Copied from reddit:

Firefox CTO here.

There’s been a lot of discussion over the weekend about the origin trial for a private attribution prototype in Firefox 128. It’s clear in retrospect that we should have communicated more on this one, and so I wanted to take a minute to explain our thinking and clarify a few things. I figured I’d post this here on Reddit so it’s easy for folks to ask followup questions. I’ll do my best to address them, though I’ve got a busy week so it might take me a bit.

The Internet has become a massive web of surveillance, and doing something about it is a primary reason many of us are at Mozilla. Our historical approach to this problem has been to ship browser-based anti-tracking features designed to thwart the most common surveillance techniques. We have a pretty good track record with this approach, but it has two inherent limitations.

First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win. Second, this approach only helps the people that choose to use Firefox, and we want to improve privacy for everyone.

This second point gets to a deeper problem with the way that privacy discourse has unfolded, which is the focus on choice and consent. Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.

Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away. A mechanism for advertisers to accomplish their goals in a way that did not entail gathering a bunch of personal data would be a profound improvement to the Internet we have today, and so we’ve invested a significant amount of technical effort into trying to figure it out.

The devil is in the details, and not everything that claims to be privacy-preserving actually is. We’ve published extensive analyses of how certain other proposals in this vein come up short. But rather than just taking shots, we’re also trying to design a system that actually meets the bar. We’ve been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark.

This work has been underway for several years at the W3C’s PATCG, and is showing real promise. To inform that work, we’ve deployed an experimental prototype of this concept in Firefox 128 that is feature-wise quite bare-bones but uncompromising on the privacy front. The implementation uses a Multi-Party Computation (MPC) system called DAP/Prio (operated in partnership with ISRG) whose privacy properties have been vetted by some of the best cryptographers in the field. Feedback on the design is always welcome, but please show your work.

The prototype is temporary, restricted to a handful of test sites, and only works in Firefox. We expect it to be extremely low-volume, and its purpose is to inform the technical work in PATCG and make it more likely to succeed. It’s about measurement (aggregate counts of impressions and conversions) rather than targeting. It’s based on several years of ongoing research and standards work, and is unrelated to Anonym.

The privacy properties of this prototype are much stronger than even some garden variety features of the web platform, and unlike those of most other proposals in this space, meet our high bar for default behavior. There is a toggle to turn it off because some people object to advertising irrespective of the privacy properties, and we support people configuring their browser however they choose. That said, we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here.

Digital advertising is not going away, but the surveillance parts could actually go away if we get it right. A truly private attribution mechanism would make it viable for businesses to stop tracking people, and enable browsers and regulators to clamp down much more aggressively on those that continue to do so.

  • Vincent@feddit.nlOP
    link
    fedilink
    arrow-up
    3
    ·
    4 months ago

    OK, doesn’t matter who coined it, I’m just curious why you think it matters.

    • sabreW4K3
      link
      fedilink
      arrow-up
      3
      arrow-down
      3
      ·
      4 months ago

      It’s a weird conversation rabbit hole I’ve been dragged down, where I said something that factually correct, you refuted it

      But it hasn’t landed in a Firefox release yet.

      And then there’s been a bunch of back and forth where I’m like, someone is wrong on the Internet and you’re like, “I’m Vincent, Vincent’s are never wrong and besides, why would it matter anyway?” or something along those lines.

      • Vincent@feddit.nlOP
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        I really don’t follow this… I’m just curious what you think the problem is, but no matter how often I ask it, you seem to think I’m saying that you’re wrong.

        For absolute clarity, we both agree on the following, right?

        • This app hides the path from the URL bar.
        • This app currently still shows the full URL in the URL bar.

        So I’m not saying you’re wrong about anything. I am still very curious about what the problem is, but you don’t seem to want to answer that, for the third time now?

        • sabreW4K3
          link
          fedilink
          arrow-up
          3
          arrow-down
          2
          ·
          4 months ago

          I believe you made an innocent mistake when you confused the term ‘landed’ with the term ‘shipped’. Since then, we’re just wasting time while you dance around admitting you’re wrong to protect your ego on the Internet.

          • Vincent@feddit.nlOP
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            4 months ago

            Seriously, let me say it explicitly: I admit I’m wrong.

            Care to finally tell me now what’s so bad about only Nightly hiding the path from the URL bar?

            • sabreW4K3
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              4 months ago

              Finally! Thank you for that. It’s a shame we let it come to this, as elsewhere in this post, we’re arguing on the same side and that’s the side of reason.

              Regarding the URL bar. There’s a bunch to be honest. Most of which don’t affect the average user, but that’s why it should be an about:config option at the very least.

              The ones that affects me most, is that as a self-hoster, I have a bunch of services at localdomain.local:port and they all differ. This change only shows the same URL for each.

              Even when I’m in GitHub, I have to scroll to the top of the page just to see what repository I’m in.

              There are also some security implications raised here

                • sabreW4K3
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  4 months ago

                  I enjoy using Nightly. I enjoy testing things and shaping the future of Firefox. My issue however, is that of late, a bunch of people have infiltrated Mozilla and kneecapped community contribution, even so far as that, when something like this was brought up around Firefox 4, it was discussed prior to landing.

                  Just to be clear, I have no issue with this feature in itself, I have an issue with the lack of option to toggle it off. More so, because I believe anyone that had to use Firefox Nightly for Android as their only browser for 48 hours wouldn’t be okay with this.

                  It’s indicative of the broader problems. American adults have an Apple fetish and think everything should walk, talk and act like iOS, however the rest of the world prefers Android (for a myriad of reasons, cost being high on the list) and they can’t work out why. It’s funny because even tech YouTubers prefer Android, even though they generally walk with both. But these people that eat and sleep iOS, are making decisions about products they don’t use and it’s annoying and frustrating. Yes, Mozilla and Firefox are a job, but with the right community liaison, they can actually recruit people for whom Firefox is also a passion.

                  • Vincent@feddit.nlOP
                    link
                    fedilink
                    arrow-up
                    3
                    ·
                    edit-2
                    4 months ago

                    I won’t deny that Mozilla should be friendlier to community contributions.

                    But this is exactly it:

                    I enjoy testing things and shaping the future of Firefox.

                    So when you say:

                    people would’ve said beforehand

                    This is beforehand! You’re using Nightly so you can help shape this feature; so that that option to toggle it off gets added before this reaches regular users.

                    (I can also assure you that Firefox is a passion for many of the people who work on it. Some of them are pretty active on Mastodon, too.)