European digital rights group NOYB (None Of Your Enterprise) has filed a privateness criticism with the Austrian information safety watchdog (DSB) in opposition to Mozilla, alleging the corporate makes use of a Firefox privateness characteristic (enabled with out consent) to trace customers’ on-line conduct.
The characteristic, referred to as “Privateness-Preserving Attribution” (PPA) and collectively developed with Meta (previously Fb), was introduced in February 2022 and was robotically enabled in Firefox model 128, launched in July.
NOYB’s criticism claims that, regardless of its title, Mozilla makes use of the characteristic to trace Firefox person conduct throughout web sites.
“Opposite to its reassuring title, this know-how permits Firefox to trace person behaviour on web sites. In essence, the browser is now controlling the monitoring, slightly than particular person web sites,” the privateness advocate group mentioned.
“Whereas this is perhaps an enchancment in comparison with much more invasive cookie monitoring, the corporate by no means requested its customers in the event that they wished to allow it. As a substitute, Mozilla determined to show it on by default as soon as individuals put in a latest software program replace.”
In keeping with NOYB, PPA allows Firefox to retailer information on customers’ advert interactions and bundle that info for advertisers. Mozilla claims this technique enhances privateness by measuring advert efficiency with out particular person web sites amassing private information.
Nonetheless, NOYB says that a part of the monitoring is completed in Firefox, interfering with person rights underneath the EU’s Common Information Safety Regulation (GDPR).
“Mozilla has simply purchased into the narrative that the promoting trade has a proper to trace customers by turning Firefox into an advert measurement instrument,” Felix Mikolasch, information safety lawyer at NOYB, added.
“Whereas Mozilla might have had good intentions, it is extremely unlikely that ‘privateness preserving attribution’ will exchange cookies and different monitoring instruments. It’s only a new, further technique of monitoring customers.”
In a July assist doc, Mozilla described PPA as a “non-invasive various to cross-site monitoring,” designed to assist advertisers assess the effectiveness of their adverts with out sharing info on customers’ on-line conduct.
Mozilla additionally insists that PPA does not share looking info with third events, together with the corporate itself, and that advertisers solely obtain aggregated information about advert efficiency.
“PPA doesn’t contain web sites monitoring you. As a substitute, your browser is in management. This implies robust privateness safeguards, together with the choice to not take part,” Mozilla says.Â
“PPA doesn’t contain sending details about your looking actions to anybody. This contains Mozilla and our DAP companion (ISRG). Advertisers solely obtain mixture info that solutions primary questions concerning the effectiveness of their promoting.”
Firefox customers can disable the PPA characteristic by opening the net browser’s Privateness & Safety settings and unchecking the choice labeled “Permit web sites to carry out privacy-preserving advert measurement.”
“There is not any query we should always have completed extra to interact exterior voices in our efforts to enhance promoting on-line, and we’re going to repair that going ahead,” a Mozilla spokesperson instructed BleepingComputer on Wednesday.
“Whereas the preliminary code for PPA was included in Firefox 128, it has not been activated and no end-user information has been recorded or despatched.
“The present iteration of PPA is designed to be a restricted take a look at solely on the Mozilla Developer Community web site. We proceed to imagine PPA is a vital step towards bettering privateness on the web and look ahead to working with NOYB and others to clear up confusion about our method.”
Replace September 25, 15:13 EDT: Added assertion from Mozilla.