"Firefox added [ad tracking] and has already turned it on without asking you"

Original Article ↗ Hacker News Discussion ↗

What Firefox changed

  • Firefox 128 adds an experimental “Privacy Preserving Attribution” (PPA) / Private Attribution API.
  • It is enabled by default, exposed as a checked box under:
    Settings → Privacy & Security → Website Advertising Preferences.
  • A corresponding about:config pref is dom.private-attribution.submission.enabled (true by default); toggling it disables/enables the checkbox.
  • Feature is only active via “origin trials” on a small set of test sites, per Mozilla docs.

How it works (per discussion)

  • Browsers store “impressions” when ads are seen and later report “conversions” when users perform actions on destination sites.
  • Data is aggregated via a Distributed Aggregation Protocol (DAP) server; differential privacy is claimed to protect user identities.
  • A separate PrivateAttribution.sqlite database stores >64-bit “supercookies” outside the normal cookie system, shared across containers and (earlier) private/non-private sessions.

Privacy & trust concerns

  • Many see enabling this by default, with weak up-front disclosure, as a serious breach of trust from a browser that markets itself on privacy.
  • Concerns include:
    • No UI to manage or inspect these supercookies or whitelist participating ad domains.
    • Breaking expectations around container isolation and certain privacy prefs (e.g., privacy.firstparty.isolate).
    • Reliance on non-technical guarantees: the aggregation server operator must be trusted not to misuse individual-level data.
  • Some argue that “privacy-preserving” ad attribution is inherently suspect; others say differential privacy is real but easy to misuse.

Business model & funding debate

  • Strong debate over Mozilla’s funding: dependence on Google search revenue vs. adtech features vs. donations or paid browser models.
  • Some would pay substantial recurring fees for a tracking-free Firefox; others doubt enough users would pay to fund a full browser team.
  • Frustration that users cannot donate specifically to Firefox development.

Alternatives & responses

  • Suggestions include:
    • Disable via UI or dom.private-attribution.submission.enabled = false.
    • Use forks (e.g., LibreWolf, Mull, Fennec) or other paid/privacy-focused browsers.
    • Some still view Firefox as more privacy-friendly than Chrome; others now question recommending it at all.

Bigger-picture debates

  • Whether “privacy-friendly ads” are a viable or ethical compromise.
  • Whether browsers should support any ad attribution APIs when simpler, older techniques (coupon codes, surveys) exist.
  • Broader worries about Google’s “Privacy Sandbox” stack and concentration of web power.