[HN Gopher] A word about private attribution in Firefox
___________________________________________________________________
A word about private attribution in Firefox
Author : ghostwords
Score : 38 points
Date : 2024-07-15 20:31 UTC (2 hours ago)
(HTM) web link (old.reddit.com)
(TXT) w3m dump (old.reddit.com)
| msla wrote:
| > The Internet has become a massive web of surveillance, and
| doing something about it is a primary reason many of us are at
| Mozilla.
|
| They could start by making their own surveillance opt-in.
| throwaway81523 wrote:
| More dissembling. Anonymous and private are not the same thing.
| Claude Shannon mathematically formalized what privacy is all the
| way back in 1949, and this isn't it. No matter how much Mozilla
| twists and squirms, they are deploying a system that converts
| your private activities into information that benefits your
| adversaries. A privacy preserving system doesn't do that. It
| gives nothing to your adversaries.
| metadat wrote:
| Yes, we're being asked to accept Mozilla giving up on thwarting
| the adversaries and instead transitioning to cooperating with
| them, "because the economic forces are too powerful" - which is
| a politically indirect way of saying "Because Mozilla want 'dat
| money, badly".
| striking wrote:
| You can't reference Claude Shannon and information theory and
| then say a system to serve ads that preserves privacy can't
| exist. It's especially ironic because they use a technique
| called Differential Privacy to prevent any actual bits of
| information from being leaked to advertisers:
| https://andrewmoore.ca/blog/post/mozilla-ppa/#user-content-f...
| / https://arxiv.org/pdf/2405.16719
| eulgro wrote:
| It's information still, maybe not targeted to the individual,
| but it allows still identifying trends which will eventually
| result in an ad I will (maybe) see. The advertiser wastes its
| time trying to show me an ad I will likely block, requiring
| filter managers to spend time blocking the ad and requiring
| me to spend time installing the extension. The total utility
| of the system is negative, even if just slightly. Sure there
| are cases where an ad could inform me of something useful I
| actually need, but this has basically never occurred to me,
| ever.
|
| From there we can devise that the best solution for society
| is a global ban on advertisement.
| striking wrote:
| I think the first order utility of the system is indeed
| negative. But the second order effect is to set a boundary
| with advertisers as to what is acceptable, which is
| positive.
|
| I don't think it actually allows advertisers to identify
| trends except in terms of conversion rates. Let me
| reproduce the paragraph I linked to:
|
| > Since the DAP server acts as a middleman, and reports are
| only generated at conversion times (impressions without
| conversions are not reported), ad networks have no way
| through this method of collecting your personal information
| (such as your user information or your IP address/browser
| client info). All they receive is an aggregate that informs
| them that their ad (published on source ) led number of
| people to a positive outcome for their customer over a
| period of time . Some amount of noise is also added to the
| information in order to further strengthen privacy[7].
|
| Impressions without conversions aren't reported, so the
| only trends seen are over conversions as grouped by
| websites. If that's all it takes for advertisers to stop
| fingerprinting us, I'm open to something along those lines.
| throwaway81523 wrote:
| Differential privacy just means the info isn't linked to
| individual users. It is still information. Statistical
| information is information. If it was useless to advertisers,
| they wouldn't be willing to pay for it. And if it is useful
| to the advertisers, then extracting it without user
| permission is invasive.
| striking wrote:
| Fine, but privacy is privacy. I'm no fan of advertisers
| either, but if you're going to invoke Shannon let's use the
| right terms and stay intellectually consistent.
| throwaway81523 wrote:
| Do you understand Shannon's definition? Have I made a
| mistake somewhere? Differential privacy as I understood
| it is a statistical notion. It gives the advertiser a
| noisy average of the behaviour of a large group but not
| about the individual users in the group. Mozilla pulls a
| switcheroo saying that the individual info is protected
| so everything is fine. In fact the statistical info is
| invasive too, and that's Shannon's notion. The system is
| private if the information gained by the adversary is
| exactly zero.
|
| Also, "advertiser" is way too benign a term: in
| cryptography we generally use "adversary". Consider that
| in this election season, the Trump and Biden political
| campaigns will be among the biggest advertisers. Mozilla
| will sell them information and they will use it.
| Question: will they only use it to solicit votes, or will
| they also use it to help round up their enemies if they
| get into power?
|
| And yes, they can use statistical information for that.
| The first thing they will want to know about any specific
| class of enemy is how many of them there are, before
| worrying about identifying individuals. So Mozilla
| shouldn't help them with either.
| striking wrote:
| Does Shannon actually have a concrete definition of
| "privacy"? Maybe you're confusing it with "perfect
| secrecy", which is a cryptographic measure I'm not sure
| applies here.
