return to table of content

"Firefox added [ad tracking] and has already turned it on without asking you"

david_draco
40 replies
2d1h

It is obvious why Firefox does this though; they have no income otherwise like Google does. Firefox users somehow think that using is "supporting" Mozilla/Firefox, but it is not, and they would not pay for the browser, or pay a subscription free. Privacy-friendly ads are a reasonable way for Mozilla to survive long-term -- if they are indeed privacy-friendly.

Ultimately you probably either need a clean-room NGO that ensures the data cannot be de-anonymized, or accept that ad impact counting is BS anyway and only measure profit increases across A/B ad phases.

SoftTalker
11 replies
2d1h

I would pay for a browser that was 100% ad- and tracking-free. I pay for an email account. I pay for YouTube. I pay for several streaming media services. I get that people are used to browsers being free, but no reason that can't change.

SamuelAdams
8 replies
2d1h

You are very rare. Most people are not like you.

Apple tried this with iOS 2 and 3. Minor versions cost users roughly 5-10 USD per update.

Therefore many users did not install the latest OS on their devices. The cost, although small, was a barrier for many people.

Apple quickly pivoted and now all software updates are free of charge to all supported devices.

If Mozilla starts charging for Firefox, I predict either people stick with the oldest version that is free, or stop using Firefox and use a fork that maintains its free (in cost) license. Or maybe only 2% of users convert to a paid version of Firefox.

aaomidi
5 replies
2d1h

OS updates are not comparable.

Apple charging for updates is idiotic because as a user I don’t have a choice to go use a different OS.

aetch
4 replies
2d1h

You do have a choice, just keep using the OS version you have. Just like using the an older Firefox version.

Adding security updates and new features costs time and money.

redserk
0 replies
2d1h

Apple seems to have made the economics work out well with devices alone.

You don’t even have to touch their services revenue to consider ongoing iOS development a significantly successful return on their investment.

evah
0 replies
2d

If Apple delivers a defective device to the customer, I see no reason why they shouldn't be fixing it using the money the customer originally paid. A security vulnerability may eventually leave a device completely unusable.

HighGoldstein
0 replies
2d1h

There are a couple of problems with this argument. One is that with a device (especially a premium one) the cost of support for a reasonable lifetime is considered baked into the price. The other is that security updates imply a security issue, meaning the company sold you an insecure, i.e. defective device in the first place.

GTP
0 replies
2d

The point is that with browsers there's also the option of using an entire different one, not just keeping an older version of the same browser.

mikeocool
0 replies
2d1h

I don’t disagree with your point — however apple only charged for the early iOS updates on the iPod touch. And they only did it to comply with the Sarbanes-Oxley Act — which required that if you upgraded a device not on a subscription, you had to charge.

They stopped doing it after they lobbied congress to change the law.

https://www.macworld.com/article/189247/ipodtouch-3.html

jbaber
0 replies
2d

Honsetly, pay-what-you-want-if-you-can would work well. Just make a button appear once in a while (that you can permanently turn off in about:config).

If firefox asked me once a month "Enjoying the entire internet? Is it worth $1 to you?" I'd press the button often.

fancy_pantser
1 replies
2d1h

What stops you? Are you not satisfied with the ones on offer? Is there a compatability issue that's a show-stopper?

nemomarx
0 replies
2d1h

What paid browsers are on offer with good technology? The only ones I'm aware of are still chromium based or I think mac only, so that's a pretty bad feature set.

dtech
9 replies
2d1h

The thing is, you cannot pay for Firefox even if you wanted to*, so the assertion that people wouldn't pay is unproven (but has good circumstancial evidence). I'd still prefer they make a paid version without this crap.

* Donations to Mozilla go to a non profit which is separated from Firefox development and has questionable effectiveness in general

kredd
5 replies
2d1h

After all these "I would pay for Firefox if I could" comments, it would be fun for Mozilla to start a Gofundme like page, where if it hits $300M (or whatever amount they're getting from Google per year) they'll make it an option, otherwise they'll go back to trying to find another revenue source.

It's very hard to believe that an average user would ever pay for a browser, when alternatives like Chrome and Safari exist. It's the same as paid email services, in my opinion. Like sure, there will be some segment of users who'll do it, and they'll probably get $10-20M/year if it offers some features free email services don't. But hitting that $100M through donations on a yearly basis would be hard when there are free equivalent alternatives.

wizee
3 replies
2d1h

Mozilla is like Wikipedia, where the vast majority of the funds they receive go to causes unrelated to development or maintenance of their core product (web browser or encyclopedia).

lolinder
2 replies
2d

For example, acquiring ad companies.

dralley
1 replies
2d

Mozilla Foundation did not acquire an ad company, and none of their dollars can be legally used to acquire and ad company. Once again, HNers fail to understand the difference between Mozilla Corporation and Mozilla Foundation, and conflate all their criticisms.

lolinder
0 replies
2d

I'm well aware of the convoluted corporate structure and that convoluted structure is one of my primary criticisms of Mozilla.

lolinder
0 replies
2d

You're attacking two strawmen:

1. The average user doesn't have to pay for the browser in a donation model, you just need enough users to feel passionately enough about it to fund it sufficiently to develop it.

2. No one is arguing that Mozilla should replace their revenue from Google overnight with donations. We're just asking that Mozilla give us the option to pay for Firefox already.

Another user (trying to demonstrate to me that donations would never be enough [0]) figured that if we assume a similar rate of donations as Thunderbird gets then Firefox would bring in $70m/year just in donations.

That is a heck of a lot of money. That funds 140 developers even at inflated Bay Area salaries, 280 developers if you're willing to branch out of the Bay and offer closer to $200k/year on average as a base salary (still an insanely high average rate in most of the country and the world). Even if you took a full 50% for general/administrative and overhead, that sum would still pay for 70 bay-area or 140 rest-of-the-world developers.

If Mozilla really does need more developers than that for Firefox specifically, then fine, they can keep accepting money from Google—no one is saying they should only be funded by donations. But that they don't even make it an option is frankly bizarre.

