wolfFirefox enables user tracking
FuckyWucky [none/use name]“Firefox is just another US-corporate product with an ‘open source’ sticker on it.”
unlike EU-corporate products
𝘋𝘪𝘳𝘬But what are real alternatives that …
- support MV2 and MV3 WebExtensions
- are not Chromium-based
- are open source
- do not spy on users
DeliriLibrewolf, Waterfox, Mullvad, Floorp…
InterSynthThese are all Firefox forks. If Firefox is done, they’re done.
Firefox is not done. It just became spyware, but all the forks can still benefit from FOSS license of Firefox. In the same manner as Vivaldi or Brave or Ungoogled chromium etc.
This is misinformation. The setting in question is not a “privacy breach setting,” it’s to use a new API which, for sites that use it, sends advertisers anonymized data about related ad clicks instead of the much more privacy-breaching tracking data that they normally collect. This is only a good thing for users, which is why the setting is automatically checked.
It’s illegal in Europe to have an opt-out checked by default, must be an opt-in unchecked by default.
This is one of the reason that Microsoft have always troubles in Europe about privacy and opt-out services.
The Ramen DutchmanIn the EU*
Sorry to be pedantic, but the UK, Swiss etc. are all in Europe but not in the legislative region where this law applies. This even gets some people confused thinking those countries “aren’t in Europe”
That only applies to personally-identifiable information.
If it is truly anonymized then it isn’t protected under GDPR.
Which should tell you a lot; if Mozilla wasn’t confident about their anonymisation efforts their lawyers would not have allowed checked-by-default.
This does not prevent regular ad tracking, this provides additional data to advertisers. It also means Mozilla is now tracking me, and then Mozilla does this “anonymizing” on their servers. I do not trust Mozilla with this data, and I don’t trust that no way can be found de-anonymize or combine this data with other data ad networks already collect.
This is not in my interest at all. This data should not be collected. The ad networks can suck it, why should I help them?
"Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again
"No shady privacy policies or back doors for advertisers" proclaims the Firefox homepage, but that's no longer true in Firefox 128. Less than a month after acquiring the AdTech company Anonym, Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release
Advertisers can already easily get this data without this setting, and any measures you take to block ads also by definition affect this setting.
Meanwhile, if this works and becomes widely available, regulators will be able to take measures against user surveillance without having to succumb to the ad industry’s argument that they won’t know whether their ads work.
Ah yes, the hypothetical second step, in which tracking is going to be outlawed (I’m not holding my breath), except, of course, for the third party services that do the aggregating, which will “sell” (literal quote) the aggregate data, so I guess these are by semantic sophistry not adtech companies but something else.
I’m so glad this genius “plan” can be used to justify Mozilla funneling data to adtech firms right now, because in some hypothetical future timeline this somehow can be construed with a bunch of hand-waving and misdirection to be in my interest.
How about instead we have a browser that only cares about the users, and not give a fuck about adtech? Its number one goal should be to treat adtech as hostile, and fight to ruin that whole industry.
for the third party services that do the aggregating, which will “sell” (literal quote) the aggregate data
You’re saying you’re literally quoting the ISRG as going to sell the data? Because that goes directly against what I’ve read about this, which I believe says that they wouldn’t even be able to because they can’t see the data.
Ok, I misremembered it says “pay” for the aggregate results, not sell.
Our DAP deployment is jointly run by Mozilla and ISRG. Privacy is lost if the two organizations collude to reveal individual values. We safeguard against this in several ways: trust in both organizations, joint agreements, and operational practices.
A full solution will require that advertisers — or their delegated measurement provider — receive reports from browsers, select a service, submit a batch of reports, and pay for the aggregation results, choosing from a list of approved operators.
For the trial, the results for each task will be sent to Mozilla’s telemetry systems, which will be used to access aggregated statistics.
So it doesn’t say ISRG is going sell data, but the “full solution” will have other operators that get payed, i.e. they’re going to sell the aggregate data. Also, they envision multiple such operators, all of which it seems need to be “trusted”.
Ah gotcha, thanks for bringing in the source - that does come down to the ISRG selling it. The thing I’d missed in your quote is that it’s referring to aggregate data. So yeah, how that meshes with what I’ve read is that the ISRG won’t be able to view user data, but indeed the ad performance data would be sold to advertisers.
