Original toot:

It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.

Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn’t actually sell products.

Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren’t going to stop using it until someone convinces them there’s something else that will work better.

“Contextual advertising works better.” Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don’t trust it.

What PPA says is, “Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?” The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.

This allows advertisers to “target” which sites they put their ads on. It doesn’t allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they’re doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

    • Treczoks@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      4 months ago

      That, and the point that ad blasters want to know the gory details of your private life in order to make their ads that one or two percent “more effective”.

      Does the Firefox really believe that sites will stop throwing a gazillion cookies and trackers just because they now also have PPA?

      I, for my part, opt to block both the cookies and trackers as much as I can and the PPA, too.

    • sabreW4K3@lazysoci.alOP
      link
      fedilink
      arrow-up
      0
      arrow-down
      2
      ·
      4 months ago

      If they didn’t understand user consent, would they really have the ability to opt out? I get that you’re on your soap box and seething with anger, but let’s not devolve into ludicrous nonsensical reframing.

      • laughterlaughter@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        4 months ago

        When Chrome asks the user to activate a similar feature while Firefox doesn’t - welp, no. They don’t understand user consent.

        Imagine finding a Mozilla microphone under your dining table. “Oh, but you can remove it and toss it. That’s understanding user consent!”

        • sabreW4K3@lazysoci.alOP
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          4 months ago

          When Google utilised their Chrome dominance and forced the web into manifest v3 so they could curtail adblockers, did they ask for your consent?

          • laughterlaughter@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            4 months ago

            No, and that’s why I don’t use Chrome. But at least they said they’d do this.

            Mozilla in turn said “hey here’s this neat feature. Don’t worry, it’s optional!” And then they silently activated it for everyone with an update.

            • sabreW4K3@lazysoci.alOP
              link
              fedilink
              arrow-up
              0
              ·
              4 months ago

              Mozilla said, “hey, in the chance you see an advert on the Internet, this will anonymise the data sent to the ad publishers for you automatically” and you said, “how dare you”!

              • laughterlaughter@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                4 months ago

                Red herring, and you’re missing the point, and this is getting frustrating. If you ignore the argument below again, I will stop responding to you.

                From the Mozilla’s website (so you don’t say I’m ill-informed):

                https://support.mozilla.org/en-US/kb/privacy-preserving-attribution?as=u&utm_source=inproduct

                Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.

                Zoom in:

                Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.

                Zoom in:

                anonymously submits it

                Zoom in:

                submits it

                This is after an update, and it’s opt-out, that is, enabled by default. And not a single notification about it. If I don’t check my settings, or read about it, I would have never found out about this.

                WHY IS MY BROWSER SUBMITTING ANYTHING WITHOUT ASKING ME FIRST?!

                Plus it’s described as an experiment. And I’ve already told Mozilla to NEVER include me in any of its “experiments,” after the whole Mr. Robot fiasco. If this is labeled as an experiment, why is Mozilla not respecting my decision?

                That’s the issue I have with it. It doesn’t matter what it is. It doesn’t matter if it’s “for my own good.” I am supposed to be in control of my browser. I decide when my browser sends anything to the Internet about me, even if it’s anonymized.

                I would expect this from Chrome, and that’s why I don’t use it; not Firefox.

                • sabreW4K3@lazysoci.alOP
                  link
                  fedilink
                  arrow-up
                  0
                  arrow-down
                  1
                  ·
                  4 months ago

                  Your browser already submits information about you by virtue of existing.

                  What this does is put the mechanisms to ring fence that in place. The same way that the Enhanced Tracking Protection does.

                  Kinda like how even if you’ve had an STI test recently, you should still use a condom when sleeping with strangers.

                  Regarding the opt-in versus opt-out stuff. That’s a dead fish. People go with what the default is. By default ETP is on. By default, autoplay is off. By default, HTTPS only mode is always on.

                  These are all things that happened without my explicit consent and they’ve all made the Internet a better place for normal people, not like me and you, but normal people who rely on the best defaults possible.

  • communism@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    I understand it perfectly fine thank you. This should not be a hidden opt-out option.

  • xantoxis@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    4 months ago

    Completely facile argument, right there in the last sentence.

    We can keep fighting for something better while still accepting this as an improvement over what we have now.

    YOU BUILT THE FUCKING THING. Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.

    Who’s forcing you to make advertisers happy? Don’t answer that, because I don’t care. You can’t pretend to be about privacy and then build things that help advertisers violate it.

    This one’s also pretty funny btw:

    If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place.

    Advertisers don’t give a shit. They have zero motivation to fix anonymization. They’re not going to HELP us get rid of privacy violations.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I have defended Mozilla for years, because we can’t let Chrome become the only browser engine available.

      But goddam, it’s getting hard to be enthusiastic about it. This is starting to get like voting for the genocidial dementia patient because at least he isn’t the megalomaniac pedophile.

    • TJA!@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.

      Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data

      Advertisers don’t give a shit. They have zero motivation to fix anonymization. They’re not going to HELP us get rid of privacy violations.

      That’s why a trusted third party is handling this. They care a lot, because of they fumble it they are now an untrusted third party and someone else will take care of the anonymization part

      • xantoxis@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data

        They’re going to do this anyway. As far as Firefox is concerned, it’s the browser’s job to stop them. That’s what Firefox is selling: privacy

        because of they fumble it they are now an untrusted third party

        Assuming I take this for granted, they have already fumbled it by turning on an anti-privacy feature without consent. They can no longer be trusted. Not that you ever should have trusted them because whatever motivation they have for pure moral behavior now, that will change with the wind when more VC money gets involved, or there’s been a change in management.

        And firefox has ALREADY had a recent change in management, which is probably why THIS is happening NOW. They just bought an adtech firm for pete’s sake. Don’t trust other people with your data. At all.

        • TJA!@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          4 months ago

          Did you even read the article or are you just hating? There is a will known additional non profit that is well known and trusted by probably everyone that knows about it. This nonprofit is handling the anonymization.

          • BearOfaTime@lemm.ee
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            4 months ago

            Have you seen how many data breaches happen on DAILY BASIS?

            There’s a freaking community here for dta breaches, they happen so often.

            Plus, Johnny boy wasn’t exactly transparent about what they were doing, which is a huge part of the problem.

            When people show you who they are, believe them.

          • xantoxis@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            4 months ago

            I read the damn ticket opened by mcc. I know about the non profit and I don’t trust them with my personal information. Any place that captures valuable data is vulnerable to an attack in the form of financial corruption. I’ll say it again, louder: If they have pure perfect morals now, you’ll be pissed at them in 3 years because management has changed and money got involved.

            EDIT: IDK if lemmy has a remindme type bot, but we’re gonna check back in on this one every so often so we can see how long it takes for them to sell out.

            • wizardbeard@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              If you don’t know who Let’s Encrypt are, please stop putting your whole ass on display.

              If they go rogue the internet as a whole will have much, much bigger fucking problems than ad data.

        • dustyData@lemmy.world
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          4 months ago

          Maybn read the article, chill down a bit. We all hate advertisers here. Everyone trusts Let’s Encrypt, they’re privacy and encryption advocates who run one of the largests online certificates repository. They’re a nonprofit, and they have been doing this for a decade. They’re the reason the internet is a bit safer by promoting widespread implementation of encrypted traffic.

          Sure, anyone can turn bad actor at any time. But this guys are starting from a really high bar and have a really strong reputation.

          Add: also, this is a good step for Mozilla. We want a internet free from Google, and that includes financially. Google puts practically the totality of the money for the Mozilla foundation. Donations don’t come close to the millions needed to develop and support a web browser. A direct relationship with advertisers, under Mozilla’s terms and not the advertisers predatory terms, would be a good thing.

      • ssm@lemmy.sdf.org
        link
        fedilink
        arrow-up
        0
        arrow-down
        2
        ·
        edit-2
        4 months ago

        Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data

        C’mon, just take the roofie and we promise we won’t try anything more forceful, little consumer… We promise we’ll stop if you give us just this little bit…

  • addie@feddit.uk
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    Man alive, I thought that Mozilla had been doing their own Personal Package Archives so that we didn’t have to deal with Ubuntu packaging it as a Snap anymore. And this is doubly disappointing.

  • SuckMyWang@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    This is the exact same story the whole internet has used and every time the 3rd party or whoever it is eventually gets corrupted and it turns out that they kept the original data. The company gets bought by Amazon or who google and repeat

    • verdigris@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      It’s LetsEncrypt. If you don’t trust them the open web has bigger problems than Firefox’s new setting.

  • modulus@lemmy.ml
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    4 months ago

    This is bullshit. The total amount of advertising I want is zero. The total amount I want of tracking is zero. The total amount of experiments I want run on my data without consent is, guess, zero.

    • Phegan@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      4 months ago

      Do you donate to FOSS software you use?

      Your options are ads or donations. As it costs money to develop and host a lot of FOSS, in our capitalist world, it’s impossible to offer a service without somehow receiving money to continue to provide that service.

      • Ledivin@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        4 months ago

        Do you donate to FOSS software you use?

        I do. Are there any other strawmen you’d like to throw at me?

        • IzzyScissor@lemmy.world
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          4 months ago

          “at me”?

          Bruh, you’re not who they were responding to. You don’t have to insert yourself and then get defensive.

      • modulus@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        4 months ago

        Yes, for example I donate to thunderbird since I find it useful. And I wouldn’t mind donating to Firefox either provided they wouldn’t do this sort of fuckery.

        though in the long run we need to overturn capitalism of course, and that an economic model is viable doesn’t mean we should sustain it or justify it.

    • verdigris@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      4 months ago

      Then you keep blocking ads and nothing changes for you.

      The backlash here is wild and completely uninformed. This is only good for consumers, the ads that this will affect are already tracking you in more onerous ways.

          • laughterlaughter@lemmy.world
            link
            fedilink
            arrow-up
            2
            arrow-down
            2
            ·
            edit-2
            4 months ago

            You’re still missing the point. I know what the tech does. But it’s opt-out without user consent, not opt-in. And there is some phoning home for it to work, isn’t there?

            This is Mozilla pulling your pants down while you sleep, grabbing your balls to put the cup, pulling the pants back up, then carrying on as if nothing happened.

        • Aria@lemmygrad.ml
          link
          fedilink
          arrow-up
          0
          ·
          4 months ago

          Okay, but should every other feature that has downsides then also be opt-in only? Should javascript be opt-in? Should storing cookies? Should HTTPS? – After all, for the encryption to work, you need to send something to someone. Actually, should HTTP be opt-in in your web browser, since it mandates sending requests?

            • Aria@lemmygrad.ml
              link
              fedilink
              arrow-up
              1
              ·
              4 months ago

              I don’t think Firefox is for you. Firefox is a sane defaults type application, not an unopinionated humble application. It has a lot of settings which everyone appreciates, but ideologically it’s targeting someone else.

              • refalo@programming.dev
                link
                fedilink
                arrow-up
                0
                arrow-down
                1
                ·
                edit-2
                4 months ago

                Sane defaults like forced ad-tech?

                Version 120 added a GPC option called “Tell websites not to sell or share my data”… too bad it doesn’t apply to Mozilla themselves.

                • Aria@lemmygrad.ml
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  4 months ago

                  You mean “on ad-tech”, it’s a setting, it’s not forced. Firefox by default has cookies and javascript on, which are also primarily ad-tech. The decision to allow ads by default was made a long time ago. It’s what most users want.

    • Ephera@lemmy.ml
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      4 months ago

      Well, this isn’t about you. If you’re blocking ads anyways, there’s going to be no data to report.

      But Firefox needs webpage owners to be able to make a buck off of supporting Firefox. Otherwise, we’ll see even more webpages suggesting to switch to Chrome.

  • socsa@piefed.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    Me wondering why the Firefox package archive is suddenly controversial…

    does anybody think they’re not trustworthy?

    I didn’t until I read that sentence. I actually get what they are trying to do here, but good grief…

  • smpl@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    4 months ago

    I’m not even buying the premise. Any business can look at its bottomline to see if their advertising works. If they can’t, then its not working.

      • smpl@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        You’re in trouble already as a business, wasting a lot of money, if you don’t know where your target audience is. What you argue is that this is used for a business to probe where an advertisement would work. I’d argue that that is a very expensive way of finding your target audience, because you still have to pay for all the ads that didn’t work. There are much better ways of figuring out where your target audience is.

        I think most people believe that this obsessive data collection is neccessary, only because Google has repeatedly painted that narrative. This better advertising is just coincidentally the form of advertising that Google is in the best position to supply.

        If you carefully pick the places you advertise and do statistics on how it affect your business while a campaign runs I’m willing to bet you get a much better return. As a bonus to saving money you didn’t have to shit on an important principle in democracy, the autonomy of the people, protected by something called privacy.

        • BearOfaTime@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          Exactly.

          This is about data collection.

          If it were about improving user privacy, wouldn’t they have announced it with a lot of fanfare?

  • Arthur Besse@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    4 months ago

    It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it

    The documentation under the “Learn more” link next to the “Allow websites to perform privacy-preserving ad measurement” checkbox in Firefox preferences explains very clearly what it is and how it works. Asserting that people who read that and are indignant about it being enabled by default just… “don’t actually understand” it is absurdly insulting and basically gaslighting.

  • GenderNeutralBro@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    And what is the advertising industry doing to earn back the trust that they’ve eroded with their incessant, relentless abuse over the entire life of the Internet?

