Oh. Bigger story here appears to be that the proposal is publicly editable and has already been vandalized. I'm not going to link to it, but I will say that I'm not thrilled that Mozilla is handling proposals using these formats/hosting choices.
So much of this feels weird to me.
I don't understand how I'm supposed to take Mozilla partnering with Facebook, I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard or that it would ever do anything other than try to weaken the standard.
I can't read up on the IPA standard because the link is currently being vandalized, so I can't really comment on that, but this is dangerous ground to tread and also I vaguely feel like as a user I might want to not have ads attributed across devices.
Before anybody jumps in and yells about how Mozilla is worse than Google, let me point out that Firefox is still objectively the best browser to use for privacy right now. But crud this announcement is weird and vaguely tone-deaf and doesn't make me feel good, and I think at the very least it should have been worded less as a celebration, or at least should have spent more time going into why I shouldn't feel uncomfortable about the whole thing.
It's potentially a longer conversation, but the article also doesn't really make a strong case for why I should be rooting for a privacy-respecting system for advertisers in the first place.
> I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard or that it would ever do anything other than try to weaken the standard.
I don’t think that’s why you want FB/Meta here. But you want to make sure this is useful enough for the ad companies so this actually becomes a solution. If you build a super private solution no advertising company wants/can use, then you’re just wasting time.
Assuming the competition is standard built by Google within itself, this makes sense.
(Meta employee, don’t work on ads, opinions my own)
> If you build a super private solution no advertising company wants/can use, then you’re just waiting time.
Which is why regulation is needed. Otherwise, any solution needs to be more attractive to the advertisers than the people they stalk (i.e. everybody else).
Is it me or these days major tech non profits feels marginally less of an advocate of privacy related matters compared EU as a whole? TBH I think GNU failed to make any sort of progress in terms of privacy because their ideology was always on the extremist side. And all the rest of the NGO's kept compromising to meet demands of big tech. Then you have the EU, who will just slap fines without compromising at all.
Moreover lobbying runs US govt. Tech non profits are financed largely by megacorps so they won't necessarily bite the hand that feed them.
We can just outlaw certain types of tracking, your employer does not need to be given a seat at the table, nor does it deserve one.
Meta will happily use any data they can access about people, and this will just be an additional data point that augments the extensive behavioral profiles they have on most internet users.
This is yet another attempt to not accept no for an answer when it comes to data collection, because not getting any data on users who refused data collection is unfathomable to them.
> But you want to make sure this is useful enough for the ad companies so this actually becomes a solution.
I guess the question though is: is Facebook going to stop delivering ads if the solution isn't good enough? Why is it important that Facebook like the system?
Facebook was very upset about Apple's privacy changes, it didn't get rid of ads on iOS. It's been very upset about a lot of things. What throws me in these conversations is that I'm not sure why the solution has to be one that Facebook is happy with. What Facebook would be happy with is as much data as they're allowed to have. And also, Facebook doesn't really have veto powers over what anyone else does, so it's not like we need to find a middle ground with the company.
Part of the problem of building a solution that's good enough that advertisers won't want more is that it's difficult to believe that solution exists. Facebook is pretty clear that the constraints on what they'll collect is defined in their internal/public privacy policies, and within that constraint they will collect as much data as the platform offers.
I'm not aware of any instances of a platform offering an ad attribution system that was privacy preserving, and having Facebook (or other companies) decide not to do any fingerprinting or insert any tracking links into pages, or use any cookies on that platform. I also find it really hard to believe that if Mozilla cracks down on fingerprinting and doesn't provide an alternative that Facebook is happy with, that Facebook will stop selling ads.
My Bayesian prior is that anything that upsets FB is almost certainly a good thing, and vice versa.
Indeed, the more upset they are the more likely it is that a solution really works.
Exactly. Remember Facebook taking out a spread in a newspaper saying Apple would kill small businesses because they couldn't advertise?
And that solution by Apple seemed to actually work in many respects.
I'm really fed up with Mozilla. I've always used and believed in them but this just feels so odd.
Yea, there seems to be an unwarranted assumption that Facebook is somehow a necessary part of the ecosystem. They aren't. The internet will continue without them and doesn't need them.
Expecting advertisers to stop advertising on the Internet is like expecting all the billboards on the highway to blow down.
Better to work on things like size limits and board-per-mile maximums with the billboard manufacturers.
The billboards are all virtual. If your interface doesn't render them they don't exist, and without colluding with advertiser's the size and rate of ads to a system that blocks ads is a meaningless number because they are never rendered.
The real question is why is my supposedly privacy preserving interface colluding with this advertiser at all? I do not want them involved in my interface and it seems contrary to Mozilla's userbase's interests.
Google at least went to the trouble of building a new browser and taking over the market. Facebook hasn't done anything to be involved except have money to pay off a seemingly corrupt mozzila
I don't expect advertisers to stop putting up billboards and I don't expect them to blow down. I live in a part of the world where billboards are banned. Likewise, all advertisements are banned from my network and any devices I manage.
We are under no obligation to negotiate. Destroying the whole industry is on the table.
Yes but Firefox is NOT in any position to do that. The only ones are Apple via iOS Google through Chrome, and the Government and none do these entities have any incentive to do so. As such this is the most plausible way forward.
I'm not certain if Apple and Google acting bilaterally could actually kill advertising dead - I think, even with the enormous power they have, that we'd still need the government to come in as a rule setter to accomplish it. I think there's too much money on the table for both parties to stay honest in the long run for purely altruistic reasons.
> Expecting advertisers to stop advertising on the Internet is like expecting all the billboards on the highway to blow down.
This is a worthy goal, and has been achieved in some jurisdictions. No wind required.
Hawaii, Vermont, Maine, Alaska.
> Expecting advertisers to stop advertising on the Internet is like expecting all the billboards on the highway to blow down.
That's not the expectation at all, in fact quite the opposite.
Giving concessions to advertisers doesn't make anything change. Anti-fingerprinting is the way you stop advertisers from fingerprinting. Nothing else short of legislation will work, and even legislation doesn't always work in every scenario.
Expecting advertisers to behave just because you gave them a more private attribution system is like expecting ants to stop going onto your countertops just because you put a cupcake on the floor.
The question is, given that Facebook will always take as much data as they are able to technically extract from the browser, and given that you're correct and advertisers are not going to stop advertising on the Internet regardless of what restrictions are put up -- why is it important to make them happy or to give the company concessions? Building a system that Facebook is happy with won't make its behavior change, so why do we care if they like the things we build?
Anti-fingerprinting will never be bulletproof. Legislation definitely needs to be part of the solution.
More generally, though, I have to ask: do we want an ever-escalating arms race or a negotiated peace?
> do we want an ever-escalating arms race or a negotiated peace?
I have yet to see an evidence that a negotiated peace is possible, and I have seen a lot of evidence that suggests to me that it is impossible.
I personally would rather see hard anti-fingerprinting features in browsers, potentially combined with legislation to fill in the gaps. I have seen a lot of evidence from platforms like iOS, and from web standards like deprecating cookies, that advertisers are only willing to come to the table after they've already lost, and that they only come to the table to weaken existing standards.
I have a lot of criticism of Apple, but I look at some of the changes in iOS that were made in regards to Facebook, and it's hard for me not to conclude that the best ways to tangibly improve privacy on platforms like Facebook are to just move forward without its permission. I look at adblockers the same way, there were no conversations about acceptable ads until advertisers thought it was possible that adblockers might become widespread.
It's not clear to me what a negotiated peace would entail or how to get there, but it is very clear to me how to improve anti-fingerprinting measures and how to pass legislation. Yes, that means that we're in an arms race, but if we understand that advertisers are always going to advocate for more tracking, it follows that a theoretical negotiated peace would also need to be constantly renegotiated over and over again.
Short of burning the industry to the ground and not having ads online, which I think is a separate conversation, I don't believe there is a stable solution to advertising and privacy. Whether it's legislation or technology or industry standards, they will always need to be defended and reinforced and renegotiated. There will always be advertisers arguing that they should be more lax. And I think that's part of why the idea of an arms race isn't that scary to me, because to me all of it is an arms race, including negotiated acceptable ad standards.
> More generally, though, I have to ask: do we want an ever-escalating arms race or a negotiated peace?
That's not a choice that's being offered. There is no reason to expect advertising platforms like Google or Facebook to ever be happy with "enough tracking". If they can get more information, they will want more, regardless of any "negotiations". This has been shown pretty clearly with the DoNotTrack header (now itself a tracking element), and the GDPR cookie policies.
So the only solution is war on tracking.
> Legislation definitely needs to be part of the solution.
Yup, that's about where I'm at. Standard Oil wasn't broken up because a lot of people made extremely rational arguments about how much monopolies hurt long term economic health to Rockefeller and he just changed his mind. It was broken up because the government stepped in.
Advertising is costing America an intense amount of productivity and we're going to need regulations and constraints to help restrict it (vermont has greatly benefited from said billboard restrictions)
> Advertising is costing America an intense amount of productivity
How so?
It is devaluing our services causing them to be less competitive and decreasing worker productivity by lowering the enjoyment of leisure activities leading to higher stress and increasing tool friction. If you want numbers - I don't have them... but the effects on our mental health are pretty clear.
One thing to consider is that, in arms race-terms, the consumer wins.
See DRM/piracy, see Tor, see Linux, etc. For a sufficiently-determined consumer, there's always a way.
