Mozilla stands by its controversial privacy feature, but ready to "clear up" confusion

In this photo illustration, the Mozilla Firefox logo is seen displayed on an Android mobile phone.
(Image credit: Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images)

Mozilla Firefox is known as one of the best web browsers for privacy. In an unexpected turn of events, however, the service is currently under fire in Europe for tracking users without consent.

On Wednesday, September 25, Austria-based digital rights group Noyb (None Of Your Business) filed a complaint with the local data protection authority for quietly enabling what's supposed to be a privacy feature, the so-called Privacy Preserving Attribution (PPA). Mozilla describes it as a "non-invasive alternative to cross-site tracking," but experts argue it may interfere with user rights under the EU’s GDPR.

While standing by the controversial privacy feature, Mozilla has now admitted to TechRadar that it "should have done more" and is ready to work to "clear up confusion" over its approach of rolling out PPA by default.

"There’s no question we should have done more to engage outside voices in our efforts to improve advertising online, and we’re going to fix that going forward," Christopher Hilton, Director of Policy and Corporate Communication at Mozilla, told me.

Noyb, in fact, especially criticized Mozilla's decision to turn the new feature on by default once people installed a recent software update. Developed jointly with Meta and announced back in February 2022, the provider automatically enabled PPA in Firefox 128 which was released in July this year.

The digital rights group also didn't buy the explanation a Mozilla developer shared on Mastodon arguing that users can’t make an informed decision on such a complicated system like PPA.

"It’s a shame that an organization like Mozilla believes that users are too dumb to say yes or no," said Felix Mikolasch, data protection lawyer at Noyb. "Users should be able to make a choice and the feature should have been turned off by default."

Noyb is now calling the provider to inform users about its data processing activities, effectively switch to an opt-in system, and delete all unlawfully processed data for the millions of European users who may have been affected. 

On its side, Mozilla now claims that, while the initial code for PPA was included in the Firefox 128 update, it has not been activated and no end-user data has been recorded or sent. "The current iteration of PPA is designed to be a limited test only on the Mozilla Developer Network website," Hilton told me.

What is Firefox's Privacy-Preserving Attribution?

As per Mozilla's words, Firefox's Privacy-Preserving Attribution (PPA) aims to "provide a privacy-first design for advertising companies to be able to measure how advertising drives conversions." 

Put simply, the new technology is meant to replace third-party cookies. It does not involve websites tracking you, in fact, but it's the browser in control, instead.

It's less invasive but still invasive

Firefox's PPA echos Google's plans – now halted – of developing a new advertisement system for minimizing online tracking as part of its Privacy Sandbox initiative. Google's so-called Protected Audience API was supposed to enable on-device auctions on the browser level to tailor relevant ads to users without sharing their information and browsing activities with third parties.

Like the Mozilla case, Google's plans have been met with criticism. In February, ad-blocker provider AdGuard warned how such a solution is "far from being private," de-facto transforming the browser into an ad auction tool. Noyb would then file a privacy complaint against Google's parent company in June for tracking users without asking for informed consent. 

The history is now repeating. For Noyb, Mozilla's solution is also problematic in terms of privacy. What's changed now is that part of the tracking is done directly in Firefox, potentially breaching GDPR rules. So, yes, it's less invasive but still invasive, according to experts. 

"While Mozilla may have had good intentions, it is very unlikely that 'privacy-preserving attribution' will replace cookies and other tracking tools. It is just a new, additional means of tracking users," said Mikolasch from Noyb.

Mozilla doesn't agree with this view, though. Hilton said: "We continue to believe PPA is an important step toward improving privacy on the internet and look forward to working with NOYB and others to clear up confusion about our approach."

Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Read more
Conceptual image with a bunch of floating eyeballs in different sizes overlooking a red computer, could symbolize ideas around malware and computer viruses
Accept all or bust: how cookie walls are creating a two-tier internet
Fingerprint
Profit over privacy? Google gives advertisers more personal info in major ‘fingerprinting’ U-turn
Browser
The future of mobile browsers: time for a new model?
Home internet connection. A wlan router on desk with notebook in background.
Cloudflare admits security tool is blocking some challenger browsers
Abstract illustration of a young woman looking at a smartphone, as large eyes peek through from her hair
Want to hit restart on your online presence? Here's 5 tools you need to stay truly private online
Woman using credit card whilst sitting at a desk with a laptop and mobile phone in view
Best web browser of 2025
Latest in Cyber Security
Dark Web monitoring
How users benefit from Dark Web monitoring
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
View on National Assembly building in Paris, France, with French and European flags flying.
France rejects controversial encryption backdoor provision
ignal messaging application President Meredith Whittaker poses for a photograph before an interview at the Europe's largest tech conference, the Web Summit, in Lisbon on November 4, 2022.
"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections
Man uses a laptop in a hotel room
4 ways to avoid misinformation on social media and retain control of your newsfeed
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring