… I mean, WTF. Mozilla, you had one job …
People should just use LibreWolf at this point
Be careful what you wish for. Firefox needs income and without audience for Firefox, Firefox is no more and then LibreWolf is no more.
But Firefox is open source, though. It’s not going to disappear just like that.
@laughterlaughter @sunbeam60 Yeah Palemoon web-browser still exists forked off from a very old Firefox…
I think Mozilla could find another way of getting profit without without tracking its users or depending on Google’s funding.
I wish they had a mobile app!
I’ve enjoyed Mull as an Android alternative https://gitlab.com/divested-mobile/mull-fenix
“Firefox is just another US-corporate product with an ‘open source’ sticker on it.”
unlike EU-corporate products
But what are real alternatives that …
- support MV2 and MV3 WebExtensions
- are not Chromium-based
- are open source
- do not spy on users
Librewolf, Waterfox, Mullvad, Floorp…
These are all Firefox forks. If Firefox is done, they’re done.
Firefox is not done. It just became spyware, but all the forks can still benefit from FOSS license of Firefox. In the same manner as Vivaldi or Brave or Ungoogled chromium etc.
anyone who cares about privacy is running ublock and/or umatrix anyway so it’s negated.
This helps you not seeing ads, it does not help you being tracked.
What?
uBO absolutely helps against tracking. It is at least half of its reason for existing.
The two primary lists are an (1) an ad block list (2) an anti-tracking list.
And used in medium or hard mode uBO categorically blocks many methods of tracking.
But also, if you use Firefox, this is layered on top of Enhanced tracking protection, blocking of 3p tracking cookies, and total cookie protection (dfpi)
Kinda, we’re all a little confused here.
uBlock will stop websites from tracking you.
uBlock will not stop your browser from tracking you
That’s true, but this feature doesn’t involve your browser tracking you or profiling you. It only relates to anttribution. And if you don’t trust that, it’s an easy 1-click opt out.
There is a good high level explainer here: https://andrewmoore.ca/blog/post/mozilla-ppa/
This is misinformation. The setting in question is not a “privacy breach setting,” it’s to use a new API which, for sites that use it, sends advertisers anonymized data about related ad clicks instead of the much more privacy-breaching tracking data that they normally collect. This is only a good thing for users, which is why the setting is automatically checked.
It’s illegal in Europe to have an opt-out checked by default, must be an opt-in unchecked by default. This is one of the reason that Microsoft has always troubles in Europe about privacy and opt-out services.
If it is truly anonymized then it isn’t protected under GDPR.
Which should tell you a lot; if Mozilla wasn’t confident about their anonymisation efforts their lawyers would not have allowed checked-by-default.
PII is being processed, even if it’s not being sold to advertisers. The underlying protocol works based on some session identifiers that uniquely identify a device to the aggregators. I don’t think that’s GDPR proof per se.
I don’t think any DPA will have a problem with this system assuming they implement their side of the system correctly, but I wouldn’t be too sure about Mozilla following the GDPR. They’ve defaulted to a lot of data collection without explicit consent over the years.
In the EU*
Sorry to be pedantic, but the UK, Swiss etc. are all in Europe but not in the legislative region where this law applies.
This even gets some people confused thinking those countries “aren’t in Europe”, which is why I wanted to correct this.
For what it’s worth, the UK still has the GDPR-derived law, though the decisions by the EU courts may no longer affect execution of it. Plenty of non-EU European countries, though.
That only applies to personally-identifiable information.
The data is still collected, it’s just being collected by Mozilla now. For this system to work, Mozilla will need to filter out bots and click farms at the very least. If they don’t, they may as well not collect this stuff at all. Without bot analysis, a cheap botnet can easily take out a competitors entire marketing budget by simply sending fake ad impressions.
I don’t see why I should trust Mozilla to collect all of this data to be honest. I trust them more than most advertisers, but they did acquire an advertising company, so who’s to say they’re not going to data mine this stuff and turn into the thing they promised to defeat? It happened to Adblock Plus and Ghostery, it can happen to Mozilla too.
The CEO’s explanation (“it’s too complicated to explain so we just silently enabled it”) sucks. Firefox has tons of data collection stuff where they just show a little top bar with a quick description and a button to go to the settings, they could’ve done the same here. The way they approached it feels like an attempt to smuggle it into non-techie Firefox installs in my opinion. Not being able to explain the benefits of this new form of data collection to the end user is no reason to make the feature opt out. Every update, Firefox opens a new tab to collect telemetry on browser update stats (and to inform me about “great new features”), if they can push a full screen explainer about “we added some coloured themes” they can also push an explainer about the ad tracking feature they just added.
Ask yourself this: Would you rather trust this data with Google or with Mozilla? Because if Mozilla needs income to maintain a libre alternative, they need to have a measured audience. Doing it in an anonymous way we can verify is better than letting Google and ad agencies do their level best to deanonymize you.
Ask yourself: Has Firefox even the expertise/man power to pull this off in a secure way or not? I’d rather have Google collect data, because they know how to protect their crown jewels and have a track record.
Mozilla demonstrated in the last decade that most of their projects are failures and they have neither the expertise nor manpower to pull something like this off.
Each to their own; may I suggest our friend and saviour Google Chrome? 🤣
Are you trying to tell me that the host server is showing the ad, because last I checked, with my whitelist firewall, I never see ads because all ads are links to the ad server you are actually visiting. It is no different than opening up the webpage and connection to them. They get all the same fingerprinting info.
I’m not saying one way or another here, but there is no such thing as anonymous data collection. It only takes 2-3 unique identifiers to connect a person between a known and anonymous data set and there are almost always quite a few more unique identifiers than this in any given dataset. When I hear anyone say stalkerware is anonymous, I assume they are no longer just a privateer of a foreign drug cartel level state, instead they are full blown slave trader pirates fit for the gallows or worse.
… No, I’m saying that a given site hosts the specific instance of an ad. That site has control over what the ad can harvest, and if they’re opting in to this PPA API, that information will be anonymized and much more limited than it currently is.
This does not prevent regular ad tracking, this provides additional data to advertisers. It also means Mozilla is now tracking me, and then Mozilla does this “anonymizing” on their servers. I do not trust Mozilla with this data, and I don’t trust that no way can be found de-anonymize or combine this data with other data ad networks already collect.
This is not in my interest at all. This data should not be collected. The ad networks can suck it, why should I help them?
https://blog.privacyguides.org/2024/07/14/mozilla-disappoints-us-yet-again-2/
… No, it does not. The ads are currently already tracking clicks and conversions, on top of a whole boatload of other personal data. This API instead provides them with just the click and conversion data, divorced from the personal data and then aggregated with all the other site visitors.
Being against this proposal basically means you trust random websites and ad companies more with your data then you do Mozilla and LetsEncrypt.
This API instead
Instead of what? As I said, this is in addition to existing tracking, with some vague promise that if current tracking methods were banned or abandoned, this could be used instead. Except it’s not getting banned (Mozilla is not going to out-lobby Google) or abandoned (market forces prevent that), and why oh why would I want some alternative way for ad companies to get my data in that situation anyway? Let them die.
Now if another person is going to repeat this nonsense talking point, which you have picked up strait from Mozilla’s corporate PR, I’m going to lose my mind. Have some critical thinking skills. They are giving away your data right now and they give you nothing in return except a nonsense promise of a fairytale future.
Please I just want a browser that acts in the user’s interest only, does not work with Meta on adtech, and does not think it’s their duty to save the ad industry from itself.
Again, no, that’s not true. This API is only used by sites that opt into it, and in so doing, they are disabling the normal tracking which is far more invasive.
Where does it say that? How would this be enforced?
It’s enforced by the websites, they opt into this API. It says that everywhere you can read about this.
I can’t find this in the announcements and stuff. Where does it say that exactly?
Sorry but where does it say they will disable “normal tracking” if they use this API?
In the entire pitch, the announcement, this clarification, and all the technical data? Read literally any of it again and you’ll see that this is the whole point of the API.
You are missing the point. websites WILL NOT STOP TRACKING YOU! Nothing in this API can do that.
Advertisers can already easily get this data without this setting, and any measures you take to block ads also by definition affect this setting.
