76 replies
1d7h
The scare quotes here are uncalled for: it is privacy-preserving. The approach allows measurement without disclosing who, specifically, did what with the ad.
The best objection to these proposals isn't privacy, it's that a browser vendor is lifting a finger for advertisers. I guess the fundamental question there is if we prefer to outright shut down online advertising, or give it the tools it needs to be less bad. Opinions differ, but all major browser vendors are in the latter category.
It is strictly less privacy-preserving than not implementing this "feature" that has zero benefit to the user running the browser. At the very least it pings yet another third party, most likely it effectively leaks much more.
That is a very very generous assumption of the browser makers' goals. Particularily when one of them IS an online advertising company and another one is almost exclusively funded by said advertising company. They do not deserve the benefit of the doubt.
Web needs to make money. Giving tools to advertisers while making sure user privacy is preserved is better than free reign of tracking we have before, no?
I myself do not like ads or tracking, but we need to be realistic and there needs a way to make web sustainable.
How to do that and making sure that monopolies like Google are in check is a valid concern though, but in these conversations is the only point I hear. Ironically Google does not even need these apis because it already has so much data on users, it is primarily for smaller companies.
I don’t think this is true. No one “needs” to make money. Museums don’t need to make money. OSS doesn’t need to make money.
The web has value without making money.
But even if it does make money, it doesn’t need to maximize profits at the expense of user privacy and joy.
How do OSS devs support themselves without money?
The Stardew Valley gambit - quit programming and take up subsistence farming.
Good luck. Farming is a hard business if you want to make money. And you'll need money for electricity, fuel, medicine, etc.
The same way you can make model trains and not make money.
I have an employer who pays me to do thing X. And they don’t care that I also work on thing Y a little bit.
I think there’s lots of software written by people who have jobs and code because it’s fun.
For example, Linus Torvalds made Subsurface [0] as open source. He had a job while he made this. He didn’t get paid for it directly, but it’s not like paying him extra would make it better.
[0] https://subsurface-divelog.org/
Usually they are supported by donations, therefore they don't need to sell their user's data or their software.
Museums do get money from somewhere.
Where do you get them for web?
Same place as museums. Benefactors.
Check out Wikipedia for an example of a huge site that doesn’t make money and just runs on donations.
I run my crappy blog and a bunch of other sites for “free” because I just pay the fees.
Maximising profits and being sustainable are 2 different things. Museums do not need to make money because they are funded externally. It is like saying artists do not need to make money. You seem to go to the very extremes.
I'm certainly in favor of free software projects making enough money to be sustainable.
It could be zero in some conditions, but in the other cases, I'm also against ads. Fortunately, there are other ways of making money, without compromising the "open source" / "free software" part:
- consulting (including prioritizing new features and fixes)
- support
- providing an actual paid service
- selling free software extensions (and yes, that means someone can recompile the extension and distribute it gratis - that's what happening with OSMAnd+ on F-Droid, but they are still doing fine)
Absolutely, but as long as adverting is allowed to finance the whole bloody thing we're not going to improve anything. Advertising should be limited as to not influence content and that's currently not what's happing. As it stand, outside of "the small web" ads are the main attraction and any content that may be provided to us is done so to enable advertising, or at least not upset advertisers.
I want privacy pushed so far that the majority of the web is going to have to find financing outside of advertising, be it micro-payments, donation, subscriptions or benefactors. People should pay directly for software, service, like social media, news, email and possibly even search. If we as a side-effect uses these things less I see that as an absolute benefit.
I agree somewhat, but what about poorer regions of the world like parts of Africa or Asia, what is the solution for them? Most of the people there would not or could not pay for every website to use. It would be unfortunate if the web is inaccessible for most people.
Locally produced, given the cheaper labour cost they should also be able to compete in the EU or US by offering a cheaper product, due to cheaper production cost. At least in some areas.
I don't think the current state of the web is doing poor regions any favours by granting the free access to western products, compared to encouraging or even forcing them to build their own infrastructure or products.
Donating Europe's discarded clothing to Africa killed pretty much all of Africa's textile industry. Free access to the online services from the west (or China) is just as much of an obstacle to growing their own technology and media companies.
Edit: Free access to general knowledge, open source software and learning material is clearly a bonus, but it also takes little away from local industry and can help kick start companies.
General knowledge, FOSS, and learning material are also generally freely given without expectation of or often even asking for compensation. The most valuable "content" on the web is generally not monetized[0].
