There are many great things in this announcement, but I wonder if "a feature that protects those users that want to be free from invasive tracking without penalizing advertisers and content sites that respect a user’s preferences" will prove to be a Faustian bargain driven by Mozilla's fealty to Google and other major advertisers.
At some point, the goals of advertisers and privacy advocates may conflict in ways that may be difficult to reconcile, especially if advertisers (via Google & many other popular services) retain lots of bargaining power from the outset in the ensuing policy discussions.
Hi, I’m on the Polaris team at Mozilla. I understand your reticence on tracking. The news and other content we all enjoy on the open web is mostly underwritten by ads, as are the social networks activists use to coordinate. These sites need to get paid or they can’t keep doing what they do. It’s not the ads, it’s the tracking. While many users love seeing personalized content, an increasing number don’t. We’re trying to get to a place where websites respect users self-declared preferences on tracking, and users have better tools to enforce those preferences. It’s going to involve not just building tools and working with privacy advocates but also working with advertisers and publishers to help them benefit when they respect individual user wishes.
The news and other content we all enjoy is underwritten by tracking. The ads lose value without the tracking. The two are inextricably linked.
As someone who works in the industry I understand and respect the desire of privacy advocates to push back against practices they disagree with, but the view advanced by many that the ad industry would work just fine if ads could not be targeted based on behavior seems willfully wrongheaded.
If advertisers can't target based on behavior, they can't get high enough click rates and conversion rates. If they can't get those, their advertising is unprofitable. If their advertising is unprofitable they will stop buying it.
This scenario assumes that the value of ads would be driven completely to zero if tracking were not possible. For any non-zero value advertisers will still back out as they stop seeing returns, at which point ad-space-sellers will be forced to lower to their rates. This is still fully capable of effectively driving low-margin ad-supported websites out of business, but it's not a doomsday scenario.
Broadcast television still works and doesn't have these granular tracking abilities. I wonder if the principles they've used could be a blueprint to follow. The example will only be more relevant as market share shifts from broadcast tv to web-based alternatives.
Right. Also, the cost of computing has dropped so much in the last decade that running a social network without ads or tracking, such as Ello, is now possible. What we may see is a major social network that's like Craiglist - very cheap, a very small organization (30 people!), and very popular.
You can now beat "free with ads" on price. This is important.
Fair's fair. I can only speak from experience having built a business selling behaviorally targeted ads and now working at a company doing so at a much larger scale.
this is extremely important and difficult work, and i support you and your team in working toward these and related goals, including financially.
but as one example, the amount of person-hours that go into building a functional NoScript surrogate that can be used to block google analytics tracking without breaking the functionality of major websites is significant, and most 'ad blockers' either don't block the most common trackers because they've been paid off by advertisers (adblock plus) or only block one or a handful of many known means of tracking users (e.g. the last time i looked at disconnect.me, it didn't touch TLS-based identifiers like SessionID, tickets, etc. that Google is thought to use).
i think we have to move past some of the opacity/ambiguity that undermined previous attempts to reconcile the interests of users and advertisers, too. for example in the eyes of PrivacyBadger, an advertising company hosting jQuery or a font basically meant that my preferences about the same company tracking me, persistently, across most of the world's major websites could be trivially circumvented as long as that company could interpolate their server logs with other information. privacybadger probably still improved many users' privacy, but i think there's a lot of nuance that's extremely important to clarify as mozilla's work on this progresses.
> The news and other content we all enjoy on the open web is mostly underwritten by ads, as are the social networks activists use to coordinate.
And who underwrites the underwriters? We do! It's a lie that ads give people content and services for free (explained below). If Mozilla truly wants to fight for users, it needs to end its reliance on advertising revenue, and help invent honest ways for content and service creators to get paid by end users. We are a creative industry. We can find ways to do this while also keeping access open to the fraction of the population that can't afford to pay (which per below would only be people who don't buy advertised products).
I know this truth is hard to swallow for an industry that has grown so dependent on ads. As Upton Sinclair said, "It is difficult to get a man to understand something when his salary depends upon his not understanding it." But if we are to do the right thing, we have to really think about the truth:
1. The advertisers who pay web providers get their money from us, added to the prices of other things we consume. There is no free lunch.
