Author Topic: heads-up: Firefox 128 and Privacy-Preserving Attribution  (Read 3267 times)

0 Members and 2 Guests are viewing this topic.

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 8131
  • Country: de
  • A qualified hobbyist ;)
heads-up: Firefox 128 and Privacy-Preserving Attribution
« on: July 15, 2024, 12:10:03 pm »
After buying Anonym (AdTech company) Moziila added an experimental tracking feature called Privacy-Preserving Attribution (PPA) to Firefox 128. It's enabled by default. :--

Mozilla's post on PPA (and how to disable it):
- Privacy-Preserving Attribution (https://support.mozilla.org/en-US/kb/privacy-preserving-attribution)

And a some criticism:
- "Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again (https://blog.privacyguides.org/2024/07/14/mozilla-disappoints-us-yet-again-2/)
 
The following users thanked this post: coromonadalix, Gyro, radiolistener, Exosia

Offline Infraviolet

  • Super Contributor
  • ***
  • Posts: 1139
  • Country: gb
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #1 on: July 15, 2024, 12:39:44 pm »
I would guess Firefox's ESR (Extended Support Release) version might not be affected by this? ESR doesn't usually get caught up in scandals involving unwelcome new "features" or compatibility destroying changes, I'm up to date with ESR and see no settings relating to this PPA concept.

Note: you have to hunt around on Mozilla's website for the ESR download, on most Linux distros you have to download ESR yourself and install it as a deb file or extracted tar file (can't rememebr which it was,  it sits as a folder within /home/$my_user/Desktop/ and runs fine, I had to manually create taskbar launchers for it), after which it can update itself. You won't usually find FF ESR in the Linux repos.
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 8131
  • Country: de
  • A qualified hobbyist ;)
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #2 on: July 16, 2024, 10:59:20 am »
A response from Firefox CTO Bobby Holley:
- A Word About Private Attribution in Firefox (https://old.reddit.com/r/firefox/comments/1e43w7v/a_word_about_private_attribution_in_firefox/)

He's blaming the advertising industry. And most users click 'accept' anyway.

And if you like to know what Mozilla is working on:
- Here’s what we’re working on in Firefox (https://blog.mozilla.org/en/mozilla/heres-what-were-working-on-in-firefox/)

No word about PPA.
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1335
  • Country: pl
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #3 on: July 16, 2024, 11:07:33 am »
This is one of the moments I can’t openly criticize Mozilla despite the idea is awful. The alternative is orders of magnitude worse and there is no other effective moves to dig out of this hole. Sometimes one has to choose lesser evil.

I want to make it perfectly clear: I do not like the idea. I do consider it a privacy invasion. I do find opt-out policy to be ethically problematic. I did turn off PPA myself.

But we are facing a reality. A reality in which people, who want your data, do not share my values regarding privacy.(1) They will not listen to demands and will at best make some token gestures. Majority of people simply do not care. And don’t understand privacy either. There is no way to count on lawmakers and authorities: they either are in both of the camps above, or don’t see the subject as something buying them voters and worth taking strong positions.(2) Nobody comes with any realistic idea to change that.

With that as the background, the next sane choice I see is offering a less harmful option, which is viable, may be acceptable to many data consumers, and its potential rejection may be weaponized.(3) If accepted, this is even better: it both shifts power away from current privacy invasion moguls and makes data consumers dependent on browser vendors. Bonus: Mozilla may get more money.

Yes, it’s a crappy move. But if dipped nose-deep in a cesspool, I’m not going to criticize an offer of just having poop on my soles.


(1) Unless this is their privacy, of course. ;)
(2) And please, don’t even start with some marginal, minority representatives.
(3) Take opponent’s rhetorical claims literally and provide a solution: then you disarm the opponent. It doesn’t matter the solution was never needed in the first place, because the move is aimed at persuading the observers, not debate participants. In this case it may even be used as an accusation.
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline digger

  • Regular Contributor
  • *
  • Posts: 70
  • Country: us
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #4 on: July 16, 2024, 12:53:06 pm »
https://ffprofile.com/

start over with a fresh profile. use temporary containers and cookie autodelete, too :)
it's awesome
 
The following users thanked this post: spostma

Offline RoGeorge

  • Super Contributor
  • ***
  • Posts: 6701
  • Country: ro
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #5 on: July 16, 2024, 01:02:39 pm »
Dunno if the following quote is true, but if it is...  ;D

Quote
Titus431 says:   
July 14, 2024 at 8:05 am

$500 MILLION per year.

That’s what Google PAYS Mozilla.

Annually. And Mozilla is a not-for-profit. No taxes on that donation.

Thinking they’re somehow independent or “just suddenly” not privacy focused as much is absurd.

Mozilla has been a subsidiary of Google for YEARS. Just not in the traditional corporate sense.
Source:  https://hackaday.com/2024/07/14/ask-hackaday-has-firefox-finally-gone-too-far/#comment-6775845

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 8131
  • Country: de
  • A qualified hobbyist ;)
 
The following users thanked this post: RoGeorge

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 8131
  • Country: de
  • A qualified hobbyist ;)
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #7 on: July 16, 2024, 05:33:56 pm »
More details:
- Experiment: Privacy-Preserving Attribution Measurement API (https://github.com/mozilla/explainers/tree/main/ppa-experiment)

And some hypocrisy about the opt-out:
- what happens on opt-out? (https://github.com/mozilla/explainers/issues/11)

Not really disabled, just sending zero values. :--
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15252
  • Country: fr
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #8 on: July 16, 2024, 09:52:26 pm »
Mozilla's finances are obviously public and the reports can be freely downloaded. Nothing is hidden. Yes, they get most of their revenue from Google.
And if you have a look at how they spend their revenue, you'll be in for a surprise as well.
 
