Vienna-based non-profit organization Noyb (short for None Of Your Business) filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly requiring users to consent.
“Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites,” noib. said. “Essentially, the browser now controls tracking, not individual websites.”
Knoib also accused Mozilla of allegedly leaving Google out of the playbook by “secretly” enabling the feature by default without informing users.
PPA that is is currently on in Firefox version 128 as an experimental feature, has its parallels in Google Privacy sandbox project in Chrome.
Initiative, now left by Googlesought to replace third-party tracking cookies with a set of APIs built into the web browser that advertisers can talk to in order to determine user interests and serve targeted ads.
In other words, the web browser acts as an intermediary that stores information about the various categories into which users can be assigned based on their Internet browsing patterns.
The PPA, according to Mozilla, is a way for sites to “understand how their ads work without collecting data about individuals”, describing it as a “non-invasive alternative to cross-site tracking”.
It also looks like Apple Attribution of ad clicks with privacy protectionwhich allows advertisers to measure the effectiveness of their online advertising campaigns without compromising user privacy.
The PPA works like this: Websites that serve ads can ask Firefox to remember the ad as a display that contains details about the ad itself, such as the destination website.
If a Firefox user ends up visiting a destination website and performs an action that the business deems valuable — such as making an online purchase by clicking on an ad, also called a “conversion” — that website may prompt the browser to generate a report .
The generated report is encrypted and sent anonymously using the distributed aggregation protocol (DAP) into an “aggregation service” where the results are combined with other similar reports to create a summary that makes it impossible to know too much about an individual.
This, in turn, is made possible by a mathematical structure called differential privacy which allows aggregate user information to be shared in a privacy-preserving manner by adding random noise to the results to prevent re-identification attacks.
“The PPA is included in Firefox starting with version 128,” Mozilla notes in a support document. “A small number of sites are going to test it and provide feedback to inform our standardization plans and help us see if it can take off.”
“The PPA does not involve sending information about your browsing activity to anyone. Advertisers only receive aggregate information that answers basic questions about the effectiveness of their ads.”
Noyb found fault in this particular aspect, as it violates strict European Union (EU) data protection rules by enabling PPAs by default without obtaining users’ permission.
“While this may be less invasive than the unlimited tracking that is still the norm in the US, it still interferes with users’ rights under the EU GDPR,” the advocacy group said. “In reality, this tracking option also does not replace cookies, but is simply an alternative – additional – way for websites to target advertising.”
It is further noted that the Mozilla developer justified the move, arguing that users cannot make an informed decision and that “explaining a system like PPA would be a difficult task.”
“It’s unfortunate that an organization like Mozilla thinks users are too dumb to say yes or no,” said Felix Mikolas, data protection lawyer at noyb. “Users should be able to make a choice, and the feature should be disabled by default.”
