Mozilla Will Serve Ads Within Tiles Of Its New Tab Pages

Discussion in 'privacy general' started by Nanobot, Feb 11, 2014.

  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Each approach has its strengths and weaknesses. It would be bad if we were limited to just one or the other. If Mozilla wanted to, it could roll out an implementation that made life unpleasant for users regardless of which approach they use. Although my previous comment was on extensions, I'm perfectly happy to recommend a similar idea to those that develop proxies.

    Ultimately, we want the filtering, etc capabilities of all supplemental tools maximized so that we have multiple viable options to make adjustments to traffic and browser/client behaviors.

    Musing for another thread I think, but while we're on the subject I'll just mention it... since "filtering/manipulation engine" capabilities are a function of where and how they are hooked in (which operations/protocols/traffic they see, which they don't see, how much additional helpful context they have, whether they see things before or after encryption, whether the encryption is custom or can be MITMd through certificates, etc, etc), perhaps there is something to be said for having multiple such engines hooked into the different places that would provide advantages. With all of those engines pulling rules from a central interface/database. Conceptually, this might allow rule X to automatically be applied by the engine in the best place to do so... perhaps also allowing "next best positioned engine" to provide some cover to "best positioned engine" in case something slips by the later for whatever reason. While eliminating the need for users to maintain separate rulesets via separate interfaces/syntax/tools, and the need for them to understand which tool/place is best for accomplishing rule X. I'm not sure how well this would work in practice, but I find the idea interesting.
     
    Last edited: Feb 19, 2014
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That sounds more complicated than it needs to be just for defeating ad servers and tracking via the browser. Depending on where this central database is kept (local or server) I'd be concerned that this would increase the attack surface or provide a common point that, if exploited, would defeat all of the filtering. That sort of arrangement would require more extensive system permissions than a filtering proxy. A lot of what you mention looks interesting, but some of it I'd question the need for.

    I can see where it would be easy for Mozilla or another vendor to make filtering or anti-tracking extensions impossible. The only way I see that they could interfere with a freestanding filtering proxy would be to remove the ability to specify a proxy in the settings. Even then they couldn't prevent one being used as a system proxy. Either way, if they ever did try to implement something like that, it would be obvious to everyone that they've become openly hostile to their users and would lose a large percentage of them.
     
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Lets take Directory Tiles v1 as an example. It appears that the tiles will be bundled with Firefox (like pre-installed search providers and bookmarks) and their display will not involve requests that leave the browser. I don't think there will be anything that external proxies can block/manipulate to affect the display of such tiles.

    On the click side, I for now assume that Directory Tile clicks would generate top-level requests that are generally indistinguishable from other user-triggered top-level requests (no Referer or other useful header). So short of approaches which involve creating/maintaining a list of Directory Tile URLs, I'm assuming that proxies won't be able to affect Directory Tile operation on this side either.

    FHR has been discussed as a way to acquire the metrics data, but it sounds as though they want to consider other options too. Which worries me. No matter what, I would expect them to use HTTPS. So depending on how they implement things and what modifications one is wanting to make on the browser side, it could end up the case that only HTTPS MITM proxies are in the correct position to block those metrics reports.
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Unless I'm missing something, I believe that Proxomitron already fits that description. It can filter HTTPS. It also supports blocklists and allows the creation of lists for specific filters. If I recall correctly, the FireFox certificates can be imported into Proxomitron using Open SSL. Assuming that they don't use a different format for the certificates, I don't see why it wouldn't work. The traffic would just need to be analyzed so that the proper filters can be written.
     
  5. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    186
    Someone may have mentioned this (in several pages).
    I don't know the answer - just posing questions.
    Has Mozilla (or anyone) - in more recent times since the privacy invasion problem became mainstream, ever considered a "paid browser" model?

    I mention "anyone," because Mozilla's license may not allow charging for the software, itself. ? But the license does allow making (potentially) unlimited income in perpetuity?

    Opera tried the paid browser & wasn't successful, but that was a different time & environment.

    Firefox / Mozilla aside, I wonder if any studies, scientific polls have been done on the popularity of the notion for a "fully private" (as can be), paid browser? True... no "private browser" would be "NSA proof." But that may not be what most users expect.
     
  6. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    If one browser became a paid browser, all the browsers would have to become paid at the same time. If only Mozilla became paid, it would fail to exist within a month or two, because to the man every user would migrate to another browser that it free.
     
  7. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    Been with SeaMonkey for about 3 weeks now. Works okay and certainly good enough to replace Firefox for may daily browsing habits.
    I also uninstalled Thunderbird and replaced it with Evolution. Also works fine. A little harder to configure but doable.
     
  8. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    186
    Good questions. I don't know exact answers to a lot of things, but don't know that all options have been duly explored.
    Maybe - where's the proof / marketing studies? That may've been absolutely true 1, 3, 5 yrs ago. Is it today? Dunno.
    Again, maybe. Where's the proof? I certainly wouldn't go to Chrome or IE, if (a browser like) Firefox charged a modest amount, in return for not tracking me. This may be the perfect time for other "privacy conscious" forks or even new browsers to stick their toes in the water.

    [Firefox] is headed in a general direction of "not existing," as it is (& I'm a fan - but not of tracking). Many users couldn't care less about UNtargeted ads, if it really enables a better, open source, presumably fairly private browser.

    All details aren't out & even if they were released, can change any time. Some conclude the ads won't be targeted / won't use browsing habits & activity to serve relevant ads (basis for that conclusion?). They could serve random ads, but question is, will they? If they're going to serve ads, most privacy conscious* users hope they'll be random, not targeted.

    It apparently isn't clear if users will still be able to disable the ads or new tabs. Another unknown: Even if users will be able to disable displaying ads, will that mean Mozilla won't be gathering browsing data?

    *Privacy conscious meaning, they have a general, reasonably accurate understanding of which exact data can be collected, used or sold for targeting ads. I doubt that even now, the vast majority of users fully understand how far this data collection & "profile building" can go - & how fast.

    I have fairly educated friends that complain about spying / privacy invasion, in general. But I may have trouble getting them to even install (& stick with) free, stable Mozilla addons, to enhance privacy & even security. For some, if the tiniest thing goes wrong, they uninstall the addons. Even if great support is available.
     
  9. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    No proof, just observance. There are a lot of folks who won't use a program unless it's free. Free Avast!, Free MBAM, Free Ccleaner. Free firewall, etc.
     
  10. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    186
    You're absolutely correct - some would leave Mozilla if they asked for $5. But quite a lot probably would not if... it was promised IN WRITING, that it would enable giving privacy while allowing enough revenue to pay for maintenance & development.

    My guess is, w/ currently > 80% of U.S. citizens saying they're very concerned about unlawful gov't intrusion (per some polls), that many users of IE, Chrome, Opera & others would come TO Mozilla, if it truly respected privacy. Right now (NSA & ads aside), apparently a lot of users don't think Mozilla offers too much of value vs. Chrome, IE.
    Maybe need a better job of educating masses on the actual cost of Chrome, IE "free" browsers.

    Not an opinion - just general market trends. https://en.wikipedia.org/wiki/Usage_share_of_web_browsers (* Article lists & links to several browser share tracking sites)
    Even if browser market share figures have 10 - 20% error, the long term trend is alarming for Mozilla. I question how wise it is (for any company) to drive away a significant % of users, when your market share is steadily & rapidly declining? Should they be more concerned about getting users back vs. how to grow revenue off of fewer & fewer users?

    I haven't used Chrome & hope I don't (because of who owns it), but I'm not sure that not having as many full version releases as Chrome, is why users went from Mozilla to Chrome. Also, has anyone tried to determine how many use both browsers (or all 3)?

    And I appreciate that a "non-profit" (some debate that) has to have $ to put out a competitive product. That said, they've HAD a lot of $ for a long time and (inexplicably to some) in spite of "not being the worst violator of privacy in the world," still declined rapidly.
     
