{"id":23185,"date":"2024-08-19T19:22:35","date_gmt":"2024-08-19T15:22:35","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=23185"},"modified":"2024-08-19T19:22:35","modified_gmt":"2024-08-19T15:22:35","slug":"mozilla-privacy-preserving-attribution-explained","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/mozilla-privacy-preserving-attribution-explained\/23185\/","title":{"rendered":"Privacy-Preserving Attribution technology by Mozilla"},"content":{"rendered":"

In July 2024, with the latest version<\/a> of its Firefox browser, Mozilla introduced a technology called Privacy-Preserving Attribution (PPA) \u2014 designed to track how effective online advertising is. The feature is enabled by default in Firefox 128.<\/p>\n

This has already caught the eye of online privacy advocates, and led to headlines like \u201cNow Mozilla too is selling user data\u201d. The clamor got so loud that Firefox CTO, Bobby Holley, had to take to Reddit<\/a> to explain to users what Mozilla actually did and why.<\/p>\n

Now\u2019s the time to take a closer look at what PPA is, why it\u2019s needed in the first place, and why it\u2019s appeared now.<\/p>\n

Google Ad Topics and Facebook Link History<\/h2>\n

First, a bit of backstory. As you may recall, way back in 2019 the developers of the world\u2019s most popular browser \u2014 Google Chrome \u2014 began hatching plans to completely disable support for third-party cookies.<\/p>\n

These tiny files have been tracking user actions online for 30 years now. The technology is both the backbone of the online advertising industry, and the chief means of violating users\u2019 privacy<\/a>.<\/p>\n

Some time ago, as a replacement, Google unveiled an in-house development called Ad Topics<\/a>. With this technology, tracking is based on users\u2019 Chrome browser history, and interaction history with Android apps. The rollout of Ad Topics was expected to be followed by the phasing out of support for third-party cookies in Chrome in H2 2024.<\/p>\n

Another major digital advertising player to develop its own user-tracking technology is Meta, which likewise relies on third-party cookies. Called Link History<\/a>, it makes sure that all external links in the Facebook mobile apps now get opened in its built-in browser \u2014 where the company can still snoop on your actions.<\/p>\n

The bottom line is that ending support for third-party cookies hands even more control over to Google and Meta \u2014 owner of the world\u2019s most popular browser and mobile OS, and of the world\u2019s most popular social network, respectively \u2014 while smaller players will become even more dependent on them.<\/p>\n

At the same time, user data continues to be collected on an industrial scale, and primarily by the usual suspects when it comes to claims of privacy violation: yes, Google and Facebook.<\/p>\n

The question arises: is it not possible to develop some mechanism to allow advertisers to track the effectiveness of advertising without mass collection of user data? The answer comes in the shape of Privacy-Preserving Attribution.<\/p>\n

Meet Prio, a privacy-preserving aggregation system<\/h2>\n

To better understand the history of this technology, we have to go back a bit in time \u2014 to 2017, when cryptographers Henry Corrigan-Gibbs and Dan Boneh of Stanford University presented a research paper<\/a>. In it, they described a privacy-oriented system for collecting aggregated statistics, which they called Prio.<\/p>\n

To greatly simplify matters, Prio is based on the following mechanism. Let\u2019s say you\u2019re interested in the average age of a certain number of users, but you want to preserve their privacy. You set up two (or more) piggy banks and ask each user to count out the number of coins corresponding to their age and, without showing them to anyone, randomly drop the coins into different money boxes.<\/p>\n

Then you tip the coins out of the piggy banks into a pile, count them and divide by the number of users. The result is what you wanted: the average age of the users. And if at least one of the piggy banks keeps its secret (i.e., doesn\u2019t tell anyone what went into it), then it\u2019s impossible to determine how many coins any one user put into the boxes.<\/p>\n

\"Prio's<\/a>

Prio\u2019s main stages of information processing. Source<\/a><\/p><\/div>\n

Prio overlays this basic mechanism with a lot of cryptography to protect information from interception and ensure the validity of data received. There\u2019s no way for users to slip answers into the system, for whatever reason, that could distort the results. The main concept lies in the use of two or more aggregators that collect random shares of the sought information.<\/p>\n

Prio\u2019s algorithms have another key feature: they greatly improve system performance compared to previous methods of reliable anonymized data collection \u2014 by 50\u2013100 times, say the researchers.<\/p>\n

Distributed Aggregation Protocol<\/h2>\n

Mozilla got interested in Prio back in 2018. The first fruit of this interest was its development of the experimental system<\/a> Firefox Origin Telemetry \u2014 based on Prio. Notably, this system was designed to privately gather telemetry on the browser\u2019s ability to combat ad trackers.<\/p>\n

Then, in February 2022, Mozilla unveiled<\/a> Interoperable Private Attribution (IPA) technology, developed jointly with Meta, which, it seems, served as the prototype to PPA.<\/p>\n

May 2022 saw the publication<\/a> of a zero draft of the Prio-based Distributed Aggregation Protocol (DAP). The draft was authored by representatives of Mozilla and the Internet Security Research Group (ISRG)<\/a> \u2014 a non-profit known for the Let\u2019s Encrypt project to democratize the use of HTTPS \u2014 as well as two Cloudflare employees.<\/p>\n

While working on the protocol, ISRG was also building a DAP-based system for collecting anonymized statistics, known as Divvi Up<\/a>. This system is primarily intended to collect various technical telemetry to improve website performance, such as page load-time.<\/p>\n

\"DAP<\/a>

Schematic of the basic operating principle of the DAP protocol. Source<\/a><\/p><\/div>\n

Finally, in October 2023, Divvi Up<\/a> and Mozilla<\/a> announced a collaboration to implement DAP in the Firefox browser. As part of this joint effort, a system of two aggregators was created \u2014 one of which operates on the Mozilla side, the other on the Divvi Up side.<\/p>\n

How PPA works<\/h2>\n

It\u2019s this Divvi Up\/Mozilla system that\u2019s currently being deployed<\/a> with PPA technology. So far, it\u2019s just an experiment involving a limited number of sites.<\/p>\n

In general outline, it works as follows:<\/p>\n