Meanwhile, if this works and becomes widely available, regulators will be able to take measures against user surveillance without having to succumb to the ad industry’s argument that they won’t know whether their ads work.
And yes, this provides data to advertisers, but it’s data about their ads, not about users.
Ah yes, the hypothetical second step, in which tracking is going to be outlawed (I’m not holding my breath), except, of course, for the third party services that do the aggregating, which will “sell” (literal quote) the aggregate data, so I guess these are by semantic sophistry not adtech companies but something else.
I’m so glad this genius “plan” can be used to justify Mozilla funneling data to adtech firms right now, because in some hypothetical future timeline this somehow can be construed with a bunch of hand-waving and misdirection to be in my interest.
How about instead we have a browser that only cares about the users, and not give a fuck about adtech? Its number one goal should be to treat adtech as hostile, and fight to ruin that whole industry.
for the third party services that do the aggregating, which will “sell” (literal quote) the aggregate data
You’re saying you’re literally quoting the ISRG as planning to sell the data? Because that goes directly against what I’ve read about this, which I believe says that they wouldn’t even be able to because they can’t see the data.
Ok, I misremembered it says “pay” for the aggregate results, not sell.
Our DAP deployment is jointly run by Mozilla and ISRG. Privacy is lost if the two organizations collude to reveal individual values. We safeguard against this in several ways: trust in both organizations, joint agreements, and operational practices.
A full solution will require that advertisers — or their delegated measurement provider — receive reports from browsers, select a service, submit a batch of reports, and pay for the aggregation results, choosing from a list of approved operators.
For the trial, the results for each task will be sent to Mozilla’s telemetry systems, which will be used to access aggregated statistics.
So it doesn’t say ISRG is going sell data, but the “full solution” will have other operators that get payed, i.e. they’re going to sell the aggregate data. Also, they envision multiple such operators, all of which it seems need to be “trusted”.
https://github.com/mozilla/explainers/tree/main/ppa-experiment#end-user-benefit
Ah gotcha, thanks for bringing in the source - that does come down to the ISRG selling it. The thing I’d missed in your quote is that it’s referring to aggregate data. So yeah, how that meshes with what I’ve read is that the ISRG won’t be able to view user data, but indeed the ad performance data would be sold to advertisers.
What do you want? A Mozilla with no income? Because then there is no libre browser.
Can you imagine a world where Linux wasn’t directly getting paid by Amazon to hook all your machines up to AWS? You can’t! And how could vim possibly be developed without dropbox integration and sponsorship, that would never work. There is no way a world exists where Krita doesn’t sell all your drawings to OpenAI, how are they going to make any money?
None of these nice things could exist if they weren’t selling out their users, that’s just reality.
Yes I get your point. Some software can run without a large income stream, on a volunteer basis.
You’re using that fact to say that Firefox also can. And if you care to look at my profile you’ll see I’ve argued time and time again that Mozilla is an overblown organisation and should be slimmed down to a couple of hundred, working solely on the browser.
I doubt, however, that you can build a modern, up-to-date browser on a volunteer basis.
How many full-time people do you think it takes?
Linux has full time developers. Blender has full time developers. Lots of other projects have full time developers. They still don’t sell my data to Google.
A web browser is a very visible piece of software, relied upon by end users, businesses and governments alike. I’m sure enough people and organizations would donate their time and money to fund this, if it existed.
… first of all, providing a new API to give out information about me is not a good thing in my mind.
Second, this would be the first time in human history, they advertisers would not simply add that APIs information to everything else they aggregate including fingerprinting of your browser.
So, serious question: How is this good for me?
It does not collect any more information about you. It provides far less information than pretty much every ad is already collecting, and that information is anonymized. It does not affect ad blocking solutions.
So, serious question: what are you not understanding here?
… as already mentioned above:
- This will be just an additional data point about you sold out - no advertiser will dial back on all the other ways to collect data about you.
- Mozilla shows that it willingly and silently will sell your data out and they will increase this over time to make money/try to be the man in the middle.
- It does not matter at all if it affects ad blocking solutions, this is about tracking and profiling. Learn about browser fingerprinting and other techniques.
- This is built in to your browser, which is crossing a very important line.
So, serious question: How is this good for me?
It’s the same principle as what Brave is based around: advertising isn’t going to go away, ever, but if we can set up a profitable advertising model that doesn’t require stalking people online, we can at least make advertising better.
I disagree with their current methods, but I also don’t know of a better alternative. Brave’s weird crypto stuff sure isn’t the answer, and neither is this, but if nobody figures out an alternative (that we can , advertising is only going to get more data hungry. The best alternative we have right now is Google’s FLoC and just about everyone hates that too.
advertising isn’t going to go away
That is certainly true for the moment, but IMHO that is not really an argument in this case:
- Advertisement can simply show me me some advertisement w/o spying on me. (Effectiveness of targeted advertisement is AFAIK highly controversial anyway.)
- My operating system does not have to spy on me and my browser certainly not.
- Mozillas BS arguments are just the ‘story told’, obviously they want to make money via advertisement and be the man-in-the-middle. I assume it is their legal right to do so and they can pursue the business model they like, but I do not have to like it.
- Again, advertisers will simply use this as an additional source of information about users for real time bidding, and not wind down other methods of information gathering, so this is only bad for me w/o any upsides.
- Mozilla is showing it is willing to sell it’s user data out this way (and silently do so), what are the next steps, what will happen with the next updates?
… and I happily have donated and will donate/pay money to/for websites and software I like/use and will happily accept business models dying which depend on selling my data out.
One of the main points of using Open Source operating systems and software is, that I have the freedom to use my own hardware the way I like w/o being up-sold or harassed by advertisement.
Advertisers aren’t going to take your word that you’ve been shown an ad. They need to know that you did actually load the ad, and that you’re not part of a bot network. Advertising fraud is crazy common.
Various websites I visit actually switched over to context based advertising (rather than personal tracking) but the one I visit most is moving back towards tracking, because advertisers just aren’t willing to keep the context based system alive. They’re not getting the feedback they need so they’re not spending money on ads, and the website is running a deficit.
The system Mozilla proposes has a chance of fixing that problem.
You may like to donate money, but the vast majority of users don’t. I wouldn’t want to pay a monthly 8 euro subscription to a tech news site, because that’s what they need to continue paying their staff. I’d rather have ads. The ads are annoying, the tracking is a huge problem.
I don’t particularly trust Mozilla enough to enable this system by default, but I can see where they’re coming from. The web is run by Google and Microsoft, and Google isn’t allowed to restrict ads by watchdogs because they may drive competing advertisers out of business. That’s why they’re moving to local processing (FLoC), but local processing comes with business risks that are offset by invasive bullshit. I’d rather have the Mozilla option. The protocol uses random noise to maintain privacy.
Just like with Chrome, you can patch out any parts you don’t like, of course. For now that’ll work. Once this system is shut down and FLoC + client attestation become the norm, it won’t.
As for a lot of the rest of your comment: you don’t seem to understand how the protocol works if you think Mozilla is selling data. I may have to give it to the tech lead, maybe he was right about informed consent not working on a system this complex.
- Concerning advertisement: I want the option to pay for content for myself, I do not want or intent to force this on other users. Although Netflix is moving in a bad direction, in the past I could pay their service and watch a movie/show w/o advertisement. I totally would not mind if Netflix lets me pay a reasonable amount and give other users the option to have a free, advertisement based plan.
- One related fact: Even payed newspapers etc. since the start of the industries always relied on money from advertisement, there was AFAIK never an outlet which could survive on subscriptions/payed readers alone
- Fair point about Mozilla not selling your data. But when you phrase it like this, Alphabet/Meta etc. are also not really selling your data (which is their golden goose, after all). I’ll still correct this.
Netflix pricing is quite reasonable already. The industry sucks, splitting subscription services into silos instead of taking on the music streaming model, but shows and movies are terribly expensive to make. People who get ads on Netflix are the ones without the income to pay the full amount, or who don’t care about ads I suppose.
I think the Meta/Google comparison doesn’t hold water. The protocol in use here intentionally hides information about you specifically, whereas Google and Facebook will let advertisers gather information about specific users (based on some filters, like age and market demographic) once the advertisement has been shown.
Good points, but again: I would assume advertisers track/fingerprint you anyway, so we are not speaking about getting anonymized information from Mozilla but IMHO we are speaking about getting one more data point about you, which is easy to de-anonymize in combination with the rest of the information known about you.
