121
Discussion
Right. I’m getting tired of seeing people dump on Firefox and Mozilla about this thing in the release notes:
Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.
What is this? And why is it not something to get heated about?
Attribution is how advertisers know how to pay the right site owner when someone clicks on their ad. It’s important for ad-supported sites that clicks get attributed.
Right now, attribution is basically incompatible with protecting privacy. Advertisers use every method of tracking you can name, and some you can’t, to provide accurate attribution.
The Privacy Preserving Attribution API is an experimental way of informing an advertiser that someone clicked on an ad on a given site without leaking that it was you, specifically, who did that. Specifically, ads using the API ask Firefox to remember that they were seen, on what sites, and to what sites they lead. Then, when the user visits the destination site, the destination site asks Firefox to generate a report and submit it via a separate service that mixes your report with reports from other people and forwards these aggregated reports in large batches. Any traces that might be unique to you are lost in the crowd.
This is still experimental, being enabled by Mozilla on a site-by-site basis as developers request it. It’s not a free-for-all yet, and I can only find one entry on Bugzilla of a site who’s requested it.
That’s a requirement of being usable however. It has to be the default.