They wouldn't be losing a lot if they lost out on TikTok and Instagram. It would be no great loss if affiliate link blog spam went away.
[0] e.g. https://axler.net/ has multiple free books on advanced mathematics written by a well-regarded author. This kind of thing (and/or lecture notes, syllabi, and homework) is not at all abnormal to find on professors' home pages if you want a free education.
Commercial use of the internet was banned until 1991, it worked perfectly fine until then.
When I think back before big monetization, the web was better.
An example, look at TikTok or YouTube. 99.999% garbage, essentially clickbait farms, with zero valuable content.
Influencers? A plague. Political click bait videos? Harmful to democracy. Nutty flat earth, perpetual motion, conspiracy videos? Same.
The rest of the web is the same. Affiliate links are vile, evil things. And endless pages copy pasted to steal hits.
Monetization has destroyed the internet.
I'd much prefer people setting up their own small webpages, their hobbies, etc, with no monetization incentives.
No, it doesn't. I have no issue with it making money, but that was neither the original purpose of the web nor is it an end goal for everyone using it.
This statement is unconnected to the first. The way people just link "web", "money" and "advertising" without even stopping to think that there might be alternatives is exactly why everything online is in such a sad state of affairs.
Agreed but it shouldn't be the problem that a browser should solve. The browser is a user client. It really doesn't make sense for browsers to try and enforce or help a certain business model. It's great if the web and web browsers help businesses make money, but it should be a side effect, not a goal for user clients.
I'm old enough to remember a day when the "social media" that I used was a set of phpBB forums paid for by one or more of the members because they wanted to host the community. Nothing on the modern ad-supported web comes close to the dynamic of friendship and camaraderie of those community-supported forums—if anything the new platforms are a great place to ruin real-life friendships rather than create new ones.
So, no, I don't think the web needs to be made "sustainable" in the sense you seem to mean. Things were better when people sacrificed a bit to keep their communities alive.
The second one also recently purchased an online advertising company, Anonym [0], placing them directly in the advertising game. They might have done so initially because they felt they needed this feature, but now their finances are tied up with the success of this platform in addition to Google's continued payouts.
[0] https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-t...
The worst part isn't mentioned here. I'm fine with making any tools available to the users. But enabling by default is a very different discussion.
This is not the kind of tool/setting that justifies having it auto-enabled, it's not "we auto-enabled MFA to protect your most critical data". Enabling it was not done for my benefit and it wasn't even made obvious in any way, I had to find out from internet discussions. It's my daily driver on all platforms and have nightly, beta, and stable channel installations. None gave me a hint of this extra enabled setting.
If I'm going to use a browser where shady settings are pushed on me it might as well be one which 99.999% of the internet is built for rather than the one where (too many times) I have to fiddle to get things working. I'll take the fiddling or the lack of control but certainly not both. Mozilla is walking on really thin ice.
My problem with this is that ideally, software I deign to run on my computer acts with only my interests in mind. The overarching goal of these changes is not to preserve my privacy, but rather to help advertising companies to learn something about how I interact with their ads. I don't care that Mozilla's particular implementation is not as bad for my privacy as it could be, I only care that their motivation has switched from acting in my interests to acting in the interests of advertising agencies.
Fine. Then pay for the tools you use rather than force them to get money from another source.
The toolmakers work to earn a living.
Firefox is open source. I do pay for it as a tool.
Toolmakers also work out of desire to practice their craft. Many projects are written, not to “earn a living.”
True but Firefox is mainly written by people who want to earn a living.
Much FOSS is actually written by people who are being paid to do it,
How do you fund the producers of Firefox and the infrastructure needed to get it built and released. Currently the only way is that the sellers of the adverts you read give money to fund Firefox.
Now if you paid for Firefox then they don't need to get money from advertisers.
Similarly to get ad free webpages you need to pay the authors.
Perhaps they should consider accepting money from their users then?
Wikipedia doesn't fund itself by spying on you and selling the data. They ask for money.
Yes although given current user behaviour and expectations I doubt they would make enough money to continue.
If even a Microsoft Executive is saying that anything on the web can be freely copied then what does a normal user think.
They're a charitable nonprofit, and the Mozilla license is one of the more permissive ones; they're fine with you freely sharing their work.
They currently already get 7M/year in donations for no purpose. I imagine they'd get a lot more if that money would fund Firefox, and how many core/paid developers do they really need if they have people that know that they're doing?
