It's unfortunate that almost none of the PPA criticisms actually go into depth on why its implementation isn't sufficiently private. It seems there's no desire to actually improve privacy, they'd rather just kill the feature.
If killing PPA meant the internet would suddenly be advertising free, I would be 110% on board, but that's not going to happen. Advertising is the dominant business model on the web and it's not going away. The alternative to privacy respecting advertising is the malware-ridden surveillance machine that exists today.
Yes, on an individual level you can mostly opt-out of this surveillance nightmare by using pi hole, uBlock origin, AdGuard etc. I do so myself. But keep in mind that this solution only works because of the 95% of users who do not use these tools and thus subsidize your browsing.
They deserve privacy too. So I'm holding out hope that Mozilla and others can succeed in developing a truly privacy protecting solution.
> I'm holding out hope that Mozilla and others can succeed in developing a truly privacy protecting solution
You're holding out for the feature built by former Facebook ad executives, who started the company Mozilla bought [1] to help advertisers get around Apple's ATT [2], to develop a privacy-respecting standard?
What you describe can be done. But it would need to happen at a public-interest group, e.g. Wikimedia or noyb. Not an ad seller.
I consider Mozilla to be a public interest group. It's understandable that Meta's involvement is seen as a red flag, but if you want it to actually happen, part of this process will involve cooperating with advertisers. In the end any proposal should be judged primarily on its merits rather than its authors.
Being a public interest group doesn't mean they have my interests in mind. Consider that both the National Right to Life Committee and the Planned Parenthood Action Fund are public interest group, even though they have strongly different views of what best benefits the public.
Why should we cooperate when advertisers and others didn't cooperate and respect the Do Not Track (DNT) header?
I want zero tracking and zero user profiling. I'm okay with context advertising. If the internet can't survive without profiling, then it's got a worse business model than broadcast TV.
Why would an ad company ever use this instead of tracking users? Even if it exceeded <5% of users (or whatever Firefox has these days), why not just keep tracking and add this one more data point?
It's a little like how "if you aren't paying, you're the product" turned into "if you pay, you're still the product".
Well of course it would have to go beyond Firefox to be effective. But if PPA can show that advertising can function without surveillance, then the business case for surveillance-based advertising goes away. This would make it easier for governments and browsers to more aggressively limit surveillance. Those who continue to use surveillance instead of or in combination with PPA would be seen as bad actors.
I never read any discussion about the obvious question: Who guarantees that enabling Privacy-Preserving Ad Measurement will keep all the other tracking away from me? No one! I've never read anything at all about the thought process behind this.
As you said, with current (EU) law and regulations, it's just one more data point.
People running ads in paper and public signs should just sue advertisers for anti-competitive tracking technologies as they have no way to compete against that.
> It's unfortunate that almost none of the PPA criticisms actually go into depth on why its implementation isn't sufficiently private. It seems there's no desire to actually improve privacy, they'd rather just kill the feature.
For me, yes absolutely.
> If killing PPA meant the internet would suddenly be advertising free, I would be 110% on board, but that's not going to happen. Advertising is the dominant business model on the web and it's not going away. The alternative to privacy respecting advertising is the malware-ridden surveillance machine that exists today.
I'm done playing ball with the ad industry and I have lost all trust in them. They will grab what they want to grab. It will provide less data than the current solutions so the ad industry will just continue with what they have.
> Advertising is the dominant business model on the web and it's not going away.
Not sure it's as strong as you suggest. I read the recent fight between Youtube vs Addblocker more as a weakness and a bit of hope that it might make YT less user friendly and could help other platforms.
> They deserve privacy too.
I agree so helps them install blocker and stuff like Consent-O-Matic instead of sneaking in features to help advertiser on their browser ...
Using PPA does not bring any privacy unless I missed a meta anouncement that they disable tracking when ppa is activated ?
Blocking ads only works because just a small percentage of users block ads. It's a free-rider situation and someone has to pay. If everyone blocks ads then sites will either counter ad blockers or if that's not possible, implement a pay wall.
This protects your wallet's privacy, but as a user who needs to log in to their systems you can still be tracked, even if they can't tell how much money you had on some specific wallet.
This is the usual PR response from the ad industry.
The web existed before ads and was funded by people that cared and were interested in something.
Now it's funded by ad companies and those don't care about anything but sales and have no interest in anything but money.
The useful internet made and used by people with interests and investment on a personal level is mostly dead. Replaced with shovelware and filler content to place intrusive ads around. Content has become the payload for ads, the more the better. Quality doesn't matter anymore, just deliver payloads with ads.
No, people who block ads aren't free-riders. If blocking would stomp out the mass of low quality bot sites and some of currently "free" services, I wouldn't complain too loudly.
I think the economic problems of the advertising industry shouldn't be of interest to my user agent. On the contrary, technically browsers could have more anti-tracking capabilities and I think even ad fraud is fully permissible.
There are problem with the attention economy and a lot of people suffer under it. Artist and journalists come to mind immediately.
In the end I am now seriously looking for alternatives to Firefox because I believe that Mozilla has list it in recent times.
> actually go into depth on why its implementation isn't sufficiently private.
What depth is required? PPA means that my browser is doing the spying instead of a third party directly. That's certainly a privacy improvement, but I don't consider it sufficient.
"Sufficiently private" is a subjective call. I don't want to be spied on. Whether or not there are technological "privacy preserving" features baked into it doesn't alter that fundamental fact.
All that said, this isn't a bad enough move to get me to stop using Firefox, as long as I can keep it disabled. It does mean that I have to view Firefox with suspicion, though. I can't consider the browser to be my "user agent" anymore.
Why do we need tracking for advertising though? I wouldn't mind ads based on the page content (as much). Social media websites know their users anyways, no need IMO to track users across other websites.
Personally, though, I believe the onus is on Mozilla to convince us that PPA is worth the effort, to show us exactly what data gets sent to their servers... Not on the user to explain why something that they, as less technically experienced, might see as various degrees of black box.
> It's unfortunate that almost none of the PPA criticisms actually go into depth on why its implementation isn't sufficiently private. It seems there's no desire to actually improve privacy, they'd rather just kill the feature.
PPA does not "preserve" or improve privacy; it only reduces it. Your narrative is a lie.
> The alternative to privacy respecting advertising is the malware-ridden surveillance machine that exists today.
That's just not true.
TV, newspapers and magazines supported themselves just fine using zero tracking on the advertising they ran. That is still an alternative for websites today. We could shut down every single method of tracking user's actions in a browser, and WidgetCo would still pay to advertise using static ads on the widgetclub.com website with no more privacy invasive data that the webserver page views and the click throughs to their destination urls.
Doing that would make _some_ of the forms of advertising polluting the web these days uneconomical, but seeing fewer Temu ads or "sponsored content" or "around the web" blocks filled with scams, conspiracy theories, and political donation begging at the bottom of every page on half the websites is a good outcome not a bad one.
The idea that advertisers are owed any more data than that, or that the developers of web browsers need to bend to the will of the surveillance capitalists is insane.
Sure, if you choose to run a "free" web browser developed by the DoubleClick advertising company (masquerading as a web search company), then I guess you have to expect the browser to serve that advertising companies interests more than your own.
But most of us expect more than that from Mozilla. They are _supposed_ to be on our side.
Any business who places an ad may simply inquire of their customers "How'd you hear about us?" and they would be able to gauge the reach of a particular placement. Furthermore, anytime a coupon is published, clipped and used at that business, they are going to know where it came from, and so there's your tracking, on paper, no electronic voodoo necessary.
Now when we get to radio and TV, the calls to action were even more immediate and measurable. The stations themselves ran promotions where hundreds, thousands clamored to phone in and be the correct-numbered caller. The advertisements ran specials and promotions and "tell 'em Joe sent ya!" type stuff. They could give a special number or they could run at a special time. The business knew exactly what ad correlated to those callers.
Infomercials are classic calls to action. You purchase time, you run the ad, and you give an hour or so window for callers to get a great deal. The calls roll into your switchboard and you correlate them. Then you buy the next round of ads based on your successes.
I guarantee that there has never, ever been a time when advertisers were unable or unwilling to collect metrics on responses to ads. Especially when marketing costs money, that investment needs to be based on facts and statistics.
> The idea that advertisers are owed any more data than that, or that the developers of web browsers need to bend to the will of the surveillance capitalists is insane.
It's a zero sum game. If others are doing it, then their advertising is more effective, the advertising cost per sale is lower, they are more competitive, and so every company is forced to do the same.
But if nobody is able to do it, then there will be no great loss for the consumer. Advertisers could argue that the inherent advertising overhead of every product is slightly higher and so consumers would have to pay higher prices. I would argue that this is a reasonable price to pay for privacy across the board, just as we all have to pay for the implementation of regulations that mandate safe products.
So we can expect advertisers to push for competitive reasons, but equally if we comprehensively resist so as not to favour competition that isn't similarly restricted, then I agree with you that there is no actual threat to commerce.
I think this is true, companies just want to advertise on equal footing at least. So disabling tracking would only hit only those that ride on the advertising budgets of companies.
If I ask in our advertising department, they do SEO "because the other do that too".
> So disabling tracking would only hit only those that ride on the advertising budgets of companies.
Reading this, it occurs to me that there's another group that would be hit: the tracking "industry" that has sprung up. They would become redundant. Perhaps that's why they're so vocal.
"Privacy preserving Advertising" is bullshit. Just do context based ads.
Oh you're in a car subreddit? Maybe show car ads... instead of hyper personalized diet ads for my fat ass...
Advertising is not hard to do without collecting tons of data, it's just a little bit more expensive if you can't target that well. I don't care. Only they care about that.
PPA is about attribution. It doesn't determine ad types you're seeing like Google's Topics. What it's for is having an allegedly private way to determine if you actually bought a product based on an ad you've seen. Marketeers love having that data so they can determine if their ads are effective to trigger purchases (called "conversions")
I'm not in favour of PPA by the way. I turned it off everywhere. But I just wanted to highlight this.
> To make matters worse, Mozilla has turned on its “privacy preserving attribution” by default. Users have not been informed about this move, nor have they been asked for their consent to be tracked by Firefox.
So more privacy by default is bad? What kind of inverted logic is that?
> If killing PPA meant the internet would suddenly be advertising free, I would be 110% on board, but that's not going to happen. Advertising is the dominant business model on the web and it's not going away
Obviously
At some point, this exagerated antagonism causes more troubles than it solves
This is the same logic of people who think rent controls do anything but cause more problems than it "solves"
1. Does this bypass user's cookie blocking measures (e.g. PiHole, ad blockers)? If so, it's reducing those users' privacy and opting them in by default.
2. If the user was previously interacting with GDPR-compliant websites only, is this reducing their privacy? They're not given the opportunity to consent or revoke consent to this collection of their data.
3. What are the implications of a data breach of Mozilla's servers? Would this have a greater negative impact on users' privacy than a breach of a single website?
> Does this bypass user's cookie blocking measures (e.g. PiHole, ad blockers)? If so, it's reducing those users' privacy and opting them in by default.
This is a nonsensical way to act upon this. You don't make collective choices putting the exceptions in front of the general case.
3. well it is not better than most brokers out there right?
By some (possibly spurious) Google search results, there may be ~900 million ad block users, so not exactly "exceptions." That number seems possible: consider there are 3.5 billion people that use Chrome (i.e. took steps to switch from their default browser, in most cases).
Personally I've been using FF for the last 4 years even though I consider it a worse experience, but I'm becoming disilusioned with it and considering moving to LibreWolf. I'm also interested in trying Orion (by Kagi), but haven't had the time yet.
