301
Jonathan Kamens: "It has come to my attention that many of the people complaining about Firefox's PPA experiment don't actually understand what PPA is…" - federate.social (federate.social)
submitted 4 months ago* (last edited 4 months ago) by sabreW4K3@lazysoci.al to c/firefox@lemmy.ml
119 comments fedilink hide all child comments

Original toot:

It has come to my attention that many of the people complaining about #Firefox's #PPA experiment don't actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.

Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn't actually sell products.

Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren't going to stop using it until someone convinces them there's something else that will work better.

"Contextual advertising works better." Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don't trust it.

What PPA says is, "Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?" The data that the browser collects under PPA are sent to a third-party (in Firefox's case, the third party is the same organization that runs Let's Encrypt; does anybody think they're not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.

This allows advertisers to "target" which sites they put their ads on. It doesn't allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they're doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they're doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

top 50 comments
sorted by: hot top controversial new old
[-] GenderNeutralBro@lemmy.sdf.org 91 points 4 months ago

And what is the advertising industry doing to earn back the trust that they've eroded with their incessant, relentless abuse over the entire life of the Internet?

[-] Virkkunen@fedia.io 46 points 4 months ago

Creating ads that are even more targeted to you so you can forget about everything and buy that electric kitchen knife you just saw scrolling reddit

[-] queermunist@lemmy.ml 12 points 4 months ago* (last edited 4 months ago)

Adds so targeted they become your only friends.

load more comments (2 replies)
[-] AnyOldName3@lemmy.world 33 points 4 months ago

They're not supposed to have trust. That's why they're only allowed fully anonymised data under this scheme. They do pay the bills, though, so they can't be completely banished until there's an alternative source of money.

[-] xantoxis@lemmy.world 26 points 4 months ago

There is no such thing as "fully anonymised data". Data can be de-anonymised by anyone who aggregates it. It's been demonstrated over and over and over again.

[-] explore_broaden@midwest.social 24 points 4 months ago

This is just false, there is a mathematical framework for aggregating data in a way that prevents de-anonymization https://en.m.wikipedia.org/wiki/Differential_privacy. This is what the US census department uses to release census statistics without impacting anyone’s privacy.

[-] refalo@programming.dev 7 points 4 months ago

Whoever reports this "anonymized" data still knows something about you, whether that's a census employee at your physical house, or a website having your IP address. We can't stop that information falling into the wrong hands. Bad actors are everywhere. All we can do is not provide the information in the first place.

[-] tja@sh.itjust.works 20 points 4 months ago

And because of that, the advertisers are not the ones aggregating it

[-] GenderNeutralBro@lemmy.sdf.org 9 points 4 months ago

That does nothing to deal with malware distribution, which has been a problem in pretty much every ad network. It does nothing to address the standard practice of making ads as obtrusive and flashy as possible.

I do not accept the premise that advertising is the only possible business model for quality web sites. History suggests the opposite: that it is a toxic business model that creates backwards incentives.

load more comments (3 replies)
load more comments (1 replies)
load more comments (1 replies)
[-] xantoxis@lemmy.world 74 points 4 months ago* (last edited 4 months ago)

Completely facile argument, right there in the last sentence.

We can keep fighting for something better while still accepting this as an improvement over what we have now.

YOU BUILT THE FUCKING THING. Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.

Who's forcing you to make advertisers happy? Don't answer that, because I don't care. You can't pretend to be about privacy and then build things that help advertisers violate it.

This one's also pretty funny btw:

If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place.

Advertisers don't give a shit. They have zero motivation to fix anonymization. They're not going to HELP us get rid of privacy violations.

[-] tja@sh.itjust.works 40 points 4 months ago

Just turn it off and go away. Tada, we now have something better: no privacy-violating data at all.

Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data

Advertisers don't give a shit. They have zero motivation to fix anonymization. They're not going to HELP us get rid of privacy violations.

That's why a trusted third party is handling this. They care a lot, because of they fumble it they are now an untrusted third party and someone else will take care of the anonymization part

[-] xantoxis@lemmy.world 18 points 4 months ago

Well, yes. Except for the fact that advertisers now have an excuse to try more invasive things to get to their data

They're going to do this anyway. As far as Firefox is concerned, it's the browser's job to stop them. That's what Firefox is selling: privacy

because of they fumble it they are now an untrusted third party

Assuming I take this for granted, they have already fumbled it by turning on an anti-privacy feature without consent. They can no longer be trusted. Not that you ever should have trusted them because whatever motivation they have for pure moral behavior now, that will change with the wind when more VC money gets involved, or there's been a change in management.

And firefox has ALREADY had a recent change in management, which is probably why THIS is happening NOW. They just bought an adtech firm for pete's sake. Don't trust other people with your data. At all.

[-] tja@sh.itjust.works 14 points 4 months ago

Did you even read the article or are you just hating? There is a will known additional non profit that is well known and trusted by probably everyone that knows about it. This nonprofit is handling the anonymization.

