The best objection to these proposals isn't privacy, it's that a browser vendor is lifting a finger for advertisers. I guess the fundamental question there is if we prefer to outright shut down online advertising, or give it the tools it needs to be less bad. Opinions differ, but all major browser vendors are in the latter category.
It is strictly less privacy-preserving than not implementing this "feature" that has zero benefit to the user running the browser. At the very least it pings yet another third party, most likely it effectively leaks much more.
> The best objection to these proposals isn't privacy, it's that a browser vendor is lifting a finger for advertisers. I guess the fundamental question there is if we prefer to outright shut down online advertising, or give it the tools it needs to be less bad. Opinions differ, but all major browser vendors are in the latter category.
That is a very very generous assumption of the browser makers' goals. Particularily when one of them IS an online advertising company and another one is almost exclusively funded by said advertising company. They do not deserve the benefit of the doubt.
This is not the kind of tool/setting that justifies having it auto-enabled, it's not "we auto-enabled MFA to protect your most critical data". Enabling it was not done for my benefit and it wasn't even made obvious in any way, I had to find out from internet discussions. It's my daily driver on all platforms and have nightly, beta, and stable channel installations. None gave me a hint of this extra enabled setting.
If I'm going to use a browser where shady settings are pushed on me it might as well be one which 99.999% of the internet is built for rather than the one where (too many times) I have to fiddle to get things working. I'll take the fiddling or the lack of control but certainly not both. Mozilla is walking on really thin ice.
The second one also recently purchased an online advertising company, Anonym [0], placing them directly in the advertising game. They might have done so initially because they felt they needed this feature, but now their finances are tied up with the success of this platform in addition to Google's continued payouts.
[0] https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-t...
I myself do not like ads or tracking, but we need to be realistic and there needs a way to make web sustainable.
How to do that and making sure that monopolies like Google are in check is a valid concern though, but in these conversations is the only point I hear. Ironically Google does not even need these apis because it already has so much data on users, it is primarily for smaller companies.
And honestly, whenever I see that something has been anonymized I assume it isn't. Mostly because the industry has a terrible track record, secondly because the incentives are almost always misaligned to begin with.
I'd trust mozilla more than most, but not enough to give them free rein and opt in things for me. I don't (yet) know enough specifics on this matter to make an informed decision, but if it weren't for hn I'd have missed this.
I doubt firefox would ask the user after install (again, incentives).
I should go through all options for every update (not just for firefox). But I can't, I don't have enough time. I need to be able to put some trust into the software I use, and things like this erode that trust.
More than Google or Microsoft does not say much. And - judging by how hard it is to fully disable telemetry and call-home on, say, Mozilla Thunderbird:
https://superuser.com/q/1672309/122798
I wouldn't trust them very much.
(Yes, I know it's a different project and not the same team but Mozilla is still the parent entity etc. etc.)
The toolmakers work to earn a living.
This is it. We're polluting the web browser with even more bullshit so that companies can squeeze a few pennies out when someone visits a page.
It was bad enough when pages are loaded with tracking cookies and JavaScript but at least you can block those. Now we get browser functionality on by default cooperating with advertising networks. Insane.
You mean online tracking, not advertising.
Advertising without tracking has existed for as long as commerce has existed. The elimination of tracking is not a threat to advertising. Historically, tracking is a very recent "innovation", an unwelcome one IMO.
We've been giving advertisers new tools for 20 years. Over that time advertisements have only gotten worse. The less bad state is a myth. There's no economic incentive to be less bad.
It is net negative though.
It is more privacy-preserving to just not implement this in the first place.
It is baffling why Firefox ships with this on by default. Even Chrome prompted users with a (misleading) dialog box to turn it on or off.
Not really. The reason is that Mozilla wants to make money by selling your data/preferences. Probably so that the incompetent CEO can get even more obscene "compensation". They just bought a spyware adtech company.
90% of Mozilla’s revenue, ca. $500,000,000 comes advertising partnerships (almost exclusively Google)
https://untested.sonnet.io/Defaults+Matter%2C+Don't+Assume+C...
My point is: it’s not just lifting a finger for advertisers. It’s deception. Defaults matter.
It's that an ads vendor is lifting a finger for ads. Mozilla is an ads vendor now - https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-t...
Glad the whole thread was apparently flagged to death though. I'd guess 90% of firefox users already turned that off and are actively looking for the next best alternative.
Internet advertising worked fine before user tracking, it was just based on the contents of the webpage.
Before that it existed in newspapers and magazines for over a decade, without advertisers insisting the publisher spy on each of their readers.
The best objection is that I want my software to work for me, not for someone else. Simple.
This would be my preferred outcome no doubt. And after widespread adoption of content blockers like uBlock Origin, the next step should be mass adoption of webpage mirrors (like archive.is and Wayback Machine do now, but more comprehensive), and stop giving impressions to read-only websites.
In this sense, paywalls are a blessing in disguise: I don't ever visit wsj for example and thus any articles from it must be read from archive.is. But reading from mirrors should be more widespread, even for websites not behind a paywall.
If browsers want to improve the situation regarding ads, besides bundling and automatically enabling content blockers, they should also provide integrations to mirrors like archive.is to go further than that and not even risk a page access to ad-infested sites.
> or give it the tools it needs to be less bad.
However there are more than two options. If society reach a compromise to ban targeted ads, this doesn't shut down advertising completely but sets it back to TV-era levels of analytics. This discussion should have happened after Cambridge Analytica.
> Opinions differ, but all major browser vendors are in the latter category.
I thought Chrome were in the business of making sure ads stay bad.
Yes, please. Both online and offline. Advertising is probably the most useless, annoying and wasteful industry out there.
We could have pull-only databases of businesses, products and services instead. Ideally, with independently verified, fact-checked information and authentic reviews. Realistically though, this kind of objectivity would probably be infeasible to enforce and maintain. But even if we allow for misinformation, paid rankings and whatnot, the point stands: any such database should follow a pull-only model, users access it voluntarily to search for products and services and it's not an unsolicited broadcast to everyone everywhere all the time.
My state seems to have a search tool, but no list. It also only has name/address (so presumably it's more for serving legal papers or whatever).
If I want to find a plumber, I should be able to ask my government for a list of the licensed plumbers in my area.
It's not like we've just invented this new advertising thing and are now struggling to make it fit the internet. We've been living with it for decades now, and over all this time that industry haven't expressed even a slightest desire to be "less bad" in any meaningful way. I think we can safely set aside the idea that they don't do it because they just didn't have any tools. No, they don't do it because they are doing just fine without it, and they have zero motivation to do it. And a lot of motivation - billions upon billions of dollars of motivation - to keep doing exactly what they are doing, or worse.
It's not to protect privacy, because to protect privacy there is already a solution: it's to block the ad hosts and not talk to them at all (anti-fingerprinting techniques don't work).
Doesn't this break most modern methodologies. Can I do next best action without knowing who did what?
If this is "privacy", then it appears so-called "(ad) tech" companies are attempting to redefine the term.
Question for readers: Is knowing the identity of a person a prerequisite for that person to lose (some) privacy.
Consider the dictionary definition:
Webster's: "The state of being in retirement from the company or observation of others; seclusion."
Wordnet, from the Cognitive Science Laboratory at Princeton: "the quality of being secluded from the presence or view of others [syn: {privacy}, {privateness}, {seclusion}]"
Example:
A person in a building in a large city on a busy pedestrian street draws the curtains or blinds in a window facing the street to prevent passers by from seeing in. The passers by do not know the identity of the person(s) inside.
The scare quotes around "privacy-preserving" are justified. The act of allowing measurement destroys some privacy. It is less private to let people on the street see into the building.
Allowing measurement destroys privacy. How can marketers make it easier to swallow. Using a term like "privacy-preserving" is obviously deceptive, it is sleight of hand to conceal the frog boiling. This is not Mary Poppins. You are not being given a spoon full of sugar to help the medicine go down in a delightful way. It's poison in small doses. Eventually, the frog will die.
The "frog" is the concept of your privacy. The notion of "privacy" for so-called "tech" companies is not being targeted. Even when courts ask them to share what they are doing, they evade such discovery claiming it would put them at a competitive disadvantage: they might ultimately lose money. Whereas if opening yourself up to 24/7 observation causes you to lose some advantage and ultimately to lose money, then your loss is their gain.
There are certain risky activities in life that some folks choose not to engage in. These activities can be made "safer" and even "safe enough" that many will choose to do them despite the risk. But it does not remove all the risk. There are endless examples. Skydiving, bungy jumping and so on all the way down to relatively mundane stuff. But in almost every case, there is an incentive to participate. There is a "reward" for taking the risk.
The incentives for Mozilla, "ad tech" and all those who support this nonsense "business model" based on surveillance is easily discernable. Finding an incentive for anyone using a web browser to want to participate in this "measurement" requires mental gymnastics.
And so it must be opt-out. No one would knowingly subject themselves to such needless observation.
https://jamesfallows.theatlantic.com/archives/2009/07/peace_...
The language is even rather vague and Mozilla seems to good a long way to avoid explaining that this is the alternative Google has designed for Chrome to replace tracking via third party cookies (Protected Audience API I believe). Now it is better than third party cookie, but having neither is best.
This does not need to be in Firefox.
0: https://blog.mozilla.org/en/privacy-security/googles-protect...
1: https://support.mozilla.org/da/kb/privacy-preserving-attribu...
The farmers working with the wolf on a feature to "help" the sheep.
In comparison, when Chrome pushed out ad privacy setting update[1], there was a popup that asked users to make a choice before moving on, so there was no surprise as to what changed.
[1] https://news.ycombinator.com/item?id=37401909 - Google Chrome pushes browser history-based ad targeting (2023-09-06)
To disable it on macOS: Safari > Preferences/Settings > Advanced > Uncheck "Allow privacy-preserving measurement of ad effectiveness"
To disable it on iOS: Settings > Safari > Advanced (scroll all the way down) > Turn off "Privacy Preserving Ad Measurement"
I always knew that safari is no better than other browsers, but the overt deception is a new low.
1. Does it disable measurement?
- or -
2. Does it disable the privacy-preserving feature, i.e., enable tracking?
What I really want to know: is it better for me to check the box or not?
https://blog.mozilla.org/en/mozilla/privacy-preserving-attribution-for-advertising/
https://github.com/mozilla/explainers/tree/main/ppa-experiment
https://datatracker.ietf.org/doc/draft-ietf-ppm-dap/
Our DAP deployment is jointly run by
Mozilla and ISRG. Privacy is lost if
the two organizations collude
So Mozilla becomes the treasure-guard? What prevents them from abusing or leaking the data in the future?
1) The data is encrypted in a way that Mozilla can't encrypt it without the help of ISRG.
2) There is a way for ISRG to help Mozilla create aggregated data from the raw data without either of them being able to see the raw data in this process.
Maybe I'm wrong. Would be interesting to hear how 2 can be accomplished. Would have to be some crypto magic I have not yet heard about.
1. It relies on an 'aggregation service', which you'd better hope is trustworthy because they seemingly get all info about what 'impressions' you had and what 'conversions' you caused.
2. This is the browser acting on behalf of advertisers. It's nice there's a way for people to help companies benchmark their ads, but this really shouldn't be something a user agent does without being explicitly told to.
As the number of aggregators increases this gets better - as long as you trust at least one aggregators involved then your individual data remains untrackable.
Also, in general if you think Mozilla is likely to _actively_ lie to you to steal your data and track you, you're probably using the wrong browser in the first place and the aggregation service makes little difference.
They deny any direct benefit for the user, and then go on to list some actual downsides (CPU, network, and battery cost & privacy loss) for the user running their software.
> Any benefit people derive from this feature is indirect. [By] Making advertising better
Mozilla never fails to surprise by the choice of their alliances.
> Our view is that the costs that people incur as a result of supporting attribution is small. [...] In comparison [...] The value that an advertiser gains from attribution is enormous.
What would we all do without Mozilla saving dystopian corporate propaganda from the dreadful death through user choice?
Why do you think the advertising industry is pushing for this kind of crap? Because they ARE scared that the world is finally waking up to them and making their business effectively illegal.
Sure they are - just install ublock origin.
Even if you're OK with the snooping and the attention hijacking and the slow pageloads and the pictures of rotting teeth, plenty of malware has been delivered by inept ad networks. Frankly, I find it strange when someone doesn't block ads.
True, they're not going anywhere on my systems since they get stopped at the gates; not one but many gates, defence in depth is the norm when dealing with vermin. We will fight them at the router, we will fight them in the name services, we will fight them at the firewall and in the applications. Wherever they come, we shall be. We will never surrender.
The ad industry can blame itself for this, they have shown themselves to be reliably unreliable and are no longer welcome.
Citation needed.
It definitely works for other titles, but not for this new opt-out privacy related setting. How very convenient...
I'm not acting surprised, but I think it's more than time to start looking into a viable alternative.
It's "Chromium" (?) still a thing? Do you guys know if there is a browser based on Firefox that doesn't have any of the BS Mozilla is putting into their browser?
I'm really praying for Ladybird but of course it's still not ready for prime time.
Waterfox and Librewolf seem to exist, and I imagine there's more Firefox forks out there. No idea on the state of things though
For some reason, changing search engine via policy no longer works, but that can be bypassed by auto-installed extension that changes search engine.
I have all telemetry turned off but when I went and checked this "feature" was enabled by default with no notification it had been added.
I really don't like Firefox forks, for the slow updates and because I do genuinely use some bleeding edge features, but I'm tired of Mozilla.
