Oh. Bigger story here appears to be that the proposal is publicly editable and has already been vandalized. I'm not going to link to it, but I will say that I'm not thrilled that Mozilla is handling proposals using these formats/hosting choices.
So much of this feels weird to me.
I don't understand how I'm supposed to take Mozilla partnering with Facebook, I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard or that it would ever do anything other than try to weaken the standard.
I can't read up on the IPA standard because the link is currently being vandalized, so I can't really comment on that, but this is dangerous ground to tread and also I vaguely feel like as a user I might want to not have ads attributed across devices.
Before anybody jumps in and yells about how Mozilla is worse than Google, let me point out that Firefox is still objectively the best browser to use for privacy right now. But crud this announcement is weird and vaguely tone-deaf and doesn't make me feel good, and I think at the very least it should have been worded less as a celebration, or at least should have spent more time going into why I shouldn't feel uncomfortable about the whole thing.
It's potentially a longer conversation, but the article also doesn't really make a strong case for why I should be rooting for a privacy-respecting system for advertisers in the first place.
> I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard or that it would ever do anything other than try to weaken the standard.
I don’t think that’s why you want FB/Meta here. But you want to make sure this is useful enough for the ad companies so this actually becomes a solution. If you build a super private solution no advertising company wants/can use, then you’re just wasting time.
Assuming the competition is standard built by Google within itself, this makes sense.
(Meta employee, don’t work on ads, opinions my own)
> But you want to make sure this is useful enough for the ad companies so this actually becomes a solution.
I guess the question though is: is Facebook going to stop delivering ads if the solution isn't good enough? Why is it important that Facebook like the system?
Facebook was very upset about Apple's privacy changes, it didn't get rid of ads on iOS. It's been very upset about a lot of things. What throws me in these conversations is that I'm not sure why the solution has to be one that Facebook is happy with. What Facebook would be happy with is as much data as they're allowed to have. And also, Facebook doesn't really have veto powers over what anyone else does, so it's not like we need to find a middle ground with the company.
Part of the problem of building a solution that's good enough that advertisers won't want more is that it's difficult to believe that solution exists. Facebook is pretty clear that the constraints on what they'll collect is defined in their internal/public privacy policies, and within that constraint they will collect as much data as the platform offers.
I'm not aware of any instances of a platform offering an ad attribution system that was privacy preserving, and having Facebook (or other companies) decide not to do any fingerprinting or insert any tracking links into pages, or use any cookies on that platform. I also find it really hard to believe that if Mozilla cracks down on fingerprinting and doesn't provide an alternative that Facebook is happy with, that Facebook will stop selling ads.
Yea, there seems to be an unwarranted assumption that Facebook is somehow a necessary part of the ecosystem. They aren't. The internet will continue without them and doesn't need them.
> Expecting advertisers to stop advertising on the Internet is like expecting all the billboards on the highway to blow down.
That's not the expectation at all, in fact quite the opposite.
Giving concessions to advertisers doesn't make anything change. Anti-fingerprinting is the way you stop advertisers from fingerprinting. Nothing else short of legislation will work, and even legislation doesn't always work in every scenario.
Expecting advertisers to behave just because you gave them a more private attribution system is like expecting ants to stop going onto your countertops just because you put a cupcake on the floor.
The question is, given that Facebook will always take as much data as they are able to technically extract from the browser, and given that you're correct and advertisers are not going to stop advertising on the Internet regardless of what restrictions are put up -- why is it important to make them happy or to give the company concessions? Building a system that Facebook is happy with won't make its behavior change, so why do we care if they like the things we build?
Funny enough, that cupcake trick works for bees (old Boy Scout trick: if you're having bee trouble, put some juice in a can and set it away from the campsite. Bees will gravitate towards the easier target).
But on the topic: at least in the US, if we're talking a legal solution, there won't be one that doesn't factor in the needs of Fortune 500 companies. And attempts to build solutions not factoring them in in Europe got us, well, the GDPR and infinite consent dialogs.
Better to bring parties to the table than try to hash a solution that pretends they don't have interests here.
GDPR works rather well, if given enough teeth. At the very least, nobody in the EU and the UK is quite so reckless with personal data as they used to be, which is the point. The infinite consent dialogs... I'd argue they were an oversight during the drafting process, and that nobody expected companies to go full-idiot just to keep processing and collecting data, rather than just comply with the law in the simplest possible way - which is to just stop collecting guest visitor data.
> nobody expected companies to go full-idiot just to keep processing and collecting data, rather than just comply with the law in the simplest possible way
But there was over a decade of frameworks built on the old "collect everything and use it later" model. By default, even Apache collects enough information to be considered a GDPR violation.
Throwing a dialog up and putting one cookie on the end-user's machine was the simplest possible way; the alternative was a mass audit of all dependencies.
(... and if anyone drafting the law didn't realize this, it would strongly indicate they didn't pull enough industry people into the process to draft a good law).
> do we want an ever-escalating arms race or a negotiated peace?
I have yet to see an evidence that a negotiated peace is possible, and I have seen a lot of evidence that suggests to me that it is impossible.
I personally would rather see hard anti-fingerprinting features in browsers, potentially combined with legislation to fill in the gaps. I have seen a lot of evidence from platforms like iOS, and from web standards like deprecating cookies, that advertisers are only willing to come to the table after they've already lost, and that they only come to the table to weaken existing standards.
I have a lot of criticism of Apple, but I look at some of the changes in iOS that were made in regards to Facebook, and it's hard for me not to conclude that the best ways to tangibly improve privacy on platforms like Facebook are to just move forward without its permission. I look at adblockers the same way, there were no conversations about acceptable ads until advertisers thought it was possible that adblockers might become widespread.
It's not clear to me what a negotiated peace would entail or how to get there, but it is very clear to me how to improve anti-fingerprinting measures and how to pass legislation. Yes, that means that we're in an arms race, but if we understand that advertisers are always going to advocate for more tracking, it follows that a theoretical negotiated peace would also need to be constantly renegotiated over and over again.
Short of burning the industry to the ground and not having ads online, which I think is a separate conversation, I don't believe there is a stable solution to advertising and privacy. Whether it's legislation or technology or industry standards, they will always need to be defended and reinforced and renegotiated. There will always be advertisers arguing that they should be more lax. And I think that's part of why the idea of an arms race isn't that scary to me, because to me all of it is an arms race, including negotiated acceptable ad standards.
> Legislation definitely needs to be part of the solution.
Yup, that's about where I'm at. Standard Oil wasn't broken up because a lot of people made extremely rational arguments about how much monopolies hurt long term economic health to Rockefeller and he just changed his mind. It was broken up because the government stepped in.
Advertising is costing America an intense amount of productivity and we're going to need regulations and constraints to help restrict it (vermont has greatly benefited from said billboard restrictions)
It is devaluing our services causing them to be less competitive and decreasing worker productivity by lowering the enjoyment of leisure activities leading to higher stress and increasing tool friction. If you want numbers - I don't have them... but the effects on our mental health are pretty clear.
> More generally, though, I have to ask: do we want an ever-escalating arms race or a negotiated peace?
That's not a choice that's being offered. There is no reason to expect advertising platforms like Google or Facebook to ever be happy with "enough tracking". If they can get more information, they will want more, regardless of any "negotiations". This has been shown pretty clearly with the DoNotTrack header (now itself a tracking element), and the GDPR cookie policies.
I don't expect advertisers to stop putting up billboards and I don't expect them to blow down. I live in a part of the world where billboards are banned. Likewise, all advertisements are banned from my network and any devices I manage.
We are under no obligation to negotiate. Destroying the whole industry is on the table.
Yes but Firefox is NOT in any position to do that. The only ones are Apple via iOS Google through Chrome, and the Government and none do these entities have any incentive to do so. As such this is the most plausible way forward.
I'm not certain if Apple and Google acting bilaterally could actually kill advertising dead - I think, even with the enormous power they have, that we'd still need the government to come in as a rule setter to accomplish it. I think there's too much money on the table for both parties to stay honest in the long run for purely altruistic reasons.
The billboards are all virtual. If your interface doesn't render them they don't exist, and without colluding with advertiser's the size and rate of ads to a system that blocks ads is a meaningless number because they are never rendered.
The real question is why is my supposedly privacy preserving interface colluding with this advertiser at all? I do not want them involved in my interface and it seems contrary to Mozilla's userbase's interests.
Google at least went to the trouble of building a new browser and taking over the market. Facebook hasn't done anything to be involved except have money to pay off a seemingly corrupt mozzila
Advertisers, like all entities, are as free to do what they like as we allow them to be. They don't have to be a part of the conversation, we don't have to care about advertisers.
Cutting them out makes it more likely that the resulting law won't actually work IMO.
Nobody understands the ad industry better than advertisers. Incentivize them to compromise and we're more likely to get something that actually works than incentivizing them to get creative in finding legal loopholes.
In fact, I'd go so far as to say the comparison suggests an extremist position that should have no business dictating the law on the topic (still a position worth hearing while seeking compromise, of course).
They aren't murderers, but they sure are bullies [0], time wasters, attention thieves and they try to manipulate you into changing your mind about your choices.
Maybe the ideal is that it's none of those things, that advertising in theory should be about matching consumers with the product they'd like best - but the fact is that in the age of the Internet, it's been nothing but unwelcome manipulation, and everyone puts up with it because it's the only funding model that's "free" at the point of use.
What's your view on how this proposal compares to Apple's PCM? Why is Apple building a similar way for 3rd parties to reliably track users if this is overall harmful for users?
> What Facebook would be happy with is as much data as they're allowed to have.
Indeed. However, platform owners like Apple and Google are currently in a privileged position, where they make rules for others to follow but are free to collect any and all data they want.
> While we believe that Apple’s move to eliminate IDFA was done in the spirit of advancing consumer privacy, it may ultimately provide Apple with an advertising platform that is competitively advantaged vs. peers who don’t have access to Apple’s richer APIs
> What's your view on how this proposal compares to Apple's PCM? Why is Apple building a similar way for 3rd parties to reliably track users if this is overall harmful for users?
