… I mean, WTF. Mozilla, you had one job …

Edit:

Just to add a few remarks from the discussions below:

  1. As long as Firefox is sponsored by ‘we are not a monopoly’ Google, they can provide good things for users. Once advertisement becomes a real revenue stream for Mozilla, the Enshittification will start.
  2. For me it is crossing the line when your browser is spying on you and if ‘we’ accept it, Mozilla will walk down this path.
  3. This will only be an additional data point for companies spying on you, it will replace none of the existing methodologies. Learn about fingerprinting for example
  4. Mozilla needs to make money/find a business model, agreed. Selling you out to advertisement companies cannot be it.
  5. This is a very transparent attempt of Mozilla to be the man in the middle selling ads, despite the story they tell. At that point I can just use Chrome, Edge or Safari, at least Google has expertise and the money to protect my data and sadly Chrome is the most compatible browser (no fault of Mozilla/Firefox of course).
  6. Mozilla massively acts against the interests of their little remaining user base, which is another dumb move made by a leadership team earning millions while kicking out developers and makes me wonder what will be next.
  • verdigris@lemmy.ml
    link
    fedilink
    arrow-up
    83
    arrow-down
    42
    ·
    4 months ago

    This is misinformation. The setting in question is not a “privacy breach setting,” it’s to use a new API which, for sites that use it, sends advertisers anonymized data about related ad clicks instead of the much more privacy-breaching tracking data that they normally collect. This is only a good thing for users, which is why the setting is automatically checked.

    • jlsalvador@lemmy.ml
      link
      fedilink
      arrow-up
      63
      arrow-down
      15
      ·
      edit-2
      4 months ago

      It’s illegal in Europe to have an opt-out checked by default, must be an opt-in unchecked by default. This is one of the reason that Microsoft has always troubles in Europe about privacy and opt-out services.

      • Fonzie!@ttrpg.network
        link
        fedilink
        arrow-up
        35
        arrow-down
        3
        ·
        edit-2
        4 months ago

        In the EU*

        Sorry to be pedantic, but the UK, Swiss etc. are all in Europe but not in the legislative region where this law applies.

        This even gets some people confused thinking those countries “aren’t in Europe”, which is why I wanted to correct this.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          4 months ago

          For what it’s worth, the UK still has the GDPR-derived law, though the decisions by the EU courts may no longer affect execution of it. Plenty of non-EU European countries, though.

    • gnuhaut@lemmy.ml
      link
      fedilink
      arrow-up
      50
      arrow-down
      6
      ·
      4 months ago

      This does not prevent regular ad tracking, this provides additional data to advertisers. It also means Mozilla is now tracking me, and then Mozilla does this “anonymizing” on their servers. I do not trust Mozilla with this data, and I don’t trust that no way can be found de-anonymize or combine this data with other data ad networks already collect.

      This is not in my interest at all. This data should not be collected. The ad networks can suck it, why should I help them?

      https://blog.privacyguides.org/2024/07/14/mozilla-disappoints-us-yet-again-2/

      • Vincent@feddit.nl
        link
        fedilink
        arrow-up
        22
        arrow-down
        14
        ·
        edit-2
        4 months ago

        Advertisers can already easily get this data without this setting, and any measures you take to block ads also by definition affect this setting.

        Meanwhile, if this works and becomes widely available, regulators will be able to take measures against user surveillance without having to succumb to the ad industry’s argument that they won’t know whether their ads work.

        And yes, this provides data to advertisers, but it’s data about their ads, not about users.

        • gnuhaut@lemmy.ml
          link
          fedilink
          arrow-up
          19
          arrow-down
          7
          ·
          4 months ago

          Ah yes, the hypothetical second step, in which tracking is going to be outlawed (I’m not holding my breath), except, of course, for the third party services that do the aggregating, which will “sell” (literal quote) the aggregate data, so I guess these are by semantic sophistry not adtech companies but something else.

          I’m so glad this genius “plan” can be used to justify Mozilla funneling data to adtech firms right now, because in some hypothetical future timeline this somehow can be construed with a bunch of hand-waving and misdirection to be in my interest.

          How about instead we have a browser that only cares about the users, and not give a fuck about adtech? Its number one goal should be to treat adtech as hostile, and fight to ruin that whole industry.

          • Vincent@feddit.nl
            link
            fedilink
            arrow-up
            12
            arrow-down
            4
            ·
            edit-2
            4 months ago

            for the third party services that do the aggregating, which will “sell” (literal quote) the aggregate data

            You’re saying you’re literally quoting the ISRG as planning to sell the data? Because that goes directly against what I’ve read about this, which I believe says that they wouldn’t even be able to because they can’t see the data.

            • gnuhaut@lemmy.ml
              link
              fedilink
              arrow-up
              5
              arrow-down
              1
              ·
              edit-2
              4 months ago

              Ok, I misremembered it says “pay” for the aggregate results, not sell.

              Our DAP deployment is jointly run by Mozilla and ISRG. Privacy is lost if the two organizations collude to reveal individual values. We safeguard against this in several ways: trust in both organizations, joint agreements, and operational practices.

