"We didn't make it opt-in because it would be too difficult to explain to users." Just another example of these platforms sneaking shit under the hood and hoping users don't notice. Let me guess,...
"We didn't make it opt-in because it would be too difficult to explain to users."
Just another example of these platforms sneaking shit under the hood and hoping users don't notice. Let me guess, the patch notes to the browser update for these users simply said "Bug fixes and improvements."
That said, the article doesn't do a good job explaining how PPA works or what it does, just that I should be outraged. Quick google search didn't give me much info either.
Sounds like its tracking metrics handled locally by the browser, and only functions for first-party websites? Does anyone else know more or have a resource where I can learn more?
Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.
That said, the article doesn't do a good job explaining how PPA works or what it does, just that I should be outraged. Quick google search didn't give me much info either.
I'm fine with advertising companies and datamongers dying. Businesses like Meta and Google are a leech on the web, shaping standards to benefit their revenue. That being said, I am curious if...
I'm fine with advertising companies and datamongers dying. Businesses like Meta and Google are a leech on the web, shaping standards to benefit their revenue. That being said, I am curious if anyone else benefits from an API like this.
Mozilla says the indirect end-user benefits from attribution are "likely significant" because "The value that an advertiser gains from attribution is enormous. [...] Advertising-supported content and services can be more equitable than alternative funding models."
I understand this experiment seeks to determine if privacy-preserving ad attribution can be more equitable than subscriptions or donations, but my gut tells me it's just to raise the bottom line for Meta, Google, etc. The experiment assumes advertising should be saved but plenty of websites have already transitioned to subscriptions and donations. Do they need ad support as an alternative or supplementation? I think restoring tech behemoths' ad revenue in exchange for a temporary tracking armistice is a misguided effort. Browsers like Mozilla should be fighting the war on privacy on behalf of end-users by preventing tracking instead of trying to barter with advertisers.
Mozilla continues, "If advertisers don't need to track for attribution, it's easier to identify and stop tracking." This logic is baffling, I must be missing a step. How is it easier to identify and stop tracking if ads don't "need" to track? Too much faith is placed in these publicly traded companies to stop tracking you if they're given conversion aggregates. If there's value in tracking, they will continue. That's their fiduciary duty.
While I share your disdain for how advertising has driven enshittification, I want to push back on a couple of things. Publicly traded companies are not the worst kind of company. They have fairly...
While I share your disdain for how advertising has driven enshittification, I want to push back on a couple of things.
Publicly traded companies are not the worst kind of company. They have fairly rigorous disclosure requirements that can provide some accountability. Private equity owned firms are much more insidious. See, e.g. academi, or the troubled teen industry.
I first heard of it through this viral thread on Mastodon, which covers the basics pretty well: https://mastodon.social/@mcc/112775362045378963 As they mentioned, it is fairly “funny” that Apple’s...
Does anyone else know more or have a resource where I can learn more?
I first heard of it through this viral thread on Mastodon, which covers the basics pretty well:
I've gotten in the habit of reviewing my settings after every Firefox update in order to disable BS changes like this. Firefox is still the best browser available but crap like this is really...
I've gotten in the habit of reviewing my settings after every Firefox update in order to disable BS changes like this. Firefox is still the best browser available but crap like this is really tiring to see and regularly opt-out of.
The link shows how to disable PPA via the UI, but if you're looking to disable it in about:config, set dom.private-attribution.submission.enabled to false. Or add this to your user.js:...
The link shows how to disable PPA via the UI, but if you're looking to disable it in about:config, set dom.private-attribution.submission.enabled to false.
I've been a Firefox loyalist for years, so this is disappointing. At the same time, I wonder how something like a browser makes money. Then again, how many developers do they need for the basics...
I've been a Firefox loyalist for years, so this is disappointing. At the same time, I wonder how something like a browser makes money. Then again, how many developers do they need for the basics of security and supporting new devices that appear? The add-on ecosystem can probably cover most of the rest.
I thought they made a solid attempt with say, Relay, but I think I read somewhere that it was deprioritized.
Providing a program that displays some text and image/video content should not require a billion-dollar for-profit organization. It is absolutely in the interest of Google that the environment has...
At the same time, I wonder how something like a browser makes money.
Providing a program that displays some text and image/video content should not require a billion-dollar for-profit organization. It is absolutely in the interest of Google that the environment has gotten so absurdly complex. They can now point to open standards and how they are used on the web and make a plausible argument that it takes a company like them to keep track of all that shit.
IMO it would be time to accept a break in backwards compatibility. Provide some alternative to HTML/CSS/Javascript that is sane and simple and acknowledges that modern websites are essentially render engines drawing boxes and do not need 12 different ways to organize flow in a grid layout. Javascript can die peacefully and be replaced by a sane sandboxed version of python or something. I know this would be hard, I know the XKCD comic about introducing new standards. But I’m royally pissed off with ad companies taking over the internet and letting you download 12 MB of JavaScript to read a comment thread.
This would create a browser that no-one uses, see Gemini and friends. This is what Mozilla have been doing all these years, and is part of what costs so much money to design sensible and efficient...
IMO it would be time to accept a break in backwards compatibility.
This would create a browser that no-one uses, see Gemini and friends.
Provide some alternative to HTML/CSS/Javascript that is sane and simple and acknowledges that modern websites are essentially render engines drawing boxes and do not need 12 different ways to organize flow in a grid layout.
This is what Mozilla have been doing all these years, and is part of what costs so much money to design sensible and efficient APIs into this render engine. It turns out, if you're worried about performance, and you want sites to be able to implement these layouts efficiently, then you need to give them the tools to do that.
Javascript can die peacefully and be replaced by a sane sandboxed version of python or something.
Sandboxing Python is a lot harder than sandboxing Javascript, a language explicitly designed for sandboxing (unless you want to write an entirely new implementation of Python that would be incompatible with most existing Python libraries, thus splitting the Python ecosystem further). If you did go down this route, you'd also need to redo all the decades of performance engineering browsers have done on Javascript to make it one of the fastest interpreted languages out there, otherwise users would have to put up with all the pages that visit suddenly slowing down to a crawl. And even if you did that, I'm not sure what the benefit would be - people can write bad Python as easily as that can write bad Javascript.
I know this would be hard, I know the XKCD comic about introducing new standards.
And yet you wonder why existing browsers are so complex...
But I’m royally pissed off with ad companies taking over the internet and letting you download 12 MB of JavaScript to read a comment thread.
Which is exactly the problem this mechanism is trying to solve: advertising currently isn't private enough and uses too many user resources. By giving advertisers better tools directly in the browser, the browser can enforce privacy better, and reduce the amount of Javascript needed for tracking and analytics. Now you can freely question whether it's right that so much of the internet is funded by targeted advertising, and you can argue that browsers should choose instead not to work with advertisers at all. But if you accept the argument that an internet funded by advertisers is more accessible than pay-to-use internet, or an internet where people don't get paid for their work at all, then I think it's fair to say that this is a reasonable attempt to find a compromise that improves the situation for users while still enabling advertising.
While there is high variance in cost of advertising on individual level, on average it is easily the most expensive option even if we ignored the massive societal and enviromental costs which we...
Now you can freely question whether it's right that so much of the internet is funded by targeted advertising,
While there is high variance in cost of advertising on individual level, on average it is easily the most expensive option even if we ignored the massive societal and enviromental costs which we should not.
Personally I consider ads to be this predatory payday loan that gives you something up front but requires time and attention for an action explicitly designed and optimized to compromise the decision making of the user.
The money for all the imnense costs needed for ads needs to come from somewhere and while that costs is obfuscated to hell in ultimately comes from the end user.
I mean, yes, obviously the money comes from the viewer of the advertising, when they buy the products in question. I don't think there's much obfuscation going on there. I dislike ads, and I am...
I mean, yes, obviously the money comes from the viewer of the advertising, when they buy the products in question. I don't think there's much obfuscation going on there.
I dislike ads, and I am cautiously for laws that restrict (or even ban) advertising in different contexts. But systems like this that make tracking more anonymous and efficient, and laws like GDPR that ensure that users remain in control of their private data are, to me, good things even if they don't get rid of advertising altogether.
Web browsers are full OSes. There is no particularly practical distinction between a web browser and Debian in a VM. The reason web browsers are full OSes is because actual user-facing OSes were...
Providing a program that displays some text and image/video content should not require a billion-dollar for-profit organization.
Web browsers are full OSes. There is no particularly practical distinction between a web browser and Debian in a VM. The reason web browsers are full OSes is because actual user-facing OSes were stagnated by Microsoft's monopoly.
If we want to replace web browsers, the "solution" is to build regular OSes up to be competitive with web-browsers. The problem is that due to all the funding going to browsers, the reverse is happening (Electron etc). Also, browsers give Big Data complete control over the client - they can ship multiple new versions every day, auto-updated the moment you hit F5 with no way of switching back to the old client.
Python seems simple on the surface, but like most older, popular languages, it's evolved to become rather complex. Most interesting Python apps rely on a big pile of dependencies that include...
Python seems simple on the surface, but like most older, popular languages, it's evolved to become rather complex. Most interesting Python apps rely on a big pile of dependencies that include native extensions written in languages like C and C++. JavaScript has a few warts, but it can be compiled to run much faster than pure Python. (Though not faster than Python with native extensions.)
There's also a tiny language called Starlark that's much more amenable to sandboxing and uses Python syntax. Unfortunately it's too small a subset for most people, since it doesn't even have classes.
And of course there's Dart, which was originally an attempt by some people at Google to come up with a language to replace JavaScript in browsers. It didn't work out that way and eventually found another niche with Flutter.
I don't think the web will die in our lifetimes. More likely, it will evolve as people improve pieces of it. Today's web is a lot better technically than it used to be.
An alternative is that something new might come along that makes it look archaic, like fax machines or email or sending people a personal letter in the mail, and people gradually stop using it. Whatever that new thing is, there has to be more to it than "the web, but cleaned up." That won't be reason enough for people to learn about the new thing and start using it more.
Haha, this is a separate pet peeve for me. If companies had a negative feedback loop where a bad website truly cost them more, it would self-regulate. But we don't so of course they overengineer...
Haha, this is a separate pet peeve for me. If companies had a negative feedback loop where a bad website truly cost them more, it would self-regulate. But we don't so of course they overengineer and overdesign stuff with experiences people were fine keeping boring. I don't know how to reason about electric cost based on package size but I'd assume a bad website, over time, pollutes the environment.
Providing a program that displays some text and image/video content should not require a billion-dollar for-profit organization.
Honestly I kind of agree with you? But I've never made a browser (I barely even know the frontend), so I don't want to presume it's easier than it is.
do not need 12 different ways to organize flow in a grid layout.
I've been thinking a lot about that one thread here on the lack of inventive UIs in the name of accessibility. When I was trying to make an accessible website, one of the things I learned was that leaving things to the user was usually the friendliest option. Leverage their system settings (system-ui font and size) and proper HTML labeling. I feel like there was an alt timeline where we looked at the fact that Bootstrap / Skeleton / etc. was making websites so similar that we just 100% converged on naming and a few layouts. And if you do so, then it becomes easier to load custom CSS of your choice, kind of like Greasemonkey. It's interesting to reimagine browsers as having a canned (like, truly fixed) frontend. As it is, they're greatly unopinionated.
Chrome is rather obvious. Even if it didn't make money, it's a loss leader to Google's true goal of serving ads. Firefox... well you can see for yourself, but TL;DR: Google pays a lot to Mozilla....
I wonder how something like a browser makes money.
Chrome is rather obvious. Even if it didn't make money, it's a loss leader to Google's true goal of serving ads.
Google pays a lot to Mozilla. Essentially they are paying a competitor so that they avoid anti-trust suits.
As of late, Mozilla has in fact been leaning out of FF as the main product and into a variety of other things. Firefox VPN is one example. Other future plans include AI products.
