22 October 2012 - 11:56Controlling what Firefox reveals to social networks
I recently released about:trackers [addons.mozilla.org] as a proof-of-concept to explore ideas of how Mozilla can protect users’ data with terms and policies [blog.mozilla.org] even after the data is shared to web sites. The term it simulates is if a site (that had access to your Firefox data) would have been able to follow you across too many sites, Firefox would stop sending cookies with those requests to reduce the risk of your user data get mixed with those sites.
I’ve been using about:trackers for a few weeks, and I’ve noticed some interesting side-effects of the add-on with social networks. But first to provide some more context, I’ll give some of my very informal observations on one aspect of how people use social networks.
People often log out of social networking sites when they aren’t actively using them. I’m not sure if they want to stop seeing their face on other websites (e.g., in comment boxes), or they don’t want the social network to be able to follow them to all the articles they read that have sharing widgets, or they just don’t want someone else from being able to post as them when they’re not around. Facebook even seems to leverage this fact that people often end up on the logged out screen and now shows content to users on that page.
Appearing logged out of Facebook when actually logged in
The interesting side-effect of the default policy in about:trackers is that I now appear logged out to Facebook even though I’m still logged in to Facebook. Now I can browse the web without actively logging out of Facebook when I’m done. This save me time from logging back when I want to use Facebook and logging out at the end while getting the best of both.
I can still see Facebook content on other sites such as the number of likes a page has and the Facebook comments because the embedded content is still getting requested — just without my personalization cookie sent to the servers. I do admit that I don’t actively click on like buttons or post comments, and some quick tests seem to indicate that functionality is not working.
Now that Social API is available for testing with Facebook [blog.mozilla.org], users have more reason to stay logged in all the time because they get easy access to friend updates and are a single click away to chat from whatever tab they are viewing in Firefox via the Social sidebar. But for some those who would have wanted to appear logged out otherwise, this unintended feature of about:trackers could help give more control back to users.
Edit: Tom just posted on the Privacy blog about this topic of being social with privacy in mind [blog.mozilla.org], and he goes into more detail about what happens now on the web with social networks. He also points out how the Social API can lead to better privacy because users are in control of when they inform Facebook of a URL by clicking the Like button in the location bar. Looks like both of us are helping users get more control of their data and privacy, and these two posts show that there are multiple options to get there.
11 Comments | Tags: Add-on, Facebook, Mozilla, User Data
A nice (obvious) privacy feature would be to have the “private browsing mode” be per-tab instead of being something that closes you normal browsing session. Put another way, make it possible not to share cookie across tabs. That way I can log in to whatever service and not having to worry that it might have beacons on other sites.
@And
It’s being worked on:
https://bugzilla.mozilla.org/showdependencytree.cgi?id=463027&hide_resolved=1
Why this social API is not as an addon ? why its part of FF ? Cant you simply keep as an addon and when doing first install , ask user for installing “recommended addon” ? Why you are making FF bloated ?
i installed the addon when i read the last blog. actually, i forgot about it until reading this, and now, after looking at my about:trackers page, it seems the addon is actually breaking stuff on the web.
for example, i read The Verge for news via RSS, several times a day. whenever a story has a video, which is 90% of the times from youtube, if it’s longer than 30 seconds, i usually click “watch later” button, and watch them later in the evening.
now, not only does this not seem to work anymore (it says i’m not signed in to youtube), even if i click the youtube video to go to youtube.com domain, on the first page load, i’m also not signed in the top right corner.
i need to refresh the page before it can show me i am logged in, and only then can i add the video to watch later list.
all of this, along with click-to-load plugins, makes this simple feature a 7 step process — ARGH!
@tom do you visit youtube.com? If you search for “youtube.com” in about:trackers, do you see it in the left column under “Tracker” and what color is it? What if you try clicking on the button near the top “Reset” to clear custom blocks and use default settings? Any different if you navigate to http://www.youtube.com ?
@Jigar the social API doesn’t do anything within Firefox unless you’ve activated it, so nothing is happening in the background unless you’ve turned on the feature from Facebook. The main thing it adds over the add-on setup is the simpler one-click activation, and just like uninstalled add-ons, add-ons that you don’t have in your Firefox won’t do anything in the background.
My preference would be to allow particular domains to be isolated in some way – e.g any content from facebook.com can only be accessed from within a tab where the top-level document is also from facebook.com, causing Facebook content (eg iframes) in other pages to be unable to share anything with the actual Facebook session.
@Simon that’s an interesting idea. How would you expect users to activate that functionality? Would it be automatic? Or shown when you’re on the source tab? Perhaps a notification: the current page has been able to see you visiting sites x, y, z — do you want to continue to allow this behavior? How about for sites that you don’t visit?
@Ed – I hadn’t really thought about the interface for it, to be honest. A notification would be nice – except I’d be concerned about having the same problem I get with NoScript, i.e an unending stream of warnings I don’t care about, and an endlessly growing black/whitelist to make the warnings go away.
Personally I’d be happy to set them up more manually – simply knowing that *.google.com and facebook.com are domains I’m commonly tracked by, I just add them to a list somewhere. And the result is that if any content URL (e.g an iframe, script, image, video) matches one of those domains, they get blocked unless they top-level page (i.e the URL in the address bar) also matches the same domain. For that purpose, a simple list under privacy preferences would probably suffice – similar to how Firefox currently manages a list of sites allowed to install add-ons without a warning…
An additional comment on the subject – remember that all logging out of Facebook does is require you to re-enter a password next time you log in. It doesn’t mean they can’t track you, because if the cookies are still persisted, those little embedded Like buttons can still tell who’s loading them. That’s why in my solution, those buttons (and related scripts and stuff) don’t get loaded at all.
@Simon one of the ideas explored with about:trackers is that cookies can be blocked without blocking the whole connection, so in your example of blocking embedded Like buttons, that would completely remove the display from the page. This could be removing useful content such as displaying how popular the article is, but instead by blocking just the cookies, the unpersonalized Like button could be displayed without sending a cookie back to Facebook.