The only things running against that grain are the odd bills like the EARN IT act, which seldom pass due to public uproar.
Funny enough, that cupcake trick works for bees (old Boy Scout trick: if you're having bee trouble, put some juice in a can and set it away from the campsite. Bees will gravitate towards the easier target).
But on the topic: at least in the US, if we're talking a legal solution, there won't be one that doesn't factor in the needs of Fortune 500 companies. And attempts to build solutions not factoring them in in Europe got us, well, the GDPR and infinite consent dialogs.
Better to bring parties to the table than try to hash a solution that pretends they don't have interests here.
GDPR works rather well, if given enough teeth. At the very least, nobody in the EU and the UK is quite so reckless with personal data as they used to be, which is the point. The infinite consent dialogs... I'd argue they were an oversight during the drafting process, and that nobody expected companies to go full-idiot just to keep processing and collecting data, rather than just comply with the law in the simplest possible way - which is to just stop collecting guest visitor data.
> nobody expected companies to go full-idiot just to keep processing and collecting data, rather than just comply with the law in the simplest possible way
But there was over a decade of frameworks built on the old "collect everything and use it later" model. By default, even Apache collects enough information to be considered a GDPR violation.
Throwing a dialog up and putting one cookie on the end-user's machine was the simplest possible way; the alternative was a mass audit of all dependencies.
(... and if anyone drafting the law didn't realize this, it would strongly indicate they didn't pull enough industry people into the process to draft a good law).
Advertisers, like all entities, are as free to do what they like as we allow them to be. They don't have to be a part of the conversation, we don't have to care about advertisers.
Cutting them out makes it more likely that the resulting law won't actually work IMO.
Nobody understands the ad industry better than advertisers. Incentivize them to compromise and we're more likely to get something that actually works than incentivizing them to get creative in finding legal loopholes.
That sounds like Stockholm Syndrome to me. Here is a better alternative. Make a law, enforce it. We don't ask murderers for input on murder laws.
Advertisers aren't murderers. Not hardly.
In fact, I'd go so far as to say the comparison suggests an extremist position that should have no business dictating the law on the topic (still a position worth hearing while seeking compromise, of course).
They aren't murderers, but they sure are bullies [0], time wasters, attention thieves and they try to manipulate you into changing your mind about your choices.
Maybe the ideal is that it's none of those things, that advertising in theory should be about matching consumers with the product they'd like best - but the fact is that in the age of the Internet, it's been nothing but unwelcome manipulation, and everyone puts up with it because it's the only funding model that's "free" at the point of use.
It's about time for them to lose some power.
[0]: https://www.goodreads.com/quotes/461383-people-are-taking-th...
I don't want to "understand" the ad industry, I want them gone - at least from my life.
What's your view on how this proposal compares to Apple's PCM? Why is Apple building a similar way for 3rd parties to reliably track users if this is overall harmful for users?
> What Facebook would be happy with is as much data as they're allowed to have.
Indeed. However, platform owners like Apple and Google are currently in a privileged position, where they make rules for others to follow but are free to collect any and all data they want.
> While we believe that Apple’s move to eliminate IDFA was done in the spirit of advancing consumer privacy, it may ultimately provide Apple with an advertising platform that is competitively advantaged vs. peers who don’t have access to Apple’s richer APIs
> Why is Apple building a similar way for 3rd parties to reliably track users if this is overall harmful for users?
The rest of your comment suggested they want to track users.
> What's your view on how this proposal compares to Apple's PCM? Why is Apple building a similar way for 3rd parties to reliably track users if this is overall harmful for users?
It's always tricky to talk about Apple's positions on privacy. In some areas they are very good, but in some areas they are very good at appearing to be very good. I think that Apple itself wants to be able to do some level of attribution on the web. I think that Apple is under a lot more stress from regulators than Mozilla is. Obviously Apple has an inherent interest in making it look like that's not the case and that they're just solely on the side of privacy.
I also think your concern about Apple/Google privileging their own platforms is completely accurate. However, I don't think that the solution to that is to make privacy worse in other areas, I would rather see Apple/Google hold themselves to the same standards that they hold other companies.
In short, I'm not angry at Apple for the changes it's making because they hurt Facebook, I'm angry at Apple for either ignoring those changes itself or making sure that those changes don't apply to parts of iOS and the web that are important to Apple. This has come up a couple of times with iOS; it's good that 3rd-party apps have more restrictions on tracking, I wish the built-in apps were the same.
I assume they would be happy if this became a standard that Apple buys into, but the real competition is Google's proposal. And if that doesn't work out, the status quo continuing with tracking via third-party cookies.
> If you build a super private solution no advertising company wants/can use, then you’re just wasting time.
Not really. I don't want any advertising company to use any information about me under any circumstances. Working towards that goal is not wasting my time.
