Mozilla Addons Blog: Manifest V3 & Manifest V2 (March 2024 update)
Calling all extension developers! With Manifest V3 picking up steam again, we wanted to provide some visibility into our current plans as a lot has happened since we published our last update.
Back in 2022 we released our initial implementation of MV3, the latest version of the extensions platform, in Firefox. Since then, we have been hard at work collaborating with other browser vendors and community members in the W3C WebExtensions Community Group (WECG). Our shared goals were to improve extension APIs while addressing cross browser compatibility. That collaboration has yielded some great results to date and we’re proud to say our participation has been instrumental in shaping and designing those APIs to ensure broader applicability across browsers.
We continue to support DOM-based background scripts in the form of Event pages, and the blocking webRequest feature, as explained in our previous blog post. Chrome’s version of MV3 requires service worker-based background scripts, which we do not support yet. However, an extension can specify both and have it work in Chrome 121+ and Firefox 121+. Support for Event pages, along with support for blocking webRequest, is a divergence from Chrome that enables use cases that are not covered by Chrome’s MV3 implementation.
Well what’s happening with MV2 you ask? Great question – in case you missed it, Google announced late last year their plans to resume their MV2 deprecation schedule. Firefox, however, has no plans to deprecate MV2 and will continue to support MV2 extensions for the foreseeable future. And even if we re-evaluate this decision at some point down the road, we anticipate providing a notice of at least 12 months for developers to adjust accordingly and not feel rushed.
As our plans solidify, future updates around our MV3 efforts will be shared via this blog. We are loosely targeting our next update after the conclusion of the upcoming WECG meeting at the Apple offices in San Diego. For more information on adopting MV3, please refer to our migration guide. Another great resource worth checking out is the recent FOSDEM presentation a couple team members delivered, Firefox, Android, and Cross-browser WebExtensions in 2024.
If you have questions, concerns or feedback on Manifest V3 we would love to hear from you in the comments section below or if you prefer, drop us an email.
The post Manifest V3 & Manifest V2 (March 2024 update) appeared first on Mozilla Add-ons Community Blog.
Don Marti: the 30-40-30 rule
User research about advertising, personalization, and privacy is surprisingly consistent. In a replication prediction market, I would invest in futures on any research that shows:
About 30 percent of people want personalized ads.
About 30 percent of people don’t want personalized ads.
For the other 40 percent it depends how you ask.
A lot of good work has been done in this area, but the results are inconvenient for anybody who wants to be able to build one set of online advertising software and settings for everybody. People are different. Research links, in order of percentage of pro-personalization people found.
18%McDonald et al. did in-person interviews with questions on people’s knowledge and preferences about Internet ads.
30% agree with No one should use data from Internet history to personalize ads.
18% agree with Glad to have relevant advertisements about things I am interested in instead of random advertisements
Accountable Tech did a 1,000-person survey.
26% agreed with I’d rather see relevant ads, even if companies are using my personal data to target them.
46% supported a ban on collecting people’s personal data and using it to target them with ads.
Turow et al. did an online study of 314 people.
32% said yes to Please tell me whether or not you want websites you visit to show you ads that are tailored to your interests.
68% definitely would not allow personalization based on web history even if anonymous.
YouGov did a survey of British adults.
- 36% are Personalized Pioneers who say they want personalized ads
- 55% say that personalized ads creep them out.
IAB Europe did a survey of 11,020 European Internet users.
42% don’t mind personalized ads based on browsing data
20% don’t mind having data shared with third parties for ads
U.S. Internet Users Ready to Limit Online Tracking for Ads In a Gallup poll of 1,019 adults, 30% agree that advertisers should be allowed to match ads to interests based on websites visited but 47% want to be able to allow advertisers they choose to personalize ads to them in some way. (It depends how you ask.)
59.2%A report from Didomi, a consent management platform company, reports 59.2% of users opting in to a Transparency and Consent Framework (TCF) consent dialog.