I get the sentiment, but no. No way. No way in hell I’m allowing advertisers to get a bit of data or a penny out of me in any way, shape, or form. Not the way they’ve been treating us for the last decade. They can eat dung for all I care. Total war.
Crowdfunding.
Do you donate to Mozilla?
Nope. Do you?
So you didn’t care reading up what PPA is, eh?
But yeah I agree with the toot, we need more browsers heck even more browser engines to not end with just one engine controlled by fucking Google.
waterfox rocks btw
waterfox Thanks, never heard of it! will try it.
Librerfox is even better!
Just switched to LibreWolf/Mull + KeePassXC/KeePass2Android
No bitwarden?
Wouldn’t need bitwarden if they’re using keepassxc
Safari too: https://clearcode.cc/blog/privacy-preserving-ad-click-attribution-explained/
This was a webkit proposal from 2019: https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/
And it has been a W3C draft since 2021: https://privacycg.github.io/private-click-measurement/
Bye, bye Firefox!
The original mastodon post was with more details, and some drama, but the guy is trying to spam this link everywhere he can. so desperate for attention. lol
I think it’s a valid news to spread here.
The way it works is supposed to anonymously allow the measuring of advertising performance. Which ads do well with which kinds of users. Instead of tracking each individual user this tracks context, meaning what site the ad was seen on etc. Thereby providing a way to know what kinds of ads work with what kinds of users without profiling every individual in the world.
That is what it’s supposed to do. Data still goes to an allegedly “trusted third party” (let’s encrypt, apparently) which then does this anonymization.
The idea is a lot less egregious, but it’s still only a good idea assuming you agree ads would be a good and ethical way to make the internet go round, if only they weren’t profiling everyone. I don’t.
Yeah the title of the post makes it sound much worse than what it seems to be in practice? Maybe I’m just naive
I think this a problem with applications with a privacy focused user basis. It becomes very black and white where any type of information being sent somewhere is bad. I respect that some people have that opinion and more power to them, but being pragmatic about this is important. I personally disabled this flag, and I recognize how this is edging into a risky area, but I also recognize that the Mozilla CTO is somewhat correct and if we have the option between a browser that blocks everything and one that is privacy-preserving (where users can still opt for the former), businesses are more likely to adopt the privacy-preserving standards and that benefits the vast majority of users.
Privacy is a scale. I’m all onboard with Firefox, I block tons of trackers and ads, I’m even somebody who uses NoScript and suffers the ramifications to due to ideology reasons, but I also enable telemetry in Firefox because I trust that usage metrics will benefit the product.
This is why I don’t care about privacy anymore and use whatever browser works better in my pc/sbc (brave) followed by a network ad-blocker solution (nextdns).
Way to go. Does this solution help with fingerprinting/tracking?
I’ve no idea, honestly. Does it gives me more free time to worry about more important stuff however that will (very likely) not be changed over time by money-hungry developers with false promises of unachievable anonymity and/or privacy in their applications? That I can guarantee a reasonable YES.
He kinda said he doesn’t care lol
He prolly got nothing to hide anyway
This is after they bought an ad company last month, Mozilla is compromised now
A bunch of Firefox devs need to leave Mozilla, fork it and start up an actual non-profit not based around monetization. I would happily donate monthly if I knew it were going to Firefox development, instead of the dozen other things Mozilla spends its money on. I’m sure I’m not alone.
You’re definitely not alone. If this happens and it becomes some major news in the community with reasonable visibility, I’m sure many people would support this.
Is Librewolf already a Firefox without ad companies colonization ?
LibreWolf is little more than a custom config for Firefox, they don’t do actual development on the engine, which is the important and very technically laborious part.
Google’s “just so we can claim there’s competition in the marketplace” payment to Mozilla to stay the default search engine is what funds most of Firefox, even without the executive pay and unrelated nonprofit work. Building and maintaining a browser engine is not cheap, I don’t think mere individual donations are going to help here.
Without the reputation and contacts of Mozilla, those devs also wouldn’t have much of a say in the social side of browser development, like web standards and certificate authority programs.
