Original toot:
It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.
Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn’t actually sell products.
Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren’t going to stop using it until someone convinces them there’s something else that will work better.
“Contextual advertising works better.” Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don’t trust it.
What PPA says is, “Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?” The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.
This allows advertisers to “target” which sites they put their ads on. It doesn’t allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.
Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they’re doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.
Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.
Man alive, I thought that Mozilla had been doing their own Personal Package Archives so that we didn’t have to deal with Ubuntu packaging it as a Snap anymore. And this is doubly disappointing.
The fact that mozilla does’t understand what user consent is, is alarming about where they are heading.
That, and the point that ad blasters want to know the gory details of your private life in order to make their ads that one or two percent “more effective”.
Does the Firefox really believe that sites will stop throwing a gazillion cookies and trackers just because they now also have PPA?
I, for my part, opt to block both the cookies and trackers as much as I can and the PPA, too.
If they didn’t understand user consent, would they really have the ability to opt out? I get that you’re on your soap box and seething with anger, but let’s not devolve into ludicrous nonsensical reframing.
When Chrome asks the user to activate a similar feature while Firefox doesn’t - welp, no. They don’t understand user consent.
Imagine finding a Mozilla microphone under your dining table. “Oh, but you can remove it and toss it. That’s understanding user consent!”
When Google utilised their Chrome dominance and forced the web into manifest v3 so they could curtail adblockers, did they ask for your consent?
No, and that’s why I don’t use Chrome. But at least they said they’d do this.
Mozilla in turn said “hey here’s this neat feature. Don’t worry, it’s optional!” And then they silently activated it for everyone with an update.
Mozilla said, “hey, in the chance you see an advert on the Internet, this will anonymise the data sent to the ad publishers for you automatically” and you said, “how dare you”!
Red herring, and you’re missing the point, and this is getting frustrating. If you ignore the argument below again, I will stop responding to you.
From the Mozilla’s website (so you don’t say I’m ill-informed):
https://support.mozilla.org/en-US/kb/privacy-preserving-attribution?as=u&utm_source=inproduct
Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.
Zoom in:
Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.
Zoom in:
anonymously submits it
Zoom in:
submits it
This is after an update, and it’s opt-out, that is, enabled by default. And not a single notification about it. If I don’t check my settings, or read about it, I would have never found out about this.
WHY IS MY BROWSER SUBMITTING ANYTHING WITHOUT ASKING ME FIRST?!
Plus it’s described as an experiment. And I’ve already told Mozilla to NEVER include me in any of its “experiments,” after the whole Mr. Robot fiasco. If this is labeled as an experiment, why is Mozilla not respecting my decision?
That’s the issue I have with it. It doesn’t matter what it is. It doesn’t matter if it’s “for my own good.” I am supposed to be in control of my browser. I decide when my browser sends anything to the Internet about me, even if it’s anonymized.
I would expect this from Chrome, and that’s why I don’t use it; not Firefox.
Your browser already submits information about you by virtue of existing.
What this does is put the mechanisms to ring fence that in place. The same way that the Enhanced Tracking Protection does.
Kinda like how even if you’ve had an STI test recently, you should still use a condom when sleeping with strangers.
Regarding the opt-in versus opt-out stuff. That’s a dead fish. People go with what the default is. By default ETP is on. By default, autoplay is off. By default, HTTPS only mode is always on.
These are all things that happened without my explicit consent and they’ve all made the Internet a better place for normal people, not like me and you, but normal people who rely on the best defaults possible.
Why wouldn’t you bring all this up before you shove it into the browser to be discovered later, and make it the default? Whoever thought this was a good idea should be shot with a ball of their own shit.
Me wondering why the Firefox package archive is suddenly controversial…
does anybody think they’re not trustworthy?
I didn’t until I read that sentence. I actually get what they are trying to do here, but good grief…
This is bullshit. The total amount of advertising I want is zero. The total amount I want of tracking is zero. The total amount of experiments I want run on my data without consent is, guess, zero.
Do you donate to FOSS software you use?
Your options are ads or donations. As it costs money to develop and host a lot of FOSS, in our capitalist world, it’s impossible to offer a service without somehow receiving money to continue to provide that service.
Yes, for example I donate to thunderbird since I find it useful. And I wouldn’t mind donating to Firefox either provided they wouldn’t do this sort of fuckery.
though in the long run we need to overturn capitalism of course, and that an economic model is viable doesn’t mean we should sustain it or justify it.
Do you donate to FOSS software you use?
I do. Are there any other strawmen you’d like to throw at me?
“at me”?
Bruh, you’re not who they were responding to. You don’t have to insert yourself and then get defensive.
Well, this isn’t about you. If you’re blocking ads anyways, there’s going to be no data to report.
But Firefox needs webpage owners to be able to make a buck off of supporting Firefox. Otherwise, we’ll see even more webpages suggesting to switch to Chrome.
Then you keep blocking ads and nothing changes for you.
