Behind Firefox's Controversial New Feature: Privacy-Preserving Attribution Explained

The latest version of Mozilla Firefox, v128.0, introduced by the Mozilla Foundation, features an experimental Privacy-Preserving Attribution (PPA) functionality, which is a default-enabled ad measurement capability found in the privacy settings. This feature has sparked discussions in communities such as Hacker News (HN), primarily because it entails the collection of some user data for feedback to websites and advertisers, despite Firefox's long-standing commitment to protecting user privacy.

This development comes in the wake of the Mozilla Foundation's acquisition in June 2024 of the digital advertising company Anonym, founded in 2022 by former Meta executives. Anonym is dedicated to providing digital advertising with privacy protection. Currently, Mozilla's main revenue stream for its browser business comes from Google Search, as Firefox's default search engine is Google, which provides search ad revenue sharing to Mozilla, with other sources of browser revenue being relatively minor.

What the Ad Measurement Functionality Does:

As per the Mozilla Foundation, the ad measurement feature allows websites visited by users to ask Firefox to remember the ads displayed. Firefox then saves an "impression," which includes limited ad information and the target URL.

If the user visits the target URL and performs a significant action (or a "conversion"), the website can request Firefox to generate a report, specifying interest in a particular ad.

Firefox creates the report upon request, encrypts it, and submits it anonymously via the Distributed Aggregation Protocol (DAP) to an "aggregation service." This service combines numerous similar reports and user interests, ultimately providing websites and advertisers with periodic advertising reports.

The essence of this functionality is to facilitate the measurement of ad effectiveness for websites and ad networks, at the cost of collecting limited user information, such as which ads users viewed and clicked on various websites.

The Controversy:

The controversy stems from Firefox's decision to enable this feature by default. If it were disabled by default, it's believed that most users would not opt to enable it, rendering the feature largely ineffective.

Some users argue that this practice contradicts Firefox's own privacy goals, while others suspect Firefox may be preparing for a future of extensive advertising integration, especially after acquiring the advertising company Anonym.

Landian.news has carefully reviewed Firefox's introduction to ad measurement and related technical explanations. Currently, there's no evidence of severe privacy infringement, such as the direct collection and provision of user interest reports to advertisers. However, the collection of some user information is indeed necessary.

Additionally, the Mozilla Foundation's technical report mentions that ad networks currently collect large amounts of user privacy data to measure ad effectiveness. With Firefox capable of blocking ad networks, the Foundation aims to balance privacy and advertising. Thus, PPA technology serves as a bridge, allowing the measurement of ad effectiveness within the framework of protecting user privacy.

Mozilla's Statements on Privacy-Preserving Attribution:

Privacy-Preserving Attribution (i.e., ad measurement): https://support.mozilla.org/en-US/kb/privacy-preserving-attribution

PPA Technology Explanation: https://github.com/mozilla/explainers/tree/main/ppa-experiment