cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Remove "Privacy-Preserving Attribution" ad measurement scheme from Firefox

Quackles
Making moves

Firefox 128 adds a new 'feature': "Privacy-Preserving Attribution", per https://support.mozilla.org/en-US/kb/privacy-preserving-attribution, where the Firefox browser cooperates with advertisers to find a way to track ad performance without individually spilling the beans on an individual's browsing history.

The intent behind this feature is to provide an alternative to ad tracking; however, this approach is misguided. First, advertisers will take every tracking method they can get, including this one. The rise of this one would not stop them from tracking elsewhere. Second, this proposal assumes that advertisers have a right to see the performance of their online ads; also not the case.

Instead of this, Mozilla should work on beefing up its native tracking protection to mitigate every kind of tracking it possibly can, even inhibiting the display of ads entirely if it is necessary to do so.

Please, remove "Privacy-Preserving Attribution" from Firefox.

48 REPLIES 48

danyeaw
Making moves

Integrating this feature in Firefox, and especially turning it on by default, starts with the assumption that companies have the right to track users online.

I am unhappy that Firefox advertises itself as a privacy preserving alternative and then integrates this feature at all, this statement on your homepage "No shady privacy policies or back doors for advertisers. Just a lightning fast browser that doesn’t sell you out." is now false, this is a sell out to advertisers.

At a minimum, this feature should be turned off by default and should be opt-in.

No, it starts with the assumption that pages are going to track you anyways, so at least guive them an easier alternative thats private. And Sadly, for now this assumption holds.

I also add that in the android version, in a fresh installation, data sharing with Adjust is enabled by default. I believe it is not even allowed by GDPR.

jscher2000
Leader

As I understand it, the idea behind this feature is to allow advertisers to count conversions in an aggregated way. Mozilla has been working on PPA for several years now, so I assume that appropriate caution has been taken in scrubbing the data to prevent individual attribution. If you don't trust -- and with anything new, there is reason for skepticism -- you can opt out.

I understand your perspective on ads -- no one enjoys seeing or clicking away ads. However, I agree with people who want to move the industry toward privacy-respecting ad practices because of the concern that without ads, a lot of content would no longer be available for free. Paywalls are even more annoying than ads.

It is not so much about adds. The problem is that Firefox send private browser data by default (i.e. unasked) to a server even before it is "anonymized".

"The simple truth is that the "Distributed Aggregation Protocol" Mozilla is using here is not private by design.

The way it works is that individual browsers report their behavior to a data aggregation server (operated by Mozilla), then that server reports the aggregated data to an advertiser's server. The "advertising network" only receives aggregated data with differential privacy, but the aggregation server still knows the behavior of individual browsers!

This is essentially a semantic trick Mozilla is trying to pull, by claiming the advertiser can't infer the behavior of individual browsers by re-defining part of the advertising network to not be the advertiser."

I don't believe you quite understand our perspective on ads - seeing and clicking them away is no way the issue here. We have adblockers, and they work so well that I'm honestly surprised whenever one actually slips through. The problem is ad companies tracking every little detail of people's lives and collecting it indefinitely, just to decide which ads to show more frequently. People who don't agree with that model should not be required to have a degree in computer sciences and constant vigilance.

I only found out about this new avenue of my data leaving by being in tech-savy circles. What is the privacy impact of this new PPA? If I simply want to maintain my current level of privacy, do I indeed need to dig into about:config to opt out of this? How deep a dive on Mastodon and the subreddits am in for today to figure all this out? A browser can act this way, or it can be trustworthy. There is legitimately no way to do both.

GottHeit
Making moves

Uff, just noticed this "feature". Can´t believe it. It is not the first time Mozilla is turning on strange features, date collection, etc by default like studies... but this time... I am - was by now - a paying user for Mozilla Services. But tracking? Are you kidding me? Mozilla - as an US company - is tracking userdata - oh, in a subsidiary. Come on. Puuuuuuuh.

Focx
Making moves

A serious violation of user privacy and trust. Users have no interest in cooperating with ad companies. Even including PPA is an affront, but turning it on without notice, or user confirmation? Absolutely not.

Joel
Making moves

If you believe that you have no interest in cooperating with advertisers its either tat you dont use any free services (this includes paying for your search engine) or that you dont know how the internet is financed.

Except that the current model isn't asking for users to either pay for their search engine, or else they get their privacy violated. Everyone's privacy gets violated whether someone finds that an acceptable business model or not.

But speaking of people who don't know how markets work - say that I'm running a browser project, trying to hold on to my market share. We promote ourselves with two distinct features, a strong focus on privacy and an open source community fighting for the user first. Is cooperating with advertisers to where people describe it as "a serious violation of user privacy and trust" something to scoff at?