It's always tricky to talk about Apple's positions on privacy. In some areas they are very good, but in some areas they are very good at appearing to be very good. I think that Apple itself wants to be able to do some level of attribution on the web. I think that Apple is under a lot more stress from regulators than Mozilla is. Obviously Apple has an inherent interest in making it look like that's not the case and that they're just solely on the side of privacy.
I also think your concern about Apple/Google privileging their own platforms is completely accurate. However, I don't think that the solution to that is to make privacy worse in other areas, I would rather see Apple/Google hold themselves to the same standards that they hold other companies.
In short, I'm not angry at Apple for the changes it's making because they hurt Facebook, I'm angry at Apple for either ignoring those changes itself or making sure that those changes don't apply to parts of iOS and the web that are important to Apple. This has come up a couple of times with iOS; it's good that 3rd-party apps have more restrictions on tracking, I wish the built-in apps were the same.
I assume they would be happy if this became a standard that Apple buys into, but the real competition is Google's proposal. And if that doesn't work out, the status quo continuing with tracking via third-party cookies.
We can just outlaw certain types of tracking, your employer does not need to be given a seat at the table, nor does it deserve one.
Meta will happily use any data they can access about people, and this will just be an additional data point that augments the extensive behavioral profiles they have on most internet users.
This is yet another attempt to not accept no for an answer when it comes to data collection, because not getting any data on users who refused data collection is unfathomable to them.
> If you build a super private solution no advertising company wants/can use, then you’re just waiting time.
Which is why regulation is needed. Otherwise, any solution needs to be more attractive to the advertisers than the people they stalk (i.e. everybody else).
Is it me or these days major tech non profits feels marginally less of an advocate of privacy related matters compared EU as a whole? TBH I think GNU failed to make any sort of progress in terms of privacy because their ideology was always on the extremist side. And all the rest of the NGO's kept compromising to meet demands of big tech. Then you have the EU, who will just slap fines without compromising at all.
Moreover lobbying runs US govt. Tech non profits are financed largely by megacorps so they won't necessarily bite the hand that feed them.
> If you build a super private solution no advertising company wants/can use, then you’re just wasting time.
Not really. I don't want any advertising company to use any information about me under any circumstances. Working towards that goal is not wasting my time.
Your point of view is diplomatic, but it rests on the assumption that you actually need cooperation from adtech in order to make a solution.
As Apple has proven, this is simply not true: you just need the entities that control the browser / OS.
This implies that it’s not “collaboration with adtech” that you want, but rather “collaboration with the biggest browser vendors”. Unfortunately the biggest browser is in hands of Google.
Thus Google has a huge influence in this. But any other adtech company (including FB/meta) has no meaningful contribution.
Would you please stop breaking the site guidelines, regardless of how strongly you feel about $topic? It's not what this site is for, and it destroys what it is for.
We've already asked you repeatedly not to post flamewar comments on HN. Not cool.
THE story - in fact, the REVELATION - here is that Mozilla thinks it's OK to cooperate with Facebook on PRIVACY work. You can't make this shit up. Not even on hard drugs.
As other commenters have pointed out, it makes sense to work with one of the two largest advertising firms when figuring out how to support their advertising needs, while maintaining user privacy.
If Facebook doesn't use this method, the work towards private attribution that Mozilla is doing doesn't matter.
Furthermore, Mozilla is requesting feedback from everyone, not just Facebook, which helps keep Facebook (and Mozilla) honest in this process.
I think at the very least championing that partnership is pretty tone-deaf.
The only people who are excited to see Mozilla partner with Facebook are advertisers. I disagree that Mozilla needs Facebook's particular input on this, but ignoring that, even if we say that they do, I'm still somewhat at a loss why they would expect normal readers to be excited about seeing Facebook's name pop up in an article title or why they would think that's something worth bragging about.
It reads like an article written for advertisers, with some fluff (maybe the standard is good, but they're not really going into detail) that basically amounts to "also don't worry, this isn't that bad for you."
I mentioned this further up above, but regardless of whether you like targeted advertising or not, this article still doesn't really make the case why I as a user should be excited about the idea that attribution should work across devices. I don't understand how any of this is good for me as a user outside of the broad idea of "ads pay for things, so you should care if advertisers are happy."
> I don't understand how any of this is good for me as a user outside of the broad idea of "ads pay for things, so you should care if advertisers are happy."
If it works, the improvement for users is that it provides similar monetization for sites (which benefits users in the broad way you described) but without advertisers tracking individuals across sites.
> As other commenters have pointed out, it makes sense to work with one of the two largest advertising firms when figuring out how to support their advertising needs, while maintaining user privacy.
How about not figuring out how to support advertising needs? They can just stick to figuring out privacy.
> What alternative would you propose?
They could focus on user needs. Having an ad-blocker by default would be a good start. Figuring out how to remove advertisers and the incentive to advertise (and thus SEO spam etc.) from the internet is a goal I would support.
Stop worrying about what companies want and focus on your users. Advertisers are not Firefox users. Firefox users want to block ads, not have sanctioned tracking.
> If Facebook doesn't use this method, the work towards private attribution that Mozilla is doing doesn't matter.
That work already doesn't matter before it begins. There is no solution Facebook will support that actually preserves user privacy, because their core business model is based on broad surveillance.
Any resulting standard will be user hostile and/or useless to advertisers.
This makes the endeavor obviously a waste of resources on Mozilla's part (unless, of course, they plan on selling out their own users to advertisers, in which case it's a great first step).
Google's FLoC was proposed openly as this one is. Everyone and their grandma was up in arms about it. Why give Mozilla a free pass? What is so special about this proposal?
They've taken Google's money before. Why not siphon off Meta before the company crashes and gets liquidated. /s
Am glad Mozilla's true commercialization intentions are coming full circle. They recently introduced Firefox suggest[0]. Maybe they can finally retire the privacy-first corporate-goobly talk they have been parading for quite some time and join the adtech space as a fresh objectively neutral player.
> I don't understand how I'm supposed to take Mozilla partnering with Facebook, I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard or that it would ever do anything other than try to weaken the standard.
You should take it the exact same way as when:
- Mozilla put proprietary, closed-source DRM (widevine) into their product
- Mozilla put nonconsensual (opt-out) telemetry (aka spyware) into their product
- Mozilla put Google backend services into their product
- Mozilla put advertising/paid placement into their product
The "Mozilla is about privacy and open standards" meme is a false one and has been for a long time. Actions speak a lot louder than words.
I did raise a stink over closed-source DRM, I raised a stink not just over Firefox adding it, I raised a stink over the entire web standards process. I have raised stinks about telemetry and advertising within Firefox. I've raised stinks about Pocket being purchased and not Open Sourced, and then integrated into the browser by default. I've raised stink about a lot of things.
Nevertheless, it is still objectively true that Mozilla Firefox is the best mainstream browser right now for privacy, and anyone who argues otherwise is either not looking at the bigger picture or hasn't done much research into how companies do the majority of their tracking online. The privacy problems that Mozilla has had have objectively less impact on people's everyday privacy than Chromium's hobbled extension support. The ability to turn on anti-fingerprinting features uplifted from Tor is more important than whether or not Google search is enabled by default. Container-extensions are more practically impactful on everyday privacy than Pocket is.
I am literally complaining about and criticizing Mozilla right now, and yet the immediate reaction is to jump on the one positive thing I said and act like I'm somehow ignoring Mozilla's other issues. I'm not ignoring those issues, but the "Mozilla is corrupt and no better than Google" meme is similarly completely ridiculous. Every single other browser on the market including DeGoogled Chromium and Safari are hobbled in ways that make them worse for privacy, and overall Mozilla still as a company has a better track record on fighting for privacy and building privacy-preserving tools than Google/Microsoft/Brave -- at least it has a better track record in the ways that matter.
It is so frustrating to try and have a constructive conversation about real missteps that Mozilla is making when people view anything less than a complete condemnation of the company like that means they're being put on a pedestal. Mozilla isn't perfect, and it's clumsy and sometimes does outright bad stuff, and that is still consistent with them being one of the better corporate privacy advocates on the Internet.
> It is so frustrating to try and have a constructive conversation about real missteps that Mozilla is making when people view anything less than a complete condemnation of the company like it's holding them on a pedestal.
Check the title. It is absolutely on topic. Mozilla is doing this to themselves, each and every one of those is an unforced error. If your mission really is a free and open as well as privacy respecting web you don't invite the largest privacy violator on the planet to the table to have a say. Just like you don't invite serial killers and druglords to your panel on how to combat crime.
> If your mission really is a free and open as well as privacy respecting web you don't invite the largest privacy violator on the planet to the table to have a say.
If you're trying to insinuate that working with Google or Facebook on this issue means that Mozilla fundamentally doesn't care about privacy, that is a ridiculous, fantastical claim that requires closing your eyes to years of work from the company.
I am right here criticizing Mozilla for partnering with Facebook, they should not be doing that. It's irresponsible and harmful. Nevertheless, Firefox is objectively the most private consumer-grade browser on the market, including Brave and DeGoogled Chromium. Nevertheless, Mozilla has done more to push web privacy forward than the majority of people on this site myself included, and more to push web privacy forward than the entirety of the rest of the browser market.
Even if you are on topic, there's nothing constructive about jumping onto every Mozilla thread arguing that Mozilla is the same as Google when they're very clearly not. It's unproductive because I shouldn't even need to be wasting my time defending a company that I came here to criticize. It makes it harder to fix real problems when all of them are equated and treated as being identically severe, and when the conclusion everyone draws from every problem is "use something based on Chrome and give up on the entire effort".
A Mozilla that fundamentally cared about privacy would have made none of these decisions. I've grown increasingly cynical over the last couple of years that this is just another marketing ploy, it sounds good and keeps us in but you have to wonder whether it is really true given their decisions to date.
The 'years of work from the company' are fantastic, but should not give them a pass in the present, given that the last couple of years most of that goodwill has been burned.
Additionally, it seems like it would be practically zero up front cost for Mozilla to provide a no-telemetry, no-google, no-pocket, no-ads, no-sync, no-experiments, no-privacy-compromise alternative build as a one-click option for people who actually want a privacy-focused browser. Instead, we have to download the normal "product-manager-ized" one and turn off a bunch of intrusive stuff we never really wanted in a browser.
They don't do this, though. I speculate (without any direct knowledge of the situation) that this is because they believe that the majority of their users would opt for this build instead, and they would lose "insights" (and of course revenue).
