this post was submitted on 13 Jul 2024
295 points (96.2% liked)

Firefox

17902 readers
54 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

Original toot:

It has come to my attention that many of the people complaining about #Firefox's #PPA experiment don't actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧡 is in order.

Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn't actually sell products.

Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren't going to stop using it until someone convinces them there's something else that will work better.

"Contextual advertising works better." Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don't trust it.

What PPA says is, "Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?" The data that the browser collects under PPA are sent to a third-party (in Firefox's case, the third party is the same organization that runs Let's Encrypt; does anybody think they're not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.

This allows advertisers to "target" which sites they put their ads on. It doesn't allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they're doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they're doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 92 points 4 months ago (3 children)

And what is the advertising industry doing to earn back the trust that they've eroded with their incessant, relentless abuse over the entire life of the Internet?

[–] [email protected] 47 points 4 months ago (3 children)

Creating ads that are even more targeted to you so you can forget about everything and buy that electric kitchen knife you just saw scrolling reddit

[–] [email protected] 10 points 4 months ago* (last edited 4 months ago)

Adds so targeted they become your only friends.

load more comments (2 replies)
[–] [email protected] 32 points 4 months ago (3 children)

They're not supposed to have trust. That's why they're only allowed fully anonymised data under this scheme. They do pay the bills, though, so they can't be completely banished until there's an alternative source of money.

[–] [email protected] 10 points 4 months ago (2 children)

There is no such thing as "fully anonymised data". Data can be de-anonymised by anyone who aggregates it. It's been demonstrated over and over and over again.

[–] [email protected] 22 points 4 months ago

And because of that, the advertisers are not the ones aggregating it

[–] [email protected] 19 points 4 months ago (1 children)

This is just false, there is a mathematical framework for aggregating data in a way that prevents de-anonymization https://en.m.wikipedia.org/wiki/Differential_privacy. This is what the US census department uses to release census statistics without impacting anyone’s privacy.

load more comments (1 replies)
[–] [email protected] 6 points 4 months ago (3 children)

That does nothing to deal with malware distribution, which has been a problem in pretty much every ad network. It does nothing to address the standard practice of making ads as obtrusive and flashy as possible.

I do not accept the premise that advertising is the only possible business model for quality web sites. History suggests the opposite: that it is a toxic business model that creates backwards incentives.

load more comments (3 replies)
load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 47 points 4 months ago* (last edited 4 months ago) (3 children)

Completely facile argument, right there in the last sentence.

We can keep fighting for something better while still accepting this as an improvement over what we have now.

YOU BUILT THE FUCKING THING. Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.

Who's forcing you to make advertisers happy? Don't answer that, because I don't care. You can't pretend to be about privacy and then build things that help advertisers violate it.

This one's also pretty funny btw:

If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place.

Advertisers don't give a shit. They have zero motivation to fix anonymization. They're not going to HELP us get rid of privacy violations.

[–] [email protected] 26 points 4 months ago (6 children)

Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.

Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data

Advertisers don't give a shit. They have zero motivation to fix anonymization. They're not going to HELP us get rid of privacy violations.

That's why a trusted third party is handling this. They care a lot, because of they fumble it they are now an untrusted third party and someone else will take care of the anonymization part

[–] [email protected] 7 points 4 months ago (1 children)

Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data

They're going to do this anyway. As far as Firefox is concerned, it's the browser's job to stop them. That's what Firefox is selling: privacy

because of they fumble it they are now an untrusted third party

Assuming I take this for granted, they have already fumbled it by turning on an anti-privacy feature without consent. They can no longer be trusted. Not that you ever should have trusted them because whatever motivation they have for pure moral behavior now, that will change with the wind when more VC money gets involved, or there's been a change in management.

And firefox has ALREADY had a recent change in management, which is probably why THIS is happening NOW. They just bought an adtech firm for pete's sake. Don't trust other people with your data. At all.

[–] [email protected] 9 points 4 months ago (3 children)

Did you even read the article or are you just hating? There is a will known additional non profit that is well known and trusted by probably everyone that knows about it. This nonprofit is handling the anonymization.