People describe Biden as Communist, I dont fell like this is a trustworthy source of information. If someone tells you that you can explain to them that it isnt the case and that its a false statement. We should not condition out choices by what lies can people on the internet make up.

Ans again, working with advertisers so that we can get a model that is not invasive with privacy but that allows them to make money is totally legitimate. Why would you like to avoid communication if it can benefit everyone?

 

I hate to break this to you, but public perception absolutely matters. Say that you as a user have read the public statement about this, and perhaps even dove into the documentation behind the PPA project like the VDAF protocols used. Based on your claims about the tech in your comments it appears like you didn't, but hypothetically.

Now you obviously came to the conclusion that the public outcry is wrong and should be dismissed. The EFF need to shut up about this particular approach being harmful, this is the future. And more important here, that you can reasonably convince others of this truth. You currently seem to be eight comments in on this post and results have been sub-optimal, but again hypothetically.

Firefox has an estimated 160 million active users remaining. Do you think you can stop the current tide of bad press by just responding to social media posts with "you shouldn't even worry about this"? Because that is now the only remaining fix after Mozilla made the conscious choice to not get the community on board proactively before fully implementing it to all 160 million users. Everyone just heard about this from social media takes and tech articles rather than well-crafted explanations written in defense of it. Mozilla reps have backed this unique choice with the justification that PPA is too technical to reasonably explain in full to the average user... which is probably correct, a lot of tech stuff is too.

Only those average users are still going to hear and talk about it in public, now they're just going to be doing so in response to cries from prominent privacy advocates and not that carefully crafted statement. Which generally tends to be the smell check for this sort of thing anyway. If you don't fully understand the tech, you look to those who do and gauge their concern. When those prominent voices, blogs and tech reporters are all taking a look and referring to this as a serious violation of user privacy and trust, here is how you should disable it - that is a genuine problem. You should not be so dismissive of that.

And honestly, if you genuinely believe that PPA is the future for a more sustainable relationship between users and ad companies - you should be more upset about this mess than any of us. Because it is now effectively dead in the water. If you want the value you are advocating for, of sitting at the table with ad companies, then you need to do so while fully trusted to always side with users. If those communications result in a solution that the users don't actually trust, it is not a breakthrough. It's just another company open to working with advertisers, and brother is the internet already full of those.

This only works if you trust advertisers at all, which I don't.

Ads are tools used to try to manipulate our minds, and persuade us to buy something.

PPA let advertisers know with certainty if this kind of manipulation is effective or not (ie if some user sees an ad and then buys the product) and I think it's not ethical.

I don't want to have this technology in my browser, so I support  the removal of PPA from firefox.

 

Anonymous
Not applicable

The decision to put such a trial into a release without giving the users ample explaination and a real choise to opt-out directly on update/installation, made me a bit angry and sad. It kind of reminded me of the Mr.Robot fiasco way back. And sadly convinced me that it's very necessary to be very careful when updating firefox in the future to not be part of any such unconsented experiments.

Mozilla should very promptly remove PA and if they want to continue with it they should re-make it as an addon and let users decide if the want to install it and support this initative or not.

There is absolutely no need to to have something like this as part of the browser. It's almost on the same level as Brave's Crypto Reward system that has also no reason to be part of a web browser.

If its not part of the browser youre just telling companies track me bc its the only option you have to make money. If its a part of the browser some companies might still try and track you, but they might just use Mozillas service and avoid the hastle of tracking. Sadly other options arent realistic

Anonymous
Not applicable

As i said ... i am mostly angry about the unconsented rollout of this feature that clearly interacts with user data (even if that data is supposed to be not user identifiable)

I would  have expected any action revolving around such user data to be handled in far more respectful and transparent way, which it objectively was not.

I am normally a very strong supporter of firefox and mozilla and even rather unliked decision (like for example the removal for compact layout i try to understand and put into perspective) But this feature rolleout clearly goes against everything mozilla preaches in how to treat their users. 

On some level i still kind of wish/hope, this was just a "blunder" by a few people but since the CTO already wrote his piece on reddit, i seems like it was not, which additionally increases my worries.

I seriously hope for a big apology and the complete removel of this module from stable either in a patch ASAP or at the latest on the  next major release.

You can remove it by going to settings and desactivating it. How do you expect being more transparent that the process of how it works being explained an even published as a paper? You're just mad that you have to put effort into understanding how something works.

Finally, this offers an alternative to the JS tracking we have now. Its an objective improvement, so again, I dont understand why an improvement should be removed.

There are a few issues here:

  • Yes, it can be deactivated via Settings… on Firefox for desktop OSes. On Firefox for Android, it's not just not exposed in the Settings UI: the feature isn't even mentioned in its release notes. Why?