The following users thanked this post: golden_labels

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1335
  • Country: pl
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #9 on: July 17, 2024, 05:22:07 am »
Most Mozilla gets from sending zero values is knowing, that you use Firefox. Given the default configuration and how most people use the browser, they are being notified anyway. For example through using AMO or due to captive portal detection.

With the feature always reporting nobody along the route can use metadata analysis to tell, whether the value is 0, 1, or it is disabled. This is similar in concept to a randomized response survey, where the ISP and governments are considered the adversaries. Of course the adversary may analyze other metadata to reveal this information, but this is possible equally with and without PPA and regardless of its configuration.

The main issue I see is that the system creates a single point of failure. Accessing the data by unauthorized parties(1) is a minor concern, because the other option is only slightly less bad. What I’m more worried about is FUD. It’s easy to pollute data in that system or at least give impression that has happened. And then the attacker can argue their own solution is better, because $black_magic, and biometrics, and AI.


(1) Both organizations involved are directly vulnerable to US laws and pressure.
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline Marco

  • Super Contributor
  • ***
  • Posts: 6921
  • Country: nl
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #10 on: July 17, 2024, 09:07:02 am »
Funny the ISRG is collaborating, just goes to show non profits always go to shit, nearly no exceptions. They could have saved up the Google Billions for an endowment to fund development indefinetely, but big manager salaries need big expenditures to justify so they pissed it all away.

We got lucky Google paid for development while they were pissing, but our luck ran out. I hate that Apple is the only viable ecosystem.

PS. the zeroes isn't really a problem for me and I'll keep using it as long as they can pay enough devs to keep it functional, but this is clearly a death spiral.
« Last Edit: July 17, 2024, 09:16:08 am by Marco »
 

Offline Marco

  • Super Contributor
  • ***
  • Posts: 6921
  • Country: nl
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #11 on: July 17, 2024, 04:20:11 pm »
Oh, I was overly generous to Apple. They have the same thing enabled by default.
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 8131
  • Country: de
  • A qualified hobbyist ;)
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #12 on: July 17, 2024, 06:20:52 pm »
Disabling Firefox’s “privacy-preserving ad measurement” by default or before upgrading to Firefox 128: https://michael.kjorling.se/blog/2024/disabling-privacy-preserving-ad-measurement-in-firefox-128/
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 8131
  • Country: de
  • A qualified hobbyist ;)
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #13 on: July 17, 2024, 07:00:19 pm »
I would guess Firefox's ESR (Extended Support Release) version might not be affected by this? ESR doesn't usually get caught up in scandals involving unwelcome new "features" or compatibility destroying changes, I'm up to date with ESR and see no settings relating to this PPA concept.

Sorry, ESR 128 includes PPA.

Note: you have to hunt around on Mozilla's website for the ESR download, on most Linux distros you have to download ESR yourself and install it as a deb file or extracted tar file (can't rememebr which it was,  it sits as a folder within /home/$my_user/Desktop/ and runs fine, I had to manually create taskbar launchers for it), after which it can update itself. You won't usually find FF ESR in the Linux repos.

Please see https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr. For Debian: apt install firefox-esr.
 

Offline Marco

  • Super Contributor
  • ***
  • Posts: 6921
  • Country: nl
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #14 on: July 20, 2024, 12:24:04 pm »
I think Mozilla made the wrong argument, they should have simply argued that Apple is the defacto standard for the most level of privacy you can get away with by default.

By setting a default level beyond that of Apple with very little market share they run the risk of being blocked entirely.

PS. obviously for non default use you can't really beat Apple's Private Relay with Privacy-Preserving Attribution turned off. There's nothing else like it, on top of Safari being the hardest to fingerprint. Apple doesn't seem to want to antagonize the whole industry by pushing that as a default though, got to leave some crumbs.
« Last Edit: July 20, 2024, 12:29:59 pm by Marco »
 

Offline Infraviolet

  • Super Contributor
  • ***
  • Posts: 1139
  • Country: gb
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #15 on: July 20, 2024, 09:50:09 pm »
ESR isn't at 128 yet, it's still at 115.13.0 on my system and showing as fully up to date.
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 8131
  • Country: de
  • A qualified hobbyist ;)
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #16 on: July 21, 2024, 09:58:34 am »
However, you can download 128 ESR at https://www.mozilla.org/en-US/firefox/all. Select 'Firefox Extended Support Release' and '128.0esr'.
 

Offline coromonadalix

  • Super Contributor
  • ***
  • Posts: 6564
  • Country: ca
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #17 on: August 08, 2024, 11:32:12 am »
128.1.0esr ...

you can select 115.14.0esr ...
 

Offline Gyro

  • Super Contributor
  • ***
  • Posts: 9914
  • Country: gb
Re: heads-up: Firefox 128 and Privacy-Preserving Attribution
« Reply #18 on: August 08, 2024, 04:44:18 pm »
Partly prompted by this thread, I installed LibreWolf last night. So far I like it, it gets rid of a bunch of extra stuff that I don't use anyway (pockets etc), Any references to Google services, secure search etc., and of course telemetry and PPA. Some of this can obviously be done by advanced settings in Firefox, but it seems a lot easier and should stop stuff getting enabled again.

My browsing experience doesn't seem to be affected, about the only annoyance is that it won't start in full screen (something to with anti fingerprinting or canvas access I think). One upside on my Linux Lenovo laptop is that trackpoint scrolling is way smoother than in Firefox (???, that was my wife's biggest complaint about switching to Linux!).
Best Regards, Chris
 
The following users thanked this post: coromonadalix


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf