversions) rather than targeting. It's based on several years of ongoing research and standards work, and is unrelated to Anonym. The privacy properties of this prototype are much stronger than even some garden variety features of the web platform, and unlike those of most other proposals in this space, meet our high bar for default behavior. There is a toggle to turn it off because some people object to advertising irrespective of the privacy properties, and we support people configuring their browser however they choose. That said, we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here. Digital advertising is not going away, but the surveillance parts could actually go away if we get it right. A truly private attribution mechanism would make it viable for businesses to stop tracking people, and enable browsers and regulators to clamp down much more aggressively on those that continue to do so. * 82 comments * share * save * hide * report all 82 comments sorted by: best topnewcontroversialoldrandomq&alive (beta) [ ] Want to add to the discussion? Post a comment! Create an account [-]Nakotadinzeo 54 points55 points56 points 2 hours ago (9 children) A problem that I think is a major one, is that if you give advertisers an inch they take a mile. If this system is in any way breakable, it will be broken. If a person can be bribed to de-anonimize the data, they will and if that can't be they will be replaced. We have to remember how we got here, what lead to an arms race between users needing to arm themselves ever-invasive advertising. The first cable networks were ad-free as you were paying for TV, and now they have to trim shows from the 90's to fit in more advertising despite paying far more than people in the era of it being ad free. Internet ads used to be a random jpeg banner of a product, then GIFs, Flash, and slowly evolved to the point that ad-blocking is recommended by the FBI. In my personal and unscientific opinion, a lot of the mental health issues people lay at the feet of social media and smart phones are actually caused by the volume and nature of advertising today. Advertising companies should be making ads more expensive and rare, not sending out more. Helping advertisers target users, even anonymously, helps degrade the human being that is trying to use the internet. They're looking for vulnerabilities in the psychology of the people they target, and that's not something I believe an ethical person or company should stand for. * permalink * embed * save * report * reply [-]HotTakes4HotCakes [score hidden] 58 minutes ago (0 children) I agree with your point but I think you're missing the larger one: This cycle will happen with or without Mozilla's help. The majority of the websites worth visiting are owned by massive corporations with shareholders. Advertising is what fills their pockets. A web browser that doesn't play ball with them is seen as a detriment to the revenue, and web technology is getting to be such that it's easier to cut Firefox users off. Firefox can get around it but that's an ever escalating war they can't ultimately win. I think the truth is the internet is just fucked. It took 30 years to make this place into cable TV but we're almost there. I think Mozilla appreciates this and is basically trying to find the best possible way to navigate this hellish future. * permalink * embed * save * parent * report * reply [-]KevlarUnicorn [score hidden] 1 hour ago (1 child) This. I'm tired of people trying to constantly sell me things. It's invasive, it's exhausting. My life shouldn't be seen as a source of income. * permalink * embed * save * parent * report * reply [-]KevlarUnicorn [score hidden] 1 hour ago (0 children) Side note: Not 10 seconds after I posted this, I received a text message from my own bank telling me to sign up for a contest to win $500! It's so pervasive. * permalink * embed * save * parent * report * reply [-]elsjpq [score hidden] 1 hour ago (5 children) The economic incentive is too strong for ethical advertising to survive on a large scale. The only way to end the arms race is heavy regulations on advertising. If that's what they were lobbying for, I'd be in full support * permalink * embed * save * parent * report * reply [-]VincentTunru [score hidden] 1 hour ago (2 children) Mozilla does do a lot of lobbying to try to influence legislation. And what gives that lobbying more weight is having actual skin in the game, bringing insights from the market to legislators. This prototype will result in such insights. * permalink * embed * save * parent * report * reply [-]KingFIippyNipz [score hidden] 26 minutes ago (1 child) Oh yeah, Mozilla, the non profit vs Amazon, Google, Microsoft, Meta, etc etc. Very likely Mozilla will come out on top. Very likely. * permalink * embed * save * parent * report * reply [-]beefjerk22 [score hidden] 6 minutes ago (0 children) That's why they're working with