Mozilla also doesn't have to operate out of one of the most expensive cities in the world. And no, they don't have to be there to attract competent developers either.
According to Wikipedia[1], most of Mozilla is funded by Google, for setting them as the default search engine, rather than by more conventional advertisers.
On a more personal note, I'd prefer if that money went towards improving their FOSS offering instead of giving the now-former CEO a $7M bonus[2], acquiring advertising businesses [3][4], and littering Firefox with these anti-features.
[1]: https://en.wikipedia.org/wiki/Mozilla_Corporation#Google
[2]: https://en.wikipedia.org/wiki/Mitchell_Baker
[3]: https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-t...
[4]: https://www.mozilla.org/en-US/firefox/pocket/
Yeah I think the biggest problem is that Mozilla was made a corporation, and as such has corporative aspirations and mindset. It would have been much better if it had remained just a foundation.
As I understand it, it is impossible for me to fund specifically Firefox development. I can donate to the Mozilla Foundation, which means a portion will go to, for example, "$30M to build Mozilla.ai", which I emphatically do not want to fund.
Given the firehose of money from Google, how much contributor money from people like me would be needed before Mozilla changes their mind? From my viewpoint, they've built their foundation to expect that firehose, and they don't think user funding is enough - they really want that juicy advertising money instead.
Of the $220M spent in software development in 2023, how much specifically went to Firefox development, vs. the other projects they have?
How much did they pay for Anonym, and how much to integrate Anonym into their systems?
If 5% of my funding goes to 'the producers of Firefox and the infrastructure needed to get it built and released' and 95% goes to crap that make things worse for me, then I'm better off funding something like the Tor browser or variants like the Mullvad browser, where my funding is more directed toward improving my personal privacy.
I'll let them figure out what things to disable so I don't have to watch the release notes with a keen eye every time I update.
It's not just impossible for you to specifically fund Firefox. From what I understand, Mozilla Foundation money does not go to Mozilla Corporation/Firefox at all. You cannot donate to it at all, and your donations only go to those things you don't want to fund.
Of course Mozilla employees deserve to be paid. Are you really saying the only way to ensure this happens is for them to sell the software or sell ads? (I write GPL-licensed software for a living and manage somehow to get paid. I also write some for free because I find it fun.) Further, Mozilla positions itself as a member of the free software community and as acting in the interests of its users.
Not, originally. Wasn’t Brandon Eich like 17 or something when he rewrote Firefox?
And lots of people put out ad-free web content for free. It’s not that it doesn’t exist, just check out all the blogs and whatnot from HN profiles. Very few people with ads or even making money off their pages.
Ads are one way to get content. Not the only way.
Nobody is forcing them to do anything, they literally will not take my money.
Point me to the Firefox donation box or subscription (not the Mozilla donations, which don't fund Firefox, or a subscription to an unrelated service that has overhead of its own) and I'll start a monthly payment today.
(Before you spend too long looking: there isn't one. Mozilla doesn't want me to pay for Firefox, they want to get their funding other ways.)
Only IF it is correctly implemented. And only if you trust all relevant parties involved in this feature.
And honestly, whenever I see that something has been anonymized I assume it isn't. Mostly because the industry has a terrible track record, secondly because the incentives are almost always misaligned to begin with.
I'd trust mozilla more than most, but not enough to give them free rein and opt in things for me. I don't (yet) know enough specifics on this matter to make an informed decision, but if it weren't for hn I'd have missed this.
I doubt firefox would ask the user after install (again, incentives).
I should go through all options for every update (not just for firefox). But I can't, I don't have enough time. I need to be able to put some trust into the software I use, and things like this erode that trust.
More than Google or Microsoft does not say much. And - judging by how hard it is to fully disable telemetry and call-home on, say, Mozilla Thunderbird:
https://superuser.com/q/1672309/122798
I wouldn't trust them very much.
(Yes, I know it's a different project and not the same team but Mozilla is still the parent entity etc. etc.)
Gahh! I'm planning a move from macOS to some Linux-based OS once this laptop dies. I've had 20+ years of using Mail.app and thought that Thunderbird would be the appropriate replacement.
But that link, and the comments at https://connect.mozilla.org/t5/ideas/thunderbird-should-by-d... ('Given that significant parts of Thunderbirds user interface (addons manager details, welcome page, whats new on updates etc) are essentially served as web pages into Thunderbird, perhaps your expectations are becoming unreasonable.') tell me that Thunderbird does not respect my desire to minimize my info leakage to the outside world.
