this post was submitted on 16 Jul 2024
238 points (78.7% liked)

Linux

48044 readers
764 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
238
Firefox enables user tracking (mstdn.social)
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/[email protected]
115 comments fedilink hide all child comments
 

... I mean, WTF. Mozilla, you had one job ...

Edit:

Just to add a few remarks from the discussions below:

  1. As long as Firefox is sponsored by 'we are not a monopoly' Google, they can provide good things for users. Once advertisement becomes a real revenue stream for Mozilla, the Enshittification will start.
  2. For me it is crossing the line when your browser is spying on you and if 'we' accept it, Mozilla will walk down this path.
  3. This will only be an additional data point for companies spying on you, it will replace none of the existing methodologies. Learn about fingerprinting for example
  4. Mozilla needs to make money/find a business model, agreed. Selling you out to advertisement companies cannot be it.
  5. This is a very transparent attempt of Mozilla to be the man in the middle selling ads, despite the story they tell. At that point I can just use Chrome, Edge or Safari, at least Google has expertise and the money to protect my data and sadly Chrome is the most compatible browser (no fault of Mozilla/Firefox of course).
  6. Mozilla massively acts against the interests of their little remaining user base, which is another dumb move made by a leadership team earning millions while kicking out developers and makes me wonder what will be next.
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 114 points 3 months ago (1 children)

The way it works is supposed to anonymously allow the measuring of advertising performance. Which ads do well with which kinds of users. Instead of tracking each individual user this tracks context, meaning what site the ad was seen on etc. Thereby providing a way to know what kinds of ads work with what kinds of users without profiling every individual in the world.

That is what it's supposed to do. Data still goes to an allegedly "trusted third party" (let's encrypt, apparently) which then does this anonymization.

The idea is a lot less egregious, but it's still only a good idea assuming you agree ads would be a good and ethical way to make the internet go round, if only they weren't profiling everyone. I don't.

[–] [email protected] 26 points 3 months ago (1 children)

Yeah the title of the post makes it sound much worse than what it seems to be in practice? Maybe I'm just naive

[–] [email protected] 12 points 3 months ago

I think this a problem with applications with a privacy focused user basis. It becomes very black and white where any type of information being sent somewhere is bad. I respect that some people have that opinion and more power to them, but being pragmatic about this is important. I personally disabled this flag, and I recognize how this is edging into a risky area, but I also recognize that the Mozilla CTO is somewhat correct and if we have the option between a browser that blocks everything and one that is privacy-preserving (where users can still opt for the former), businesses are more likely to adopt the privacy-preserving standards and that benefits the vast majority of users.

Privacy is a scale. I'm all onboard with Firefox, I block tons of trackers and ads, I'm even somebody who uses NoScript and suffers the ramifications to due to ideology reasons, but I also enable telemetry in Firefox because I trust that usage metrics will benefit the product.

[–] [email protected] 83 points 3 months ago* (last edited 3 months ago) (2 children)

This is after they bought an ad company last month, Mozilla is compromised now

Edit: Somebody pointed out the reason: Mozilla Foundation has no members. It's just the executives, no one in the actual community has any input in Mozilla's direction, and considering how wildly out of touch tech executives are this explains it all

[–] [email protected] 69 points 3 months ago (7 children)

A bunch of Firefox devs need to leave Mozilla, fork it and start up an actual non-profit not based around monetization. I would happily donate monthly if I knew it were going to Firefox development, instead of the dozen other things Mozilla spends its money on. I'm sure I'm not alone.

[–] [email protected] 32 points 3 months ago (1 children)

Google's "just so we can claim there's competition in the marketplace" payment to Mozilla to stay the default search engine is what funds most of Firefox, even without the executive pay and unrelated nonprofit work. Building and maintaining a browser engine is not cheap, I don't think mere individual donations are going to help here.

Without the reputation and contacts of Mozilla, those devs also wouldn't have much of a say in the social side of browser development, like web standards and certificate authority programs.

