< Product Roadmaps

	THIS PAGE IS A WORKING DRAFT
	The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly. If you have any questions or ideas, please add them as a new topic on the discussion page.

Vision:

• Provide Increased Anonymity -- users who don't want to be fingerprinted should still be allowed to surf the web with reasonable expectations of pseudo-anonymity.
• Start with Sensible Defaults -- where possible, default to non disclosure of information
• Provide User-Informed Choice -- provide users contextually helpful, timely, and understandable choices when disclosing information
• Facilitate Web Transparency -- help sites and service providers be transparent with their data collection and use practices
• Allow but don't require Flexibility -- provide users flexibility to customize their defaults, but maintain sensible baselines for those less invested in privacy

Operating Principles:

Mozilla uses a set of privacy operating principles as guidelines as we do work to grow the Web. Those principles that specifically relate to privacy in Firefox are:

• Transparency / No Surprises. Only use and share information about our users for their benefit and as disclosed in our notices.
• Real Choice. Give our users actionable and informed choices by informing and educating at the point of collection and providing a choice to opt-out whenever possible.
• Sensible Defaults. Establish default settings in our products and services that balance safety and user experience as appropriate for the context of the transaction.
• Limited Data. Collect and retain the least amount of information necessary for the feature or task. Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users, or developers

Themes:

Here the concrete goals are segmented into themes. Some goals may potentially fit into multiple themes, but are only identified here under the most relevant one.

Each specific goal relates to either Firefox (product users/web sites) or the ecosystem (standards bodies, other products' users) or both. They are annotated as such.

Improve Private & Pseudoanonymous Browsing

Secure Network Connections

• Help users understand which bits are unencrypted (e.g., identify form fields that will be transmitted in the clear)
• Identify and deploy a "safe" mixed-content SSL/TLS mode, displaying "secure" UI indicators to users. (e.g., http images + https html is safe)
• Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request, allowing add-ons greater scrutiny of secure connections before they are used.

Deploy Safe and Rational Defaults

• Reduce the amount of information sent with the HTTP Referer header
• Explore turning off more fingerprinting entropy sources

Enable Control of Tracking and Third-Party Sharing

• Disable third-party cookies by default
• Create API so sites can request third-party cookies (may tie into next goal)
• Create unified API for sites to request additional potentially privacy-sensitive features (geolocation, a:ping, local storage, etc)
  • DougT started on this. Initally was going to be part of the desktop notification w3c wg, but was punted out.
• Develop "tracking alert" that informs users when an entity is tracking them across sites.
• investigate implementing ping attribute for explicit tracking for honest organizations who want to track when users consent.
• Changes to Geolocation
  • Disable automated discovery
  • Let the user pick where they are using a map or other UI
  • Map could be assisted by automated discovery

Enhance User Controlled Disclosure

• Plugin awareness of users privacy prefs (e.g., clear history)
• In-flight as-it-happens control of disclosure (versus a preference pane)
• Better site-based data management UI
• Improve the geolocation UX so it's better connected to the user (user knows when geolocation data is being used)

Enrich Add-ons

• Use privacy icons or similar to show what capabilities add-ons have
• Migrate as many add-ons as possible to a capabilities manifest system as proposed for Jetpack (add-ons ask for capabilities and that's all they get to do).

Improve Local Privacy

• Explore requiring master password when using Sync to protect locally stored passwords.
• Improve the UX on master password so that it is comfortable to be used by default. ("Log-In to your Browser")

Improve User Authentication

• Account Manager
• Improve transparency of authentication state so users know when they're sending credentials to sites (and which ones)
• Explore deploying an API for sites to trigger second-factor authentication (e.g., SMS) through the browser.

Research & Understand Data Sharing

• Find a way to visualize and present to users the way a site interacts with other entities (sharing cookies, XHR, etc). This can help them understand data sharing patterns. (beltzner: Privacy Reports)
• Leverage information we have about sites' data sharing habits to publish anonymous statistics on privacy practices (Test Pilot?)
• Use concept series to harness designers' talent in finding a good way to represent data sharing patterns to users.

Roadmap

This is our plan for Product Privacy and Data Control improvements in the upcoming Firefox releases.

Firefox 4

• extend privacy control to plugins
• locally encrypt passwords and form data by default
• put behavioural tracking in user's control (opt-in)
• reduce browser signature in UA header and other inspectible APIs

Firefox 5

• consolidate site permissions into single manager
• provide actionable controls per-site

Firefox 6

Firefox 7