22 October 2012 - 11:56Controlling what Firefox reveals to social networks
I recently released about:trackers [addons.mozilla.org] as a proof-of-concept to explore ideas of how Mozilla can protect users’ data with terms and policies [blog.mozilla.org] even after the data is shared to web sites. The term it simulates is if a site (that had access to your Firefox data) would have been able to follow you across too many sites, Firefox would stop sending cookies with those requests to reduce the risk of your user data get mixed with those sites.
I’ve been using about:trackers for a few weeks, and I’ve noticed some interesting side-effects of the add-on with social networks. But first to provide some more context, I’ll give some of my very informal observations on one aspect of how people use social networks.
People often log out of social networking sites when they aren’t actively using them. I’m not sure if they want to stop seeing their face on other websites (e.g., in comment boxes), or they don’t want the social network to be able to follow them to all the articles they read that have sharing widgets, or they just don’t want someone else from being able to post as them when they’re not around. Facebook even seems to leverage this fact that people often end up on the logged out screen and now shows content to users on that page.
The interesting side-effect of the default policy in about:trackers is that I now appear logged out to Facebook even though I’m still logged in to Facebook. Now I can browse the web without actively logging out of Facebook when I’m done. This save me time from logging back when I want to use Facebook and logging out at the end while getting the best of both.
I can still see Facebook content on other sites such as the number of likes a page has and the Facebook comments because the embedded content is still getting requested — just without my personalization cookie sent to the servers. I do admit that I don’t actively click on like buttons or post comments, and some quick tests seem to indicate that functionality is not working.
Now that Social API is available for testing with Facebook [blog.mozilla.org], users have more reason to stay logged in all the time because they get easy access to friend updates and are a single click away to chat from whatever tab they are viewing in Firefox via the Social sidebar. But for some those who would have wanted to appear logged out otherwise, this unintended feature of about:trackers could help give more control back to users.
Edit: Tom just posted on the Privacy blog about this topic of being social with privacy in mind [blog.mozilla.org], and he goes into more detail about what happens now on the web with social networks. He also points out how the Social API can lead to better privacy because users are in control of when they inform Facebook of a URL by clicking the Like button in the location bar. Looks like both of us are helping users get more control of their data and privacy, and these two posts show that there are multiple options to get there.