I'd love a first party Firefox fork that's not limited by Mozilla's desperate attempts to stay afloat when Google decides not to keep them around anymore, but I don't think a few developers are going to be enough to get it done. The current situation, "Firefox but with very minor tweaks", is probably the best we can expect for now.

[–] [email protected] 9 points 3 months ago (1 children)

EU should donate to firefox for a free world without enshitification. I mean give the money and force no ad tracking.

load more comments (1 replies)
[–] [email protected] 16 points 3 months ago (1 children)

Proton did something similar.

This poll shows promise: https://mastodon.neat.computer/@jonah/112654592627487236

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago)

I think I would pay for a proton browser as well, if it isn’t just chromium. 5$ a month seems reasonable, but I am more the pay 250$ for lifetime type 😄

[–] [email protected] 14 points 3 months ago* (last edited 3 months ago)

You’re definitely not alone. If this happens and it becomes some major news in the community with reasonable visibility, I’m sure many people would support this.

[–] [email protected] 12 points 3 months ago* (last edited 3 months ago) (5 children)

All of these claims clash with the reality of so many core open source projects, used by private users and massive corporations alike, that rely on single voluntary developers or super small groups which receive no flowers and no donations.

load more comments (5 replies)
load more comments (3 replies)
load more comments (1 replies)
[–] [email protected] 39 points 3 months ago (5 children)

This is misinformation. The setting in question is not a "privacy breach setting," it's to use a new API which, for sites that use it, sends advertisers anonymized data about related ad clicks instead of the much more privacy-breaching tracking data that they normally collect. This is only a good thing for users, which is why the setting is automatically checked.

[–] [email protected] 49 points 3 months ago* (last edited 3 months ago) (3 children)

It's illegal in Europe to have an opt-out checked by default, must be an opt-in unchecked by default. This is one of the reason that Microsoft has always troubles in Europe about privacy and opt-out services.

[–] [email protected] 47 points 3 months ago

That only applies to personally-identifiable information.

[–] [email protected] 32 points 3 months ago* (last edited 3 months ago) (1 children)

In the EU*

Sorry to be pedantic, but the UK, Swiss etc. are all in Europe but not in the legislative region where this law applies.

This even gets some people confused thinking those countries “aren't in Europe”, which is why I wanted to correct this.

[–] [email protected] 6 points 3 months ago* (last edited 3 months ago)

For what it's worth, the UK still has the GDPR-derived law, though the decisions by the EU courts may no longer affect execution of it. Plenty of non-EU European countries, though.

[–] [email protected] 25 points 3 months ago (2 children)

If it is truly anonymized then it isn't protected under GDPR.

load more comments (2 replies)
[–] [email protected] 45 points 3 months ago (16 children)

This does not prevent regular ad tracking, this provides additional data to advertisers. It also means Mozilla is now tracking me, and then Mozilla does this "anonymizing" on their servers. I do not trust Mozilla with this data, and I don't trust that no way can be found de-anonymize or combine this data with other data ad networks already collect.

This is not in my interest at all. This data should not be collected. The ad networks can suck it, why should I help them?

https://blog.privacyguides.org/2024/07/14/mozilla-disappoints-us-yet-again-2/

[–] [email protected] 7 points 3 months ago* (last edited 3 months ago) (1 children)

Advertisers can already easily get this data without this setting, and any measures you take to block ads also by definition affect this setting.

Meanwhile, if this works and becomes widely available, regulators will be able to take measures against user surveillance without having to succumb to the ad industry's argument that they won't know whether their ads work.

And yes, this provides data to advertisers, but it's data about their ads, not about users.

[–] [email protected] 13 points 3 months ago (1 children)

Ah yes, the hypothetical second step, in which tracking is going to be outlawed (I'm not holding my breath), except, of course, for the third party services that do the aggregating, which will "sell" (literal quote) the aggregate data, so I guess these are by semantic sophistry not adtech companies but something else.