… No, it does not. The ads are currently already tracking clicks and conversions, on top of a whole boatload of other personal data. This API instead provides them with just the click and conversion data, divorced from the personal data and then aggregated with all the other site visitors.
This API instead
Instead of what? As I said, this is in addition to existing tracking, with some vague promise that if current tracking methods were banned or abandoned, this could be used instead. Except it’s not getting banned (Mozilla is not going to out-lobby Google) or abandoned (market forces prevent that), and why oh why would I want some alternative way for ad companies to get my data in that situation anyway? Let them die.
Now if another person is going to repeat this nonsense talking point, which you have picked up strait from Mozilla’s corporate PR, I’m going to lose my mind. Have some critical thinking skills. They are giving away your data right now and they give you nothing in return except a nonsense promise of a fairytale future.
Please I just want a browser that acts in the user’s interest only, does not work with Meta on adtech, and does not think it’s their duty to save the ad industry from itself.
Again, no, that’s not true. This API is only used by sites that opt into it, and in so doing, they are disabling the normal tracking which is far more invasive.
Where does it say that? How would this be enforced?
It’s enforced by the websites, they opt into this API.
I can’t find this in the announcements and stuff. Where does it say that exactly?
github.com/mozilla/explainers/…/ppa-experiment
Check out the second and third paragraphs in particular.
This initial implementation is just to test the actual API, so I don’t believe sites using it will be blocking the other tracking yet, but once this API is tested and starts to see adoption, the goal is replacing tracking with this anonymized attribution.
You said:
Again, no, that’s not true. This API is only used by sites that opt into it, and in so doing, they are disabling the normal tracking which is far more invasive.
OK, your source for this:
A full version of an in-browser attribution API will offer strong privacy protections, while providing considerable flexibility in how to measure ad performance. Our long term goal is a standardized attribution solution. We believe that a good attribution system will give advertising businesses a real alternative to more objectionable practices, like tracking, which should allow browsers to further restrict those practices.
Nowhere does it say websites are disabling other tracking methods.
It says that browsers could (maybe, in the future) restrict other methods of tracking, if this gets widespread mainstream adoption. Why are these things related exactly? Mozilla could presumably implement these tracking restrictions right now. The reason they are related in the minds and PR of Mozilla drones is that they don’t dare do this without providing an alternative for the ad industry. Their corporate overlords won’t “allow” it.
But right now, this restricts and replaces nothing, they literally are giving you vague promises about future improvements, while already collecting your data, like I said.
I will remind you that you accused others of spreading misinformation in this thread. I will accept your little mea culpa song and dance now. Gimme!
Sorry but where does it say they will disable “normal tracking” if they use this API?
In the entire pitch, the announcement, this clarification, and all the technical data? Read literally any of it again and you’ll see that this is the whole point of the API.
You are missing the point. websites WILL NOT STOP TRACKING YOU!
Nothing in this API can do that.
What do you want? A Mozilla with no income? Because then there is no libre browser.
Can you imagine a world where Linux wasn’t directly getting paid by Amazon to hook all your machines up to AWS? You can’t! And how could vim possibly be developed without dropbox integration and sponsorship, that would never work. There is no way a world exists where Krita doesn’t sell all your drawings to OpenAI, how are they going to make any money?
None of these nice things could exist if they weren’t selling out their users, that’s just reality.
Yes I get your point. Some software can run without a large income stream, on a volunteer basis.
You’re using that fact to say that Firefox also can. And if you care to look at my profile you’ll see I’ve argued time and time again that Mozilla is an overblown organisation and should be slimmed down to a couple of hundred, working solely on the browser.
I doubt, however, that you can build a modern, up-to-date browser on a volunteer basis.
How many full-time people do you think it takes?
Linux has full time developers. Blender has full time developers. Lots of other projects have full time developers. They still don’t sell my data to Google.
A web browser is a very visible piece of software, relied upon by end users, businesses and governments alike. I’m sure enough people and organizations would donate their time and money to fund this, if it existed.
𞋴𝛂𝛋𝛆Are you trying to tell me that the host server is showing the ad, because last I checked, with my whitelist firewall, I never see ads because all ads are links to the ad server you are actually visiting. It is no different than opening up the webpage and connection to them. They get all the same fingerprinting info.
