An update on Mozilla’s PPA experiment and how it protects user privacy while testing cutting edge technologies to improve the open web.
I will say it again: The way i read it, it sounds like the companies will get some general data if their ads work, without a profile about you being created. I am fine with that.
Just imagine what a boon it would be for the “normal“ less tech savvy, if advertisers switched to a more privacy respecting technology like this.
If more privacy focused people don’t like it, they can simply disable it by ticking one box, without negative consequences (unlike content blockers and similar techniques where a website can penalize you, turned off PPA is not detectable).
It has no downsides as far as I am concerned. It doesn’t give advertisers additional data that they wouldn’t already be able to get, it just creates the option of measuring their ads in a privacy respecting way.
Companies get extra data through Firefox, which now acts on behalf of the ad corporations.
But advertisers have better options, both for reach, or for privacy. They can simply do A/B testing on their own, without involving a third party…
Method: PPA Topics Using different links Corporate creator Facebook Google - Needs users to trust 3rd party? Yes (Mozilla) Yes (Google) No ~% browsers it works on <3% >60% 100% Guaranteed privacy increase? No No No* *If you trust the advertiser, they can do it on their own. If you don’t trust the advertiser, then the additional third party does nothing.
Companies get extra data through Firefox
You mean extra data compared to them using any other advertising model, like google advertising? Do you have a source for that?
Because that is what PPA has to be compared to, and not to no ad measurement at all. It‘s meant to be replacing other advertising measurement techniques.
The comparison chart looks like it‘s copied from somewhere, would you mind sharing? I wouldn‘t mind a deeper dive into the topic.
In particular, these claims never get accompanied by examples of what extra data these companies get through PPA. Presumably, because there is none.
You know what they say about people who assume, especially when it’s about a company that had to sneak their changes into the browser in a way that would make even Google executives blush.
…except when you assume that data gets leaked despite literally nobody having been able to point to anything that indicates that it’s happening?
It is Mozilla’s job to show us what data is shared. Mozilla failed on that front.
If you want to be the Mozilla evangelist, then show us all on Mozilla’s behalf exactly what data gets sent over, so that we can replicate it.
Here:
When a user interacts with an ad or advertiser, an event is logged in the browser in the form of a value. That value is then split into partial, indecipherable pieces and then encrypted. Each piece is addressed to a different entity — one to Divvi Up at ISRG and one to Mozilla — so that no single entity is ever in possession of both pieces. (…) As an additional protection, the pieces are submitted to Divvi Up and Mozilla using an Oblivious HTTP relay operated by a third organisation (Fastly). This ensures that Divvi Up and Mozilla do not even learn the IP address of the indecipherable piece they receive.
That is correct: why would any corporation choose to sideline their current advertisement model by creating an extra solution that doesn’t even tap 3% of the market, while abandoning the data collection they already have?
If you trust the advertisement company to provide private ads, they can do it without the browser working on their behalf.
And if you don’t trust the advertisement company, there’s nothing the browser can do to make their ads list privacy invasive… Besides blocking it.
The source to the table is me, but I can provide the article that inspired it.
The mere fact this technology exists gives legislators a tool in their toolbox. I could imagine a future where the EU mandates use of PPA in certain circumstances.
Or more importantly, forbids the use of privacy-invasive methods of measuring ad performance.
why would any corporation choose to sideline their current advertisement model by creating an extra solution that doesn’t even tap 3% of the market
In its current form, I concur, you might be correct. But:
The current implementation of PPA in Firefox is a prototype, designed to validate the concept and inform ongoing standards work at the World Wide Web Consortium (W3C).Source
So the point is to create a system that other browsers could adopt. The other thing that could drive this, is the GDPR compliance. PPA is compliant, while a lot of the other technologies aren’t, and businesses are feeling more pressure. There is a reason that Meta participated in parts of the development.
All I can say is: Dont let perfect be the enemy of good. This is so far only a test.
