An update on Mozilla’s PPA experiment and how it protects user privacy while testing cutting edge technologies to improve the open web.

  • unskilled5117
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    3 months ago

    why would any corporation choose to sideline their current advertisement model by creating an extra solution that doesn’t even tap 3% of the market

    In its current form, I concur, you might be correct. But:

    The current implementation of PPA in Firefox is a prototype, designed to validate the concept and inform ongoing standards work at the World Wide Web Consortium (W3C).Source

    So the point is to create a system that other browsers could adopt. The other thing that could drive this, is the GDPR compliance. PPA is compliant, while a lot of the other technologies aren’t, and businesses are feeling more pressure. There is a reason that Meta participated in parts of the development.

    All I can say is: Dont let perfect be the enemy of good. This is so far only a test.

    Edit: I found the time to look at your source article, I had actually read it before when it was posted a month back. I will comment on their views, some right, others which can be debated, and on other details were they are just wrong. In general privacyguides is a great resource but I find this particular opinion piece to be lacking.

    Spoiler, because I it's a long comment already

    First off, for a healthy debate I will define two things for me. Tracking = creating a profile, ad measurement = measuring the ads effectiveness. If an Ad can be measured without a profile about me being created, I don’t consider it tracking.

    This “Privacy-Preserving Attribution” (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.

    They assume that everyone uses a content blocker everywhere. Privacyguides and Mozilla have different target audiences. Privacyguides caters to people who are interested and have enough technical knowledge to try to prevent tracking. Mozilla is trying to cater to “normal”(in the sense of the majority) people who are not interested/ not knowledgable enough to do so. So there are two starting points. The “normal” who are already tracked by current advertising systems and privacy-focussed-people who try their best to prevent tracking. Privacy-focussed-people can just turn off PPA -> no more data gathered than before. But it is the “normal” people who have something to gain. If PPA replaces traditional ad tracking, less data and only anonymized data is gathered. The ads are measured, but users are not tracked. So it’s not a tool added but a tool improved to provide greater privacy.

    Mozilla constantly fails to understand the basic concept of consent. Firefox developers seem to see their position as shepherds, herding the uninformed masses towards choices they interpret to be “good for them.” […] One Mozilla developer claimed that explaining PPA would be too challenging, so they had to opt users in by default.

    While I agree, that the communications could have been handled better, Mozilla has a point. Firefox isn’t only meant for tech-enthusiast, but also for people who won’t take the time or aren’t able to grasp the concept of PPA without doing a lot of reading, and that’s the majority. So Firefox developers are absolutely right to make choices, that they deem right for users. And that PPA is a challenging concept is proven by the author not fully grasping it themselves, as I will point out later.

    The way it works is that individual browsers report their behavior to a data aggregation server (operated by Mozilla), then that server reports the aggregated data to an advertiser’s server. The “advertising network” only receives aggregated data with differential privacy, but the aggregation server still knows the behavior of individual browsers! This is essentially a semantic trick Mozilla is trying to pull, by claiming the advertiser can’t infer the behavior of individual browsers by re-defining part of the advertising network to not be the advertiser. […]In this particular case, Mozilla and their partner behind this technology, the ISRG (responsible for Let’s Encrypt), could trivially collude to compromise your privacy.

    The aggregation server is actually two different servers by two different parties (Mozilla and ISRG). Yes in theory they could collude and combine the data (they are transparent about that). But why would they, they are trying to create a system that’s better than before. I concur that trust has to be placed in them but you still have the option to turn it off and the alternatives is other ad tracking networks collecting the data with a profile about you being created.

    Finally, there is no reason for this technology to exist in the first place, because tracking aggregate ad conversions like this can already be done by websites without cookies and without invading privacy, using basic web technology.

    All an advertisement has to do is link to a unique URL

    This is, were they are just plain wrong/dishonest. A Url would just be able to measure something if the add was clicked. PPA can measure ads that were seen but a purchase happened at a later time. This is what current tracking technology does but PPA can do it, without a profile about you being created, so a privacy gain.

    Some people might say that Mozilla should just block ads outright to prevent any tracking. The problem is that the Internet is funded by ads. Mozilla themselves through their connection to Google is. Privacyguides is right to point out that there is a conflict of interest. But what Mozilla is trying to achieve is to prevent tracking (profile creation about you) and not ads. I am in favor of that. I like services to exist, because they fund themselves through ads, I just don’t want to be tracked.