[0] https://news.ycombinator.com/item?id=40901664

Ferret7446
1 replies
1d20h

You can, since Firefox is open source. Just hire a dev.

poikroequ
0 replies
2d1h

The reason many companies don't offer a paid option to remove tracking is it can be seen as an admission by the company that they know tracking is wrong to some extent. So these companies would rather just force it on everyone and pretend like there's nothing wrong with it.

mulmen
5 replies
2d1h

I pay for Orion through Kagi. I would gladly contribute to the salaries of developers to maintain the Firefox project.

iroddis
2 replies
2d

I also pay for Orion, but can’t use it much until the multi-container support is working well. Right now Firefox is the only browser that does this right.

Upvoting you in the hopes that more people in this thread will put their money where their stated principles are and help support a privacy focused browser with clear funding sources so that Orion doesn’t go the way of Opera.

kstrauser
1 replies
2d

I also used Firefox’s containers a lot. In my case, I often need to log into multiple AWS simultaneously, or at least bounce between them quickly enough to be a major hassle if I had to log out of one to log into the other. Now I use Safari’s profiles to do that.

What’s your Firefox use case that Orion doesn’t handle? (Sincere question; that wasn’t meant as “it works for me so stop complaining!” snark.)

iroddis
0 replies
1d18h

I'll be honest, I was waiting for Orion RC 128 to get released, since that's when the multi-container feature was supposed to land (according to [1]). I just updated Orion RC, and the profile management is pretty nice, but seems to be missing some things: (1) assigning full or partial URLs to always open in a specific profile, and (2) profile assignment on a per-tab basis, rather than per-window.

Other than that, the browser is pretty amazing. Blazingly fast, support for both Firefox and Chrome extensions, and lots of customization. There's a lot to love about it, and as soon as the two features above land I'll likely be switching to it as my primary driver (on MacOS)

[1] https://orionfeedback.org/d/43-something-like-firefox-multi-...

bloopernova
1 replies
2d

Orion isn't available for Linux.

mulmen
0 replies
2d

True, not yet. It is still proof that people are willing to pay for a browser that aligns with their priorities.

dsr_
5 replies
2d1h

You can't reasonably claim "they would not pay for the browser, or pay a subscription [fee]" when it is not even possible for a user to donate to the Firefox project specifically.

newaccount74
2 replies
1d10h

You can. There are a lot of open source projects that solicit donations, and if you talk to the developers you will find out that practically none of them get donations that would support even a single developer.

The only thing that seems to somewhat work is Patreon, which seems to work fine for some developers that are good marketers, but even there the number of creators that can support themselves is very small, and I don't know of any Patreons that support more than a single person.

To support a browser, you need a team, and there is no plausible way to pay for that team with donations.

It's not that nobody has tried financing open source with donations, it's just that nobody has found a way to make it work yet.

fwn
1 replies
1d8h

You can.

No, AFAIK you cannot.

The inability to donate to Firefox is a valid and longstanding criticism of the Mozilla corporate/foundation setup.

Mentioning this deficit in a comment chain about the projects financial sustainability is relevant and appropriate.

It is also true that many projects have funding problems, but that does not negate the parents point.

Mozilla is not a particularly good steward of Firefox and there should be a way to donate specifically to Firefox development, if just for Mozilla as an indicator on what should be their priorities.

newaccount74
0 replies
5h17m

Sorry, I think I wasn't clear. I meant to contradict the statement "You can't reasonably claim ..." with "You can [reasonably claim]".

What I am saying is that it is extremely unlikely that people would donate to Firefox, even if was possible to do so. At least not enough to actually pay for more than a few developers. (And you need more than a few developers for a browser, even if you cut useless features nobody asked for like Pocket integration.)

photonbeam
0 replies
2d1h

Its rather annoying that theres no way to support firefox without sending money to a Mozilla ceo who could use it for some silly side project

SkyPuncher
0 replies
2d

What browser has a subscription user base that could support Mozilla?

JadeNB
1 replies
2d1h

Privacy-friendly ads are a reasonable way for Mozilla to survive long-term -- if they are indeed privacy-friendly.

At some level, trusting that privacy-friendly advertising through Firefox actually respects privacy is going to have to involve trusting Mozilla. Mozilla seems to have gone out of its way over the years to erode user trust, and this is just one more step down that road. As the author says, if Firefox is even sneakier about this than Chrome, what scope is there for trust?

mulmen
0 replies
2d1h

I don't think Mozilla is going to pull a Google and deliberately choose to become evil. Mozilla simply doesn't have (or want?) the resources to hire competent product people (if such a thing even exists) to manage features and marketing. This is the problem with running software as a company instead of an open project where the product is the end rather than a means to profit.

zaphod420
0 replies
2d

I paid for an Orion Plus lifetime license (browser made by kagi). I'd happily pay for Firefox too if it was an option.

ndriscoll
0 replies
1d21h

"Privacy friendly" (not really) ads are not a reasonable model. That just makes them a chrome knockoff, and there's no longer a purpose for their existence.

A reasonable way to survive would be to have invested part of the half billion dollars per year they've been taking in for the last 15 years and built up a trust to permanently pay for developers.

hot_gril
0 replies
2d

Besides money, market share must also be important for Firefox. Otherwise the web becomes Chromium-only.

28304283409234
0 replies
1d22h

I'd pay 100 dollars yearly for Firefox. At least. If it would deliver on the core product, and drop all advertisement crap in the build they ship me. It baffles me that this is still not an option.

thangalin
22 replies
2d1h

1. Visit about:config

2. Set dom.private-attribution.submission.enabled to false

I've added the configuration value to the following page:

https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_...

I'm not affiliated with Mozilla, but I do understand how wikis work. ;-)

Topgamer7
11 replies
2d1h

Unfortunately about config no longer exists for mobile devices

BenjiWiebe
5 replies
2d1h

about:config works on Android Firefox nightly. Just checked.