Tbh. I don't get the negatives about Firefox. I have to use Chrome for App development and have been using it a little more in the last months. I cannot see why I should prefer it over Firefox. It works well, has (or soon used to have) good extension support and is smooth, but so is Firefox. Like, I could not say one single thing that I prefer in Chrome.
And all this while I have to ignore the single biggest negative about Chrome - that it's "run" by Google.
Personally it's more about the user interface. Searching history for instance is a mess on Firefox, you got it in collection tab and in history menu.
Then if you click on yesterday, it won't sort by the hour at which I browsed it yesterday but at the most recent date so that the sort order is messed up with the stuff you browsed today, and so on, and so on.
You say you're a developer. I had to tweak my company website myself, not knowing anything about css, html, JavaScript, chrome developer tools were intuitive enough.
Firefox developer tools? even years later, now than I understand well website development, I often still can't figure out how to do stuff.
Oh that’s weird! I have been using Firefox dev tools a lot, also for a lot of development, and it worked perfectly, and to me it made perfect sense! But maybe it would have been even easier on Chrome, haha
Maybe it depends what you are most used to. But personally I started completely fresh, tried both and chrome was more intuitive. At least as much as a développer tool can be to a non développer
Google meet on FF used to be almost a no-op but for the past year or so it has operated without any real issue.
Screen sharing is sometimes off when iterating windows but that is pretty minor. (on Windows anyway)
Tried it for some days, on iOS and macOS. It still has bugs, and extensions don't work as good as they should. Sometimes they don't work at all. The UI is a a little buggy, but that's acceptable.
Worst thing for me is that it's closed source. They can claim whatever they want, if they can't prove it, I cannot really trust them.
I used Firefox long ago, before I switched to Mac.
Because of crippling defects in Safari (pages just not loading, hyperlinks not being recognized as such, clicks doing nothing), I decided to go back to Firefox. This was made feasible by the availability of a bookmark-syncing facility across devices.
But... wow it's painful. On mobile, the bookmarks are buried under layers of inexplicable and unneeded menus. It's infuriating to use.
On the desktop, the storage of log-in credentials is only half done. It'll remember what user ID you might have used for a site, but it then fails to select the password associated with that ID. It just presents a giant list of every password for every ID you might have used on the site. You have to scroll through them all, and sometimes there are duplicates. Why?
Then there's the inability to specify that new tabs should open on your home page. Instead, new tabs have to open on the Mozilla home page, which presents a search bar that's useless. When you start typing in it, a giant search panel erupts from the top of the screen and the cursor jumps into it. WTF? Who thought that was good design?
I will probably just go back to Safari, because I refuse to support Google's shit. But what's going on with Firefox? They're putting dev time into the garbage reported in this article, and ignoring glaring defects that are driving Firefox's already tiny market share away.
That depends on the usage pattern. To give you a totally different way to use Firefox: I use it both on desktop (Linux) and on mobile (Android, multiple devices.) I don't ever close it. I close it to update or to reboot my computer. On desktop it's configured to restart with the previously opened tabs and windows (one per customer, each one on its virtual desktop, one for me.) I don't sync tabs because way more than half of the tabs on my desktop Firefox are related to work, some localhost, some reachable only on a VPN. Furthermore it's no business of Mozilla or anybody else to see my tabs go through their servers, E2E encryption or not. I never used any browser internal password manager because (any other considerations apart) what happens when I want to access a site from another browser? Maybe from Chrome, and I used Opera and Vivaldi as secondary browsers many years ago. I store my passwords in one of the various Keepass apps, sync from desktop to mobile with syncthing and I'm happy.
Firefox as browser-only browser is perfectly good for me. The surrounding UI is almost transparent to me, as if it did not exist.
The only point of contact between your and mine experiences are the bookmarks on mobile. I don't use them. I pin the sites I use most on the page that opens when pressing the new tab button and those are my bookmarks. Unfortunately there are only 16 possible pinned sites there but I'm not even using all of them. Most of the times I tap the URL bar, type one or two letters and Firefox autocompletes the sites I want to see. Example: I tap n and it suggests news.ycombinator.com. Faster than any bookmarks menu.
