this post was submitted on 17 Jun 2024
178 points (98.4% liked)

Firefox

17937 readers
55 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 59 points 5 months ago (1 children)

I said this in the other thread but it bears repeating.

Data-driven marketing and privacy are diametrically opposed.

If I want to advertise to pregnant teenagers looking at bus tickets, even if I have something helpful to say, that is a huge privacy violation to those people. And even if you say, I can't see who's being advertised to, I can see who clicks on the ads, even accidentally. Now I know a whole lot about them

[–] sugar_in_your_tea@sh.itjust.works 7 points 5 months ago (2 children)

I can see who clicks on the ads

Any privacy-focused advertisement program needs to prevent this. Clicking on privacy-oriented ads should be handled locally and anonymous statistics sent to Mozilla for revenue collection. There should be zero way to connect my identity with any interaction with ads.

If they can manage that, I'll disable my ad-blocking on those sites that opt-in. But I'm not giving up any of my metadata. My metadata stays on my machine, so if they want to advertise to me, they need to abide by that.

[–] possiblylinux127@lemmy.zip 1 points 5 months ago (1 children)
[–] sugar_in_your_tea@sh.itjust.works 6 points 5 months ago (1 children)

It's how they should work.

When I get an ad in the mail, the advertiser doesn't know that I actually looked at it. When I grab a newspaper ad at the store, the advertiser doesn't know that I did that unless I use a coupon or something.

That's how I'd like online ads to work, but with a bit of targeting based on local-only data.

If they want me to look at ads, they're going to need to respect my privacy. If not, I'm content leaving my ad-blocker enabled.

[–] possiblylinux127@lemmy.zip 3 points 5 months ago (1 children)

The whole point of targeted advertising is that you get to bid on people you want. You want a old fat guy in Oklahoma? Done You want to advertise gambling apps to people who have a history of gambling? Done.

That's certainly true from Google's or Meta's perspective, but it wasn't always that way.

I get ads in my mailbox that are completely irrelevant to me, like Medicare ads (probably for the previous owner). As a kid, I watched lots of ads on TV that definitely weren't applicable to me (e.g. cutco knives, when I wasn't old enough to use a knife). I see billboards on my way to work for debt relief (not in any debt, aside from mortgage) and addiction recovery (no addictions here). Companies pay quite a bit for those ads even if they won't be relevant for most people because of the sheer reach of those ads.

I'm proposing a middleground. Ad companies don't get as accurate of targeting for ads, but in exchange they get seen by people who would otherwise block them.

[–] jet@hackertalks.com 1 points 5 months ago (1 children)

I'm not sure how that's physically possible. Any data-driven marketing strategy that results in clicks, somebody just makes a very narrow campaign and then measures the clicks. Anybody who clicks matches the data targeting.

If the goal is to drive clicks, and not just like expose you to a logo passively, I don't see how it's physically possible to do anything else

[–] sugar_in_your_tea@sh.itjust.works 3 points 5 months ago* (last edited 5 months ago) (1 children)

Like this:

  1. Mozilla runs some algorithm to categorize browsing history
  2. Advertisers send an ad compaign to Mozilla targeting certain categories
  3. Firefox downloads those campaigns regularly and notifies websites that the client has opted-in to local ads
  4. Website doesn't display ads, and Firefox replaces ad areas with locally-driven ads
  5. Any clicks/views are recorded locally and reported periodically to Mozilla in an anonymized fashion (e.g. distribution of categories among views and clicks, distribution across domains, etc); clicks open in a new tab with no tracking other than the ad image that was clicked (e.g. if it was a product, the server can redirect to that product page)
  6. Mozilla bills advertisers using click and view stats; advertisers only get summarized, aggregated data

That's what I thought Brave was promising, and that's what I hope Mozilla is planning. I doubt Mozilla will deliver, but hope springs eternal. If anyone can do it, it's Mozilla, I just doubt they will.

[–] jet@hackertalks.com 2 points 5 months ago (1 children)

5 is the problem. If you click through to anything, the person who gets the clicks knows what campaign you came from.