2. The overhead cost of advertising is huge and we pay for that too.
3. We pay the opportunity cost of a product that cannot put users first because ad-supported web providers live or die by giving advertisers what they want (and what we want indirectly and secondarily). This includes both the cost of lost privacy as well as business, editorial and design decisions that optimize for advertising revenue. As has been said, they are using us as products more than treating us as their paying customers. Let me restate to be extra clear: WE are the paying customer, but we don't look like that to their finance department.
4. We pay for all the collateral damage of advertising, such as the tremendous amount of link-bait and other garbage that advertising perversely incentivizes.
5. We pay the social costs. Whether or not you agree with the social costs laid out in the above article, I'm sure most can agree democracy and the free market assume people make voting and purchasing decisions based on facts and reason. Advertising undermines democracy[1] and the free market[2]. Advertising is predominantly about manipulation and deceit. I believe the social costs are the most expensive.
Added together, we end users are paying a lot more for "free" product than if we could just straight up pay for it. And even we non-users are paying the social costs and collateral damage.
Ads are simply a sneaky and dishonest way to get at end users' money without them realizing it.
[1] You don't need me to explain. We all know that money often overwhelmingly decides who gets to run in an election, plays a big part in who wins, and influences what legislation they introduce, support or fight.
this was fascinating to watch and i'm glad mozilla is thinking about this problem, but i don't see how this is much different from flattr.
subscribe2web doesn't yet seem to solve what to me is the key part of the problem: in order for me to pay to opt out of ads, i still have to link my payment information to someone with a relationship to mozilla or some one else, and enable them to track what i read in order to distribute the funds. that's not necessarily better than google analytics and google ads...it's just different. and when it gets baked into the browser by default, it's potentially even more problematic than the status quo in certain ways.
I suppose you want some sort of zero knowledge proof, so the browser can prove that the request is coming from a user who has paid without revealing who the user is.
$12.70/month, according to that Mozilla research, is the total value of advertising per user, which means that is the most we'd have to pay on average if could just pay directly, and in fact much less per my points above!
This is even less than I had estimated. I need to dig into this number further.
Thanks for the link. This issue is a project of mine and it helps me a lot.
This may be slightly off topic but I think they should really clean up their addon store if they want to help with privacy. It takes forever for something to be available/updated in the store yet addons that log and report every page visited etc still run amok. I think rules should be much stricter or better enforced.
Mozilla promoting privacy seems nonsensical; the browser-based SaaS server-fetched application execution model is fundamentally antithetical to ownership and privacy.
Should something like Sandstorm take off, then we're still stuck with an application distribution model that destroys the split between client/server that allows a diverse set of clients to exist, destroys the ability for clients to be versioned independently of the server, and destroys the ability for clients to manage data in a way that it can't be read/captured/stolen by the server.
> All in all, I'm curious what a solution to the privacy issue would look like that would satisfy your criteria. Any proposals?
No server other than a gateway at the house. Peer-to-peer sync.
If centralized servers are required, perhaps someday we'll have the keying/trust infrastructure necessary to deploy sandboxed code that can't be introspected externally, e.g., using Intel SGX.
Interesting how it says it wont penalize advertisers.
Some of my friends work for mozilla and said that one of the feature does block ads as its both what the user wants and its impossible to tell whos tracking or not.
(nightly only in about config)
My understanding is that the feature will get axed/no longer be directly blocking ads?
It blocks all network requests to URLs on the blocklist. This can include ads, if those ads are listed as known tracking resources. I believe there'll eventually be a mechanism for publishers to declare DNT-compliance or something, to make sure their content isn't treated as a tracker.
That's right. The Mozilla platform technology is great, we are still working out a few kinks. The blocklist we're using is a customized version provided by Disconnect.me. Mozilla's UX for Tracking Protection needs a lot of work, it's just not done yet. We need to do a lot of work to understand what users want. Hence the experiment.
There are also many third-party add-ons out there: NoScript, Privacy Badger, Disconnect, DoNotTrackMe, Ghostery, etc. I don't think we want to compete with them but rather give them all more powerful tools to create more anti-tracking options for users. (EDITED to remove pronouns, fix misspells)
We need to do a lot of work to understand what users want. Hence the experiment.
I suspect you already know what users want: no ads on the web at all, but also no change to the everything-is-free paradigm those ads enable. As what they want cannot be delivered, you will encounter the same problems as all previous attempts.
I must say Im a little unhappy about installing 10 addons just to have more privacy. Some slow down Firefox more than others, and it takes time to setup everything.
