Missing policy for Privacy-Preserving Attribution

[jernejs]

Firefox 128 introduced "Privacy-Preserving Attribution", but there doesn't seem to be a group policy setting to control it.

[Mikaela]

It's possible to use Preferences to

	      "dom.private-attribution.submission.enabled": {
        "Status": "locked",
        "Type": "boolean",
        "Value": false
      },

While I am also missing a direct policy for it.

[ocdtrekkie]

It's wildly irresponsible of Mozilla to release this feature without an easy way to disable it in an enterprise environment ahead of release.

[mkaply]

While I agree there could have been better communication, the only thing this feature does is increase privacy when it is used.

When it is turned off, the normal ad interaction happens which is less private.

There's a lot of rhetoric about this feature on the internet, most of it misinformed.

[ocdtrekkie]

@mkaply This is woefully false, considering Mozilla has generally advocated blocking normal tracking but now has introduced a new tracking vector on by default with no policy to disable it. This is a zero day for an enterprise environment.

[jernejs]

Yes, because advertisers will obviously switch to this new API instead of using it as just another tracking datapoint.

[corobin]

this discussion about the merits of the functionality is interesting but let's not lose sight of this issue: adding a policy for it

regardless of how you feel about the function, i think it's a good idea to have a dedicated group policy for such a significant toggle

[ocdtrekkie]

Okay, so, I found some really useful information for folks in this thread from the Firefox CTO: https://www.reddit.com/r/firefox/comments/1e43w7v/comment/lde62d4/

Apparently if we're already disabling Firefox's telemetry features, despite appearing enabled, PPA just won't work. So if like me, your group policy templates already shut that down, we should be covered for the moment.

[corobin]

Apparently if we're already disabling Firefox's telemetry features, despite appearing enabled, PPA just won't work. So if like me, your group policy templates already shut that down, we should be covered for the moment.

I assume this is the only pref that needs to be set for that https://mozilla.github.io/policy-templates/#disabletelemetry (0x1/true == disabled)?

[ocdtrekkie]

@corobin Your assumption is a good a guess as I'd have, but that seems right to me.

The Firefox policies listed in that link are all disabled in my browser by GPO. I assume since toolkit.telemetry.enabled is false in my about:config (set my GPO, even though the GPO doesn't mention it), it doesn't matter, but it's worth noting the Firefox CTO specifically referred to a DAP endpoint, and there is also a toolkit.telemetry.dap_enabled config... which is also already false in my browser.

So presumably you can set disable telemetry in policy, and check those values in about:config, and probably be reasonably confident if they show as false then PPA shouldn't work in browsers your policy is applied to.

[mkaply]

Ye,s when telemetry is disabled, PPA is disabled. We are making that more clear:

https://bugzilla.mozilla.org/show_bug.cgi?id=1908312