Someone, somewhere, is prioritizing "line go up and to the right" over embodying the fundamental ethos of a privacy-focused company. If you ship private software, there is of course no line.
It is interesting though how long people will continue to assume the best, in a way it is endearing, and it worked for for instance Google for more than a decade. There are still people who believe they are acting in our best interest even today.
I don't know how you can possibly read either my comments or the general tone of the other people responding to me as giving Mozilla a pass on this, or naively assuming the best about them.
Even with that criticism, it is still just plain silly to say that Mozilla even in its modern state is not meaningfully different from Google/Facebook/etc. You can be as cynical as you want to be, but if you can't tell the difference between Chrome/Chromium and Firefox today, then that's not cynicism, it's either a lack of realism or a lack of attention.
I've gone into a few of the tangible differences elsewhere, but even in recent years and even with recent missteps, it's still pretty obvious that Mozilla is better on privacy and user rights than Google is. And it's OK to want better than Mozilla. It's OK to want a company that takes more hard-line stances and that pushes harder on its core browser. Lots of people want that, myself included. Doesn't change anything about what I've said above though.
> it's still pretty obvious that Mozilla is better on privacy and user rights than Google is.
'better than Google', after Facebook the #2 privacy violator on the plant isn't much of a bar.
> And it's OK to want better than Mozilla. It's OK to want a company that takes more hard-line stances and that pushes harder on its core browser.
Mozilla claims to be that company, and that is why I have a problem with all these issues. Once upon a time they were the gold standard, that's no longer true today.
> 'better than Google', after Facebook the #2 privacy violator on the plant isn't much of a bar.
And it is the only bar to clear. Here's the list of browser makers we have right now:
- Google
- Microsoft
- Apple
- Brave
- Some people off someplace trying desperately to make Gecko secure.
- Some people off someplace trying desperately to make V8/Electron/Chromium competitive on privacy.
- Some proprietary stuff like Vivaldi that's also based on Chromium.
- Mozilla
Mozilla wins that fight. They are still the gold standard by virtue of nobody else being able to make a competitively private browser.
> Mozilla claims to be that company
Even with its faults, Mozilla is still completely accurate in claiming that they push meaningfully harder for both privacy and user agency on the web than other browser manufacturers. Now, as you say, that may be a low bar to clear. But given that no one else is even trying to clear the bar, that is still a meaningful difference between Mozilla and its competition.
----
I think the biggest issue I have with these kinds of debates is that there's never anything constructive or new being offered, it's not even pointing out a new criticism. I know about Mozilla's failings as a company, you're not illuminating anything for me on that front, I know about all of their controversies. So you've identified that Mozilla could be better, great. Now what?
There's value in pointing out problems when it actually draws attention to an issue, but everybody on this thread knows what the issues are with Mozilla. And it is still obvious that Mozilla is noticeably better on these issues than the rest of the browser market, and that Mozilla is still doing quite a lot of good in that space. You're commenting on a thread of people who are pointing out Mozilla's flaws and telling it to do better -- and you're putting those people down and calling them naive.
Well, if pointing out Mozilla's flaws and telling them to be better is a waste of time, what would you propose instead? Moving over to Chrome? Pretending that indie Gekko projects have the resources to be private or secure? Giving up on the entire thing and not using the web anymore? I mean, drop a donation link to Servo, do something other than snubbing people for caring about trying to make the web better. You have exactly one available group of allies in this fight, and your response to that is to call them naive and say they're not good enough.
You're talking to someone who likely agrees with you on the vast majority of your privacy stances, and who is actively criticizing Mozilla right now, but that's not enough unless it's paired with despair and a complete dismissal of the company? Don't you see how that's unhelpful? And it's not even accurate: Mozilla may have "fallen", but they are still overall doing more good than harm in this area and they are still producing the best browser for privacy on the market. There's a huge lack of perspective in the doom-and-gloom takes, they're just as narrow and selective as the the view that Mozilla can do nothing wrong -- it's acting like all of the recent work on ETP and supercookies just doesn't exist or something, it's as if DoS or multi-account containers were never made. The Tor Uplift project only started in 2016 and only went live in mainline Firefox in 2019, but sure, Mozilla isn't doing anything for privacy now.
It's simple: absolute vs relative. For you Mozilla is in a relative sense the best because they take the foremost stance about privacy. For me being 'privacy first' is an absolute thing: it precludes you from doing a whole raft of things that Mozilla has done. So for me they lost the title, that doesn't mean they aren't still the best.
This is a great question, and it gets to the heart of practical privacy online.
DeGoogled Chromium does actually have less telemetry problems than Firefox, so it's really easy for DeGoogled Chromium proponents to say that it's the most private. The issue is that DeGoogled Chromium is Chromium, and Chromium is a less privacy-capable browser engine than Firefox.
That could be a longer conversation, but the short versions:
- Chromium lacks a number of privacy features that Firefox has, including some anti-fingerprinting options that can be enabled through `about:config`, and container support, which is a really big deal for isolating site data and avoiding correlating user sessions on websites like Github/Youtube/etc... with incidental visits to those sites.
- Chromium's extension API is hobbled, particularly in a couple of areas that Ublock Origin cares about. The wiki goes into more detail on this[0].
----
The mistake is in looking at the small amount of (admittedly bad) data-leakage that Firefox does have and being so worried about that information being sent to Google/Cloudflare that you pick a browser that is less good at keeping you private on every other site you visit, including visits to Google/Cloudflare pages.
Thinking practically about this stuff is just a really hard thing to learn to do, at least it is for me. Maybe other people are magically good at it. But I regularly find that it's helpful for me to sit down and think through my privacy goals more tangibly in the form of "how much data is X actually leaking, what should my priorities be based on the volume/nature?" A lot of people worry about privacy problems in the wrong order.
DeGoogled Chromium does have better defaults than Firefox in multiple areas. It's just that the privacy benefits from those changes don't outweigh a crippled Ublock Origin install.
You're probably gonna be downvoted a lot, but I'm afraid you're correct. Mozilla cares about web standards (like HTML or CSS or WebExtensions) - that was their mission after all, it's wrong to say they don't. But their action repeatedly show that don't care about open standards for anything else, like their browser itself.
I'll give another example - look at their Sync system. It's a pseudo-open unholy mess of Mozilla-unique ("proprietary" as in "owned by and unique to a certain company") standards without any regard for interoperabilty and openness. I'm 99% positive it could've been a couple of standard technologies, but they reinvented everything (auth, blob storage, everything) in absolutely unnecessarily unique manner, and awfully overengineered. I've had pleasure of attempting an alternative implementation based on their specs (to self-host, had to abandon because it's all way too hostile), so I know what I'm talking about. It's under a guise of "open standards" (in a sense it happens to be partially documented) but no single engineer in their sane mind would adopt this for their own projects.
Privacy and security? Last time I've checked (admittedly, a couple years ago) it was years since they knew their Firefox Account/Sync auth has security issues and has to trust Mozilla servers to be secure (login form and cryptography suite is not built into browser, like in proper end-to-end encrypted software, but served online), and they didn't do a thing about it, entirely dismissing it as a non-issue. Could've sent that password over HTTPS and just promise to not to save it (actually my alternative now-dead Accounts/Sync implementation did just that as a shortcut). In other words, Mozilla gets a nice gag order (or gets hacked) and they can be forced to circumvent all their end-to-end encryption pull your browsing history just fine without changing a thing on your machine so no local code audit would help. That's not how privacy-conscious software is written (e.g. Signal - it might get backdoored, but it'll need an update to deliver a backdoor).
It doesn't help that there are no alternatives I'm aware of. Firefox sucks but that's - sadly - the best we have.
FWIW, you can choose to "View final document" which gets rid of all the proposed vandalism. Still really bad that the default view contains all the proposals.
For what it's worth, I've been part of a Mozilla/Facebook partnership (on the Mozilla side) on data compression. Having two tech companies work together (especially when one of them is non-profit) often makes sense.
For this case? I'm sure that there is a good reason. I'm not a Mozilla anymore, so I haven't followed that story, but I imagine that the rationale is something along the lines of "These days, stuff we do in the browser don't have much impact, as web standards have been superseded by Chrome. However, whenever we manage to convince a big company such as Facebook to do even one thing better, we can improve the lives of billions of people."
> I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard
Well, the headline says "privacy preserving attribution for advertising". I'm guessing Facebook provides expertise in what kind of attribution advertisers want.
At this point, I cannot see any other explanation than the whole Mozilla Foundation C-suite being compromised and plants by Google. Assuming stupidity only goes so far. A single fuckup is incompetence, ten repeated fuckups is malice. If they wanted to sink Mozilla, they could not do any better.
Perhaps, but a simpler situation is that the C-suite is focusing on their own financials. But either way, it is clear that that Mozilla is no longer the free browser developer we need.
I understand why people use Google Docs, it's a very convenient platform.
But this is a technical document about browser features, I'm a little frustrated that this is being coordinated over a proprietary SaaS service instead of over Git[0] with markdown or something.
I think a lot more than that, I'm frustrated that the document is being made publicly available on that platform. When someone links to a web standard on Github, often it's because the standard is seeing active participation. For something that is being linked to a public view, I would have loved to see at least a PDF export or something.
It's not that it's completely inexcusable, I'm sure Mozilla is making use of Google Doc features, markups, contribution history, whatever. It is just disappointing to see that apparently there isn't an Open collaboration platform that Mozilla thinks is good enough for this process, even a self-hosted one.
It's not the biggest deal in the world, it just feels like a bad look to see Mozilla tout that it's built this great standard, and then click on the link and get sent to a Google Doc. I mean... this article is about privacy, if I'm currently signed into Google and I click on this link, does it mean anything that Google now knows I personally clicked on it? I know it's not the end of the world, but Mozilla literally just finished telling me how good it was at anonymizing data, and now it's leaking my reading habits to Google in an extremely targeted, de-anonymized form.
----
[0]: Yes, I know that many standards processes on the web use Github, which is also a proprietary SaaS, but at least the majority of that process (issue tracker aside) is usable just as an endpoint.
Blegh... it's disappointing to see this on the linked blogpost, but it's a lot more disappointing to see it for wikis directly relevant to a Github repo.