Edit: I found the time to look at your source article, I had actually read it before when it was posted a month back. I will comment on their views, some right, others which can be debated, and on other details were they are just wrong. In general privacyguides is a great resource but I find this particular opinion piece to be lacking.
Spoiler, because I it's a long comment already
First off, for a healthy debate I will define two things for me. Tracking = creating a profile, ad measurement = measuring the ads effectiveness. If an Ad can be measured without a profile about me being created, I don’t consider it tracking.
This “Privacy-Preserving Attribution” (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.
They assume that everyone uses a content blocker everywhere. Privacyguides and Mozilla have different target audiences. Privacyguides caters to people who are interested and have enough technical knowledge to try to prevent tracking. Mozilla is trying to cater to “normal”(in the sense of the majority) people who are not interested/ not knowledgable enough to do so. So there are two starting points. The “normal” who are already tracked by current advertising systems and privacy-focussed-people who try their best to prevent tracking. Privacy-focussed-people can just turn off PPA -> no more data gathered than before. But it is the “normal” people who have something to gain. If PPA replaces traditional ad tracking, less data and only anonymized data is gathered. The ads are measured, but users are not tracked. So it’s not a tool added but a tool improved to provide greater privacy.
Mozilla constantly fails to understand the basic concept of consent. Firefox developers seem to see their position as shepherds, herding the uninformed masses towards choices they interpret to be “good for them.” […] One Mozilla developer claimed that explaining PPA would be too challenging, so they had to opt users in by default.
While I agree, that the communications could have been handled better, Mozilla has a point. Firefox isn’t only meant for tech-enthusiast, but also for people who won’t take the time or aren’t able to grasp the concept of PPA without doing a lot of reading, and that’s the majority. So Firefox developers are absolutely right to make choices, that they deem right for users. And that PPA is a challenging concept is proven by the author not fully grasping it themselves, as I will point out later.
The way it works is that individual browsers report their behavior to a data aggregation server (operated by Mozilla), then that server reports the aggregated data to an advertiser’s server. The “advertising network” only receives aggregated data with differential privacy, but the aggregation server still knows the behavior of individual browsers! This is essentially a semantic trick Mozilla is trying to pull, by claiming the advertiser can’t infer the behavior of individual browsers by re-defining part of the advertising network to not be the advertiser. […]In this particular case, Mozilla and their partner behind this technology, the ISRG (responsible for Let’s Encrypt), could trivially collude to compromise your privacy.
The aggregation server is actually two different servers by two different parties (Mozilla and ISRG). Yes in theory they could collude and combine the data (they are transparent about that). But why would they, they are trying to create a system that’s better than before. I concur that trust has to be placed in them but you still have the option to turn it off and the alternatives is other ad tracking networks collecting the data with a profile about you being created.
Finally, there is no reason for this technology to exist in the first place, because tracking aggregate ad conversions like this can already be done by websites without cookies and without invading privacy, using basic web technology.
All an advertisement has to do is link to a unique URL
This is, were they are just plain wrong/dishonest. A Url would just be able to measure something if the add was clicked. PPA can measure ads that were seen but a purchase happened at a later time. This is what current tracking technology does but PPA can do it, without a profile about you being created, so a privacy gain.
Some people might say that Mozilla should just block ads outright to prevent any tracking. The problem is that the Internet is funded by ads. Mozilla themselves through their connection to Google is. Privacyguides is right to point out that there is a conflict of interest. But what Mozilla is trying to achieve is to prevent tracking (profile creation about you) and not ads. I am in favor of that. I like services to exist, because they fund themselves through ads, I just don’t want to be tracked.
Do you want to see Mozilla and Firefox die a hero, or do you want to see it live long enough to become the villain?
With the US ruling of Google being a monopoly, Mozilla is bound to lose a lot of their income if that’s the decision that comes to pass. I’m happy with the courts ruling Google as a monopoly (because they are), but it does mean Mozilla needs to try to make money some other way.
Here’s the complete list of ads I find acceptable:
That is for any and all media.
