this post was submitted on 05 Aug 2024
2060 points (97.9% liked)
Technology
59665 readers
2599 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This has been a long time in the making...hopefully Firefox will see a market share increase. Google is doing this right as they get slapped by an antitrust ruling ironically lol. If you haven't already just go ahead and switch, if you like Lemmy you'll probably like Firefox as well.
Side note: I try not to be negative here, but this would be a great time for Mozilla to get their act together as an organization. Love Firefox and the idea, but Mozilla has been pissing off the FOSS space for a while now with their decisions. If they've improved in recent years, disregard this.
The tricky part is that Google isn’t wrong about Manifest v3 increasing security for some people. Just allowing any extension to access the full URLs from a webpage is honestly pretty sketchy for most things that aren’t adblockers. Think about Beth in accounting who has 27 bloatware toolbar extensions installed on her home PC, which are happily collecting her full browser history and sending it off to gods know where. Manifest v3 is targeted at increasing security for those users, by making it more difficult for extensions to track you.
The issue is that it also makes ad blocking virtually impossible, because the blocker is forced to just trust that the browser is being truthful about what is and isn’t on the page. And when the browser (developed by one of the largest advertisers in the world) has a vested financial interest in displaying ads, there’s very little trust that the browser will actually be honest.
The issue is that there’s not some sort of “yes, I really want this extension to have full access” legacy workaround built in. Yes, it would inevitably be abused by those scummy extensions, which would just nag idiot users to allow them full access. And the idiot users, being idiots, would just do it without understanding the risks. Even if Chrome threw up all kinds of big red “hey make sure this extension actually needs full access and isn’t just tracking your shit” warning flags, there are still plenty of users who would happily give bloatware full access without reading any of the warnings. But it would also allow ad blockers to continue to function.
The single biggest security improvement you could make for Beth in accounting would be to install UBO. Where do you think she gets all those shitty toolbar extensions? That's right, from ads.
This is targeted at destroying adblockers because Google is, first and foremost, an ad serving company. That's their business model. It incidentally improves security for certain users in certain edge cases, because they need some kind of figleaf of legitimacy.
Ads and crappy installers, all though that seems less common than it used to be. I can't say if that's a general trend or tunnel vision due to me not installing crapware.
If it was about security then they should simply block Manifest v2 extensions from their store or at least start doing some actual verification of the extensions they host. Taking away freedom claiming it to be for security is almost always a lie.
Verify! But what will all the "Cändy Crunch 7 Browser Edition with 12 Free Play Levels" players do?
Can you share some examples of things that pisses off the FOSS space? Mostly just curious to understand more
Here's the most recent example:
It should be noted that the advertisers get zero personal information, neither does Mozilla, and it has been designed in a way so that the data is impossible to fingerprint in a way that can tie it back to any individual person, machine, or specific location.
It's a way for advertisers (and like it or not, a decent amount of the content we want has to be paid for somehow) to see how effective their ads are without anybody's privacy being encroached on.
Should it have been turned on without informing the user? Fuck no. But there's a lot of misinformation going around about this.
Personally I'll still be using uBO, because I despise any ads at all, but if we are to have ads, the system Mozilla has built is just about the most ethical and privacy-respecting way to do it.
Even if Mozilla takes precautions to avoid de-anonymizing our data, any private data sold to data brokers becomes a part of the puzzle for learning our identities
https://en.wikipedia.org/wiki/Data_re-identification
Even knowing something a trivial as two movie ratings led to a 68% success rate in learning an identity.
I suggest you actually look into how their system works. This kind of strategy is not possible with Mozilla's system.
In fact, your very link points to 'Differential Privacy' as a very effective foil to re-identification, and that's basically how the Mozilla system operates.
This is not a matter of Mozilla having a load of data about your account or IP, then Mozilla scrubbing that information then sending the database to advertisers.
I appreciate your informed response but no system other than advertising-abstinence is fool proof.
Im saying this as a supporter. My browser of choice is firefox and I send them money regularly. And I understand their need to generate more revenue. But there has never been a company who has sold customer data discretely. My understanding is that every piece of data that's sold can be de anonymized when combined with other data sets. And the data is horsetraded until it gets into some very marginal actors' hands.
Mozilla's need for money is largely driven by massive mismanagement. It should have been fully funded in perpetuity through establishing a foundation that operates off interest payments but they decided to try and build a headquarters in Mountainview. They also operate offices in some of the most expensive cities in the world. They have made expensive software aquisitions. These are not necessary and have only whetted mozilla's thirst for other revenue sources. It's guaranteed that they will look for more customer data to sell because that's the path of least resistance.
I wish them luck but I also wish they'd not chase advertising money.
As for the "no system is foolproof", you're thinking of implementations, not algorithms. An algorithm can indeed be something-proof. Most "known" algorithms are built on top of very strong mathematical foundations stating what is possible, what is not and what is a maybe.
As for the ads thing, Mozilla is not making a dime off this. It is not monetizable. They're basically expecting that by giving advertisers a fairly "benign" way to do their shenanigans they will stop doing things the way they currently do (with per-individual tracking).
The absolutists might say that there's no such thing as benign ads, however truth is that the market forces behind ads are big enough that you'd get website-integrity-bullshit rather ad-free web. Having tracking less ads is better than having a "this website only works in chrome" or "only without extensions" internet.
Is there any other possibility? Maybe. Is is reasonable to think that the moment tracking starts getting blocked em masse, we risk a web-integrity-bullshit +wherever-said-tracking-can-exist-only internet? I think so.
I think you're right and that I've horribly misunderstood how this data is collected and used. According to their yearly report, mozilla's advertising revenue is explicitly not drawn from user data and is only related to tiles and default search engine sponsorships. The fact that they are not selling this information is heartening and it inspires confidence that they have not flipped on the ad money spigot.
That’s a good thing
Getting trackers out of cookies is something users want