Your point of view is diplomatic, but it rests on the assumption that you actually need cooperation from adtech in order to make a solution.
As Apple has proven, this is simply not true: you just need the entities that control the browser / OS.
This implies that it’s not “collaboration with adtech” that you want, but rather “collaboration with the biggest browser vendors”. Unfortunately the biggest browser is in hands of Google.
Thus Google has a huge influence in this. But any other adtech company (including FB/meta) has no meaningful contribution.
>(Meta employee, don’t work on ads, opinions my own)
FB = ads. It is their business imperative. Even if you are a campus janitor, you are "working on ads."
> Bigger story here
It's not a bigger story.
THE story - in fact, the REVELATION - here is that Mozilla thinks it's OK to cooperate with Facebook on PRIVACY work. You can't make this shit up. Not even on hard drugs.
As other commenters have pointed out, it makes sense to work with one of the two largest advertising firms when figuring out how to support their advertising needs, while maintaining user privacy.
If Facebook doesn't use this method, the work towards private attribution that Mozilla is doing doesn't matter.
Furthermore, Mozilla is requesting feedback from everyone, not just Facebook, which helps keep Facebook (and Mozilla) honest in this process.
What alternative would you propose?
> What alternative would you propose?
How about not working with the fox on the least invasive way to eat my fellow hens?
Google's FLoC was proposed openly as this one is. Everyone and their grandma was up in arms about it. Why give Mozilla a free pass? What is so special about this proposal?
> As other commenters have pointed out, it makes sense to work with one of the two largest advertising firms when figuring out how to support their advertising needs, while maintaining user privacy.
How about not figuring out how to support advertising needs? They can just stick to figuring out privacy.
> What alternative would you propose?
They could focus on user needs. Having an ad-blocker by default would be a good start. Figuring out how to remove advertisers and the incentive to advertise (and thus SEO spam etc.) from the internet is a goal I would support.
I think at the very least championing that partnership is pretty tone-deaf.
The only people who are excited to see Mozilla partner with Facebook are advertisers. I disagree that Mozilla needs Facebook's particular input on this, but ignoring that, even if we say that they do, I'm still somewhat at a loss why they would expect normal readers to be excited about seeing Facebook's name pop up in an article title or why they would think that's something worth bragging about.
It reads like an article written for advertisers, with some fluff (maybe the standard is good, but they're not really going into detail) that basically amounts to "also don't worry, this isn't that bad for you."
I mentioned this further up above, but regardless of whether you like targeted advertising or not, this article still doesn't really make the case why I as a user should be excited about the idea that attribution should work across devices. I don't understand how any of this is good for me as a user outside of the broad idea of "ads pay for things, so you should care if advertisers are happy."
> I don't understand how any of this is good for me as a user outside of the broad idea of "ads pay for things, so you should care if advertisers are happy."
If it works, the improvement for users is that it provides similar monetization for sites (which benefits users in the broad way you described) but without advertisers tracking individuals across sites.
> What alternative would you propose?
Stop worrying about what companies want and focus on your users. Advertisers are not Firefox users. Firefox users want to block ads, not have sanctioned tracking.
> If Facebook doesn't use this method, the work towards private attribution that Mozilla is doing doesn't matter.
That work already doesn't matter before it begins. There is no solution Facebook will support that actually preserves user privacy, because their core business model is based on broad surveillance.
Any resulting standard will be user hostile and/or useless to advertisers.
This makes the endeavor obviously a waste of resources on Mozilla's part (unless, of course, they plan on selling out their own users to advertisers, in which case it's a great first step).
Acting as if online advertising doesn't exist, or at least doesn't need to be targeted and attributed, would be a good alternative.
They've taken Google's money before. Why not siphon off Meta before the company crashes and gets liquidated. /s
Am glad Mozilla's true commercialization intentions are coming full circle. They recently introduced Firefox suggest[0]. Maybe they can finally retire the privacy-first corporate-goobly talk they have been parading for quite some time and join the adtech space as a fresh objectively neutral player.
[0] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-su...
> I don't understand how I'm supposed to take Mozilla partnering with Facebook, I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard or that it would ever do anything other than try to weaken the standard.
You should take it the exact same way as when:
- Mozilla put proprietary, closed-source DRM (widevine) into their product
- Mozilla put nonconsensual (opt-out) telemetry (aka spyware) into their product
- Mozilla put Google backend services into their product
- Mozilla put advertising/paid placement into their product
The "Mozilla is about privacy and open standards" meme is a false one and has been for a long time. Actions speak a lot louder than words.
This is correct for the most part, but please consider that Mozilla tried to stop DRM being standardised and only has it as an opt-in extension: https://blog.mozilla.org/en/mozilla/drm-and-the-challenge-of...
Oh, come on.
