Share this article on:
Non-profit app developer Mozilla has been accused of tracking users of its Firefox web browser after enabling a privacy feature without its users’ consent.
Through a privacy complaint submitted to the Austrian Data Protection Authority (DSB), European digital rights group None Of Your Business (NOYB) has accused Mozilla of using a feature called “Privacy-Preserving Attribution” (PPA) to track its users.
The feature, which was launched in February 2022 and enabled in Firefox v128 when it was released in July this year, works by helping websites understand ad performance without collecting user data.
However, NOYB said that despite the feature’s name, Mozilla has been using it to track its users.
“Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites. In essence, the browser is now controlling the tracking, rather than individual websites,” NOYB said.
NOYB said that in essence, the feature allows Firefox to store data relating to user ad interactions, which it then can bundle and supply to advertisers.
While tracking cookies allow advertisers to track user ad interactions, the new feature would see advertisers needing to ask Firefox to store ad interaction information to receive it later, thus granting the privilege of the decision to the advertisers rather than the users themselves.
“While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it on by default once people installed a recent software update.”
NOYB added that while compared to tracking in the US, which is unlimited and much more invasive, Mozilla’s use of the PPA feature “still interferes with user rights under the EU’s GDPR (General Data Protection Agency).”
Data protection lawyer and NOYB member Felix Mikolasch said that the new move is dangerous and sets a standard that advertisers are entitled to track users.
“Mozilla has just bought into the narrative that the advertising industry has a right to track users by turning Firefox into an ad measurement tool,” he said.
“While Mozilla may have had good intentions, it is very unlikely that ‘privacy preserving attribution’ will replace cookies and other tracking tools. It is just a new, additional means of tracking users.”
In reference to Mozilla enabling the feature as standard rather than disabling and asking people if they would consent to the features use, Mikolasch said that the company is taking advantage of Firefox users.
“It’s a shame that an organisation like Mozilla believes that users are too dumb to say yes or no. Users should be able to make a choice and the feature should have been turned off by default.”
NOYB has requested that the DSB investigate Mozilla’s use of PPA and asked that Mozilla inform its users and “switch to an opt-in system,” and delete all data collected through the feature to date.
Update - 26/09/2024: Mozilla responded to Cyber Daily's request for comment saying that no end-user data was collected.
“There’s no question we should have done more to engage outside voices in our efforts to improve advertising online, and we’re going to fix that going forward. While the initial code for PPA was included in Firefox 128, it has not been activated and no end-user data has been recorded or sent,” said Christopher Hilton, director of policy and corporate communications at Mozilla.
“The current iteration of PPA is designed to be a limited test only on the Mozilla Developer Network website. We continue to believe PPA is an important step toward improving privacy on the internet and look forward to working with NOYB and others to clear up confusion about our approach.”