Again, I know that Github is also SaaS, but there's a difference. That kind of stuff should be handled differently.
> It is just disappointing to see that apparently there isn't an Open collaboration platform that Mozilla thinks is good enough for this process, even a self-hosted one.
Mozilla has been hosting an EtherPad instance for some time now, which may have worked in place of Google Docs for this.
>But this is a technical document about browser features, I'm a little frustrated that this is being coordinated over a proprietary SaaS service instead of over Git[0] with markdown or something.
Then maybe the public SaaS services should be of a better quality so that Mozilla employees want to use them.
>I think a lot more than that, I'm frustrated that the document is being made publicly available on that platform. When someone links to a web standard on Github, often it's because the standard is seeing active participation. For something that is being linked to a public view, I would have loved to see at least a PDF export or something.
There is a PDF export for google docs which is available to all users. File > Download > PDF.
> Then maybe the public SaaS services should be of a better quality so that Mozilla employees want to use them.
Maybe a company that has been throwing money into dozens of random privacy initiatives outside of the browser market (some good and some bad) would be a good fit for solving that problem? Dogfooding software is a really good strategy for UX design after all.
> There is a PDF export for google docs which is available to all users. File > Download > PDF.
That's exactly what I mean. Someone wrote this blog post, could they have hit the PDF export button and then linked to that PDF hosted on Mozilla's servers? That would have prevented the vandalism problem they ran into.
The issue I have isn't that I can't export to PDF from Google Docs. The issue that I have is that I have to visit Google Docs and load a ton of proprietary Javascript just so I can hit a PDF export button. Google Docs has an API, Mozilla could have a script that's just auto-exporting a PDF and hosting it on a public endpoint on a regular interval.
> Before anybody jumps in and yells about how Mozilla is worse than Google, let me point out that Firefox is still objectively the best browser to use for privacy right now.
So I will be that "anybody". On what do you base your opinion about firefox privacy? Because I reading across the web have got another impression, for example, https://ieeexplore.ieee.org/abstract/document/9374407
Short version, deficiencies in Chromium and Safari as browser engines are large enough that they outweigh most telemetry concerns. Browsers like Brave can disable some telemetry, sure, but they can't add in the larger set of features that are missing from Chromium. Browser telemetry is worth thinking about and considering, but you should be less concerned about browser telemetry than you are about Ublock Origin performance.
>Facebook would ever have beneficial insight to add to a privacy standard
I'm not saying "this is it", but here's a (IMO) reasonable line of thought why they would genuinely be working in that direction. Basically, short term pain for long term security. There is a clear preference by consumers for preserving privacy; the percentage of iOS users not allowing targeting since IDFA is proof. There is also political motivation for regulators to crack down on the wild west of online privacy in the US (FB scapegoating) and abroad (GDPR and co). If there is to be a hard turn by regulators and hardware/OS providers for privacy protection and FB does not prepare for it by preparing Audience Network to operate without granular personal data, their whole business model would be at risk and their terminal value threatened. Being prepared for a world placing privacy first protects their financial interests, likely even putting them ahead of competitors that are going in unprepared.
If voting power at FB was majority owned by Wall Street shareholders, you could argue it's unlikely they would hurt operating income for years rather than milk it even if it's protective long term. But that's not the case, Mark does have a super majority and can afford governing for the long term even if it makes analysts critical.
I am trying my best to not knee-jerk here, even though it's hard to see Mozilla working with Facebook of all companies.
In the end it seems to come down to one question everyone has to answer for themselves: Do you agree that advertising on the Internet should exist?
If the answer is no, that's it. This is a bad thing. Mozilla should instead built in an ad blocker today rather than tomorrow. This probably also means people have to be willing to accept that they have to pay for more things. Someone has to foot the bill after all.
If the answer is yes, it gets more complicated. Facebook is - in my mind - a bad actor. There's no way around it. But Facebook is also one of the biggest platforms for advertising in the world. So, if a proposal isn't somehow either accepted by Facebook or forced on them it is already dead. I don't think Mozilla has the market power for the second variant, so only the first one is possible for them. We then want to make ads as good citizens of the internet as possible: No tracking of users, no executing scripts (which then cryptomine ..) and so on. None of that crap. So, a protocol which is a) accepted by Facebook and b) leads to these outcomes could be a good idea. In theory. In practice people with appropriate knowledge will have to check the protocol, suggest ways to make it better etc.
Yes, but if it's also less personally targeted (like, for example, focusing on fitting in with the subject of the site/post you're currently reading instead), then the influence will be lessened. We would be going back more towards trade magazine ads, which isn't such a bad thing in comparison.
I don't think Mozilla is in the right to decide whether advertising should exist or not. Firefox provides a fair choice - you can install adblocking solutions and mess with your content view of the web as much as necessary. But there is still value in improving the ethics of advertising that other people see.
The problem is "advertising" is an ambiguous term (like "freedom" or "justice") that is used to obfuscate what is happening.
Advertising to consumers is "show me a picture of a product" yet to the advertising companies it is tracking and forming a detailed dossier for every person on the planet and selling it to the highest bidder.
I don't think it's that black and white. Whatever happened to "do nothing" and leave things as they are?
We don't need a special FLoC 2.0, just leave the dang web as it is, some people will block ads and some won't, and FB will just have to deal with it? I'm honestly shocked Mozilla is even entertaining this nonsense.
FLoC was a proposal for targeted advertising ("how do you figure out who to show your ads to?"), and FLoC 2.0 is the Topics API proposal: https://github.com/jkarlin/topics
> In the end it seems to come down to one question everyone has to answer for themselves: Do you agree that advertising on the Internet should exist?
There are other questions. What is the evidence Facebook won't track as much as possible no matter how much browsers give them? Did advertising exist before this kind of tracking?
> This probably also means people have to be willing to accept that they have to pay for more things. Someone has to foot the bill after all.
Or decide that 95% of what we consume today is absolutely irrelevant and not worth to pay and do something better with our lives, like literally anything [insert hobby here].
For many of us, 95% of what we consume today is also user generated content where the creator gets nothing out of the ads and instead all profit goes to another middleman. This notion that people won't create things wihout monetisation is ridiculous.
> Facebook is - in my mind - a bad actor. There's no way around it. But Facebook is also one of the biggest platforms for advertising in the world.
They don’t have to be. I’ve tried to be supportive of Mozilla and Firefox, but partnering with Facebook is the straw that breaks this camel’s back. They’re a firm with a history of lying that starts at the top. Like attracts like.
Chromium is worse though. And directly supports Googles plan to eliminate competition. Let's see how much you like a google only internet? You won't. At all.
The move here is to financially support a fork of Firefox. The issue is picking which one.
Months ago Chrome / Chromium were pushing FLOC. I'm willing to withhold judgement until we see the end product but I hope Mozilla can do better than Google did.
> Do you agree that advertising on the Internet should exist?
Yes, but not targeted advertising. The mechanism which serves the ad should not try to collect information on the user and tailor the ad to them. As far as I can tell, there is no way to do that without creating a system that inevitably allow someone to identify and track people without their consent.
I believe ads on a website are free speech. If I want to put ads on my site it's MY site. Feel free to block the ads or also feel free to just not visit but, with rare exceptions, I don't won't some regulation about what content I can put on MY site.
Separately, I'm less against regulation that bans sharing data but I don't know where to draw the line. It seems reasonable for me to keep logs on my site. It seems reasonable to ask my friend Brenda who's way better at statistics than me to use my logs to tell me insights about my site. Brenda starts an LLC or Corp and now suddenly there's regulations? You could say, "well, Brenda can't share it" but in the same way, Brenda might ask Jill who has better knowledge in certain areas of statistics to help out. And so the chain grows.
You're not just putting ads your site. If that was the case, selling banner ads would be fine. What you are doing is forcing me into a worldwide tracking network that would make the Stasi's wet dreams look like nothing. So, no, it's not free speech, it's you personally attacking every single user.
>This probably also means people have to be willing to accept that they have to pay for more things. Someone has to foot the bill after all.
I don't buy this. My entire OS is free. Libre and as-in-beer. No ads. No telemetry. Much of it even requires nontrivial infrastructure to maintain - build farms, package servers - and nontrivial human maintenance. A perplexing economic mystery, by capitalist standards, and yet here we are. Are websites fundamentally different? I say no. In fact I've visited many labor-of-love websites with no ads. They tend to be the best ones, too.
An ad-free web would sink many business models, to be sure, but I can't say I can bring myself to care about that.
Yeah; I'd go further and say that monetizing user data and non-consensual tracking should be illegal, full stop.
Yes, that would destroy a few incumbents' business models. No, it wouldn't be the end of Google's ad business.
According to multiple press releases I've seen, blocking tracking makes ads and marketing about 30% less effective. As a society, that'd mean some combination of increasing ad impressions by 30% and reducing total ad spend (since currently marginal ad campaigns will become unprofitable).
That sounds completely acceptable to me, especially if it frees up smart people to work on stuff that actually benefits society in some way.
> In 2014, display advertisers started concentrating on large, walled, social networks. The indie “blogosphere” was disappearing. Mobile impressions, which produce significantly fewer clicks and engagements, began to really dominate the market. Invasive user tracking (which we refused to do) and all that came with that became pervasive, and once again The Deck was back to being a pretty good business. By 2015, it was an OK business and, by the second half of 2016, the network was beginning to struggle again.
The question is more of, in 2022 can we still do online advertising without personalization and tracking, in a way that's profitable?
> The question is more of, in 2022 can we still do online advertising without personalization and tracking, in a way that's profitable?
Sure we can. We need to legislate personalised tracking to give more oxygen in the room for companies like Deck, who want to advertise without having to track to stay competitive.
The solution in an arms race of a competitive ad market is to either keep escalating, or de-nuclearise. With enough legislation, we can achieve the latter.
> Advertising provides critical support for the Web
The premise is flawed, IMO. I remember a time when the web was just fine without incessant advertising. If it disappeared it would still be fine. Some sites would die out, others would rise.
I've said it before, but I personally would be fine with every site that relies on advertising for its existence to go away. I also think this would improve the signal:noise ratio of the web considerably.
Thought experiment. Remove all ads from Facebook. Now, the only way corporations can advertise on Facebook is by making Facebook posts on their normal Facebook page; people only see them if they "liked" the company's FB page.
