this post was submitted on 08 Feb 2024
520 points (99.4% liked)

Firefox

17954 readers
385 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

Mozilla Corp., which manages the open-source Firefox browser, announced today that Mitchell Baker is stepping down as CEO to focus on AI and internet safety as chair of the nonprofit foundation. Laura Chambers, a Mozilla board member and entrepreneur with experience at Airbnb, PayPal, and eBay, will step in as interim CEO to run operations until a permanent replacement is found.

https://archive.is/rmMEb

Official Blog Post: A New Chapter for Mozilla: Focused Execution and an Expanded Role in Charting the Internet’s Future

you are viewing a single comment's thread
view the rest of the comments

Here's the way I see it working:

  1. Mozilla sends sites a key that can be used to verify a signed client token
  2. You register w/ Mozilla, and Mozilla sends you a signed token with your payment authorization (includes an expiration time and random ID)
  3. Your web client sends your token as a header to the site in question with your signed payment auth token
  4. Sites verify your token's signature and respond w/ an acceptance, and keep their own log of transactions
  5. Your browser logs the transaction and updates your balance
  6. Periodically, Mozilla compares their transactions with news sites to catch anyone using tokens incorrectly

Each week (or more often), you get a new signed token with no reference to the old signed token. In the event that you use more than your agreed-on balance, you must pay the difference or you won't get a new token. So here's the information each party needs to know:

  • Mozilla - some stable id between you and Mozilla w/ links to generated tokens and your balance
  • sites - random auth token, signed by Mozilla, with a transaction log for that token
  • your browser - payment details, transaction log (includes websites visited), your stable id, etc

The only way Mozilla could know your identity is by sending data from your browser that links id info (i.e. Mozilla account details) with that stable payment id. Mozilla could even move the stable id and token generation to a separate legal entity entirely (say, an extension) with publicly audited data transfers w/ Mozilla, and Mozilla just gets a summary from each client (unrelated to the payment id, signed by the extension) so they know which sites were visited with what frequency. They would get a bill from sites based on usage, which they'd compare with the data collected from individual browsers to sort out payment.

In terms of user experience, you'd just get a prompt from the extension asking whether you'd like to see ads and the cost, and if you choose ads, the header would include that info as well (i.e. process this payment token as ads or cash) and Firefox would serve privacy-respecting ads from Mozilla's domain.

I haven't fully ironed out the details, but I think this proves feasibility.