[-] BearOfaTime@lemm.ee 12 points 4 months ago* (last edited 4 months ago)

Have you seen how many data breaches happen on DAILY BASIS?

There's a freaking community here for dta breaches, they happen so often.

Plus, Johnny boy wasn't exactly transparent about what they were doing, which is a huge part of the problem.

When people show you who they are, believe them.

load more comments (2 replies)
[-] uriel238 15 points 4 months ago

Who, exactly, trusts this third party?

I'm so used to getting treacherously betrayed by third parties distrust is my default setting.

[-] dustyData@lemmy.world 28 points 4 months ago* (last edited 4 months ago)

Maybn read the article, chill down a bit. We all hate advertisers here. Everyone trusts Let's Encrypt, they're privacy and encryption advocates who run one of the largests online certificates repository. They're a nonprofit, and they have been doing this for a decade. They're the reason the internet is a bit safer by promoting widespread implementation of encrypted traffic.

Sure, anyone can turn bad actor at any time. But this guys are starting from a really high bar and have a really strong reputation.

Add: also, this is a good step for Mozilla. We want a internet free from Google, and that includes financially. Google puts practically the totality of the money for the Mozilla foundation. Donations don't come close to the millions needed to develop and support a web browser. A direct relationship with advertisers, under Mozilla's terms and not the advertisers predatory terms, would be a good thing.

[-] mark3748@sh.itjust.works 16 points 4 months ago

Nearly everyone, would be my guess. The ISRG is the non-profit behind LetsEncrypt.

load more comments (2 replies)
load more comments (2 replies)
[-] modulus@lemmy.ml 48 points 4 months ago

This is bullshit. The total amount of advertising I want is zero. The total amount I want of tracking is zero. The total amount of experiments I want run on my data without consent is, guess, zero.

[-] verdigris@lemmy.ml 43 points 4 months ago

Then you keep blocking ads and nothing changes for you.

The backlash here is wild and completely uninformed. This is only good for consumers, the ads that this will affect are already tracking you in more onerous ways.

load more comments (3 replies)
[-] Ephera@lemmy.ml 28 points 4 months ago

Well, this isn't about you. If you're blocking ads anyways, there's going to be no data to report.

But Firefox needs webpage owners to be able to make a buck off of supporting Firefox. Otherwise, we'll see even more webpages suggesting to switch to Chrome.

[-] Tywele@lemmy.dbzer0.com 20 points 4 months ago

Then keep blocking ads and opt out of it. Not that hard isn't it?

[-] modulus@lemmy.ml 12 points 4 months ago

It's hard when I don't get told about it and find by chance.

[-] refalo@programming.dev 11 points 4 months ago

opt-out (instead of opt-in) should be illegal.

load more comments (4 replies)
load more comments (1 replies)
[-] lmaydev@lemmy.world 15 points 4 months ago

Sow do you plan to pay sites for the resources you use?

[-] modulus@lemmy.ml 12 points 4 months ago

It depends, but mostly no. And if that means some sites are not economically possible, so be it.

load more comments (1 replies)
[-] Phegan@lemmy.world 14 points 4 months ago

Do you donate to FOSS software you use?

Your options are ads or donations. As it costs money to develop and host a lot of FOSS, in our capitalist world, it's impossible to offer a service without somehow receiving money to continue to provide that service.

[-] Ledivin@lemmy.world 10 points 4 months ago* (last edited 4 months ago)

Do you donate to FOSS software you use?

I do. Are there any other strawmen you'd like to throw at me?

load more comments (4 replies)
[-] modulus@lemmy.ml 8 points 4 months ago

Yes, for example I donate to thunderbird since I find it useful. And I wouldn't mind donating to Firefox either provided they wouldn't do this sort of fuckery.

though in the long run we need to overturn capitalism of course, and that an economic model is viable doesn't mean we should sustain it or justify it.

load more comments (1 replies)
[-] addie@feddit.uk 34 points 4 months ago

Man alive, I thought that Mozilla had been doing their own Personal Package Archives so that we didn't have to deal with Ubuntu packaging it as a Snap anymore. And this is doubly disappointing.

load more comments (3 replies)
[-] ssm@lemmy.sdf.org 29 points 4 months ago* (last edited 4 months ago)

The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?)

I wouldn't trust anyone with data this valuable, and even assuming they're trustworthy now, who knows if they'll be in a year; especially with how much "interest" they gain by now handling this data.

and aggregated and anonymized there.

I'm just supposed to believe and trust that they will do that?

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party.

A "trusted third party" does not exist, and will never exist.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

Or I can tell advertisers to eat shit and give them nothing, like I've been doing my whole life. Has been working well so far.

[-] tja@sh.itjust.works 15 points 4 months ago

If you don't trust let's encrypt SSL certificates, then you probably should probably stop using the Internet to be safe, as probably more than half of all websites are using them.

load more comments (2 replies)
[-] ahal@lemmy.ca 14 points 4 months ago

Yes, all great points. But you're comparing the wrong thing. The comparison isn't PPA vs no ads. It's PPA vs being personally targeted by ad companies. It's clearly a step in the right direction.