Anyway. If most users follow your workflow, Mozilla are not doing a good job. If most users follow my workflow, they are wasting a lot of engineering time in features we don't use. IMHO Firefox users are mostly power users so I think there are at least ten different workflows competing for the top spot and whatever Mozilla does people will be mostly upset. It's not an easy place to be.
That shitty search bar behavior is extremely annoying to me as well. Luckily it can still be disabled in about:config (the setting is called browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar or similar). “Awesome” bar is not that awesome.
FTR the feature is also implicitly disabled if you have telemetry disabled.
I wish more privacy advocate websites mentioned this. Not sure what these one-sided stories achieve other than pushing "might as well use Chrome then" conspiracies.
> a false narrative not backed by their actual communication about the feature
You're correct: Mozilla didn't try to hide this. But they didn't try to talk about it either. This isn't an obscure about:config setting; it's a new revenue source [1].
Ah ok good. I see it is partly because there is no opt out UI. For some reason Mozilla is very sparse with settings and user freedom on the mobile app, for this reason I thought it might have been overlooked. It was also not clarified in the announcements at all.
This is also false. Where are you pulling this from?
There is a user-visible setting in the normal preferences. It's grayed out unless you have telemetry enabled.
I think the initial version they shipped PPA in had no such option because, again, the feature didn't actually do anything at the time (and I'm not sure they expanded the allow list yet either).
It is not clear to me what is going on or what the state of this feature actually is. Have I opted out or haven't I?
After the initial complaints they must have known it was controversial. I stand by my original point, they could have been much more upfront about this.
> I'm "pulling this from" the settings on my browser. When I look at the check box in preferences it's unchecked and greyed out.
> I don't see any discussion of telemetry as controlling this behaviour.
As I mentioned: If the check box is greyed out, the feature is implicitly disabled, probably because you don't have telemetry enabled. The setting could be more explicit about this, which I'm sure they will refine in the future once the feature actually does anything.
You seem to be looking for a reason to be angry, but apparently Firefox picked the exact default you were looking for.
> I'm "pulling this from" the settings on my browser. When I look at the check box in preferences it's unchecked and greyed out.
The setting being greyed out indicates that the entire functionality is disabled, and the value of the setting is irrelevant. That's a common pattern in Firefox settings when some other setting invalidates the current one. In this case, it's most likely because you have "Allow Firefox to send technical and interaction data to Mozilla" unchecked.
This article doesn't describe the function in enough detail to convey why it's a problem. So if you know why it's actually a problem, by all means share with us.
Yeah Google is the world's largest ad company, and Apple is (among other things) an ad company, and Mozilla just recently acquired an ad tracking/analytics company...
With wei/attestation and every site I go to begging me to log in with Google (and only Google) just to use it, it’s clear anonymous browsing will be dead soon.
I’ve gone back to Brave. I really want to support a non-Chromium engine but Firefox have constantly slyly added features for its entire history. You need only open about:config and search for “telemetry” as an example.
I honestly don’t know why people always rush to Firefox’s defense when their track record is as bad as Brave’s. The amount of hoops I have to jump through to get a private Firefox after installing it is significant. Even their latest update the other day re-enabled search recommendations.
The Firefox feature under discussion, PPA, has nothing to do with targeting. It's about attribution.
It comes into play after you have seen an ad. If you later go visit the site the ad was promoting, it increments a counter maintained by Mozilla or by some company hired by Mozilla. Later the site the ad was for gets a report telling them something like that out of N people who saw the ad, M of those people later visited the site.
But that still means both can go hand in hand! If user targeted ads and tracking is forbidden and a thing from the past, there’ll be less problems with having some proper statistical attribution.
Hint: I’m from the EU and love the intention behind GDPR.
I know this will be an unpopular opinion, but I was a chrome user for well over a decade. I spent the last year or so trying to switch to Firefox (and did) because google implemented something similar to this in chrome.