    • AnyOldName3@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      They’re not supposed to have trust. That’s why they’re only allowed fully anonymised data under this scheme. They do pay the bills, though, so they can’t be completely banished until there’s an alternative source of money.

      • kalkulat@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        Go ahead and send me ads, and I’ll just block your site … never go there except when someone tries to trick me into it, and then my SITE-BLOCKER will refuse for me. Our now and future business IS OVER.

        “But why don’t you just trust us?” Because I’ve been online for 30 years and it’s been downhill ever since.

      • xantoxis@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        4 months ago

        There is no such thing as “fully anonymised data”. Data can be de-anonymised by anyone who aggregates it. It’s been demonstrated over and over and over again.

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            0
            arrow-down
            1
            ·
            4 months ago

            Whoever reports this “anonymized” data still knows something about you, whether that’s a census employee at your physical house, or a website having your IP address. We can’t stop that information falling into the wrong hands. Bad actors are everywhere. All we can do is not provide the information in the first place.

      • GenderNeutralBro@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        That does nothing to deal with malware distribution, which has been a problem in pretty much every ad network. It does nothing to address the standard practice of making ads as obtrusive and flashy as possible.

        I do not accept the premise that advertising is the only possible business model for quality web sites. History suggests the opposite: that it is a toxic business model that creates backwards incentives.

        • Tywèle [she|her]@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          4 months ago

          So because it’s not THE perfect solution to every problem related to ads ever we should just not do anything?

          It doesn’t always have to be black and white.

    • Virkkunen@fedia.io
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      Creating ads that are even more targeted to you so you can forget about everything and buy that electric kitchen knife you just saw scrolling reddit

      • socsa@piefed.social
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        I don’t know, I am on the fence about the XYT FULLFORGE lithium powered, rechargable electronic kitchen knife I saw on reddit. I just don’t know if I can trust the comments which say it stays sharp forever, and I am very skeptical that it truly has the fastest cutting speed of any knife on the market. Perhaps I will go read the Amazon reviews again to get more information about the patented digital motor design.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 months ago

      I want the old internet back. God it was so wonderful before the dotcom bubble.

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    4 months ago

    What the heck Mozilla? The people complaining are the ones who understand it. Anyone who thinks this is ok is either a die hard Mozilla fan or doesn’t understand what it does. This is targeted advertising. You know how companies target vulnerable minorities? That’s what this enables. It isn’t just about “privacy” as targeted advertising is dark in many other ways.

  • 0oWow@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    4 months ago

    If you have to add “noise” to the data to prevent deanonymization, then that just means the data can be deanonymized. Noise is irrelevant.

        • Feathercrown@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          You clearly are not here to engage in productive conversations. I’m blocking you and I recommend anyone else reading this to do the same.

          • 0oWow@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            4 months ago

            I don’t argue with trolls. There has been plenty of discussion as to why this is bad news.

        • bloodfart@lemmy.ml
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          4 months ago

          I measure noise several times a week and quantify it in an effort to locate its sources. Noise is a very effective way to hide information, and becomes more effective when the number of domains increases.

          To give you an idea of how this comes into play, I use many different tools and methods of analysis to locate sources of noise in two domains, time and frequency. We’ve been formally studying noise in those two domains for like 150 years, so there’s a lot of information, equipment and techniques out there.

          It’s still very hard.

          The type of data used in PPA has (based on my limited understanding) at least five domains, each of which contain data with a “bit depth” that’s an order of magnitude more than the signals I usually work with.

          I think noising would be an excellent method to anonymize PPA data.

  • 𝓔𝓶𝓶𝓲𝓮@lemm.ee
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    4 months ago

    They keep saying many words waving hands frantically and people still don’t like it. I bet if they explain 10th time with colourful diagrams and 3 minute whiteboard explainer video people still won’t like it. Such an ungrateful crowd

    You need hands on workshops, we will organise them with foundation budget. That will surely explain things sufficiently. We will also give out informational flyers in small communities to foster local enlightenment.

    • socsa@piefed.social
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      They are definitely in a weird position. On one hand, the current state of internet advertising is horrifying. This has nothing to do with anything Firefox has done. On the other hand, trying to explain to privacy absolutists why these innovations in targeted advertising is actually a revolutionary leap in user privacy, is obviously never going to take.

  • UnfortunateShort@lemmy.world
    link
    fedilink
    arrow-up
    0
    arrow-down
    2
    ·
    4 months ago

    Mozilla: We want to offer anonymised data so advertiser stop trying to track you with shady means. You can opt ou tho.

    Privacy ultras: WHY YOU WANT DATA?!

    Mozilla: …