Original toot:
It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.
Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn’t actually sell products.
Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren’t going to stop using it until someone convinces them there’s something else that will work better.
“Contextual advertising works better.” Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don’t trust it.
What PPA says is, “Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?” The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.
This allows advertisers to “target” which sites they put their ads on. It doesn’t allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.
Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they’re doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.
Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.
I understand it perfectly fine thank you. This should not be a hidden opt-out option.
Completely facile argument, right there in the last sentence.
We can keep fighting for something better while still accepting this as an improvement over what we have now.
YOU BUILT THE FUCKING THING. Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.
Who’s forcing you to make advertisers happy? Don’t answer that, because I don’t care. You can’t pretend to be about privacy and then build things that help advertisers violate it.
This one’s also pretty funny btw:
If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place.
Advertisers don’t give a shit. They have zero motivation to fix anonymization. They’re not going to HELP us get rid of privacy violations.
I have defended Mozilla for years, because we can’t let Chrome become the only browser engine available.
But goddam, it’s getting hard to be enthusiastic about it. This is starting to get like voting for the genocidial dementia patient because at least he isn’t the megalomaniac pedophile.
Why wouldn’t you bring all this up before you shove it into the browser to be discovered later, and make it the default? Whoever thought this was a good idea should be shot with a ball of their own shit.
Mozilla has been working on anonymized advertising for quite some time now, there were news and job postings.
OK, I’ll watch their job postings like a hawk to learn what their strategies are going forward. Thanks for the tip!
I’m pretty active in FOSS news, never saw a thing about this before it was rolled out. Maybe that’s on me and I just missed the obvious, but probably not. I don’t seem to be the only one taken by surprise.
I guess they should’ve been more transparent about it.
This is one of the publications from 2022 where they mentioned working on privacy-preserving advertising: https://blog.mozilla.org/en/mozilla/privacy-preserving-attribution-for-advertising/
Maybe it wasn’t as popular in the media because there’s nothing exciting about it for the public.
They should’ve brought it up before. Yes. They had to make it the default though. That was unavoidable.
They had to make it the default though. That was unavoidable.
For it to be useful at scale, sure, but reading this it sounds like Chrome’s version of it is still “experimental” and opt-in. Hopefully the backlash prevents it from being developed further.
It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it
The documentation under the “Learn more” link next to the “Allow websites to perform privacy-preserving ad measurement” checkbox in Firefox preferences explains very clearly what it is and how it works. Asserting that people who read that and are indignant about it being enabled by default just… “don’t actually understand” it is absurdly insulting and basically gaslighting.
The vast majority of people never read the source material for anything, and that’s usually perfectly fine. They learn new things because other people told them about it. Most of the time this works great. Sometimes small changes in the explanation can make a big difference, and the game of telephone can have big impacts on people’s perception of a thing. It’s almost certain that most people complaining haven’t read the explanation, and in this particular situation it’s an issue.
Edit: opt-out shenanigans notwithstanding.
Mozilla: We want to offer anonymised data so advertiser stop trying to track you with shady means. You can opt ou tho.
Privacy ultras: WHY YOU WANT DATA?!
Mozilla: …
The problem for me is not that they implemented this. The problem is that they TURNED IT ON without my consent!
If you have to add “noise” to the data to prevent deanonymization, then that just means the data can be deanonymized. Noise is irrelevant.
This is bullshit. The total amount of advertising I want is zero. The total amount I want of tracking is zero. The total amount of experiments I want run on my data without consent is, guess, zero.
Then you keep blocking ads and nothing changes for you.
The backlash here is wild and completely uninformed. This is only good for consumers, the ads that this will affect are already tracking you in more onerous ways.
“They are already kicking you in the balls, so why not let Mozilla kick you too?”
Lmao no this is Mozilla giving you a cup.
You’re still missing the point. I know what the tech does. But it’s opt-out without user consent, not opt-in. And there is some phoning home for it to work, isn’t there?
This is Mozilla pulling your pants down while you sleep, grabbing your balls to put the cup, pulling the pants back up, then carrying on as if nothing happened.
Well you can’t have that because it guarantees you stay irrelevant and broke. Google did not make money off of you and you were never their target audience. Google and Chrome only ever existed because the majority of people click ads. Same thing here. Mozilla has been ad-funded since at least 2005.
