Ad-tech setting 'Privacy-Preserving Attribution' is opt-out in Firefox 128

Right, so there is a genuine moral case for Mozilla doing this. It depends why you hate ads:

A: the main problem with ads is tracking and privacy invasion

B: the main problem with ads is manipulation and seizure of my attention

If you only care about A, you might like this approach, as in principle if it works and becomes standard, then the pressure from the ad industry to track everything will be easier to resist, as 1) they will have less incentive, and 2) the argument that tracking is essential is undermined, so it may be possible eventually to ban it.

Of course, that assumes that you trust that this is better for your privacy than tracking. After all, it does feel a bit like tracking... If it's done properly then your individual data is not sprayed to a thousand dodgy ad brokers, but only to one company who tells advertisers not about you personally, but just whether their ad is working.

The question is, does it work? Are they doing it properly? Do they have the correct incentives to keep doing it properly in the long term? Can advertisers just undermine it by giving everyone's ads a different ID? Also, your threat model may include that this aggregator company is hacked, or that the government secretly forces it to share the data with them.

Nevertheless, I think that Mozilla probably genuinely think this is better for privacy. And there is a case that there is.

A big issue however its that at present the constituency for Firefox includes people who care about B. This doesn't undermine that directly, but it does mean that Mozilla have an incentive not to care about it.

In a few years, when Ladybird is stable and largely feature complete, Mozilla will act incredibly confused as to why they are losing market share.

https://ladybird.org/

It is an attempt to replace more invasive tracking techniques. The AdTech industry is unlikely to give up on knowing which ads were "successful". A privacy-friendly solution developed by Firefox is miles better than something invented by Google, the AdTech company masquerading as a browser vendor.

> But, and I swear I'm not even joking a little bit here, Mozilla goes on to say that advertisers might be happier if Firefox itself just tracked you directly and sent activity reports back to them.

Could this advertiser be Google who also pays their salary?

I'd love a detailed description of the politics and economics of adding this.

Why are Firefox doing it, how does it relate to similar features in other browsers? If it leads to direct revenue, how? If there are relationship reasons for doing it, what are the forces at play?

Just the actual background, not opinions on whether it is good or bad before understanding that background.

That is very disappointing, indeed. "[A]nnounced with very little fanfare" is an understatement. It is mentioned as an afterthought on the page with new features, without the screen-shots that are shown for the other configurable features, and couched in soothing language: they call it "privacy preserving". It's almost “But Mr Dent, the plans have been available in the local planning office for the last nine months.” (https://www.planetclaire.tv/quotes/hitchhikers/the-hitchhike...)

You do this when you want to hide something. This does not inspire trust.

Edit: instead, if they believe this to be a way out of the ongoing data thievery that is the ad industry, they could have announced this openly and boldly. "You want privacy, they want ads, here's a middle-ground." It could have been scrutinized by members of the community beforehand. Now, it'll just tarnish the reputation of Firefox and go down with it.

The gist of it seems to be that Mozilla and ISRG now proxy the tracking data and give aggregated reports to advertisers. And that they handle the data in a way so that neither Mozilla nor ISRG alone can access the unaggregated data.

From reading around their documents ...

    https://blog.mozilla.org/en/mozilla/privacy-preserving-attribution-for-advertising/
    https://github.com/mozilla/explainers/tree/main/ppa-experiment
    https://datatracker.ietf.org/doc/draft-ietf-ppm-dap/

... it sounds a bit like they route the data through something like an onion network. So nodes in the network do not know what data they are routing and the advertisers get aggregated data without knowing who the users were:

    ... our DAP service, which is a Multiparty
    Compute (MPC) system based on Prio ...

And the "Multiparty" seems to be these two:

    Our DAP deployment is jointly run by
    Mozilla and ISRG. Privacy is lost if
    the two organizations collude

I think this is actually an interesting approach. I don't know whether two parties are enough and whether the specific algorithm used is good. But if it works as advertised (haha), it would result in measuring ad effectiveness without compromising user privacy. Which might be a good thing.

I don't negotiate with advertisers, the most privacy-respecting option is to block/starve them.

Disappointing behaviour by Mozilla, but not hugely surprising.

