this post was submitted on 13 Jul 2024
56 points (93.8% liked)

Firefox

1058 readers
71 users here now

The latest news and developments on Firefox and Mozilla, a global non-profit that strives to promote openness, innovation and opportunity on the web.

You can subscribe to this community from any Kbin or Lemmy instance:

Related

Rules

While we are not an official Mozilla community, we have adopted the Mozilla Community Participation Guidelines as far as it can be applied to a bin.

Rules

  1. Always be civil and respectful
    Don't be toxic, hostile, or a troll, especially towards Mozilla employees. This includes gratuitous use of profanity.

  2. Don't be a bigot
    No form of bigotry will be tolerated.

  3. Don't post security compromising suggestions
    If you do, include an obvious and clear warning.

  4. Don't post conspiracy theories
    Especially ones about nefarious intentions or funding. If you're concerned: Ask. Please don’t fuel conspiracy thinking here. Don’t try to spread FUD, especially against reliable privacy-enhancing software. Extraordinary claims require extraordinary evidence. Show credible sources.

  5. Don't accuse others of shilling
    Send honest concerns to the moderators and/or admins, and we will investigate.

  6. Do not remove your help posts after they receive replies
    Half the point of asking questions in a public sub is so that everyone can benefit from the answers—which is impossible if you go deleting everything behind yourself once you've gotten yours.

founded 1 year ago
MODERATORS
 

121

Discussion

Right. I'm getting tired of seeing people dump on Firefox and Mozilla about this thing in the release notes:

Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.

What is this? And why is it not something to get heated about?

Attribution is how advertisers know how to pay the right site owner when someone clicks on their ad. It's important for ad-supported sites that clicks get attributed.

Right now, attribution is basically incompatible with protecting privacy. Advertisers use every method of tracking you can name, and some you can't, to provide accurate attribution.

The Privacy Preserving Attribution API is an experimental way of informing an advertiser that someone clicked on an ad on a given site without leaking that it was you, specifically, who did that. Specifically, ads using the API ask Firefox to remember that they were seen, on what sites, and to what sites they lead. Then, when the user visits the destination site, the destination site asks Firefox to generate a report and submit it via a separate service that mixes your report with reports from other people and forwards these aggregated reports in large batches. Any traces that might be unique to you are lost in the crowd.

This is still experimental, being enabled by Mozilla on a site-by-site basis as developers request it. It's not a free-for-all yet, and I can only find one entry on Bugzilla of a site who's requested it.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 27 points 3 months ago (2 children)

what I’ve seen so far is that the heat isn’t against the API, it’s against it being shipped enabled by default (opt-out rather than opt-in)

[–] Carighan 7 points 3 months ago (1 children)

That's a requirement of being usable however. It has to be the default.

[–] [email protected] 9 points 3 months ago (3 children)

@Carighan @cerement personal data slurping has to be opt in the EU however. So not sure how #noyb etc will feel.

[–] kuneho 6 points 3 months ago (1 children)

it's not personal, though. that's the point

[–] [email protected] 7 points 3 months ago (1 children)

@kuneho Meta is not inventing this out of the goodness of it's heart. Just like how Google privacy sandbox is a fruit of a poisoned tree, the idea should be treated with extreme caution. If not, well, the NSA have a great new encryption standard they'd love you to use too.

#paranoid

[–] kuneho 2 points 3 months ago
[–] [email protected] 4 points 3 months ago

This would very likely be considered anonymized data, which means it is not personal data and the GDPR does not apply.

[–] [email protected] 3 points 3 months ago

From my understanding this is only a value add in terms of privacy? It's basically just asking every site to use this more private form of attribution, so I don't believe there's any more personal data being collected, it's just trying to send it in a more anonymized way if a given site supports it.

[–] [email protected] 6 points 3 months ago (1 children)

Itd be useless opt-in though, why would companies adopt somehting that only a small minority

[–] [email protected] 14 points 3 months ago

You're just supporting the point.