GeoAtreides
4 replies
2d1h

hm, should I use the stable version, but be tracked,

or should I use Nightly, and risk crashes and catastrophic loss of data

choices, choices

anticensor
2 replies
2d1h

or use an unbranded fork that has about:config enabled

exe34
1 replies
2d

amazing, the one app that has access to everything that matters in your digital life, and you'd be willing to use a non-standard source?

ndriscoll
0 replies
1d22h

The standard source comes with malware, and the one big alternative comes with malware. Such is the state of the tech industry (even nonprofits) in 2024. Random individuals like Raymond Hill are far more trustworthy than large organizations.

janice1999
0 replies
2d

I believe the unbranded Firefox build on F-Droid (called Fennec) enabled it even on stable releases.

tooltower
1 replies
2d1h

I just found this setting in mobile, but I don't know if it's the same feature: Settings > Data Collection > Marketing

morsch
0 replies
2d

I don't think so. I already had the setting visible in the UI disabled, but the thing in about:config was still on.

krono
1 replies
2d

There is chrome://geckoview/content/config.xhtml but many options shown there are nonfunctional. The relevant option is listed but I'm not sure if setting it to false has any effect.

Edit: Just found out that on that link above, you can set general.aboutConfig.enable to true to enable about.config.

It looks like the xml page and the about.config one are the same, as the modifications I made are synced.

neitsab
0 replies
2d

Thank you so much for that! I was missing the ability to configure a very important option for me in Stable (layout.css.prefers-color-scheme.content-override), but couldn't keep using Nightly because of its instability... You're a lifesaver!

lkdfjlkdfjlg
6 replies
2d1h

I'm not affiliated with Mozilla, but I do understand how wikis work. ;-)

You don't seem to understand why this is problematic though, so I'll explain it to you: enabling tracking when you know that one of your selling points to your users is respect for privacy is a huge breach of trust.

intelVISA
3 replies
2d1h

To be fair, I don't think that has been an active Mozilla mission for close to a decade now.

They mostly exist as a Google owned shell now...

tredre3
1 replies
2d1h

To be fair, I don't think that has been an active Mozilla mission for close to a decade now.

Ok, maybe they should update firefox's home page, then?

Very first lines:

Get the browser that protects what's important

No shady privacy policies or back doors for advertisers. Just a lightning fast browser that doesn’t sell you out.
johnnyanmac
0 replies
2d

GP did say "active mission". I'm sure Google had "Do no evil" on their site for maybe 4 years after they in fact started being evil.

lkdfjlkdfjlg
0 replies
2d1h

Maybe it hasn't been an active Mozilla mission for a decade in practice, but they did paid it lip service many times in the past decade, so still counts as breach of trust.

tedunangst
1 replies
2d

What do you expect thangalin to do with this understanding?

lkdfjlkdfjlg
0 replies
1d23h

Be less pretentious.

billfor
1 replies
2d

Looks like the windows build for 127 didn't have it but it's there in 128. Updating to 128.0 adds the preference (defaulted to true) and also the new "Website Advertising Preferences", which seems to control the same preference. I would just uncheck the box as it's right there on the Security page.

johnnyanmac
0 replies
2d

Thanks, I just updated to 128, and found the setting under Settings -> Security -> Website Advertising Preferences. I wish I could be surprised that this was opt-out by default, but when you know how Mozilla is funded it all clicks.

jdalgetty
0 replies
1d9h

Setting dom.private-attribution.submission.enabled to false changed the user agent on my mac to Mozilla/5.0 (Windows NT 10.0; rv:128.0) Gecko/20100101 Firefox/128.0

mouse_
18 replies
2d1h

Meanwhile, Ladybird, the first new browser engine since the 90's to 100% the Acid3 JavaScript test, just secured $1 million in funding from the founder of GitHub. We, as responsible web users, need to do whatever it takes to break up Google's web oligopoly. The open web is at stake.

tatersolid
12 replies
2d1h

I read the Ladybird FAQ for their rationale, but building a new browser in 2024 using an unsafe language is such a facepalm it’s hard to take the entire project seriously.

TacticalCoder
3 replies
2d1h

Yup I don't understand the downvotes. I don't code in Rust but I also don't feel insecure about it: I wish more projects were written in Rust (or something similar).

There are several research, already published here many times, which show that something insane like 75%+ of all the security exploits would be rendered cold dead in their tracks had Rust been used.

I don't know how anyone, even a C/C++/VisualBasic/PHP coder, could not like that.

ninjin
2 replies
2d

I suspect the downvotes are for a very simple reason: "Why not Rust?" comments are contributing next to nothing to the conversation. At this point, comments like this are tiresome and predictable.

What would be interesting are detailed separate posts such as what you mention about security exploits addressed and of course the stream of wonderful software that people are writing in Rust (and other languages as well for that matter). Bringing it up in relationship to Ladybird, which is an amazing accomplishment already, is incredibly petty and off-putting. The poster can do better and the community deserves better.

Klonoar
1 replies
1d23h

Unless I’m misreading, OP themselves didn’t actually say Rust at all. They just noted that Ladybird is written in an unsafe language.

I don’t read this as petty, it’s well noted by now that memory safe languages are increasingly recommended to avoid classes of errors.

ninjin
0 replies
1d23h

You are correct about Rust not being mentioned explicitly, but I am yet to see a stream comments about memory safety coming out of say the Java, Python, Go, Haskell, etc. community. Then again, maybe I am wrong?

As for petty. "[B]uilding a new browser in 2024 using an unsafe language is such a facepalm it's hard to take the entire project seriously." sounds pretty darn petty and dismissive to me for a project that is making good progress. We desperately need diversity in terms of web browser implementations and "not taking seriously" a project which could very well become viable within the next few years solely based on their programming language of choice feels wrong to me (even as someone with next to no love for C++).

jacknews
2 replies
2d1h

'unsafe language' sounds like something out of '1984' or 'Animal Farm'; a totalitarian political euphemism, attempting to demonize all 'others'.

The reality is that no language is actually 'safe', and 'safety' itself is a complex trade-off between enforced restrictions, flexibility, and other factors, just like in life.

nottorp
1 replies
2d1h

Developers gotta have religion. It's not about fear of death like mainstream churches, it's about fear of buffer overflows.

account42
0 replies
4h21m

Developers already had a religion, the Church of Emacs. Heretics will not be tolerated.

convolvatron
2 replies
2d1h

'the rationale that they are actively evaluating other develoment platforms?

"However, now that Ladybird has forked and become its own independent project, all constraints previously imposed by SerenityOS are no longer in effect. We are actively evaluating a number of alternatives and will be adding a mature successor language to the project in the near future. This process is already quite far along, and prototypes exist in multiple languages."

aaomidi
1 replies
2d1h

They need to commit to not using C/C++ for the majority of the project.