I did raise a stink over closed-source DRM, I raised a stink not just over Firefox adding it, I raised a stink over the entire web standards process. I have raised stinks about telemetry and advertising within Firefox. I've raised stinks about Pocket being purchased and not Open Sourced, and then integrated into the browser by default. I've raised stink about a lot of things.
Nevertheless, it is still objectively true that Mozilla Firefox is the best mainstream browser right now for privacy, and anyone who argues otherwise is either not looking at the bigger picture or hasn't done much research into how companies do the majority of their tracking online. The privacy problems that Mozilla has had have objectively less impact on people's everyday privacy than Chromium's hobbled extension support. The ability to turn on anti-fingerprinting features uplifted from Tor is more important than whether or not Google search is enabled by default. Container-extensions are more practically impactful on everyday privacy than Pocket is.
I am literally complaining about and criticizing Mozilla right now, and yet the immediate reaction is to jump on the one positive thing I said and act like I'm somehow ignoring Mozilla's other issues. I'm not ignoring those issues, but the "Mozilla is corrupt and no better than Google" meme is similarly completely ridiculous. Every single other browser on the market including DeGoogled Chromium and Safari are hobbled in ways that make them worse for privacy, and overall Mozilla still as a company has a better track record on fighting for privacy and building privacy-preserving tools than Google/Microsoft/Brave -- at least it has a better track record in the ways that matter.
It is so frustrating to try and have a constructive conversation about real missteps that Mozilla is making when people view anything less than a complete condemnation of the company like that means they're being put on a pedestal. Mozilla isn't perfect, and it's clumsy and sometimes does outright bad stuff, and that is still consistent with them being one of the better corporate privacy advocates on the Internet.
> It is so frustrating to try and have a constructive conversation about real missteps that Mozilla is making when people view anything less than a complete condemnation of the company like it's holding them on a pedestal.
Check the title. It is absolutely on topic. Mozilla is doing this to themselves, each and every one of those is an unforced error. If your mission really is a free and open as well as privacy respecting web you don't invite the largest privacy violator on the planet to the table to have a say. Just like you don't invite serial killers and druglords to your panel on how to combat crime.
> If your mission really is a free and open as well as privacy respecting web you don't invite the largest privacy violator on the planet to the table to have a say.
If you're trying to insinuate that working with Google or Facebook on this issue means that Mozilla fundamentally doesn't care about privacy, that is a ridiculous, fantastical claim that requires closing your eyes to years of work from the company.
I am right here criticizing Mozilla for partnering with Facebook, they should not be doing that. It's irresponsible and harmful. Nevertheless, Firefox is objectively the most private consumer-grade browser on the market, including Brave and DeGoogled Chromium. Nevertheless, Mozilla has done more to push web privacy forward than the majority of people on this site myself included, and more to push web privacy forward than the entirety of the rest of the browser market.
Even if you are on topic, there's nothing constructive about jumping onto every Mozilla thread arguing that Mozilla is the same as Google when they're very clearly not. It's unproductive because I shouldn't even need to be wasting my time defending a company that I came here to criticize. It makes it harder to fix real problems when all of them are equated and treated as being identically severe, and when the conclusion everyone draws from every problem is "use something based on Chrome and give up on the entire effort".
A Mozilla that fundamentally cared about privacy would have made none of these decisions. I've grown increasingly cynical over the last couple of years that this is just another marketing ploy, it sounds good and keeps us in but you have to wonder whether it is really true given their decisions to date.
The 'years of work from the company' are fantastic, but should not give them a pass in the present, given that the last couple of years most of that goodwill has been burned.
Additionally, it seems like it would be practically zero up front cost for Mozilla to provide a no-telemetry, no-google, no-pocket, no-ads, no-sync, no-experiments, no-privacy-compromise alternative build as a one-click option for people who actually want a privacy-focused browser. Instead, we have to download the normal "product-manager-ized" one and turn off a bunch of intrusive stuff we never really wanted in a browser.
They don't do this, though. I speculate (without any direct knowledge of the situation) that this is because they believe that the majority of their users would opt for this build instead, and they would lose "insights" (and of course revenue).
Someone, somewhere, is prioritizing "line go up and to the right" over embodying the fundamental ethos of a privacy-focused company. If you ship private software, there is of course no line.
It is interesting though how long people will continue to assume the best, in a way it is endearing, and it worked for for instance Google for more than a decade. There are still people who believe they are acting in our best interest even today.
> but should not give them a pass in the present
I don't know how you can possibly read either my comments or the general tone of the other people responding to me as giving Mozilla a pass on this, or naively assuming the best about them.
Even with that criticism, it is still just plain silly to say that Mozilla even in its modern state is not meaningfully different from Google/Facebook/etc. You can be as cynical as you want to be, but if you can't tell the difference between Chrome/Chromium and Firefox today, then that's not cynicism, it's either a lack of realism or a lack of attention.