[–] sugar_in_your_tea@sh.itjust.works 3 points 5 months ago (1 children)

Sure, but that wouldn't identify you, and that's the important part. And they'd only know that if you actually click. I guess they could try the fingerprinting route, but Mozilla could also make strict policies that any company caught doing that would have their ad agreement rescinded.

I doubt ad companies would get on board with that, but those are my requirements. I'm happy to look at ads, provided my privacy is maintained.

[–] jet@hackertalks.com 2 points 5 months ago* (last edited 5 months ago) (1 children)

I'm not sure that's true.

Advertisement campaign a, takes people to landing site b.

Anybody who shows up at site b, you know was targeted and campaign a.

And if you're saying b is some generalized large domain, I promise you no advertiser would ever do that. They would set up subdomains, or campaign specific domains, any landing page where they know where you're coming from. And there's no way to stop them from doing that

At its core, most online advertising is just about a campaign to send people to a location. And if you can specify the campaign, and you can specify the location, you know which people came from that campaign and what they're advertisement factors are

[–] sugar_in_your_tea@sh.itjust.works 1 points 5 months ago (1 children)

Advertisement campaign a, takes people to landing site b.

Mozilla would be in charge of how long campaigns run, and what types of URLs would be allowed. The alternative is those ads get blocked and the advertiser gets nothing.

So yeah, the advertiser could tell that a Firefox user visited a given link, but they couldn't identify anything in particular about that user, other than their search history matched one of the criteria for the campaign.

That's honestly pretty acceptable. Other advertisers know the site the ad was served on, cookies from that site, potentially a nonce per user, etc. This method strips most of that, and only lets them know that it was a Firefox user during a given campaign. Mozilla could do audits to check if they're doing anything more to fingerprint users, and if so, drop the advertiser.

If those users would otherwise block ads, theoretically those advertisements are more valuable because those users are much harder to target. So advertisers may be willing to compromise here, since the alternative is no revenue. Mozilla would share revenue with sites, so there's an incentive for websites to opt-in as well.

[–] jet@hackertalks.com 1 points 5 months ago (1 children)

I see what you're saying, but I don't think there's any universe where an advertiser will pay for traffic without any way to identify that that traffic came from an advertisement campaign

Let me use an illustrative example,

An advertiser selects middle class, obese, yet healthy minded people to receive an ad for their Fatboy Summer fitness campaign

The landing page of this campaign, is not the main site for a gym, but a Fatboy Summer specific landing page with a special offer etc etc etc all very reasonable. If you click on the link you want to find more information about their special campaign offer.

The fact that that landing page will be specific to the advertisement campaign is a given, it's just a necessity of the transaction. Knowing these two pieces of information, you know anybody who ended up at that landing page is middle class, obese, but hopeful about getting healthy.

This is why targeted advertisements and privacy are diametrically opposed

[–] sugar_in_your_tea@sh.itjust.works 1 points 5 months ago* (last edited 5 months ago)

Perhaps. But they can also intuit that if someone gets to the landing page without clicking the link, because that's what that program appeals to. They also likely have a variety of other categories as well, such as non-obese and non-fit, lower class but living with parents, upper-class and single, etc.

But the important thing is that they wouldn't know which website the ad was served from or a unique identifier from the website to correlate to other data. If it's replacing Google or Facebook ads, that can be a lot of data, including my occupation, hobbies, accounts at other websites, etc. If all they get is that I was at least a >X% match for their ad-campaign through Mozilla, I'm fine with that. I can always clear/prune my browsing history to reset what types of categories I fall into.

But yeah, I get that many advertisers aren't going to be interested giving up that much data. However, if the alternative is no ads whatsoever, maybe that's attractive enough that they buy in. Idk, but that's my policy. If the ads won't respect my privacy, I'll block them. That's my line in the sand. If Mozilla offers a product I'm okay with, I'd be willing to disable my ad-blocker for those sites that opt-in.