The "served as web pages" is a bit misleading. It just means that the UI layout engine takes HTML or XML, not that information is passed through a web server.
Sure, but the link concerned all telemetry, of which accessing a web page, even just to show what's news, is one.
The overall attitude included comments like 'I would like to see significantly more anonymous telemetry not less', while I want no network connections in my mail reader except that which I specifically initiate.
These are people so acculturated to data collection that they don't understand that some others don't want it.
There are organizational incentives to this approach - at Mozilla / Thunderbird, with which I have a bone to pick; but also elsewhere.
A couple of years back I was involved in an argument about doing something a bit similar in LibreOffice:
https://design.blog.documentfoundation.org/2022/11/01/commun...
Note the back-and-forth in the comments.
Isn't it the same old tools used by other ad companies, like differential privacy?
A major difference is that the data is stored in your browser, and aggregated anonymously by Mozilla (also using differential privacy). Using the techniques you refer to, the ad platforms both store the data and then aggregate it, possibly promising to add differential privacy. The advantages I see are: (1) you can verify which data is collected by the browser and when/how it is sent to Mozilla, because this code is open source and running on your machine; (2) you maybe trust Mozilla more than an ad company.
According to their blog post, Let's Encrypt will run the aggregator service - which is even better.
That’s bad because it could make it difficult to block.
Better for whom? Even more of normal internet operations flowing through ISRG is concerning itself. Let's Encrypt alone already gives them more power than any private organization should have.
I was under the impression that click data is stored in your browser under Webkit's Private Click Measurement. Am I misunderstanding?
For example, here's a 2021 blog post describing the protocol
https://webkit.org/blog/11529/introducing-private-click-meas...
It is net negative though.
It is more privacy-preserving to just not implement this in the first place.
It is baffling why Firefox ships with this on by default. Even Chrome prompted users with a (misleading) dialog box to turn it on or off.
Not really. The reason is that Mozilla wants to make money by selling your data/preferences. Probably so that the incompetent CEO can get even more obscene "compensation". They just bought a spyware adtech company.
Do they get money from selling this?
90% of Mozilla’s revenue, ca. $500,000,000 comes advertising partnerships (almost exclusively Google)
https://untested.sonnet.io/Defaults+Matter%2C+Don't+Assume+C...
My point is: it’s not just lifting a finger for advertisers. It’s deception. Defaults matter.
And only a fraction of that money is used for Firefox development. Remember that you can't donate to Firefox (like you can for Thunderbird).
Yes, please. Both online and offline. Advertising is probably the most useless, annoying and wasteful industry out there.
We could have pull-only databases of businesses, products and services instead. Ideally, with independently verified, fact-checked information and authentic reviews. Realistically though, this kind of objectivity would probably be infeasible to enforce and maintain. But even if we allow for misinformation, paid rankings and whatnot, the point stands: any such database should follow a pull-only model, users access it voluntarily to search for products and services and it's not an unsolicited broadcast to everyone everywhere all the time.
Ideally governments would provide an index of registered businesses with some basic filtering (e.g. location or category of services provided) with a name, address, phone number, and url. Present in random order to be fair.
My state seems to have a search tool, but no list. It also only has name/address (so presumably it's more for serving legal papers or whatever).
If I want to find a plumber, I should be able to ask my government for a list of the licensed plumbers in my area.
Do you work for an ad company by any chance?
No.
It's that an ads vendor is lifting a finger for ads. Mozilla is an ads vendor now - https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-t...
"Privacy-enhancing/preserving", mhh, it's rather "Mozilla launches new tools to help advertisers stay compliant with latest regulations".
It's not to protect privacy, because to protect privacy there is already a solution: it's to block the ad hosts and not talk to them at all (anti-fingerprinting techniques don't work).
This would be my preferred outcome no doubt. And after widespread adoption of content blockers like uBlock Origin, the next step should be mass adoption of webpage mirrors (like archive.is and Wayback Machine do now, but more comprehensive), and stop giving impressions to read-only websites.
In this sense, paywalls are a blessing in disguise: I don't ever visit wsj for example and thus any articles from it must be read from archive.is. But reading from mirrors should be more widespread, even for websites not behind a paywall.
If browsers want to improve the situation regarding ads, besides bundling and automatically enabling content blockers, they should also provide integrations to mirrors like archive.is to go further than that and not even risk a page access to ad-infested sites.
However there are more than two options. If society reach a compromise to ban targeted ads, this doesn't shut down advertising completely but sets it back to TV-era levels of analytics. This discussion should have happened after Cambridge Analytica.
I thought Chrome were in the business of making sure ads stay bad.
The best objection is that I want my software to work for me, not for someone else. Simple.
You mean online tracking, not advertising.
Advertising without tracking has existed for as long as commerce has existed. The elimination of tracking is not a threat to advertising. Historically, tracking is a very recent "innovation", an unwelcome one IMO.
Doesn't this break most modern methodologies. Can I do next best action without knowing who did what?
This is it. We're polluting the web browser with even more bullshit so that companies can squeeze a few pennies out when someone visits a page.
It was bad enough when pages are loaded with tracking cookies and JavaScript but at least you can block those. Now we get browser functionality on by default cooperating with advertising networks. Insane.
Incredible that this is the #1 post on HN. The slightest amount of basic research what this functionality does is absent, combined with the obviously ignored knowledge WHY firefox still has any users at all.
Glad the whole thread was apparently flagged to death though. I'd guess 90% of firefox users already turned that off and are actively looking for the next best alternative.
I remember when Browsers were User-Agents and worked for the sole benefit of the user. These days they are Advertisement-Agents. And especially for Firefox to survive Mozilla should go down the road of being a user agent and a user agent only. What other use is there for firefox? It's not faster, it's soon not going to be more private and it is less secure than chromium based browsers.
The scare quotes are useful, because the real story is that Firefox is enabling ad measurement by default. It’s an opt-out system being forced on users. They also claim it’s “privacy preserving,” but that’s a qualifier that deserves scrutiny, especially in an opt-out system. If it was really privacy preserving, why isn’t it opt-in?
Those are normal quotes, not "scare quotes".
Internet advertising worked fine before user tracking, it was just based on the contents of the webpage.
Before that it existed in newspapers and magazines for over a decade, without advertisers insisting the publisher spy on each of their readers.
the big deal is it should have been opt in.
We've been giving advertisers new tools for 20 years. Over that time advertisements have only gotten worse. The less bad state is a myth. There's no economic incentive to be less bad.
"The approach allows measurement without disclosing who, specifically, did what with the ad."
If this is "privacy", then it appears so-called "(ad) tech" companies are attempting to redefine the term.
Question for readers: Is knowing the identity of a person a prerequisite for that person to lose (some) privacy.
Consider the dictionary definition:
Webster's: "The state of being in retirement from the company or observation of others; seclusion."
Wordnet, from the Cognitive Science Laboratory at Princeton: "the quality of being secluded from the presence or view of others [syn: {privacy}, {privateness}, {seclusion}]"
Example:
A person in a building in a large city on a busy pedestrian street draws the curtains or blinds in a window facing the street to prevent passers by from seeing in. The passers by do not know the identity of the person(s) inside.
The scare quotes around "privacy-preserving" are justified. The act of allowing measurement destroys some privacy. It is less private to let people on the street see into the building.
Allowing measurement destroys privacy. How can marketers make it easier to swallow. Using a term like "privacy-preserving" is obviously deceptive, it is sleight of hand to conceal the frog boiling. This is not Mary Poppins. You are not being given a spoon full of sugar to help the medicine go down in a delightful way. It's poison in small doses. Eventually, the frog will die.
The "frog" is the concept of your privacy. The notion of "privacy" for so-called "tech" companies is not being targeted. Even when courts ask them to share what they are doing, they evade such discovery claiming it would put them at a competitive disadvantage: they might ultimately lose money. Whereas if opening yourself up to 24/7 observation causes you to lose some advantage and ultimately to lose money, then your loss is their gain.
There are certain risky activities in life that some folks choose not to engage in. These activities can be made "safer" and even "safe enough" that many will choose to do them despite the risk. But it does not remove all the risk. There are endless examples. Skydiving, bungy jumping and so on all the way down to relatively mundane stuff. But in almost every case, there is an incentive to participate. There is a "reward" for taking the risk.
The incentives for Mozilla, "ad tech" and all those who support this nonsense "business model" based on surveillance is easily discernable. Finding an incentive for anyone using a web browser to want to participate in this "measurement" requires mental gymnastics.
And so it must be opt-out. No one would knowingly subject themselves to such needless observation.