European digital rights group NOYB has filed a complaint against Mozilla with the Austrian data protection authority. The complaint alleges that a new feature in Firefox called Privacy-Preserving Attribution (PPA) actually tracks user browsing behavior despite its name.
PPA, developed in collaboration with Meta (formerly Facebook), was introduced in Firefox version 128 and automatically enabled. NOYB argues that this feature, while potentially less invasive than traditional cookie tracking, violates user privacy by giving Mozilla control over user tracking data.
The complaint highlights that Mozilla did not obtain user consent before enabling PPA. According to NOYB, the feature collects user ad interaction data and shares it with advertisers in a bundled format.
While Mozilla claims PPA protects user privacy by not sharing individual browsing data, NOYB argues that any browser-based tracking interferes with user rights under the EU’s General Data Protection Regulation (GDPR).
“Mozilla essentially turned Firefox into an ad measurement tool,” said Felix Mikolasch, a data protection lawyer at NOYB. “While their intentions might be good, PPA is unlikely to replace existing tracking methods and simply adds another layer of user tracking.”
Mozilla maintains that PPA is a privacy-focused alternative to traditional tracking methods. They emphasize that the feature doesn’t share browsing data with third parties and only provides advertisers with aggregated data on ad effectiveness.
Users can opt out of PPA by disabling the “Allow websites to perform privacy-preserving ad measurement” option in Firefox settings.
In response to the complaint, Mozilla acknowledged a lack of transparency surrounding PPA. “We should have done more to engage with external voices,”.
While the initial code was included in Firefox 128, Mozilla claims PPA hasn’t been activated and no user data has been collected. They maintain that PPA is a limited test currently running only on the Mozilla Developer Network website.
The outcome of the complaint and the future of PPA remain to be seen. However, this incident highlights the ongoing tension between user privacy and online advertising practices.