{"id":8658,"date":"2024-09-27T08:22:06","date_gmt":"2024-09-27T15:22:06","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=8658"},"modified":"2024-09-27T08:22:06","modified_gmt":"2024-09-27T15:22:06","slug":"mozilla-hit-with-privacy-complaint-in-eu-over-firefox-tracking-tech","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2024\/09\/27\/mozilla-hit-with-privacy-complaint-in-eu-over-firefox-tracking-tech\/","title":{"rendered":"Mozilla Hit with Privacy Complaint in EU Over Firefox Tracking Tech"},"content":{"rendered":"\n

I believe this is related to the setting pictured below, and it was published as an experimental feature to help advertisers while protecting privacy. And it was bad form to opt people in, but easy enough to turn off. Given Firefox has a shrinking browser share, it’s unlikely anything like this would go anywhere without their main financial beneficiary pushing it as well. Consequently, there are projects<\/a> that take the Firefox code and implement a lot of privacy patches, and as I’m growing in trust with Mullvad VPN<\/a>, they also have a privacy hardened version that might be worth a try. I also use uMatrix and uBlock Origin<\/a> extensions which gives me a lot of privacy, and with uMatrix you control what servers and elements are allowed to load which gives you a lot of protection. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

https:\/\/techcrunch.com\/2024\/09\/25\/mozilla-hit-with-privacy-complaint-in-eu-over-firefox-tracking-tech\/<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n

By Natasha Lomas<\/p>\n\n\n\n

\"Firefox
Image Credits:<\/strong> Getty Images<\/figcaption><\/figure>\n\n\n\n

Mozilla, the nonprofit that develops the Firefox web browser, has been hit with a complaint by European Union privacy rights group noyb, which accuses it of violating the bloc\u2019s General Data Protection Regulation (GDPR) by tracking Firefox users by default without their permission.<\/p>\n\n\n\n

It\u2019s unusual to see a privacy complaint targeting Mozilla, an organization which is more often associated with efforts to bolster web users\u2019 privacy rights<\/a>, such as siloing cookies to prevent cross-site tracking<\/a>. However noyb has taken issue with a new feature Mozilla recently deployed in Firefox that it argues turns the Firefox browser \u201cinto a tracking tool for websites.\u201d<\/p>\n\n\n\n

Mozilla calls the feature at issue \u201cPrivacy Preserving Attribution\u201d (PPA). But noyb argues this is misdirection. And if EU privacy regulators agree with the complaint the Firefox-maker could be slapped with orders to change tack \u2014 or even face a penalty (the GDPR allows for fines of up to 4% of global revenue).<\/p>\n\n\n\n

\u201cContrary to its reassuring name, this technology allows Firefox to track user behaviour on websites,\u201d noyb wrote in a press release<\/a>. \u201cIn essence, the browser is now controlling the tracking, rather than individual websites. While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it on by default once people installed a recent software update. This is particularly worrying because Mozilla generally has a reputation for being a privacy-friendly alternative when most other browsers are based on Google\u2019s Chromium.\u201d<\/p>\n\n\n\n

The attempt to move from cookie-based tracking of web users to browser-level tracking will be familiar to anyone who\u2019s been following Google\u2019s so-called \u201cPrivacy Sandbox\u201d proposal. It\u2019s a multi-year effort to end support for tracking cookies in Google\u2019s Chrome browser in favor of an alternative ad-targeting tech stack, based on assigning browser users to interest buckets.<\/p>\n\n\n\n

Google\u2019s effort to shift the adtech stack away from tracking cookies has been derailed and put in the slow lane via U.K. regulatory oversight<\/a> \u2014 but one tangible impact, per noyb, is it seems to have served as inspiration for Mozilla to get into browser-level tracking.<\/p>\n\n\n\n

\u201cSimilar to Google\u2019s (failed) Privacy Sandbox, this turned the browser into a tracking tool for websites,\u201d noyb wrote, adding: \u201cWhile this may be less invasive than unlimited [cookie-based] tracking, which is still the norm in the U.S., it still interferes with user rights under the EU\u2019s GDPR.\u201d<\/p>\n\n\n\n

Another component of noyb\u2019s objection is that Mozilla\u2019s move \u201cdoesn\u2019t replace cookies either\u201d \u2014 Firefox simply wouldn\u2019t have the market share and power to shift industry practices \u2014 so all it\u2019s done is produce another additional way for websites to target ads.<\/p>\n\n\n\n

Commenting in a statement, Felix Mikolasch, data protection lawyer at noyb, said: \u201cMozilla has just bought into the narrative that the advertising industry has a right to track users by turning Firefox into an ad measurement tool. While Mozilla may have had good intentions, it is very unlikely that \u2018privacy preserving attribution\u2019 will replace cookies and other tracking tools. It is just a new, additional means of tracking users.\u201d<\/p>\n\n\n\n

The noyb-backed complaint<\/a>, which has been filed with the Austrian data protection authority, accuses Mozilla of failing to inform users about the processing of their personal data and of using an opt-out \u2014 rather than an affirmative \u201copt-in\u201d \u2014 mechanism.<\/p>\n\n\n\n

The privacy rights group also wants the regulator to order the deletion of all data collected so far.<\/p>\n\n\n\n

While Firefox users are able to opt out of the tracking they must take an active step to do so by locating and enabling the relevant setting, which noyb says is tucked away in a sub-menu. \u201cIt\u2019s a shame that an organisation like Mozilla believes that users are too dumb to say yes or no,\u201d Mikolasch added. \u201cUsers should be able to make a choice and the feature should have been turned off by default.\u201d<\/p>\n\n\n\n

Reached for a response to the complaint, Mozilla sent a statement attributed to Christopher Hilton, its director of policy and corporate communications, who claimed it has, so far, only conducted a \u201climited test\u201d of a PPA prototype \u2014 with the technology restricted to Mozilla\u2019s own websites.<\/p>\n\n\n\n

The effort is aimed at improving \u201cinvasive advertising practices by providing technical alternatives,\u201d he also suggested, further claiming the feature is \u201ceasily disabled\u201d in Firefox\u2019s settings.<\/p>\n\n\n\n

\u201cPPA allows advertisers to measure overall ad effectiveness without gathering information that identifies specific individuals,\u201d he wrote. \u201cRather than collecting private information to determine when consumers have interacted with an ad, PPA is built on cryptographic techniques to enable aggregated attribution that preserves privacy. These techniques prevent any party, including Mozilla, from identifying individuals or their browsing activity.\u201d<\/p>\n\n\n\n

Hilton added that Mozilla welcomes opportunities to engage with stakeholders, its own community of users and regulators as it builds out the technology.<\/p>\n\n\n\n

In further remarks, the company admitted its communications around the effort have been poor. \u201c<\/em>There\u2019s no question we should have done more to engage outside voices in our efforts to improve advertising online, and we\u2019re going to fix that going forward,\u201d it told us. \u201cWhile the initial code for PPA was included in Firefox 128, it has not been activated and no end-user data has been recorded or sent. The current iteration of PPA is designed to be a limited test only on the Mozilla Developer Network website. We continue to believe PPA is an important step toward improving privacy on the internet and look forward to working with noyb and others to clear up confusion about our approach.\u201d<\/em><\/p>\n\n\n\n

In a blog post<\/a> published in late August, setting out its rational for PPA, Mozilla wrote that it\u2019s concerned about moves in certain jurisdictions to block anti-tracking features in browsers, adding that addressing a mix of \u201ctechnical and regulatory threats to user privacy\u201d were motivating its development of the technology.<\/p>\n\n\n\n

One complicating strand for Mozilla\u2019s narrative, which goes unmentioned in the post, is that Google itself remains its main source of revenue<\/a>, thanks to a long-standing search deal that sees Google pay the Firefox maker<\/a> to have its eponymous search engine set as the rival browser\u2019s default.<\/p>\n","protected":false},"excerpt":{"rendered":"

I believe this is related to the setting pictured below, and it was published as an experimental feature to help advertisers while protecting privacy. And it was bad form to opt people in, but easy enough to turn off. Given Firefox has a shrinking browser share, it’s unlikely anything like this would go anywhere without […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-8658","post","type-post","status-publish","format-standard","hentry","category-tech","category-world"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/8658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=8658"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/8658\/revisions"}],"predecessor-version":[{"id":8662,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/8658\/revisions\/8662"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=8658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=8658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=8658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}