I've gone into a few of the tangible differences elsewhere, but even in recent years and even with recent missteps, it's still pretty obvious that Mozilla is better on privacy and user rights than Google is. And it's OK to want better than Mozilla. It's OK to want a company that takes more hard-line stances and that pushes harder on its core browser. Lots of people want that, myself included. Doesn't change anything about what I've said above though.
> it's still pretty obvious that Mozilla is better on privacy and user rights than Google is.
'better than Google', after Facebook the #2 privacy violator on the plant isn't much of a bar.
> And it's OK to want better than Mozilla. It's OK to want a company that takes more hard-line stances and that pushes harder on its core browser.
Mozilla claims to be that company, and that is why I have a problem with all these issues. Once upon a time they were the gold standard, that's no longer true today.
plant->planet
> 'better than Google', after Facebook the #2 privacy violator on the plant isn't much of a bar.
And it is the only bar to clear. Here's the list of browser makers we have right now:
- Google
- Microsoft
- Apple
- Brave
- Some people off someplace trying desperately to make Gecko secure.
- Some people off someplace trying desperately to make V8/Electron/Chromium competitive on privacy.
- Some proprietary stuff like Vivaldi that's also based on Chromium.
- Mozilla
Mozilla wins that fight. They are still the gold standard by virtue of nobody else being able to make a competitively private browser.
> Mozilla claims to be that company
Even with its faults, Mozilla is still completely accurate in claiming that they push meaningfully harder for both privacy and user agency on the web than other browser manufacturers. Now, as you say, that may be a low bar to clear. But given that no one else is even trying to clear the bar, that is still a meaningful difference between Mozilla and its competition.
----
I think the biggest issue I have with these kinds of debates is that there's never anything constructive or new being offered, it's not even pointing out a new criticism. I know about Mozilla's failings as a company, you're not illuminating anything for me on that front, I know about all of their controversies. So you've identified that Mozilla could be better, great. Now what?
There's value in pointing out problems when it actually draws attention to an issue, but everybody on this thread knows what the issues are with Mozilla. And it is still obvious that Mozilla is noticeably better on these issues than the rest of the browser market, and that Mozilla is still doing quite a lot of good in that space. You're commenting on a thread of people who are pointing out Mozilla's flaws and telling it to do better -- and you're putting those people down and calling them naive.
Well, if pointing out Mozilla's flaws and telling them to be better is a waste of time, what would you propose instead? Moving over to Chrome? Pretending that indie Gekko projects have the resources to be private or secure? Giving up on the entire thing and not using the web anymore? I mean, drop a donation link to Servo, do something other than snubbing people for caring about trying to make the web better. You have exactly one available group of allies in this fight, and your response to that is to call them naive and say they're not good enough.
You're talking to someone who likely agrees with you on the vast majority of your privacy stances, and who is actively criticizing Mozilla right now, but that's not enough unless it's paired with despair and a complete dismissal of the company? Don't you see how that's unhelpful? And it's not even accurate: Mozilla may have "fallen", but they are still overall doing more good than harm in this area and they are still producing the best browser for privacy on the market. There's a huge lack of perspective in the doom-and-gloom takes, they're just as narrow and selective as the the view that Mozilla can do nothing wrong -- it's acting like all of the recent work on ETP and supercookies just doesn't exist or something, it's as if DoS or multi-account containers were never made. The Tor Uplift project only started in 2016 and only went live in mainline Firefox in 2019, but sure, Mozilla isn't doing anything for privacy now.
It's simple: absolute vs relative. For you Mozilla is in a relative sense the best because they take the foremost stance about privacy. For me being 'privacy first' is an absolute thing: it precludes you from doing a whole raft of things that Mozilla has done. So for me they lost the title, that doesn't mean they aren't still the best.
> Every single other browser on the market including DeGoogled Chromium and Safari are hobbled in ways that make them worse for privacy
I'm curious about why you believe this about Ungoogled Chromium, as I had concluded the opposite after researching.
This is a great question, and it gets to the heart of practical privacy online.
DeGoogled Chromium does actually have less telemetry problems than Firefox, so it's really easy for DeGoogled Chromium proponents to say that it's the most private. The issue is that DeGoogled Chromium is Chromium, and Chromium is a less privacy-capable browser engine than Firefox.
That could be a longer conversation, but the short versions:
- Chromium lacks a number of privacy features that Firefox has, including some anti-fingerprinting options that can be enabled through `about:config`, and container support, which is a really big deal for isolating site data and avoiding correlating user sessions on websites like Github/Youtube/etc... with incidental visits to those sites.
- Chromium's extension API is hobbled, particularly in a couple of areas that Ublock Origin cares about. The wiki goes into more detail on this[0].