I would hope for Polaris to be a one-switch-thing that doesn't require much or any setup (the door hangers stuff seems to be just fine now that i tried it) and that doesn't affect performance the wrong way (in fact id hope for the feature to just be on by default...)
The ads issue is one that's difficult to deal with. If it was up to me i'd just block all ads on the pretext that Firefox is now clearly the underdog and deal with consequences when marketshare rises again.
One issue with DNT-style whitelisting is that anyone can say they dont track you but still have all the information needed for tracking (and optionally they can also lie, or half-lie, or what not if they want to).
In my testing i noticed that other addons - while not as neatly implemented as tracking protection with polaris - do block a lot more tracking stuff right now (which is fine. polaris is new)
While this is welcome, I still feel goosey using Firefox given its (I believe still) lack of sandboxing. Privacy and security go hand in hand, and recent Pwn2Own competitions haven't been kind to Firefox.
A patch to enable the content process sandbox by default was posted for review a few days ago: http://bugzil.la/928044
The sandboxing implementation isn't complete yet (it requires separate work for each OS that Firefox supports) and there's a significant list of known issues before this can be turned on in release builds, but there is now a team working full-time on this project, so it should improve quickly.
as noted in the bug, those "features" are both apparently opt-in, which complies with AMO policies ("no surprises") which existed before that add-on update was submitted
Mozilla do not own the rights to the addons, they only act as a distribution point. if you want to blame someone, blame the original developer for selling access to WIPS
Read the user reports. The "opt in" is "an offer you can't refuse". If you don't opt in to the spyware, it blocks some major sites, until you remove the whole add-on.
Mozilla used to run job ads: "Work for mankind, not for the man". That's now about as relevant as Google's "Don't be evil."
the addon works exactly as intended by the developers of said addon
its dickish by the developer, but its not pulling surprises, and you are able to move to competition
There are bad eggs, but the rules work. The bad eggs must ask permission to be bad
Mozilla taking over random add-ons would be worse for the end-user, and would be worse for Mozilla, as they would then have to start maintaining the addons (at least, this is what it seems you are implying, considering the addons were /not/ in a working state before the developer sale, the only way Mozilla (which you specifically blame for this) could make those addons viable is if they started maintaining them against the developer's wishes (reminds me of Apple deleting competition to their new upcoming apps))
They haven't even finished maintenance on Firefox itself. Maintaining every small forgotten plugin, along with dealing with the legal issues that would arise from that, would be a fairly impossible task.
Of course, you probably wouldn't expect them to maintain /every/ small forgotten plugin, but where do you draw the line? How useful does an addon need to be to be directly taken over by Mozilla?
Mozilla has an add-on review process, "AMO". It's weak on privacy rules. I was just looking at the source code for DoNotTrackMePlus. It's in "all the code on one line" style. One wonders how that got through AMO. After some ed-obfusiciation, it's kind of scary. It can tell when you're typing in a credit card number, and tries to sell you their "credit card masking" service. The code encapsulates XMLHttpRequest in a function called "n", so it's hard to find all the places it phones home.
If you have DoNotTrackMePlus installed, I'd recommend un-installing it. Ghostery has a better reputation and fewer unwanted features.
37 comments
[ 3.1 ms ] story [ 61.7 ms ] threadhttps://support.mozilla.org/en-US/kb/tracking-protection-fir...
At some point, the goals of advertisers and privacy advocates may conflict in ways that may be difficult to reconcile, especially if advertisers (via Google & many other popular services) retain lots of bargaining power from the outset in the ensuing policy discussions.
As someone who works in the industry I understand and respect the desire of privacy advocates to push back against practices they disagree with, but the view advanced by many that the ad industry would work just fine if ads could not be targeted based on behavior seems willfully wrongheaded.
If advertisers can't target based on behavior, they can't get high enough click rates and conversion rates. If they can't get those, their advertising is unprofitable. If their advertising is unprofitable they will stop buying it.
Right. That's a scenario I wish the privacy advocate folks at places like Mozilla were more up front about.
You can now beat "free with ads" on price. This is important.
[citation needed]
but as one example, the amount of person-hours that go into building a functional NoScript surrogate that can be used to block google analytics tracking without breaking the functionality of major websites is significant, and most 'ad blockers' either don't block the most common trackers because they've been paid off by advertisers (adblock plus) or only block one or a handful of many known means of tracking users (e.g. the last time i looked at disconnect.me, it didn't touch TLS-based identifiers like SessionID, tickets, etc. that Google is thought to use).
i think we have to move past some of the opacity/ambiguity that undermined previous attempts to reconcile the interests of users and advertisers, too. for example in the eyes of PrivacyBadger, an advertising company hosting jQuery or a font basically meant that my preferences about the same company tracking me, persistently, across most of the world's major websites could be trivially circumvented as long as that company could interpolate their server logs with other information. privacybadger probably still improved many users' privacy, but i think there's a lot of nuance that's extremely important to clarify as mozilla's work on this progresses.
it's a big fight, but an important one.
And who underwrites the underwriters? We do! It's a lie that ads give people content and services for free (explained below). If Mozilla truly wants to fight for users, it needs to end its reliance on advertising revenue, and help invent honest ways for content and service creators to get paid by end users. We are a creative industry. We can find ways to do this while also keeping access open to the fraction of the population that can't afford to pay (which per below would only be people who don't buy advertised products).
I know this truth is hard to swallow for an industry that has grown so dependent on ads. As Upton Sinclair said, "It is difficult to get a man to understand something when his salary depends upon his not understanding it." But if we are to do the right thing, we have to really think about the truth:
1. The advertisers who pay web providers get their money from us, added to the prices of other things we consume. There is no free lunch.
2. The overhead cost of advertising is huge and we pay for that too.
3. We pay the opportunity cost of a product that cannot put users first because ad-supported web providers live or die by giving advertisers what they want (and what we want indirectly and secondarily). This includes both the cost of lost privacy as well as business, editorial and design decisions that optimize for advertising revenue. As has been said, they are using us as products more than treating us as their paying customers. Let me restate to be extra clear: WE are the paying customer, but we don't look like that to their finance department.
4. We pay for all the collateral damage of advertising, such as the tremendous amount of link-bait and other garbage that advertising perversely incentivizes.
5. We pay the social costs. Whether or not you agree with the social costs laid out in the above article, I'm sure most can agree democracy and the free market assume people make voting and purchasing decisions based on facts and reason. Advertising undermines democracy[1] and the free market[2]. Advertising is predominantly about manipulation and deceit. I believe the social costs are the most expensive.
Added together, we end users are paying a lot more for "free" product than if we could just straight up pay for it. And even we non-users are paying the social costs and collateral damage.
Ads are simply a sneaky and dishonest way to get at end users' money without them realizing it.
-
[This is a condensed version of a more detailed case with reference links that I made here: https://news.ycombinator.com/item?id=7485773]
[1] You don't need me to explain. We all know that money often overwhelmingly decides who gets to run in an election, plays a big part in who wins, and influences what legislation they introduce, support or fight.
[2] http://www.chaosisgood.com/2013/03/how-advertising-undermine...
https://air.mozilla.org/subscribe2web/
subscribe2web doesn't yet seem to solve what to me is the key part of the problem: in order for me to pay to opt out of ads, i still have to link my payment information to someone with a relationship to mozilla or some one else, and enable them to track what i read in order to distribute the funds. that's not necessarily better than google analytics and google ads...it's just different. and when it gets baked into the browser by default, it's potentially even more problematic than the status quo in certain ways.
This is even less than I had estimated. I need to dig into this number further.
Thanks for the link. This issue is a project of mine and it helps me a lot.
https://github.com/sandstorm-io/sandstorm
Should something like Sandstorm take off, then we're still stuck with an application distribution model that destroys the split between client/server that allows a diverse set of clients to exist, destroys the ability for clients to be versioned independently of the server, and destroys the ability for clients to manage data in a way that it can't be read/captured/stolen by the server.
1)"destroys the split between client/server that allows a diverse set of clients to exist"
2)"destroys the ability for clients to be versioned independently of the server"
3)"destroys the ability for clients to manage data in a way that it can't be read/captured/stolen by the server"
In response:
1) One could create any number of clients to interact with backend software that they control.
2) No idea what you are talking about here; perhaps you can explain more specifically the problem. I don't think this matters. At all.
3) The whole idea is that the user controls the client and server so the data is supposed to be able to be read.
All in all, I'm curious what a solution to the privacy issue would look like that would satisfy your criteria. Any proposals?
No server other than a gateway at the house. Peer-to-peer sync.