People are differentSome people are privacy people and I’m one. Personally I don’t understand why anybody would want a personalized ad at all. I’m most likely to get any use from advertising when I need to buy unfamiliar stuff, and that happens when I’m learning about a new activity that I’m not good at. I want to see the same ads that show up for people who already know the skills and the scene, and would raise a stink about a deceptive ad in their information space. As far as I can tell, personalization makes advertising work in the wrong direction.
Some people are personalization people and don’t understand why you wouldn’t want a personalized ad. If you’re going to look at an ad anyway it might as well be for something that you’re more likely to buy. (But I want to see the same ad that a company is willing to show to the regulators, editors, and experts in their community of practice, not what they think they can get some random person to click on. I don’t understand Kevin and he doesn’t understand me.)
Other people, the biggest group at 40 percent, are probably better off not overthinking online ads and, instead, learning about other stuff.
Whatever a person prefers,Can database marketing sell itself to the people in the database? it seems to be about the personalization using any information from outside the context in which the ad appears—cross-context behavioral advertising—not about individualized tracking. Jerath et al. found similar perceived privacy violations (PPV) for new ad personalization technologies that prevent individual identifiers from being used: New technologies or proposals that ensure that data are kept on the consumer’s machine lower PPV relative to behavioral targeting but, importantly, this decrease is small. Furthermore, group-level targeting does not differ significantly from individual-level targeting in reducing PPV. The IAB and Gallup studies imply that there is a cohort of users who want personalization but not cross-context tracking, but safer personalization looks like a small add-on to the 30%, not a widely held preference that splits off a chunk of users from the core anti-personalization group.
Other links that don’t fit into the list aboveCalifornia Proposition 24 got 56% of the vote, but I can see three problems with this as a measure of support for ad personalization.
People might want the law as protection from “people search” and other business models, not just advertising
People might vote for an option they don’t plan to exercise (or would use only against non-ad holders of their info)
In the 2020 election, pro-surveillance-advertising organizations didn’t come out to defend their side. Instead, the argument against on the state mailer was from organizations that claimed Prop. 24 didn’t go far enough, and left too many loopholes for big companies. Some of the “no” vote might have been extra pro-privacy people. A poll before the election showed 81% support for the proposition.
Pagefair’s Research result: what percentage will consent to tracking for advertising? is the source for low-personalization/high-privacy claims like Only a very small proportion (3%) believe that the average user will consent to web-wide tracking for the purposes of advertising (tracking by any party, anywhere on the web). This one isn’t based on talking to users. It’s a pre-GDPR survey of publishers, adtech, brands, and various others asking people’s opinions on what users would do with various GDPR consent dialogs that ended up not being representative of what sites actually ended up deploying.
using the 30-40-30 ruleA lot of this research looks useful as a way to spot deceptive patterns in personalization preferences. If fewer than 30% or more than 70% of users end up with ad personalization turned on, something is probably wrong with the personalization UX or the underlying trustworthiness of the medium.
And when building anything that depends on advertising, it’s going to be hard to build something that only works if everybody who uses it has personalization, or that only works if nobody does. As far as I can tell, adding extra personalization for those who don’t want it just builds support for privacy habits, settings, tools, and laws, in that order. And banning personalization entirely, or building a medium that can’t be tweaked to support it, hasn’t really been tried yet but would probably cause problems of its own.
In my humble opinion, the biggest benefit of the 30-40-30 rule is that it helps justify the decision to support Global Privacy Control everywhere. People are just different, so let everybody pick once whether they want cross-context behavioral advertising everywhere. Yes, I know, I know, under a different set of laws we could have had Global Personalization Control, that would work the other way around so that the work of turning it on would be done by the personalization people and not the privacy people. But GPC is there, it works, and if sites, browsers, and platforms can implement it in a common-sense way you should just be able to turn it on once and be happy for as long as you own the software or device, kind of like Filmmaker Mode on a TV. In the long run, I can safely predict that the fraction of users who turn GPC on will be somewhere between 30 and 70 percent. Which end of the range we end up with will depend in how trustworthy the ads, the Internet, and the economy are in other ways, but that’s another story. More: GPC all the things!
