Thursday, July 18, 2024

Safari Private Click Measurement and Firefox Privacy-Preserving Attribution

John Wilander (2021):

A new, on-by-default feature called Private Click Measurement, or PCM, for privacy-preserving measurement of ad clicks across websites and from iOS apps to websites in iOS and iPadOS 14.5 betas.

This didn’t attract a lot of attention at the time, but now it’s getting some criticism for being opt-out and somewhat hidden in the settings. Apple words it as Allow privacy-preserving measurement of ad effectiveness, which is a bit confusing because it’s actually more private if you uncheck this. The French and Dutch localizations are apparently even more confusing because without the Allow part it sounds like you are missing out on privacy features if you don’t check it.

Actually, as far as I can tell, the benefit to checking the box is that it sends more information to advertisers and that this improves the economics of content creation while reducing the incentives for more intrusive tracking. If all browsers and sites are good citizens and support this, aggregate privacy should improve, even though at the micro level you are at best revealing more information in a way that doesn’t actually affect you.

Now it’s big news because Firefox added a similar option.

Lokjo (Hacker News):

Firefox is just another US-corporate product with an ‘open source’ sticker on it.

Their version 128 update has auto checked a new little privacy breach setting.

Jonah Aragon (Hacker News):

Less than a month after acquiring the AdTech company Anonym, Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This “Privacy-Preserving Attribution” (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.

Moritz Förster (Hacker News):

What may sound good on paper does not go down well with many users for several reasons: Firstly, Firefox automatically delivers the Privacy-Preserving Attribution (PPA) with the update to the new version, despite the “experimental” label. More serious, however, is the fact that Mozilla also activates the feature directly - users must therefore deactivate the PPA manually by opting out.

Bobby Holley, Firefox CTO (Hacker News):

Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.

Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away. A mechanism for advertisers to accomplish their goals in a way that did not entail gathering a bunch of personal data would be a profound improvement to the Internet we have today, and so we’ve invested a significant amount of technical effort into trying to figure it out.

The devil is in the details, and not everything that claims to be privacy-preserving actually is. We’ve published extensive analyses of how certain other proposals in this vein come up short. But rather than just taking shots, we’re also trying to design a system that actually meets the bar. We’ve been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark.

ozjimbob:

I think the issue I see is; this may well be a better way. But advertisers aren’t going to quit the arms race either, quit what they currently do and switch to this. They will use this but also continue the bloated, privacy-invading malware ads. So now we have two problems, not one.

See also: Thom Holwerda.

Previously:

Update (2024-07-19): Andrew Moore (via Brad Dougherty):

As someone who really values personal privacy, and despises advertising and tracking, I will be keeping PPA enabled in my browsers as it reduces the incentive from AdTech companies to track in an invasive way. It also simplifies my blocking of telemetry as I only have the DAP service endpoints to block.

[…]

Arguably, the biggest failure of Privacy Preserving Attribution (PPA) is Mozilla’s failure to clearly communicate and explain this experiment to its users. Changes that affect user privacy, positively or negatively, should be prominently displayed in the “What’s New” page. This page, containing release notes and that opens automatically when an update is installed, is the perfect opportunity to inform users about features that may impact them. While it is listed in the current release notes, it isn’t prominently displayed.

1 Comment RSS · Twitter · Mastodon


Reading the discourse it's pretty clear that I knew about this already, so beware dangers of presumed knowledge I guess. Before PCM was a checkbox in Preferences it was actually a feature flag, and it turns out that I'm quite adept at digging through these when I upgrade. But yeah it should have been opt-in, I'm sureā€”it just wouldn't have worked, thanks to advertisers being boss or something. PCM is actually interesting technology, I've no doubt it actually does work as designed, but group preferences are still preferences, anonymous data often isn't, collection is still an invasion. Also, and I'm sure this is a pretty minor issue in the grand scheme of things, but still: I fucking hate ads. At some point we've got to solve the micropayments problem. I get that publishers feel pressured, I really do, but it's unhealthy and Apple is doing itself no favours by disingenuously misrepresenting things as privacy-respecting when they're a net loss for privacy. Especially if they then go off and spam the nation's eyeballs about how very private they are. Such a shame I don't get to see any of it.

Leave a Comment