[your commercially valuable web browsing history is] split into partial, indecipherable pieces and then encrypted. Each piece is addressed to a different entity — one to ISRG and one to Mozilla — so that no single entity is ever in possession of both pieces.

It seems like they’ve explained it more clearly this time, so there is no room for misunderstanding. We just need to trust that Mozilla and ISRG will never collude with each other to combine this data, that they’ll never both be compromised by the same attacker, and that neither of them will ever have security problems that will leak the data in a way that reveals it to the other one. And our incentive to entrust all our web browsing data to this new system is that we should be happy about advertisers being able to precisely measure how well their ads are working, in the hopes that they will then be so benevolent that they decide they no longer want to scrape up all the other data they’re able to collect.

Did I get that right? Because it still sounds crazy.