• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    22
    ·
    4 months ago

    PPA does not involve sending information about your browsing activities to anyone. This includes Mozilla and our DAP partner (ISRG). Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising.

    Source.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      11
      ·
      4 months ago

      https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap#name-security-considerations

      The explicitly say if the aggregator is controlled by hostile party, and in my scenario that would be Mozilla, they could have full access to the deanonymized data. It’s out of scope for their protocol.

      And while the DAP draft is nice, it doesn’t change my threat model, it just introduces extra steps. As the absolute hunger of AI inputs for models have shown us, if a company has the capability to get data, they will. Mozilla has demonstrated they are hungry for data and money. I don’t want to give them the capability