Built for privacy: Partnering to deploy Oblivious HTTP and Prio in Firefox

Created on November 12, 2023 at 10:46 am

Protecting user privacy is a core element of Mozilla ORG ’s vision for the web and the internet at large. In pursuit of this vision, we’re pleased to announce new partnerships with Fastly and Divvi Up ORG to deploy privacy-preserving technology in Firefox ORG .

Mozilla ORG builds a number of tools that help people defend their privacy online, but the need for these tools reflects a world where companies view invasive data collection as necessary for building good products and making money. A zero CARDINAL -sum game between privacy and business interests is not a healthy state of affairs. Therefore, we dedicate considerable effort to developing and advancing new technologies that enable businesses to achieve their goals without compromising peoples’ privacy. This is a focus of our work on web standards, as well as in how we build Firefox ORG itself.

Building an excellent browser while maintaining a high standard for privacy sometimes requires this kind of new technology. For example: we put a lot of effort into keeping Firefox ORG fast. This involves extensive automated testing, but also monitoring how it’s performing for real users. Firefox currently reports generic performance metrics like page-load time, but does not associate those metrics with specific sites, because doing so would reveal peoples’ browsing history. These internet-wide averages are somewhat informative but not particularly actionable. Sites are constantly deploying code changes and occasionally those changes can trigger performance bugs in browsers. If we knew that a specific site got much slower overnight, we could likely isolate the cause and fix it. Unfortunately, we lack that visibility today DATE , which hinders our ability to make Firefox great.

This is a classic problem in data collection: We want aggregate data, but the naive way to get it involves collecting sensitive information about individual people. The solution is to develop technology that delivers the same insights while keeping information about any individual person verifiably private.

In recent years DATE , Mozilla ORG has worked with others to advance two CARDINAL such technologies — Oblivious HTTP and the Prio-based Distributed Aggregation Protocol LAW ( DAP ORG ) — towards being proper internet standards that are practical to deploy in production. Oblivious HTTP works by routing encrypted data through an intermediary to conceal its source, whereas DAP/Prio ORG splits the data into two CARDINAL shares and sends each share to a different server [ 1 CARDINAL ]. Despite their different shapes, both technologies rely on a similar principle: By processing the data jointly across two CARDINAL independent parties, they ensure neither party holds the information required to reveal sensitive information about someone.

We therefore need to partner with another independent and trustworthy organization to deploy each technology in Firefox ORG . Having worked for some time to develop and validate both technologies in staging environments, we’ve now taken the next step to engage Fastly to operate an OHTTP ORG relay and Divvi Up ORG to operate a DAP ORG aggregator. Both Fastly and ISRG ORG (the nonprofit behind Divvi Up ORG and Let’s Encrypt) have excellent reputations for acting with integrity, and they have staked those reputations on the faithful operation of these services. So even in a mirror universe where we tried to persuade them to cheat, they have a strong incentive to hold the line.

Our objective at Mozilla ORG is to develop viable alternatives to the things that are wrong with the internet today DATE and move the entire industry by demonstrating that it’s possible to do better. In the short term, these technologies will help us keep Firefox competitive while adhering to our longstanding principles around sensitive data. Over the long term, we want to see these kinds of strong privacy guarantees become the norm, and we will continue to work towards such a future.


[ 1 CARDINAL ] Each approach is best-suited to different scenarios, which is why we’re investing in both. Oblivious HTTP is more flexible and can be used in interactive contexts, whereas DAP/Prio ORG can be used in situations where the payload itself might be identifying.

Connecting to blog.lzomedia.com... Connected... Page load complete