I'm so glad this genius "plan" can be used to justify Mozilla funneling data to adtech firms right now, because in some hypothetical future timeline this somehow can be construed with a bunch of hand-waving and misdirection to be in my interest.

How about instead we have a browser that only cares about the users, and not give a fuck about adtech? Its number one goal should be to treat adtech as hostile, and fight to ruin that whole industry.

[–] [email protected] 8 points 3 months ago* (last edited 3 months ago) (2 children)

for the third party services that do the aggregating, which will "sell" (literal quote) the aggregate data

You're saying you're literally quoting the ISRG as planning to sell the data? Because that goes directly against what I've read about this, which I believe says that they wouldn't even be able to because they can't see the data.

load more comments (2 replies)
load more comments (15 replies)
[–] [email protected] 31 points 3 months ago* (last edited 3 months ago) (3 children)

... first of all, providing a new API to give out information about me is not a good thing in my mind.

Second, this would be the first time in human history, the advertisers would not simply add that APIs information to everything else they aggregate including fingerprinting of your browser.

So, serious question: How is this good for me?

Edit: typo

[–] [email protected] 10 points 3 months ago (5 children)

So, serious question: How is this good for me?

It's the same principle as what Brave is based around: advertising isn't going to go away, ever, but if we can set up a profitable advertising model that doesn't require stalking people online, we can at least make advertising better.

I disagree with their current methods, but I also don't know of a better alternative. Brave's weird crypto stuff sure isn't the answer, and neither is this, but if nobody figures out an alternative (that we can , advertising is only going to get more data hungry. The best alternative we have right now is Google's FLoC and just about everyone hates that too.

[–] [email protected] 7 points 3 months ago* (last edited 3 months ago)

I get the sentiment, but no. No way. No way in hell I'm allowing advertisers to get a bit of data or a penny out of me in any way, shape, or form. Not the way they've been treating us for the last decade. They can eat dung for all I care. Total war.

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago) (5 children)

advertising isn’t going to go away

That is certainly true for the moment, but IMHO that is not really an argument in this case:

  1. Advertisement can simply show me me some advertisement w/o spying on me. (Effectiveness of targeted advertisement is AFAIK highly controversial anyway.)
  2. My operating system does not have to spy on me and my browser certainly not.
  3. Mozillas BS arguments are just the 'story told', obviously they want to make money via advertisement and be the man-in-the-middle. I assume it is their legal right to do so and they can pursue the business model they like, but I do not have to like it.
  4. Again, advertisers will simply use this as an additional source of information about users for real time bidding, and not wind down other methods of information gathering, so this is only bad for me w/o any upsides.
  5. Mozilla is showing it is willing to sell it's user data out this way (and silently do so), what are the next steps, what will happen with the next updates?

... and I happily have donated and will donate/pay money to/for websites and software I like/use and will happily accept business models dying which depend on selling my data out.

One of the main points of using Open Source operating systems and software is, that I have the freedom to use my own hardware the way I like w/o being up-sold or harassed by advertisement.

load more comments (5 replies)
load more comments (3 replies)
load more comments (2 replies)
[–] [email protected] 16 points 3 months ago (4 children)

The data is still collected, it's just being collected by Mozilla now. For this system to work, Mozilla will need to filter out bots and click farms at the very least. If they don't, they may as well not collect this stuff at all. Without bot analysis, a cheap botnet can easily take out a competitors entire marketing budget by simply sending fake ad impressions.

I don't see why I should trust Mozilla to collect all of this data to be honest. I trust them more than most advertisers, but they did acquire an advertising company, so who's to say they're not going to data mine this stuff and turn into the thing they promised to defeat? It happened to Adblock Plus and Ghostery, it can happen to Mozilla too.

The CEO's explanation ("it's too complicated to explain so we just silently enabled it") sucks. Firefox has tons of data collection stuff where they just show a little top bar with a quick description and a button to go to the settings, they could've done the same here. The way they approached it feels like an attempt to smuggle it into non-techie Firefox installs in my opinion. Not being able to explain the benefits of this new form of data collection to the end user is no reason to make the feature opt out. Every update, Firefox opens a new tab to collect telemetry on browser update stats (and to inform me about "great new features"), if they can push a full screen explainer about "we added some coloured themes" they can also push an explainer about the ad tracking feature they just added.

load more comments (4 replies)
[–] [email protected] 14 points 3 months ago (1 children)

Are you trying to tell me that the host server is showing the ad, because last I checked, with my whitelist firewall, I never see ads because all ads are links to the ad server you are actually visiting. It is no different than opening up the webpage and connection to them. They get all the same fingerprinting info.

I'm not saying one way or another here, but there is no such thing as anonymous data collection. It only takes 2-3 unique identifiers to connect a person between a known and anonymous data set and there are almost always quite a few more unique identifiers than this in any given dataset. When I hear anyone say stalkerware is anonymous, I assume they are no longer just a privateer of a foreign drug cartel level state, instead they are full blown slave trader pirates fit for the gallows or worse.

load more comments (1 replies)
[–] [email protected] 35 points 3 months ago (2 children)

People should just use LibreWolf at this point

[–] [email protected] 14 points 3 months ago (3 children)

Be careful what you wish for. Firefox needs income and without audience for Firefox, Firefox is no more and then LibreWolf is no more.

load more comments (3 replies)
[–] [email protected] 13 points 3 months ago (1 children)

I wish they had a mobile app!

[–] [email protected] 20 points 3 months ago

I've enjoyed Mull as an Android alternative https://gitlab.com/divested-mobile/mull-fenix

[–] [email protected] 27 points 3 months ago

A Word About Private Attribution in Firefox, by the Firefox CTO.

[–] [email protected] 19 points 3 months ago

Safari too: https://clearcode.cc/blog/privacy-preserving-ad-click-attribution-explained/

This was a webkit proposal from 2019: https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/

And it has been a W3C draft since 2021: https://privacycg.github.io/private-click-measurement/

[–] [email protected] 18 points 3 months ago (1 children)

The original mastodon post was with more details, and some drama, but the guy is trying to spam this link everywhere he can. so desperate for attention. lol

[–] [email protected] 14 points 3 months ago

I think it’s a valid news to spread here.

[–] [email protected] 17 points 3 months ago (2 children)

Just switched to LibreWolf/Mull + KeePassXC/KeePass2Android

load more comments (2 replies)
[–] [email protected] 16 points 3 months ago (4 children)

Ok idealist.

What is your alternative funding stream for Mozilla?

It's bad.

Is it worse than the advertising owned browser that gives your information directly to said advertiser?

[–] [email protected] 5 points 3 months ago (3 children)

How does KDE do it with Konqueror?

[–] [email protected] 6 points 3 months ago (1 children)

They don't. They rely entirely on donations (and sponsorship donations). It also mean, they have less resources to maintain and develop their software, ESPECIALLY Conqueror since it's not as much well-maintained compared to other parts of the KDE software suite. Plus, Firefox do maintain their own web-engine, while KDE just use the WebKit one, so even more reasons that Firefox can't substain with the resources KDE currently has.

load more comments (1 replies)
load more comments (2 replies)
load more comments (3 replies)
[–] [email protected] 15 points 3 months ago* (last edited 3 months ago)

So you didn't care reading up what PPA is, eh?

But yeah I agree with the toot, we need more browsers heck even more browser engines to not end with just one engine controlled by fucking Google.

[–] [email protected] 9 points 3 months ago (6 children)

"Firefox is just another US-corporate product with an 'open source' sticker on it."

unlike EU-corporate products

load more comments (6 replies)
[–] [email protected] 7 points 3 months ago (4 children)

anyone who cares about privacy is running ublock and/or umatrix anyway so it's negated.

load more comments (4 replies)
load more comments
view more: next ›