Chrome isn't a money-making venture. It's an investment in soft power over the entire web. It gives them an incredibly loud voice that lets them, for instance, take the lead on shaping web standards.
Chrome isn't a money-making venture. It's an investment in soft power over the entire web. It gives them an incredibly loud voice that lets them, for instance, take the lead on shaping web standards.
And beyond that it prevents another company (Microsoft primarily) sitting between Google and the user, exerting the control Apple does on their devices that require Safari. There’s a reason Google...
And beyond that it prevents another company (Microsoft primarily) sitting between Google and the user, exerting the control Apple does on their devices that require Safari.
There’s a reason Google pays Apple billions of dollars to be the default search engine, they don’t have any other choice. They would much rather spend money on building chrome than have to pay to be the default search on some other dominant browser.
Orion is as far as I know not quite profitable yet, but they offer a voluntary payment model to support development (it’s a side effort of the company, not their main bread and butter). In my...
Orion is as far as I know not quite profitable yet, but they offer a voluntary payment model to support development (it’s a side effort of the company, not their main bread and butter).
In my opinion that software is on its way to becoming the best browser on the planet… but it’s unfortunately currently still only available on Apple devices.
Privacy advocates are good for pointing out problems, but sometimes they misunderstand what they’re criticizing: I’ve never worked in adtech, but even I know it’s not that simple. What they...
Privacy advocates are good for pointing out problems, but sometimes they misunderstand what they’re criticizing:
All an advertisement has to do is link to a unique URL: Instead of linking to example.com one could link to example.com/ad01, and the website operator simply has to track how many people visit the ad01 page on their end.
I’ve never worked in adtech, but even I know it’s not that simple.
What they describe is just linking. Links are great, but they only work when a website is giving links away for free, like how we normally link to things.
Paid advertising requires both the buyer and seller to have a reasonably trustworthy way of counting traffic. The website shouldn’t be able to just make up a bigger number to get paid more, and the advertiser shouldn’t be able to pretend that they didn’t get any clicks, so they don’t have to pay for their ads. This lack of trust is why a third party needs to be involved in the counting. (At a minimum, the ‘ping’ attribute on an <a> tag would allow multiple websites to keep a count, but I think that still makes it pretty easy to cheat?)
You might compare with running an election, which is much more complicated than it would be if votes didn’t need to be private and you could trust people not to cheat.
Sure, in theory, maybe they should just give up on paid advertising. it’s created a huge amount of complexity and security issues that would go away. I wouldn’t miss it. But the people working on these things are working under the assumption that if paid advertising could somehow be fixed, that would be good, since it allows ad-funded websites to remain in business.
So we do see proposals every now and then on how to improve privacy while still allowing paid advertising to exist. You can say, well, maybe it shouldn’t exist, but I think it also makes sense to judge how well those proposals meet their own goals, while understanding that they’re different from our goals.
The article links to this 2022 proposal, which states its assumptions up front, without evidence: “Advertising provides critical support for the Web.” I know that’s disappointing, but Mozilla seems pretty clear: they’re not going to take the hard line against advertising that maybe you’re hoping for.
Yup, something like this is necessary for web advertising to work, and web advertising is the financial vascular system of the web as it currently exists. We can all wish that advertising would go...
Yup, something like this is necessary for web advertising to work, and web advertising is the financial vascular system of the web as it currently exists. We can all wish that advertising would go away, but we can’t reasonably expect a successful modern web browser to act differently. Acting this way is what makes them a successful modern web browser. Everyone in the entire ecosystem is directly incentivized, in most cases in an existential way, to make paid advertising as profitable as possible. You can be mad about that (I am), and you can adapt by using ad blockers (I do), but you can’t really be surprised or betrayed by something like this.
As so often happens in a market system, we’re in a scorpion/frog scenario. Mozilla is behaving how it behaves. Technologically, there’s nothing stopping Mozilla or Google from making a good web browser that isn’t doing something most people would consider nefarious, but an entity that is truly oriented toward that goal is incapable of becoming Mozilla or Google. Those guys get stuck with zero percent market share, making qutebrowser or whatever. I don't really want to make this too much of a commie screed, but the profit motive applied to the current economic reality of the internet can only produce this one outcome, and the profit motive is the only heuristic that any entity with the capital to make something like Firefox (no matter how good-intentioned) could possibly apply under capitalism, for both better and worse.
I agree that what Mozilla does isn’t up to us, but I think it’s a little too fatalistic to assume that they couldn’t have done something else because of incentives. Incentives can be pretty...
I agree that what Mozilla does isn’t up to us, but I think it’s a little too fatalistic to assume that they couldn’t have done something else because of incentives.
Incentives can be pretty powerful, but they’re not destiny. People don’t always follow them. They don’t have to accept lucrative offers. Often there are multiple, competing incentives, different ways of making money, different ways of pursuing market share. You can make choices. Strategists usually don’t make decisions by creating a spreadsheet and choosing whichever option has the highest number.
I do want to push back a little bit here. Are you aware of something Mozilla could do to maintain profitability without doing what is necessary to enable web advertising (including the necessary...
I do want to push back a little bit here. Are you aware of something Mozilla could do to maintain profitability without doing what is necessary to enable web advertising (including the necessary amount of tracking)? I'm not saying they couldn't make another choice, but they can't make another choice if they want to be profitable, and you can't become Mozilla if you're not trying to be profitable. Indeed, you start dying if you're not continuing to be profitable. You don't, of course, need to pick the highest number on the spreadsheet, but you do need to pick a positive one. You can, of course, choose among any of the options that are profitable on the spreadsheet, but all profitable options in the current ecosystem (which Mozilla isn't in a position to unilaterally change) demand that Mozilla heavily support the continued profitability of web advertising.
It's not clear to me what, conceptually, it would look like for Mozilla to do anything else. "We're making it impossible for ads to track you by default" makes the Mozilla Corporation insolvent relatively quickly. What would replace their existing revenue streams, which all rely on maintaining profitability for other parties, particularly advertising companies? Most of their revenue comes from Google paying them to make Google the default search engine, which Google does because it makes them money with tracking, ads, etc.
Mozilla only exists to the extent that it is advertiser-friendly. Advertising and subscription models are the only two ways anyone has ever found to make continuous revenue with a single product online, and nobody is paying for a Firefox subscription. So advertising is where the money has to come from, and you can't keep making Firefox without money. In any case, you certainly can't keep making it without some amount of consent from big players like Google, who will start to kick if the half a billion dollars per year they invest into keeping Firefox users in their orbit stops making them any profit.
I think you're right that there are constraints on what Firefox can do. All organizations care about where their budget comes from, even non-profits. 80% of their funding comes from Google, for...
I think you're right that there are constraints on what Firefox can do. All organizations care about where their budget comes from, even non-profits.
80% of their funding comes from Google, for making Google their default search engine. An example of a constraint is that they probably couldn't block ads on Google by default and keep that deal.
There's also an indirect incentive to not alienate other advertisers too much: Firefox needs to remain compatible with websites.
But that doesn't mean they can't make choices within those constraints. There's still plenty of room for maneuver even within the constraints of "don't piss off Google too much" and "don't start a fight with ad-backed websites that results in them blocking Firefox." Firefox often doesn't go along with Google on web standards, for example.
Oh, absolutely! And Firefox does operate within those constraints in a less overtly evil way than its (viable) alternatives. Even from a cynical point of view, a lot of their users are people...
Oh, absolutely! And Firefox does operate within those constraints in a less overtly evil way than its (viable) alternatives. Even from a cynical point of view, a lot of their users are people scared about privacy stuff, so they don't have a coherent user base if they're not operating somewhat differently than their competitors in that regard. They're the only semi-mainstream browser on Android that even lets me install an ad blocker; they definitely do their best to give users a way out of this shit within the constraints imposed by the realities of the market. I'm specifically referring to situations like this, where it's a question of whether the product is going to be compatible with the advertising ecosystem or not. You can't do Firefox without money, you don't have money without playing ball on ads, and, as you point out, you can't really do ads without some tracking. Which means their -- I believe sincere -- commitment to privacy must always be at least somewhat counterbalanced by the existential drive to generate revenue and keep the project going.
Just earlier today I read about AdNauseam which aims to make this exact mechanism dysfunctional. (Haven’t looked into it more closely since then, though)
Paid advertising requires both the buyer and seller to have a reasonably trustworthy way of counting traffic. The website shouldn’t be able to just make up a bigger number to get paid more, and the advertiser shouldn’t be able to pretend that they didn’t get any clicks, so they don’t have to pay for their ads. This lack of trust is why a third party needs to be involved in the counting. (At a minimum, the ‘ping’ attribute on an <a> tag would allow multiple websites to keep a count, but I think that still makes it pretty easy to cheat?)
Just earlier today I read about AdNauseam which aims to make this exact mechanism dysfunctional. (Haven’t looked into it more closely since then, though)
It's slow, janky, and barely anything works. I actually just built the latest version of the browser and tried to log in to Tildes to write and post this comment. Unfortunately, logging in to...
So yeah, the project is still in a very pre-alpha state. The current focus remains getting most websites working at all, let alone quickly, and they aren't targeting a public alpha release until summer 2026.
Still, it's pretty freaking cool to use a GUI web browser that isn't Firefox, Safari, or Chrome.
You made me curious, so I tried to log into Tildes with an old favorite of mine, NetSurf. It can log in, but that's just about it; it doesn't even display the styles correctly. It's saying...
You made me curious, so I tried to log into Tildes with an old favorite of mine, NetSurf. It can log in, but that's just about it; it doesn't even display the styles correctly. It's saying something when even this fairly conservatively designed website becomes unusable on browsers that aren't based on the Webkit family (or Firefox).
I just tried tildes with the latest source build of Ladybird and it doesn't work properly. If you aren't logged in the site looks kind of okay, but you can't log in.
I just tried tildes with the latest source build of Ladybird and it doesn't work properly. If you aren't logged in the site looks kind of okay, but you can't log in.
I'm building the package in aur right now. Will report. edit: it's incredibly early. Really really slow with amazingly limited capabilities. They say it's developer use only at this stage and I...
I'm building the package in aur right now. Will report.
edit: it's incredibly early. Really really slow with amazingly limited capabilities. They say it's developer use only at this stage and I agree, no-one should be using this right now save for testing things for compatibility and producing bug reports and PRs , I'd say.
Ok maybe unpopular opinion here, but Mozilla has to make money and the opt-out setting is not hidden. That’s not too shabby? Other browsers don’t give you the option to opt out. I’m skeptical of...
Ok maybe unpopular opinion here, but Mozilla has to make money and the opt-out setting is not hidden. That’s not too shabby? Other browsers don’t give you the option to opt out.
I’m skeptical of all the free privacy browsers because I do not understand how they can make money. Mozilla is kind of trying to get the best of both worlds… I can understand what they are trying to do.
You can always use paid services if you want privacy long-term.
I really don't understand what Mozilla thinks they're playing at. Their reputation as more private and trustworthy than Chrome is literally all they have so this is playing with fire
I really don't understand what Mozilla thinks they're playing at. Their reputation as more private and trustworthy than Chrome is literally all they have so this is playing with fire
Honestly, I can admit that this isn't that great, but I will still keep using Firefox because the not-great-ness of this doesn't outweigh the need to fight against one single tech power having too...
Honestly, I can admit that this isn't that great, but I will still keep using Firefox because the not-great-ness of this doesn't outweigh the need to fight against one single tech power having too much influence over the Internet (via browser monopoly). I'm just grateful for a mechanism to opt out.
I'm also not comfortable with how often the article makes claims without linking to sources or references to support them. Even the writing style comes off as a bit too emotional and sensationalizing.
Tangential, but I am really tired this year of settling for a bad choice because the alternative choice will literally kill me (or to be less dramatic here, extract everything I do into a product...
I will still keep using Firefox because the not-great-ness of this doesn't outweigh the need to fight against one single tech power having too much influence over the Internet (via browser monopoly)
Tangential, but I am really tired this year of settling for a bad choice because the alternative choice will literally kill me (or to be less dramatic here, extract everything I do into a product with dubious consent).
I started using Firefox as my primary browser over 20 years ago, back when it was still called Phoenix and Chrome was just a gleam in Google's eye. I did spend a couple years (just before Quantum...
I started using Firefox as my primary browser over 20 years ago, back when it was still called Phoenix and Chrome was just a gleam in Google's eye.
I did spend a couple years (just before Quantum arrived) exploring better, more privacy-focused alternatives like Pale Moon.
With this latest privacy faux pas from Mozilla, I find myself back to searching for better, more client-focused alternatives.
Just in the past few days, on all my laptops, I have switched my primary browser over from FF to Librewolf, and I've (at least tentatively) switched over to Mull browser on my phone.
Librewolf, so far, is excellent. Everything I wish FF could be, w/o going the FullTinfoilHat route of TOR.
But last month, I decided it's time to quit using DuckDuckGo (another primary tool I've used since its infancy), and I've been exploring a wide variety of truly alternative Search services ... and now, I'll be doing the same with browsers.
Hell, maybe it's time for a full personal-tools audit.
Privacy Guides has been my first (and usually, last) stop when searching for quality privacy-and-security conscious apps. I recommend them every chance I get.
Always glad to hear stuff like this - thanks for sharing the site!
Privacy Guides has been my first (and usually, last) stop when searching for quality privacy-and-security conscious apps. I recommend them every chance I get.
Always glad to hear stuff like this - thanks for sharing the site!
God fucking damnit. Nothing is sacred. I'm so utterly fucking fed-up with the idea that modern society must be advertisement based to succeed. I have no fucking clue why so many people put up with...
God fucking damnit.
Nothing is sacred.
I'm so utterly fucking fed-up with the idea that modern society must be advertisement based to succeed. I have no fucking clue why so many people put up with so much of this garbage. I'm literally teaching my children that advertisements are evil, and should be abhorred.
On a lighter note, you might enjoy this anecdote: my 6 year-old likes making short, silly movies. Recently he started making ads, and when one was especially irritating, I asked him why. "That's...
On a lighter note, you might enjoy this anecdote: my 6 year-old likes making short, silly movies. Recently he started making ads, and when one was especially irritating, I asked him why. "That's how ads are supposed to be." That was his only definition of ads: to be annoying. I thought that was pretty awesome!
I agree 100%. We are constantly told that advertisers have a right to our attention, that it's stealing if we block ads, that we should feel guilty for not respecting the sanctity of this social...
I agree 100%. We are constantly told that advertisers have a right to our attention, that it's stealing if we block ads, that we should feel guilty for not respecting the sanctity of this social contract. What absolute horseshit. It's my prerogative to use whatever technologies are at my disposal to keep ads out of my headspace. I don't owe advertisers ANYTHING.
There are other ways to fund a website, besides selling ads. There are other ways to promote a product or service, besides buying ads. Ads are an intrusive, manipulative, parasitical blight.
"We didn't make it opt-in because it would be too difficult to explain to users."
Just another example of these platforms sneaking shit under the hood and hoping users don't notice. Let me guess, the patch notes to the browser update for these users simply said "Bug fixes and improvements."
That said, the article doesn't do a good job explaining how PPA works or what it does, just that I should be outraged. Quick google search didn't give me much info either.
Sounds like its tracking metrics handled locally by the browser, and only functions for first-party websites? Does anyone else know more or have a resource where I can learn more?
Not even close.
From Mozilla's own patchnotes: https://support.mozilla.org/en-US/kb/privacy-preserving-attribution
More technical info:
https://github.com/mozilla/explainers/tree/main/ppa-experiment
I'm fine with advertising companies and datamongers dying. Businesses like Meta and Google are a leech on the web, shaping standards to benefit their revenue. That being said, I am curious if anyone else benefits from an API like this.
Mozilla says the indirect end-user benefits from attribution are "likely significant" because "The value that an advertiser gains from attribution is enormous. [...] Advertising-supported content and services can be more equitable than alternative funding models."
I understand this experiment seeks to determine if privacy-preserving ad attribution can be more equitable than subscriptions or donations, but my gut tells me it's just to raise the bottom line for Meta, Google, etc. The experiment assumes advertising should be saved but plenty of websites have already transitioned to subscriptions and donations. Do they need ad support as an alternative or supplementation? I think restoring tech behemoths' ad revenue in exchange for a temporary tracking armistice is a misguided effort. Browsers like Mozilla should be fighting the war on privacy on behalf of end-users by preventing tracking instead of trying to barter with advertisers.
Mozilla continues, "If advertisers don't need to track for attribution, it's easier to identify and stop tracking." This logic is baffling, I must be missing a step. How is it easier to identify and stop tracking if ads don't "need" to track? Too much faith is placed in these publicly traded companies to stop tracking you if they're given conversion aggregates. If there's value in tracking, they will continue. That's their fiduciary duty.
While I share your disdain for how advertising has driven enshittification, I want to push back on a couple of things.
Publicly traded companies are not the worst kind of company. They have fairly rigorous disclosure requirements that can provide some accountability. Private equity owned firms are much more insidious. See, e.g. academi, or the troubled teen industry.
Also, the fiduciary duty to make money is not so clear cut. These corps are profit driven, sure, but they aren’t legally reuired to profit uber alles. More info https://corpgov.law.harvard.edu/2019/08/24/stakeholder-governance-and-the-fiduciary-duties-of-directors/
You're right, enshittified corps is a better description than generalizing all public companies. Thanks for sharing the insight into fiduciary duty!
Thanks for the info! When I googled all I found was a generic splash page.
I first heard of it through this viral thread on Mastodon, which covers the basics pretty well:
https://mastodon.social/@mcc/112775362045378963
As they mentioned, it is fairly “funny” that Apple’s Safari does it as well. Seems that Google really aren’t the only bad guys in this game.
I've gotten in the habit of reviewing my settings after every Firefox update in order to disable BS changes like this. Firefox is still the best browser available but crap like this is really tiring to see and regularly opt-out of.
The link shows how to disable PPA via the UI, but if you're looking to disable it in
about:config, setdom.private-attribution.submission.enabledtofalse.Or add this to your
user.js:I've been a Firefox loyalist for years, so this is disappointing. At the same time, I wonder how something like a browser makes money. Then again, how many developers do they need for the basics of security and supporting new devices that appear? The add-on ecosystem can probably cover most of the rest.
I thought they made a solid attempt with say, Relay, but I think I read somewhere that it was deprioritized.
Providing a program that displays some text and image/video content should not require a billion-dollar for-profit organization. It is absolutely in the interest of Google that the environment has gotten so absurdly complex. They can now point to open standards and how they are used on the web and make a plausible argument that it takes a company like them to keep track of all that shit.
IMO it would be time to accept a break in backwards compatibility. Provide some alternative to HTML/CSS/Javascript that is sane and simple and acknowledges that modern websites are essentially render engines drawing boxes and do not need 12 different ways to organize flow in a grid layout. Javascript can die peacefully and be replaced by a sane sandboxed version of python or something. I know this would be hard, I know the XKCD comic about introducing new standards. But I’m royally pissed off with ad companies taking over the internet and letting you download 12 MB of JavaScript to read a comment thread.
This would create a browser that no-one uses, see Gemini and friends.
This is what Mozilla have been doing all these years, and is part of what costs so much money to design sensible and efficient APIs into this render engine. It turns out, if you're worried about performance, and you want sites to be able to implement these layouts efficiently, then you need to give them the tools to do that.
Sandboxing Python is a lot harder than sandboxing Javascript, a language explicitly designed for sandboxing (unless you want to write an entirely new implementation of Python that would be incompatible with most existing Python libraries, thus splitting the Python ecosystem further). If you did go down this route, you'd also need to redo all the decades of performance engineering browsers have done on Javascript to make it one of the fastest interpreted languages out there, otherwise users would have to put up with all the pages that visit suddenly slowing down to a crawl. And even if you did that, I'm not sure what the benefit would be - people can write bad Python as easily as that can write bad Javascript.
And yet you wonder why existing browsers are so complex...
Which is exactly the problem this mechanism is trying to solve: advertising currently isn't private enough and uses too many user resources. By giving advertisers better tools directly in the browser, the browser can enforce privacy better, and reduce the amount of Javascript needed for tracking and analytics. Now you can freely question whether it's right that so much of the internet is funded by targeted advertising, and you can argue that browsers should choose instead not to work with advertisers at all. But if you accept the argument that an internet funded by advertisers is more accessible than pay-to-use internet, or an internet where people don't get paid for their work at all, then I think it's fair to say that this is a reasonable attempt to find a compromise that improves the situation for users while still enabling advertising.
While there is high variance in cost of advertising on individual level, on average it is easily the most expensive option even if we ignored the massive societal and enviromental costs which we should not.
Personally I consider ads to be this predatory payday loan that gives you something up front but requires time and attention for an action explicitly designed and optimized to compromise the decision making of the user.
The money for all the imnense costs needed for ads needs to come from somewhere and while that costs is obfuscated to hell in ultimately comes from the end user.
I mean, yes, obviously the money comes from the viewer of the advertising, when they buy the products in question. I don't think there's much obfuscation going on there.
I dislike ads, and I am cautiously for laws that restrict (or even ban) advertising in different contexts. But systems like this that make tracking more anonymous and efficient, and laws like GDPR that ensure that users remain in control of their private data are, to me, good things even if they don't get rid of advertising altogether.
Web browsers are full OSes. There is no particularly practical distinction between a web browser and Debian in a VM. The reason web browsers are full OSes is because actual user-facing OSes were stagnated by Microsoft's monopoly.
If we want to replace web browsers, the "solution" is to build regular OSes up to be competitive with web-browsers. The problem is that due to all the funding going to browsers, the reverse is happening (Electron etc). Also, browsers give Big Data complete control over the client - they can ship multiple new versions every day, auto-updated the moment you hit F5 with no way of switching back to the old client.
Python seems simple on the surface, but like most older, popular languages, it's evolved to become rather complex. Most interesting Python apps rely on a big pile of dependencies that include native extensions written in languages like C and C++. JavaScript has a few warts, but it can be compiled to run much faster than pure Python. (Though not faster than Python with native extensions.)
There's also a tiny language called Starlark that's much more amenable to sandboxing and uses Python syntax. Unfortunately it's too small a subset for most people, since it doesn't even have classes.
And of course there's Dart, which was originally an attempt by some people at Google to come up with a language to replace JavaScript in browsers. It didn't work out that way and eventually found another niche with Flutter.
I don't think the web will die in our lifetimes. More likely, it will evolve as people improve pieces of it. Today's web is a lot better technically than it used to be.
An alternative is that something new might come along that makes it look archaic, like fax machines or email or sending people a personal letter in the mail, and people gradually stop using it. Whatever that new thing is, there has to be more to it than "the web, but cleaned up." That won't be reason enough for people to learn about the new thing and start using it more.
Haha, this is a separate pet peeve for me. If companies had a negative feedback loop where a bad website truly cost them more, it would self-regulate. But we don't so of course they overengineer and overdesign stuff with experiences people were fine keeping boring. I don't know how to reason about electric cost based on package size but I'd assume a bad website, over time, pollutes the environment.
Honestly I kind of agree with you? But I've never made a browser (I barely even know the frontend), so I don't want to presume it's easier than it is.
I've been thinking a lot about that one thread here on the lack of inventive UIs in the name of accessibility. When I was trying to make an accessible website, one of the things I learned was that leaving things to the user was usually the friendliest option. Leverage their system settings (system-ui font and size) and proper HTML labeling. I feel like there was an alt timeline where we looked at the fact that Bootstrap / Skeleton / etc. was making websites so similar that we just 100% converged on naming and a few layouts. And if you do so, then it becomes easier to load custom CSS of your choice, kind of like Greasemonkey. It's interesting to reimagine browsers as having a canned (like, truly fixed) frontend. As it is, they're greatly unopinionated.
Chrome is rather obvious. Even if it didn't make money, it's a loss leader to Google's true goal of serving ads.
Firefox... well you can see for yourself, but TL;DR:
Google pays a lot to Mozilla. Essentially they are paying a competitor so that they avoid anti-trust suits.
As of late, Mozilla has in fact been leaning out of FF as the main product and into a variety of other things. Firefox VPN is one example. Other future plans include AI products.
Chrome isn't a money-making venture. It's an investment in soft power over the entire web. It gives them an incredibly loud voice that lets them, for instance, take the lead on shaping web standards.
And beyond that it prevents another company (Microsoft primarily) sitting between Google and the user, exerting the control Apple does on their devices that require Safari.
There’s a reason Google pays Apple billions of dollars to be the default search engine, they don’t have any other choice. They would much rather spend money on building chrome than have to pay to be the default search on some other dominant browser.
Orion is as far as I know not quite profitable yet, but they offer a voluntary payment model to support development (it’s a side effort of the company, not their main bread and butter).
In my opinion that software is on its way to becoming the best browser on the planet… but it’s unfortunately currently still only available on Apple devices.
Privacy advocates are good for pointing out problems, but sometimes they misunderstand what they’re criticizing:
I’ve never worked in adtech, but even I know it’s not that simple.
What they describe is just linking. Links are great, but they only work when a website is giving links away for free, like how we normally link to things.
Paid advertising requires both the buyer and seller to have a reasonably trustworthy way of counting traffic. The website shouldn’t be able to just make up a bigger number to get paid more, and the advertiser shouldn’t be able to pretend that they didn’t get any clicks, so they don’t have to pay for their ads. This lack of trust is why a third party needs to be involved in the counting. (At a minimum, the ‘ping’ attribute on an <a> tag would allow multiple websites to keep a count, but I think that still makes it pretty easy to cheat?)
You might compare with running an election, which is much more complicated than it would be if votes didn’t need to be private and you could trust people not to cheat.
Sure, in theory, maybe they should just give up on paid advertising. it’s created a huge amount of complexity and security issues that would go away. I wouldn’t miss it. But the people working on these things are working under the assumption that if paid advertising could somehow be fixed, that would be good, since it allows ad-funded websites to remain in business.
So we do see proposals every now and then on how to improve privacy while still allowing paid advertising to exist. You can say, well, maybe it shouldn’t exist, but I think it also makes sense to judge how well those proposals meet their own goals, while understanding that they’re different from our goals.
The article links to this 2022 proposal, which states its assumptions up front, without evidence: “Advertising provides critical support for the Web.” I know that’s disappointing, but Mozilla seems pretty clear: they’re not going to take the hard line against advertising that maybe you’re hoping for.
Yup, something like this is necessary for web advertising to work, and web advertising is the financial vascular system of the web as it currently exists. We can all wish that advertising would go away, but we can’t reasonably expect a successful modern web browser to act differently. Acting this way is what makes them a successful modern web browser. Everyone in the entire ecosystem is directly incentivized, in most cases in an existential way, to make paid advertising as profitable as possible. You can be mad about that (I am), and you can adapt by using ad blockers (I do), but you can’t really be surprised or betrayed by something like this.
As so often happens in a market system, we’re in a scorpion/frog scenario. Mozilla is behaving how it behaves. Technologically, there’s nothing stopping Mozilla or Google from making a good web browser that isn’t doing something most people would consider nefarious, but an entity that is truly oriented toward that goal is incapable of becoming Mozilla or Google. Those guys get stuck with zero percent market share, making qutebrowser or whatever. I don't really want to make this too much of a commie screed, but the profit motive applied to the current economic reality of the internet can only produce this one outcome, and the profit motive is the only heuristic that any entity with the capital to make something like Firefox (no matter how good-intentioned) could possibly apply under capitalism, for both better and worse.
I agree that what Mozilla does isn’t up to us, but I think it’s a little too fatalistic to assume that they couldn’t have done something else because of incentives.
Incentives can be pretty powerful, but they’re not destiny. People don’t always follow them. They don’t have to accept lucrative offers. Often there are multiple, competing incentives, different ways of making money, different ways of pursuing market share. You can make choices. Strategists usually don’t make decisions by creating a spreadsheet and choosing whichever option has the highest number.
I do want to push back a little bit here. Are you aware of something Mozilla could do to maintain profitability without doing what is necessary to enable web advertising (including the necessary amount of tracking)? I'm not saying they couldn't make another choice, but they can't make another choice if they want to be profitable, and you can't become Mozilla if you're not trying to be profitable. Indeed, you start dying if you're not continuing to be profitable. You don't, of course, need to pick the highest number on the spreadsheet, but you do need to pick a positive one. You can, of course, choose among any of the options that are profitable on the spreadsheet, but all profitable options in the current ecosystem (which Mozilla isn't in a position to unilaterally change) demand that Mozilla heavily support the continued profitability of web advertising.
It's not clear to me what, conceptually, it would look like for Mozilla to do anything else. "We're making it impossible for ads to track you by default" makes the Mozilla Corporation insolvent relatively quickly. What would replace their existing revenue streams, which all rely on maintaining profitability for other parties, particularly advertising companies? Most of their revenue comes from Google paying them to make Google the default search engine, which Google does because it makes them money with tracking, ads, etc.
Mozilla only exists to the extent that it is advertiser-friendly. Advertising and subscription models are the only two ways anyone has ever found to make continuous revenue with a single product online, and nobody is paying for a Firefox subscription. So advertising is where the money has to come from, and you can't keep making Firefox without money. In any case, you certainly can't keep making it without some amount of consent from big players like Google, who will start to kick if the half a billion dollars per year they invest into keeping Firefox users in their orbit stops making them any profit.
I think you're right that there are constraints on what Firefox can do. All organizations care about where their budget comes from, even non-profits.
80% of their funding comes from Google, for making Google their default search engine. An example of a constraint is that they probably couldn't block ads on Google by default and keep that deal.
There's also an indirect incentive to not alienate other advertisers too much: Firefox needs to remain compatible with websites.
But that doesn't mean they can't make choices within those constraints. There's still plenty of room for maneuver even within the constraints of "don't piss off Google too much" and "don't start a fight with ad-backed websites that results in them blocking Firefox." Firefox often doesn't go along with Google on web standards, for example.
Oh, absolutely! And Firefox does operate within those constraints in a less overtly evil way than its (viable) alternatives. Even from a cynical point of view, a lot of their users are people scared about privacy stuff, so they don't have a coherent user base if they're not operating somewhat differently than their competitors in that regard. They're the only semi-mainstream browser on Android that even lets me install an ad blocker; they definitely do their best to give users a way out of this shit within the constraints imposed by the realities of the market. I'm specifically referring to situations like this, where it's a question of whether the product is going to be compatible with the advertising ecosystem or not. You can't do Firefox without money, you don't have money without playing ball on ads, and, as you point out, you can't really do ads without some tracking. Which means their -- I believe sincere -- commitment to privacy must always be at least somewhat counterbalanced by the existential drive to generate revenue and keep the project going.
Just earlier today I read about AdNauseam which aims to make this exact mechanism dysfunctional. (Haven’t looked into it more closely since then, though)
I'm hoping for this
https://ladybird.org/
About time we had a newcomer in the browser scene.
At the very least, let’s hope it lights a fire under Mozilla’s ass to get back on track.
Have you tried Ladybird? I’m curious how it performs.
It's slow, janky, and barely anything works.
I actually just built the latest version of the browser and tried to log in to Tildes to write and post this comment. Unfortunately, logging in to Tildes is not working right now, though it has in the past.
So yeah, the project is still in a very pre-alpha state. The current focus remains getting most websites working at all, let alone quickly, and they aren't targeting a public alpha release until summer 2026.
Still, it's pretty freaking cool to use a GUI web browser that isn't Firefox, Safari, or Chrome.
If you have the technical know-how and want to try the browser for yourself, the build instructions aren't super complicated.
You made me curious, so I tried to log into Tildes with an old favorite of mine, NetSurf. It can log in, but that's just about it; it doesn't even display the styles correctly. It's saying something when even this fairly conservatively designed website becomes unusable on browsers that aren't based on the Webkit family (or Firefox).
I just tried tildes with the latest source build of Ladybird and it doesn't work properly. If you aren't logged in the site looks kind of okay, but you can't log in.
I'm building the package in aur right now. Will report.
edit: it's incredibly early. Really really slow with amazingly limited capabilities. They say it's developer use only at this stage and I agree, no-one should be using this right now save for testing things for compatibility and producing bug reports and PRs , I'd say.
One to watch.
Ok maybe unpopular opinion here, but Mozilla has to make money and the opt-out setting is not hidden. That’s not too shabby? Other browsers don’t give you the option to opt out.
I’m skeptical of all the free privacy browsers because I do not understand how they can make money. Mozilla is kind of trying to get the best of both worlds… I can understand what they are trying to do.
You can always use paid services if you want privacy long-term.
Chrome is in fact better than Mozilla here, you get a big prompt asking you to pick on or out on browser launch when the setting is first present.
I really don't understand what Mozilla thinks they're playing at. Their reputation as more private and trustworthy than Chrome is literally all they have so this is playing with fire
Honestly, I can admit that this isn't that great, but I will still keep using Firefox because the not-great-ness of this doesn't outweigh the need to fight against one single tech power having too much influence over the Internet (via browser monopoly). I'm just grateful for a mechanism to opt out.
I'm also not comfortable with how often the article makes claims without linking to sources or references to support them. Even the writing style comes off as a bit too emotional and sensationalizing.
Tangential, but I am really tired this year of settling for a bad choice because the alternative choice will literally kill me (or to be less dramatic here, extract everything I do into a product with dubious consent).
I started using Firefox as my primary browser over 20 years ago, back when it was still called Phoenix and Chrome was just a gleam in Google's eye.
I did spend a couple years (just before Quantum arrived) exploring better, more privacy-focused alternatives like Pale Moon.
With this latest privacy faux pas from Mozilla, I find myself back to searching for better, more client-focused alternatives.
Just in the past few days, on all my laptops, I have switched my primary browser over from FF to Librewolf, and I've (at least tentatively) switched over to Mull browser on my phone.
Librewolf, so far, is excellent. Everything I wish FF could be, w/o going the FullTinfoilHat route of TOR.
But last month, I decided it's time to quit using DuckDuckGo (another primary tool I've used since its infancy), and I've been exploring a wide variety of truly alternative Search services ... and now, I'll be doing the same with browsers.
Hell, maybe it's time for a full personal-tools audit.
Privacy Guides has been my first (and usually, last) stop when searching for quality privacy-and-security conscious apps. I recommend them every chance I get.
Always glad to hear stuff like this - thanks for sharing the site!
God fucking damnit.
Nothing is sacred.
I'm so utterly fucking fed-up with the idea that modern society must be advertisement based to succeed. I have no fucking clue why so many people put up with so much of this garbage. I'm literally teaching my children that advertisements are evil, and should be abhorred.
On a lighter note, you might enjoy this anecdote: my 6 year-old likes making short, silly movies. Recently he started making ads, and when one was especially irritating, I asked him why. "That's how ads are supposed to be." That was his only definition of ads: to be annoying. I thought that was pretty awesome!
I agree 100%. We are constantly told that advertisers have a right to our attention, that it's stealing if we block ads, that we should feel guilty for not respecting the sanctity of this social contract. What absolute horseshit. It's my prerogative to use whatever technologies are at my disposal to keep ads out of my headspace. I don't owe advertisers ANYTHING.
There are other ways to fund a website, besides selling ads. There are other ways to promote a product or service, besides buying ads. Ads are an intrusive, manipulative, parasitical blight.
Most people won't pay for quality software. so this will be the default until sentiments change, sadly.