Meta, to get them on-side. If Meta had no interest they would not have partnered. * permalink * embed * save * parent * report * reply [-]iTob191 [score hidden] 58 minutes ago (0 children) It's way easier to lobby for sth like this if you have a better alternative to present. * permalink * embed * save * parent * report * reply [-]KingFIippyNipz [score hidden] 27 minutes ago (0 children) Ok but those same companies aren't going to roll over and stop lobbying for no regulations just because some browser with a 2% market share has a feature that clearly not everyone even wants. All that's really happening is Mozilla is selling itself out to the very advertisers that it claims to try to mitigate in violating our digital privacy. I mean .... Wolf in sheep's clothing? Er, no, sleeping with the enemy! Yeah, that's what it is. * permalink * embed * save * parent * report * reply [-]rekIfdyt2 33 points34 points35 points 2 hours ago (0 children) Thanks very much for the detailed explanation! I don't agree with everything that Mozilla/Firefox does, but in general I'm confident that the intentions are good. :) * permalink * embed * save * report * reply [-]elsjpq [score hidden] 1 hour ago (0 children) I get why it's done, but I still don't like the feature. Though the recent improvement in communication from Mozilla is commendable * permalink * embed * save * report * reply [-]FineWolf 34 points35 points36 points 2 hours ago* (3 children) Having taken the time to read the source code (both in mozilla-central for the DAPTelemetry toolkit and ISRG's janus implementation), the IETF DAP draft proposal, I really do believe that this is step forward towards increasing user privacy. It's frustrating to see people up in arms every single time the word "advertisement" is mentioned. Look, I hate tracking and ads as much as anyone here, but I can objectively say that this is a win for individuals. This means giving them way less data than they currently have access through via other means, and the fact that you have one of the largest AdTech providers onboard gives me hope that it will have some wider industry acceptance in the long run. * permalink * embed * save * report * reply [-]RB5Network [score hidden] 1 hour ago (2 children) They didn't do a very good job at explaining how this is privacy preserving on a technical level. Is there a source on how this newer system works, or could you give a TLDR/ELIA5? * permalink * embed * save * parent * report * reply [-]FineWolf [score hidden] 1 hour ago (1 child) TL;DR: All ad networks get is ad y (published on source z) led x number of people to a positive outcome for their customer over a period of time p. The Distributed Aggregation Protocol also separates metrics collections away from ad networks, and ensures the privacy of individual conversions by aggregating them, and adding in some noise in order to further boost the privacy guarantees (via Differential Privacy). The current status quo on the web is to do invasive behavioral tracking which also allow advertisers to do cross-site (and sometimes cross-platform) targeted advertising. None of the metrics collected through private attribution would allow that, as it is limited to what I've bolded above. * permalink * embed * save * parent * report * reply [-]tragicpapercut [score hidden] 32 minutes ago (0 children) The future of behavioral tracking is advertising companies creating direct backend links with advertisers to share correlating data in order to deanonymize users via IP address, browser footprint, etc. I don't know a ton about DAP but I'm going to put my money on the advertisers winning this one. They get their metrics handed to them and will still get targeted data, even if it isn't through the client app anymore. * permalink * embed * save * parent * report * reply [-]It_Is1-24PM [score hidden] 1 hour ago* (0 children) That said, we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here. And that opinion is based on what exactly? You've got no problem using simple, multiple steps 'installation-wizard-like' windows after major update, yet simple YES / NO is - according to your beliefs - not an improvement? Seriously? And you already explained here and here that basically this feature makes sense only when enough users will opt-in, hence the decision. Opt-out is NOT a consent IMHO you should never switch new features on, whenever you're sharing users data with any entity. Doesn't matter how anonymized those datasets are. This data is not yours to begin with. This is not your decision and you should not take it away from the users by using opt-out. * permalink * embed * save * report * reply [-]TCOO1 [score hidden] 28 minutes ago (0 children) Hmmm... actually I think I have an idea how to solve this: If an adblock extension is detected, disable and gray out the checkbox. It will not change anything as an adblocker already makes it all but useless, but