"Ad measurement" must disclose to the user, and offer a chance to revoke, the data it collects
Categories
(Firefox :: Settings UI, defect)
Tracking
()
People
(Reporter: andi.m.mcclure, Unassigned, NeedInfo)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
282.18 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Steps to reproduce:
Firefox 128 has a "privacy-preserving ad tracking" feature on by default. Because features like cookies have been restricted to make it harder for ad companies to gather information relevant to their business, some browsers have started adding in backchannels to directly feed those ad companies the information they want. I believe Firefox should not be participating in this (see my other bug 1907659), but that is not the point of this bug.
The problem is that Firefox's new ad-tracking feature does not offer the transparency and control features that were offered for the previous features potentially used for tracking (i.e., cookies and site data).
Actual results:
Firefox's explanation of the tracking feature ( https://support.mozilla.org/en-US/kb/privacy-preserving-attribution?as=u&utm_source=inproduct ) says:
"Websites... can ask Firefox to remember... ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad"
Imagine an ad network is tracking me via cookies. In Firefox's "Privacy and Security" tab, I can click "Manage Data" and see what sites have stored cookies. I can also delete them. However, the new tracking feature does not offer a way to view a list of which "impressions" have been stored, and I cannot delete the "impressions" already stored. (The feature, as shown in the attached screenshot, has only a checkbox to turn it off, and a "Learn More" link.) In my view, this means that being tracked by your allegedly "privacy-preserving" tracking is worse for my privacy and autonomy than being tracked via cookies (regardless of what "differential privacy" snake-oil you have applied), because I am not given the control and transparency over the process that cookies previously provided.
Meanwhile, Firefox's explanation goes on to explain that the information is "encrypted" (by who?) and "submitted anonymously" (from where?) as part of a report called the "DAP". When Firefox 128 was installed, you automatically enabled this ad tracking feature without my consent, and it was turned on for an unknown amount of time before I discovered and disabled it. This means that possibly information gained from tracking my browsing behavior has already been collected and submitted by Firefox, but I am given no way to view what snitching you've done and to whom, and I am given no way to request that the data (recorded without my awareness or consent) be removed from the dataset. I am not in the EU, but if you have done this to users in the EU, I would ask the question of whether you are actually following your obligations under the GDPR.
Expected results:
Expected behavior: In addition to the ability to turn your "privacy-preserving" ad-tracking off, GUI should be provided to
- View what impression data has been recorded by Firefox.
- View which of these impressions have been disclosed to the ad networks.
- Partially or entirely delete this impression data.
Such features should have been considered mandatory before including the ad snitching feature in a stable-release Firefox-- much less before automatically enabling the snitching without informing the user.
Notes: Although this is technically a feature request, I have filed it as a defect report because I believe without this improvement the feature as shipped is broken to the point of being actually dangerous. I am using the Ubuntu Snap version of Firefox on Ubuntu Linux, but I believe that my configuration is not relevant to this issue.
Comment 1•7 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
![]() |
||
Updated•7 months ago
|
Note: Distinct from the issues above, but related, is this issue on Github: https://github.com/mozilla/policy-templates/issues/1130 claiming missing templates/UI for the group policy setting related to this feature. This would be another example of how, although this ad measurement feature is supposed to be (and advertises itself as) more privacy preserving than the legacy ad tracking features it attempts to replace, it is missing the privacy controls that those previous features had.
Comment 3•7 months ago
|
||
Emilio, could you take a look, given that You implemented the preference UI for the advertising preferences?
Comment 4•7 months ago
|
||
I don't think this is necessarily a bad idea but would need a bit of UX input, and also input from Brendan, as to what is stored in the databases here and can be exposed.
Updated•7 months ago
|
Comment hidden (metoo) |
Description
•