this post was submitted on 13 Jul 2024
506 points (87.4% liked)

Privacy

31847 readers
188 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 138 points 3 months ago* (last edited 3 months ago) (6 children)

I haven’t looked into the technicals much further than the support page.

The way i read it, it sounds like the companies will get some general data if their ads work without a profile about you being created. I would be fine with that. What I don’t like is the lack of communication to users about it being enabled.

PPA does not involve websites tracking you. Instead, your browser is in control. This means strong privacy safeguards, including the option to not participate.

Privacy-preserving attribution works as follows:

  1. Websites that show you ads can ask Firefox to remember these ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad, including a destination website.
  2. If you visit the destination website and do something that the website considers to be important enough to count (a “conversion”), that website can ask Firefox to generate a report. The destination website specifies what ads it is interested in.
  3. Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.
  4. Your results are combined with many similar reports by the aggregation service. The destination website periodically receives a summary of the reports. The summary includes noise that provides differential privacy.

This approach has a lot of advantages over legacy attribution methods, which involve many companies learning a lot about what you do online.

PPA does not involve sending information about your browsing activities to anyone. This includes Mozilla and our DAP partner (ISRG). Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising.

This all gets very technical, but we have additional reading for anyone interested in the details about how this works, like our announcement from February 2022 and this technical explainer.

[–] [email protected] 40 points 3 months ago (2 children)

My question is why Mozilla is trying to help advertisers at all instead of telling them to fuck off.

[–] [email protected] 109 points 3 months ago* (last edited 3 months ago) (2 children)

Telling advertisers to fuck off works if your goal is to create a niche product tailored to people who care deeply about privacy already. But Mozilla is very much all about trying to make things better for everyone on the internet, regardless about their opinions (or lack thereof) on privacy and ads.

Mozilla has recognised that advertising isn't going anywhere, so there's two options:

  1. Reject ads wholesale and become irrelevant.
  2. Push for a better alternative that can improve privacy while still keeping the engine that drives the internet intact.

What other major player would ever push for privacy preserving attribution? Hint: no one. While I get that many people here want 0 ads (myself included), PPA is a great step in the right direction, and could have a huge positive impact if it's shown to work and other companies start adopting it.

And guess what? You can still turn it off, or use adblockers. Unlike Chrome, Firefox won't restrict you in that regard.

[–] [email protected] 17 points 3 months ago

They are one of them. June 2024: Mozilla has acquired Anonym, [...]. This strategic acquisition enables Mozilla [...] deliver effective advertising solutions.

https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-the-bar-for-privacy-preserving-digital-advertising/

[–] [email protected] 39 points 3 months ago (1 children)

Thank you for a thoughtful post with citations and quotes. After reading the whole page by Mozilla, it seems like they're taking steps to show advertisers how they can get what they want while preserving people's privacy. I can live with that. They're trying to build a win-win scenario.

I'll still block ads. I'll still reject cookies, but I feel like it's a reasonable feature THAT I CAN SHUT OFF. I'm still in control of my browser! Great!

[–] [email protected] 5 points 3 months ago

Agreed, just frustrating to find out about this here and not an obvious pop up alert somewhere

[–] [email protected] 23 points 3 months ago (1 children)

It appears in the release notes, though. Previously you would have been tracked. Now they try to anonymously return data to the tracker. So I do not see a reason to uncheck that flag.

Admittedly I am interpreting this feature from my gut. And you provide the sources I would have asked for. Appreciated.

[–] [email protected] 3 points 3 months ago

The vast majority of people do not read release notes or even know they exist.

There is nothing positive about what has been done here.

[–] [email protected] 7 points 3 months ago (1 children)

It looks it it would be fun to mock the report generation API, and returns tons of garbage data (possibly negative numbers).

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago)

At that point why not just mock google's various data mining services' APIs?

[–] [email protected] 6 points 3 months ago

including the option to not participate.

Which is useless if you're not informed about it.

[–] [email protected] 3 points 3 months ago (5 children)

Given that it collects no additional user data, and the API in question is a new standard that will require sites to opt in, I think making it an opt-out is sensible. I guess they could make a popup about it, but I really think this concern is baseless FUD from people who haven't read the details.

[–] [email protected] 28 points 3 months ago (1 children)

I think making it an opt-out is sensible

Why? I'm not in the business of making ad companies' jobs easier.

[–] [email protected] 7 points 3 months ago

Let's be real, there's no way PPA is going to be as valuable as the data that can be gathered by state of the art ad tech. So the ad companies that adopt this will be making a compromise to do so. How is this tech making their lives easier?

Also they have no incentive to develop this tech, so why would they? It's not like Mozilla is doing work for them that they would have done anyway. If anything they're probably worried that the tech will take off and then legislation will follow to force them to use it.

[–] [email protected] 4 points 3 months ago* (last edited 3 months ago)

I personally am fine with making it opt-out, but I think it should be handled differently. This technology requires users trust, to have any chance of being successful. Enabling it without informing the user is not the way to gain it.

I would have put a little pop up explaining that they are trying to create a privacy preserving technology to measure ads with the goal of replacing privacy invasive technology. If the user doesn’t like it, it can be disabled in the settings afterwards.

[–] [email protected] 2 points 3 months ago

I agree with this. I understand that the majority of users also don't read release notes and some don't even install add-ons, with this being enabled by default this would provide them with a more anonymous ad experience.

[–] [email protected] 2 points 3 months ago (1 children)

I think making it an opt-out is sensible

The GDPR does not think so, does it?

[–] [email protected] 2 points 3 months ago

No, I'm pretty sure this doesn't trip GDPR because it's not collecting any additional personal data.