121
Discussion
Right. I’m getting tired of seeing people dump on Firefox and Mozilla about this thing in the release notes:
Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.
What is this? And why is it not something to get heated about?
Attribution is how advertisers know how to pay the right site owner when someone clicks on their ad. It’s important for ad-supported sites that clicks get attributed.
Right now, attribution is basically incompatible with protecting privacy. Advertisers use every method of tracking you can name, and some you can’t, to provide accurate attribution.
The Privacy Preserving Attribution API is an experimental way of informing an advertiser that someone clicked on an ad on a given site without leaking that it was you, specifically, who did that. Specifically, ads using the API ask Firefox to remember that they were seen, on what sites, and to what sites they lead. Then, when the user visits the destination site, the destination site asks Firefox to generate a report and submit it via a separate service that mixes your report with reports from other people and forwards these aggregated reports in large batches. Any traces that might be unique to you are lost in the crowd.
This is still experimental, being enabled by Mozilla on a site-by-site basis as developers request it. It’s not a free-for-all yet, and I can only find one entry on Bugzilla of a site who’s requested it.
sounds reasonable
This article seems to assume that advertisers don’t want our identifying information, and are clamoring for an alternative to tracking that lets them measure ad performance anonymously, which is just not true. Being able to uniquely identify users and target them is a feature, and getting more data points from the browser just helps add to their profiles.
It does not matter how you feel about Googzilla. Spyware is spyware. And this is just one of many aspects of spyware built into and sneakily added by Googzilla.
That’s why there are forks like LibreWolf that remove that nonsense, because people aren’t sitting back and letting Googzilla run it into the ground.
So you won’t even notice this if:
- you don’t click, or block, ads, or
- you never visit a website that’s part of the origin trial.
Well, that depends on the website, I assume?
Of course, Firefox already partitioned (and can block, if you enable Strict Tracking Protection and accept some extra breakage) cookies, so those more invasive ads were already neutered. Unlike e.g. Chrome, whose Topics API proactively reports characteristics about you before you click an ad, and does so while third-party cookies are still allowed too.
what I’ve seen so far is that the heat isn’t against the API, it’s against it being shipped enabled by default (opt-out rather than opt-in)
Itd be useless opt-in though, why would companies adopt somehting that only a small minority
No, he’s illustrating that opt in is the best of both worlds here. Users get protections of privacy and advertisers get the info that they need while not being able to violate the privacy of people visiting a website.
From my understanding this is only a value add in terms of privacy? It’s basically just asking every site to use this more private form of attribution, so I don’t believe there’s any more personal data being collected, it’s just trying to send it in a more anonymized way if a given site supports it.