If centralized servers are required, perhaps someday we'll have the keying/trust infrastructure necessary to deploy sandboxed code that can't be introspected externally, e.g., using Intel SGX.
There are also many third-party add-ons out there: NoScript, Privacy Badger, Disconnect, DoNotTrackMe, Ghostery, etc. I don't think we want to compete with them but rather give them all more powerful tools to create more anti-tracking options for users. (EDITED to remove pronouns, fix misspells)
I suspect you already know what users want: no ads on the web at all, but also no change to the everything-is-free paradigm those ads enable. As what they want cannot be delivered, you will encounter the same problems as all previous attempts.
I must say Im a little unhappy about installing 10 addons just to have more privacy. Some slow down Firefox more than others, and it takes time to setup everything.
I would hope for Polaris to be a one-switch-thing that doesn't require much or any setup (the door hangers stuff seems to be just fine now that i tried it) and that doesn't affect performance the wrong way (in fact id hope for the feature to just be on by default...)
The ads issue is one that's difficult to deal with. If it was up to me i'd just block all ads on the pretext that Firefox is now clearly the underdog and deal with consequences when marketshare rises again.
One issue with DNT-style whitelisting is that anyone can say they dont track you but still have all the information needed for tracking (and optionally they can also lie, or half-lie, or what not if they want to).
In my testing i noticed that other addons - while not as neatly implemented as tracking protection with polaris - do block a lot more tracking stuff right now (which is fine. polaris is new)
A patch to enable the content process sandbox by default was posted for review a few days ago: http://bugzil.la/928044
The sandboxing implementation isn't complete yet (it requires separate work for each OS that Firefox supports) and there's a significant list of known issues before this can be turned on in release builds, but there is now a team working full-time on this project, so it should improve quickly.
Tracking bug for sandboxing: https://bugzilla.mozilla.org/showdependencytree.cgi?id=92557...
General docs on process separation: https://wiki.mozilla.org/Electrolysis
There's an add-on for Mozilla which will block a list of URLs called BlockSite. Unfortunately, it's both spyware and adware. (https://addons.mozilla.org/en-US/firefox/addon/blocksite/) A company, WIPS, bought up a large number of abandoned Mozilla add-ons and put in tracking code that tracks all URLs browsed. That was OK with Mozilla's head of add-ons, Jorge Villalobos. (https://bugzilla.mozilla.org/show_bug.cgi?id=903799). Many users were very angry about this. (http://forums.mozillazine.org/viewtopic.php?f=38&t=2737553)
That's when the Mozilla Foundation officially sold out. They can't be trusted on privacy issues.
Mozilla do not own the rights to the addons, they only act as a distribution point. if you want to blame someone, blame the original developer for selling access to WIPS
Mozilla used to run job ads: "Work for mankind, not for the man". That's now about as relevant as Google's "Don't be evil."
its dickish by the developer, but its not pulling surprises, and you are able to move to competition
There are bad eggs, but the rules work. The bad eggs must ask permission to be bad
Mozilla taking over random add-ons would be worse for the end-user, and would be worse for Mozilla, as they would then have to start maintaining the addons (at least, this is what it seems you are implying, considering the addons were /not/ in a working state before the developer sale, the only way Mozilla (which you specifically blame for this) could make those addons viable is if they started maintaining them against the developer's wishes (reminds me of Apple deleting competition to their new upcoming apps))
They haven't even finished maintenance on Firefox itself. Maintaining every small forgotten plugin, along with dealing with the legal issues that would arise from that, would be a fairly impossible task.
Of course, you probably wouldn't expect them to maintain /every/ small forgotten plugin, but where do you draw the line? How useful does an addon need to be to be directly taken over by Mozilla?
If you have DoNotTrackMePlus installed, I'd recommend un-installing it. Ghostery has a better reputation and fewer unwanted features.
the review process isn't against obfuscation, its only against addons which it is prevented from reviewing.
the credit-card thing is mentioned on the description of the addon, same for also the email-muckery stuff
> The code encapsulates XMLHttpRequest in a function called "n", so it's hard to find all the places it phones home.
I honestly don't see how that would make it much harder, personally? just mentally alias `n` to `XMLHttpRequest`
--- ghostery still has a tracking opt-in though, which can be too much for some
Privacy Badger seems to be the "best" bet soon, all automated without any inbuilt knowledge, which is fairly nice.
ghostery probably does similar, and to a better degree currently, but... simply put, I trust EFF more