Let's open wider discussion about the topics. I would not call it 'spying functionality'. You can also disable it by yourself.

It's performing a load of supposedly "privacy preserving" ad measurement but it's a prototype (according to Mozilla) so presumably that hasn't been formally verified and tested.

That aside its a feature that uses CPU, memory and time on the users machine for no benefit to the user, without consent and without explicit notification it's now been enabled. What is the Fedora end user interest in having this prototype code executing on their machine ?

To add to the wider discussion, as a Fedora user I would appreciate having this preference applied for me. The preference `dom.private-attribution.submission.enabled` should be set to false. (see https://michael.kjorling.se/blog/2024/disabling-privacy-preserving-ad-measurement-in-firefox-128/ )

Google Chrome has begun testing a bundle of ad features including a similar attribution system, and requires a user opt-in. Google's opt-in has been found inadequate by regulators, who now require that it be better explained and that users have more opportunities to opt out. https://www.adweek.com/programmatic/the-latest-cma-report-brings-new-privacy-concerns-to-googles-cookie-deprecation-plans/

Users who follow in-browser advertising issues are likely to expect that if a browser offers advertising features, they will be opt-in -- because most of the news coverage in this area has been about the Google system. The Firefox decision is surprising, because this feature facilitates advertising measurement for both legit ads and for those that harm the user. As a Fedora user, I would prefer to share information with sites that offer me a win-win of some kind, and not necessarily with any random site I click on by mistake.

The Firefox issue has not reached the mainstream media yet, but a Fedora decision to apply the opt-out would help raise Fedora's profile and reputation level.

If there is a general Fedora policy on "privacy preserving" reporting, it would be a good idea to treat software telemetry -- where the information feeds into bug fixes for all, and not discriminatory treatment of users -- differently from the more problematic "privacy-enhancing" advertising systems. https://blog.zgp.org/pet-projects-or-privacy/

There's an upstream bug for it - https://bugzilla.mozilla.org/show_bug.cgi?id=1907659 - with a discussion.

To add something useful to this discussion, it looks like the new feature is automatically disabled if telemetry is disabled. The check mark currently shows it as enabled because of a (now fixed) UI bug, see https://bugzilla.mozilla.org/show_bug.cgi?id=1908312. So please take this into account.

A wider question - but perhaps outside of the scope of this bug report? - could be whether the Firefox settings in Fedora should be changed to disable telemetry and experiments by default in the first place (IIRC they are enabled? Creating a new profile does enable those by default)

I have been using Fedora, and before that Red Hat Linux, long enough to remember open SMTP relays.  The original "sendmail" RPM was set up to allow relaying of mail from an random sender to a random recipient. With the rise of email spam, open SMTP relays became first a problem, then a setting for skilled email administrators to turn off, then turned off by default in the config files provided with MTA packages.

As mail server administrators, we turned off open SMTP relays not because of problems for our own users, but as collective action to protect the users of everyone else's mail servers from email spam, which besides being an annoyance often carried malware and fraud.

Today, we have a similar opportunity to take collective action to protect all Fedora users (and users of other distributions and OSs) by turning off this Mozilla+Meta data collection feature.

User data collection by Meta helps the company match scammers and victims: https://www.wsj.com/tech/ai/the-billionaire-suing-facebook-to-remove-his-face-from-ai-scams-50aa222e

As Fedora users, we generally don't get targeted for the worst of the ads -- Meta uses machine learning to classify high-status and low-status users, and if we visit a Meta site -- as the kind of people with the hardware, time, and skill to use Fedora -- we're probably getting the relatively good ads. Cloud services, tech events, PC parts, the kind of things that people fortunate enough to have Fedora might buy. But data that comes in from Fedora users helps Meta train ML to target other people, those more likely to be scammed or recruited for an extremist organization.

We're in a similar situation now to where we were when open SMTP relays were the default -- it's time to take a simple action to help protect everyone.

Sure, if there's any distro wide decision to disable it we'll turn it off by default.
I just don't have a strong opinion here and I haven't see much discussion about it.
Feel free to open distro wide discussion on Fedora devel or file a FESCO ticket for it.

This message is a reminder that Fedora Linux 39 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 39 on 2024-11-26.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '39'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 39 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Fedora Linux 39 entered end-of-life (EOL) status on 2024-11-26.

Fedora Linux 39 is no longer maintained, which means that it
will not receive any further security or bug fix updates. As a result we
are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora Linux
please feel free to reopen this bug against that version. Note that the version
field may be hidden. Click the "Show advanced fields" button if you do not see
the version field.

If you are unable to reopen this bug, please file a new report against an
active release.

Thank you for reporting this bug and we are sorry it could not be fixed.

Can someone with rights to modify this bug re-open it on a later version of Fedora?

I confirmed this behavior is still present.

It is possible to set a system-wide default for this behavior with a file under `/etc/firefox/policies` -- https://codeberg.org/dmarti/browser-adfraud-protection

(In reply to alan from comment #0)
> Description of problem:
> 
> Firefox pushed an update that enabled prototype advertiser spying
> functionality and Fedora forgot to disable it by default

Mozilla is an advertising company now. See <https://www.mozilla.org/en-US/advertising/> and <https://lunduke.locals.com/post/5871895/mozilla-firefox-goes-anti-privacy-pro-advertising>.

More surprising (to me) is how it keeps its non-profit status.

I have tested a fix for this that works.

1. Create the directory `/etc/firefox/policies` if it does not exist.
2. Add a file to that directory named `policies.json` with the content:

{
    "policies": {
        "Preferences": {
            "dom.private-attribution.submission.enabled": {
                "Status": "locked",
                "Type": "boolean",
                "Value": false
            },
            "browser.urlbar.suggest.quicksuggest.sponsored": {
                "Status": "locked",
                "Type": "boolean",
                "Value": false
            }
        }
    }
}

Expected result: open Settings, go to Privacy and Security, check that the option "Allow websites to perform privacy-preserving ad measurement" is un-checked and grayed out.

Adding this file is more useful than un-checking the checkbox manually, because the file affects new Firefox profiles and the initial settings for new users, not just the current profile.

Let's prevent this bug from auto-closing.

This is not just an advertising or tracking feature -- Firefox's "Privacy-Preserving Attribution" can obfuscate fraud and discrimination and put users at more risk than conventional web tracking. This is an article that I wrote about it for an advertising site: https://www.adexchanger.com/data-driven-thinking/the-hidden-dangers-of-privacy-preserving-attribution-and-a-smarter-solution/

Even users who want ads, and would not choose a conventional ad blocker, would probably not want to have this feature turned on by default if they knew it was there.

(In reply to Don Marti from comment #13)
> I have tested a fix for this that works.
> 
> 1. Create the directory `/etc/firefox/policies` if it does not exist.

Would it be enough to alter this firefox-redhat-default-prefs.js file? https://src.fedoraproject.org/fork/frantisekz/rpms/firefox//blob/rawhide/f/firefox-redhat-default-prefs.js

I tried adding the following 2 lines to that file:

'''
pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
pref("dom.private-attribution.submission.enabled", false);
'''

The `dom.private-attribution.submission.enabled` seemed to take effect but the other one didn't.

If one can be fixed that way but not both, it's a good start.