Original toot:
It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.
Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn’t actually sell products.
Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren’t going to stop using it until someone convinces them there’s something else that will work better.
“Contextual advertising works better.” Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don’t trust it.
What PPA says is, “Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?” The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.
This allows advertisers to “target” which sites they put their ads on. It doesn’t allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.
Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they’re doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.
Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.
Me wondering why the Firefox package archive is suddenly controversial…
does anybody think they’re not trustworthy?
I didn’t until I read that sentence. I actually get what they are trying to do here, but good grief…
I understand it perfectly fine thank you. This should not be a hidden opt-out option.
If you have to add “noise” to the data to prevent deanonymization, then that just means the data can be deanonymized. Noise is irrelevant.
This is just straight up wrong. Additive noise is an extremely common - fundamental, even - part of data anonymisation.
https://sdcpractice.readthedocs.io/en/latest/anon_methods.html
It’s like saying “if you have to use randomisation to encrypt data, then it means the data can be decrypted. randomisation is irrelevant”
Nope
You clearly are not here to engage in productive conversations. I’m blocking you and I recommend anyone else reading this to do the same.
I don’t argue with trolls. There has been plenty of discussion as to why this is bad news.
I measure noise several times a week and quantify it in an effort to locate its sources. Noise is a very effective way to hide information, and becomes more effective when the number of domains increases.
To give you an idea of how this comes into play, I use many different tools and methods of analysis to locate sources of noise in two domains, time and frequency. We’ve been formally studying noise in those two domains for like 150 years, so there’s a lot of information, equipment and techniques out there.
It’s still very hard.
The type of data used in PPA has (based on my limited understanding) at least five domains, each of which contain data with a “bit depth” that’s an order of magnitude more than the signals I usually work with.
I think noising would be an excellent method to anonymize PPA data.
What if we just didn’t collect data
The fact that mozilla does’t understand what user consent is, is alarming about where they are heading.
That, and the point that ad blasters want to know the gory details of your private life in order to make their ads that one or two percent “more effective”.
Does the Firefox really believe that sites will stop throwing a gazillion cookies and trackers just because they now also have PPA?
I, for my part, opt to block both the cookies and trackers as much as I can and the PPA, too.
If they didn’t understand user consent, would they really have the ability to opt out? I get that you’re on your soap box and seething with anger, but let’s not devolve into ludicrous nonsensical reframing.
When Chrome asks the user to activate a similar feature while Firefox doesn’t - welp, no. They don’t understand user consent.
Imagine finding a Mozilla microphone under your dining table. “Oh, but you can remove it and toss it. That’s understanding user consent!”
When Google utilised their Chrome dominance and forced the web into manifest v3 so they could curtail adblockers, did they ask for your consent?
No, and that’s why I don’t use Chrome. But at least they said they’d do this.
Mozilla in turn said “hey here’s this neat feature. Don’t worry, it’s optional!” And then they silently activated it for everyone with an update.
Mozilla said, “hey, in the chance you see an advert on the Internet, this will anonymise the data sent to the ad publishers for you automatically” and you said, “how dare you”!
Red herring, and you’re missing the point, and this is getting frustrating. If you ignore the argument below again, I will stop responding to you.
From the Mozilla’s website (so you don’t say I’m ill-informed):
https://support.mozilla.org/en-US/kb/privacy-preserving-attribution?as=u&utm_source=inproduct
Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.
Zoom in:
Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.
Zoom in:
anonymously submits it
Zoom in:
submits it
This is after an update, and it’s opt-out, that is, enabled by default. And not a single notification about it. If I don’t check my settings, or read about it, I would have never found out about this.
WHY IS MY BROWSER SUBMITTING ANYTHING WITHOUT ASKING ME FIRST?!
Plus it’s described as an experiment. And I’ve already told Mozilla to NEVER include me in any of its “experiments,” after the whole Mr. Robot fiasco. If this is labeled as an experiment, why is Mozilla not respecting my decision?
That’s the issue I have with it. It doesn’t matter what it is. It doesn’t matter if it’s “for my own good.” I am supposed to be in control of my browser. I decide when my browser sends anything to the Internet about me, even if it’s anonymized.
I would expect this from Chrome, and that’s why I don’t use it; not Firefox.
Your browser already submits information about you by virtue of existing.
What this does is put the mechanisms to ring fence that in place. The same way that the Enhanced Tracking Protection does.
Kinda like how even if you’ve had an STI test recently, you should still use a condom when sleeping with strangers.
Regarding the opt-in versus opt-out stuff. That’s a dead fish. People go with what the default is. By default ETP is on. By default, autoplay is off. By default, HTTPS only mode is always on.
