this post was submitted on 13 Jul 2024

346 points (100.0% liked)

Privacy

787 readers

20 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

346

Firefox added ad tracking and has already turned it on without asking you (mastodon.social)

submitted 2 months ago by azdle@news.idlestate.org to c/privacy@lemmy.ml

79 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] unskilled5117@feddit.org 82 points 2 months ago* (last edited 2 months ago) (19 children)

I haven’t looked into the technicals much further than the support page.

The way i read it, it sounds like the companies will get some general data if their ads work without a profile about you being created. I would be fine with that. What I don’t like is the lack of communication to users about it being enabled.

PPA does not involve websites tracking you. Instead, your browser is in control. This means strong privacy safeguards, including the option to not participate.

Privacy-preserving attribution works as follows:

Websites that show you ads can ask Firefox to remember these ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad, including a destination website.

If you visit the destination website and do something that the website considers to be important enough to count (a “conversion”), that website can ask Firefox to generate a report. The destination website specifies what ads it is interested in.

Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.

Your results are combined with many similar reports by the aggregation service. The destination website periodically receives a summary of the reports. The summary includes noise that provides differential privacy.

This approach has a lot of advantages over legacy attribution methods, which involve many companies learning a lot about what you do online.

PPA does not involve sending information about your browsing activities to anyone. This includes Mozilla and our DAP partner (ISRG). Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising.

This all gets very technical, but we have additional reading for anyone interested in the details about how this works, like our announcement from February 2022 and this technical explainer.

[–] verdigris@lemmy.ml 12 points 2 months ago (6 children)

Given that it collects no additional user data, and the API in question is a new standard that will require sites to opt in, I think making it an opt-out is sensible. I guess they could make a popup about it, but I really think this concern is baseless FUD from people who haven't read the details.

[–] sanpo@sopuli.xyz 16 points 2 months ago (1 children)

I think making it an opt-out is sensible

Why? I'm not in the business of making ad companies' jobs easier.

[–] ahal@lemmy.ca 9 points 2 months ago

Let's be real, there's no way PPA is going to be as valuable as the data that can be gathered by state of the art ad tech. So the ad companies that adopt this will be making a compromise to do so. How is this tech making their lives easier?

Also they have no incentive to develop this tech, so why would they? It's not like Mozilla is doing work for them that they would have done anyway. If anything they're probably worried that the tech will take off and then legislation will follow to force them to use it.

[–] unskilled5117@feddit.org 3 points 2 months ago* (last edited 2 months ago)

I personally am fine with making it opt-out, but I think it should be handled differently. This technology requires users trust, to have any chance of being successful. Enabling it without informing the user is not the way to gain it.

I would have put a little pop up explaining that they are trying to create a privacy preserving technology to measure ads with the goal of replacing privacy invasive technology. If the user doesn’t like it, it can be disabled in the settings afterwards.

load more comments (4 replies)

[–] MonkderDritte@feddit.de 4 points 2 months ago

including the option to not participate.

Which is useless if you're not informed about it.

[–] umami_wasbi@lemmy.ml 4 points 2 months ago (1 children)

It looks it it would be fun to mock the report generation API, and returns tons of garbage data (possibly negative numbers).

load more comments (1 replies)

load more comments (16 replies)

[–] lemmyreader@lemmy.ml 46 points 2 months ago (3 children)

Here's a take by a Mozilla employee :

Mozilla has been ad funded since 2005
Browser development is not sustainable by just donations
Transparency is most important

https://fosstodon.org/@gabrielesvelto/112779506156690032

[–] kbal@fedia.io 44 points 2 months ago* (last edited 2 months ago)

Mozilla has been ad funded since 2005

It was funded through a deal with an ad company. It did not become an ad company itself until much more recently. jwz had a succinct and memorable response to the the absurd idea that really it's been ad-funded all along and that this makes things okay:

You are just another of those so-predictable people saying, "The animal shelter has always had a kitten-meat deli, why are you surprised?"

Yes, Mozilla started making absolutely horrific funding and management decisions many years ago. Today, they have taken this subtext and turned it into the actual text.

[–] jol@discuss.tchncs.de 5 points 2 months ago (13 children)

Firefox has never tried to run on donations though.

load more comments (13 replies)

load more comments (1 replies)

[–] mtchristo@lemm.ee 38 points 2 months ago (1 children)

Oh shit. Now that I have checked, it was turned on by default on mine too.