I’m not saying one way or another here, but there is no such thing as anonymous data collection. It only takes 2-3 unique identifiers to connect a person between a known and anonymous data set and there are almost always quite a few more unique identifiers than this in any given dataset. When I hear anyone say stalkerware is anonymous, I assume they are no longer just a privateer of a foreign drug cartel level state, instead they are full blown slave trader pirates fit for the gallows or worse.
… No, I’m saying that a given site hosts the specific instance of an ad. That site has control over what the ad can harvest, and if they’re opting in to this PPA API, that information will be anonymized and much more limited than it currently is.
… first of all, providing a new API to give out information about me is not a good thing in my mind.
Second, this would be the first time in human history, they advertisers would not simply add that APIs information to everything else they aggregate including fingerprinting of your browser.
So, serious question: How is this good for me?
It does not collect any more information about you. It provides far less information than pretty much every ad is already collecting, and that information is anonymized. It does not affect ad blocking solutions.
So, serious question: what are you not understanding here?
… as already mentioned above:
MentalEdgeThe way it works is supposed to anonymously allow the measuring of advertising performance. Which ads do well with which kinds of users. Instead of tracking each individual user this tracks context, meaning what site the ad was seen on etc. Thereby providing a way to know what kinds of ads work with what kinds of users without profiling every individual in the world.
That is what it’s supposed to do. Data still goes to an allegedly “trusted third party” (let’s encrypt, apparently) which then does this anonymization.
The idea is a lot less egregious, but it’s still only a good idea assuming you agree ads would be a good and ethical way to make the internet go round, if only they weren’t profiling everyone. I don’t.
Yeah the title of the post makes it sound much worse than what it seems to be in practice? Maybe I’m just naive
I think this a problem with applications with a privacy focused user basis. It becomes very black and white where any type of information being sent somewhere is bad. I respect that some people have that opinion and more power to them, but being pragmatic about this is important. I personally disabled this flag, and I recognize how this is edging into a risky area, but I also recognize that the Mozilla CTO is somewhat correct and if we have the option between a browser that blocks everything and one that is privacy-preserving (where users can still opt for the former), businesses are more likely to adopt the privacy-preserving standards and that benefits the vast majority of users.
Privacy is a scale. I’m all onboard with Firefox, I block tons of trackers and ads, I’m even somebody who uses NoScript and suffers the ramifications to due to ideology reasons, but I also enable telemetry in Firefox because I trust that usage metrics will benefit the product.
macnielSo you didn’t care reading up what PPA is, eh?
The original mastodon post was with more details, and some drama, but the guy is trying to spam this link everywhere he can. so desperate for attention. lol
I think it’s a valid news to spread here.
A Word About Private Attribution in Firefox - feddit.nl
Copied from reddit: > Firefox CTO here. > > > > There’s been a lot of discussion over the weekend about the origin trial for a private attribution prototype in Firefox 128. It’s clear in retrospect that we should have communicated more on this one, and so I wanted to take a minute to explain our thinking and clarify a few things. I figured I’d post this here on Reddit so it’s easy for folks to ask followup questions. I’ll do my best to address them, though I’ve got a busy week so it might take me a bit. > >The Internet has become a massive web of surveillance, and doing something about it [https://www.mozilla.org/en-US/about/webvision/full/#privacy] is a primary reason many of us are at Mozilla. Our historical approach to this problem has been to ship browser-based anti-tracking features designed to thwart the most common surveillance techniques. We have a pretty good track record with this approach, but it has two inherent limitations. > >First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win. Second, this approach only helps the people that choose to use Firefox, and we want to improve privacy for everyone. > >This second point gets to a deeper problem with the way that privacy discourse has unfolded, which is the focus on choice and consent. Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up. > >Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away. A mechanism for advertisers to accomplish their goals in a way that did not entail gathering a bunch of personal data would be a profound improvement to the Internet we have today, and so we’ve invested a significant amount of technical effort into trying to figure it out. > >The devil is in the details, and not everything that claims to be privacy-preserving actually is. We’ve published extensive analyses of how certain other [https://mozilla.github.io/ppa-docs/topics.pdf] proposals [https://mozilla.github.io/ppa-docs/protected-audience.pdf] in this vein come up short. But rather than just taking shots, we’re also trying to design a system that actually meets the bar. We’ve been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark. > > This work has been underway for several years at the W3C’s PATCG [https://patcg.github.io/], and is showing real promise. To inform that work, we’ve deployed an experimental prototype [https://github.com/mozilla/explainers/tree/main/ppa-experiment] of this concept in Firefox 128 that is feature-wise quite bare-bones but uncompromising on the privacy front. The implementation uses a Multi-Party Computation (MPC) system called DAP/Prio (operated in partnership with ISRG [https://blog.mozilla.org/en/products/firefox/partnership-ohttp-prio/]) whose privacy properties have been vetted by some of the best cryptographers in the field. Feedback on the design is always welcome, but please show your work. > > The prototype is temporary, restricted to a handful of test sites, and only works in Firefox. We expect it to be extremely low-volume, and its purpose is to inform the technical work in PATCG and make it more likely to succeed. It’s about measurement (aggregate counts of impressions and conversions) rather than targeting. It’s based on several years of ongoing research and standards work, and is unrelated to Anonym. > > The privacy properties of this prototype are much stronger than even some garden variety features [https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint] of the web platform, and unlike those of most other proposals in this space, meet our high bar for default behavior. There is a toggle to turn it off because some people object to advertising irrespective of the privacy properties, and we support people configuring their browser however they choose [https://www.mozilla.org/en-US/about/webvision/full/#agency]. That said, we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here. > > Digital advertising is not going away, but the surveillance parts could actually go away if we get it right. A truly private attribution mechanism would make it viable for businesses to stop tracking people, and enable browsers and regulators to clamp down much more aggressively on those that continue to do so.
jherazobThis is after they bought an ad company last month, Mozilla is compromised now
Mozilla is an advertising company now
This seems completely normal and cool and not troublesome in any way. Mozilla has acquired Anonym, a [blah blah blah] raise the bar for the advertising industry [blah blah blah] while delivering effective advertising solutions. [...] Anonym was founded with two core beliefs: [blah blah blah] and second, that digital advertising is critical for the sustainability of free content, services and ...
A bunch of Firefox devs need to leave Mozilla, fork it and start up an actual non-profit not based around monetization. I would happily donate monthly if I knew it were going to Firefox development, instead of the dozen other things Mozilla spends its money on. I’m sure I’m not alone.
You’re definitely not alone. If this happens and it becomes some major news in the community, I’m sure many people would support this.
Proton did something similar.
This poll shows promise: mastodon.neat.computer/@jonah/112654592627487236
Jonah Aragon (@[email protected])
Okay, lots of talk about Mozilla becoming an ad company (ew). Out of curiosity, *approximately* how much would you honestly pay for an open-source, privacy-respecting, bloat-free web browser? Something like Firefox, if you knew your money was 100% going towards Firefox development and not the pockets of Mozilla execs or their Pocket/AI/AdTech side ventures. #mozilla #browser #privacy #firefox #chrome [ ] $0 [ ] $5/month [ ] $10/month [ ] $15/month [ ] $20+/month
I think I would literally pay for a proton browser, if it isn’t just chromium.
All of these claims clash with the reality of so many core open source projects, used by private users and massive corporations alike, that rely on single voluntary developers or super small groups which receive no flowers and no donations.
yea. but they get to claim like they fund the opensource world. like come on… stop posting fake funding claims on an anonymous forum and hire yourself a developer team if you’re so invested in this.
But whaa… developers salary aren’t funded by your $2 dollar donations, even with 100s of donations. oh geez… who woulda thought.
In general I agree: Open source projects are super hard to monetize and too much work does not get donations, flowers or even thanks.
For Firefox specifically I am not so sure, especially when Thunderbird seems to be doing good with their donation based model.
As long as Firefox is run by Mozilla throwing millions at their incompetent leadership, I will not donate a cent to Firefox.
If Firefox would get forked by some developers I’ll happily donate money to them and given Firefox high visibility/importance, this might work out, like Thunderbird did.
There are some Firefox forks, but they tend to get outdated… / have slow update cycles
I like floorp
NaNYou can’t donate a cent to Firefox anyway, the Mozilla Corporation does not accept donations. Thunderbird is also developed by a for profit company under the Foundation, but does accept non-tax-deductible donations.
Is Librewolf already a Firefox without ad companies colonization ?
tmpodLibreWolf is little more than a custom config for Firefox, they don’t do actual development on the engine, which is the important and very technically laborious part.
In the meantime you can give a look to Servo project. If Servo is clean for you, you can support them.