Original toot:
It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.
Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn’t actually sell products.
Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren’t going to stop using it until someone convinces them there’s something else that will work better.
“Contextual advertising works better.” Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don’t trust it.
What PPA says is, “Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?” The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.
This allows advertisers to “target” which sites they put their ads on. It doesn’t allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.
Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they’re doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.
Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.
And what is the advertising industry doing to earn back the trust that they’ve eroded with their incessant, relentless abuse over the entire life of the Internet?
Creating ads that are even more targeted to you so you can forget about everything and buy that electric kitchen knife you just saw scrolling reddit
I don’t know, I am on the fence about the XYT FULLFORGE lithium powered, rechargable electronic kitchen knife I saw on reddit. I just don’t know if I can trust the comments which say it stays sharp forever, and I am very skeptical that it truly has the fastest cutting speed of any knife on the market. Perhaps I will go read the Amazon reviews again to get more information about the patented digital motor design.
They’re not supposed to have trust. That’s why they’re only allowed fully anonymised data under this scheme. They do pay the bills, though, so they can’t be completely banished until there’s an alternative source of money.
There is no such thing as “fully anonymised data”. Data can be de-anonymised by anyone who aggregates it. It’s been demonstrated over and over and over again.
This is just false, there is a mathematical framework for aggregating data in a way that prevents de-anonymization https://en.m.wikipedia.org/wiki/Differential_privacy. This is what the US census department uses to release census statistics without impacting anyone’s privacy.
That does nothing to deal with malware distribution, which has been a problem in pretty much every ad network. It does nothing to address the standard practice of making ads as obtrusive and flashy as possible.
I do not accept the premise that advertising is the only possible business model for quality web sites. History suggests the opposite: that it is a toxic business model that creates backwards incentives.
So because it’s not THE perfect solution to every problem related to ads ever we should just not do anything?
It doesn’t always have to be black and white.
Go ahead and send me ads, and I’ll just block your site … never go there except when someone tries to trick me into it, and then my SITE-BLOCKER will refuse for me. Our now and future business IS OVER.
“But why don’t you just trust us?” Because I’ve been online for 30 years and it’s been downhill ever since.
Completely facile argument, right there in the last sentence.
We can keep fighting for something better while still accepting this as an improvement over what we have now.
YOU BUILT THE FUCKING THING. Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.
Who’s forcing you to make advertisers happy? Don’t answer that, because I don’t care. You can’t pretend to be about privacy and then build things that help advertisers violate it.
This one’s also pretty funny btw:
If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place.
Advertisers don’t give a shit. They have zero motivation to fix anonymization. They’re not going to HELP us get rid of privacy violations.
Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.
Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data
Advertisers don’t give a shit. They have zero motivation to fix anonymization. They’re not going to HELP us get rid of privacy violations.
That’s why a trusted third party is handling this. They care a lot, because of they fumble it they are now an untrusted third party and someone else will take care of the anonymization part
Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data
They’re going to do this anyway. As far as Firefox is concerned, it’s the browser’s job to stop them. That’s what Firefox is selling: privacy
because of they fumble it they are now an untrusted third party
Assuming I take this for granted, they have already fumbled it by turning on an anti-privacy feature without consent. They can no longer be trusted. Not that you ever should have trusted them because whatever motivation they have for pure moral behavior now, that will change with the wind when more VC money gets involved, or there’s been a change in management.
And firefox has ALREADY had a recent change in management, which is probably why THIS is happening NOW. They just bought an adtech firm for pete’s sake. Don’t trust other people with your data. At all.
Did you even read the article or are you just hating? There is a will known additional non profit that is well known and trusted by probably everyone that knows about it. This nonprofit is handling the anonymization.
Who, exactly, trusts this third party?
I’m so used to getting treacherously betrayed by third parties distrust is my default setting.
Maybn read the article, chill down a bit. We all hate advertisers here. Everyone trusts Let’s Encrypt, they’re privacy and encryption advocates who run one of the largests online certificates repository. They’re a nonprofit, and they have been doing this for a decade. They’re the reason the internet is a bit safer by promoting widespread implementation of encrypted traffic.
Sure, anyone can turn bad actor at any time. But this guys are starting from a really high bar and have a really strong reputation.
Add: also, this is a good step for Mozilla. We want a internet free from Google, and that includes financially. Google puts practically the totality of the money for the Mozilla foundation. Donations don’t come close to the millions needed to develop and support a web browser. A direct relationship with advertisers, under Mozilla’s terms and not the advertisers predatory terms, would be a good thing.
Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data
C’mon, just take the roofie and we promise we won’t try anything more forceful, little consumer… We promise we’ll stop if you give us just this little bit…
I have defended Mozilla for years, because we can’t let Chrome become the only browser engine available.
But goddam, it’s getting hard to be enthusiastic about it. This is starting to get like voting for the genocidial dementia patient because at least he isn’t the megalomaniac pedophile.
YOU BUILT THE FUCKING THING. Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.
Who’s forcing you to make advertisers happy? Don’t answer that, because I don’t care. You can’t pretend to be about privacy and then build things that help advertisers violate it.
While I agree that IT IS A SERIOUS CONCERN THAT AGGREGATION AND ANONYMIZATION within a single entity is a true and bad security concern you are blaming the opposition, wrongfully (imho).
The market forces advertising upon us. They step in and provide a temporarily (and not yet fully-transparent) alternative. And they are aware of said risk but still chiming in.
Their feature is adopting current practices but try to find common ground. They do not enrich this data but anonymize it fully (apparently).
The next iteration shall not include distributing this since it would strengthen advertisers I suppose. So your warning is fair but it appears to be hard to find practical common ground.
I think their intention is awesome. Enable 80% of collecting demands and open up a discourse about what should have been done beforehand (the intrusive data collection).
I once again prompt: Americans should be so fk proud of Mozilla. Inspect, Disrupt or Adapt and Be Open for Discussion.
I have no idea what I am talking about, though.
Man alive, I thought that Mozilla had been doing their own Personal Package Archives so that we didn’t have to deal with Ubuntu packaging it as a Snap anymore. And this is doubly disappointing.
I think you are looking for this PPA: https://launchpad.net/~mozillateam/+archive/ubuntu/ppa
Alternatively, https://support.mozilla.org/en-US/kb/install-firefox-linux#w_install-firefox-deb-package-for-debian-based-distributions
This is the exact same story the whole internet has used and every time the 3rd party or whoever it is eventually gets corrupted and it turns out that they kept the original data. The company gets bought by Amazon or who google and repeat
It’s LetsEncrypt. If you don’t trust them the open web has bigger problems than Firefox’s new setting.
Mozilla: We want to offer anonymised data so advertiser stop trying to track you with shady means. You can opt ou tho.
Privacy ultras: WHY YOU WANT DATA?!
Mozilla: …
Why is Firefox getting involved in ads? 💵? To reduce their dependence on Google’s payment for keeping Google as the default search engine?
