Ghostboard pixel Skip to content

Firefox's New Controversial Feature: Is it a problem?

The feature may be a necessary evil, but what do you think?

Mozilla's Firefox is unmistakably one of the last-standing forces against the onslaught of Chromium-based browsers, and many people rely on it to get things done, without sacrificing their privacy.

Sure, there are some fascinating projects such as the revived Servo, and the increasingly popular Ladybird, but, these are still under heavy development, and we will have to wait a bit before we start seeing some tangible results.

Unfortunately, with a recent release, Firefox has found itself in the middle of a controversy, that has struck a rather fiery conversation across the internet.

Firefox Under Fire: What Have They Done?

a screenshot of firefox 128 privacy preserving ad measurement option
Privacy-Preserving Attribution enabled by default on Firefox 128

Many people over the past few days have been lashing out at Mozilla for enabling Privacy-Preserving Attribution (PPA) by default on Firefox 128, and the lack of publicity surrounding its introduction.

There are even reports that the “Distributed Aggregation Protocol” (DAP) used underneath is not private by design. Provided Mozilla and ISRG, the ones behind this protocol, were to collude, trying to breach privacy. If that happened, it would allow advertisers to identify the behavior of individual browsers.

If you were wondering what PPA is, it is a bare-bones, experimental feature that is supposed to serve as a privacy-focused approach for collecting limited user data and serving ads on a website.

When a website detects that a user clicked on an ad, it can ask the browser for a report. The browser will then encrypt it, and then anonymously submit it to an “aggregation service” (not the website) using DAP. After which, the report is combined with other similar reports by the aggregation service, and the website receives periodic reports with a collection of such data.

Even though Mozilla mentioned that PPA would be enabled by default on Firefox 128 in a few of its past blogs, they failed to communicate this decision clearly, to a wider audience.

There's also a discussion going on Mozilla Connect calling for PPA to be removed from Firefox, with many supporters joining in.

Other Side Of The Coin

In response to the public outcry, Firefox CTO, Bobby Holley, had to step in to clarify what was going on. He started with how the internet has become a massive cesspool of surveillance, and doing something about it was the primary reason many people are part of Mozilla.

He then expanded on their approach with Firefox, which, historically speaking, has been to ship a browser with anti-tracking features baked in to tackle the most common surveillance techniques.

But, there were two limitations with this approach, one was that advertisers would try to bypass these countermeasures.

The second, most users just accept the default options that they are shown, and that Mozilla doesn't believe in modal consent dialogs as they find such dialogs to be a “user-hostile distraction from better defaults”.

📋
The kind of dialogs seen on most websites these days, where the user has to give their consent for cookies on their browser.

Similarly, Bas Schouten, Principal Software Engineer at Mozilla, made it clear at the end of a heated Mastodon thread that:

This is making privacy a privilege for the people that work to inform and educate themselves on the topic. People shouldn't need to do that, everyone deserves a more private browser. Privacy features, in Firefox, are not meant to be opt-in.
They need to be the default.
If you are 'completely anti-ads' (i.e. even if their implementation is private), you probably use an ad blocker. So are unaffected by this.

As expected, this move has also generated a great deal of misunderstandings and mob-like reaction across social media, with some taking shots at Mozilla's acquisition of Anonym, an advertisement tech company.

Andrew Moore, a Solutions Architect out of Montreal, tried his best to demystify some common misconceptions with a detailed blog, where he shed light on the inner workings of PPA.

He shared that the goal of this API was to study the viability of such implementations, so that one day, existing ad networks could start moving away from invasive individual tracking.

Even one of our reader's had something to add on this topic, and I do agree with what they said:

When you condemn Mozilla's attempt to introduce adtech in Firefox (with an option to turn it off), please note that Mozilla is fighting a life-and-death battle for the survival of Firefox.
If Firefox goes away, so do its alternatives such as LibreWolf, Waterfox and the most secure web browser currently available, Floorp. Support Firefox, because if not, you will be even more vulnerable to global tech companies.

In today's age, advertising has become a necessary evil for an Internet-focused organization to stay in business, and what Mozilla seems to be trying to, is pushing for “better defaults”, that can hopefully be the standard one day.

The standard right now is to harvest user data in any way possible, a user's right to privacy doesn't matter, authority over their data doesn't matter, what matters are the metrics.

As they say, “It's a numbers game”, so it's refreshing to see someone try something different.

However, as mentioned earlier, I do feel that Mozilla should have communicated this decision more adequately. Just a few blog posts obviously can't help convey such a major change, that too in an age where a user's attention span is a rare commodity.

When users updated to the 128 release, they should have shown a pop-up or opened up a new tab with an easy-to-understand description of PPA. Showing how it is enabled by default, and with an option for the user to disable it, and some reassuring text sprinkled about.

Anyhow, what's done is done. For users who don't want this, they can follow these steps to disable PPA:

  • Go into the three-ribbon/hamburger menu at the top-right.
  • Select “Settings”.
  • Under the “Privacy & Security” menu, scroll down to the “Website Advertising Preferences” section.
  • Uncheck the box called “Allow websites to perform privacy-preserving ad measurement”.

💬 Which side of the discussion do you fall in? Let me know in the comments below.


Here's why you should opt for It's FOSS Plus Membership

  • Even the biggest players in the Linux world don't care about desktop Linux users. We do.
  • We don't put content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'.
  • Don't like ads? With the Plus membership, you get an ad-free reading experience.
  • When millions of AI-generated content is being published daily, you read and learn from real human Linux users.
  • It costs just $2 a month, less than the cost of your favorite burger.

Latest