this post was submitted on 22 Aug 2024
41 points (86.0% liked)

Firefox

17929 readers
27 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

An update on Mozilla's PPA experiment and how it protects user privacy while testing cutting edge technologies to improve the open web.

you are viewing a single comment's thread
view the rest of the comments
[–] LWD@lemm.ee 5 points 3 months ago (12 children)

Companies get extra data through Firefox, which now acts on behalf of the ad corporations.

But advertisers have better options, both for reach, or for privacy. They can simply do A/B testing on their own, without involving a third party...

Method: PPA Topics Using different links
Corporate creator Facebook Google -
Needs users to trust 3rd party? Yes (Mozilla) Yes (Google) No
~% browsers it works on <3% >60% 100%
Guaranteed privacy increase? No No No*

*If you trust the advertiser, they can do it on their own. If you don't trust the advertiser, then the additional third party does nothing.

[–] unskilled5117 8 points 3 months ago* (last edited 3 months ago) (10 children)

Companies get extra data through Firefox

You mean extra data compared to them using any other advertising model, like google advertising? Do you have a source for that?

Because that is what PPA has to be compared to, and not to no ad measurement at all. It‘s meant to be replacing other advertising measurement techniques.

The comparison chart looks like it‘s copied from somewhere, would you mind sharing? I wouldn‘t mind a deeper dive into the topic.

[–] LWD@lemm.ee 1 points 3 months ago (3 children)

That is correct: why would any corporation choose to sideline their current advertisement model by creating an extra solution that doesn't even tap 3% of the market, while abandoning the data collection they already have?

If you trust the advertisement company to provide private ads, they can do it without the browser working on their behalf.

And if you don't trust the advertisement company, there's nothing the browser can do to make their ads list privacy invasive... Besides blocking it.

The source to the table is me, but I can provide the article that inspired it.

[–] unskilled5117 2 points 3 months ago* (last edited 3 months ago)

why would any corporation choose to sideline their current advertisement model by creating an extra solution that doesn't even tap 3% of the market

In its current form, I concur, you might be correct. But:

The current implementation of PPA in Firefox is a prototype, designed to validate the concept and inform ongoing standards work at the World Wide Web Consortium (W3C).Source

So the point is to create a system that other browsers could adopt. The other thing that could drive this, is the GDPR compliance. PPA is compliant, while a lot of the other technologies aren’t, and businesses are feeling more pressure. There is a reason that Meta participated in parts of the development.

All I can say is: Dont let perfect be the enemy of good. This is so far only a test.

Edit: I found the time to look at your source article, I had actually read it before when it was posted a month back. I will comment on their views, some right, others which can be debated, and on other details were they are just wrong. In general privacyguides is a great resource but I find this particular opinion piece to be lacking.

Spoiler, because I it's a long comment alreadyFirst off, for a healthy debate I will define two things for me. Tracking = creating a profile, ad measurement = measuring the ads effectiveness. If an Ad can be measured without a profile about me being created, I don't consider it tracking.

This "Privacy-Preserving Attribution" (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.

They assume that everyone uses a content blocker everywhere. Privacyguides and Mozilla have different target audiences. Privacyguides caters to people who are interested and have enough technical knowledge to try to prevent tracking. Mozilla is trying to cater to "normal"(in the sense of the majority) people who are not interested/ not knowledgable enough to do so. So there are two starting points. The "normal" who are already tracked by current advertising systems and privacy-focussed-people who try their best to prevent tracking. Privacy-focussed-people can just turn off PPA -> no more data gathered than before. But it is the "normal" people who have something to gain. If PPA replaces traditional ad tracking, less data and only anonymized data is gathered. The ads are measured, but users are not tracked. So it's not a tool added but a tool improved to provide greater privacy.

Mozilla constantly fails to understand the basic concept of consent. Firefox developers seem to see their position as shepherds, herding the uninformed masses towards choices they interpret to be "good for them." [...] One Mozilla developer claimed that explaining PPA would be too challenging, so they had to opt users in by default.

While I agree, that the communications could have been handled better, Mozilla has a point. Firefox isn't only meant for tech-enthusiast, but also for people who won't take the time or aren't able to grasp the concept of PPA without doing a lot of reading, and that's the majority. So Firefox developers are absolutely right to make choices, that they deem right for users. And that PPA is a challenging concept is proven by the author not fully grasping it themselves, as I will point out later.

The way it works is that individual browsers report their behavior to a data aggregation server (operated by Mozilla), then that server reports the aggregated data to an advertiser's server. The "advertising network" only receives aggregated data with differential privacy, but the aggregation server still knows the behavior of individual browsers! This is essentially a semantic trick Mozilla is trying to pull, by claiming the advertiser can't infer the behavior of individual browsers by re-defining part of the advertising network to not be the advertiser. [...]In this particular case, Mozilla and their partner behind this technology, the ISRG (responsible for Let's Encrypt), could trivially collude to compromise your privacy.

The aggregation server is actually two different servers by two different parties (Mozilla and ISRG). Yes in theory they could collude and combine the data (they are transparent about that). But why would they, they are trying to create a system that's better than before. I concur that trust has to be placed in them but you still have the option to turn it off and the alternatives is other ad tracking networks collecting the data with a profile about you being created.

Finally, there is no reason for this technology to exist in the first place, because tracking aggregate ad conversions like this can already be done by websites without cookies and without invading privacy, using basic web technology.

All an advertisement has to do is link to a unique URL

This is, were they are just plain wrong/dishonest. A Url would just be able to measure something if the add was clicked. PPA can measure ads that were seen but a purchase happened at a later time. This is what current tracking technology does but PPA can do it, without a profile about you being created, so a privacy gain.

Some people might say that Mozilla should just block ads outright to prevent any tracking. The problem is that the Internet is funded by ads. Mozilla themselves through their connection to Google is. Privacyguides is right to point out that there is a conflict of interest. But what Mozilla is trying to achieve is to prevent tracking (profile creation about you) and not ads. I am in favor of that. I like services to exist, because they fund themselves through ads, I just don't want to be tracked.

load more comments (2 replies)
load more comments (8 replies)
load more comments (9 replies)