Original toot:

It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.

Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn’t actually sell products.

Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren’t going to stop using it until someone convinces them there’s something else that will work better.

“Contextual advertising works better.” Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don’t trust it.

What PPA says is, “Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?” The data that the browser collects under PPA are sent to a third-party (in Firefox’s case, the third party is the same organization that runs Let’s Encrypt; does anybody think they’re not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.

This allows advertisers to “target” which sites they put their ads on. It doesn’t allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they’re doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they’re doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

  • sabreW4K3OP
    link
    fedilink
    arrow-up
    3
    arrow-down
    9
    ·
    5 months ago

    If they didn’t understand user consent, would they really have the ability to opt out? I get that you’re on your soap box and seething with anger, but let’s not devolve into ludicrous nonsensical reframing.

    • laughterlaughter@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      5 months ago

      When Chrome asks the user to activate a similar feature while Firefox doesn’t - welp, no. They don’t understand user consent.

      Imagine finding a Mozilla microphone under your dining table. “Oh, but you can remove it and toss it. That’s understanding user consent!”

      • sabreW4K3OP
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        5 months ago

        When Google utilised their Chrome dominance and forced the web into manifest v3 so they could curtail adblockers, did they ask for your consent?

        • laughterlaughter@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          No, and that’s why I don’t use Chrome. But at least they said they’d do this.

          Mozilla in turn said “hey here’s this neat feature. Don’t worry, it’s optional!” And then they silently activated it for everyone with an update.

          • sabreW4K3OP
            link
            fedilink
            arrow-up
            2
            ·
            5 months ago

            Mozilla said, “hey, in the chance you see an advert on the Internet, this will anonymise the data sent to the ad publishers for you automatically” and you said, “how dare you”!

            • laughterlaughter@lemmy.world
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              edit-2
              5 months ago

              Red herring, and you’re missing the point, and this is getting frustrating. If you ignore the argument below again, I will stop responding to you.

              From the Mozilla’s website (so you don’t say I’m ill-informed):

              https://support.mozilla.org/en-US/kb/privacy-preserving-attribution?as=u&utm_source=inproduct

              Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.

              Zoom in:

              Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.

              Zoom in:

              anonymously submits it

              Zoom in:

              submits it

              This is after an update, and it’s opt-out, that is, enabled by default. And not a single notification about it. If I don’t check my settings, or read about it, I would have never found out about this.

              WHY IS MY BROWSER SUBMITTING ANYTHING WITHOUT ASKING ME FIRST?!

              Plus it’s described as an experiment. And I’ve already told Mozilla to NEVER include me in any of its “experiments,” after the whole Mr. Robot fiasco. If this is labeled as an experiment, why is Mozilla not respecting my decision?

              That’s the issue I have with it. It doesn’t matter what it is. It doesn’t matter if it’s “for my own good.” I am supposed to be in control of my browser. I decide when my browser sends anything to the Internet about me, even if it’s anonymized.

              I would expect this from Chrome, and that’s why I don’t use it; not Firefox.

              • sabreW4K3OP
                link
                fedilink
                arrow-up
                3
                arrow-down
                2
                ·
                5 months ago

                Your browser already submits information about you by virtue of existing.

                What this does is put the mechanisms to ring fence that in place. The same way that the Enhanced Tracking Protection does.

                Kinda like how even if you’ve had an STI test recently, you should still use a condom when sleeping with strangers.

                Regarding the opt-in versus opt-out stuff. That’s a dead fish. People go with what the default is. By default ETP is on. By default, autoplay is off. By default, HTTPS only mode is always on.

                These are all things that happened without my explicit consent and they’ve all made the Internet a better place for normal people, not like me and you, but normal people who rely on the best defaults possible.

                • laughterlaughter@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  5 months ago

                  Your browser already submits information about you by virtue of existing.

                  I already addressed this, for I wrote: “I decide when my browser sends anything to the Internet about me.” If I visit a webpage, I know the browser is sending a request. What I wasn’t expecting was the actual browser collecting data on its own and sending it to some third-party.

                  What this does is put the mechanisms to ring fence that in place. The same way that the Enhanced Tracking Protection does.

                  Not the point and we’ve already gone through this.

                  Regarding the opt-in versus opt-out stuff. That’s a dead fish. People go with what the default is. By default ETP is on. By default, autoplay is off. By default, HTTPS only mode is always on.

                  None of that is sending data about my browsing habits to some third-party. Maybe HTTPS, but even you can tell you’re using HTTPS because of an icon next to the URL in the address bar. Where is my “icon” for the ad-anonymization thingie? That’s my point.

                  • sabreW4K3OP
                    link
                    fedilink
                    arrow-up
                    3
                    arrow-down
                    2
                    ·
                    5 months ago

                    You’re ignoring the fact that fingerprinting exists and I don’t get why.