Sep 25, 2024Ravie LakshmananData Protection / Online Tracking

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users’ consent.

“Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites,” noyb said. “In essence, the browser is now controlling the tracking, rather than individual websites.”

Noyb also called out Mozilla for allegedly taking a leaf out of Google’s playbook by “secretly” enabling the feature by default without informing users.

PPA, which is currently enabled in Firefox version 128 as an experimental feature, has its parallels in Google’s Privacy Sandbox project in Chrome.

The initiative, now abandoned by Google, sought to replace third-party tracking cookies with a set of APIs baked into the web browser that advertisers can talk to in order to determine users’ interests and serve targeted ads.

Put differently, the web browser acts as a middleman that stores information about the different categories that users can be slotted into based on their internet browsing patterns.

PPA, per Mozilla, is a way for sites to “understand how their ads perform without collecting data about individual people,” describing it as a “non-invasive alternative to cross-site tracking.”

It’s also similar to Apple’s Privacy Preserving Ad Click Attribution, which allows advertisers to measure the effectiveness of their ad campaigns on the web without compromising on user privacy.

The way PPA works is as follows: Websites that serve ads can ask Firefox to remember the ads in the form of an impression that includes details about the ads themselves, such as the destination website.

If a Firefox user ends up visiting the destination website and performs an action that’s deemed valuable by the business – e.g., making an online purchase by clicking on the ad, also called “conversion” – that website can prompt the browser to generate a report.

The generated report is encrypted and submitted anonymously using the Distributed Aggregation Protocol (DAP) to an “aggregation service,” after which the results are combined with other similar reports to create a summary such that it makes it impossible to learn too much about any individual.

This, in turn, is made possible by a mathematical framework called differential privacy that enables the sharing of aggregate information about users in a privacy-preserving manner by adding random noise to the results to prevent re-identification attacks.

“PPA is enabled in Firefox starting in version 128,” Mozilla notes in a support document. “A small number of sites are going to test this and provide feedback to inform our standardization plans, and help us understand if this is likely to gain traction.”

“PPA does not involve sending information about your browsing activities to anyone. Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising.”

It’s this aspect that noyb has found fault with, as it’s in violation of the European Union’s (E.U.) stringent data protection regulations by enabling PPA by default without seeking users’ permissions.

“While this may be less invasive than unlimited tracking, which is still the norm in the US, it still interferes with user rights under the E.U.’s GDPR,” the advocacy group said. “In reality, this tracking option doesn’t replace cookies either, but is simply an alternative – additional – way for websites to target advertising.”

It further noted that a Mozilla developer justified the move by claiming that users cannot make an informed decision and that “explaining a system like PPA would be a difficult task.”

“It’s a shame that an organization like Mozilla believes that users are too dumb to say yes or no,” Felix Mikolasch, data protection lawyer at noyb, said. “Users should be able to make a choice and the feature should have been turned off by default.”