|
| > Mozilla will give them information and they will use
| it.
|
| Let's just get on the same page about what information
| the advertisers get. I'll reproduce the paragraph I
| linked to:
|
| > Since the DAP server acts as a middleman, and reports
| are only generated at conversion times (impressions
| without conversions are not reported), ad networks have
| no way through this method of collecting your personal
| information (such as your user information or your IP
| address/browser client info). All they receive is an
| aggregate that informs them that their ad y (published on
| source x) led number of people to a positive outcome for
| their customer over a period of time p. Some amount of
| noise is also added to the information in order to
| further strengthen privacy[7].
|
| I'm not aware of how you "round up your enemies" using
| conversion rate information on websites. It doesn't even
| tell you how many "specific class of enemy" there is,
| it's too muddled by the variable of the click rate of the
| audience.
|
| Not to mention that as state actors I'm sure they would
| have other, more useful and reliable methods of doing...
| whatever you're accusing them of doing.
| squigz wrote:
| > Question: will they only use it to solicit votes, or
| will they also use it to help round up their enemies if
| they get into power?
|
| What a pointless bit of FUD in an otherwise fairly
| rational comment.
| Tao3300 wrote:
| > You can't reference Claude Shannon and information theory
| and then say a system to serve ads that preserves privacy
| can't exist.
|
| They didn't say that. They said this isn't it.
| readthenotes1 wrote:
| That's a "peace in our time" speech if I ever read one.
|
| Is the cto related to Quisling, by any chance?
| metadat wrote:
| Minor pedantry: It's "Peace for our time"
|
| https://en.wikipedia.org/wiki/Peace_for_our_time
|
| _> It is often misquoted as "peace in our time", a phrase
| already familiar to the British public by its longstanding
| appearance in the Book of Common Prayer._
|
| I must admit, even after reading the WP article, I am not clear
| on how it applies to TFA reddit post.
| readthenotes1 wrote:
| I'm a major quibbler, so minor pedantry is appreciated!
| stefan_ wrote:
| It's an endless cycle of Mozilla buying some shitty company then
| forcing their shitty "technology" into Firefox. We must be on
| episode three or what of this nonsense now. "Leader"ship is
| rotten.
| perihelions wrote:
| But *what's in it for the user?*
|
| - _" in the absence of alternatives, there are enormous economic
| incentives for advertisers to try to bypass these
| countermeasures, leading to a perpetual arms race that we may not
| win"_
|
| It's in the user's interest to attempt to _appease_ the spammers?
| It 's in the user's interest to voluntarily hand over _some_
| personal, private information about themselves, to commercial
| stalkers, in hopes that-what- _satiates_ the data harvesters?
|
| Is this Mozilla's position?
| gjsman-1000 wrote:
| Well, they've been trying to fight the advertisers for, oh, 2
| decades now; and the advertisers have basically won every fight
| repeatedly. This is combined with Firefox market share
| declining to the point that if they do not at least somewhat
| placate the advertisers, the advertisers could simply block
| Firefox en-masse and survive. Time for a new strategy.
| roblabla wrote:
| > the advertisers could simply block Firefox en-masse and
| survive
|
| And why would firefox users care about advertisers blocking
| firefox? Oh noes, ads aren't showing up in my browser!
| squigz wrote:
| I think Firefox users would care if they suddenly couldn't
| access a large part of the Internet on Firefox.
| gjsman-1000 wrote:
| Believe me, the advertisers are probably watching the
| whole Manifest v3 rollout in Chrome very closely; and
| weighing the odds that, if they block Firefox, they'll be
| able to kill it off completely and have ads for everyone.
| Dalewyn wrote:
| Mozilla themselves siphon telemetry (eg:
| incoming.telemetry.mozilla.org), they're at best a faux
| defender of privacy.
|
| Seriously, they don't deserve peoples' support.
| squigz wrote:
| What's wrong with telemetry?
| bdjsiqoocwk wrote:
| Yes. They're just surrendering.
| gorgoiler wrote:
| I've started seeing adverts in theguardian.com again today, on
| iOS, where there weren't any before. I use Firefox Focus and
| noticed that my is at version 128, released a week ago. Is this
| purely a coincidence or am I seeing this because of a change in
| policy at Mozilla?
| roblabla wrote:
| Highly suggest trying orion browser on iOS. It supports
| webextensions, so you can install ublock origin.
| Tao3300 wrote:
| IIRC, iOS doesn't allow any browser that isn't a wrapper around
| Safari.
| paulryanrogers wrote:
| Unless you're in the EU
| christophilus wrote:
| 3 cheers for serenity browser.
| Tao3300 wrote:
| Ladybug? Yeah, it seems like a long shot, but we need it.
| Hnrobert42 wrote:
| It seems like a lot of folks are pretty upset about this.
|
| I go to great lengths to avoid advertising. I've even routed mail
| to my post office's general delivery rather than give away my
| address.
|
| But I am also practical. The CEO makes a fair point that ads
| aren't going away. This wouldn't work as an opt-in.
|
| The big miss here was messaging. The CEO has got to know most FF
| users use FF to for privacy. If they wanna make it an opt out,
| fine. But then people have to know there is something to out of.
| Then again, maybe this was in the release notes and on the blog.
| lolinder wrote:
| > Then again, maybe this was in the release notes and on the
| blog.
|
| It belonged in the big tab they popped up when 128 was
| installed. If that's not for informing users about major new
| features they really should know about, what _is_ it for?
| segphault wrote:
| I don't find this persuasive at all. Mozilla wants to frame
| itself as the browser vendor that cares about privacy, but there
| are now popular independent browsers like Vivaldi and Orion that
| go much further than Firefox to protect user privacy, shipping
| tightly-integrated and fully-featured adblocking out of the box.
| Firefox on iOS still doesn't natively support adblocking, they
| weirdly segmented that capability out into a separate "Firefox
| Focus" product.
|
| Mozilla becoming an advertising company unquestionably warps
| their incentives and brings them out of alignment with the end
| user. Tracking-based internet advertising is inherently
| adversarial and there's no silver bullet or technical approach
| that magically makes it less so. The fact that their chief
| partner for this is Meta is deeply disqualifying, given Meta's
| track record (e.g. Onavo scandal, among a multitude of other
| things).
|
| There's a ton of real-world value in having Firefox, with a non-
| Chromium rendering engine, remain relevant in the market. But if
| Mozilla wants to retain any marketshare at all, they are going to
| have to compete with other independent browser vendors on UX and
| privacy. Becoming an advertising company is not the way.
| paulryanrogers wrote:
| Vivaldi is based on Chromium and Orion is at least based on
| WebKit. So not significantly independent IMO.
| dmart wrote:
| No matter how you try to spin this, I don't think you can call
| your browser a "user agent" if it's implementing features that
| exclusively benefit advertising companies.
|
| If it were feasible to write one's own web browser for personal
| use, no one would add this feature out of kindness to
| advertisers.
| curt15 wrote:
| Will they try to nerf UBlock Origin next lik what Chrome is about
| to do in the name of "privacy"?
| kccqzy wrote:
| Honestly I am pretty convinced by this post. Good job Mozilla.
|
| > Digital advertising is not going away, but the surveillance
| parts could actually go away if we get it right.
|
| This rings especially true to me. A lot of people, especially HN
| readers and myself included, hate advertising so much that we
| want to block ads altogether. But clearly we are still in the
| minority and we have to accept its existence. I think Mozilla's
| position here is clear: digital ads are evil but it's a necessary
| evil, so the best we can do is to limit how evil it could be.
| MenhirMike wrote:
| Our Browser options are currently all tied to one of the big
| AdTech companies:
|
| * Safari is owned by Apple
|
| * Edge is owned by Microsoft
|
| * Chrome is owned by Google
|
| * Firefox is partnered with Facebook/Meta
|
| I guess technically there's Opera (owned by Chinese company
| Kunlun) and Brave (known for inserting affiliate links into
| stuff), which aren't any better.
|
| In the future there might be Ladybird (where we'll have to see if
| Shopify wants something in return for their >=$100,000
| investment), though that's pretty far off.
|
| I know that maintaining a browser is a massive amount of work,
| but man, things are bleak. I guess that an OSS fork like
| Librewolf or Chromium is the best option these days.
| ineptech wrote:
| I clicked on this with a rebuttal already half-written in my
| head, but (after skimming the CTO's post and then reading the
| detailed explanation of PPA[0]) I'll admit that I jumped the gun
| on assuming that PPA was just the latest name for storing an ad
| id. The idea behind it (that you have to give the advertisers an
| anonymous way to measure conversions to have a shot at getting
| them to give up tying your traffic back to your identity) is
| reasonable, and the implementation doesn't look crazy.
|
| There's details I don't understand yet and I'd like to see
| someone smarter than me critique the details, but for now I'll
| put my money where my mouth is by going in to Settings and re-
| enabling it.
|
| 0: https://github.com/mozilla/explainers/tree/main/ppa-
| experime...
___________________________________________________________________
(page generated 2024-07-15 23:00 UTC)