    When I asked you about its presence, you didn't answer my question (it had to be Haagee the one to confirm it and explain how to expose the option to disable it). That's not reassuring.
  • This is no alternative to JS tracking unless JS tracking is curtailed by law, with penalties with teeth, as we've seen in similar issues. Until then, this will just be an additional point of information to crosscheck against, or maybe a tool against ostensibly privacy-first platforms that hoard the data for themselves (such as an Apple, it being an ad business itself).

    Unless Mozilla unilaterally supresses all JS tracking in Firefox' default install and offers PPA as the sole option to advertisers, implementing PPA has no practical use other than being a PR exercise (gone wrong). And even then it needs to be opt-in in all platforms, because that's not Mozilla's decision to make: it's ours.

    (Yes, I understand the Internet ad-supported economy, but it has come to a point in which I simply don't want to concede it a single additional, as it stands, bit of data whatsoever, no matter how anonymized or bunched into cohorts or the like)

 

It doesn't feel meaningful, and advertisers should use this technology to track on top of the original tracking methods

Can this really be an alternative to JS tracking, advertisers will continue to use JS tracking and at the same time get more user data from privacy-preserving attribution, unless JS tracking is prohibited by law, why should advertisers abandon this tracking method, the more user data they can get, the better

jcol
Making moves

"By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web."

 

Perhaps this page should be updated https://support.mozilla.org/en-US/kb/third-party-cookies-firefox-tracking-protection to say "Firefox blocks other attempts at cross site tracking so that we can do it ourselves."

Joel
Making moves

This is not whats happening, pelase read how it works before spreading missinformation

AztecPattern
Making moves

Is making this opt-out even legal in the EU?

 

 

No data is beeing send to anyone so yes

DevBo
Making moves

No data is being sent... "Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.".

In case you're confused, when they say "submits it" they mean "sends the data they collected about your actions"

You claim to have an understanding about this tech but it is very obvious you don't. You seem like you are either:
- A Meta representative who wants more sweet sweet data. Why else would you go out of your way to defend this.
- Or a Tech Bro who will go along with what ever desires the companies you think you need have.

source

mm1
Making moves
Opt-in is only meaningful if users can make an informed decision. I think explaining a system like PPA would be a difficult task.

This level of either arrogance or incompetence of Bas Schouten, Performance Tech Lead at Mozilla, is pure danger for Mozilla.

Be honest about your motivation or take the two minutes to explain it correctly and give us the opt-in. We're used to explain tech to our parents and grand parents for decades now.

AztecPattern
Making moves

What's the situation in the Android version of Firefox? I see no related settings there.

Also, should I start worrying about Thunderbird?

 

You shouldnt even worry about firefox. This option doesnt send any personal data to anyone. And no, Thunderbird will not implement this as it makes no sense there. As already said and repeated, it does not send users data, it only generates profile reports to websites that ask for it client side, so what websites are you visiting though thunderbird that you dont trust enough to guive them a profile but yu trust enough for the to execute tracking JS code?

Still: is this activated in Firefox for iOS and Android? And, if so, how can I deactivate it?

(I can block Javascript execution, generally and granularly. And I feel it's naive to believe that this new feature will keep advertisers from simply using both means)

 

It is sadly also enabled by default on Android, but not on iOS since they are on a different track entirely.

Disabling it on Android takes some extra steps since they didn't even make it a setting, and about:config is not set up by default. This should get you there:

- Navigate to chrome://geckoview/content/config.xhtml

- Toggle general.aboutConfig.enable to true

- Now you can navigate to the newly enabled about:config

- Toggle dom.private-attribution.submission.enabled to false

Hope this helps.

This is terrible. I will stop using Firefox on my phone as well. Mozilla and it's developers really have no shame.

Joel
Making moves

And what will you be using instead? This is an optional feature, and the only alternative to Firefox is chrome, which is a lot worse than ppa. So could you give a logical argument to support your logic of switching browsers is easier than toggling an option?

 

Lets be serious, dramag is fun, but its not the place to show it

techfox
Making moves

Kudos to the OP.

Please, remove "Privacy-Preserving Attribution" from Firefox. I don't understand why something so obvious in a browser like Firefox needs to be explained in dozens of threads on this forum, Reddit, etc.

wutongtaiwan
Familiar face

Why Mozilla employees didn't respond under this post

Why would thy? its just non constructive feedback about people that havent event taken the time to understand what this is about.

DevBo
Making moves

My head is still spinning. Can't believe Mozilla's developers would:
- Intentionally implement ad tacking helpers for Meta.
- Then insult their users by implying that the users wouldn't understand even if they tried to explain it.
- Then proceed to pulling the "I know whats best for you" card, because they probably can't explain it in a way that keeps both user's and Meta happy.
- Meta, seriously??? The king of not respecting people or their privacy?

I need a really good answer to these insults and what they heck they were think.

wutongtaiwan
Familiar face

Together, we're pressuring Mozilla to change their current decision, preferably by removing it outright or turning it off by default