----
The mistake is in looking at the small amount of (admittedly bad) data-leakage that Firefox does have and being so worried about that information being sent to Google/Cloudflare that you pick a browser that is less good at keeping you private on every other site you visit, including visits to Google/Cloudflare pages.
Thinking practically about this stuff is just a really hard thing to learn to do, at least it is for me. Maybe other people are magically good at it. But I regularly find that it's helpful for me to sit down and think through my privacy goals more tangibly in the form of "how much data is X actually leaking, what should my priorities be based on the volume/nature?" A lot of people worry about privacy problems in the wrong order.
DeGoogled Chromium does have better defaults than Firefox in multiple areas. It's just that the privacy benefits from those changes don't outweigh a crippled Ublock Origin install.
[0]: https://github.com/uBlockOrigin/uBlock-issues/wiki/uBlock-Or...
>anti-fingerprinting options that can be enabled through `about:config`
For reference: `privacy.resistFingerprinting`
You're probably gonna be downvoted a lot, but I'm afraid you're correct. Mozilla cares about web standards (like HTML or CSS or WebExtensions) - that was their mission after all, it's wrong to say they don't. But their action repeatedly show that don't care about open standards for anything else, like their browser itself.
I'll give another example - look at their Sync system. It's a pseudo-open unholy mess of Mozilla-unique ("proprietary" as in "owned by and unique to a certain company") standards without any regard for interoperabilty and openness. I'm 99% positive it could've been a couple of standard technologies, but they reinvented everything (auth, blob storage, everything) in absolutely unnecessarily unique manner, and awfully overengineered. I've had pleasure of attempting an alternative implementation based on their specs (to self-host, had to abandon because it's all way too hostile), so I know what I'm talking about. It's under a guise of "open standards" (in a sense it happens to be partially documented) but no single engineer in their sane mind would adopt this for their own projects.
Privacy and security? Last time I've checked (admittedly, a couple years ago) it was years since they knew their Firefox Account/Sync auth has security issues and has to trust Mozilla servers to be secure (login form and cryptography suite is not built into browser, like in proper end-to-end encrypted software, but served online), and they didn't do a thing about it, entirely dismissing it as a non-issue. Could've sent that password over HTTPS and just promise to not to save it (actually my alternative now-dead Accounts/Sync implementation did just that as a shortcut). In other words, Mozilla gets a nice gag order (or gets hacked) and they can be forced to circumvent all their end-to-end encryption pull your browsing history just fine without changing a thing on your machine so no local code audit would help. That's not how privacy-conscious software is written (e.g. Signal - it might get backdoored, but it'll need an update to deliver a backdoor).
It doesn't help that there are no alternatives I'm aware of. Firefox sucks but that's - sadly - the best we have.
FWIW, you can choose to "View final document" which gets rid of all the proposed vandalism. Still really bad that the default view contains all the proposals.
Mozilla ain't what it used to be.
For what it's worth, I've been part of a Mozilla/Facebook partnership (on the Mozilla side) on data compression. Having two tech companies work together (especially when one of them is non-profit) often makes sense.
For this case? I'm sure that there is a good reason. I'm not a Mozilla anymore, so I haven't followed that story, but I imagine that the rationale is something along the lines of "These days, stuff we do in the browser don't have much impact, as web standards have been superseded by Chrome. However, whenever we manage to convince a big company such as Facebook to do even one thing better, we can improve the lives of billions of people."
PR impact might not be good, though.
> I don't understand why I'm supposed to believe that Facebook would ever have beneficial insight to add to a privacy standard
Well, the headline says "privacy preserving attribution for advertising". I'm guessing Facebook provides expertise in what kind of attribution advertisers want.
At this point, I cannot see any other explanation than the whole Mozilla Foundation C-suite being compromised and plants by Google. Assuming stupidity only goes so far. A single fuckup is incompetence, ten repeated fuckups is malice. If they wanted to sink Mozilla, they could not do any better.
Perhaps, but a simpler situation is that the C-suite is focusing on their own financials. But either way, it is clear that that Mozilla is no longer the free browser developer we need.
For anyone looking, I’m sure they’ll revert it soon: https://docs.google.com/document/d/1KpdSKD8-Rn0bWPTu4UtK54ks...
I understand why people use Google Docs, it's a very convenient platform.
But this is a technical document about browser features, I'm a little frustrated that this is being coordinated over a proprietary SaaS service instead of over Git[0] with markdown or something.
I think a lot more than that, I'm frustrated that the document is being made publicly available on that platform. When someone links to a web standard on Github, often it's because the standard is seeing active participation. For something that is being linked to a public view, I would have loved to see at least a PDF export or something.
It's not that it's completely inexcusable, I'm sure Mozilla is making use of Google Doc features, markups, contribution history, whatever. It is just disappointing to see that apparently there isn't an Open collaboration platform that Mozilla thinks is good enough for this process, even a self-hosted one.
It's not the biggest deal in the world, it just feels like a bad look to see Mozilla tout that it's built this great standard, and then click on the link and get sent to a Google Doc. I mean... this article is about privacy, if I'm currently signed into Google and I click on this link, does it mean anything that Google now knows I personally clicked on it? I know it's not the end of the world, but Mozilla literally just finished telling me how good it was at anonymizing data, and now it's leaking my reading habits to Google in an extremely targeted, de-anonymized form.
----
[0]: Yes, I know that many standards processes on the web use Github, which is also a proprietary SaaS, but at least the majority of that process (issue tracker aside) is usable just as an endpoint.
> It is just disappointing to see that apparently there isn't an Open collaboration platform that Mozilla thinks is good enough for this process, even a self-hosted one.
Mozilla has been hosting an EtherPad instance for some time now, which may have worked in place of Google Docs for this.
https://pad.mozilla.org
A large portion of Firefox development activity is hidden away in private documents on Google Docs. They are not concerned.
https://github.com/mozilla-mobile/fenix/issues/5410
> This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Sadly that's not the only thing that will be closed if Mozilla keep focusing on the wrong things.
Blegh... it's disappointing to see this on the linked blogpost, but it's a lot more disappointing to see it for wikis directly relevant to a Github repo.
Again, I know that Github is also SaaS, but there's a difference. That kind of stuff should be handled differently.
And Jira.
>But this is a technical document about browser features, I'm a little frustrated that this is being coordinated over a proprietary SaaS service instead of over Git[0] with markdown or something.
Then maybe the public SaaS services should be of a better quality so that Mozilla employees want to use them.
>I think a lot more than that, I'm frustrated that the document is being made publicly available on that platform. When someone links to a web standard on Github, often it's because the standard is seeing active participation. For something that is being linked to a public view, I would have loved to see at least a PDF export or something.
There is a PDF export for google docs which is available to all users. File > Download > PDF.
> Then maybe the public SaaS services should be of a better quality so that Mozilla employees want to use them.
Maybe a company that has been throwing money into dozens of random privacy initiatives outside of the browser market (some good and some bad) would be a good fit for solving that problem? Dogfooding software is a really good strategy for UX design after all.
> There is a PDF export for google docs which is available to all users. File > Download > PDF.
That's exactly what I mean. Someone wrote this blog post, could they have hit the PDF export button and then linked to that PDF hosted on Mozilla's servers? That would have prevented the vandalism problem they ran into.
The issue I have isn't that I can't export to PDF from Google Docs. The issue that I have is that I have to visit Google Docs and load a ton of proprietary Javascript just so I can hit a PDF export button. Google Docs has an API, Mozilla could have a script that's just auto-exporting a PDF and hosting it on a public endpoint on a regular interval.
There seems to be access control on it now, as I get "Access denied" even while logged in.
So to read a proposal about ad tracking from Facebook, we need to use Google? There's some irony there I guess.
> Before anybody jumps in and yells about how Mozilla is worse than Google, let me point out that Firefox is still objectively the best browser to use for privacy right now.
So I will be that "anybody". On what do you base your opinion about firefox privacy? Because I reading across the web have got another impression, for example, https://ieeexplore.ieee.org/abstract/document/9374407
See https://news.ycombinator.com/item?id=30306925
Short version, deficiencies in Chromium and Safari as browser engines are large enough that they outweigh most telemetry concerns. Browsers like Brave can disable some telemetry, sure, but they can't add in the larger set of features that are missing from Chromium. Browser telemetry is worth thinking about and considering, but you should be less concerned about browser telemetry than you are about Ublock Origin performance.
>Facebook would ever have beneficial insight to add to a privacy standard
I'm not saying "this is it", but here's a (IMO) reasonable line of thought why they would genuinely be working in that direction. Basically, short term pain for long term security. There is a clear preference by consumers for preserving privacy; the percentage of iOS users not allowing targeting since IDFA is proof. There is also political motivation for regulators to crack down on the wild west of online privacy in the US (FB scapegoating) and abroad (GDPR and co). If there is to be a hard turn by regulators and hardware/OS providers for privacy protection and FB does not prepare for it by preparing Audience Network to operate without granular personal data, their whole business model would be at risk and their terminal value threatened. Being prepared for a world placing privacy first protects their financial interests, likely even putting them ahead of competitors that are going in unprepared.
If voting power at FB was majority owned by Wall Street shareholders, you could argue it's unlikely they would hurt operating income for years rather than milk it even if it's protective long term. But that's not the case, Mark does have a super majority and can afford governing for the long term even if it makes analysts critical.