Vincent @ Vincent @feddit.nl

Posts

121

Comments

636

Joined

2 yr. ago

Or more importantly, forbids the use of privacy-invasive methods of measuring ad performance.

Here:

When a user interacts with an ad or advertiser, an event is logged in the browser in the form of a value. That value is then split into partial, indecipherable pieces and then encrypted. Each piece is addressed to a different entity — one to Divvi Up at ISRG and one to Mozilla — so that no single entity is ever in possession of both pieces. (...) As an additional protection, the pieces are submitted to Divvi Up and Mozilla using an Oblivious HTTP relay operated by a third organisation (Fastly). This ensures that Divvi Up and Mozilla do not even learn the IP address of the indecipherable piece they receive.

Because the proposal itself is good? I am not tribal enough to reject world peace if Facebook proposes it.

I also don't see how the proposal would lead to a Facebook monopoly.

...except when you assume that data gets leaked despite literally nobody having been able to point to anything that indicates that it's happening?

That is a bit confusing, but the feature called "Fingerprint Protection" (i.e. blocking known fingerprinters) isn't the only protection built in. I'm not motivated enough to find a full list right now, but it also includes e.g. limiting the information in the User Agent header. I did at least find a list of things that were worked on at some point by searching for "Tor uplift", which is a good starting point if you'd like to find more: https://wiki.mozilla.org/Security/Fingerprinting

I'd also add that actually blocking requests to known fingerprinters does help. It's more like camera's getting disabled when you're around: sure, from the point of view of the camera, it's suspicious that it stopped working, but it can't see you, so it doesn't know who is standing out.

Great to hear! I've never used Redox either, so no idea how well that works too.

OK, fair enough, that was me allowing myself getting sidetracked. You still haven't answered the earlier question about what extra data PPA provides anyone, though. I'll leave it at that unless you can name one concrete piece of data.

In particular, these claims never get accompanied by examples of what extra data these companies get through PPA. Presumably, because there is none.

What more do you think should be done to stop fingerprinting, and does that involve sacrificing usability?

(Also, "almost nothing" feels like a gross exaggeration? Just the Tor Uplift project brought in lots of measures, quite a few of which could even be enabled by default.)

Again, bringing Fakespot and Anonym is just moving the goalposts. You were complaining about PPA, and have failed to mention concrete data points that shares about you. It's really not interesting to move on to another subject only to have the goalposts moved again.

It's just more communication about the same thing. Started out with just a mention in the release notes and a checkbox in the settings, which clearly wasn't enough (hence your calling it "silently"), then a more elaborate response on Reddit, and now this more detailed blog post outside of Reddit's walled garden. And I'm sure it's not the last we'll hear of it. (I'd be curious about the experiment's results too, for example.)

No, of course not :) I am proposing that governments curb privacy-invasive tracking, i.e. that the only way advertisers will have left to measure the impact of their ads, is non-invasive methods like PPA.

Mozilla by itself doesn't have the influence to change it, but with Mozilla's help (i.e. this experiment), others do. Specifically, legislators can have more freedom to implement strict privacy-protecting measures if they have proof that an alternative is available that doesn't cost lots of voters their jobs.

There's also the bit where if it doesn't work out no real harm is done (to users - there's obviously reputation damage to Mozilla now): people who already block things by default are not affected at all, and no new information is shared about those who don't. Whereas the upside if it does work out is enormous. In other words, low risk, high gain. Even with low odds, that's a path worth exploring.

I'm not sure when something counts as hype vibes and what the problem with that would be.

It's a pretty good editor, way faster than VSCode on my machine, but I'm also missing a bunch of features. Those seem unimportant enough compared to the speed for now, so I've switched, but switching editors is easy, so I might switch back later. And if other editors get on my radar, I might try them for a bit too. Hype or not, no real harm done.

I'm very curious how buggy it's going to be. (Obviously very during alpha, but I'm talking release.) They seem to be betting big on customisability, and a myriad of different setups is like a fly trap for bugs, in my experience.

But at the same time, a modern language like Rust provides lots of help to prevent a bunch of them, and they might be very talented programmers, so who knows!

They've committed to not changing any displayed text ("strings"), so that translators have time to translate everything.

So you agree with #1 but are upset I have not provided specifics...

No; I have claimed that it doesn't collect personal data. You're disputing that claim, but if you can't mention a single piece of data, then I'm not inclined to believe you. (Fakespot and Anonym are completely unrelated to PPA. I'm not necessarily interested in branching out to discussing those as well, though I expect that we're more aligned on them anyway.)

Regarding the claim that Mozilla is good and Google is bad, that's based on a presumption.

No, I'm claiming that Google's actions in the past have been worse than Mozilla's, and I have named concrete actions that Google has done that Mozilla has not.

But go on, keep on telling people to avoid Mozilla, and see if that'll bring us a better world.

Luckily Gecko still exists. And who knows, maybe Servo will make it one day (but the odds are stacked against both them and Ladybird anyway).

De vitamines? Maar is dat dan alles - dacht iemand, "wat wij nodig hebben is dit, maar dan met wat vitamines toegevoegd"? Waarom hebben we dan geen extra-vitamines-versie van alle andere producten? Wat maakt halvarine speciaal?