Mozilla enters ad tech: Can privacy and profit coexist?

Last month, Mozilla made official what many keen observers thought was long coming: its full-blown entry into the ad-tech world. In a blog post, Mozilla president Mark Surman said something that may rub some of the privacy purists the wrong way. Surman asked a question, “How do we ensure that privacy is not a privilege of the few but a fundamental right available to everyone?” He then offered his answer, acknowledging that there is no one-size-fits-all solution. According to Surman, part of the solution lies in “online advertising.” He went on to say that Mozilla started dabbling in online advertising because it wants to fix the "fundamentally broken” system.

Sounds a bit familiar, doesn’t it? Mozilla is following a well-worn path, but with a twist: its journey started from the opposite end. Just like Google, with its Protected Audience API as part of the Privacy Sandbox, and Microsoft with its Ad Selection API, Mozilla now seeks to marry privacy with advertising. However, while advertising has always been part of Microsoft and is almost synonymous with Google, it has never been something Mozilla has been closely associated with. So, how did it get here?

The shift was gradual, but it has become more obvious recently. This summer, in a rather surprising move, Mozilla acquired Anonym, an ad metrics firm. The company claimed this acquisition would improve the advertising landscape by enabling effective ad targeting while ostensibly safeguarding user data. A month later, a new controversial move followed, that time the introduction of Privacy-Preserving Attribution (PPA), a feature that allows advertisers to track ad performance. PPA, which is enabled by default in the latest version of Firefox, is described by Mozilla as “a non-invasive alternative to cross-site tracking.”

What we think of the pivot now that it’s final

So, now that Mozilla has firmly entered the ad-tech space, what are we to make of it? What Mozilla’s president essentially laid out is that the current advertising model is flawed and ineffective (no disagreement here). Their aim is to improve online advertising by making it more privacy-friendly across the web, not just within their browser.

This is a noble ambition, especially since we, just like Mozilla, believe that online advertising is not going anywhere, it is here to stay. However, in terms of innovation, Mozilla is not doing anything fundamentally new. Much like Google with its Privacy Sandbox, Microsoft with its Ad Selection API, and Brave with its “privacy-preserving ads”, Mozilla is attempting to add a “privacy-friendly” twist to the age-old concept of targeted advertising.

Do not get us wrong: interest-based advertising does make sense, there’s logic behind it. But the problem is that none of these new approaches challenge the core issue of ultra-targeted ads, specifically, retargeting. Retargeting is the practice of tracking users across different websites after they’ve shown interest in a product or service, essentially allowing ads to “follow” them around the web. While Mozilla does offer advanced cryptographic and aggregation techniques to make the data exchange as private and secure as possible, the reality remains: the mere concept of being pursued by ads across multiple sites will still feel intrusive for the users.

Why is Mozilla doing this?

While Mozilla’s goal to improve online advertising with a privacy-first approach is commendable, the reality behind this move might be more driven by necessity than idealism. For years, Mozilla has struggled to reduce its reliance on search engine revenue, particularly the lucrative deal it has with Google. Google has long been Mozilla’s main source of income, and the dynamics of this relationship have shifted over time. Initially, Google’s influence wasn’t as dominant, but when Google Chrome overtook Firefox in 2011, Mozilla’s dependency on Google seemingly deepened. This dependency is not surprising when you consider that Mozilla, while it has a browser as its flagship product, does not operate a search engine — a crucial service for any browser given that search is one of the most lucrative features in the browser ecosystem.

While Mozilla has significant financial resources — as of its financial statements from the last year, the company boasts more than $1 billion in cash reserves — the big driver of this wealth has been Google. Google pays Mozilla a substantial amount to be the default search engine on Firefox. These payments, which began in 2005, have grown significantly over the years, rising by 50% over the past decade to more than $450 million annually, even as Firefox’s user base has steadily declined. In 2021, payments from Google accounted for a staggering 83% of Mozilla’s total revenue.

Given this financial dependence, Mozilla’s push into the ad-tech space can be seen as an effort to diversify its revenue streams. If this is a move to wean itself off Google’s search engine revenue, it’s something we can only support.

Mozilla’s track record of a privacy champion

To understand why Mozilla’s pivot to ad tech feels so alien, it’s worth taking a step back and considering the company’s long-standing reputation as a privacy champion. Since bursting onto the scene in the late 90s, Mozilla has positioned itself as a beacon of hope for internet users, championing the mantra “internet for people, not profit.” The company has consistently claimed to prioritize privacy, with a core focus on protecting users from pervasive surveillance — especially cross-site tracking, a hallmark of the ad-driven online world.

Throughout its history, Mozilla’s record has consistently remained true to its image as a paragon of digital privacy. Its flagship product, Firefox, has been at the forefront of anti-tracking protections. And it’s the case when one walks the talk:

• In 2011, Firefox introduced the Do Not Track (DNT) feature, allowing users to signal to websites not to track their online activity. While the feature is now widely regarded as ineffective — since many websites simply ignore the request — the move was symbolic of Mozilla’s commitment to user privacy.

• Fast forward to 2018, when Firefox took a more proactive stance by rolling out comprehensive anti-tracking protections, enabling users to block third-party cookies and known trackers.

• By September 2019, these features were integrated into Firefox’s Enhanced Tracking Protection (ETP) suite and, notably, turned on by default. The standout part of that update was Firefox’s decision to block third-party cookies and cryptominers by default. The following year, Mozilla further strengthened its privacy protections by blocking fingerprinting scripts as part of an enhanced ETP. Since then, Firefox has continued to ramp up its anti-tracking measures, with a particular focus on thwarting trackers from platforms like Facebook.

• In 2021, Firefox cracked down on supercookies by isolating cashes and network connections so that websites cannot create “supercookies,” which are more difficult to delete and block than ordinary cookies.

• The same year, it unveiled Total Cookie Protection, an anti-tracking feature that confined cookies to the site where they were created by putting them in separate “cookie jars.”

• And in 2022, it made it a default feature for all Firefox desktop users worldwide, proudly declaring themselves “the most private and secure major browser available across Windows and Mac.”

However, as Mozilla begins its deeper foray into ad tech, the question becomes: Can they continue to uphold this legacy of privacy, or will the need for revenue compromise their core values? It’s a pivotal moment for the company, and it’s one that has many privacy-conscious users (ourselves included) are watching closely.