              A full solution will require that advertisers — or their delegated measurement provider — receive reports from browsers, select a service, submit a batch of reports, and pay for the aggregation results, choosing from a list of approved operators.

              For the trial, the results for each task will be sent to Mozilla’s telemetry systems, which will be used to access aggregated statistics.

              So it doesn’t say ISRG is going sell data, but the “full solution” will have other operators that get payed, i.e. they’re going to sell the aggregate data. Also, they envision multiple such operators, all of which it seems need to be “trusted”.

              https://github.com/mozilla/explainers/tree/main/ppa-experiment#end-user-benefit

              • Vincent@feddit.nl
                link
                fedilink
                arrow-up
                3
                ·
                4 months ago

                Ah gotcha, thanks for bringing in the source - that does come down to the ISRG selling it. The thing I’d missed in your quote is that it’s referring to aggregate data. So yeah, how that meshes with what I’ve read is that the ISRG won’t be able to view user data, but indeed the ad performance data would be sold to advertisers.

      • sunbeam60@lemmy.one
        link
        fedilink
        arrow-up
        3
        arrow-down
        5
        ·
        4 months ago

        What do you want? A Mozilla with no income? Because then there is no libre browser.

        • gnuhaut@lemmy.ml
          link
          fedilink
          arrow-up
          3
          arrow-down
          2
          ·
          4 months ago

          Can you imagine a world where Linux wasn’t directly getting paid by Amazon to hook all your machines up to AWS? You can’t! And how could vim possibly be developed without dropbox integration and sponsorship, that would never work. There is no way a world exists where Krita doesn’t sell all your drawings to OpenAI, how are they going to make any money?

          None of these nice things could exist if they weren’t selling out their users, that’s just reality.

          • sunbeam60@lemmy.one
            link
            fedilink
            arrow-up
            4
            ·
            4 months ago

            Yes I get your point. Some software can run without a large income stream, on a volunteer basis.

            You’re using that fact to say that Firefox also can. And if you care to look at my profile you’ll see I’ve argued time and time again that Mozilla is an overblown organisation and should be slimmed down to a couple of hundred, working solely on the browser.

            I doubt, however, that you can build a modern, up-to-date browser on a volunteer basis.

            How many full-time people do you think it takes?

            • gnuhaut@lemmy.ml
              link
              fedilink
              arrow-up
              4
              arrow-down
              1
              ·
              4 months ago

              Linux has full time developers. Blender has full time developers. Lots of other projects have full time developers. They still don’t sell my data to Google.

              A web browser is a very visible piece of software, relied upon by end users, businesses and governments alike. I’m sure enough people and organizations would donate their time and money to fund this, if it existed.

      • verdigris@lemmy.ml
        link
        fedilink
        arrow-up
        4
        arrow-down
        8
        ·
        edit-2
        4 months ago

        … No, it does not. The ads are currently already tracking clicks and conversions, on top of a whole boatload of other personal data. This API instead provides them with just the click and conversion data, divorced from the personal data and then aggregated with all the other site visitors.

        Being against this proposal basically means you trust random websites and ad companies more with your data then you do Mozilla and LetsEncrypt.

        • gnuhaut@lemmy.ml
          link
          fedilink
          arrow-up
          12
          arrow-down
          2
          ·
          4 months ago

          This API instead

          Instead of what? As I said, this is in addition to existing tracking, with some vague promise that if current tracking methods were banned or abandoned, this could be used instead. Except it’s not getting banned (Mozilla is not going to out-lobby Google) or abandoned (market forces prevent that), and why oh why would I want some alternative way for ad companies to get my data in that situation anyway? Let them die.

          Now if another person is going to repeat this nonsense talking point, which you have picked up strait from Mozilla’s corporate PR, I’m going to lose my mind. Have some critical thinking skills. They are giving away your data right now and they give you nothing in return except a nonsense promise of a fairytale future.

          Please I just want a browser that acts in the user’s interest only, does not work with Meta on adtech, and does not think it’s their duty to save the ad industry from itself.

          • verdigris@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            7
            ·
            4 months ago

            Again, no, that’s not true. This API is only used by sites that opt into it, and in so doing, they are disabling the normal tracking which is far more invasive.

            • UserMeNever@feddit.nl
              link
              fedilink
              English
              arrow-up
              10
              arrow-down
              1
              ·
              4 months ago

              Sorry but where does it say they will disable “normal tracking” if they use this API?

              • verdigris@lemmy.ml
                link
                fedilink
                arrow-up
                2
                arrow-down
                8
                ·
                4 months ago

                In the entire pitch, the announcement, this clarification, and all the technical data? Read literally any of it again and you’ll see that this is the whole point of the API.

                • UserMeNever@feddit.nl
                  link
                  fedilink
                  arrow-up
                  8
                  arrow-down
                  2
                  ·
                  4 months ago

                  You are missing the point. websites WILL NOT STOP TRACKING YOU! Nothing in this API can do that.

              • verdigris@lemmy.ml
                link
                fedilink
                arrow-up
                2
                arrow-down
                7
                ·
                edit-2
                4 months ago

                It’s enforced by the websites, they opt into this API. It says that everywhere you can read about this.

