[lpgauth]

"Google/Firefox claim their tracking features are not "tracking" because they use something called "differential privacy". I don't have room to explain this class of technology, but I sincerely consider it to be fake."

Differential privacy is not fake, although quite complex to do in practice.

https://en.wikipedia.org/wiki/Differential_privacy

[GrantMoyer]

The fake part isn't whether differential privacy exists. The fake part is claiming differential privacy can be used by browsers to provide aggregate ad conversion data to advertising networks without providing information that can be linked to an individual.

According to Mozilla[1], Firefox's implementaion uses the "Distributed Aggregation Protocol" (DAP)[2]. Individual browsers report their behavior to a data aggregation server, which in turn reports aggregate data to an advertiser's server using differential privacy. But the aggregation server still knows the behavior of individual browsers, so basically it's a semantic trick to claim the advertiser can't infer the behvior of individual users by defining part of the advertising network to not be the advertiser.

Now, Mozilla says the data aggregation server they use is run by the Internet Security Research Group[3], which is a non-profit, so perhaps the social incentives truely are aligned in this case to ensure individual user behavior isn't shared with advertisers. But it's disingenuous to claim user privacy is protected absolutely by technical measures when in reality it's only protected by social measures.

Finally, ad conversions can easily be measured without cookies by serving unique URLs with each ad, so what's even the point of this technology? I'm not clever enough to discern any ulterior motives (if there even are any), but the complexity of the approach is suspicious to me, since ostensibly a much more obvious solution would suffice.

[1]: https://support.mozilla.org/en-US/kb/privacy-preserving-attr...

[2]: https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap

[3]: https://en.wikipedia.org/wiki/Internet_Security_Research_Gro...

[throwaway81523]

It's fake because it provides information that can be used for evil purposes: attribution to an individual has nothing to do with it. It's fake if it really is 100% anonymous.

Example: Count Jackboot (your favorite evil politician, Trump or Biden or whoever) is running for office. He wants to know voter opinion on topic X so he can lie about it. He commissions a reputable polling firm to ask people about X, and give him only the aggregated results. The polling firm contacts you, asks your opinion about X, and promises you that your opinion can't be linked back to you. You'll be helping the Jackboot campaign completely anonymously.

You believe the anonymity promise, but that's irrelevant, you hopefully don't want to help the Jackboot campaign at all! Saying everything is private because Jackboot only gets anonymous information is a self-serving rationalization by the advertisers and data collectors. The only way to be private is give no information whatsoever.

[mikeiz404]

> ad conversions can easily be measured without cookies by serving unique URLs with each ad, so what's even the point of this technology?

I believe the goal is to infer the impact of impressions which do not require a click or user interaction.

Privacy-preserving attribution works as follows:

Websites that show you ads can ask Firefox to remember these ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad, including a destination website.

If you visit the destination website and do something that the website considers to be important enough to count (a “conversion”), that website can ask Firefox to generate a report. The destination website specifies what ads it is interested in.

...

https://support.mozilla.org/en-US/kb/privacy-preserving-attr...