Do you donate to FOSS software you use?
Your options are ads or donations. As it costs money to develop and host a lot of FOSS, in our capitalist world, it’s impossible to offer a service without somehow receiving money to continue to provide that service.
Do you donate to FOSS software you use?
I do. Are there any other strawmen you’d like to throw at me?
Based
“at me”?
Bruh, you’re not who they were responding to. You don’t have to insert yourself and then get defensive.
The top level comment is a pretty generic and widely agreeable within privacy circles statement, so yeah the reply was reasonably interpreted to be directed at people who agree with the top level comment, not just the author of the comment specifically.
Yes, for example I donate to thunderbird since I find it useful. And I wouldn’t mind donating to Firefox either provided they wouldn’t do this sort of fuckery.
though in the long run we need to overturn capitalism of course, and that an economic model is viable doesn’t mean we should sustain it or justify it.
Well, this isn’t about you. If you’re blocking ads anyways, there’s going to be no data to report.
But Firefox needs webpage owners to be able to make a buck off of supporting Firefox. Otherwise, we’ll see even more webpages suggesting to switch to Chrome.
Sow do you plan to pay sites for the resources you use?
It depends, but mostly no. And if that means some sites are not economically possible, so be it.
I do donate to sites I regularly use, and find this much preferable to ads. I think most people find this preferable to ads, given how much I see popular ad-free websites raising during donation drives.
What ever happened to micro transactions? Weren’t they supposed to be the way we compensated web producers? Instead we got ads.
The question is, how do we pay content creators? Nostr has a potential solution. In the last two months, their users “zapped” aka tipped nearly a million dollars ($950k) to content creators on their platform. And it doesn’t just make it easy to pay content creators, but to also put a portion of your “zaps” towards the relay you use or development of the software if you want. If you have a nostr account, you can easily tie it to a lightning address to send/receive tips, nostr doesn’t take a fee. Relays can also portion out a bit of their zaps for the people who publish the most engaging content on their relay. The possibilities are quite extensive. And because it’s over lightning, zaps happen instantly and for pennies or less in fees. And you could expand this infrastructure from just tweets to web browsing as well. In nostr, as you could in theory for the rest of the web, you can say “I want to donate $5 a month, split it up among all the posts I liked”. Though, you can use nostr without zaps at all.
For those unfamiliar with nostr, it’s a decentralized social media software much like ActivityPub/mastodon, the main use right now is as a twitter/instagram clone but there’s also a reddit-style section being built up as well. Moderation abilities from the perspective of the instance/relay are identical to activitypub/mastodon. But one bonus if that if your relay goes down, you don’t lose your identity, since your identity and relay are separate. And if you change apps or relays (you are typically connected to multiple relays), all your content moves with you seamlessly. And the payment/zap infrastructure is all decentralized, relays don’t ever custody or manage the payments. If you tip a content creator, it goes directly from you to them. The lightning network has basically limitless transaction capacity. If you have cash app, it supports lightning, so you can already send zaps (you will need different apps to receive zaps though because cash app doesn’t support the LNURL standard). Strike natively supports it. And because it’s lightning, it works in every country automatically.
Long-term, if I am a content creator, which “fedi”-type system is going to be attractive to me? One where users can send me tips and mircopayments or one where they can’t? This is why I think nostr is going to win out long-term over AP/Mastodon. Mastodon could add this kind of functionality but I don’t get the impression they’re open to it. People may not want to commit to yet another $5/month subscription to a YouTuber’s patreon or nebula or whatever, but they are happy to tip 1-10c after watching a video. So there’s a psychological beauty to micropayments as well. As some random person I have made like 7c on tips this month, but I’ve also given out plenty to other people.
This is the exact same story the whole internet has used and every time the 3rd party or whoever it is eventually gets corrupted and it turns out that they kept the original data. The company gets bought by Amazon or who google and repeat
100% it’s gets bought by Google, Amazon, Microsoft or Apple.
It’s LetsEncrypt. If you don’t trust them the open web has bigger problems than Firefox’s new setting.
I wouldn’t be surprised if most CAs are secretly compromised. I’m surprised nobody ever talks about it or wants to know how they operate securely if at all.