the people that are concerned about this will most likely have an ad blocker already, so they will have the option off. * permalink * embed * save * report * reply [-]1g0rlog1us 8 points9 points10 points 2 hours ago (1 child) The decision to put such a trial into a release without giving the users ample explaination and a real choise to opt-out directly on update/installation, made me a bit angry and sad. It kind of reminded me of the Mr.Robot fiasco way back. And sadly convinced me that it's very necessary to be very careful when updating firefox in the future to not be part of any such unconsented experiments. Sorry for these harsh words, but it's just how it seems to me at the moment, without even going into the viability or usefulness of this new system. * permalink * embed * save * report * reply [-]filchermcurr [score hidden] 1 hour ago (0 children) I found it strange that an experimental prototype didn't fall under the existing privacy settings for conducting studies. I guess I don't understand what studies actually are. * permalink * embed * save * parent * report * reply [-]purgatroid 5 points6 points7 points 2 hours ago (3 children) Why with meta, out of all companies? It's not as if they have a great record of not tracking people. * permalink * embed * save * report * reply [-]that_manual_page [score hidden] 1 hour ago (1 child) A privacy preserving system wouldn't be useful if none of the largest advertisers didn't buy in. * permalink * embed * save * parent * report * reply [-]loop_us from 2003-2021 since proton [score hidden] 17 minutes ago (0 children) It is against the business model of advertisers to respect the privacy of users. * permalink * embed * save * parent * report * reply [-]Fickle_Dragonfly4381 [score hidden] 1 hour ago (0 children) They didn't ask me to design it for them, they asked them to collaborate on a system that would be useful useful. That is not the same as giving them a black box to create their system inside of. * permalink * embed * save * parent * report * reply [-]yetzt 8 points9 points10 points 2 hours ago (2 children) try ublock, it makes digital advertising go away pretty well. * permalink * embed * save * report * reply [-]sxRTrmdDV6BmzjCxM88f 11 points12 points13 points 2 hours ago (1 child) *uBlock Origin * permalink * embed * save * parent * report * reply [-]yetzt [score hidden] 10 minutes ago (0 children) thats the one i meant. it really should be the one called ublock and the one called ublock should get some byword instead. * permalink * embed * save * parent * report * reply [-]SimonSapin 5 points6 points7 points 2 hours ago (10 children) A truly private attribution mechanism would make it viable for businesses to stop tracking people How is "viable" enough? Why would the industry stop surveillance as long as it's profitable? * permalink * embed * save * report * reply [-]denschub Web Superglue Engineer at Mozilla 8 points9 points10 points 2 hours ago* (9 children) If you continue reading right after your quote, just behind that comma, you'll get your answer! Edit: That was a bit too much snark and lacked content. I posted something with more content below - sorry! :) * permalink * embed * save * parent * report * reply [-]drspod 4 points5 points6 points 2 hours ago (2 children) If you continue reading right after your quote, just behind that comma, you'll get your answer! Ok. ... and enable browsers and regulators to clamp down much more aggressively on those that continue to do so. So you're saying that this system is a necessary pre-requisite to regulation, and that it's so self-evident that these two seemingly unrelated things are linked that you can reply with a snarky response implying that the previous commenter just didn't read the text? Do you perhaps see why a lot of long-time Firefox users are a little upset by this feature, when Mozilla employees come out defending it so ungraciously? To wit, can you explain what this feature has to do with regulation? Why can regulation not address tracking behavior without this alternative data collection mechanism? * permalink * embed * save * parent * report * reply [-]denschub Web Superglue Engineer at Mozilla 15 points16 points17 points 2 hours ago (0 children) So, there's two pieces to that quote: 1. The piece about browsers blocking ad-trackers. At the moment, that's not viable because it will result in sites outright blocking Firefox (or asking people to disable Tracking Protection). We know, becuase that's already happening. Some content providers even tried to sue adblockers. If Mozilla can show that there is a way to continue measuring ad attribution while also strictly blocking any tracking scripts, the whole point of "you're making it impossible for us to run ads" becomes invalid. 