I used it for a year and then I switched back to chrome about 3mo ago because the writing was on the wall that Mozilla was going down the same route, just more slowly and a few years behind. I don’t see a reason to use Firefox if it’s going to have the same “features” that I just have disable in chrome, when chrome is still more performant.
It’s really unfortunate that every alternative to chrome is either measurably slower or just a fork of chrome.
Set dom.private-attribution.submission.enabled to false in about:config and problem solved. Not the first thing you should disable there and not the last.
Opt-out is simply a violation of the EU GDPR. For me as an EU citizen it was checked after the update. I hope the data protection agencies have the capacity to punish this behavior, sadly a lot of bad actors still get away because there aren’t enough resources.
> The technology aims to demonstrate a way for advertisers to measure overall ad effectiveness without gathering information about specific individuals.
If it doesn't collect personal data, does it fall under GDPR?
No. But the bar for “personal data” is very low, and any data that could conceivably be linked to an individual is personal data. I’m not familiar with how this function works, but Mozilla would almost certainly have to work quite hard to avoid falling foul of this:
> ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
It contains data about which ads you saw or clicked on as a histogram.
GDPR defines personal data as follows:
> The basic definition of personal data is any information relating to an identified or identifiable natural person (data subject).
This data is then aggregated using their DAP service. This means to a third party. They say it's somehow encrypted and will be fully anonymized, but I can't fully understand the implementation. There are several security considerations mentioned in the draft: https://datatracker.ietf.org/doc/draft-ietf-ppm-dap/.
Doesn't matter that much, they have to ask for consent and inform the user in clear and understandable language anyway. Opt-out is a big no-no.
Hm, not sure if I did something against that already, but for me the option in about:preferences was unchecked and also I am unable to check it. I am not sure why that is, anyone has an idea?
It's become painfully obvious Mozilla has abandon Firefox and are just exploiting what's left of it's reputation for profit. It time to fork Firefox and kick Mozilla to the curb.
Ladybird does look really cool but what I mean is an alternative to the Mozilla Foundation as an official steward of what should be Firefox. Basically what Mozilla was originally created to do but obviously isn't anymore.
They're just exploiting Firefox's users now. How much of what Mozilla brings in is actually going to improving Firefox? Google, the maker of the largest competitor in he browser market, has been paying off Mozilla's leadership to not compete in the browser market for like a decade now. Go research how much the c-suite was making over there at Mozilla while they were gutting the Firefox dev teams.
And now Mozilla is straight up data mining Firefox's users. They obviously don't care what the users of Firefox think anymore because no one in the community asked for any of this crap.
I don't think this needs to be explained to anyone here but modern web browsers are complicated as hell. We need viable open-source browsers but we also need a way to fund their development. Again what Mozilla was intended for. Hell it doesn't even need to be centered around Firefox specifically but we need some viable alternative to manage and fund these vital open-source projects.
For comments like these I wonder how a Firefox developer would read it. You're doing an honest job on an open source browser, fixing bugs, patching vulnerabilities, adding features to keep up with web standards, knowing virtually nobody pays for it — Google needs to fund your paycheck because no one else can be arsed. And then you see opinions like the ones in this thread about how evil you "obviously" are and how you're supposedly milking the brand name
> painfully obvious [that it's] time to fork Firefox and kick Mozilla to the curb
What's probably painful and apparently not obvious is how many developer hours go into upkeep and staying current for a modern browser (to me, they seem about as complex and elaborate as your average operating system, not that that's necessarily a good thing)
If killing PPA meant the internet would suddenly be advertising free, I would be 110% on board, but that's not going to happen. Advertising is the dominant business model on the web and it's not going away. The alternative to privacy respecting advertising is the malware-ridden surveillance machine that exists today.
Yes, on an individual level you can mostly opt-out of this surveillance nightmare by using pi hole, uBlock origin, AdGuard etc. I do so myself. But keep in mind that this solution only works because of the 95% of users who do not use these tools and thus subsidize your browsing.
They deserve privacy too. So I'm holding out hope that Mozilla and others can succeed in developing a truly privacy protecting solution.