There’s been a lot of discussion over the weekend about the origin trial for a private attribution prototype in Firefox 128. It’s clear in retrospect that we should have communicated more on this one, and so I wanted to take a minute to explain our thinking and clarify a few things. I figured I’d post this here on Reddit so it’s easy for folks to ask followup questions. I’ll do my best to address them, though I’ve got a busy week so it might take me a bit.
The Internet has become a massive web of surveillance, and doing something about it is a primary reason many of us are at Mozilla. Our historical approach to this problem has been to ship browser-based anti-tracking features designed to thwart the most common surveillance techniques. We have a pretty good track record with this approach, but it has two inherent limitations.
First, in the absence of alternatives, there are enormous economic incentives for advertisers to try to bypass these countermeasures, leading to a perpetual arms race that we may not win. Second, this approach only helps the people that choose to use Firefox, and we want to improve privacy for everyone.
This second point gets to a deeper problem with the way that privacy discourse has unfolded, which is the focus on choice and consent. Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.
Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away. A mechanism for advertisers to accomplish their goals in a way that did not entail gathering a bunch of personal data would be a profound improvement to the Internet we have today, and so we’ve invested a significant amount of technical effort into trying to figure it out.
The devil is in the details, and not everything that claims to be privacy-preserving actually is. We’ve published extensive analyses of how certain otherproposals in this vein come up short. But rather than just taking shots, we’re also trying to design a system that actually meets the bar. We’ve been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark.
This work has been underway for several years at the W3C’s PATCG, and is showing real promise. To inform that work, we’ve deployed an experimental prototype of this concept in Firefox 128 that is feature-wise quite bare-bones but uncompromising on the privacy front. The implementation uses a Multi-Party Computation (MPC) system called DAP/Prio (operated in partnership with ISRG) whose privacy properties have been vetted by some of the best cryptographers in the field. Feedback on the design is always welcome, but please show your work.
The prototype is temporary, restricted to a handful of test sites, and only works in Firefox. We expect it to be extremely low-volume, and its purpose is to inform the technical work in PATCG and make it more likely to succeed. It’s about measurement (aggregate counts of impressions and conversions) rather than targeting. It’s based on several years of ongoing research and standards work, and is unrelated to Anonym.
The privacy properties of this prototype are much stronger than even some garden variety features of the web platform, and unlike those of most other proposals in this space, meet our high bar for default behavior. There is a toggle to turn it off because some people object to advertising irrespective of the privacy properties, and we support people configuring their browser however they choose. That said, we consider modal consent dialogs to be a user-hostile distraction from better defaults, and do not believe such an experience would have been an improvement here.
Digital advertising is not going away, but the surveillance parts could actually go away if we get it right. A truly private attribution mechanism would make it viable for businesses to stop tracking people, and enable browsers and regulators to clamp down much more aggressively on those that continue to do so.
I mean most of us got it, even those that pretended not to. But a post like this would've definitely been better before hand. This is what I mean when I say Mozilla are hostile to community now, they're so happy to needlessly hide shit behind Figma links, that when something like this would've been challenged, they would've made a blog post before the roll out. It's like with the hiding of sub directories in the URL bar of Firefox for Android, it sucks and people would've said beforehand, but nope hidden behind Figma. The community are there to assist, embrace them so you (Mozilla, not OP) stop fucking up please.
Edit: Also Mozilla stop running to Reddit when Lemmy is here. Where is the support for the open web?
Yeah it was a bit weird they didn't talk about it before. Bit it was obviously pretty experimental being in nightly.
(it's always kinda weird so many Firefox users sit on nightly, then complain about random unannounced or unfinished changes, when that's kinda what they explicitly sign up for 🤷)
But it hasn't landed in a Firefox release yet. Nightly is literally "someone wrote some code yesterday, and it's in Nightly today". Anything can still change, e.g. settings, defaults, anything. There is still lots of room for the community to give input before actual users encounter it.
It's not in release yet, right? If your definition of "landed" is "someone wrote the code and now it's in Nightly", then sure, but why is that a problem? If you're using Nightly, you're choosing to use experimental features that might not look like their final behaviour (or even get released at all).
I wouldn't call this a useful post. It is just corporate speak with no real meaning other than trying to calm people. I think they are looking for more income.
Income from where? They've taken a W3C proposal and implemented it. It's that simple. People are on here acting outraged because they can't be bothered to read and that's saddening. I'm seeing people upset that Meta are involved. Like guess what? The type of people this affects are the type of people that visit Facebook. There's tonnes of things to be upset about regarding Mozilla. The timing of this post and the location of the post are both perfectly reasonable, the content however isn't.
Do you think proposals are just magic'd up? Do you think they don't have to show that they work? Do you even think they're the first to implement this proposal? Because Google already implemented it.
And for the record
[Mozilla] Together with our co-authors from Meta, we’ve recently proposed IPA to the Private Advertising Technology Community Group, or PATCG. PATCG is a group in the W3C specifically formed to work on improving advertising without compromising on privacy.
So you admit you are being dishonest now, because your original statement was
They've taken a W3C proposal and implemented it. It's that simple.
You need to go back to your original comment and correct your wrong portrayal of Mozilla and the W3C. You need to name Mozilla and Facebook as collaborators in the creation of the standard, and consider apologizing to the people you misled.
Having taken a butchers at your post history, you clearly have an issue with Mozilla/Firefox and that's fine. Each to their own. But I'm neither Mozilla nor Firefox, so if you have an issue with them, take it up with them and leave me out of your crusade.
Still waiting for you to fix your grossly blatant lie which claims that Mozilla simply took a W3C proposal rather than crafting it with one of the most unethical companies on the planet.
Not only did you lie in an attempt to launder Mozilla's behavior through the W3C, but your lie was also used as an attack, not just some random innocent comment.
I take issue with anyone who misleads others, as you were doing. You should feel ashamed of yourself, you should correct your comment at a bare minimum, and you should consider an apology to those you have misled.