If not, then yes it can’t be taken seriously.

account42
0 replies
4h23m

Unlike existing browsers?

pjmlp
1 replies
2d1h

While I enjoy the sentiment, it isn't as if Rust is doing any favours regarding Firefox adoption.

intelVISA
0 replies
2d1h

We've added tracking but at least it's safe(tm).

solardev
2 replies
2d

Why can't they just fork Blink like everyone else? A new rendering engine is an unnecessary duplication of effort and ripe for security issues.

I don't think the open web is really as dependent on the browser anymore anyway. We already have multiple choices today, but the web is still mostly controlled by a huge big companies and nations. Doesn't feel particularly open. A new browser engine won't really solve that.

Meanwhile a million dollars could go towards some network R&D or popularizing Freenet instead.

The world doesn't need a dozen HTML renderers. If we actually want a free and open web, that's a infrastructure and content censorship/algorithmic promotion issue, not a layout engine or JS engine problem.

mouse_
1 replies
1d15h

Yes, but Ladybird will be a much smaller attack surface. Starting with a competent, modern base and a great deal fewer lines of code will prove advantageous for both security and performance. See: WireGuard

solardev
0 replies
1d12h

I find that hard to believe. Time will tell on that front!

pjmlp
0 replies
2d1h

It starts by developers stopping by shipping Electron junk (want a Web app with native APIs?, target the system browser with a daemon), or using Chrome only APIs.

jacknews
0 replies
2d1h

And I see servo (the ex-mozilla engine rewrite in rust) is getting some news lately too.

openrisk
14 replies
2d

Q: How many people are using a web browser on a daily basis worldwide as their main window to the collective infosphere? A: Billions.

Q: What fraction of the corresponding GDP would it take to fund a serious browser-as-public-good initiative that would develop this technology to its full potential without the perverse constraints of adtech business models?

A: 0.0001%? Too small to compute?

The idea that critical communication infrastructure must be (directly or indirectly) supported by advertising interests is certainly not obvious.

Advertising businesses, like all businesses or individuals should be guests on that global platform, playing by the rules, not setting the rules. The status-quo is a unique and singular failure that has been normalized for reasons that historians will surely describe with gory detail in due course.

There are more ways to fund things than either adtech or dazed and confused individuals paying/donating directly for software. Especially when the stakes are extremely high.

Mozilla's attempt to provide a more palatable alternative while accepting the premise that the web is an ad-funded technology was, alas, always doomed. Its market share is trending to zero and it is just a matter of time before complete disaster...

doe_eyes
3 replies
2d

The problem isn't building a publicly-funded browser, it's building a publicly-funded browser that's good and that can keep up with the demands of the platform - which means taking risks, also when it comes to security and privacy.

A publicly-funded equivalent of MSIE 6, heroically made 100% secure and private, would be a disaster for the web. And that's a pretty likely outcome if it's designed by a government committee and prioritizes safety above all.

throwaway81523
0 replies
2d

The "demands of the platform" drive expanding capabilities of the browser, which in turn drive increasing commands of the platform. A vicious spiral. Magically getting everyone to switch to a less powerful browser would necessarily beat back the demands of the platform. That would be a wonderful thing, not a disaster.

ndriscoll
0 replies
1d23h

On the other hand, a publicly funded equivalent of Firefox 3.5 or maybe SeaMonkey with incremental improvements over time (e.g. adding things like form validation and pie charts and bar charts and line charts to html, and not adding USB or GPU or ad tracking or attestation support) would be amazing for the web.

account42
0 replies
5h12m

A publicly-funded equivalent of MSIE 6, heroically made 100% secure and private, would be a disaster for the web

Hard disagree. The web was a much better place when IE6 was still relevant enough to reign in web developers.

Beldin
3 replies
1d20h

The idea that critical communication infrastructure must be (directly or indirectly) supported by advertising interests is certainly not obvious

I think the problem is more that the trend over the last 5-7 decades has been to privatise things. The EU (for instance) has rules forcing (e.g.,) privatisation of train companies and postal services. This has caused previously government-owned services to be privatised.

In this day and age, I'd be surprised to hear of any successful case where a non-public good was made public in a Western country. (I'll restrict my surprise to there because of insufficient familiarity with other countries to make such sweeping statements.) Whether it'd be web browsers, water treatment facilities, energy-related, healthcare-related, infrastructure-related, etc.: if it's currently privatised, it will emphatically not revert to public; if it's currently public, it might be forced to be privatised.

You might think about "privatised-but-with-strings-attached" variants, like in California with "carrier-of-last-resort", or in EU with public transport concessions requiring also services that operate at a loss to service small population centers / unpopular hours. Typically, these impose restrictions on the market parties on what they must deliver in order to be granted the concession. That seems like a way to guarantee the kind of service a government would deliver, but by market parties. And it is! But once you encode rules, you can start eroding them. Every new concession tender going out, you can try to dilute such conditions. A bit is enough - every step gained can be relied upon in future negotiations ("you're asking for more than last term"). And, of course, every small step can be argued by increasing costs - because cost will always increase anyway.

The TL;DRR (didn't read the rant): the public commons has a tendency to erode in favour of privatisation. There is pressure to do so, and no real counterpressure to reverse, only to not go too fast.

openrisk
1 replies
1d19h

I think the problem is more that the trend over the last 5-7 decades has been to privatise things.

The private/public border is volatile and heavily contested and by all accounts will forever be a topic of political debate.

But notice how unusual the context of web technologies: Its not that a private monopoly is controlling and selling some piece of web infrastructure (that might, instead, be opened to more competition, turned into a public good etc).

No, what is happening is that a very specific business sector (advertising) is controlling universal communications infrastructure.

A loose analogy would be if a single private oil company would manufacture and distribute all automobiles in circulation - for free, but securing that they can run on nobody else's energy.

The conjectured "public-good" browser is not crowding out any private interests as there is no market for selling browsers. There is a market for advertising but its not competing for surfaces, it owns all surfaces.

Guess what, in this terminally conflicted arrangement you would never see an electric vehicle.

