30 October 2012 - 9:36User Privacy Contracts and the Open Web

I’ve been blogging on the Labs blog about locally analyzing Firefox data [blog.mozilla.org] and helping users share that data while keeping users in control of their privacy. One area of ideas has involved users setting terms on how the shared data can be used, such as requiring temporary use of the data and increased transparency to let the user know what parts of the data was used.

Common web pattern of users agreeing to terms

So far what I’ve described seems compatible with the Open Web because Firefox can expose access to the user’s data through a web API such as geolocation where the user confirms or denies the request. One main difference is that the site agrees to the user’s data privacy contract — perhaps through an electronic signature. But even then, this difference isn’t too foreign because this digital agreement pattern seems common on the web — except most of the time, it’s the user agreeing to the site’s terms.

One followup idea, regarding who is creating contracts, suggested a non-profit who cares about the Open Web and users’ privacy could be well suited to negotiate with web sites. Instead of having each user provide a user data privacy contract to each web site, Firefox could refer to a list of allowed domains that have already agreed to the non-profits requirements on how user data from the browser can be used. Of course Firefox would still give users control of what data is analyzed and to what detail is the data shared.

With these site-by-site contracts of agreeing to treat users’ data at a privacy level acceptable/required by the non-profit, it seems like a potential slow-but-steady way to improve the web for all parties: the site gets high quality user data, the user gets better personalized content, and Firefox protects privacy for users.

The tricky part here is that there would be a split between which web site have access to the web API: those who are contractually bound to treat users’ data correctly and those who are not. If Firefox only allowed access to web sites that have signed the contract, would this still be part of the Open Web? Is it necessary to have this as part of the Open Web? How about if general web access could be enabled through a user preference while also requiring user confirmation on a per-site basis from a scary looking dialog?

I’m sure there are plenty of other questions in this area of protecting users’ data while improving the Open Web experience. So please comment and provide your thoughts or questions!

3 Comments | Tags: Development, Facebook, Mozilla, User Data

22 October 2012 - 11:56Controlling what Firefox reveals to social networks

I recently released about:trackers [addons.mozilla.org] as a proof-of-concept to explore ideas of how Mozilla can protect users’ data with terms and policies [blog.mozilla.org] even after the data is shared to web sites. The term it simulates is if a site (that had access to your Firefox data) would have been able to follow you across too many sites, Firefox would stop sending cookies with those requests to reduce the risk of your user data get mixed with those sites.

I’ve been using about:trackers for a few weeks, and I’ve noticed some interesting side-effects of the add-on with social networks. But first to provide some more context, I’ll give some of my very informal observations on one aspect of how people use social networks.

People often log out of social networking sites when they aren’t actively using them. I’m not sure if they want to stop seeing their face on other websites (e.g., in comment boxes), or they don’t want the social network to be able to follow them to all the articles they read that have sharing widgets, or they just don’t want someone else from being able to post as them when they’re not around. Facebook even seems to leverage this fact that people often end up on the logged out screen and now shows content to users on that page.

Appearing logged out of Facebook when actually logged in

The interesting side-effect of the default policy in about:trackers is that I now appear logged out to Facebook even though I’m still logged in to Facebook. Now I can browse the web without actively logging out of Facebook when I’m done. This save me time from logging back when I want to use Facebook and logging out at the end while getting the best of both.

I can still see Facebook content on other sites such as the number of likes a page has and the Facebook comments because the embedded content is still getting requested — just without my personalization cookie sent to the servers. I do admit that I don’t actively click on like buttons or post comments, and some quick tests seem to indicate that functionality is not working.

Now that Social API is available for testing with Facebook [blog.mozilla.org], users have more reason to stay logged in all the time because they get easy access to friend updates and are a single click away to chat from whatever tab they are viewing in Firefox via the Social sidebar. But for some those who would have wanted to appear logged out otherwise, this unintended feature of about:trackers could help give more control back to users.

Edit: Tom just posted on the Privacy blog about this topic of being social with privacy in mind [blog.mozilla.org], and he goes into more detail about what happens now on the web with social networks. He also points out how the Social API can lead to better privacy because users are in control of when they inform Facebook of a URL by clicking the Like button in the location bar. Looks like both of us are helping users get more control of their data and privacy, and these two posts show that there are multiple options to get there.

11 Comments | Tags: Add-on, Facebook, Mozilla, User Data

12 October 2012 - 10:17Stickers for your online presense?

After suggesting an idea of how Firefox could help users share their interests online [blog.mozilla.org], I’ve been wondering if it’s similar to something people already do outside of a browser. I gave it some quick thoughts, and stickers seem like they might be a suitable comparison in that they’re something people can easily acquire and customize and then present to others without giving them away.

Showing things you like on something you own

People seem to have all sorts of stickers placed on things they carry around, e.g., laptops, binders, or notepads; or a mode of transportation, e.g., cars, skateboards, or bikes. Even though showing something could be thought as a statement, I would guess that people aren’t necessarily always looking to have a conversation by displaying their sticker. They’re just happy to show off something they support or care about.

This note about having a presence without actively socializing seems to overlap in some way to the “Visitors” group from a study on Identity and the Internet [blog.mozilla.org]. Not everyone wants to be social on the internet and actively produce content, so using these stickers to show off one’s interests seems like a comfortable step from being completely without an online identity.

Do you use stickers? If so, what are you showing, where are you placing them, and why do you use them? I’m curious! :)

3 Comments | Tags: Development, Labs, Mozilla

5 October 2012 - 10:56about:profile – interest categories vs demographics

Over the last few weeks, I’ve been checking out my about:profile page [addons.mozilla.org], and I’ve been pretty surprised at how accurate it can get even though it’s a simple proof of concept to initiate discussions on how Mozilla should be analyzing data in the Firefox [blog.mozilla.org].

Overall categorization and detailed/recent interests

It shares some ideas with what Margaret implemented for about:me [wiki.mozilla.org] such as processing the local data within Firefox and not sending data out of Firefox, except in about:profile, we’re trying to generate higher-level concepts such as an interest category as opposed to statistics of your browser behavior. We happened to go with some readily available domain data of ODP categories and Alexa siteinfo, and we selected some hundreds of top sites to package into the add-on. So while the reference data is not an exhaustive list, it seems to work for quite a few people I’ve shown the add-on to.

Our somewhat arbitrary choices of category interests and site demographics got me thinking about what we could do with this data in Firefox, and I seem to keep coming back to this distinction of category data actually shows what I’m interested in whereas demographics appears to create a label/characteristic that opens things up to preconceived judgements. I suppose in other words, the former is based on something I did vs the latter is something I am. (Although technically, the about:profile experiment is trying to guess at who you are based on what you did.)

I’m sure others will be able to better describe the differences between the two, but I wonder if because there appears to be a fundamental difference, we should go about presenting the data differently to the user. For example, perhaps users will be happy to explicitly give Firefox one’s demographic data whereas trying to have the user create a list of interested categories might be overwhelming.

I’m excited that we’ve released the add-on to get a conversation started because there’s so many different ways to analyze the data in Firefox, and each method can lead to interesting discussions such as this one about categories vs demographics.

No Comments | Tags: Add-on, Development, Labs, Mozilla