I became a Mozillian 10 years ago when I started participating in Bugzilla and helping with the Spread Firefox campaign, earning both the 25 million and 50 million-downloads coins. I was just a freshman at the University of Illinois studying Computer Science, but I was eager to help the non-profit Mozilla create a web browser that promotes user choice for liberty.

San Francisco Mozilla Monument

Mozilla’s founders created the mission for openness, innovation and opportunity on the Internet; and because of that, I was able to find my passion of helping people. In between lectures, I hacked on open source Firefox to create the AwesomeBar through many iterations of conversing with individuals to learn about their specific needs. I collaborated with other Mozillians to come up with ideas and to implement them into this Firefox feature which still provides better and faster choices for everyone.

Yesterday, I cried when I learned that one of Mozilla’s co-founders was leaving [brendaneich.com]. It was the most I’ve cried since my mother passed away, and in some sense it was appropriate as Brendan is a “founding father” of the organization I’ve dedicated over a third of my life to.

Even as Brendan announced his departure, he provided next steps to advancing the mission by reaffirming Mozilla’s focus on users. The direction he provided could put the non-profit Mozilla as a users union leader to push back the bullying aspects of the Internet that prey on individuals (think of privacy policies or terms of services) and instead flip that around to be pro-user [blog.mozilla.org].

I’m a Mozillian because the founders made Mozilla with the mission. I believed in the mission when I became a Mozillian, and I still believe in it now — especially with this golden opportunity for Mozilla to fight for users. I hope all Mozillians can continue to collaborate together to make the world a better place for everyone.

– Ed Lee

I’ve been blogging on the Labs blog about locally analyzing Firefox data [blog.mozilla.org] and helping users share that data while keeping users in control of their privacy. One area of ideas has involved users setting terms on how the shared data can be used, such as requiring temporary use of the data and increased transparency to let the user know what parts of the data was used.

Common web pattern of users agreeing to terms

So far what I’ve described seems compatible with the Open Web because Firefox can expose access to the user’s data through a web API such as geolocation where the user confirms or denies the request. One main difference is that the site agrees to the user’s data privacy contract — perhaps through an electronic signature. But even then, this difference isn’t too foreign because this digital agreement pattern seems common on the web — except most of the time, it’s the user agreeing to the site’s terms.

One followup idea, regarding who is creating contracts, suggested a non-profit who cares about the Open Web and users’ privacy could be well suited to negotiate with web sites. Instead of having each user provide a user data privacy contract to each web site, Firefox could refer to a list of allowed domains that have already agreed to the non-profits requirements on how user data from the browser can be used. Of course Firefox would still give users control of what data is analyzed and to what detail is the data shared.

With these site-by-site contracts of agreeing to treat users’ data at a privacy level acceptable/required by the non-profit, it seems like a potential slow-but-steady way to improve the web for all parties: the site gets high quality user data, the user gets better personalized content, and Firefox protects privacy for users.

The tricky part here is that there would be a split between which web site have access to the web API: those who are contractually bound to treat users’ data correctly and those who are not. If Firefox only allowed access to web sites that have signed the contract, would this still be part of the Open Web? Is it necessary to have this as part of the Open Web? How about if general web access could be enabled through a user preference while also requiring user confirmation on a per-site basis from a scary looking dialog?

I’m sure there are plenty of other questions in this area of protecting users’ data while improving the Open Web experience. So please comment and provide your thoughts or questions!

I recently released about:trackers [addons.mozilla.org] as a proof-of-concept to explore ideas of how Mozilla can protect users’ data with terms and policies [blog.mozilla.org] even after the data is shared to web sites. The term it simulates is if a site (that had access to your Firefox data) would have been able to follow you across too many sites, Firefox would stop sending cookies with those requests to reduce the risk of your user data get mixed with those sites.

I’ve been using about:trackers for a few weeks, and I’ve noticed some interesting side-effects of the add-on with social networks. But first to provide some more context, I’ll give some of my very informal observations on one aspect of how people use social networks.

People often log out of social networking sites when they aren’t actively using them. I’m not sure if they want to stop seeing their face on other websites (e.g., in comment boxes), or they don’t want the social network to be able to follow them to all the articles they read that have sharing widgets, or they just don’t want someone else from being able to post as them when they’re not around. Facebook even seems to leverage this fact that people often end up on the logged out screen and now shows content to users on that page.

Appearing logged out of Facebook when actually logged in

The interesting side-effect of the default policy in about:trackers is that I now appear logged out to Facebook even though I’m still logged in to Facebook. Now I can browse the web without actively logging out of Facebook when I’m done. This save me time from logging back when I want to use Facebook and logging out at the end while getting the best of both.

I can still see Facebook content on other sites such as the number of likes a page has and the Facebook comments because the embedded content is still getting requested — just without my personalization cookie sent to the servers. I do admit that I don’t actively click on like buttons or post comments, and some quick tests seem to indicate that functionality is not working.

Now that Social API is available for testing with Facebook [blog.mozilla.org], users have more reason to stay logged in all the time because they get easy access to friend updates and are a single click away to chat from whatever tab they are viewing in Firefox via the Social sidebar. But for some those who would have wanted to appear logged out otherwise, this unintended feature of about:trackers could help give more control back to users.

Edit: Tom just posted on the Privacy blog about this topic of being social with privacy in mind [blog.mozilla.org], and he goes into more detail about what happens now on the web with social networks. He also points out how the Social API can lead to better privacy because users are in control of when they inform Facebook of a URL by clicking the Like button in the location bar. Looks like both of us are helping users get more control of their data and privacy, and these two posts show that there are multiple options to get there.