What you've done is slightly reduced huge corporations' advertising effectiveness; and absolutely killed every small internet brand. There's people starting cool clothing, food, perfume, watch brands, starting these companies from rock bottom, getting customers through online ads, and becoming millionaires. The vast majority aren't dropshipper idiots; they're legit brands, many of which eventually get acquired by a Fortune 500 corp.
This isn't the 90s. Online ads are just essential to getting companies off the ground nowadays. What should people do? Mail-order magazine ads? (still ads.) Cold calling? (isn't that more intrusive than online ads?)
There's other aspects too. Kill online ads and you kill a huge chunk of the social mobility that results from entrepreneurship. There's two paths to wealth nowadays: getting a great job, or starting a company. In your ideal world, the only "path" left is the same old "golden path" our parents talked about, of going to a good college, getting 1 or more degrees, and getting a highly paid career at a big corp or SV startup. For various, well-documented reasons, that system ends up excluding tons of people (many ethnic/gender minorities, people with "difficult life paths" who end up dropping out or are unemployable because of gaps in their resume, ex-felons who have paid their debt to society but aren't going to become Apple VPs anytime soon, undocumented immigrants, and many more). Entrepreneurship is an equalizer.
The anti-ad kneejerk reaction often comes from an anti-bigcorp philosophy; but it would only strengthen big corps, and harm any small companies trying to compete. You'd significantly weaken one of the best mechanism we have to reduce social/wealth inequality (entrepreneurship). You have people like HVAC specialists and plumbers advertising their services on Facebook.
On the contrary, I think it would be extremely sinister is just a few big corps (browser makers) could harm huge chunks of the economy and society by mortally crippling the best way entrepreneurs have of getting customers.
I rarely see anti-ad people address any of these concerns. Think of the ramifications; how about every reputable news source being behind a paywall, leaving fake news sites spreading wildly? I'm sure you could come up with hundreds of other dangerous ramifications yourself.
All I see here is a long, unconvincing, hand-wavy response. There is nothing essential about online advertising.
For small businesses, there is this thing called organic growth. Say you have a brand, then you can post actually valuable content on, say, Instagram (which would exist without ads, they have multiple ways they make money). This works for both services and products. I have seen many business grow from nothing to 'big' this way with no paid advertising.
I'm not going to bother refuting your other claims, they are equally flawed.
Apart from some outliers I have yet to see anything close to this statement proven true. Not to mention the dubious conflating between "small entrepreneurs & brands" and online ads; my plumber is not advertising on facebook, my plumber is on a map and registry of plumbers of the area, and maybe has an associated page (on facebook, yes) so that people can find him.
If Mozilla's browser supports a way for advertisers to track me, be it for attribution, fraud prevention, targeting or any other person, then what is the point in using it over ungoogled-chromium? Mozilla's reputation in my view has sure taken a beating these last few years, and without the details of the proposal (thanks to their own fuckup), it's hard not to assume the worst.
There was a discussion in PATCG Wednesday about precisely this topic.
Briefly, it should be possible to "disable" this feature by instead encrypting a random match key, which would look the same as having it enabled but merely not be useful for measurement. Obviously, one would need to work through the details of how to make this work in a complete protocol, so this is a little handwavy, but it's definitely a consideration.
I don't see any other way to do DNT without creating an extra facet of identifying information. It's entire point is to convey that information. Contrast with say "allow notifications" which lots of privacy advice says to leave to "ask" otherwise you needlessly add an identifying facet. That preference should be invisible to the sandboxed program, with unwanted notifications just going to /dev/null.
Also DNT is not useless modulo new human rights legislation like the GDPR. I would hope that data protection regulators settle on seeing DNT as an explicit sign of non-consent, and punish websites who try to fraudulently obtain consent with annoying popups etc.
I thought it was the other way around. As it was generally disabled by default, enabling it gave another data point for fingerprinting. But maybe I don't recall correctly.
Either way it works. It's just a feature. What the big issue was was that some browsers would enable it by default and some wouldn't, and then you'd have differences across versions, etc. So it became a more powerful feature.
What does ungoogled-chrome do to prevent advertiser tracking? I think you’re confusing the unbundling of Google services with general tracking on the web, which this proposal aims to replace.
Unless using an ad blocker your browser is not doing anything to actively prevent it, and there is no meaningful difference between chrome / Firefox / edge there.
I don't sync anything browser related between my devices, sadly. This isn't as much of an issue with the current travel landscape, but I've a new m1max and the last omicron wave seems to be starting to recede globally, so I'm going to have to find a solution.
I might just manually copy the profile directory to my laptop when I leave, and copy the newer one back to my desktop when I get home. Mutex! TBH I can really only be using one browser at a given time so "sync" seems like overkill as long as I've only two hands and two eyeballs.
As a Firefox user, under what circumstances would that make a difference though? How often do Firefox users get exploited by malware or whatever that Chrome users would be protected from due to improved security? Can you give an example? Genuine questions.
It's changing rapidly. Until recently, Firefox did have a sandbox, but lots of different origins lived together in the same sandbox. Which made it much less useful for many types of attacks. Since Fission (shipping now-ish?), each origin lives in its own sandboxed process—same as Chrome—so on the surface there's no longer any difference.
That said, sandboxes aren't all or nothing, and my impression is that the chromium sandbox is still tighter than Firefox's. (I work for Mozilla, but not on sandboxing, and I'm not in touch with the current state.) That is improving over time, and Firefox already has some types of sandboxing that are ahead of Chrome's.
The main threat model here is malware, probably malware being served to you through an ad network. Run an ad blocker.
Personally, I defend the principle of an ad-funded Web. But not the current practice. As long as ads are in practice an exploit vector, screw 'em.
Call me cynical but I'm guessing that Meta just made a large donation to Mozilla and in turn they're using Mozilla to whitewash this proposal. They're just buying Mozilla's reputation (what's left of it) for their purposes.
FTA:
>We’ve been looking to apply privacy preserving advertising technology to the attribution problem, so that advertisers can get answers to important questions without harming privacy.
Mozilla's is basically looking for a unicorn.
If they really cared about user privacy, they would have shipped an ad blocking and anti-tracking tech in their browser by default. However, if you look at where their revenue is coming from, you quickly realize why that will never happen.
I found this paper interesting [1] and how they characterize Firefox' behavior out of the box:
We investigate the request behavior of each browser
(Figure 7). Brave is the most effective at reducing third-
party tracking-and-advertising requests; its claim to (1)
is supported. The other privacy-focused browsers vary
significantly in terms of reducing third-party tracking-
and-advertising requests. Firefox Focus and Ghostery
differ significantly in how much they reduce third-
party tracking-and-advertising requests, but the perfor-
mance of both supports their claims, (1) and (2). Fire-
fox is least effective at reducing third-party tracking-
and-advertising requests. This is unsurprising, as Fire-
fox’s enabled-by-default “standard” tracking protection
“blocks fewer trackers” [79]. It errs on the side of caution
in what it blocks, focusing on restricting tracking cook-
ies, social-media trackers, and fingerprinting scripts; it
does not block other content (loaded ads, videos) that
may perform tracking [78, 105]. Thus, while Firefox
claims (2), its blocking of tracking and advertising is
limited with its default settings.
This is quite disappointing given Mozilla's marketing around privacy.
I think such a donation would end up in the annual report, at least in some form. If it were big enough to matter, anyway.
But I personally don't need to speculate, since I find the notion very unlikely. Meta needs Mozilla here since anything they propose will be viewed with intense suspicion. If they are legitimately interested in a moderately privacy-preserving solution, which they very well might be (and not out of the goodness of their hearts), then they'll need buy-in from other players. Mozilla is probably a fiercer opponent than it is a useful ally, but just in terms of gathering support it's a decent place to start.
Mozilla needs Meta in order to make any headway on the privacy disaster that is the modern web. It doesn't have the market share to dominate the fight, so it makes sense to forge a temporary alliance when other pressures push Meta in the right direction. (This is assuming Mozilla's intentions are noble. I work for Mozilla, and am biased to think so, so I won't second-guess. But cleaning up this shit-show is kinda part of our mission, so it really shouldn't be hard to swallow.)
It seems like Google is the elephant in the room. Could Meta + Mozilla move the needle against Google's objections? I doubt it. Meta + Mozilla + public opinion? Maybe.
> If they really cared about user privacy, they would have shipped an ad blocking and anti-tracking tech in their browser by default. However, if you look at where their revenue is coming from, you quickly realize why that will never happen.
First, Firefox does ship a lot of anti-tracking tech, as much of it by default as possible without breaking sites too much.
Second, they'd ship an ad blocker by default if they really cared about making a useless statement. I doubt Google would pay much for search traffic that generates zero revenue. Even if Mozilla were to magically diversify its income to survive the loss of Google, though, I'm not sure such a move would be in the long-term best interests of the web. Tracking is the true enemy of privacy, not ads.
Ads suck and are doing massive damage to our civilization, in ways far beyond what I've heard discussed. But a zero-ad future isn't automatically going to be peaches and cream either. It could easily end up being a web (and media) of the rich, by the rich, and for the rich.
> First, Firefox does ship a lot of anti-tracking tech, as much of it by default as possible without breaking sites too much.
Hi sfink. Thank you for a response. I still use Firefox myself but I've been disillusioned by the Mozilla's (mis)management in recent years. I think we will find out more about this "deal" with Meta in the next report and whether they have contributed anything to Mozilla. I find your theory about Mozilla teaming up with Meta to oppose Google interesting. But I don't see why Mozilla would rock the boat and upset their biggest customer.
As for Firefox' 'out of the box' privacy protections, please take a look at this academic paper that I've linked in another comment [1]:
Specifically, section 4.2.4 on page 238:
>Firefox is least effective at reducing third-party tracking-and-advertising requests. This is unsurprising, as Firefox’s enabled-by-default “standard” tracking protection “blocks fewer trackers”.
There will be tons of people who will rightly rake Mozilla over the coals for this so I don't need to do it.
That being said I honestly feel for Mozilla in some way. Making a browser as your primary product is just not profitable without monetizing your userbase in some form or fashion and it takes a shit ton of work to keep it modern and secure. They will get dragged through the mud no matter what they try. People still rag on them for accepting money from Google to be the default search engine.
