Facepalm: Mozilla recently introduced a controversial technology designed to help advertisers while preserving users' privacy. However, a European privacy watchdog says that while it's "less invasive" than tracking cookies, it is still tracking without consent. It has asked regulators to open a GDRP investigation.
Mozilla introduced the Privacy-Preserving Attribution API with Firefox 128, stating that it would measure ad "performance" without employing third-party servers to track what Firefox users were doing online. The European Center for Digital Rights, also known as Noyb (none of your business), has now filed a complaint against the US company, lamenting that the new API is just switching control of the tracking process to the browser instead of eliminating it.
Nyob claims that Firefox is tracking users now instead of individual websites. Privacy-conscious users could consider this an improvement over traditional behavioral profiling with invasive cookies. However, Mozilla doesn't ask users for permission and enables the feature by default. The opt-out feature is similar to Google's Privacy Sandbox initiative, which promised to kill third-party cookies using browser-based tracking but failed.
While PPA is considered a less invasive tracking alternative in the US, Nyob stated, it still violates Europe's General Data Protection Regulation.
"Mozilla has just bought into the narrative that the advertising industry has a right to track users by turning Firefox into an ad measurement tool," said Nyob data protection lawyer Felix Mikolasch.
Users have not been informed or asked for consent about the new tracking API, and Mozilla doesn't even mention the feature in its policies. Users should always have the right to choose, and Firefox should turn off PPA tracking by default.
"It's a shame that an organization like Mozilla believes that users are too dumb to say yes or no," Mikolasch said.
Nyob is now asking the Austrian data protection authority (DSB) to investigate Mozilla and request that the company delete all "unlawfully" processed data. Mozilla recently explained that Privacy-Preserving Attribution was an attempt to usher in a "new era" for privacy and digital advertising – a prototype it would have proposed become a new standard approved by the World Wide Web Consortium.
As the DSB considers Nyob's complaint, Mozilla is in the earliest phase of PPA implementation. The organization confirmed that Firefox 128 included the feature's initial code. However, it remains unactivated and hasn't begun collecting, recording, or sending end-user data. Mozilla has already started limited testing of the PPA API on its Developer Network website, and the company still thinks this is the right approach to improve advertising and privacy online.
Firefox's upcoming "cookie-less" tracking comes under fire by Austrian privacy watchdog
