On Thu, Apr 23, 2015, at 02:23 PM, Ed Lee wrote:
> Do people have thoughts on the privacy issues raised here and potential
> solutions?
Use a probabilistic mechanism like bloom filters tuned to err on the
side of false positives to determine when to not show the suggested
tile? (And which can be additionally permuted to further increase
false-positives.)
This could also be beneficial because if the brand has a very large list
of sites they don't want to be associated with, all of that information
doesn't need to be downloaded. And the side-effects of (don't show)
false positives is beneficial in that it decreases the information from
a tile not being shown.
A possibly good/possibly bad side effect is that this could allow the
brands to not explicitly say which websites they don't want to be
associated with. If this is a desirable characteristic, even Mozilla
potentially need not know what the list of sites was. If this is not a
desirable characteristic, the Mozilla automation could automatically
derive the filter from the total list of domains and make that available
as part of the data.
I would think that letting brands not explicitly reveal the websites
with 100% certainty that they don't want to be associated with is good
and acceptable since it provides parity with server-side solution and
the historical nature of ads. (Just because a company doesn't advertise
in a certain TV show/magazine doesn't mean they have explicitly decided
not to advertise there.) And interested users could still run
brute-forces against the filters and assign probabilities to certain
sites or clusters of sites being intentionally excluded in a similar
fashion to how they could notice what sites a company is not running ad
campaigns on.
Andrew