2. The piece about regulation is kinda the same. At the moment, ad lobby groups depend on "we need this to measure our stuff, and measuring is impossible without privacy-invasive trackers". If we can demonstrate that it is not, in fact, impossible to do without privacy-invasive trackers, that becomes a very relevant factoid in future discussions. * permalink * embed * save * parent * report * reply [-]beefjerk22 9 points10 points11 points 2 hours ago (0 children) I think the point is that if the regulators can see that an alternative is possible and viable, industry lobbyists won't be able to convince them otherwise. * permalink * embed * save * parent * report * reply [-]SimonSapin 3 points4 points5 points 2 hours ago (5 children) Condescension does not help anyone. Of course I've read in full and quoted only part for brevity. The whole paragraph sounds like wishful thinking. The industry has shown repeatedly that it will do everything it can to fight and circumvent any technical or legal limitation to surveillance. How can giving them more data change that? * permalink * embed * save * parent * report * reply [-]denschub Web Superglue Engineer at Mozilla 6 points7 points8 points 2 hours ago* (4 children) You're right, that was a bit too snarky. :) Sorry for that! I saw this response too late because Reddit ate notifications, but I posted a bit more above. Is that wishful thinking? Maybe, who knows. It's probably better than not doing anything, though, and just living with the current status quo, which is... bad. It also doesn't give advertisers more data - they already know how often their ads have been seen and interacted with (and they know a lot more). This API provides a limited scope of data. I would say that "this is a bit like having EME vs. letting people run Silverlight applets", but I don't want to get yelled at even more, so I'm not gonna make that comparision. ;D * permalink * embed * save * parent * report * reply [-]SimonSapin [score hidden] 1 hour ago (1 child) It's probably better than not doing anything, though Is it really? It's not at all obvious that giving a new kind of data to the data-devouring-machine is an improvement, that's the core of much of the negative reactions! * permalink * embed * save * parent * report * reply [-]denschub Web Superglue Engineer at Mozilla [score hidden] 1 hour ago (0 children) I should probably clarify that I don't actually work on PPA or anything Privacy related, I'm just a Web Compatibility person. I'm just commenting here because I sometimes like interacting with this subreddit. But I don't neccessarily see this as "new data". As Bobby explained, the whole motivation, is to offer them a core piece of data they already know and that ad networks can't really run without, over an API that doesn't offer room for turning it into a privacy monster. And when it works, shutting down the current tracking script machinery via in-browser blocking mechanisms and regulatory pushes could be possible. The PATCG has quite some big-name particpants, and if this works for them, maybe this will actually result in some meaningful change down the line. And if not, PPA can be unshipped (or maybe replaced with something different). I personally prefer this approach over doing nothing, yeah. * permalink * embed * save * parent * report * reply [-]tragicpapercut [score hidden] 26 minutes ago (0 children) FWIW, advertisers are already starting to go around the browser. They are planning for a future where the browser will not provide them the data across sites that they want by directly connecting and sharing data on the backend - so you'll be tracked by IP and browser footprint with data that is enriched by each platform that contributes. Hence why I'm just installing uBlock Origin everywhere and opting out of all advertisements. I also avoid sites like Facebook with first party advertisements, or use a container tab in Firefox (lovely feature by the way). * permalink * embed * save * parent * report * reply [-]KingFIippyNipz [score hidden] 18 minutes ago (0 children) I mean is doing anything better than not getting in bed with the very advertising platforms you're trying to prevent from tracking us? Call it sleeping with the enemy, Mark Zuckerberg does not give a rat's fucking ass about user privacy. Mozilla is selling itself out. * permalink * embed * save * parent * report * reply [-]jorgejhms [score hidden] 10 minutes ago (0 children) I fully support Mozilla on this one. If this can lead to regulate away invasive tracking in advertising is a worthy objective. * permalink * embed * save * report * reply [-]mhs_mhs123 [score hidden] 1 hour ago (13 children) I think more than anything, although the intent seems to be good from Mozilla, this wasn't what hardcore users of Firefox expected at all. While a lot of us are more worried about firefox's decline especially in recent years, this was the last thing we expected to happen from Mozilla. In my opinion, Features more centred around the community matter more than finding new ways to adopt PPA. Of