this post was submitted on 13 Jul 2024
294 points (96.5% liked)

Firefox

18055 readers
16 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
 

Original toot:

It has come to my attention that many of the people complaining about #Firefox's #PPA experiment don't actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it, so an explainer 🧵 is in order.

Targeted advertising sucks. It is invasive and privacy-violating, it enables populations to be manipulated by bad actors in democracy-endangering ways, and it doesn't actually sell products.

Nevertheless, commercial advertisers are addicted to the data they get from targeted advertising. They aren't going to stop using it until someone convinces them there's something else that will work better.

"Contextual advertising works better." Yes, it does! But, again, advertisers are addicted to the data, and contextual advertising provides much less data, so they don't trust it.

What PPA says is, "Suppose we give you anonymized, aggregated data about which of your ads on which sites resulted in sales or other significant commitments from users?" The data that the browser collects under PPA are sent to a third-party (in Firefox's case, the third party is the same organization that runs Let's Encrypt; does anybody think they're not trustworthy?) and aggregated and anonymized there. Noise is introduced into the data to prevent de-anonymization.

This allows advertisers to "target" which sites they put their ads on. It doesn't allow them to target individuals. In Days Of Yore, advertisers would do things like ask people to bring newspapers ads into the store or mention a certain phrase to get deals. These were for collecting conversion statistics on paper ads. Ditto for coupons. PPA is a way to do this online.

Is there a potential for abuse? Sure, which is why the data need to be aggregated and anonymized by a trusted third party. If at some point they discover they're doing insufficient aggregation or anonymization, then they can fix that all in one place. And if the work they're doing is transparent, as compared to the entirely opaque adtech industry, the entire internet can weigh in on any bugs in their algorithms.

Is this a utopia? No. Would it be better than what we have now? Indisputably. Is there a clear path right now to anything better? Not that I can see. We can keep fighting for something better while still accepting this as an improvement over what we have now.

you are viewing a single comment's thread
view the rest of the comments
[–] xor@lemmy.blahaj.zone 4 points 5 months ago (2 children)

This is just straight up wrong. Additive noise is an extremely common - fundamental, even - part of data anonymisation.

https://sdcpractice.readthedocs.io/en/latest/anon_methods.html

It's like saying "if you have to use randomisation to encrypt data, then it means the data can be decrypted. randomisation is irrelevant"

[–] possiblylinux127@lemmy.zip -3 points 5 months ago

What if we just didn't collect data

[–] 0oWow@lemmy.world -4 points 5 months ago (2 children)
[–] Feathercrown@lemmy.world 3 points 5 months ago (1 children)

You clearly are not here to engage in productive conversations. I'm blocking you and I recommend anyone else reading this to do the same.

[–] 0oWow@lemmy.world -1 points 5 months ago

I don't argue with trolls. There has been plenty of discussion as to why this is bad news.

[–] bloodfart@lemmy.ml 3 points 5 months ago

I measure noise several times a week and quantify it in an effort to locate its sources. Noise is a very effective way to hide information, and becomes more effective when the number of domains increases.

To give you an idea of how this comes into play, I use many different tools and methods of analysis to locate sources of noise in two domains, time and frequency. We’ve been formally studying noise in those two domains for like 150 years, so there’s a lot of information, equipment and techniques out there.

It’s still very hard.

The type of data used in PPA has (based on my limited understanding) at least five domains, each of which contain data with a “bit depth” that’s an order of magnitude more than the signals I usually work with.

I think noising would be an excellent method to anonymize PPA data.