Or I can tell advertisers to eat shit and give them nothing, like I've been doing my whole life. Has been working well so far

Now your getting it! Yes, just keep using an ad blocker and tell advertisers to fuck off! That's exactly what we can all continue doing, and this PPA stuff will have 0 impact on us. But it will improve the lives of everyone not using ad blockers.

[-] anticurrent@sh.itjust.works 25 points 4 months ago

The fact that mozilla does't understand what user consent is, is alarming about where they are heading.

[-] Treczoks@lemmy.world 9 points 4 months ago

That, and the point that ad blasters want to know the gory details of your private life in order to make their ads that one or two percent "more effective".

Does the Firefox really believe that sites will stop throwing a gazillion cookies and trackers just because they now also have PPA?

I, for my part, opt to block both the cookies and trackers as much as I can and the PPA, too.

load more comments (18 replies)
[-] possiblylinux127@lemmy.zip 21 points 4 months ago* (last edited 4 months ago)

What the heck Mozilla? The people complaining are the ones who understand it. Anyone who thinks this is ok is either a die hard Mozilla fan or doesn't understand what it does. This is targeted advertising. You know how companies target vulnerable minorities? That's what this enables. It isn't just about "privacy" as targeted advertising is dark in many other ways.

[-] smpl@discuss.tchncs.de 20 points 4 months ago* (last edited 4 months ago)

I'm not even buying the premise. Any business can look at its bottomline to see if their advertising works. If they can't, then its not working.

[-] Blisterexe@lemmy.zip 14 points 4 months ago

Yeah, but this lets them know WHAT ads are or arent working

[-] smpl@discuss.tchncs.de 9 points 4 months ago

You're in trouble already as a business, wasting a lot of money, if you don't know where your target audience is. What you argue is that this is used for a business to probe where an advertisement would work. I'd argue that that is a very expensive way of finding your target audience, because you still have to pay for all the ads that didn't work. There are much better ways of figuring out where your target audience is.

I think most people believe that this obsessive data collection is neccessary, only because Google has repeatedly painted that narrative. This better advertising is just coincidentally the form of advertising that Google is in the best position to supply.

If you carefully pick the places you advertise and do statistics on how it affect your business while a campaign runs I'm willing to bet you get a much better return. As a bonus to saving money you didn't have to shit on an important principle in democracy, the autonomy of the people, protected by something called privacy.

load more comments (1 replies)
[-] communism@lemmy.ml 17 points 4 months ago

I understand it perfectly fine thank you. This should not be a hidden opt-out option.

[-] BearOfaTime@lemm.ee 12 points 4 months ago

Well maybe if you had been fucking transparent about what you were doing, this wouldn't be an issue, you condescending, prevaricating, hubristic jackass.

[-] drspod@lemmy.ml 12 points 4 months ago

At first I thought this guy was speaking on behalf of Mozilla, but he doesn't work for Mozilla.

He works for the US government.

[-] ikidd@lemmy.world 12 points 4 months ago

Why wouldn't you bring all this up before you shove it into the browser to be discovered later, and make it the default? Whoever thought this was a good idea should be shot with a ball of their own shit.

[-] rolling_resistance@lemmy.world 8 points 4 months ago

Mozilla has been working on anonymized advertising for quite some time now, there were news and job postings.

load more comments (2 replies)
load more comments (2 replies)
[-] Emmie@lemm.ee 11 points 4 months ago* (last edited 4 months ago)

They keep saying many words waving hands frantically and people still don’t like it. I bet if they explain 10th time with colourful diagrams and 3 minute whiteboard explainer video people still won’t like it. Such an ungrateful crowd

You need hands on workshops, we will organise them with foundation budget. That will surely explain things sufficiently. We will also give out informational flyers in small communities to foster local enlightenment.

[-] possiblylinux127@lemmy.zip 7 points 4 months ago

You will be targeted and like it

1000002684

load more comments (1 replies)
[-] _core@sh.itjust.works 11 points 4 months ago

Anonymized data doesn't exist. It can always be de-anonymized.

[-] KairuByte@lemmy.dbzer0.com 15 points 4 months ago

No? If it’s anonymized to “someone somewhere clicked this ad” that’s not possible to de-anonymize.

Do I expect it to be that anonymized? No. But the idea that it is always possible to de-anonymize data is just plum wrong.

load more comments (2 replies)
load more comments (1 replies)
[-] cypherpunks@lemmy.ml 8 points 4 months ago

It has come to my attention that many of the people complaining about #Firefox's #PPA experiment don't actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it

The documentation under the "Learn more" link next to the "Allow websites to perform privacy-preserving ad measurement" checkbox in Firefox preferences explains very clearly what it is and how it works. Asserting that people who read that and are indignant about it being enabled by default just... "don't actually understand" it is absurdly insulting and basically gaslighting.

load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 13 Jul 2024
301 points (100.0% liked)

Firefox

17938 readers
2 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml