this post was submitted on 08 Feb 2024
520 points (99.4% liked)
Firefox
17954 readers
340 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm no cryptography expert but I don't see how they could implement this with true anonymity or without it being spoofed in other browsers. There is currently no way to know with absolute certainty what browser/client web traffic is actually coming from and game anti-cheat devs will probably tell you it's a nightmare of a problem.
The way I see this working is making it a Mozilla account thing and not a Firefox thing through some sort of stateless cross-origin cookie the sites agree to support. But then, you're giving up at least some privacy because even if the sites you visit don't know who you are, you'll still have to trust that Mozilla is logging anonymized visit counts and that some CEO 5 years from now isn't going to change that for a quick buck.
Maybe I'm just out of my depth here and someone's gonna correct me (please do if I'm wrong).
Here's the way I see it working:
Each week (or more often), you get a new signed token with no reference to the old signed token. In the event that you use more than your agreed-on balance, you must pay the difference or you won't get a new token. So here's the information each party needs to know:
The only way Mozilla could know your identity is by sending data from your browser that links id info (i.e. Mozilla account details) with that stable payment id. Mozilla could even move the stable id and token generation to a separate legal entity entirely (say, an extension) with publicly audited data transfers w/ Mozilla, and Mozilla just gets a summary from each client (unrelated to the payment id, signed by the extension) so they know which sites were visited with what frequency. They would get a bill from sites based on usage, which they'd compare with the data collected from individual browsers to sort out payment.
In terms of user experience, you'd just get a prompt from the extension asking whether you'd like to see ads and the cost, and if you choose ads, the header would include that info as well (i.e. process this payment token as ads or cash) and Firefox would serve privacy-respecting ads from Mozilla's domain.
I haven't fully ironed out the details, but I think this proves feasibility.