Original toot:

It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.

Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn’t actually sell products.

Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren’t going to stop using it until someone convinces them there’s something else that will work better.

“Contextual advertising works better.” Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don’t trust it.

What PPA says is, “Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?” The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.

This allows advertisers to “target” which sites they put their ads on. It doesn’t allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they’re doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

  • Aria@lemmygrad.ml
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    Okay, but should every other feature that has downsides then also be opt-in only? Should javascript be opt-in? Should storing cookies? Should HTTPS? – After all, for the encryption to work, you need to send something to someone. Actually, should HTTP be opt-in in your web browser, since it mandates sending requests?

      • Aria@lemmygrad.ml
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        I don’t think Firefox is for you. Firefox is a sane defaults type application, not an unopinionated humble application. It has a lot of settings which everyone appreciates, but ideologically it’s targeting someone else.

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          edit-2
          5 months ago

          Sane defaults like forced ad-tech?

          Version 120 added a GPC option called “Tell websites not to sell or share my data”… too bad it doesn’t apply to Mozilla themselves.

          • Aria@lemmygrad.ml
            link
            fedilink
            arrow-up
            1
            ·
            5 months ago

            You mean “on ad-tech”, it’s a setting, it’s not forced. Firefox by default has cookies and javascript on, which are also primarily ad-tech. The decision to allow ads by default was made a long time ago. It’s what most users want.

            • refalo@programming.dev
              link
              fedilink
              arrow-up
              0
              arrow-down
              1
              ·
              5 months ago

              Firefox by default has cookies and javascript on, which are also primarily ad-tech

              Hard disagree, and I don’t think the majority of people would agree with you there either.

              it’s not forced

              By forced I meant not only is it opt-out and turned on by default, it’s turned on for existing users who never had that setting before either (so not just for new users).