[–] [email protected] 11 points 4 months ago* (last edited 4 months ago)

Have you seen how many data breaches happen on DAILY BASIS?

There's a freaking community here for dta breaches, they happen so often.

Plus, Johnny boy wasn't exactly transparent about what they were doing, which is a huge part of the problem.

When people show you who they are, believe them.

load more comments (2 replies)
load more comments (5 replies)
load more comments (2 replies)
[–] [email protected] 36 points 4 months ago (2 children)

Man alive, I thought that Mozilla had been doing their own Personal Package Archives so that we didn't have to deal with Ubuntu packaging it as a Snap anymore. And this is doubly disappointing.

[–] [email protected] 6 points 4 months ago (2 children)

Me too. Still dont know what PPA is in this context :/

load more comments (2 replies)
[–] [email protected] 34 points 4 months ago (2 children)

This is the exact same story the whole internet has used and every time the 3rd party or whoever it is eventually gets corrupted and it turns out that they kept the original data. The company gets bought by Amazon or who google and repeat

[–] [email protected] 30 points 4 months ago (1 children)

It's LetsEncrypt. If you don't trust them the open web has bigger problems than Firefox's new setting.

[–] refalo 5 points 4 months ago

I wouldn't be surprised if most CAs are secretly compromised. I'm surprised nobody ever talks about it or wants to know how they operate securely if at all.

[–] [email protected] 8 points 4 months ago

100% it's gets bought by Google, Amazon, Microsoft or Apple.

[–] [email protected] 27 points 4 months ago (6 children)

This is bullshit. The total amount of advertising I want is zero. The total amount I want of tracking is zero. The total amount of experiments I want run on my data without consent is, guess, zero.

[–] [email protected] 35 points 4 months ago (3 children)

Then you keep blocking ads and nothing changes for you.

The backlash here is wild and completely uninformed. This is only good for consumers, the ads that this will affect are already tracking you in more onerous ways.

load more comments (3 replies)
[–] [email protected] 20 points 4 months ago

Well, this isn't about you. If you're blocking ads anyways, there's going to be no data to report.

But Firefox needs webpage owners to be able to make a buck off of supporting Firefox. Otherwise, we'll see even more webpages suggesting to switch to Chrome.

[–] [email protected] 13 points 4 months ago (6 children)

Do you donate to FOSS software you use?

Your options are ads or donations. As it costs money to develop and host a lot of FOSS, in our capitalist world, it's impossible to offer a service without somehow receiving money to continue to provide that service.

[–] [email protected] 7 points 4 months ago

Yes, for example I donate to thunderbird since I find it useful. And I wouldn't mind donating to Firefox either provided they wouldn't do this sort of fuckery.

though in the long run we need to overturn capitalism of course, and that an economic model is viable doesn't mean we should sustain it or justify it.

load more comments (5 replies)
[–] [email protected] 9 points 4 months ago (3 children)

Then keep blocking ads and opt out of it. Not that hard isn't it?

[–] [email protected] 11 points 4 months ago

It's hard when I don't get told about it and find by chance.

[–] refalo 8 points 4 months ago (10 children)

opt-out (instead of opt-in) should be illegal.

load more comments (10 replies)
load more comments (1 replies)
[–] [email protected] 7 points 4 months ago (2 children)

Sow do you plan to pay sites for the resources you use?

[–] [email protected] 6 points 4 months ago

It depends, but mostly no. And if that means some sites are not economically possible, so be it.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 26 points 4 months ago (6 children)

Mozilla: We want to offer anonymised data so advertiser stop trying to track you with shady means. You can opt ou tho.

Privacy ultras: WHY YOU WANT DATA?!

Mozilla: ...

[–] [email protected] 15 points 4 months ago

The problem for me is not that they implemented this. The problem is that they TURNED IT ON without my consent!

load more comments (5 replies)
[–] [email protected] 25 points 4 months ago (19 children)

The fact that mozilla does't understand what user consent is, is alarming about where they are heading.

[–] [email protected] 10 points 4 months ago

That, and the point that ad blasters want to know the gory details of your private life in order to make their ads that one or two percent "more effective".

Does the Firefox really believe that sites will stop throwing a gazillion cookies and trackers just because they now also have PPA?

I, for my part, opt to block both the cookies and trackers as much as I can and the PPA, too.

load more comments (18 replies)
[–] [email protected] 19 points 4 months ago* (last edited 4 months ago) (2 children)

The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?)

I wouldn't trust anyone with data this valuable, and even assuming they're trustworthy now, who knows if they'll be in a year; especially with how much "interest" they gain by now handling this data.

and aggregated and anonymized there.

I'm just supposed to believe and trust that they will do that?

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party.

A "trusted third party" does not exist, and will never exist.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

Or I can tell advertisers to eat shit and give them nothing, like I've been doing my whole life. Has been working well so far.

[–] [email protected] 14 points 4 months ago

Yes, all great points. But you're comparing the wrong thing. The comparison isn't PPA vs no ads. It's PPA vs being personally targeted by ad companies. It's clearly a step in the right direction.

Or I can tell advertisers to eat shit and give them nothing, like I've been doing my whole life. Has been working well so far

Now your getting it! Yes, just keep using an ad blocker and tell advertisers to fuck off! That's exactly what we can all continue doing, and this PPA stuff will have 0 impact on us. But it will improve the lives of everyone not using ad blockers.

[–] [email protected] 12 points 4 months ago (2 children)

If you don't trust let's encrypt SSL certificates, then you probably should probably stop using the Internet to be safe, as probably more than half of all websites are using them.

load more comments (2 replies)
[–] [email protected] 16 points 4 months ago

I understand it perfectly fine thank you. This should not be a hidden opt-out option.

[–] [email protected] 16 points 4 months ago* (last edited 4 months ago)

What the heck Mozilla? The people complaining are the ones who understand it. Anyone who thinks this is ok is either a die hard Mozilla fan or doesn't understand what it does. This is targeted advertising. You know how companies target vulnerable minorities? That's what this enables. It isn't just about "privacy" as targeted advertising is dark in many other ways.

[–] [email protected] 12 points 4 months ago* (last edited 4 months ago) (2 children)

They keep saying many words waving hands frantically and people still don’t like it. I bet if they explain 10th time with colourful diagrams and 3 minute whiteboard explainer video people still won’t like it. Such an ungrateful crowd

You need hands on workshops, we will organise them with foundation budget. That will surely explain things sufficiently. We will also give out informational flyers in small communities to foster local enlightenment.

load more comments (2 replies)
[–] [email protected] 11 points 4 months ago* (last edited 4 months ago) (1 children)

I'm not even buying the premise. Any business can look at its bottomline to see if their advertising works. If they can't, then its not working.

[–] [email protected] 7 points 4 months ago (2 children)

Yeah, but this lets them know WHAT ads are or arent working

load more comments (2 replies)
[–] [email protected] 8 points 4 months ago (3 children)

Why wouldn't you bring all this up before you shove it into the browser to be discovered later, and make it the default? Whoever thought this was a good idea should be shot with a ball of their own shit.

[–] [email protected] 6 points 4 months ago (2 children)

Mozilla has been working on anonymized advertising for quite some time now, there were news and job postings.

load more comments (2 replies)
load more comments (2 replies)
[–] [email protected] 7 points 4 months ago (1 children)

It has come to my attention that many of the people complaining about #Firefox's #PPA experiment don't actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it

The documentation under the "Learn more" link next to the "Allow websites to perform privacy-preserving ad measurement" checkbox in Firefox preferences explains very clearly what it is and how it works. Asserting that people who read that and are indignant about it being enabled by default just... "don't actually understand" it is absurdly insulting and basically gaslighting.

load more comments (1 replies)
load more comments
view more: next β€Ί