The highjacking of central infrastructure to serve narrow private interests will inevitably reduce innovation and welfare and any techie that is worth their title knows thats already the case.

newaccount74
0 replies
1d11h

I think it's curious that there are two models driving OS and browser development at the moment:

1) Google's model. They try to control all the ways that people discover goods and services, and then sell ads to the providers of services. Whether people are looking for electronics, flights, restaurants, contractors or nannies, they are going to use Google Search or Google Maps or another Google service to find it, and service providers need to pay Google to be discovered. Google is using ads to get a cut of every business transaction.

2) Apple's model: They try to control all the ways that people pay for things. For digital goods, that's the App Store and In-App-Purchases, for traditional things it's Apple Pay and Apple Card and Apple Cash. Apple is using payment services to get a cut of every business transaction.

organian
0 replies
8h25m

I'd be surprised to hear of any successful case where a non-public good was made public in a Western country.

The UK is renationalising railways now.

mulmen
1 replies
2d

There are more ways to fund things than either adtech or dazed and confused individuals paying/donating directly for software.

Like what?

chaps
0 replies
2d

Grants!

1vuio0pswjnm7
1 replies
1d21h

There is an "argument" that people online put forward, perhaps to try to preserve the status quo. It goes something like this: Every browser must implement every "web standard".^1

Meanwhile the incumbent browser vendors profiting from online ads are on the committees that decide what will be the standards.

Have also seen Mozilla supporters on HN claim Firefox must "compete" with Chrome and that this means matching nearly all of its features.^2

For a recent example, see

https://web.archive.org/web/20240713084435/https://www.jwz.o...

(An HN commenter suggested sending Referer: news.ycombinator.com to www.jwz.org may have adverse consequences hence the use of IA)

The tunnel-vision ignorance and stupidity of this comment is over the top, IMHO. Have seen similar comments on HN.

1. I am submitting this comment with a text-only browser that is maintained by a single person and implements only a small fraction of web standards. It does not support ads. There are no "cookie pop-ups". Clearly, such browsers have value. In many cases I find I can access more information more easily and more rapidly than people using larger browsers like Firefox who are constantly battling against the influence of advertising and "web development" just to read some text.

2. The definition of "compete" as used by these folks does not account for the possibility that some www users (cf. web developers) may want less features, not more.

account42
0 replies
5h8m

(An HN commenter suggested sending Referer: news.ycombinator.com to www.jwz.org may have adverse consequences hence the use of IA)

May I suggest to said reader that anyone technically inclined who still keeps that misfeature enabled in their browser deserves the targetted response they get.

moepstar
0 replies
2d

fund a serious browser-as-public-good initiative > A: 0.0001%? Too small to compute?

Interesting thought experiment.

I think, the question can pretty much be answered with "whatever is necessary to fund a company, their personnel and keep them afloat and honest".

Not sure when and why Mozilla has deviated from that path/mantra. Did they get greedy? Corporate bloat?

CrendKing
11 replies
2d

This gives me impression like what happens to the nuclear weapon proliferation. At beginning, it is an arms race, between US and USSR, between users and advertisers. Either side thinks they can't survive without vanquishing the other. Eventually they realize it is stupid to continue, and reach a point to both step back.

I think Mozilla is at the point where they realize it is no longer beneficial to continue the race against advertisers. It is time to collaborate. This way both users, advertisers, and maybe Mozilla themselves can all benefit from stepping back one foot.

I personally support this move. Morally speaking, content creators I consume deserve income from my visit, as long as my privacy is preserved. Seems a good compromise if it works.

dhx
3 replies
1d23h

Coupon codes have existed before the Internet as a privacy-preserving way for businesses to track conversions for advertising. If a buyer quotes "MAGAZINE5" when purchasing to obtain a 5% discount, the seller knows the magazine advert is working. In modern times, there is nothing technologically preventing a business placing online ads with frequently changing coupon codes "HAPPY15" vs "HAPPY22" to gauge effectiveness of particular ad formats in more granular ways.

Television and radio advertising exists and has existed long before the Internet without any need for detailed conversion tracking. Brief "To help us improve our business, could you please tell us how you heard about our brand?" questions in order forms has sufficed. A/B testing of billboard placements have sufficed.

Put simply, "Privacy Sandbox" is presented as a solution to a "problem" that doesn't exist.

npteljes
2 replies
1d22h

Coupons worked, but they can't really work now in the way they used to. People exchange codes in other information channels. Especially in the current, always-connected, high speed internet era.

diggernet
1 replies
1d12h

Doesn't that simply turn the "other information channels" into another advertising channel? If you are putting out codes to bring in customers, and customers arrive with the code, um, mission accomplished?

npteljes
0 replies
6h56m

Maybe, but not necessarily. These channels, like the Honey browser extension, alert users who are likely going to pay anyways, that they can use a coupon to pay less. This I think is a loss for the company, and a misrepresentation of the campaign statistics, if looking at the effectiveness of the coupon code.

elashri
1 replies
2d

content creators I consume deserve income from my visit, as long as my privacy is preserved

I doubt that most people in these discussions wouldn't agree with that point. The problem lies in the details. Advertisers don't take anything less that complete personalized targeting. We are not in the 2000s era of buying ad space on related websites/forums anymore. The problem is there are misalignment between targeted ads and privacy. And I didn't find all the proposal for anonymity successful, it is always possible to de-anonmize the data.

CrendKing
0 replies
1d19h

If a website uses targeted ads and track users, they won't use the PPA feature Mozilla introduces here. So the setting won't affect user. On the other hand, if a website is not evil and willing to sacrifice revenue for better user privacy, and use non-targeted ads, PPA gives them tool to do so. In contrast, the current adblocking methods are blunt forces. They don't distinguish the nature of specific ads.

lolinder
0 replies
2d

Morally speaking, content creators I consume deserve income from my visit, as long as my privacy is preserved.

For me, tracking is not my primary concern with ads: I use an ad blocker as an accessibility tool to allow me to even exist on the internet at all. I have ADHD. Nearly all content on the internet is flanked by ads that make it impossible for me to actually read or watch it—they're intentionally distracting enough to draw the eye of a neurotypical person, and it's hopeless for me.

