Mozilla Corp., which manages the open-source Firefox browser, announced today that Mitchell Baker is stepping down as CEO to focus on AI and internet safety as chair of the nonprofit foundation. Laura Chambers, a Mozilla board member and entrepreneur with experience at Airbnb, PayPal, and eBay, will step in as interim CEO to run operations until a permanent replacement is found.

https://archive.is/rmMEb

Official Blog Post: A New Chapter for Mozilla: Focused Execution and an Expanded Role in Charting the Internet’s Future

  • whats_all_this_then@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    11 months ago

    I’m no cryptography expert but I don’t see how they could implement this with true anonymity or without it being spoofed in other browsers. There is currently no way to know with absolute certainty what browser/client web traffic is actually coming from and game anti-cheat devs will probably tell you it’s a nightmare of a problem.

    The way I see this working is making it a Mozilla account thing and not a Firefox thing through some sort of stateless cross-origin cookie the sites agree to support. But then, you’re giving up at least some privacy because even if the sites you visit don’t know who you are, you’ll still have to trust that Mozilla is logging anonymized visit counts and that some CEO 5 years from now isn’t going to change that for a quick buck.

    Maybe I’m just out of my depth here and someone’s gonna correct me (please do if I’m wrong).

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Here’s the way I see it working:

      1. Mozilla sends sites a key that can be used to verify a signed client token
      2. You register w/ Mozilla, and Mozilla sends you a signed token with your payment authorization (includes an expiration time and random ID)
      3. Your web client sends your token as a header to the site in question with your signed payment auth token
      4. Sites verify your token’s signature and respond w/ an acceptance, and keep their own log of transactions
      5. Your browser logs the transaction and updates your balance
      6. Periodically, Mozilla compares their transactions with news sites to catch anyone using tokens incorrectly

      Each week (or more often), you get a new signed token with no reference to the old signed token. In the event that you use more than your agreed-on balance, you must pay the difference or you won’t get a new token. So here’s the information each party needs to know:

      • Mozilla - some stable id between you and Mozilla w/ links to generated tokens and your balance
      • sites - random auth token, signed by Mozilla, with a transaction log for that token
      • your browser - payment details, transaction log (includes websites visited), your stable id, etc

      The only way Mozilla could know your identity is by sending data from your browser that links id info (i.e. Mozilla account details) with that stable payment id. Mozilla could even move the stable id and token generation to a separate legal entity entirely (say, an extension) with publicly audited data transfers w/ Mozilla, and Mozilla just gets a summary from each client (unrelated to the payment id, signed by the extension) so they know which sites were visited with what frequency. They would get a bill from sites based on usage, which they’d compare with the data collected from individual browsers to sort out payment.

      In terms of user experience, you’d just get a prompt from the extension asking whether you’d like to see ads and the cost, and if you choose ads, the header would include that info as well (i.e. process this payment token as ads or cash) and Firefox would serve privacy-respecting ads from Mozilla’s domain.

      I haven’t fully ironed out the details, but I think this proves feasibility.