                • gnuhaut@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  4
                  arrow-down
                  1
                  ·
                  4 months ago

                  I can’t find this in the announcements and stuff. Where does it say that exactly?

    • wolf@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      37
      arrow-down
      8
      ·
      edit-2
      4 months ago

      … first of all, providing a new API to give out information about me is not a good thing in my mind.

      Second, this would be the first time in human history, the advertisers would not simply add that APIs information to everything else they aggregate including fingerprinting of your browser.

      So, serious question: How is this good for me?

      Edit: typo

        • mihor@lemmy.ml
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          edit-2
          4 months ago

          I get the sentiment, but no. No way. No way in hell I’m allowing advertisers to get a bit of data or a penny out of me in any way, shape, or form. Not the way they’ve been treating us for the last decade. They can eat dung for all I care. Total war.

        • wolf@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          edit-2
          4 months ago

          advertising isn’t going to go away

          That is certainly true for the moment, but IMHO that is not really an argument in this case:

          1. Advertisement can simply show me me some advertisement w/o spying on me. (Effectiveness of targeted advertisement is AFAIK highly controversial anyway.)
          2. My operating system does not have to spy on me and my browser certainly not.
          3. Mozillas BS arguments are just the ‘story told’, obviously they want to make money via advertisement and be the man-in-the-middle. I assume it is their legal right to do so and they can pursue the business model they like, but I do not have to like it.
          4. Again, advertisers will simply use this as an additional source of information about users for real time bidding, and not wind down other methods of information gathering, so this is only bad for me w/o any upsides.
          5. Mozilla is showing it is willing to sell it’s user data out this way (and silently do so), what are the next steps, what will happen with the next updates?

          … and I happily have donated and will donate/pay money to/for websites and software I like/use and will happily accept business models dying which depend on selling my data out.

          One of the main points of using Open Source operating systems and software is, that I have the freedom to use my own hardware the way I like w/o being up-sold or harassed by advertisement.

            • wolf@lemmy.zipOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago
              • Concerning advertisement: I want the option to pay for content for myself, I do not want or intent to force this on other users. Although Netflix is moving in a bad direction, in the past I could pay their service and watch a movie/show w/o advertisement. I totally would not mind if Netflix lets me pay a reasonable amount and give other users the option to have a free, advertisement based plan.
              • One related fact: Even payed newspapers etc. since the start of the industries always relied on money from advertisement, there was AFAIK never an outlet which could survive on subscriptions/payed readers alone
              • Fair point about Mozilla not selling your data. But when you phrase it like this, Alphabet/Meta etc. are also not really selling your data (which is their golden goose, after all). I’ll still correct this.
      • verdigris@lemmy.ml
        link
        fedilink
        arrow-up
        9
        arrow-down
        10
        ·
        4 months ago

        It does not collect any more information about you. It provides far less information than pretty much every ad is already collecting, and that information is anonymized. It does not affect ad blocking solutions.

        So, serious question: what are you not understanding here?

        • wolf@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          4 months ago

          … as already mentioned above:

          1. This will be just an additional data point about you sold out - no advertiser will dial back on all the other ways to collect data about you.
          2. Mozilla shows that it willingly and silently will sell your data out and they will increase this over time to make money/try to be the man in the middle.
          3. It does not matter at all if it affects ad blocking solutions, this is about tracking and profiling. Learn about browser fingerprinting and other techniques.
          4. This is built in to your browser, which is crossing a very important line.
      • sunbeam60@lemmy.one
        link
        fedilink
        arrow-up
        6
        arrow-down
        4
        ·
        edit-2
        4 months ago

        Ask yourself this: Would you rather trust this data with Google or with Mozilla? Because if Mozilla needs income to maintain a libre alternative, they need to have a measured audience. Doing it in an anonymous way we can verify is better than letting Google and ad agencies do their level best to deanonymize you.

        • wolf@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          3
          ·
          4 months ago

          Ask yourself: Has Firefox even the expertise/man power to pull this off in a secure way or not? I’d rather have Google collect data, because they know how to protect their crown jewels and have a track record.

          Mozilla demonstrated in the last decade that most of their projects are failures and they have neither the expertise nor manpower to pull something like this off.

    • j4k3@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      3
      ·
      4 months ago

      Are you trying to tell me that the host server is showing the ad, because last I checked, with my whitelist firewall, I never see ads because all ads are links to the ad server you are actually visiting. It is no different than opening up the webpage and connection to them. They get all the same fingerprinting info.

      I’m not saying one way or another here, but there is no such thing as anonymous data collection. It only takes 2-3 unique identifiers to connect a person between a known and anonymous data set and there are almost always quite a few more unique identifiers than this in any given dataset. When I hear anyone say stalkerware is anonymous, I assume they are no longer just a privateer of a foreign drug cartel level state, instead they are full blown slave trader pirates fit for the gallows or worse.

      • verdigris@lemmy.ml
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        4 months ago

        … No, I’m saying that a given site hosts the specific instance of an ad. That site has control over what the ad can harvest, and if they’re opting in to this PPA API, that information will be anonymized and much more limited than it currently is.