I dread a world where even Mozilla embraces advertising and the false idea that the only thing to solve is privacy. Ads are a problem for many, many reasons, and we need to find alternative answers for funding.

johnnyanmac
0 replies
2d

Morally speaking, content creators I consume deserve income from my visit, as long as my privacy is preserved.

sad for the content creators (I do actievely try to donate and subscribe to quality content when apt), but I simply don't tryst my privacy being preserved any longer. So opt out of this setting and keep Adblock extension on. The well has long been poisoned for me.

But I'm also in the minority and it seems there's still enough adrev going that I'm barely an atom in the market.

ghusto
0 replies
1d9h

I often hear an argument along the lines "content creators should be paid for their work". I think it should be "content creators _can_ be paid for their work". "Should" implies they are automatically entitled to it.

Put content out there, if I like it, I'll pay. If it's not good enough for enough people to pay for it _consciously_, then it's not good enough, and you stop doing that. You move on to better things and so does everyone else, with the added benefit of the content pool being a little less diluted.

galdosdi
0 replies
2d

Either side thinks they can't survive without vanquishing the other.

Except, it actually is not a two way street. It's purely one way. Without users, the content sellers can't survive. But if users stop consuming ads and eliminate content revenue streams, the users will be just fine. So what if TikTok goes out of business or something?

All the failure of online advertising would mean would be regressing to a time when the internet was not very commercialized yet, which was an amazing awesome time when we had pretty much all the positives of today with few of the negatives.

They need us, but we don't need them. Big Content is a parasite.

Falkon1313
0 replies
1d23h

I might consider it when advertisers stop using malware and spyware in their ads. There's absolutely no reason that an ad would need to run a script, contact a third-party system, or track anything about the viewer.

So far though, they show no intentions of doing non-hostile advertising. Instead they're constantly striving to make it even worse.

So I'll keep the adblocking as it remains a reasonable and necessary defense measure.

david_draco
7 replies
2d1h

The thread does not explain whether the behaviour of Firefox was actually changed when they added the check box, or if it is a new option to opt-out of something that could not be opted-out before.

ZeroGravitas
2 replies
2d1h

The poster of the tweet also says later:

I recommend turning it off, or switching to a more privacy-conscious browser such as Google Chrome.

Which seems an interesting comment from someone so extremely anti-advertising.

lukan
0 replies
2d1h

I read it as satire. Even chrome is better than firefox.

"Now to be clear, the disclosure Chrome provides to users is not adequate. Their wording of the "Ad Privacy" feature popup is highly disingenuous and the process to disable once notification is given is too complex and must be performed on a per-profile basis. But at least they do it"

NuSkooler
0 replies
2d1h

The suggestion to switch to Chrome is pretty rich. Firefox is more privacy conscious Chrome even with this enabled.

Porygon
1 replies
2d1h

I think this is the check box in question: https://pomf2.lain.la/f/8v4aq9sg.png

It is located at "Settings" -> "Privacy & Security" -> "Website Advertising Preferences" and is checked by default.

instagib
0 replies
2d

I followed the top level comment and added

Boolean dom.private-attribution.submission.enabled False

It disabled the checkbox after updating Firefox. I set it to true to test and it enabled the checkbox also.

nullindividual
0 replies
2d1h

It added in the 'privacy preserving feature' that did not exist before, automatically enabled.

Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.

https://www.mozilla.org/en-US/firefox/128.0/releasenotes/

This is the page users saw when they updated to 128. No mention of this setting.

https://www.mozilla.org/en-US/firefox/128.0/whatsnew/?oldver...

Vinnl
0 replies
2d1h

It's new:

Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.

https://www.mozilla.org/en-US/firefox/128.0/releasenotes/

lapcat
5 replies
2d

Mozilla has been working with Meta on this.

"For the last few months we have been working with a team from Meta (formerly Facebook) on a new proposal that aims to enable conversion measurement – or attribution – for advertising called Interoperable Private Attribution, or IPA." https://blog.mozilla.org/en/mozilla/privacy-preserving-attri...

kstrauser
4 replies
2d

I didn’t see that, and it makes it even worse.

We owe Meta nothing. I have zero reason to donate my data to them.

heresie-dabord
3 replies
1d23h

I have supported Firefox for a long time. I enjoy using Firefox with plug-ins such as uBlock Origin, Privacy Badger, Multi-Account Containers, and FlagFox.

I understand the need to work with Google and Meta. I don't like or trust the advertising business but I recognise that these companies are billion-dollar giants.

However, activating a feature without asking users is a failure to uphold the mission statement. And Meta is a repeat offender in the domain of security.

Mozilla, this is a failure.

Here is a fork of Firefox that I have been using:

https://librewolf.net/installation/

kstrauser
2 replies
1d23h

I understand the need to work with Google and Meta.

I confess that I don't understand a need for them to work with Meta. What does anyone but Meta gain by adding this feature? A quick search doesn't show that Mozilla gets significant financial support from Meta (although maybe that's just bad searching on my part). If not money, what does Mozilla gain from this? Goodwill and a hearty thanks?

heresie-dabord
1 replies
1d22h

I confess that I don't understand a need for them to work with Meta.

I have an intense dislike of Meta. But the company prints money and its tentacular toxicity touches almost everything on the Internet.

what does Mozilla gain from this? Goodwill and a hearty thanks?

One supposes it's money because nothing else is a plausible reason for Mozilla behaving exactly like Meta.

kstrauser
0 replies
1d22h

I do hope they’re getting fat stacks of cash out of it at least. I’d hate to think they’re burning their reputation for nothing.

metadat
3 replies
2d

What incentivized Mozilla to do this? How does this get them more money? (I.e., who's paying M for this?)

lolinder
1 replies
2d

They just bought an ad company.

ta57834774774
0 replies
2d

They have been Goog's pet for a long time. Only thing staving off antitrust.

lpgauth
3 replies
2d1h

"Google/Firefox claim their tracking features are not "tracking" because they use something called "differential privacy". I don't have room to explain this class of technology, but I sincerely consider it to be fake."

Differential privacy is not fake, although quite complex to do in practice.

https://en.wikipedia.org/wiki/Differential_privacy

GrantMoyer
2 replies
2d

The fake part isn't whether differential privacy exists. The fake part is claiming differential privacy can be used by browsers to provide aggregate ad conversion data to advertising networks without providing information that can be linked to an individual.