> Making a browser as your primary product is just not profitable without monetizing your userbase in some form or fashion and it takes a shit ton of work to keep it modern and secure.
Then why can I not purchase Mozilla merch? They shutdown or abandoned some of their most interesting services (MDN and Send, for example), but kept developing unneeded products : (1) VPN, which is just a layer over Mullvad that makes it worse and (2) Lockwise which is much better replaced with almost any alternative password manager (like KeePassXC and the browser add-on if you really need it).
Of course, they weren't wrong for at least trying, but then why not make it part of a pool of products that only premium users can access? For example, make it so that only Premium users can upload to Send. But no, all we get is just a sh*t VPN.
Mozilla doesn't want your money, and they're going to die for it.
I find it disappointing. For whatever reason, Mozilla VPN is not available in my country. And they don't support anonymous cash payments, like Mullvad does. It's more expensive than Mullvad, except at the 12 month plan. So what's the point? It's strictly inferior to Mullvad.
It would be plenty profitable without their organizational bloat, especially if they refocused on what their actual users want instead of other initiatives.
How? donations. Look how much money Wikipedia generates in donations every year without selling out their users. Even a small fraction of this amount should be plenty to pay competitive salaries to the Firefox dev team, but the Firefox development team is a small fraction of their org.
Exactly, Firefox development should not be run like a for-profit corporation. Besides individual donations, they should try to get funding from pro-privacy governments.
I mean, there are tons of massively successful free (beer and liberty) software that have been around for decades. Why does Mozilla need Meta's or Google's money? Why have other free software products (thinking of OSes like FreeBSD and OpenBSD here) had active, high-quality development for decades without resorting to harvesting user data for profit? Isn't Mozilla a non-profit corporation? Hell, their website's title is "Internet for people, not profit", so what's happening here? And like someone else raised, why isn't there Mozilla and Firefox official swag?!
Mozilla can follow FreeBSD and OpenBSD's example and achieve a marketshare just as negligible as theirs. And just like FreeBSD and OpenBSD, Mozilla can wave goodbye to official support by any major consumer service or software.
Mozilla doesn't have normal swag but they sell Mozilla VPN. You can also donate directly to the foundation. The lack of gear is a little weird though because they used to have a gear store but they shut it down. I suspect not enough gear was being sold to be worth the trouble of selling official gear.
Those projects are funded by engineers from Netflix and Netapp who do make plenty of money off that software.
Nobody does the same with Firefox. Really the only prominent external contributor (that I know of at least) is Martin Stransky of Red Hat who does a lot of the Linux maintainence.
> That being said I honestly feel for Mozilla in some way. Making a browser as your primary product is just not profitable without monetizing your userbase in some form or fashion and it takes a shit ton of work to keep it modern and secure.
Why does it need to be profitable? Firefox is owned by the non-profit Mozilla Foundation, the corp is only there to help develop it. If the corp can't work without making the browser work then the foundation should reconsider if the corp is a good idea. Unfortunately, the leadership of the foundation and the corp are not separate enough so they cannot effectively push for the interests of the foundation.
Rubbish. Mozilla would have zero issues getting 10 million users who would pay $100/year for it. Of course it would mean that it will have to become a product company rather than another bored housewives club masquerading as a software company with some software engineers working for it.
If there were a way to directly fund Firefox (and only Firefox, not any other Mozilla stuff), I'd do it in a heartbeat. But I imagine I'm in the minority.
The fact that it’s not even an option really makes me scratch my head. There’s a decent amount of people who would like to throw some money their way to support Firefox specifically. Maybe not a ton, but certainly enough to warrant the option for people to do so.
I definitely would if it meant I wouldn't have to see a single ad ever again. I'm at the point in my life where trading money for not seeing ads is very appealing to me. Between Hulu, Youtube Premium, Spotify, etc. I pay an absurd amount of money every year to not see ads. I'd definitely do the same if a browser could hide any and all ads from me, and the sum I'd pay is a lot more than $100 year.
Sure, but you may as well save that money up as a down payment on a unicorn.
If it were possible to suppress all ads, then many people would happily sell you that solution. And the sites pushing those ads will see the money flowing to those people and not them, and so will grudgingly refuse to serve you any content.
As ad blockers get more popular and more effective, it's already happening more and more.
You can have a magical "don't show me ads" button only as long as it doesn't work very well. (And I have mine: Firefox + µBlock Origin.)
> Mozilla would have zero issues getting 10 million users who would pay $100/year for it
Call me a pessimist but I doubt this. Most people don't mind ads, and when you couple that with the vast number of free browser alternatives, I doubt so many people would pay (and even if they got some, I'd expect churn to be high too).
Quite literally every single company with aspirations would immediately subscribe to it because absolutely no one wants their company information being leaked out to Google or Facebook or anyone else if they do not absolutely have to. Right now there is no such option.
This is our bias seeping in. On HN, I’m willing to bet a substantial proportion of people are willing to pay for an anti-ad/tracking browser for privacy reasons. But there will be no value for the outside world.
I think us “nerds” dramatically overvalue how important privacy is to the general public right now. Even ignoring the developing world, most people will agree that tracking is bad, but most will continue to use legacy browsers because they don’t think it’s 100/year bad. And the growing population of young and tech savvy people who are one Google away from installing uBlock Origin will not pay for your product either.
Not to mention —- even the proportion of HN readers can take other measures to approximate anti tracking anyways. uBlock Origin + Pihole + a good VPN is enough for even most of us (personally, it is enough for me).
Exactly the opposite. Companies would be lining up buying licenses for a competent and supported browser blocking ads for Suzi from accounting to use without needing to tinker around with a uBlock Origin and pihole and a good VPN.
uBlock Origin author specifically states he does not want donations or to sell licenses because he does not want to support the product at all - he wants to do what he wants and not what the "customers" or "donors" might want.
It has a product that people pay for. It finds the market for its product and features for its product not based on "we are Chrome alternative don't pay attention to us sending all the stuff to Google and others who would give us money" but on what its paying customers want to see.
Why? Mozilla was one of the last companies giving people what they want, which is a web browser without tracking and without bloat. This to me feels like Mozilla's management has abandoned the values that made me choose them over Chrome.
Why do people insist on using this as a point?? It's just guilt by association! Taking Google's money has absolutely nothing to do with privacy. Google paid Mozilla to set them as the default search engine. That in no way decreases the privacy for the user and it gets Mozilla the funding they need to develop privacy-enhancing features that do benefit the user.
I mean, in 2007 the CEO of Mozilla saw this 'association' as a problem and vowed to not be dependent on Google's money and seek other sources of revenue: [0]
> "Mozilla can live without Google's Money, Baker says"
> "Mozilla Corp. will walk away from Google Inc. and the millions it collects from the search company each year, if that's what it takes to stay independent, the open-source developer's CEO promised"
14 years later, it continues to be on life support by their own anti-privacy competitors since they cannot make any significant revenue sources other than Google's money despite promising to 'walk away' years ago. They know that they can't be 'privacy-first' in their mission statement whilst still taking Google's money. Working with Facebook on this is another way for Mozilla to abandon it's 'privacy-first' selling point which at this point is now meaningless.
So what would you have them do? We all know they can't survive without Google's money. Things have gotten way worse since that statement (see sibling comment).
They have two choices - work with industry players to find the least privacy-intrusive ways for them to keep doing what they do or give up, accept Google Chrome as the one and only browser and let Google develop constant user tracking as a native browser feature that can't be disabled.
Mozzila does dumb shit all the time and they need to be called out for it. But they are still around, despite their competitor's revenue being over 300x theirs and their market share dropping to below 5%. They still regularly and often successfully oppose Google's attempts at steering web standards to their benefit, despite Google being their main source of funding. Their browser still has the best privacy features out of the box and supports the widest variety of privacy-enhancing extensions.
Like it or not, they are our only hope. A "privacy-first" company means a dead company. Mozilla and every other project (Signal, Telegram, Brave...) is "Survival first, privacy second" and that's still better than the alternative - "profit first, privacy not even a consideration".
1) They did go without Google for a couple of years. They had a partnership with Bing, and Yahoo for quite a while. But Bing and Yahoo remain rounding errors in the search market.
2) 2007 was before Google started dominating with Chrome - before Android even. 2007 was near peak Mozilla. To some degree, fighting Google probably contributed to their decline.
Because it is a data point. Sure it isn't a smoking gun pointing to malpractice, but if they are getting $500M/yr from Google, getting into partnerships with Facebook, and continue to make similar moves down the line, you have to question where they can truly be independent enough to be 100% on the consumer's side.
How is that a real data point? Like you said, it just raises questions, it doesn't actually tell you anything. Literally all you're doing is casting vague aspersions.
Besides what the sibling comment said, of course Mozilla can't be independent. Nobody was ever under that illusion. Making a browser takes a shitload of money and Google is a good source of it. Even if that money came with strings attached (it doesn't), that would still be better than the alternative: having only one browser engine.
Being financially independent is great, but only if you survive. I'd take a partially Google-funded independent project that publicly goes against Google's interests all the time over one that Google develops in-house to 100% serve their agenda anytime.
Do you really expect anyone who thinks that making 500k/y instead of millions is not a sacrifice they should be asked to make to do anything to risk their primary source of funding?
The money from Google doesn't just buy the default serch engine setting, it is a HUGE incentive for Mozilla to not rock the boat.
> We’ve been looking to apply privacy preserving advertising technology to the attribution problem, so that advertisers can get answers to important questions without harming privacy.
You're probably going to find that any "solution" to the problem involves violating their consent. People don't want their movements tracked and sold to the highest bidder - regardless of how many different ways you slice it up.
If you give users a real choice in the matter without obscuring it or providing UI friction the users will choose not to have their data tracked and sold.
It's remarkable how much the debate around this topic has been poisoned by talking points from the data monitization industry. That the internet would completely cease to exist without the ability of the big ad giants to profile people's interests and sell cohorts of people with those interests to ad buyers or even worse to sell the data itself. The truth is:
1) Business models other than those depending on ad revenue exist. The internet would not disappear even if no advertising was ever shown to anybody. Yes it would be very different from the present internet.