Genuine question, would you be willing to pay for all the content you consume using a “token” system where each page, video or other piece of media has a price to it, usually about a cent per article or 5c per video, is automatically debited from either an account loaded with real money or some sort of blockchain, at the discretion of the user? A token could be one cent.
There’d be an open API, and multiple brokers could handle that transaction for you, so there is no vendor lock-in. You could even be your own broker if you set up your own server that talks to the servers hosting any media you’d like to consume. It would get rid of online advertising, but you have to pay out of pocket for server costs and content creation costs.
Sounds like BAT token from Brave
Top up by buying it or watching ads somewhere else, and then spend on sites you see as important or flat to everyone who you visit and is connected to BAT ecosystem.
Mozilla had the opportunity to do this. Or to do something like this. GNU Taler is a thing.
Mozilla pulled a sneaky trick on his community: convincing us that context sensitive advertisement needs to be collected by the browser. It’s on the back of another trick: convincing people that they can only make money through ads.
A few months ago, Mozilla officially became an ad company, so any claim they make about privacy has a clear conflict of interest with their own monetary gain. By selling advertisements as a necessary evil, they can sell you the cure.
Yes.
There used to be a service where you set an amount you paid each month and you could then mark pages/services for donation. At the end of the month your money would be split between all the pages/services you marked.
It was called flattr.
The elegance of this system is that you can set aside an amount of money you’re comfortable spending on art, or whatever you wanna categorise it as. So you’re fully in control of your spending. If videos/songs/articles/things cost a flat amount it’s easy to lose track of the total.
Mozilla is really going for a “third time’s the charm” approach on collecting extra data, aren’t they.
First they silently started sucking up extra user data without consent and without warning, something not even Google attempted.
Then, they got caught, and took to Reddit to paternalistically explain why they knew better than the user, and why a consent dialog would be confusing.
And now, over a month after the initial reports come out, Mozilla triples down. What a stupid, stupid, stupid decision.
Advertisement is a business. It’s not charity and it’s not a publicly owned resource. It doesn’t keep the Internet free, because it makes a boat load of money doing what it does. It doesn’t take an expert understanding of economics to see that any belief that advertisement allows for a free Internet is smoke and mirrors. The money comes from somewhere, notably from you.
Either advertisement works, and you pay for your content by being psychologically manipulated into paying more than you otherwise would on things you don’t need, or it doesn’t, and businesses pay for ineffective advertisement, leading to increased prices.
Advertisement is not free. It’s a trick that looks free if you ignore the entire way it functions.
It’s just more communication about the same thing. Started out with just a mention in the release notes and a checkbox in the settings, which clearly wasn’t enough (hence your calling it “silently”), then a more elaborate response on Reddit, and now this more detailed blog post outside of Reddit’s walled garden. And I’m sure it’s not the last we’ll hear of it. (I’d be curious about the experiment’s results too, for example.)
Advertisement is not free. It’s a trick that looks free if you ignore the entire way it functions.
It doesn’t take an expert understanding of economics to see that any belief that advertisement allows for a free Internet is smoke and mirrors. The money comes from somewhere, notably from you.
I think thats kind of obvious that the money has to be coming from somewhere. The ads are what funds large parts of the internet. Someone is paying for it, either the people buying stuff because of the ads or the businesses buying the ads.
Whichever way it is, maybe both, it has the side effect of distributing the cost of the Internet. The alternative without ads would be everyone paying for every little thing on the internet, does anyone think, that that scenario is realistic? That would also mean the cost is solely on the people and nothing coming from corporations.
Maybe this should have been the initial announcement before they pushed it onto users. Though obviously some of the backlash is due to inept media going (as usual) for clickbait instead of research and actual reporting.
And website operators will be compelled to adopt this, how? They will likely just use PPA and also all of the tracking tools, or straight up not give a shit about PPA. Mozilla does not have the influence to affect real change. Until such a time, all of this is just worthless posturing.
Mozilla by itself doesn’t have the influence to change it, but with Mozilla’s help (i.e. this experiment), others do. Specifically, legislators can have more freedom to implement strict privacy-protecting measures if they have proof that an alternative is available that doesn’t cost lots of voters their jobs.