course, digital advertising will never go away BUT a lot of us community members looked to Mozilla to be the beacon of hope against corporations and advertising. If someone asked me to describe chrome I'd say "it's a browser from an advertising company". I wouldn't want the browser developed by my favourite alternative to said company to also be responded to by the same name. We are here for Firefox, for Gecko and for the development of our favourite browser which is sadly waning a lot in marketshare and is tanking. Especially with Manifest V3 on the horizon and all the other nonsense that other tech companies are making to their browsers and the fact that MV3 affects all chromium browsers, Mozilla and Firefox should double down on them being different and be proud of their open source nature and their philosophy rather than acting against their philosophy and including a feature such as PPA regardless of how "privacy-preserving" it is. Yeah I want Firefox to succeed and I want Mozilla to go back to being the beacon of internet privacy, but advertising isn't going to let that happen. Mozilla needs to go back to focusing hardcore on what its users want. Privacy by default. People will use the browser as long as they see a need for it, and with the MV3 apocalypse there is definitely a need for Firefox more than ever, yet its marketshare is lowest now more than ever. Why is that? In my opinion, you guys should really go back to the drawing board and focus heavily on the Firefox users and community. Because unless you do that, people will migrate elsewhere and that's not something that I want and that's not something the community wants. * A Firefox Enthusiast. * permalink * embed * save * report * reply [-]beefjerk22 [score hidden] 1 hour ago (12 children) Confused by your comment. "Mozilla really needs to go back to focusing on... privacy by default" Right after the CTO has explained at length why this feature's success would make ads, which are pervasive on the web, private by default. * permalink * embed * save * parent * report * reply [-]Tubamajuba [score hidden] 53 minutes ago (1 child) Many of us Firefox users don't just want our data sent to advertisers privately, we don't want our data sent to them at all. Therefore, this feature should have been opt-out. If opt-out is the only way this feature works, then it isn't a feature that should be in Firefox. Unlike Google and Microsoft, I genuinely believe that Mozilla has good intentions and that private attribution is a feature developed as a result of those good intentions. Regardless, any feature in Firefox that provides our data to anyone else should be opt-in. * permalink * embed * save * parent * report * reply [-]beefjerk22 [score hidden] 14 minutes ago (0 children) This feature doesn't send your data to advertisers privately, or at all. It keeps a record ON YOUR COMPUTER of what adverts your browser has displayed, then a private third-party server counts how many sales were the result of previously shown ads, and just reports a total number back to the advertisers. * permalink * embed * save * parent * report * reply [-]mhs_mhs123 [score hidden] 1 hour ago (9 children) Private meaning not developing features that would be sensible for its main competitors to develop. * permalink * embed * save * parent * report * reply [-]beefjerk22 [score hidden] 52 minutes ago (8 children) Still don't really understand. Are you saying that Mozilla shouldn't develop privacy-preserving ad technology because it would be sensible for its competitors to develop it instead? Who are its competitors in this context? The privacy-invasive ad networks? And what incentive do they have to do that? * permalink * embed * save * parent * report * reply [-]mhs_mhs123 [score hidden] 47 minutes ago (6 children) I'm saying that mozilla should at the very least not enable it by default. Me personally i would've wanted them to spend more time and marketing efforts on advertising how blockers and content blockers work best in firefox right on the horizon of MV3 instead of whatever it is they are doing right now. * permalink * embed * save * parent * report * reply [-]lo________________ol [score hidden] 35 minutes ago (5 children) It's like a hospital creating "life-preserving poison." Even if it works perfectly, and we don't know if it would, why would you make it? The "privacy preservation" starts by sending extra data to Mozilla's servers, with a pinky promise they won't do anything bad. And considering Mozilla broke people's trust by hiding this, why would anyone feel safe with Mozilla holding that lucrative data? * permalink * embed * save * parent * report * reply [-]beefjerk22 [score hidden] 19 minutes ago (1 child) The privacy preserving doesn't start by sending Mozilla anything. The record of what adverts you've seen are stored in Firefox on your computer. * permalink * embed * save * parent * report * reply [-]lo________________ol [score hidden] 17 minutes ago (0 children) Okay, so Mozilla servers slurp up your ad data later. I don't care if it's step one or step 500: They should have asked for consent. * permalink * embed * save * parent * report * reply [-]Loudergood [score hidden] 13 minutes ago (1 child) Youve just described chemotherapy and radiation treatment. * permalink * embed * save * parent * report * reply [-]lo________________ol [score hidden] 11 minutes ago (0 children) If the hospital gave you chemotherapy for shits and giggles, and without your consent. * permalink * embed * save * parent * report * reply [-]mhs_mhs123 [score hidden] 31 minutes ago (0 children) exactly. That's a perfect analogy * permalink * embed * save * parent * report * reply [-]KingFIippyNipz 4 points5 points6 points 2 hours ago (3 children) As another user has put it, this sounds like wishful thinking if the intent is to lead to some fundamental change in data tracking and advertising and stricter regulation. How much revenue is Mozilla/Firefox making from this partnership with Meta? * permalink * embed * save * report * reply [-]lo________________ol [score hidden] 40 minutes ago (2 children) Enough to purchase one ad company, acquire a second company with data they still sell to ad companies, and increase the CEO's pay by about $2 million. * permalink * embed * save * parent * report * reply [-]KingFIippyNipz [score hidden] 36 minutes ago (1 child) I mean, if they're just going to sell Firefox out to the major violators of digital privacy, their statements about valuing privacy are toothless. Just waiting for the Amazon announcement, next. * permalink * embed * save * parent * report * reply [-]lo________________ol [score hidden] 34 minutes ago (0 children) They're kind of already in cahoots with Amazon. Their review checker works exclusively on that, Walmart, and Best Buy... Or were you thinking of a different Amazon partnership? * permalink * embed * save * parent * report * reply [-]soiTasTic [score hidden] 1 hour ago (0 children) I don't want to help the ad industry gather metrics, I don't care if it's privacy friendly or not.. Either pay me for the data or go away. * permalink * embed * save * report * reply [-]rat_king_of_heluene [score hidden] 1 hour ago (0 children) I know this will sound snarky, but I mean it sincerely: What is the point of using Firefox if its privacy practices are indistinguishable from competitors? * permalink * embed * save * report * reply [-]DianaOlympos 5 points6 points7 points 3 hours ago (4 children) So first of all, digital targeted advertising is definitely going away. The only thing that keeps it in a grey area in europe is the bureaucratic obstruction and limited budget of the Irish DPC. The ECJ has been pretty clear multiple times on its interpretation of GDPR, same as most national DPA and the EDPB. Secondly, consent modal of the kind you mention have been noted, multiple times, as illegal by the same regulators. Would Firefox consider offering a tool, in browser, for users to quickly and cheaply detect and report such breaking the law banners and modals? This would align with your goals and help enforce users consent. Thirdly, I cannot see how this kind of "trusted third party" processing can be legal under GDPR. By definition of privacy preserving, the users cannot know how their data would be used, which would break the consent principle. Even more, doing said collection of data without an opt in modal would also break the principle of consent from GDPR as pointed in the first point. I understand why you are talking of the technical merits here, but your whole axiom about the inevitability of data collection is itself faulty. The rest can be great, but the center will not hold. * permalink * embed * save * report * reply [-]st3fan 12 points13 points14 points 2 hours ago* (3 children) The GDPR is specifically about PII and not some sort of "do not dare to send any data" catch-all. In this specific case, the GDPR probably does not apply at all since what is sent back is anonymized data: none of the parties can use it to identity a person. This is good for GDPR compliance. There is no standard for data anonymization in the GDPR and I don't think it has been tested. It would be interesting to find out if "DAP /Prio" meets the high bar that the GDPR sets for data anonymization. This would be great to ask the EU to investigate. (IANAL) * permalink * embed * save * parent * report * reply [-]DianaOlympos 4 points5 points6 points 2 hours ago (2 children) It is about Personal Data, not PII. This is an important difference. But as far as nearly all national DPA have concluded and posted in multiple places, any kind of bucketing, cohorting and other measures to anonymise that could ever lead to enough de anonymisation, even by adding data coming from elsewhere, is not considered kosher without consent. It is not necessary