2) Non-targeted advertising exists and is widely purchased. When I walk outside my door I see busses with adverts on the side, billboards on the side of the road and at public transport etc. None of these are targetted except perhaps in the most generalized fashion.
3) Even if we allow targetting, targetted advertising based on content rather than the consumer of that content exists and is successful (eg the ads that show as part of TV programming, ads in print media etc). This suggests that is highly likely that even if we just completely disallow all tracking of individuals and their interests, the internet advertising industry would continue to exist and to fund content by showing ads alongside content that is likely to attract the right audience, rather than being specifically spoonfed that audience by Google/Facebook etc.
It is simply untrue that we have to work with people who want to do this sort of incredibly invasive thing, and in particular there is no reason for anyone ever to trust these particular organisations who not only have a vested interest in destroying people's privacy, have a track record of statements and actions showing that they have always considered doing so to be no big deal.
So I understand they're doing this because it's their revenue source and they feel they have to play ball, but this pretty much means they're done.
After having lost many battles and flags the one thing they have is that they're not helping them spy on you, it's barely enough to keep them relevant, and they want to dump that too.
That's what happens when the people in charge of taking the decisions are not representative of the core users of the product, and thus don't understand what makes the product good or bad for their users. You will not find 1% of current Firefox users by choice who would say they think this is a good decision.
No. Topics is oriented at targeting ads to people with specific interests.
This technology is designed to measure "conversion", e.g., when people click on an ad and then buy the corresponding product in a privacy-preserving way.
This might be a bit controversial, given the large amount of "F Mozilla" comments already present. The problem is the advertising industry, not advertising. Run a thought experiment quickly, let's say you wanted to start a pro-privacy/anti-malvertising/anti-flashing-bullshit advertising service (the tasteful ads that the likes of daringfireball sometimes features):
There's a thousand obvious things you can do: text-only, having the author select "adwords," etc. The problem you'll face no matter what is click-harvesting, how do you know that a real person has clicked the ad?
Facebook was the wrong fucking partner here, but maybe attacking or deliberating on the technical aspects of the specification would be a better discussion. If this thing isn't supposed to track us, then we should probably figure out if it actually achieves that, instead of frothing at the mouth. Browsers are going to implement it one way or another.
> The problem is the advertising industry, not advertising.
Mmm, I guess we just can't agree on that.
> Run a thought experiment quickly, let's say you wanted to start a pro-privacy/anti-malvertising/anti-flashing-bullshit advertising service (the tasteful ads that the likes of daringfireball sometimes features)
It's very difficult to run that thought experiment because it is so antithetical to my views on advertising. It's akin to asking me to imagine running a pro-faithful-monogamous-marriage whorehouse. Ads create a perverse incentive to fill the web with garbage. It's destroying the web. It's ruining search, it's making it hard to find the actually valuable information online. 99% of crap on the internet is there because ads enable people to make a quick buck out of it. Advertising not only supports that crap, but directly encourages it.
> The problem you'll face no matter what is click-harvesting, how do you know that a real person has clicked the ad?
Like, why am I supposed to give a shit? How do the advertisers who put a billboard next street or the ones who advertise in the local newspaper know I tapped the printed ad? They don't, and they don't need to know. They can try to figure out but they're not entitled to that knowledge and I'm not interested in helping them out.
And I don't see why Mozilla should be helping advertisers with this either. If Mozilla wants to help destroy advertising, undo the damage it's caused to the web, and make the web better, they should rather include an adblocker and help us find out ways to make it impossible for advertisers to tell if there's a real person behind the screen. Or if there's a screen at all.
> If this thing isn't supposed to track us, then we should probably figure out if it actually achieves that
That is something I can definitely agree on, and I was really hoping the top voted comment here would've been an analysis of the proposal.
This. I didn't quite understand the multiparty computation thing, so I came here for someone to explain it without bias (since of course the authors would claim it's the best thing since sliced bread or, more recently, https).
Well, I found bias and no explanations. I'm getting to various comments without any replies so I think I'm almost at the bottom, from here it's only downvoted comments to go...
Likewise, I don't firmly understand the technology behind this, or its privacy implications, and almost the entirety of this thread is just generic anti-ad sentiments, with some arguments about billboards, Mozilla's CEO compensation, ads being psychologically invasive, and people hoping we can bring the 2003-2004 web back (have they forgotten what Month is it? "the Web" didn't change, the audience did.)
There are some solid comments here. I just wish people (who talk about advertisement ruining the web's signal-to-noise ratio) would recognize the importance of minimizing chronically-rehashed arguments and talk more coldly about techs and implications.
I really empathize with any Mozilla employee browsing this; I criticize the Mozz every now and then, but this seems like a well-meaning proposal, that's beneficial for the web (my opinion, obviously people can argue otherwise) and advances Mozilla's mission, and they're getting shredded.
If you're moving away from Firefox because of this, but still don't want to use a Chromium or WebKit-based browser, consider these independently maintained Firefox forks:
Both LibreWolf and Mull enable strong privacy protections by default, while disabling potentially unwanted features (telemetry, Pocket, and the remote server checks of Google Safe Browsing). These browsers apply a set of patches over the core Firefox codebase, like Ungoogled Chromium does to Chromium.
As a non-profit working on a browser, I don't get what the need is to "partner" with an advertising company. It's like they are saying ads are necessary evil. But who gains from that? Corps obv.
Why not partner with another ad company Google? Oh...because they have chrome.
Clearly not something being done for the benefit of the users. I don't want any of my information (supposedly anonymized or not) from my browser leaking to advertisers if I can help it, and here my browser provider is taking steps to help facilitate this transfer. I'm really losing trust with Mozilla between moves like this, their in-browser advertising, their continual re-enabling of the user studies telemetry writing over my disabling of it (has happened at least 3x times).
You can't monetize your users if they all stop using your browser, Mozilla. We need an alternative.
I want to focus a comment on Mozilla Firefox generally. I see a lot of hate being expressed here but I do get a sense of entitlement from some comments. Firefox is a free-of-cost product and surely we all know by now that if you don't pay for it you're the product, not the customer.
I don't allow tracking or advertising at all, whether from Internet services or local radio and TV (mostly do not use ad-supported stations), never had a Facebook/Twitter/etc., account, not used Google for the last decade, and so on.
However, in exchange for avoiding tracking and adverts, I actively pay for services I appreciate in whatever way they provide for whether through purchase, subscription, or donation.
I really wish Mozilla Corporation would have a DONATE TO FIREFOX option* to directly support development of the browser (and Thunderbird) and a max-privacy version. This would directly quantify real support from those like me that object to tracking and/or invasive adverts - I suspect the amount raised would be minimal, but it'd put the default search engine funding into perspective.
Not a lot of people realise that donating to the Mozilla Foundation does NOT support Firefox development by Mozilla Corporation.
* I was one of those that paid for Netscape Navigator back in the mid 1990s before Microsoft released Internet Explorer as part of the Windows OS and wiped out the paid-for browser market and forced Netscape Navigator to be released free of charge in order to try to compete - which directly led to Mozilla and Firefox.
Firefox and Mozilla should be scrutinized to some degree. Firefox may be free of charge, and so I agree Mozilla is not directly beholden to its non-paying users. But it is beholden to its mission statement, and it's fair to criticize Mozilla for anything that might violate that statement.
My understanding is that a "donate to Firefox" option is a logistical nightmare, would only be allowed in limited jurisdictions, and is not expected to earn all that much revenue. So in effect, the "donate to Firefox" button would end up mostly supporting the continued existence of the "donate to Firefox" button (lawyers ain't cheap!)
Purchasing services even if you don't use them (eg Firefox VPN; I'm not sure what else has been released yet) is the most direct way of donating to Mozilla Corporation and thereby funding Firefox development. The most important component of which is my personal salary. Thanks in advance!
Thanks for working on such a great project. I've seriously hacked on the codebase about a decade ago and recall what a minefield it can be!
I'm not going to purchase a service I'll never use - I'm also philosophically opposed to centralised 3rd party VPN endpoints no matter who operates them. It's not a "Private" network, it's simply a proxy to side-step (most) ISP level interference or geo-fencing by services.
But if Mozilla can re-sell the Mullvad VPN service then sell me a unique personalised copy of Firefox that has my name in the Help>About* dialog! No messing about with donations then :)
*actually just read the string from a (possibly downloaded) prefs.js/user.js key.
An ad network without any of these will be less efficient than its competitors. It will attract fewer ad buyers. Currently, all three of these things require tracking.
Ad networks can use attribution to detect some fraud on popular sites & apps. This doesn't work for the long-tail of small sites and apps that don't generate many clicks.
Ad buyers could buy ads directly from popular sites/apps. This just shifts the burden of detecting fraud from the ad network (which has the expertise to do it) to the ad buyer. This excludes small sites & apps, slowing the rate of innovation.
The proposals for privacy-preserving ad tailoring all provide coarse tailoring (example: "interested in bicycles"). They do not allow precise tailoring like "interested in bicycle brand X product model Y". Precise tailoring is very efficient.
I welcome all work on privacy-preserving ad-tech for these three areas: attribution, tailoring, and fraud-detection. It doesn't matter who develops a proposal. Let's examine the proposal and evaluate it on its merits. Eventually, we may end up with some combinations of techniques that allow efficient privacy-preserving ads.
I've been around since before the web existed and I don't use a single Mozilla.
I always install Firefox on a new machine, but it feels.. wrong. They keep trying to make it a "consumer" thing, whereas Chrome did just fine not doing that. They missed their chance when they were no longer the dev/geek standard, not sure who they're supposed to be claiming as their core user these days.
I expected this to be controversial here, but there's absolutely nothing wrong for Mozilla to partner with Meta on this, and there are excellent reasons for Meta to be willing to participate in good faith.
It's real simple. iOS 15 really hurt Facebook, and Facebook's advertisers. Facebook would obviously rather do attribution through a privacy-preserving standard than not be able to do it at all. Apple's made it clear that those are Facebook's only long-term choices[0]. There are ways to get it done, and the industry should collaborate on it.
[0]: by the way, do most people here know that Apple's been working for many years on an equivalent privacy-preserving attribution standard, just like this Mozilla-Meta proposal? That it's in Safari, today, right now? (Go in Preferences -> Privacy, and notice the "Allow privacy-preserving measurement of ad effectiveness" checkbox. Ticked by default!) Where's the outrage? Is this backlash really based on rational grounds?