According to Mozilla[1], Firefox's implementaion uses the "Distributed Aggregation Protocol" (DAP)[2]. Individual browsers report their behavior to a data aggregation server, which in turn reports aggregate data to an advertiser's server using differential privacy. But the aggregation server still knows the behavior of individual browsers, so basically it's a semantic trick to claim the advertiser can't infer the behvior of individual users by defining part of the advertising network to not be the advertiser.

Now, Mozilla says the data aggregation server they use is run by the Internet Security Research Group[3], which is a non-profit, so perhaps the social incentives truely are aligned in this case to ensure individual user behavior isn't shared with advertisers. But it's disingenuous to claim user privacy is protected absolutely by technical measures when in reality it's only protected by social measures.

Finally, ad conversions can easily be measured without cookies by serving unique URLs with each ad, so what's even the point of this technology? I'm not clever enough to discern any ulterior motives (if there even are any), but the complexity of the approach is suspicious to me, since ostensibly a much more obvious solution would suffice.

[1]: https://support.mozilla.org/en-US/kb/privacy-preserving-attr...

[2]: https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap

[3]: https://en.wikipedia.org/wiki/Internet_Security_Research_Gro...

throwaway81523
0 replies
2d

It's fake because it provides information that can be used for evil purposes: attribution to an individual has nothing to do with it. It's fake if it really is 100% anonymous.

Example: Count Jackboot (your favorite evil politician, Trump or Biden or whoever) is running for office. He wants to know voter opinion on topic X so he can lie about it. He commissions a reputable polling firm to ask people about X, and give him only the aggregated results. The polling firm contacts you, asks your opinion about X, and promises you that your opinion can't be linked back to you. You'll be helping the Jackboot campaign completely anonymously.

You believe the anonymity promise, but that's irrelevant, you hopefully don't want to help the Jackboot campaign at all! Saying everything is private because Jackboot only gets anonymous information is a self-serving rationalization by the advertisers and data collectors. The only way to be private is give no information whatsoever.

mikeiz404
0 replies
1d21h

ad conversions can easily be measured without cookies by serving unique URLs with each ad, so what's even the point of this technology?

I believe the goal is to infer the impact of impressions which do not require a click or user interaction.

Privacy-preserving attribution works as follows:

Websites that show you ads can ask Firefox to remember these ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad, including a destination website.

If you visit the destination website and do something that the website considers to be important enough to count (a “conversion”), that website can ask Firefox to generate a report. The destination website specifies what ads it is interested in.

...

https://support.mozilla.org/en-US/kb/privacy-preserving-attr...

ta46873676
2 replies
2d1h

OK I'll step up, senior dev of 30 or so years, and sick to death of the likes of Google ad-men trying to ruin things - how do I help?

That said, keeping up with changes in JS/ecma seems hard. Whats the answer?

TheDong
1 replies
2d

how do I help?

Ads aren't very important really, if you want to help, I recommend donating all your money to those in need and volunteering at a local homeless shelter, soup kitchen, or anything of the like.

account42
0 replies
4h15m

Considering that we have long had the ability to feed an house everyone and ads are a big part of the machine sucking a huge chunk of human wealth into the pockets of a minority your time is much better spent taking down that machine than it is picking up the trash it dumps in your neighborhood.

jacknews
2 replies
2d

The fact they didn't loudly announce this 'feature' has seriously undermined their trustworthiness, for me at least.

What's the expression; 'So much depends on reputation. Guard it with your life'. Mozilla seem to be just throwing it away.

jopsen
1 replies
2d

Who would rather trust?

Apple, Microsoft, Google?

Realistically, these are the organizations that can afford to develop a high performance browser engine.

All the chrome and firefox forks probably don't have the devs or infrastructure to fork blink/gecko and keep up with security and features.

It's easy to be excited about Ladybird -- and maybe it will work, MAYBE.

It's fair to argue that we've let the web evolve into such an advanced platform that building a secure high performance browser is a HUGE moat.

People are so fast to criticize Mozilla. Maybe, this isn't all bad.

jacknews
0 replies
1d23h

whataboutism?

Sure I trust Mozilla more than Google/Microsoft.

But less so, now.

brunoqc
2 replies
2d1h

Anyone knows how to disable this on Android?

hoppyhoppy2
1 replies
2d

menu > Settings > Data Collection

brunoqc
0 replies
2d

It doesn't seem to mention the new "privacy-aware" tracking.

I got studies, something about "adjust" and some telemetry thing.

Also they were already all off so it must not be one of them, I think.

idle76
1 replies
2d

Wierd, I just updated to v128 (been offline a couple of days) on android, and the Settings -> Data Collection -> Marketing wad already off. I already had the usage and studied off, so maybe that's why

CTOSian
0 replies
2d

I am on 128.0 on android and no such option on settings, but that 'dom.privacy...' flag was 'true'

deng
1 replies
2d1h

As usual when people criticize Mozilla, this thread is way over the top.

I agree it's not good that this is on by default. But saying that Chrome is better because it at least asks is disingenuous. Chrome simply presents you with the "Enhanced Ad Privacy" window and a button "Got it" or "Settings". That's clearly a dark pattern and technically not "asking" at all. The Topics API which you enable by clicking "Got it" is, at least from what I read, clearly worse than what Mozilla has implemented. Calling "differential privacy" a fake is simply untrue. It is not easy to implement, but if done properly, it's absolutely not fake.

I agree though that Mozilla has, as usual, dropped the ball here in how they have introduced this technology. They are obviously desperate, and they know if they would ask, probably the vast majority of people would not agree. Also as usual, they will probably roll back this setting once the outcry is large enough, and they have once again lost trust and gained absolutely nothing. It's also clear that with the tiny market share Firefox has nowadays, thinking they could introduce a new ad technology is simply hubris.

zihotki
0 replies
1d23h

They are not desperate, they are transforming into ads company which started after they bought adtech company

tooltower
0 replies
1d18h

I have been donating a few hundred dollars to Mozilla every year (or at least most years) for the last 7 years. It's not much, but I might stop that donation now.

t0bia_s
0 replies
1d11h

Better to use more privacy friendly LibreWolf, fork of Firefox.

stiltzkin
0 replies
1d22h

"or switching to a more privacy-conscious browser such as Google Chrome."