What's wrong with you mozilla ?? Firefox was supposed to be the alternative

load more comments (1 replies)

[–] jabathekek@sopuli.xyz 30 points 2 months ago* (last edited 2 months ago) (2 children)

Here's the page about it:

https://support.mozilla.org/en-US/kb/privacy-preserving-attribution

Read that instead of someones rant about it, which imo seems a bit obtuse.

[–] Junkernaught@lemmy.dbzer0.com 11 points 2 months ago (1 children)

This sounds fine, I've no problem emitting telemetry as long as it is 100% anonymous and can't be traced to individuals

[–] jabathekek@sopuli.xyz 9 points 2 months ago

Same, although I have lingering paranoia that any data recorded by this might be traced back to me by making inferences when combined with other data; however, unlike the OOP, I will say I don't really know what I'm talking about.

[–] smpl@discuss.tchncs.de 8 points 2 months ago (1 children)

Did you ironically preserve the utm_source parameter?

[–] jabathekek@sopuli.xyz 6 points 2 months ago

No lol, I just didn't notice and also didn't expect it to be there. :|

[–] Jolteon@lemmy.zip 27 points 2 months ago

I mean, it doesn't look like it's personally identifiable at all, just aggregate.

[–] possiblylinux127@lemmy.zip 24 points 2 months ago (3 children)

Noice

I guess librewolf is the future

load more comments (3 replies)

[–] OR3X@lemm.ee 24 points 2 months ago (2 children)

Here's the information about it. It's anonymous and It can be turned off https://support.mozilla.org/en-US/kb/privacy-preserving-attribution?as=u&utm_source=inproduct

[–] possiblylinux127@lemmy.zip 7 points 2 months ago* (last edited 2 months ago) (1 children)

That somehow makes it better?

Edit typo

[–] kersplomp@programming.dev 10 points 2 months ago (1 children)

Yes. The problem with cookies was that they could be used to track and identify you. If this can't do that, then what's the issue?

[–] Lifter@discuss.tchncs.de 10 points 2 months ago* (last edited 2 months ago) (1 children)

Most data can be de-anonymized with some clever tricks. I don't know about Mozilla but the others definitely try to keep it just anonymous enough to later be correlated with the rest of your profile.

Edit: typos

[–] tuhriel@infosec.pub 7 points 2 months ago

Also, it might be annonymized for this dataset, by adding more 'annonymized' datasets stuff can be correlated

load more comments (1 replies)

[–] JohnOliver@feddit.dk 20 points 2 months ago (10 children)

WTF... i thought this was just click bait but went to check on my phone as i am not at my PC right now

[–] MonkderDritte@feddit.de 5 points 2 months ago

I'm using Mull.

[–] Swarfega@lemm.ee 4 points 2 months ago

Just checked mine and it's all disabled

load more comments (8 replies)

[–] wuphysics87@lemmy.ml 16 points 2 months ago (1 children)

Is it tracking you or tracking ads? If it was the latter and it is made public, that is information I'm sure we would all be interested in

[–] OminousOrange@lemmy.ca 4 points 2 months ago

Seems to be the latter.

[–] ExtremeDullard@lemmy.sdf.org 12 points 2 months ago

This almost sounds like a hoax. But assuming it's true... Install LibreWolf. It's Firefox without the infuriating Mozilla stupid.

[–] sunzu@kbin.run 9 points 2 months ago (3 children)

Is google corrupting Mozilla?

load more comments (3 replies)

[–] vhstape@lemmy.sdf.org 9 points 2 months ago (1 children)

Literally every browser has this option, and it gives users a choice. If you use an ad blocker, it has this option as well and has had it for several years now.

[–] ReversalHatchery 3 points 2 months ago

Not this option, but generally I agree. Currently I don't think this is bad, and in the longer term we will see if this leaks any identifyable data.

[–] hellfire103@lemmy.ca 8 points 2 months ago

Frightened Hamster.jpeg

[–] sudo@lemmy.today 6 points 2 months ago

There are people that use Firefox who also get served ads?

[–] EmperorHenry@discuss.tchncs.de 5 points 2 months ago

Librewolf

[–] GravitySpoiled@lemmy.ml 4 points 2 months ago

In which version is this?

load more comments