I’d love a first party Firefox fork that’s not limited by Mozilla’s desperate attempts to stay afloat when Google decides not to keep them around anymore, but I don’t think a few developers are going to be enough to get it done. The current situation, “Firefox but with very minor tweaks”, is probably the best we can expect for now.
EU should donate to firefox for a free world without enshitification. I mean give the money and force no ad tracking.
The EU has the Horizon Europe programme for stuff like that, but I don’t think Mozilla will be able to apply with their current setup. As of now, it’s impossible to donate to Firefox development, you have to donate to the nonprofit that funds Firefox development, but also does tons of activist work and education funding.
Many people want Mozilla to figure out a way to only fund Firefox, but I don’t think Mozilla wants to have money earmarked specifically for Firefox when they have so many projects and programmes going on.
Proton did something similar.
This poll shows promise: https://mastodon.neat.computer/@jonah/112654592627487236
I think I would pay for a proton browser as well, if it isn’t just chromium. 5$ a month seems reasonable, but I am more the pay 250$ for lifetime type 😄
All of these claims clash with the reality of so many core open source projects, used my private users and massive corporations alike, rely on single voluntary developers or super small groups which receive no flowers and no donations.
yea. but they get to claim like they fund the opensource world. like come on… stop posting fake funding claims on an anonymous forum and hire yourself a developer team if you’re so invested in this.
But whaa… developers salary aren’t funded by your $2 dollar donations, even with 100s of donations. oh geez… who woulda thought.
In general I agree: Open source projects are super hard to monetize and too much work does not get donations, flowers or even thanks.
For Firefox specifically I am not so sure, especially when Thunderbird seems to be doing good with their donation based model.
As long as Firefox is run by Mozilla throwing millions at their incompetent leadership, I will not donate a cent to Firefox.
If Firefox would get forked by some developers I’ll happily donate money to them and given Firefox high visibility/importance, this might work out, like Thunderbird did.
You can’t donate a cent to Firefox anyway, the Mozilla Corporation does not accept donations. Thunderbird is also developed by a for profit company under the Foundation, but does accept non-tax-deductible donations.
There are some Firefox forks, but they tend to get outdated… / have slow update cycles
In the meantime you can give a look to the Servo project. If Servo is clean for you, you can support them.
I think it’s more because the Mozilla Corporation is a for-profit company and people barely understand the difference between the Corporation and Foundation or what the Foundation even does, or the rules that allow a non-profit to own a for-profit.
Ok idealist.
What is your alternative funding stream for Mozilla?
It’s bad.
Is it worse than the advertising owned browser that gives your information directly to said advertiser?
How does KDE do it with Konqueror?
Konqueror is dead since years.
They don’t. They rely entirely on donations (and sponsorship donations). It also mean, they have less resources to maintain and develop their software, ESPECIALLY Conqueror since it’s not as much well-maintained compared to other parts of the KDE software suite. Plus, Firefox do maintain their own web-engine, while KDE just use the WebKit one, so even more reasons that Firefox can’t substain with the resources KDE currently has.
I used to say the same, but now I wonder if they need as much as they have?
I am genuinely curious. There have been a lot of threads like this full of criticism for not spending enough on the browser.
It seems the browser is plenty funded, so maybe the org and co have too much and are in search of where to spend it?
Maybe it’s just the company with too much and the org is still struggling?
I mean, that argument starts to wade in to the Mozilla foundation as a whole, and what their purpose is, and that’s a giant kettle of fish.
Theoretical game. They lowball Google on how much Google pays them. How do people react? I don’t see them doing that and say, “Man, I’m glad Firefox is reducing Google’s influence over them”. I see them making a thread about how Firefox is giving Google a discounted rate because they’re all corrupt technofacists.
The core problem there still exists IMO. Funding.
What we really need is a reasonable way for open source, free, software, that exists for the good of the whole, to get money. But that has it’s own kettle of fish, where does it come from, how big is big enough to get some, what if they charge for support, how open is open enough.
Something something, seize the means of production, communism, etc.
Fair question. First move for Mozilla: Fire the whole fucking leadership team and use the millions saved for some more developers working on Firefox. That should finance the next 2 years, afterwards we can think about next steps. :-P