Bonus linksGoogle hit with €2.1B lawsuit from more than 30 European media companies
Meta’s ‘consent or pay’ data grab in Europe faces new complaints
The Four Internet Analogies of the Apocalypse
Most big legacy news publishers across 10 countries are blocking OpenAI’s crawlers, report finds
Google reneged on the monopolistic bargain
AMC to pay $8M for allegedly violating 1988 law with use of Meta Pixel
A company tracked visits to 600 Planned Parenthood locations for anti-abortion ads, senator says
What Do We Say to Emily? The Human Cost Of Advertising Data Abuse
Mozilla Privacy Blog: Mozilla joins allies to co-sign an amicus brief in State of Nevada vs. Meta Platforms defending end-to-end encryption
Mozilla recently signed onto an amicus brief – alongside the Electronic Frontier Foundation , the Internet Society, Signal, and a broad coalition of other allies – on the Nevada Attorney General’s recent attempt to limit encryption. The amicus brief signals a collective commitment from these organizations on the importance of encryption in safeguarding digital privacy and security as fundamental rights.
The core of this dispute is the Nevada Attorney General’s proposition to limit the application of end-to-end encryption (E2EE) for children’s online communications. It is a move that ostensibly aims to aid law enforcement but, in practice, could significantly weaken the privacy and security of all internet users, including children. Nevada argues that end-to-end encryption might impede some criminal investigations. However, as the amicus brief explains, encryption does not prevent either the sender or recipient from reporting concerning content to police, nor does it prevent police from accessing other metadata about communications via lawful requests. Blocking the rollout of end-to-end encryption would undermine privacy and security for everyone for a marginal benefit that would be far outweighed by the harms such a draconian limitation could create.
The case, set for a hearing in Clark County, Nevada, encapsulates a broader debate on the balance between enabling law enforcement to combat online crimes and preserving robust online protections for all users – especially vulnerable populations like children. Mozilla’s involvement in this amicus brief is founded on its long standing belief that encryption is an essential component of its core Manifesto tenet – privacy and security are fundamental online and should not be treated as optional.
The post Mozilla joins allies to co-sign an amicus brief in State of Nevada vs. Meta Platforms defending end-to-end encryption appeared first on Open Policy & Advocacy.
Jan-Erik Rediger: Six-year Moziversary
Another year went by, so that it's now been 6 years since I joined Mozilla as a Telemetry engineer, I blogged every year since then: 2019, 2020, 2021, 2022, 2023
Looking back at the past year it sure was different than the years before, again. Obviously we left most of the pandemic isolation behind us and I got to meet more of my coworkers in person: At the Mozilla All-Hands in Montreal, Canada, though that was cut short for me due to ... of course: Covid. At PyCon DE and PyData here in Berlin. And at another workweek with my extended team also here in Berlin.
My work also changed. As predicted a year ago I branched out beyond the Glean SDK, took a look at our data pipeline, worked on features across the stack and wrote a ton of stuff that is not code. Most of that work spanned months and months and some is still not 100% finished.
For this year I'm focusing a bit more on the SDK and client-side world again. With Glean used just about everywhere it's time we look into some optimizations. In the past we made it correct first and paid less attention to optimize resource usage (CPU & memory for example). Now that we have more and more usage in Firefox Desktop (Use Counters!) we need to look into making data collection more efficient. The first step is to get better insights where and how much memory we use. Then we can optimize. Firefox comes with some of its own tooling for that with which we need to integrate, see about:memory for example.
I'm also noticing some parts in our codebase where in hindsight I wish we had made different implementation decisions. At the time though we did make the right choices, now we need to deal with that (memory usage might be one of these, storage sure is another one).
And Mozilla more broadly? It's changing. All the time. We just had layoffs and reprioritization of projects. That certainly dampens the mood. Focus shifts and work changes. But underneath there's still the need to use data to drive our decisions and so I'm rather confident that there's work for me to do.
Thank youNone of my work would happen if it weren't for my manager Alessio and team mates Chris, Travis, Perry, Bruno and Abhishek.
They make it fun to work here, always have some interesting things to share and they still endure my bad jokes all the time.
Thank you!
Thanks also goes out to the bigger data engineering team within Mozilla, and all the other people at Mozilla I work or chat with.
This post was planned to be published more than a week ago. It's still perfectly in time. I wasn't able to focus on it earlier.
Mozilla Privacy Blog: Mozilla Joins Amicus Brief Supporting Software Interoperability
In modern technology, interoperability between programs is crucial to the usability of applications, user choice, and healthy competition. Today Mozilla has joined an amicus brief at the Ninth Circuit, to ensure that copyright law does not undermine the ability of developers to build interoperable software.
This amicus brief comes in the latest appeal in a multi-year courtroom saga between Oracle and Rimini Street. The sprawling litigation has lasted more than a decade and has already been up to the Supreme Court on a procedural question about court costs. Our amicus brief addresses a single issue: should the fact that a software program is built to be interoperable with another program be treated, on its own, as establishing copyright infringement?
We believe that most software developers would answer this question with: “Of course not!” But the district court found otherwise. The lower court concluded that even if Rimini’s software does not include any Oracle code, Rimini’s programs could be infringing derivative works simply “because they do not work with any other programs.” This is a mistake.
The classic example of a derivative work is something like a sequel to a book or movie. For example, The Empire Strikes Back is a derivative work of the original Star Wars movie. Our amicus brief explains that it makes no sense to apply this concept to software that is built to interoperate with another program. Not only that, interoperability of software promotes competition and user choice. It should be celebrated, not punished.
This case raises similar themes to another high profile software copyright case, Google v. Oracle, which considered whether it was copyright infringement to re-implement an API. Mozilla submitted an amicus brief there also, where we argued that copyright law should support interoperability. Fortunately, the Supreme Court reached the right conclusion and ruled that re-implementing an API was fair use. That ruling and other important fair use decisions would be undermined if a copyright plaintiff could use interoperability as evidence that software is an infringing derivative work.
In today’s brief Mozilla joins a broad coalition of advocates for openness and competition, including the Electronic Frontier Foundation, Creative Commons, Public Knowledge, iFixit, and the Digital Right to Repair Coalition. We hope the Ninth Circuit will fix the lower court’s mistake and hold that interoperability is not evidence of infringement.
The post Mozilla Joins Amicus Brief Supporting Software Interoperability appeared first on Open Policy & Advocacy.
The Servo Blog: You can now sponsor Servo on GitHub and Open Collective!
Over the past year, Servo has gone a long way towards reigniting the dream of a web rendering engine in Rust. This comes with a lot of potential, and not just towards becoming a viable alternative to WebKit and Chromium for embedded webviews. If we can make the web platform more modular and easily reusable in both familiar and novel ways, and help build web-platform-grade libraries in underlying areas like networking, graphics, and typography, we could really change the Rust ecosystem.
In theory, anything is possible in a free and open source project like ours, and we think projects like Servo and Ladybird have shown that building a web browser with limited resources is more achievable than many have assumed. But doing those things well does take time and money, and we can only achieve Servo’s full potential with your help.
You can now help fund the Servo project by sponsoring us on GitHub or Open Collective.
In both cases, donations are handled by Open Source Collective. We are not affected by the dissolution of Open Collective Foundation, who are a separate organisation with a similar name.
We will stop accepting donations on LFX soon. Any funds left over will also be transferred to the Servo project, but recurring donations will be cancelled, so if you would like to continue your recurring donation, please do so on GitHub or Open Collective.
Both one-time and monthly donations are appreciated, and over 94% of the amount will go directly towards improving Servo, with the remaining 6% going to processing fees. The way the funds are used is decided in public via the Technical Steering Committee, but to give you a sense of scale…
- at 100 USD/month, we can cover the costs of our website and other core infrastructure
- at 1,000 USD/month, we can set up dedicated servers for faster Windows and macOS builds, better test coverage and reliability, and new techniques like fuzzing and performance testing
- at 10,000 USD/month, we can sponsor a developer to make Servo their top priority
If you or your company are interested in making a bigger donation or funding specific work that would make Servo more useful to your needs, you can also reach out to us at join@servo.org.