These are all things that happened without my explicit consent and they’ve all made the Internet a better place for normal people, not like me and you, but normal people who rely on the best defaults possible.
Hmm.
Let’s not.
It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it
The documentation under the “Learn more” link next to the “Allow websites to perform privacy-preserving ad measurement” checkbox in Firefox preferences explains very clearly what it is and how it works. Asserting that people who read that and are indignant about it being enabled by default just… “don’t actually understand” it is absurdly insulting and basically gaslighting.
The vast majority of people never read the source material for anything, and that’s usually perfectly fine. They learn new things because other people told them about it. Most of the time this works great. Sometimes small changes in the explanation can make a big difference, and the game of telephone can have big impacts on people’s perception of a thing. It’s almost certain that most people complaining haven’t read the explanation, and in this particular situation it’s an issue.
Edit: opt-out shenanigans notwithstanding.
What ever happened to micro transactions? Weren’t they supposed to be the way we compensated web producers? Instead we got ads.
The question is, how do we pay content creators? Websites? Etc. Nostr has a potential solution. In the last two months, their users “zapped” aka tipped nearly a million dollars ($950k) to content creators on their platform. And it doesn’t just make it easy to pay content creators, but to also put a portion of your “zaps” towards the relay you use or development of the software if you want. If you have a nostr account, you can easily tie it to a lightning address to send/receive tips, nostr doesn’t take a fee. Relays can also portion out a bit of their zaps for the people who publish the most engaging content on their relay. The possibilities are quite extensive. And because it’s over lightning, zaps happen instantly and for pennies or less in fees. And you could expand this infrastructure from just tweets to web browsing as well. In nostr, as you could in theory for the rest of the web, you can say “I want to donate $5 a month, split it up among all the posts I liked”. Though, you can use nostr without zaps at all.
For those unfamiliar with nostr, it’s a decentralized social media software much like ActivityPub/mastodon, the main use right now is as a twitter/instagram clone but there’s also a reddit-style section being built up as well. Moderation abilities from the perspective of the instance/relay are identical to activitypub/mastodon. But one bonus if that if your relay goes down, you don’t lose your identity, since your identity and relay are separate. And if you change apps or relays (you are typically connected to multiple relays), all your content moves with you seamlessly. And the payment/zap infrastructure is all decentralized, relays don’t ever custody or manage the payments. If you tip a content creator, it goes directly from you to them. The lightning network has basically limitless transaction capacity. If you have cash app, it supports lightning, so you can already send zaps (you will need different apps to receive zaps though because cash app doesn’t support the LNURL standard). Strike natively supports it. And because it’s lightning, it works in every country automatically.
Long-term, if I am a content creator, which “fedi”-type system is going to be attractive to me? One where users can send me tips and mircopayments or one where they can’t? This is why I think nostr is going to win out long-term over AP/Mastodon. Mastodon could add this kind of functionality but I don’t get the impression they’re open to it. People may not want to commit to yet another $5/month subscription to a YouTuber’s patreon or nebula or whatever, but they are happy to tip 1-10c after watching a video. So there’s a psychological beauty to micropayments as well. As some random person I have made like 7c on tips this month, but I’ve also given out plenty to other people.
This is the exact same story the whole internet has used and every time the 3rd party or whoever it is eventually gets corrupted and it turns out that they kept the original data. The company gets bought by Amazon or who google and repeat
It’s LetsEncrypt. If you don’t trust them the open web has bigger problems than Firefox’s new setting.
I wouldn’t be surprised if most CAs are secretly compromised. I’m surprised nobody ever talks about it or wants to know how they operate securely if at all.
100% it’s gets bought by Google, Amazon, Microsoft or Apple.
This is bullshit. The total amount of advertising I want is zero. The total amount I want of tracking is zero. The total amount of experiments I want run on my data without consent is, guess, zero.
Well, this isn’t about you. If you’re blocking ads anyways, there’s going to be no data to report.
But Firefox needs webpage owners to be able to make a buck off of supporting Firefox. Otherwise, we’ll see even more webpages suggesting to switch to Chrome.
Then you keep blocking ads and nothing changes for you.
The backlash here is wild and completely uninformed. This is only good for consumers, the ads that this will affect are already tracking you in more onerous ways.
“They are already kicking you in the balls, so why not let Mozilla kick you too?”
Lmao no this is Mozilla giving you a cup.
You’re still missing the point. I know what the tech does. But it’s opt-out without user consent, not opt-in. And there is some phoning home for it to work, isn’t there?
This is Mozilla pulling your pants down while you sleep, grabbing your balls to put the cup, pulling the pants back up, then carrying on as if nothing happened.
Do you donate to FOSS software you use?
Your options are ads or donations. As it costs money to develop and host a lot of FOSS, in our capitalist world, it’s impossible to offer a service without somehow receiving money to continue to provide that service.
Yes, for example I donate to thunderbird since I find it useful. And I wouldn’t mind donating to Firefox either provided they wouldn’t do this sort of fuckery.
though in the long run we need to overturn capitalism of course, and that an economic model is viable doesn’t mean we should sustain it or justify it.
Do you donate to FOSS software you use?
I do. Are there any other strawmen you’d like to throw at me?
“at me”?
Bruh, you’re not who they were responding to. You don’t have to insert yourself and then get defensive.
The top level comment is a pretty generic and widely agreeable within privacy circles statement, so yeah the reply was reasonably interpreted to be directed at people who agree with the top level comment, not just the author of the comment specifically.
It was against an opinion I agree with… I’m sorry for “inserting myself” into a completely public discussion on social media 🙄🙄🙄
Based
Well you can’t have that because it guarantees you stay irrelevant and broke. Google did not make money off of you and you were never their target audience. Google and Chrome only ever existed because the majority of people click ads. Same thing here. Mozilla has been ad-funded since at least 2005.
Then keep blocking ads and opt out of it. Not that hard isn’t it?
It’s hard when I don’t get told about it and find by chance.
It sure would have been if the community wasn’t raging about it - most of us would have never learned it was turned on in the first place.
opt-out (instead of opt-in) should be illegal.
Okay, but should every other feature that has downsides then also be opt-in only? Should javascript be opt-in? Should storing cookies? Should HTTPS? – After all, for the encryption to work, you need to send something to someone. Actually, should HTTP be opt-in in your web browser, since it mandates sending requests?
Yes, there’s no reason everything can’t be opt-in.
I don’t think Firefox is for you. Firefox is a sane defaults type application, not an unopinionated humble application. It has a lot of settings which everyone appreciates, but ideologically it’s targeting someone else.
Sane defaults like forced ad-tech?
Version 120 added a GPC option called “Tell websites not to sell or share my data”… too bad it doesn’t apply to Mozilla themselves.
You mean “on ad-tech”, it’s a setting, it’s not forced. Firefox by default has cookies and javascript on, which are also primarily ad-tech. The decision to allow ads by default was made a long time ago. It’s what most users want.
@refalo well, consider the entire Fediverse illegal then…🤨
as far as GDPR is concerned, yes I think federated services are illegal.
Wait, what’s the context for this claim?
@refalo but that’s not what you originally said. But yeah, I’d like to see them take down all 25,000+ of us. Especially when a ton of them aren’t in the EU.
Sow do you plan to pay sites for the resources you use?
It depends, but mostly no. And if that means some sites are not economically possible, so be it.
I do donate to sites I regularly use, and find this much preferable to ads. I think most people find this preferable to ads, given how much I see popular ad-free websites raising during donation drives.
Anonymized data doesn’t exist. It can always be de-anonymized.
It’s a balance between useless and identifiable. You could take someone’s search queries and anonymize them very easily. Take that data, mix it into a copy of Moby Dick, and completely scramble it. That data is 100% anonymous, albeit completely useless.
The idea is to find a midpoint between that and completely identifiable.
No? If it’s anonymized to “someone somewhere clicked this ad” that’s not possible to de-anonymize.
Do I expect it to be that anonymized? No. But the idea that it is always possible to de-anonymize data is just plum wrong.
If that was the extent of the data available, no advertiser will ever use this.
From reading the learn more link, it’s meant to just give them info on what ads worked. They would absolutely want this info, even if it was just “the ad you ran last week resulted in a dozen sales.”
Why would you think otherwise?
Mozilla: We want to offer anonymised data so advertiser stop trying to track you with shady means. You can opt ou tho.
Privacy ultras: WHY YOU WANT DATA?!
Mozilla: …
Why would they stop?
The problem for me is not that they implemented this. The problem is that they TURNED IT ON without my consent!
Money is the answer
Why is Firefox getting involved in ads? 💵? To reduce their dependence on Google’s payment for keeping Google as the default search engine?
“You have become the very thing you swore to destroy”
People will bitch about anything.
Why wouldn’t you bring all this up before you shove it into the browser to be discovered later, and make it the default? Whoever thought this was a good idea should be shot with a ball of their own shit.
