this post was submitted on 13 Jul 2024
283 points (96.4% liked)

Firefox

18037 readers
337 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
 

Original toot:

It has come to my attention that many of the people complaining about #Firefox's #PPA experiment don't actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧡 is in order.

Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn't actually sell products.

Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren't going to stop using it until someone convinces them there's something else that will work better.

"Contextual advertising works better." Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don't trust it.

What PPA says is, "Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?" The data that the browser collects under PPA are sent to a third-party (in Firefox's case, the third party is the same organization that runs Let's Encrypt; does anybody think they're not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.

This allows advertisers to "target" which sites they put their ads on. It doesn't allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they're doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they're doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

you are viewing a single comment's thread
view the rest of the comments
[–] laughterlaughter 1 points 5 months ago (1 children)

Your browser already submits information about you by virtue of existing.

I already addressed this, for I wrote: "I decide when my browser sends anything to the Internet about me." If I visit a webpage, I know the browser is sending a request. What I wasn't expecting was the actual browser collecting data on its own and sending it to some third-party.

What this does is put the mechanisms to ring fence that in place. The same way that the Enhanced Tracking Protection does.

Not the point and we've already gone through this.

Regarding the opt-in versus opt-out stuff. That’s a dead fish. People go with what the default is. By default ETP is on. By default, autoplay is off. By default, HTTPS only mode is always on.

None of that is sending data about my browsing habits to some third-party. Maybe HTTPS, but even you can tell you're using HTTPS because of an icon next to the URL in the address bar. Where is my "icon" for the ad-anonymization thingie? That's my point.

[–] [email protected] 1 points 5 months ago (1 children)

You're ignoring the fact that fingerprinting exists and I don't get why.

[–] laughterlaughter 0 points 5 months ago (1 children)
[–] [email protected] 3 points 5 months ago (1 children)

It very much is the point. Whether we like it or not, fingerprinting is one of the dark practices that measures like this are designed to prevent. Where advertising publishers, take information that should be innocuous and use that to identify you, across a myriad of sites, thus identifying your browsing habits and what is trending and most importantly what you're spending on. To say that's not the point is ridiculous, because that's the very point. That's why Firefox has to bring in cookie isolation, without your explicit consent BTW, along with ETP and a bunch of the other things I mentioned above. And what did the advertising industry and the likes of Meta do? Find new ways to track you and identify you. Luckily, while Firefox was playing whack-a-mole, a proposal was put forward to the W3C. It says, hey if web publishers of the advertising kind can receive some specified data, can you be happy with that? After a lot of negotiation, they settled on a compromise and agreed to shun all that didn't agree, on the advertising side. There was just one last step, the proof-of-concept! Mozilla said, we're independent, we care about our users and we have enough users to provide a decent sample, let's lead the charge on this and improve the Internet, but they should've hinged the progress of the entire world wide web on your consent, when you're not even willing to understand what the question is.

Oh well, have a good day.

[–] laughterlaughter 0 points 5 months ago* (last edited 5 months ago) (1 children)

Not the point. This is a completely different argument.

Let's make it simpler for you:

What do you think of Mozilla activating a feature that phones home without telling you first?

^ Answer that question, and that question only.

Any "but... but..." is not the point, which is what you've been doing so far.

It's not about doing the right thing or not. I completely understand that. It's about consent.

Consent.

Consent.

If they don't ask for consent now, they won't ask for consent later for something you, yes, you won't like.

[–] [email protected] 2 points 5 months ago (1 children)

What do you think of Mozilla activating a feature that phones home without telling you first?

Like telemetry? I begrudgingly accept it, because I trust them as my browser vendor. They're what I consciously and explicitly chose.

[–] laughterlaughter 1 points 5 months ago* (last edited 5 months ago) (1 children)

Nope, telemetry doesn't count. Do you know why? Because the browser informed you that they were collecting telemetry with a small bottom message, giving you the option to turn it off if you wanted.

In other words, they asked you for your consent.

Now, please answer the question.

What do you think of Mozilla activating a feature that phones home without telling you first?

[–] [email protected] 2 points 5 months ago (1 children)

Bruv, I'm not gonna lie to you. My mental capacity for this argument expired with my sleep. It's a new day, I moved on.

[–] laughterlaughter 3 points 5 months ago (1 children)

Fair enough. Good discussion. Have a nice day.

[–] [email protected] 2 points 5 months ago

I actually really enjoyed it to be honest. I'm definitely gonna be keeping an eye out for your posts in the future. Even if I disagree with you, it's good to see high quality reasoned discussion.