Mozilla Firefox volunteers, who are engaged with maintaining its Public Suffix List (PSL), face a new predicament – websites swarming them with requests for verification and addition to its PSL. The reason, interestingly, is a post from Facebook that followed Apple’s announcement of iOS 14 privacy controls. In the post, Facebook detailed how the privacy centric move by Apple will be detrimental for businesses who use the company’s targeted advertisement feature to maximise sales. In one of its points under the ‘actions you can take to prepare’ section, Facebook stated that if businesses want ad clicks to be delivered using contextual user data, one of the ways for sites to do so would be to be added to the PSL.
In simpler words, Facebook appears to have mistakenly suggested the addition of a site to the Mozilla PSL list as a workaround to continue tracking users despite the new iOS 14 privacy controls, hence essentially flooding the Firefox web volunteers with requests to do so. In its post, Facebook had written, “We will support domains included in the Public Suffix List. This would enable businesses to verify their eTLD+1 domains if the hosting domain (eTLD) is registered in the Public Suffix List. For example, if ‘myplatform.com’ is a registered domain to the Public Suffix List, then an advertiser ‘jasper’ with the subdomain ‘jasper.myplatform.com’ would be able to verify ‘jasper.myplatform.com.’”
In other words, being added to the PSL maintained by Mozilla Firefox would allow websites and their sub-sites to individually track and use measurement metrics, which may employ the Facebook Pixel SDK. The reason behind this is that all URLs on the internet are essentially treated the same, which means that sub-sites may get ranked above its main site, which in turn may lead to confusing user engagement tracking metrics. It is this that the PSL helps resolve, and according to Mozilla, is not at all related to the privacy debacle that it appears to have gotten inadvertently wrapped in.
A Mozilla spokesperson told Bleeping Computer, “The Public Suffix List was started by Mozilla many years ago to identify domains that are actually not standalone domains but suffixes like co.uk or tokyo.jp. Today, the maintainers are, simply volunteers from the Web community. Naturally, more volunteers are always welcome. But the best thing that companies can do to support this project is, understand whether or not it’s appropriate for them to request additions to the list. A surprising number of people and projects depend on this dataset, and mistakenly adding a domain to the list can quite often lead to unexpected issues down the road.”
The move highlights the fairly extreme measures that Facebook has attempted in order to act against Apple’s newly introduced privacy controls. The latter offers users an extra layer to first approve tracking of a user’s internet data in order to be used for targeted advertisements. The move, Facebook has claimed is highly detrimental to businesses, and has since attempted to launch an offensive against Apple. However, users and much of the privacy community have lauded Apple’s efforts towards shoring up user privacy, at a time when practices such as Google’s upcoming Federated Learning of Cohorts (FLoCs) appear to find alternatives to web metrics that might be even more invasive in the long run.