An update on Mozilla’s PPA experiment and how it protects user privacy while testing cutting edge technologies to improve the open web.
They sure do “improve” the “open” web by developing new tech that benefits advertisers.
I would be more okay with this if Firefox did more to block the tracking techniques that advertisers are currently using. They block third party cookies and compartmentalize social media cookies which is fine but they do almost nothing to stop the more insidious tracking techniques like device fingerprinting.
Mozilla really wants to push me to Brave
What more do you think should be done to stop fingerprinting, and does that involve sacrificing usability?
(Also, “almost nothing” feels like a gross exaggeration? Just the Tor Uplift project brought in lots of measures, quite a few of which could even be enabled by default.)
Brave randomizes the output of fingerprinting techniques like canvas rendering, system fonts, installed devices, etc in a way that makes you look like a real, consistent user providing real data that still allows the site to work, while still changing the output from one session to the next enough that sites can’t tell you’re the same person.
Firefox claims to block all this but if you check their site they explain how it actually works:
Firefox protects users against fingerprinting by blocking all third-party requests to companies that are known to participate in fingerprinting
We’ve partnered with Disconnect to provide this protection. Disconnect maintains a list of companies that participate in cross-site tracking, as well a list as those that fingerprint users.
This does nothing to actually disguise you. It’s the equivalent of putting a paper bag over your head when you think there’s a security camera. You stand out because of the bag and you don’t know where all the cameras are so you’re still being tracked when you don’t know it.
I hate the idea of Brave because Chromium’s dominance will ruin the web but Firefox does not protect us.
And website operators will be compelled to adopt this, how? They will likely just use PPA and also all of the tracking tools, or straight up not give a shit about PPA. Mozilla does not have the influence to affect real change. Until such a time, all of this is just worthless posturing.
Firefox already blocks all trackers by default. I think Mozilla is trying to be the good guy by providing a more private option that’s available to people that don’t use Firefox. It seems pretty naive, but I think their heart is in the right place.
At the end of the day, this is just another setting to toggle off on a fresh install for those of us against all tracking and advertising on the web.
There’s also the bit where if it doesn’t work out no real harm is done (to users - there’s obviously reputation damage to Mozilla now): people who already block things by default are not affected at all, and no new information is shared about those who don’t. Whereas the upside if it does work out is enormous. In other words, low risk, high gain. Even with low odds, that’s a path worth exploring.
Mozilla by itself doesn’t have the influence to change it, but with Mozilla’s help (i.e. this experiment), others do. Specifically, legislators can have more freedom to implement strict privacy-protecting measures if they have proof that an alternative is available that doesn’t cost lots of voters their jobs.
But you can’t provide that proof if you don’t run the experiment.