to run your service. You need explicit consent and to be opt in without being obnoxious. On top of this, this data cannot be processed without legitimate reasons by a 3rd party, need to never lead an EU privacy protection equivalent country (so not the US) and any use by the 3rd party or by 3rd party user need to be trackable and informed to the user before consent can be considered given. If that feels nearly impossible, you are welcome. That. Is. The. Point. The industry keeps refusing to accept it, but it does not make it less true. I recommend to read the information put out by DPAs or the EDPB. Or even read the GDPR itself. It is a pretty legible piece of legislation * permalink * embed * save * parent * report * reply [-]FineWolf 4 points5 points6 points 2 hours ago* (0 children) If you want to talk about GDPR... capturing aggregate data purely on impressions and conversions, without any user identifiable information would be considered legitimate interest under GDPR; even more so when those metrics are used for billing advertisers. The EU Commission does provide guidance here: https:// commission.europa.eu/law/law-topic/data-protection/reform/ rules-business-and-organisations/legal-grounds-processing-data/ grounds-processing/what-does-grounds-legitimate-interest-mean_en * permalink * embed * save * parent * report * reply [-]st3fan 3 points4 points5 points 2 hours ago (0 children) IANAL but I think you are wrong but I think this may be a bit of a grey area and I would love to see this tested in court. * permalink * embed * save * parent * report * reply [-]rat_king_of_heluene 4 points5 points6 points 2 hours ago* (4 children) First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win. Giving up on an arms race is the only way to lose it. Whatever opinion you may have of advertising as an economic model, it's a powerful industry that's not going to pack up and go away. I am fine with advertising as an economic model. Broadcast and print media has used it for decades without tracking. Don't track without consent. It's not hard. * permalink * embed * save * report * reply [-]FineWolf 8 points9 points10 points 2 hours ago (3 children) Broadcast and print media has used it for decades without tracking. Well, that's demonstrably false. Campaign specific phone numbers and rebate coupons have been used for decades to track the success of traditional marketing campaigns. * permalink * embed * save * parent * report * reply [-]rat_king_of_heluene [score hidden] 1 hour ago (2 children) As you put it those track "the success of traditional marketing campaigns." They do not track users. Advertisers are welcome to track impressions or give discounts on clickthrus to achieve the same results (tracking campaigns) without tracking users. Those are also at least implicitly optin: you are not tracked if you do not explicitly engage. * permalink * embed * save * parent * report * reply [-]FineWolf [score hidden] 1 hour ago* (1 child) That's exactly what Private Attribution is trying to achieve. Tracking conversions in campaigns without tracking individual users. If you read the experiment documentation and the DAP IETF Draft, at no point is any information about the user sent or exchanged to the ad network. All the ad network is getting, is aggregate information about x conversions happened after impressions of y ad (on z source) over a period of time p. Just like x coupons were redeemed after z impressions of y mailer over a period of time p. * permalink * embed * save * parent * report * reply [-]VincentTunru [score hidden] 1 hour ago (0 children) The original post also stated as much: It's about measurement (aggregate counts of impressions and conversions) rather than targeting. * permalink * embed * save * parent * report * reply [-]q123459 2 points3 points4 points 3 hours ago (1 child) the answer for all those challenges in your wall of text is simple: allow extension creators to circumvent and randomize any data browser sends for any api queries, including that "private attribution" api. male that ability ground zero - it must be completely irrevocable by mozilla * permalink * embed * save * report * reply [-]beefjerk22 15 points16 points17 points 3 hours ago (0 children) If you think that an extension that people need to know about is a solution to this, read the actual post: Most users just accept the defaults they're given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples' privacy remains compromised. Cookie banners are a good example of where this thinking ends up. * permalink * embed * save * parent * report * reply [-]ratsby [score hidden] 48 minutes ago (0 children) I appreciate the goal, but my problem with this (and the reason I turned the feature off after reading about it) is that I use Firefox because I want my computer and my browser to work for me, not someone else. Any CPU cycles and network bandwidth spent on ad attribution (as negligible as they may be) are my computer doing free labor for ad companies and me getting nothing in return. Firefox should be a user agent, not a website agent. (If websites start gating access to content behind this feature, I guess that'd be something in return, but even then I'd rather my browser spoof accepting the attribution data and silently discard it.) * permalink * embed * save * report * reply [-]nullc [score hidden] 47 minutes ago (0 children) Forget advertisers for a moment, Doesn't this feature result in users identifiable (at least at the IP address level) browsing habits being sent to a third party controlled server from where it could be subject to lawful, lawless interception, or theft by hackers? Perhaps theft by hackers could be arguably said to be mitigated by the MPC, though no doubt all the parties are running identical software... but even if: AFAICT nothing stops someone from writing two target names on an administrative subponea. * permalink * embed * save * report * reply [-]Lucky-Ad6267 [score hidden] 21 minutes ago (0 children) I don't know if I should mention this here or not, but I would really appreciate if firefox walks me through option to send anonymous data while installing browser. Enabling to sent data by default is not good and gives wrong impression IMO. Thank you * permalink * embed * save * report * reply [-]rat_king_of_heluene [score hidden] 1 hour ago (0 children) There is a toggle to turn it off because some people object to advertising irrespective of the privacy properties You continually conflate "all advertising" with "tracking." While there are people who are anti-ads in any way, this particular feature and issue concern tracking. I think by conflating the two you do a clever straw man (person?) attack against the easier to fight "anti all ads" crowd as opposed to the much stronger (in my biased opinion) anti all tracking crowd. * permalink * embed * save * report * reply [-]Zagrebian [score hidden] 48 minutes ago (0 children) Mozilla needs to learn how to talk with their users in a clear and reassuring way. * permalink * embed * save * report * reply [-]lo________________ol [score hidden] 1 hour ago (0 children) Every person who has condemned Mozilla's decision to inject extra advertisement code speaks on behalf of the people who use Firefox but don't know what Mozilla has done. This behavior is, in my opinion, shameful. Mozilla has forsaken its manifesto, it has chosen profits over people, and it has chosen ad corporations over its users. Not even Google Chrome snuck in a change like this without at least showing a notification to their users. Remember "Keep pesky trackers off your tail"? That was a Firefox pop-up from only 6 months ago. * permalink * embed * save * report * reply [-]midir ESR | Debian [score hidden] 1 hour ago (1 child) You can't just quietly opt people in to a system to collect data about their behavior and interests and send it to a third-party company. * permalink * embed * save * report * reply [-]beefjerk22 [score hidden] 50 minutes ago (0 children) It doesn't do any of that. * permalink * embed * save * parent * report * reply [-]HotTakes4HotCakes [score hidden] 48 minutes ago (0 children) We've been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we've hit the mark. Is this an ongoing collaboration? What happens if Meta backs out at some point? Because if the answers are 1) "yes" and 2) "it falls apart", then Meta now has leverage on you. Friendly relations with Meta worries more than anything else. That is a vampire at the door. * permalink * embed * save * report * reply [-]inszuszinak [score hidden] 42 minutes ago (1 child) Some context: $500,000,000 per year, ca. 90% of Mozilla's revenue comes from partnerships with adtech. Defaults matter. Don't assume consent by default. https://untested.sonnet.io/Defaults+Matter%2C+Don't+Assume+Consent (Speaking as someone who worked in adtech where a large part of my role was liaising with Mozilla on privacy. I got tired of this mess and left.) * permalink * embed * save * report * reply [-]unsponsoredgeek [score hidden] 21 minutes ago (0 children) Seconded. I'm resigned to playing this kind of default-settings Whack-A-Mole even with r/firefox. Blessed be the name(s) of r/uBlockOrigin and CanvasBlocker! * permalink * embed * save * parent * report * reply * about * blog * about * advertising * careers * help * site rules * Reddit help center * reddiquette * mod guidelines * contact us * apps & tools * Reddit for iPhone * Reddit for Android * mobile website * <3 * reddit premium Use of this site constitutes acceptance of our User Agreement and Privacy Policy. (c) 2024 reddit inc. All rights reserved. REDDIT and the ALIEN Logo are registered trademarks of reddit inc. [pixel] p Rendered by PID 51 on reddit-service-r2-loggedout-79555544d6-ltjqt at 2024-07-15 23:00:35.481124+00:00 running 5cb6aee country code: US.