Copied from reddit:

Firefox CTO here.

There’s been a lot of discussion over the weekend about the origin trial for a private attribution prototype in Firefox 128. It’s clear in retrospect that we should have communicated more on this one, and so I wanted to take a minute to explain our thinking and clarify a few things. I figured I’d post this here on Reddit so it’s easy for folks to ask followup questions. I’ll do my best to address them, though I’ve got a busy week so it might take me a bit.

The Internet has become a massive web of surveillance, and doing something about it is a primary reason many of us are at Mozilla. Our historical approach to this problem has been to ship browser-based anti-tracking features designed to thwart the most common surveillance techniques. We have a pretty good track record with this approach, but it has two inherent limitations.

First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win. Second, this approach only helps the people that choose to use Firefox, and we want to improve privacy for everyone.

This second point gets to a deeper problem with the way that privacy discourse has unfolded, which is the focus on choice and consent. Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.

Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away. A mechanism for advertisers to accomplish their goals in a way that did not entail gathering a bunch of personal data would be a profound improvement to the Internet we have today, and so we’ve invested a significant amount of technical effort into trying to figure it out.

The devil is in the details, and not everything that claims to be privacy-preserving actually is. We’ve published extensive analyses of how certain other proposals in this vein come up short. But rather than just taking shots, we’re also trying to design a system that actually meets the bar. We’ve been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark.

This work has been underway for several years at the W3C’s PATCG, and is showing real promise. To inform that work, we’ve deployed an experimental prototype of this concept in Firefox 128 that is feature-wise quite bare-bones but uncompromising on the privacy front. The implementation uses a Multi-Party Computation (MPC) system called DAP/Prio (operated in partnership with ISRG) whose privacy properties have been vetted by some of the best cryptographers in the field. Feedback on the design is always welcome, but please show your work.

The prototype is temporary, restricted to a handful of test sites, and only works in Firefox. We expect it to be extremely low-volume, and its purpose is to inform the technical work in PATCG and make it more likely to succeed. It’s about measurement (aggregate counts of impressions and conversions) rather than targeting. It’s based on several years of ongoing research and standards work, and is unrelated to Anonym.

The privacy properties of this prototype are much stronger than even some garden variety features of the web platform, and unlike those of most other proposals in this space, meet our high bar for default behavior. There is a toggle to turn it off because some people object to advertising irrespective of the privacy properties, and we support people configuring their browser however they choose. That said, we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here.

Digital advertising is not going away, but the surveillance parts could actually go away if we get it right. A truly private attribution mechanism would make it viable for businesses to stop tracking people, and enable browsers and regulators to clamp down much more aggressively on those that continue to do so.

  • Deebster@programming.dev
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark.

    I think that’s true. I trust Mozilla, based on their statements and their actions, and I distrust Facebook for those same reasons. Compromise is the only path forward, despite those who argue we should reject anything that’s not perfect.

    • faede@mander.xyz
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      I wish I could believe that, but corporations (esp. Meta) cant and wont limit themselves. Corporations dont have any other purpose than gathering wealth and will always try to get more. Working with them only sets back privacy concerns because they cant care as long as there is money available to try to get. That is why we need a strong government regulatory system back. Regulations is what brought corps under control in the 1900s and it is what we need now. Strong privacy laws and regulatory agencies.

  • modulus@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    5 months ago

    Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away.

    Fuck that. Not if we don’t make it. That’s precisely the point. Do not comply. Do not submit. Never. Advertising is contrary to the interests of humanity. You’re never going to convince me becoming a collaborator for a hypothetically less pernicious form is the right course of action. Never. No quarter.

    We’ve been collaborating with Meta on this,

    That makes it even worse.

    any successful mechanism will need to be actually useful to advertisers,

    And therefore inimical to humanity in general and users in particular.

    Digital advertising is not going away,

    Not with that attitude.

    but the surveillance parts could actually go away

    Aggregate surveillance is still surveillance. It is still intrusive, it still leverages aggregate human behaviour in order to harm humans by convincing them to do things against their own interest and in the interest of the advertiser.

    This is supposedly an experiment. You’ve decided to run an experiment on users without consent. And you still think this is the right thing–since you claim the default is the correct behaviour.

    I cannot trust this.

    • 1984@lemmy.today
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      I will disable it too, but they are right. Mozilla is not in a position to fight the ad industry, alone, and being funded by a ad company (Google).

      Best they can do is try to increase the privacy while the ad industry makes money from us. The ad industry is a fucking cancer and I would make them illegal tomorrow if I could. But we are here, on a dense planet called earth, living during the capitalism era. It’s like the stone age.

      • modulus@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        5 months ago

        I don’t blame Mozilla for not single-handedly ending advertising online. That’s too much to expect from anyone. But they could at least avoid active collaboration with the enterprise. And if they’re going to engage in it, they should at the very least warn their users.

        • Carighan Maconar@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          5 months ago

          But they could at least avoid active collaboration with the enterprise.

          Have… actually read about what they’re doing here? It doesn’t feel like you understand this very much.

          • modulus@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            5 months ago

            I’d like people to STOP PRETENDING that the only plausible reason why someone doesn’t agree with this is that we don’t understand it. Yes, I understand what this does. The browser tracks which advertisements have been visited, the advertiser indicates to the browser when a conversion action happens, and the browser sends this information to a third-party aggregator which uses differential techniques to make it infeasible to deanonymise specific users. Do I get a pass?

            Yes, this is actively collaborating with advertising. It is, in the words of Mozilla, useful to advertisers. It involves going down a level from being tracked by remote sites to being tracked by my own browser, running on my own machine. Setting aside the issues of institutional design and the possibility for data leaks, it’s still helping people whose business is to convince me to do things against my interest, to do so more effectively.

            • verdigris@lemmy.ml
              link
              fedilink
              arrow-up
              0
              ·
              5 months ago

              Do you think that somehow without this setting your browser isn’t tracking you? What do you think the history is?

              • modulus@lemmy.ml
                link
                fedilink
                arrow-up
                0
                ·
                5 months ago

                what do I think the history is? A record of the sites I visited.

                What do I think the history isn’t? A correlated record of which advertisements I’ve been exposed to, and which conversions I’ve made, that gets sent to people who are not me.

                Pretty relevant distinction. One thing is me tracking myself, another thing is this tracking being sent to others, no matter how purportedly trustworthy.

                • verdigris@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  edit-2
                  5 months ago

                  It’s not a list of clicks you’ve made, it’s a list of clicks everyone has made. Unlike the current state of ad tracking, it would change from tracking you to tracking the ad’s effectiveness.