Oct 13, 2023 12:30:00

Firefox plans to introduce 'Oblivious HTTP (OHTTP)' and 'Distributed Aggregation Protocol (DAP)' systems that collect browser usage status while protecting privacy

Mozilla has announced that it will introduce privacy protection technologies ``

Oblivious HTTP (OHTTP)' ' and `` Distributed Aggregation Protocol (DAP) '' to Firefox in order to collect browser usage status while protecting privacy. At the same time, it has also been announced that it will collaborate with technology company ``Fastly'' and ``Divvi Up'' under the Internet Security Research Group (ISRG) to implement OHTTP and DAP.

Built for Privacy: Partnering to Deploy Oblivious HTTP and Prio in Firefox
https://blog.mozilla.org/en/products/firefox/partnership-ohttp-prio/

Firefox and Fastly take another step toward a privacy upgrade for the internet | Fastly
https://www.fastly.com/blog/firefox-fastly-take-another-step-toward-security-upgrade

Divvi Up is providing privacy-preserving metrics for Firefox - Divvi Up
https://divviup.org/blog/divvi-up-in-firefox/

Mozilla collects users' browser usage information for purposes such as improving browser speed. Mozilla places importance on protecting users' privacy, so it limits the information it collects to non-privacy-related information such as the time it takes to load a page, and does not collect privacy-related information such as site visit history. yeah. However, according to Mozilla, it is difficult to deal with problems such as ``Firefox running extremely slowly on certain sites'' with the existing usage status collection system. Therefore, Mozilla decided to introduce ``Oblivious HTTP (OHTTP)'' and ``Distributed Aggregation Protocol (DAP)'' into Firefox as a system that protects user privacy while collecting information deeply related to privacy such as site visit history. Did.

◆What is Oblivious HTTP (OHTTP)?
OHTTP is a system that can create a state in which no one knows the entire information by communicating via an OHTTP relay. The specific communication order is as follows. First, Firefox encrypts the user's usage and sends it to the OHTTP relay. Next, the OHTTP relay removes only the information that can lead to the user's personal identification from the received information and sends it to Mozilla. At this time, the OHTTP relay does not have the decryption key, so the contents of the information cannot be viewed. On the other hand, since Mozilla has the decryption key, it can receive 'information from which personally identifying parts have been removed' from the OHTTP relay, decrypt it, and check the contents.

Mozilla has also announced that it will hire Fastly to act as an OHTTP relay.

◆What is Distributed Aggregation Protocol (DAP)?
DAP is a protocol developed by Divvi Up, which operates under the umbrella of the Internet Security Research Group (ISRG), a nonprofit organization that provides services such as

Let's Encrypt . In DAP, a user's information is divided into two parts and stored in separate aggregators, and after each aggregator analyzes the information, the results of each analysis are combined to arrive at an aggregated result. In the DAP system introduced in Firefox, ``Aggregator operated by Mozilla'' and ``Aggregator operated by Divvi Up'' will manage information in a distributed manner.

Mozilla aims to keep Firefox competitive in the short term by collecting browser usage while protecting privacy, and in the long term, privacy protection technologies such as OHTTP and DAP will become industry standards. They say they will work on it.