But you can’t provide that proof if you don’t run the experiment.
Wait, what solution are you proposing? That every browser becomes a centralized point of data collection for advertisement companies, and that the government mandates it?!
Google and Brave already want to do that, Mozilla is just stepping into the fray as a browser with less than 3% of a market share. There is nothing compelling to advertisers about a proprietary Mozilla solution.
No, of course not :) I am proposing that governments curb privacy-invasive tracking, i.e. that the only way advertisers will have left to measure the impact of their ads, is non-invasive methods like PPA.
Why would a Firefox fan endorse the state coming down on the side of a Facebook made proposal? I remember when Mozilla used to be about fighting big tech corporations, not empowering them through state-mandated monopolies.
Because the proposal itself is good? I am not tribal enough to reject world peace if Facebook proposes it.
I also don’t see how the proposal would lead to a Facebook monopoly.
If the Boeing Corporation started building “world peace” weapons silently into their commercial aircraft without telling anybody, I would question their commitment to world peace.
When Mozilla, an AdTech company, builds extra advertising data collection into Firefox, I question their commitment to privacy and not simply selling ads.
Firefox already blocks all trackers by default. I think Mozilla is trying to be the good guy by providing a more private option that’s available to people that don’t use Firefox. It seems pretty naive, but I think their heart is in the right place.
At the end of the day, this is just another setting to toggle off on a fresh install for those of us against all tracking and advertising on the web.
There’s also the bit where if it doesn’t work out no real harm is done (to users - there’s obviously reputation damage to Mozilla now): people who already block things by default are not affected at all, and no new information is shared about those who don’t. Whereas the upside if it does work out is enormous. In other words, low risk, high gain. Even with low odds, that’s a path worth exploring.
They sure do “improve” the “open” web by developing new tech that benefits advertisers.
Removed by mod
Here’s my takeaway on the article:
Blablablablablablabla (…) bla.
-> Deactivate it.
Good comment. Thanks for sharing that insightful information.
I would be more okay with this if Firefox did more to block the tracking techniques that advertisers are currently using. They block third party cookies and compartmentalize social media cookies which is fine but they do almost nothing to stop the more insidious tracking techniques like device fingerprinting.
Mozilla really wants to push me to Brave
What more do you think should be done to stop fingerprinting, and does that involve sacrificing usability?
(Also, “almost nothing” feels like a gross exaggeration? Just the Tor Uplift project brought in lots of measures, quite a few of which could even be enabled by default.)
Brave randomizes the output of fingerprinting techniques like canvas rendering, system fonts, installed devices, etc in a way that makes you look like a real, consistent user providing real data that still allows the site to work, while still changing the output from one session to the next enough that sites can’t tell you’re the same person.
Firefox claims to block all this but if you check their site they explain how it actually works:
Firefox protects users against fingerprinting by blocking all third-party requests to companies that are known to participate in fingerprinting
We’ve partnered with Disconnect to provide this protection. Disconnect maintains a list of companies that participate in cross-site tracking, as well a list as those that fingerprint users.
This does nothing to actually disguise you. It’s the equivalent of putting a paper bag over your head when you think there’s a security camera. You stand out because of the bag and you don’t know where all the cameras are so you’re still being tracked when you don’t know it.
I hate the idea of Brave because Chromium’s dominance will ruin the web but Firefox does not protect us.
That is a bit confusing, but the feature called “Fingerprint Protection” (i.e. blocking known fingerprinters) isn’t the only protection built in. I’m not motivated enough to find a full list right now, but it also includes e.g. limiting the information in the User Agent header. I did at least find a list of things that were worked on at some point by searching for “Tor uplift”, which is a good starting point if you’d like to find more: https://wiki.mozilla.org/Security/Fingerprinting
I’d also add that actually blocking requests to known fingerprinters does help. It’s more like camera’s getting disabled when you’re around: sure, from the point of view of the camera, it’s suspicious that it stopped working, but it can’t see you, so it doesn’t know who is standing out.