European digital rights group NOYB (None Of Your Enterprise) has filed a privateness grievance with the Austrian knowledge safety watchdog (DSB) towards Mozilla, alleging the corporate makes use of a Firefox privateness characteristic (enabled with out consent) to trace customers’ on-line conduct.
The characteristic, referred to as “Privateness-Preserving Attribution” (PPA) and collectively developed with Meta (previously Fb), was introduced in February 2022 and was routinely enabled for all customers in Firefox model 128, launched in July.
NOYB’s grievance claims that, regardless of its identify, Mozilla makes use of the characteristic to trace Firefox person conduct throughout web sites.
“Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites. In essence, the browser is now controlling the tracking, rather than individual websites,” the privateness advocate group mentioned.
“While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it on by default once people installed a recent software update.”
Based on NOYB, PPA allows Firefox to retailer knowledge on customers’ advert interactions and bundle that info for advertisers. Mozilla claims this technique enhances privateness by measuring advert efficiency with out particular person web sites amassing private knowledge.
Nonetheless, NOYB says that a part of the monitoring is finished in Firefox, interfering with person rights below the EU’s Basic Knowledge Safety Regulation (GDPR).
“Mozilla has just bought into the narrative that the advertising industry has a right to track users by turning Firefox into an ad measurement tool,” Felix Mikolasch, knowledge safety lawyer at NOYB, added.
“While Mozilla may have had good intentions, it is very unlikely that ‘privacy preserving attribution’ will replace cookies and other tracking tools. It is just a new, additional means of tracking users.”
In a July help doc, Mozilla described PPA as a “non-invasive alternative to cross-site tracking,” designed to assist advertisers assess the effectiveness of their adverts with out sharing info on customers’ on-line conduct.
Mozilla additionally insists that PPA would not share looking info with third events, together with the corporate itself, and that advertisers solely obtain aggregated knowledge about advert efficiency.
“PPA does not involve websites tracking you. Instead, your browser is in control. This means strong privacy safeguards, including the option to not participate,” Mozilla says.Â
“PPA does not involve sending information about your browsing activities to anyone. This includes Mozilla and our DAP partner (ISRG). Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising.”
Firefox customers can disable the PPA characteristic by opening the net browser’s Privateness & Safety settings and unchecking the choice labeled “Allow websites to perform privacy-preserving ad measurement.”
“There’s no question we should have done more to engage outside voices in our efforts to improve advertising online, and we’re going to fix that going forward,” a Mozilla spokesperson informed BleepingComputer on Wednesday.
“Whereas the preliminary code for PPA was included in Firefox 128, it has not been activated and no end-user knowledge has been recorded or despatched.
“The current iteration of PPA is designed to be a limited test only on the Mozilla Developer Network website. We continue to believe PPA is an important step toward improving privacy on the internet and look forward to working with NOYB and others to clear up confusion about our approach.”