You got me there. Switch to Librewolf

pentagrama
0 replies
1d21h

I checked and is true that is enabled by default. The "Learn more" link on the setting lands here:

PPA is enabled in Firefox starting in version 128. A small number of sites are going to test this and provide feedback to inform our standardization plans, and help us understand if this is likely to gain traction. PPA can be disabled in Firefox settings.

https://support.mozilla.org/es/kb/privacy-preserving-attribu...

nullc
0 replies
2d

Do I understand the feature correctly? Your browser tracks your activity and submits it, non-anonymously to a mozilla operated server where it is vulnerable to lawful or lawless interception or compromise by hackers, and from there they sell anonymized (hopefully) data to advertisers?

mystrik
0 replies
1d9h

For what it's worth, there already have been bugs filed and quickly closed in the Mozilla bug tracker on this. I just created a new bug to make my stance on this behavior clear.

https://bugzilla.mozilla.org/show_bug.cgi?id=1907763

lern_too_spel
0 replies
2d1h

This is similar to the PPA/PCM that Safari added in 2021.

illiac786
0 replies
7h48m

No one seem to have outlined this point of view, so here it is:

This feature is supposed to replaced the current tracking methods for advertising purposes – and is better (or less worse) from a privacy point of view. It is currently on by default to ensure there is enough testers. If the test is not successful, the plan is to remove this feature again.

There is a long term benefit for everyone if this is adopted.

Let’s not forget how Google is clawing onto third party cookies, etc., and put Firefox’s position in relation to this.

It does leave a lot of critic points open though: * enabling it by default is really putting a negative light on it. I understand that if it’s disabled by default, no one will allow it and the test will fail due to lack of data points, there is simply no good solution here I can think of. * will advertising companies really renounce the other tracking methods if this method proves useful for them or will it become just one more tool on their belt?

As usual, the worse part if all of this really is Mozilla’s communication, they could have done much better. How could they imagine for a second it wouldn’t become a shitstorm, I wonder…

freitasm
0 replies
1d19h

I am running Firefox 128 (Windows) and don't see this option. Is this a Linux thing only?

dhx
0 replies
1d23h

It is important to be aware that >64 bit supercookies ("impressions") are now being stored outside of the cookies subsystem in their own PrivateAttribution.sqlite database.[1]

The implications are numerous:

1. There is no user interface or settings yet available to change the whitelist of Google-enrolled (Google being the only enrollment option today as far as I have discovered) ad-tech domains that are allowed to set the supercookies or use these supercookies to track users between sites.[2] By contrast, users can currently configure cookie settings such that they are only allowed for certain user-whitelisted sites.

2. There is no user interface yet to view and delete the supercookies, as one can currently do with normal cookies.[3]

3. Supercookies are shared across all Firefox containers breaking existing expectations of container isolation.[4]

4. Supercookies were shared across private browsing and non-private-browsing sessions until v120.b5, then Private Attribution was disabled in private browsing sessions (for now, and pending decisions on whether supercookies should persist across private browsing sessions).[5]

5. The setting privacy.firstparty.isolate is not honoured by Firefox's Private Attribution feature.[6]

6. Users are at greater security and privacy risk due to implementation of an extremely complicated and obfuscated draft standard that is full of technobabble bullshit which deliberately avoids real security and privacy impacts.[7] For example, the specification hand waves away the significance of a 64-bit supercookie as somehow being difficult to use to track users between sites. Reality is that only 33 bits is needed to uniquely identify every human alive today, and 37 bits for every human who has ever lived. The specification's section on privacy and security impacts does not address, for example, a website including an ad that proceeds to fingerprint John's browser as an 18 bit identifier as demonstrated at [8], then combine it with other identifiers such as the netblock/ASN of John's home internet connection. Later when John is in a completely different Firefox container connected to his employer's WiFi network browsing another site, the browser fingerprint or other tracking data within the 64-bit supercookie can trivially be used to associate John with his employer.

This Firefox partial implementation of "Private Attribution API" is just a small part of the full set of "Privacy Sandbox" anti-features Google is busy adding to Chrome, including, and of much greater concern:

1. "Private Attribution API" event-level reporting. Currently Firefox appear to have just implemented aggregate-level reporting, so the supercookie values aren't shared outside of the browser. The full specification from Google also allows event-level reporting where the supercookie values (which are set by an ad-tech company such as Google when the user visits site A) are later re-shared with the ad-tech company when the user visits a completely different site B.

2. "Protected Audience API". Execute within the browser auction bidding JavaScript bots from multiple advertisers where the bot can peek at private user data in order to bid on the impression, and then the winning bot will display the ad and report back the winning impression.

3. "Topics API". Summarise browser history in order to tell ad companies what categories of websites the user has been visiting. For example, John is interested in boats, fishing, car racing, beer and travel. Jane is interested in rock climbing, exercising in gyms, yoga, Italian cuisine and furniture.

[1] https://searchfox.org/mozilla-central/source/dom/privateattr...

[2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/At...

[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1901106

[4] https://bugzilla.mozilla.org/show_bug.cgi?id=1901103

[5] https://bugzilla.mozilla.org/show_bug.cgi?id=1901792

[6] https://searchfox.org/mozilla-central/source/dom/privateattr...

[7] https://wicg.github.io/attribution-reporting-api/

[8] https://coveryourtracks.eff.org/

Animats
0 replies
2d1h

It's new. That misfeature was checked for me, even though I had "strict privacy protection" set, the level that comes with a warning that it might break some websites. And even though I had "Do not track" checked. On two different computers.

This version of Firefox, 128.0, was auto-installed by Ubuntu update.

Has someone filed a bug report on Firefox yet?

93po
0 replies
2d

Still waiting for a browser that doesn't send a million things to fingerprint me with. Random websites don't need to know the battery level of my device. It shouldn't even be able to know my window size or resolution. It's beyond me that we should provide any information to send back other than our IP address and the resource we want to access. Anything more than that should be allowed on a case-by-case basis, but 99% of websites don't need more.

1oooqooq
0 replies
1d23h

fun thing is, only google/bing/meta/amz/anyone who sell ads in large scale/etc can profit from this.

the best Mozilla can hope to gain is to get some scraps from google.

disgusting.

btw this wasn't discussed in any of the public Mozilla forums we monitor.