Mozilla has been working on anonymized advertising for quite some time now, there were news and job postings.
OK, I’ll watch their job postings like a hawk to learn what their strategies are going forward. Thanks for the tip!
I’m pretty active in FOSS news, never saw a thing about this before it was rolled out. Maybe that’s on me and I just missed the obvious, but probably not. I don’t seem to be the only one taken by surprise.
I guess they should’ve been more transparent about it.
This is one of the publications from 2022 where they mentioned working on privacy-preserving advertising: https://blog.mozilla.org/en/mozilla/privacy-preserving-attribution-for-advertising/
Maybe it wasn’t as popular in the media because there’s nothing exciting about it for the public.
They should’ve brought it up before. Yes. They had to make it the default though. That was unavoidable.
They had to make it the default though. That was unavoidable.
For it to be useful at scale, sure, but reading this it sounds like Chrome’s version of it is still “experimental” and opt-in. Hopefully the backlash prevents it from being developed further.
What the heck Mozilla? The people complaining are the ones who understand it. Anyone who thinks this is ok is either a die hard Mozilla fan or doesn’t understand what it does. This is targeted advertising. You know how companies target vulnerable minorities? That’s what this enables. It isn’t just about “privacy” as targeted advertising is dark in many other ways.
And what is the advertising industry doing to earn back the trust that they’ve eroded with their incessant, relentless abuse over the entire life of the Internet?
They’re not supposed to have trust. That’s why they’re only allowed fully anonymised data under this scheme. They do pay the bills, though, so they can’t be completely banished until there’s an alternative source of money.
That does nothing to deal with malware distribution, which has been a problem in pretty much every ad network. It does nothing to address the standard practice of making ads as obtrusive and flashy as possible.
I do not accept the premise that advertising is the only possible business model for quality web sites. History suggests the opposite: that it is a toxic business model that creates backwards incentives.
So because it’s not THE perfect solution to every problem related to ads ever we should just not do anything?
It doesn’t always have to be black and white.
Not at all. But I want to see advertisers make some goddamn effort of their own, and accept some responsibility for the shitshow that they have created.
And until that happens, I’m certainly not going to feel bad about blocking ads across the board.
It sounds like they’re suggesting we block ads, not do nothing.
There is no such thing as “fully anonymised data”. Data can be de-anonymised by anyone who aggregates it. It’s been demonstrated over and over and over again.
This is just false, there is a mathematical framework for aggregating data in a way that prevents de-anonymization https://en.m.wikipedia.org/wiki/Differential_privacy. This is what the US census department uses to release census statistics without impacting anyone’s privacy.
Whoever reports this “anonymized” data still knows something about you, whether that’s a census employee at your physical house, or a website having your IP address. We can’t stop that information falling into the wrong hands. Bad actors are everywhere. All we can do is not provide the information in the first place.
And because of that, the advertisers are not the ones aggregating it
Go ahead and send me ads, and I’ll just block your site … never go there except when someone tries to trick me into it, and then my SITE-BLOCKER will refuse for me. Our now and future business IS OVER.
“But why don’t you just trust us?” Because I’ve been online for 30 years and it’s been downhill ever since.
Creating ads that are even more targeted to you so you can forget about everything and buy that electric kitchen knife you just saw scrolling reddit
I don’t know, I am on the fence about the XYT FULLFORGE lithium powered, rechargable electronic kitchen knife I saw on reddit. I just don’t know if I can trust the comments which say it stays sharp forever, and I am very skeptical that it truly has the fastest cutting speed of any knife on the market. Perhaps I will go read the Amazon reviews again to get more information about the patented digital motor design.
Adds so targeted they become your only friends.
…you have a link for that electric kitchen knife?
I want the old internet back. God it was so wonderful before the dotcom bubble.
Well maybe if you had been fucking transparent about what you were doing, this wouldn’t be an issue, you condescending, prevaricating, hubristic jackass.
At first I thought this guy was speaking on behalf of Mozilla, but he doesn’t work for Mozilla.
He works for the US government.
Man alive, I thought that Mozilla had been doing their own Personal Package Archives so that we didn’t have to deal with Ubuntu packaging it as a Snap anymore. And this is doubly disappointing.
I think you are looking for this PPA: https://launchpad.net/~mozillateam/+archive/ubuntu/ppa
Alternatively, https://support.mozilla.org/en-US/kb/install-firefox-linux#w_install-firefox-deb-package-for-debian-based-distributions
Me too. Still dont know what PPA is in this context :/
Privacy Protecting Advertising.
actually it stands for “Privacy-Preserving Attribution”.