The backlash here is wild and completely uninformed. This is only good for consumers, the ads that this will affect are already tracking you in more onerous ways.
“They are already kicking you in the balls, so why not let Mozilla kick you too?”
Lmao no this is Mozilla giving you a cup.
You’re still missing the point. I know what the tech does. But it’s opt-out without user consent, not opt-in. And there is some phoning home for it to work, isn’t there?
This is Mozilla pulling your pants down while you sleep, grabbing your balls to put the cup, pulling the pants back up, then carrying on as if nothing happened.
This is the exact same story the whole internet has used and every time the 3rd party or whoever it is eventually gets corrupted and it turns out that they kept the original data. The company gets bought by Amazon or who google and repeat
Completely facile argument, right there in the last sentence.
We can keep fighting for something better while still accepting this as an improvement over what we have now.
YOU BUILT THE FUCKING THING. Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.
Who’s forcing you to make advertisers happy? Don’t answer that, because I don’t care. You can’t pretend to be about privacy and then build things that help advertisers violate it.
This one’s also pretty funny btw:
If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place.
Advertisers don’t give a shit. They have zero motivation to fix anonymization. They’re not going to HELP us get rid of privacy violations.
Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.
Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data
Advertisers don’t give a shit. They have zero motivation to fix anonymization. They’re not going to HELP us get rid of privacy violations.
That’s why a trusted third party is handling this. They care a lot, because of they fumble it they are now an untrusted third party and someone else will take care of the anonymization part
Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data
They’re going to do this anyway. As far as Firefox is concerned, it’s the browser’s job to stop them. That’s what Firefox is selling: privacy
because of they fumble it they are now an untrusted third party
Assuming I take this for granted, they have already fumbled it by turning on an anti-privacy feature without consent. They can no longer be trusted. Not that you ever should have trusted them because whatever motivation they have for pure moral behavior now, that will change with the wind when more VC money gets involved, or there’s been a change in management.
And firefox has ALREADY had a recent change in management, which is probably why THIS is happening NOW. They just bought an adtech firm for pete’s sake. Don’t trust other people with your data. At all.
Did you even read the article or are you just hating? There is a will known additional non profit that is well known and trusted by probably everyone that knows about it. This nonprofit is handling the anonymization.
Have you seen how many data breaches happen on DAILY BASIS?
There’s a freaking community here for dta breaches, they happen so often.
Plus, Johnny boy wasn’t exactly transparent about what they were doing, which is a huge part of the problem.
When people show you who they are, believe them.
Who, exactly, trusts this third party?
I’m so used to getting treacherously betrayed by third parties distrust is my default setting.
Maybn read the article, chill down a bit. We all hate advertisers here. Everyone trusts Let’s Encrypt, they’re privacy and encryption advocates who run one of the largests online certificates repository. They’re a nonprofit, and they have been doing this for a decade. They’re the reason the internet is a bit safer by promoting widespread implementation of encrypted traffic.
Sure, anyone can turn bad actor at any time. But this guys are starting from a really high bar and have a really strong reputation.
Add: also, this is a good step for Mozilla. We want a internet free from Google, and that includes financially. Google puts practically the totality of the money for the Mozilla foundation. Donations don’t come close to the millions needed to develop and support a web browser. A direct relationship with advertisers, under Mozilla’s terms and not the advertisers predatory terms, would be a good thing.
They keep saying many words waving hands frantically and people still don’t like it. I bet if they explain 10th time with colourful diagrams and 3 minute whiteboard explainer video people still won’t like it. Such an ungrateful crowd
You need hands on workshops, we will organise them with foundation budget. That will surely explain things sufficiently. We will also give out informational flyers in small communities to foster local enlightenment.
They are definitely in a weird position. On one hand, the current state of internet advertising is horrifying. This has nothing to do with anything Firefox has done. On the other hand, trying to explain to privacy absolutists why these innovations in targeted advertising is actually a revolutionary leap in user privacy, is obviously never going to take.
And what is the advertising industry doing to earn back the trust that they’ve eroded with their incessant, relentless abuse over the entire life of the Internet?
Creating ads that are even more targeted to you so you can forget about everything and buy that electric kitchen knife you just saw scrolling reddit
I don’t know, I am on the fence about the XYT FULLFORGE lithium powered, rechargable electronic kitchen knife I saw on reddit. I just don’t know if I can trust the comments which say it stays sharp forever, and I am very skeptical that it truly has the fastest cutting speed of any knife on the market. Perhaps I will go read the Amazon reviews again to get more information about the patented digital motor design.
Mozilla: We want to offer anonymised data so advertiser stop trying to track you with shady means. You can opt ou tho.
Privacy ultras: WHY YOU WANT DATA?!
Mozilla: …
The problem for me is not that they implemented this. The problem is that they TURNED IT ON without my consent!
Money is the answer
Why is Firefox getting involved in ads? 💵? To reduce their dependence on Google’s payment for keeping Google as the default search engine?
“You have become the very thing you swore to destroy”