this post was submitted on 14 Jul 2024
47 points (61.5% liked)

Firefox

17836 readers
366 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 3 months ago* (last edited 3 months ago) (1 children)

I can already see how Advertisers AND Websites will collude and break this one.

  • Specifically placed ads; targeted at specific website pages which a majority of their target grouping will visit.
  • Generate an ad that will specifically reside on a page deep inside of the site; think 4+ clicks deep; which is intensely personalized to their target. ^1^
  • Ad will trigger; register "Impression" and be boxed up into Differential Privacy set by the DAP.
  • Since that's the only ad targeted for that specific page, any impression is an answer of 1 or 'True'.
  • Through microtargeting of these deep pages they can learn a lot about what people do online and could potentially break Differential Privacy.

1 - In this example the URI being targeted could be something like https://www.example.com/zhuli/do/the/* in such a way that when you visit https://example.com/zhuli/do/the/thing/order.php is always recorded.

[โ€“] [email protected] 3 points 3 months ago

https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap#name-security-considerations

In theory this could be defeated easily if a fork of Firefox wanted to send lots of noise or someone decided to emulate many Firefox clients with false information.