It's also rather suspicious that the setting to disable this seems to be somewhat hidden. If I go to settings and search for "advertising" then I get:

> Sorry! There are no results in Settings for "advertising".

But if I browse to it manually in then the setting is there, in the section named "Website Advertising Preferences". And the search definitely includes section titles, because if I search for "collection" then it shows that section of the Privacy & Security settings, with a highlight on the text on the title.

They think they can make money by pushing this and owning (parts of) the infrastructure to transfer the reports of PPA.

Not long and we'll see the same game as Chrome + ad blockers.

Confirmed the new setting was on for me. Mozilla is really starting to test my patience. Do I have to check the settings every time I update my browser now?

Wasn't the a HN post a couple of weeks ago claiming that mozilla was now an advertising company?

It seems almost that mozilla's leadership is intentionally trying to ruin it.

Consent is opt in, yes means yes

Dismantle systems of online surveillance.

Limit online advertising to contextual ads, and to the same attribution methods advertisers have access to with traditional (TV, print and billboard) ads.

Is your browser a user agent or an advertiser agent?

Tangential: How do some sites manage to open other sites in new tabs without confirmation in 2024? Popups need explicit confirmation since 200x??

You are the product. Firefox is not the exception. Unless they wholly operate on donations from users, then the users are the product.

This is how users are turned into products.

Once again, I have to stick my ore in here and chill for LibreWolf :D I think it might really be worth checking out for people like me that prefer the user interface and functionality of Firefox over chromium and don't want to contribute to the blink engine monopoly, but also often doesn't approve of what Mozilla is doing upstream and wants someone to shield them from it. It's my daily drive for browser for basically everything, and 99% of the time, even on stuff that you would think wouldn't work, it works just fine. I keep chromium in my back pocket just in case, but I've only had to pull chromium out like twice in the past year, once for something that required the USB-HID protocol and once for iCloud.

And yes, for those of you on distributions, you might say that your distribution maintainers will just patch out or customize out, and the nefarious changes that Mozilla makes upstream. But the thing you have to remember is that distribution maintainers are handling, by a whole lot of other things, tens of thousands of other packages, and an entire operating system, and its upkeep, go through them. So they will often just not patch out or patch things out inconsistently or not really pay attention. I think it's much better to rely on a project whose whole purpose and explicit mission is making Mozilla more privacy-friendly and secure and who have a dedicated community of a few developers consistently working on it. Especially since distribution maintainers don't really make any specific mission statement promises with regards to specific packages, but something like LW does. It does a lot more than just this one thing. It's essentially equivalent to having a arkenfox config maintained for you and always applied to your browser and updated in lockstep with your browser, as well as a set of patches that they maintain to remove things like Pocket.

I assume Waterfox (http://waterfox.net) won't adopt this garbage feature.

Is this illegal in GDPR countries (EU + Norway + ...) or am I reading GDPR wrong?

"If informed consent is used as the lawful basis for processing, consent must have been explicit for data collected and each purpose data is used for"

https://en.wikipedia.org/wiki/Gdpr

Better to use more privacy friendly LibreWolf, fork of Firefox.

Does anybody know whether this also applies to firefox android?

Then she suggests Google Chrome.

Just switch to Librewolf.

Has anyone here been the victim of this and can look up what IP addresses and domain names need to be added to blocklists?

This is FLoC-style adtech, right? Really scummy of them to make it opt-out.

Not taking sides here, but does anyone actually think that people will use strictly opt-in features at all? They went to the trouble to develop it so if you were them, why should it be so hidden as to have barely any users?

I feel the same way about debugging telemetry... it's so valuable for developers and yet people want to see you hang if it's not (at best) a manual opt-in, but they don't care that it won't be used by anyone in that case.

I really don't see anything wrong with this, personally. It's a limited test with a small number of websites involved. Only aggregate data is received, so all they'll know is something like "x number of people saw this ad and y number of people clicked on it"; no other information about those users. Seems very innocuous to me.

As to it being opt out instead of opt in: consider the fact that only a small number of websites are involved in the experiment; if it was opt in then it seems quite likely that there could potentially be no intersection between users who opt in and users who visit those specific websites, rendering the entire experiment pointless.

[Edit: fixed spelling error]