"Firefox added [ad tracking] and has already turned it on without asking you"
https://news.ycombinator.com/item?id=40954535 (170 comments)
--
Also, there are two options to disable the ad tracking behavior:
1. Use LibreWolf instead — Advantage: This is also a long-term solution :)
2. Follow @thangalin's instructions to disable it in Firefox:
> Step 1. Visit about:config
> Step 2. Set dom.private-attribution.submission.enabled to false
Mozilla: How high?
Google: You keep the antitrust division's fingers away from Chrome.
Mozilla: Ohmygod.
I did not consent, and as best I can tell, Mozilla has breached GDPR.
As best I can tell, Mozilla disregarded my preferences. It seems they have violated these GDPR principles: a lack of consent, purpose limitation (unintended data use), `Data protection by design and default` AKA `privacy by design` (by ignoring settings), and right to object (disregarding preferences).
It is absolutely unfair to argue that it is not personal information about me. It seems to me that they are lying, or at the very least twisting words so thin. My trust in them is vanishing.
There is no way to reliably verify their differential privacy, and even if there was, they still had no informed consent to collect the data and send it off.
To give controls to a user, and then totally ignore them, is what got Facebook in big trouble.
It really looks like Mozilla is not only not listening to explicitly stated user preferences, preferences that have been set intentionally, but it's outright ignoring them and doing the very opposite of what the users intention is!
If they thought that they had a good reason to do so, and that the ends justifies the means, they are so very wrong.
I have used Firefox for as long as it's existed. For Mozilla, this is an almost sadistic own goal. How did they think that this was going to be okay? Did they think people would not find out? There will have to be changes after this at Mozilla if they were to regain trust and I'm really sceptical they can do it.
I really want / wanted them to succeed but I don't see how.
I've supported Firefox as my daily-driver on desktop and laptop since 2016. I feel that a browser should be 100% open-source and used to feel FF also had it's USERS interest at heart. FF was what I relied on to continue to fight for internet privacy in your browser and the growing ad garbage on the web. FF + uBlock was great and made the web a joy for me. I would donate to FF if I could.
I've basically had enough of this. Commercialization has now infiltrated all browsers. There are none left (except for a few FF forks run by who knows). I put up with the many blunders FF has done over the past years like; "Mr Robot" incident, Tracking my default browser in Windows with a Scheduled Task that always comes back after updates, Studies are on-by-default, increasing tracking features added in that were Opt-Out and now THIS latest "anonymous" collection of my browsing habits sold to advertisers. This is appalling.
I'm tired of having to go through all the release notes and settings again to see what I have to disable this time on my own devices plus my clients FF installs and family I've recommended FF to. I can do that with Edge or Chrome.
I'm out FF. I uninstalled FF 128 from my PC fully today (and any others I help support) and will try out Vivaldi for a bit (they seem still pretty grounded DESPITE it not being 100% open-source). and if that doesn't meet my needs I will just use Edge. I'd try Brave but again that is an advertising company at this point that also pitches crypto.
It is a sad day for me. I really am holding out hope for Ladybird next at this point because I don't think FF ever goes back now to it's stand and to what it represented.
Let me give them money. Either straight-up take donations to fund firefox development, or sell a "Firefox Pro" that doesn't have these stupid anti-features. But don't refuse to take money from users and complain that because you don't take money from users you're "forced" to screw them over.
Really, though, it’s not like me or any of the commenters are being paid millions a year to fix these problems. If I were being paid $6,903,089 I feel like I might be well-equipped to fix them.
Gee I wonder why...
Could it be them disregarding users preferences over and over again or claiming to stand for privacy while siphoning your data at every opportunity. Sure will be hard finding an example of that behavior.
Legit, this is the same FLoC we had to bully Chrome out of having. And now Ffx is putting it in sneakily by as an opt out default with no notice.
I turned it off immediately nonetheless. One thing to note though is that the switch doesn't exist in mobile Firefox. And it's not clear to me whether that means the feature doesn't exist at all or that I just can't turn it off?
https://news.ycombinator.com/item?id=15931730
This is in their DNA.
More discussion: https://news.ycombinator.com/item?id=40952330
It seems it could be a more private way to implement such functionality, if applicable.
Imagine if it was Apple doing this to Safari, it would certainly rile up more users even though it would be the same thing.
See Youtube Premium for example. Or just generally giving money to Google in any shape or form.
Website publishers need to know what works and what doesn’t - otherwise they cannot improve nor generate revenue.
So, privacy preserving measuring? I’m in, well done Mozilla.
Mozilla has enough money to run Firefox for a decade without accepting any additional money if they stop spending money left and right on non-relevant things.
Off it goes!
1: Or just caring about your mind constantly battling distractions.