Mozilla has come under scrutiny for enabling a new feature called Privacy-Preserving Attribution (PPA) in its Firefox browser without explicitly seeking user consent. The Vienna-based privacy non-profit, noyb, filed a complaint with the Austrian data protection authority, arguing that PPA allows Firefox to track user behavior on websites. “Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites,” noyb stated.
“In essence, the browser is now controlling the tracking, rather than individual websites.”
Introduced in Firefox version 128 as an experimental feature, PPA aims to replace third-party tracking cookies by allowing the browser to categorize users based on their browsing habits. Mozilla claims that PPA offers a way for websites to evaluate ad performance without collecting individual data, presenting it as a “non-invasive alternative to cross-site tracking.”
However, noyb contends that enabling PPA by default without user consent breaches the European Union’s General Data Protection Regulation (GDPR).
Mozilla under fire for user tracking
“While this may be less invasive than unlimited tracking common in the US, it still violates user rights under the E.U.’s GDPR,” the organization argued. Felix Mikolasch, a data protection lawyer at noyb, criticized Mozilla’s approach. “It’s a shame that an organization like Mozilla believes that users are too dumb to say yes or no.
Users should be able to make a choice, and the feature should have been turned off by default.”
Mozilla maintains that PPA does not involve transmitting browsing activities to third parties and that advertisers only receive aggregate information about ad effectiveness. The company stated, “A small number of sites are going to test this and provide feedback to inform our standardization plans, and help us understand if this is likely to gain traction.”
The complaint highlights ongoing tensions between tech companies’ tracking technologies and stringent data protection regulations, as privacy advocates push for greater transparency and user control over personal data. The Austrian data protection authority will now investigate the complaint and determine if Mozilla’s actions violate the GDPR.