|
If you are concerned about PPA aka Privacy-Preserving Attribution in Firefox, please take a deep breath, and then read https://www.reddit.com/r/firefox/comments/1e43w7v/a_word_about_private_attribution_in_firefox/ It's posted on Reddit to make it easy for folks to engage in conversations. So I invite you to participate there if you want to. But please remember that Mozilla Employees with a fancy green badge on that subreddit are humans, too. :8bitheart: 68 comments
And yet this privacy invasion wasn't announced or discussed ahead of time, wasn't explicitly presented to the user, and was opt-in by default. These are classic signs of a company who knows what they're doing is wrong, and want to see if maybe they can get away with it. There is no such thing as "privacy-preserving" ad tech. This is a betrayal of the Firefox userbase, and pretending otherwise is disingenuous at best. @narinarinari Except it was announced - two years ago, even on the mainline Mozilla blog (you just didn't care enough to interact with it). And except it is privacy-preserving (if you disagree, then please, publish an article showing how DAP can be reversed or somehow de-anonymized!) If we wanted to hide it, we'd have hundreds of different ways to do that. None of which would include "adding a visible toggle to the settings", and "add it to the release notes". @narinarinari And I'm just gonna ignore your "opt-in by default" argument, as that has been addressed multiple times now. If you wanna disagree with that, fine, that's your opinion, but I don't see a need to repeat what's been said way too many times already. Dude, I'm already trying to figure out how to move away from Firefox entirely, so I don't really care anymore. Mozilla's been in a death spiral for years, and if this isn't the thing that finally kills people's trust, it'll be the next unwanted, un-asked for, only helps advertisers, opt-in-by-default nonsense y'all jam in there next. All I want is a browser that doesn't sell me to the highest bidder, but apparently that's too much to ask. That's a whole other clusterfuck, but yeah, that'd be nice. Unfortunately, as far as I can tell, there are no good privacy-focused browsers left. There are some new browser projects in the works (I think one is called Ladybird?) but who knows what will come of them, or whether they'll also sell out their users for cash. This Internet shit has become a real bummer.  The wording of your reply implied it's not "opt-out" and that the person asking about it was wrong. Yet it's easily verified it is enabled as soon as Firefox updates itself to version 128, with no user action required. I just verified that myself on one of the computers where I'm not running ESR. If you meant "opt-out is fine, it doesn't bother me", then I think far from dismissing it, you've confirmed that Mozilla's entrenching on this issue and it's serious. “But the plans were on display…” “On display? I eventually had to go down to the cellar to find them.” “That’s the display department.” “With a flashlight.” “Ah, well, the lights had probably gone.” “So had the stairs.” “But look, you found the notice, didn’t you?” “Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.” @narinarinari I don't know what more you expect besides public GitHub repos, public bugs, a blog post on the main Mozilla blog (not even a sub-blog or a niche-audience blog like hacks.mozilla.org), and a release note. Maybe a flyer delivered into your postbox? Who knows. Anyway, sorry we're not able to beam information directly into your brain. You do realize that just knowing what a Github repo is, or where Mozilla's official blog is, puts you and I in a group consisting of 0.000000001% of the userbase for most software, right? The only place most people will see anything like this is if -- if -- the company is kind enough to notify them *when they open the app*. Otherwise, it's absolutely invisible. And you all aren't dumb. You know this. Which is why you opted everyone in, and didn't put it on the upgrade splash screen. @narinarinari Every time we put anything in front of the user after any updates, y'all on social media go full rage mode, too. No matter how we handle this, there's always a large group of people yelling at us. Bobby explained in his Reddit post why we decided to make this opt-out. If you disagree with that, that's your good right. I can't convince you otherwise, and if you want to act like this is a big conspiracy, so be it. Nothing we could say will change that. @denschub If you don’t want users to be upset at your choices, maybe don’t make choices that harm them? What’s more, there’s a pattern here. Mozilla only continues to exist because Google, the world’s largest ad company, keeps it alive. Mozilla has also recently purchased an ad company, so is actively part of that toxic market. And you partnered with Meta of all untrustworthy, data hungry ad companies on this nega-feature. Gee, I wonder why people are upset.  @denschub @narinarinari @denschub @narinarinari “No matter how we handle this, there's always a large group of people yelling at us.” you’re so close @narinarinari @denschub If you can put sponsored links on my home page you can notify me that you're collecting PPA ad dara Ah yes, let's #gaslight the #Firefox userbase because we don't want to admit that #Google asked us to make this update and we are doing it because we get 80% of our revenues from Google. And Google asked us to do this because #Chrome is doing the same thing and #browser users cannot be allowed to have a real choice to not participate in the advertising ecosystem. Can we say #Cartel at this point?  @denschub @narinarinari I don't install my copy of Firefox through a blog. My copy of Firefox is silently updated in the background by my operating system. I allow this because I assume that Firefox updates will often contain critical security fixes, but will never contain nasty surprises such as backdoors for advertisers which passes them information about the things I see while browsing. I shouldn't *have* to "care" what's happening on the Firefox blog to prevent my privacy being violated. @mcc I will be honest, I have a bit of a hard time interacting with you after your earlier post announcing that you consider differential privacy "fake". I have no problems admitting that I don't fully understand everything that goes into it - but I'm also not a privacy expert. I do know, however, that the folks working on this are very skilled, and I also know that there has been no documented method of de-anonymizing data. @mcc If you could demonstrate that this is actually a "fake" privacy technology, I'm 100% confident our folks will make adjustments to that immediately, or cancel it outright. But without some actual facts to argue about, this all seems a bit like we're yelling at each other, which I'm not a huge fan of. @denschub Tracking by ad corporations in the modern era is done by aggregating data from various sources— fingerprinting, cookies where available, data purchased from brokers. In many cases, the information is limited or ambiguous. Firefox's ad measurement is one additional piece of information they can add to the pile. Firefox applies "Differential privacy" to make it more ambiguous. But they're already investing in using statistical methods to de-ambiguate and de-anonymize data. @denschub It doesn't matter if I can, at this moment, find a deanonymization attack on Firefox PPA. It matters if marketing firms or nation-states can find one. If they do find one, they won't be sending you a nice email telling you about it. Given all this I feel "privacy-preserving" is a deeply dishonest descriptor, and differential privacy—made of advanced math, something most consumers are not good at—creates in the consumers' mind a perception of certainty that you cannot actually provide. @mcc @denschub calling something "privacy-preserving" because it prevents individual re-identification is misleading, because most privacy issues are group level and most privacy harms are perpetrated by classifying someone as a member of a group DP is great for browser telemetry when you want to know that someone's browser crashed doing some specific thing but you actively don't want to know who it was—but it's not a good fit when the recipient of the message has a motivation to discriminate  @mcc @denschub the ‘yet more’ is what gets me. this whole thing seems to rely on some pie-in-the-sky belief that ad tech is going to stop doing all the invasive shit they’re doing now in favor of this opaque, trust-us-it’s-not-invasive-despite-the-invasive-launch ‘feature.’ with no reason to believe this is true, ff can only be adding to their data stash. and yes, dennis, i’ve read your opinions on these points here & on reddit. they have only further eroded my trust in mozilla. it’s damning.  @brhfl @mcc @denschub we want to be clear, we were a party to the early strategy discussions on this stuff in our time at Google (yes, that was five years ago; yes, it's taken quite a while to gain the traction the company wanted) and it's a desperate play BY the ad industry. the public should not go along with it. This is a #FalseDichotomy intended to #gaslight the users. There is always the choice of simply not including any #adtech at all in #Firefox, which would be the highest level of #PrivacyProtection, but of course you are ignoring that option.  @mcc @denschub @narinarinari i'm done with google and firefox any decent browser recommendations?  @denschub @narinarinari I'm a huge advocate for Firefox, follow Firefox news and read the blog, and if I read what you're referring to 2 years ago, I promptly forgot it. So here's me, exasperated, following multiple Firefox devs, hoping for future communication from the Foundation to be much more transparent. Even if it was abject nonsense, Google still flashed up an explanation and choice for the new privacy sandbox. But the plans were on display…” @zens wow, such a unique and never before done quote! https://mastodon.social/@narinarinari/112792362678193522  @zens @denschub yeah, “our surveillance capitalism is cryptographically secure” is one hell of a take that the spyware division at the raspberry pi foundation would get behind. so at a certain point “open” doesn’t necessarily mean “good intentions”, which is what both the mozilla and raspberry pi communities expected from each and were let down by each. @denschub @narinarinari there’s no such thing as a privacy preserving privacy violation. that’s a contradiction. and all so called “anonymising” technologies are as fake as carbon capture tech, and offset credits Read the #Firefox CTO's reddit note. The words that come to mind: "#mealymouthed" and "#gaslighting the userbase". Adding ways to track user behavior, anonymous or not, is the opposite of privacy protection. Pleading that this way gives an outlet for advertising "safely" is gaslighting. FF didn't have to do this. & opt-out? That's just #Evil. But we get it, the masters of #Mozilla are the main funders - Google, not Firefox users. At least have the courage to own it.  @narinarinari @denschub reddit is a poor choice and exclusionary since they threw out any mods for lackeys in prep for ipo, seems to be pr managed by the mealymouthed opening lines too. "It’s clear in retrospect that we should have communicated more on this one, and so I wanted to take a minute to explain our thinking and clarify..." uh huh, corporatespeak is shibboleth. @engarneering The mods of r/Firefox are still the original mods from before the blackout etc. None of the mods are Mozilla-staff, btw - and quite often, they don't do what we (Mozilla) want. Which is fine - because that subreddit is a community resource. If you have factual concerns or suggestions, the GitHub repo hosting the explainer (https://github.com/mozilla/explainers/tree/main/ppa-experiment) also has an issue tracker. @denschub sorry, dont mean to dogpile, but reddit is inaccessible to me since their changes. Just my opinion, sorry for your rough pr day i hope people are kind because we like firefox, but the situation, it dont smell good. @engarneering Nah, I get it. I'm not a huge fan of Reddit myself either, but I could find something bad to say about literally any platform. You could argue that this should have been on https://blog.mozilla.org, but that blog currently doesn't support comments. Folks decided that offering people an easy way to have a conversation is more important than maximizing reach, especially since we all know full well that this will be linked everywhere anyway.  @denschub Reddit was a stupid place to have this discussion, especially if you want to portray yourselves as aware of digital rights issues... @PurpleBooth Mastodon is kinda bad at showing all replies to a post, but I already answered this: https://mastodon.schub.social/@denschub/112792434656855524 and my previous reply in that thread. @denschub why did you unilaterally decide to use my computing power to help advertisers, without concent. Without notification to me about an additional data processor that was handling my data, working with a company that is known to systematically undermine privacy. You say in your readme it's not really valuable to users only advertisers From the reddit post: "Most users just accept the defaults they’re given" [...] "There is a toggle to turn it off because some people object to advertising irrespective of the privacy properties" Bad defaults are only bad if other people set them. @denschub hmmm  @denschub If you’re not a logged in reddit user, you can only see the op and a few comments. Not a super way for everyone to see and participate. @kataclyst hm, odd, I can see the entire discussion in a private window. Old Reddit still works, tho. https://old.reddit.com/r/firefox/comments/1e43w7v/a_word_about_private_attribution_in_firefox/ @denschub I am using Firefox for iOS with Adblock plus. I see two comments, and then a thing that says, “Login to Reddit or make an account…” Human to human, you're getting #slaughtered in the comments cuz you're arguing on behalf of #Mozilla, defending an #indefensible position for #firefox changes. Some #PTSD is possible from the discourse. The incentives for the CEO & CTO, paid $millions & responsible for the org as a whole are completely different from those for you as an individual. The best option for you, IMHO, is to recognize when your employer's policies are problematic and simply not engage the #public.  Bottom line: adding #ppa as an opt out feature without proactively informing their users was a dick move. The non apology that followed does nothing to alleviate that slight or restore trust. The whole thing is a communication and public policy failure. #Mozilla is just another company releasing a product we have to continually check and be wary of. That shit is tiresome and it’s extremely disappointing from them. They can wipe that lie about respecting privacy off their website. |
Gregory's Server
@denschub Don't have a reddit account, but making it opt out is a big nono.