this post was submitted on 17 Jun 2024
177 points (98.4% liked)

Firefox

17815 readers
56 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 2 points 4 months ago (1 children)

5 is the problem. If you click through to anything, the person who gets the clicks knows what campaign you came from.

[–] sugar_in_your_tea@sh.itjust.works 3 points 4 months ago (1 children)

Sure, but that wouldn't identify you, and that's the important part. And they'd only know that if you actually click. I guess they could try the fingerprinting route, but Mozilla could also make strict policies that any company caught doing that would have their ad agreement rescinded.

I doubt ad companies would get on board with that, but those are my requirements. I'm happy to look at ads, provided my privacy is maintained.

[–] jet@hackertalks.com 2 points 4 months ago* (last edited 4 months ago) (1 children)

I'm not sure that's true.

Advertisement campaign a, takes people to landing site b.

Anybody who shows up at site b, you know was targeted and campaign a.

And if you're saying b is some generalized large domain, I promise you no advertiser would ever do that. They would set up subdomains, or campaign specific domains, any landing page where they know where you're coming from. And there's no way to stop them from doing that

At its core, most online advertising is just about a campaign to send people to a location. And if you can specify the campaign, and you can specify the location, you know which people came from that campaign and what they're advertisement factors are

[–] sugar_in_your_tea@sh.itjust.works 1 points 4 months ago (1 children)

Advertisement campaign a, takes people to landing site b.

Mozilla would be in charge of how long campaigns run, and what types of URLs would be allowed. The alternative is those ads get blocked and the advertiser gets nothing.

So yeah, the advertiser could tell that a Firefox user visited a given link, but they couldn't identify anything in particular about that user, other than their search history matched one of the criteria for the campaign.

That's honestly pretty acceptable. Other advertisers know the site the ad was served on, cookies from that site, potentially a nonce per user, etc. This method strips most of that, and only lets them know that it was a Firefox user during a given campaign. Mozilla could do audits to check if they're doing anything more to fingerprint users, and if so, drop the advertiser.

If those users would otherwise block ads, theoretically those advertisements are more valuable because those users are much harder to target. So advertisers may be willing to compromise here, since the alternative is no revenue. Mozilla would share revenue with sites, so there's an incentive for websites to opt-in as well.

[–] jet@hackertalks.com 1 points 4 months ago (1 children)

I see what you're saying, but I don't think there's any universe where an advertiser will pay for traffic without any way to identify that that traffic came from an advertisement campaign

Let me use an illustrative example,

An advertiser selects middle class, obese, yet healthy minded people to receive an ad for their Fatboy Summer fitness campaign

The landing page of this campaign, is not the main site for a gym, but a Fatboy Summer specific landing page with a special offer etc etc etc all very reasonable. If you click on the link you want to find more information about their special campaign offer.

The fact that that landing page will be specific to the advertisement campaign is a given, it's just a necessity of the transaction. Knowing these two pieces of information, you know anybody who ended up at that landing page is middle class, obese, but hopeful about getting healthy.

This is why targeted advertisements and privacy are diametrically opposed

[–] sugar_in_your_tea@sh.itjust.works 1 points 4 months ago* (last edited 4 months ago)

Perhaps. But they can also intuit that if someone gets to the landing page without clicking the link, because that's what that program appeals to. They also likely have a variety of other categories as well, such as non-obese and non-fit, lower class but living with parents, upper-class and single, etc.

But the important thing is that they wouldn't know which website the ad was served from or a unique identifier from the website to correlate to other data. If it's replacing Google or Facebook ads, that can be a lot of data, including my occupation, hobbies, accounts at other websites, etc. If all they get is that I was at least a >X% match for their ad-campaign through Mozilla, I'm fine with that. I can always clear/prune my browsing history to reset what types of categories I fall into.

But yeah, I get that many advertisers aren't going to be interested giving up that much data. However, if the alternative is no ads whatsoever, maybe that's attractive enough that they buy in. Idk, but that's my policy. If the ads won't respect my privacy, I'll block them. That's my line in the sand. If Mozilla offers a product I'm okay with, I'd be willing to disable my ad-blocker for those sites that opt-in.