Prio is very awesome. It’s homomorphic encryption that allows for aggregate statistics and an auditable, and potentially vetoable, queries. No one can run a query and get valid data back unless all parties agree.
When I was at Mozilla I was wanting to use Prio as a privacy layer for federated learning, and audience interest statistics for advertising. Looks like someone finally listened.
Checks date: No, it's not April 1st. Which would have been a fine day to make this announcement and possibly get away with it.
In case you were still on the fence... Mozilla has been trying very hard to eradicate the enormous amount of goodwill they built up over the year. Oh, and it's Facebook, not 'Meta'.
They're not fooling me. These whitewashes should be ignored, and the name should simply always be prepended by the name under which the entity is generally known. Otherwise the likes of Blackwater get to pretend they are Xe or Academi or some other nice clean corporate identity.
Google gets a little bit of leeway because their holding really acts as a holding but in the case of Facebook it is just so you don't immediately associate the name 'Meta' with something vile and ugly.
'Facebook partners with Mozilla' has a different ring to it.
I’m a big proponent of a competitive open web. This is probably just more marketing companies coming up with more tracking attributes. I think Mozilla has great tech.
Having said all of that. I don’t understand two things:
1. Ads isn’t the only way to make money on the net. So I’ve never understood Mozilla’s inability to get away from them (probably because they never wanted to).
2. Why no one else besides Google seems to have the funds to build a competing browser engine. Or at least to fund a developer team to fork Firefox. While Firefox might not be as plugin-able as Chromium, do we need another browser like Chromium or just a better lead Firefox?
My concerns aren’t with Mozilla but rather maintaining an open competitive web through choice and competing engines. “UI Devs only test on one browser” commentary be damned.
> 1. Ads isn’t the only way to make money on the net. So I’ve never understood Mozilla’s inability to get away from them (probably because they never wanted to).
Other ways to make money are generally more accessible to the sites themselves, and so aren't very relevant when trying to fund a browser.
Here’s the problem with aggregation. Even if the if is not attributable to you as an individual the data can still be used as a weapon against you. I’ll give an example: Imagine that you are a gay person living in a country that kills gay people by law. If gay people are frequenting websites that indicate they like to hang out at a particular bar, this gives authorities more than enough to target that group while still not using your personal data directly. The indirect aggregated data is just as harmful as if they had targeted you personally. This is where companies try to fool you into thinking you are safe to give them a “non identifiable” advertising id and aggregating your data before selling it. It’s not safe.
> Imagine that you are a gay person living in a country that kills gay people by law. If gay people are frequenting websites that indicate they like to hang out at a particular bar, this gives authorities more than enough to target that group while still not using your personal data directly.
1. what’s stopping current governments doing exactly that right now?
2. how much of the market do you think fits that scenario?
3. what’s stopping people in that scenario trying to protect themselves via the usual methods independent of whatever browser they choose?
This is user hostile and a betrayal. Firefox users have never asked for ad tracking. On the contrary, I'd guess most Firefox users are actively blocking ads. How can anyone at Mozilla honestly justify this?
Can we crowdfund for the guys of ungoogled chromium to provide official reproducible binaries? I feel completely out of luck looking for alternatives to Firefox.
Last time a looked ungoogled chromium was being served by whoever was willing to build it and upload the binary, this doesn’t gives me a lot of trust. I also don’t have computer power/ Knowledge to build this behemoth.
Ps. There will be a lot of shadowbans going on /r/Firefox this week. Last time I tried to politely complain there I was almost immediately shadowbanned.
I wish the company/organization behind my favorite and only browser didn't continue to be so tone-deaf. Their reputation in my mind had already been soured, in spite of them having the best browser for my use.
Now they make a ludicrous decision to involve Meta in what they think are privacy discussions? I cannot be swayed into seeing Meta's involvement as anything other than a detriment
Librewolf[0] is probably the best alternative, drop-in replacement for firefox in terms of privacy. It's essentially (base firefox + privacy patches + privacy policies and configs), and available on Windows, Mac, Ubuntu, and more.
edit: Expect though that some parts of the web won't work with it since WebGL and DRM are disabled.
Targeted advertising cannot simultaneously know everything about a user_id and respect privacy of that user_id. Every bit of privacy is an extra user_id's attribute that could be used for more accurate advertising.
We do not need to work with Facebook and companies like them. We do not need to compromise with them. We need to starve them. Complex cryptography to try to make less bad ads feels like a nicotine patch when what we need is pictures of lung cancer on the cigarette boxes and laws that forbid addicting children. We need education so people enable ad blocking until online advertising ceases to be as viable of a business model.
Surveillance capitalism corps must be forced to adapt and start charging people for the value they provide in a clear and honest way instead of trying to sell human psyche hacking as a service like a globally adopted casino of profit optimized manipulation. One we all let our kids participate in.
People pay money for coffee. They can pay a tiny bit for bandwidth for use of Social Media like any other SaaS. Maybe if it costs a tiny bit people will ration their use of it a bit more and use their extra time to go learn something useful.
As I noted above, this is just a document at the moment, so it's not in Firefox at all. With that I said, ublock origin blocks ads before they are loaded, so I would not expect an API of this type to affect it.
They have similar objectives but achieve them differently. Roughly, Private Click Measurement uses very low entropy identifiers to achieve rough of clicks and conversions. IPA uses multiparty computation instead. Probably the most salient differences are:
PCM leaks some information about user behavior, but it has a high degree of uncertainty due to the structure of the reporting. So, you might be able to say that there is an X% chance someone saw this ad. IPA is intended only to reveal aggregate information. The price of this is (1) computational complexity and (2) that you have to have some level of trust in the aggregators (e.g., you trust that they don't collude).
PCM doesn't work in cases where the click and the conversion (purchase) happen on different devices (e.g., a phone and a laptop). IPA potentially does.
The slides imply cross device/browser identification? I can't see how that happens without some kind of shared account mechanism.
The slides imply that losing cross device attribution is a regression. It absolutely is not, as such ability does not currently exist. So this
While I recognize the advertisers may want attribution, but it still seems like FB+Google both still want to know as much about the user as possible, and both definitely have the resources to achieve the de-anonymising attacks (especially given chrome's ever present attempts to get people to tie their entire browsing session to their google identity).
You're right that this assumes an account. The way that cross device/browser identification works in IPA is that if you are logged into example.com (though realistically, often Facebook) then it can set a "match key" which is the same on device and browser. You can't read the match key, only write it. This match key is used to link up activities on both. The point of the crypto is to rerandomize the match key that appears in the reports so that it is possible two see that two actions are from the same device but not link that back up to the original match key. Note that in this proposal, the assumption is that anyone would be able to use anyone else's match key (addressed by origin) so that it's not a big advantage to be the site with the account.
Re whether this is a regression or not: I am not an expert on how the current attribution mechanism works but I believe that if people are logged into (for instance) Facebook then Facebook can use that to correlate clicks on device A with purchases on device B.
they were the first to do it natively and properly. but my excitement didn't last. i was having a hard time with their bazillion settings. i wanted something that works well out of the box. i know some people like all these possible options but it was not for me.
nowadays, i use edge for vertical tabs.
edge is chrome with vertical tabs in my world. but it would be cool if the minimized sidebar didn't expand on hover. it's a user experience nightmare. (in case any engineer on the edge project is reading)
i agree the settings were a bit overwhelming at first - but I eventually settled on something rather minimalistic and haven't changed anything since YMMV of course, and I just refuse to use Edge out of principle.
You are just really set on annihilating what's left of your userbase, aren't you? Was it a rider in the contact for using Google as a default search engine? It's just gotta be, because it's hard to think of any other reason for something this anti-user being peddled with such a straight face. Working with THE worst perpetrator that is known for its complete and utter disregard for people's privacy on some PRIVACY PRESERVING bullshit feature.
WHAT THE PROVERBIAL FUCK. I am speechless.
(A die-hard Firefox user since the Navigator days).
I though you'd might have a problem with my comment.
This is however an exceptional situation, a piece of news so shocking and unwelcome that the only way I can properly express the level of frustration with it is through the use of expletives and the uppercase. It is absolutely disheartening to see a long-lived and excellent piece of software being so ruthlessly, cynically and systematically destroyed. It really makes my blood boil.
I'd be fine with a criticism of the proposal or general direction. Apparently you don't believe this would actually preserve any privacy. It would be interesting to know why not.
I understand the knee-jerk reaction. I agree that anything with Facebook's name associated with it is a huge red flag. And I get that there is some suspicion floating around about Mozilla's motives too, and it's easy for this to appear to be confirming the worst.
But that's just gut level instinct. I'm curious about opinions about actual issues with the proposal. I personally believe that the intention here (on Mozilla's part, not Facebook's) is honorable.
I hear you. The problem is that every day there are many exceptional situations making many people's blood boil. If they're all going to post like that, the site will just be all blood-boiling.
The Mozilla we knew and loved for decades died some time around 2015-ish. Sales and marketing completely took over the organization. They've been slashing engineering projects, and pushing these "key partnerships" nonstop since then. It's very obvious the executive team there couldn't care less about the original mission anymore. Their last remaining meaningful product (Firefox) is essentially in maintenance mode at this point. It's sad to say, but they are now just another tech company interested in nothing but mining your personal data for profit.
So much of this feels weird to me.
I don't understand how I'm supposed to take Mozilla partnering with Facebook, I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard or that it would ever do anything other than try to weaken the standard.
I can't read up on the IPA standard because the link is currently being vandalized, so I can't really comment on that, but this is dangerous ground to tread and also I vaguely feel like as a user I might want to not have ads attributed across devices.
Before anybody jumps in and yells about how Mozilla is worse than Google, let me point out that Firefox is still objectively the best browser to use for privacy right now. But crud this announcement is weird and vaguely tone-deaf and doesn't make me feel good, and I think at the very least it should have been worded less as a celebration, or at least should have spent more time going into why I shouldn't feel uncomfortable about the whole thing.
It's potentially a longer conversation, but the article also doesn't really make a strong case for why I should be rooting for a privacy-respecting system for advertisers in the first place.