  11. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    They could be putting all of their eggs into the same basket and counting on Firefox OS taking off. With that of course the FF usage would grow and they would become dominant on the market again.
     
  12. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,540
    Location:
    Triassic
    Been trying to find out what form these ads will be in these default Directory Tiles, but to no avail. I assumed that they would be a picture or logo of some product or a website home page that one had to click on to open. I am concerned that they might be video based and will auto run even if they are not selected for view. If my extensions are not able to prevent the video from running then I would have to dump FF permanently.
     
  13. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    There's always Cyberfox unless they follow FF's lead.
     
  14. Alhaitham

    Alhaitham Registered Member

    Joined:
    May 18, 2013
    Posts:
    188
    Location:
    Egypt
    Mozilla publishes sponsored tile specification for partners

     
    Last edited by a moderator: Mar 19, 2014
  15. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    780
    Temporarily or permanently?
     
  16. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    186
    A purely objective statement on why Mozilla decided to try ads as a replacement for some of the $300 M / yr revenue from Google, which reportedly expires Nov 2014. Neither supporting nor condemning Mozilla's decision to try delivering ads through Firefox.

    From: https://static.mozilla.com/moco/en-US/pdf/Mozilla_Audited_Financials_2012.pdf

     
    Last edited by a moderator: Mar 31, 2014
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I distrust (on all levels) ads, and I block them without exception.

    I'd rather see Bitcoin etc begging than new sorts of ads.

    Ads are rather like taxes. They're both far too inefficient.
     
  18. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
  19. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  20. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Mozilla's 'Tiles' ads debut in new Firefox nightlies
     
  21. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    https://groups.google.com/d/topic/mozilla.dev.planning/S5m7Rjuz-Xc
    There is brief discussion about how an "objectionable history/interest detector" could leak information and how that information might be reduced.

    Towards the end of the discussion there is a related comment:
    Which suggests deeper inspection of user activity in the future.
     
  22. tlu

    tlu Guest

    snippets.mozilla.com is blocked both by uBlock and uMatrix. No big deal - I've never seen them.
     
  23. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I think Snippets are the advertisement/etc messages you see on the about:home page. Whereas the advertising and other tiles discussed in this thread are seen on the about:newtab page and involve a different mechanism which is of greater concern from a privacy POV.

    Regarding Snippets, I see what looks like two different platform-dependent URLs (note the different hostnames):

    https://mxr.mozilla.org/mozilla-release/source/browser/app/profile/firefox.js#285
    pref("browser.aboutHomeSnippets.updateUrl", "https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/");

    https://mxr.mozilla.org/mozilla-release/source/mobile/android/app/mobile.js#794
    pref("browser.snippets.updateUrl", "https://snippets.mozilla.com/json/%SNIPPETS_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/");

    I'm not sure what that is about. Are you using Android?

    Regarding the New Tab Page stuff, prefs from firefox.js:
    Code:
    // Defines the url to be used for new tabs.
    pref("browser.newtab.url", "about:newtab");
    // Activates preloading of the new tab url.
    pref("browser.newtab.preload", true);
    // Remembers if the about:newtab intro has been shown
    pref("browser.newtabpage.introShown", false);
    // Toggles the content of 'about:newtab'. Shows the grid when enabled.
    pref("browser.newtabpage.enabled", true);
    // number of rows of newtab grid
    pref("browser.newtabpage.rows", 3);
    // number of columns of newtab grid
    pref("browser.newtabpage.columns", 5);
    // directory tiles download URL
    pref("browser.newtabpage.directory.source", "https://tiles.services.mozilla.com/v2/links/fetch/%LOCALE%");
    // endpoint to send newtab click and view pings
    pref("browser.newtabpage.directory.ping", "https://tiles.services.mozilla.com/v2/links/");
    
    and I think browser.newtabpage.enhanced is also checked.

    Oh, and for anyone using the browser.newtab.url pref to load a safer/better new tab page:

    The browser.newtab.url preference is abused and should be removed
    https://bugzilla.mozilla.org/show_bug.cgi?id=1118285
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.