Non-profit privacy watchdog noyb (None of Your Business) has filed a formal complaint against Mozilla, accusing the tech company of enabling a controversial tracking feature in its Firefox browser without user consent.
The feature, dubbed “Privacy Preserving Attribution” (PPA), was introduced in a recent update and has sparked concern over the browser’s handling of user privacy.
Despite its name, the feature allows Firefox to track user behavior across websites—taking control of tracking from individual websites and shifting it to the browser itself. While Mozilla claims this approach is less invasive than traditional cookie tracking, noyb argues that users were not informed about the new functionality, and it was turned on by default.
Following Google’s Lead?
The new feature appears to mirror Google’s previous attempts at similar tracking technologies, such as the now-defunct Privacy Sandbox. Rather than placing tracking cookies, websites must request Firefox to store data on users’ interactions with ads. Mozilla contends that PPA improves user privacy by aggregating data and preventing individual sites from collecting personal information. However, noyb contends that Firefox is simply facilitating another form of tracking without user consent.
Felix Mikolasch, a data protection lawyer at noyb, criticized Mozilla’s approach, saying Mozilla has bought into the narrative that the advertising industry has a right to track users. “While Mozilla may have had good intentions, it is very unlikely that ‘privacy preserving attribution’ will replace cookies and other tracking tools. It is just a new, additional means of tracking users.”
Tracking Enabled by Default
Mozilla’s decision to enable the feature without seeking user permission compounds concerns. The tracking system is activated automatically with the latest software update, and users are not notified. The only way to disable the feature is through a sub-menu in the browser’s settings, making it difficult for the average user to opt out.
“It’s a shame that an organisation like Mozilla believes that users are too dumb to say yes or no. Users should be able to make a choice and the feature should have been turned off by default,” Mikolasch added.
Possible GDPR Violations
The complaint, filed with Austria’s data protection authority (DSB), claims that Mozilla’s actions violate the European Union’s General Data Protection Regulation (GDPR). Under the law, companies are required to obtain explicit consent from users before processing their personal data. Noyb has called for the DSB to investigate Mozilla’s practices and demands that the company switch to an opt-in system and delete any data collected without user consent.
The case could have significant implications for millions of Firefox users across Europe, as Mozilla’s reputation as a privacy-focused alternative to Chromium-based browsers now comes into question.
Mozilla has yet to publicly respond to the complaint.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.