Because Google Chrome often faces complaints related to user privacy, settling a class action lawsuit last year that alleged that the browser tracked users’ browsing activity even when they browsed in the ‘Incognito mode,’ Firefox is often seen as better in terms of privacy.
However, that perception might not be totally correct, and Vienna-based digital rights group NOYB (None Of Your Business) has filed a complaint against Firefox’s parent company Mozilla with the data protection authority of Austria. The lawsuit accuses Firefox of tracking user behavior on websites without their consent along the same lines as Google’s Incognito Mode lawsuit. Here’s everything we know about this case and whether Firefox users should be worried about their data.
For context, Firefox experimented with a privacy-preserving attribution (PPA) in Firefox version 128. In its release it said, “Mozilla is prototyping this feature in order to inform an emerging Web standard designed to help sites understand how their ads perform without collecting data about individual people.”
Firefox Slapped with Privacy Complaint
The company pushed it as a privacy-enhancing feature and said, “By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web.” However, Firefox made this feature a default option and users had to disable the PPA in case they wanted to opt out.
Mozilla has quietly rolled out a new feature that allows the browser to track users' behavior as they search the web.#Mozilla #Firefox #privacy #Google https://t.co/cbB7F3WLIp
— CyberNews (@CyberNews) September 25, 2024
While the feature is a lot better than unlimited tracking, NOYB alleges that it interferes with user privacy under EU laws. The region has robust rules related to data privacy, and its General Data Protection Regulation (GDPR) privacy rules are among the most stringent globally, which barred Meta Platforms from training its large language models (LLMs) using data from users based in Europe. The company also had to offer ad-free versions of Facebook and Instagram in the EU after cajoling from the lawmakers.
Thanks to the EU’s Digital Markets Act (DMA), Apple won’t be able to offer its (yet-to-be-launched) Apple Intelligence in the region. The iPhone maker also agreed to third-party app stores in the EU and approved the Altstore PAL earlier this year.
NOYB Wants Mozilla to Go For Opt-In Functionality for PPA
Meanwhile, NOYB lashed out at Mozilla for making the PPA a default option and Felix Mikolasch, data protection lawyer at NOYB said, “It’s a shame that an organisation like Mozilla believes that users are too dumb to say yes or no.” Mikolasch added, “Users should be able to make a choice and the feature should have been turned off by default.”
The advocacy group, founded by privacy activist Max Schrems, says that Mozilla should inform users about its data processing activities. It also wants the browser to have an opt-in feature for the functionality instead of it being the default option, and delete all the data of affected users that it processed.
Firefox tracks you with 'privacy preserving' feature!
Without directly telling its users, Firefox has secretly enabled a so-called 'Privacy Preserving Attribution' (PPA):
'Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites. In… pic.twitter.com/V6PWu3f5zw
— CR1337 (@cryptonator1337) September 25, 2024
Firefox Says PPA Functionality Follows GDPR Rules
The PPA functionality in Firefox enables advertisers to get aggregate statistics to measure the effectiveness of their ads. According to Firefox, “Rather than collecting intimate information to determine when individual users have interacted with an ad, PPA is built on novel cryptographic techniques designed to protect user privacy while enabling aggregated attribution.”
Advertisers are not able to see which users see their ads and the PPA functionality keeps user data private. Firefox says that it was mindful of legalizations like GDPR while developing PPA and that it follows the regulations for the following reasons.
- Anonymity: Since Firefox does not share individual user data with advertisers, it believes it meets GDPR anonymity guidelines.
- Data minimization: According to Firefox, the PPA follows strict data minimization principles.
- Undetectable Opt-Out: The PPA has an undetectable opt-out feature which means that websites won’t be able to detect whether a user has the functionality enabled or disabled.
Going forward, Mozilla intends to expand the functionality and also engage with the community to address any concerns. It says, “Ultimately, our vision is to develop, validate, and deploy privacy-preserving technologies like PPA with the goal of ultimately eliminating the need for invasive tracking practices.”
NOYB does not agree with Mozilla and says, “While this may be less invasive than unlimited tracking, which is still the norm in the US, it still interferes with user rights under the EU’s GDPR. In reality, this tracking option doesn’t replace cookies either, but is simply an alternative – additional – way for websites to target advertising.”
Should Firefox Users Be Worried?
The tracking functionality of PPA looks less intrusive compared to some of the other browsers. From a user’s perspective though, the default opt-in feature appears a bit creepy and it might have been better if the users were given the option to voluntarily opt-in for the service instead of them having to opt out later.
A lot of users in the Mozilla community have lashed at the company for making PPA a default option with many pointing out that the company’s privacy features were the reason they used Firefox in the first place.
There are bound to be comparisons with Firefox’s much bigger rival Google which does not have much laurels to its name when it comes to user privacy. While Google settled the lawsuit over it collecting data when users were browsing in private mode and termed the lawsuit “meritless” it was forced to delete billions of data records that reflect private browsing.
Just like that infamous case where users were made to wrongly believe that they were not being tracked when browsing in incognito mode, here also users have reasons to feel cheated as most opt for Firefox based on the premise that it is better for their privacy as compared to the larger browsers which make no pretense about the fact that their key goal is to maximize profits – even if it comes at the cost of privacy.
NOYB alleges that Mozilla’s actions are not much different from Google’s, comparing the PPA to Google’s Privacy Sandbox which eventually failed.
What Could Come Next in the Mozilla Case?
Mozilla often markets itself as a privacy-focused browser and acquired AdTech company Anonym earlier this year which it said enables it “to help raise the bar for the advertising industry by ensuring user privacy while delivering effective advertising solutions.”
Meanwhile, as for the complaint from NOYB, the group has a reputation for targeting big tech companies which has resulted in fines for some. While the regulator is still to decide on the complaint, it won’t be surprising if Firefox has to make PPA an opt-in feature after explaining its supposed advantages to users, instead of it being the default option for users.