Privacy/Roadmap 2011: Difference between revisions
< Privacy
Jump to navigation
Jump to search
| Line 65: | Line 65: | ||
=== Secure Network Connections === | === Secure Network Connections === | ||
{| | {|class=wikitable | ||
! Priority | |||
! Item | |||
! Status | |||
! Eta | |||
! Owner | |||
|- | |- | ||
| | | P1 || Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request, allowing add-ons greater scrutiny of secure connections before they are used. | ||
| | | not started || ? || ? | ||
| | |||
| | |||
|- | |- | ||
| | | P2 || Help users understand which bits are unencrypted (e.g., identify form fields that will be transmitted in the clear) | ||
| not started || ? || ? | |||
|- | |- | ||
| P2 || Identify and deploy a "safe" mixed-content SSL/TLS mode, displaying "secure" UI indicators to users. (e.g., http images + https html is safe) | |||
| not started || ? || ? | |||
| P2 || Identify and deploy a "safe" mixed-content SSL/TLS mode, displaying "secure" UI indicators to users. (e.g., http images + https html is safe) || | |||
|} | |} | ||
Revision as of 17:54, 22 April 2011
 |
Privacy and User Control 2011 Roadmap | |
| Owner: Sid Stamm | Updated: 2011-04-22 | |
| The vision behind Mozilla's 2011 privacy roadmap is focused on users, calling for increased anonymity on the web, starting with sensible privacy defaults, giving users the ability to make informed choices about disclosing their information, facilitating web transparency so users understand how their data is being collected and used, and allowing for flexibility while maintaining sensible baselines for those who are not interested in privacy. | ||
|
THIS PAGE IS A WORKING DRAFT | 
|
| The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly. If you have any questions or ideas, please add them as a new topic on the discussion page. |
Vision:
- Provide Increased Anonymity -- users who don't want to be fingerprinted should still be allowed to surf the web with reasonable expectations of pseudo-anonymity.
- Start with Sensible Defaults -- where possible, default to non disclosure of information
- Provide User-Informed Choice -- provide users contextually helpful, timely, and understandable choices when disclosing information
- Facilitate Web Transparency -- help sites and service providers be transparent with their data collection and use practices
- Allow but don't require Flexibility -- provide users flexibility to customize their defaults, but maintain sensible baselines for those less invested in privacy
Operating Principles:
Mozilla uses a set of privacy operating principles as guidelines as we do work to grow the Web. Those principles that specifically relate to privacy in Firefox are:
- Transparency / No Surprises
- Only use and share information about our users for their benefit and as disclosed in our notices.
- Real Choice
- Give our users actionable and informed choices by informing and educating at the point of collection and providing a choice to opt-out whenever possible.
- Sensible Defaults
- Establish default settings in our products and services that balance safety and user experience as appropriate for the context of the transaction.
- Limited Data
- Collect and retain the least amount of information necessary for the feature or task. Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users, or developers
Themes and Goals:
Here the concrete goals are segmented into themes. Some goals may potentially fit into multiple themes, but are only identified here under the most relevant one.
Each specific goal relates to either Firefox (product users/web sites) or the ecosystem (standards bodies, other products' users) or both. They are annotated as such.
NOTE: these goals are tentative and more may be added or some may be dropped.
Improve Private & Pseudoanonymous Browsing
| Priority | Item | Status | ETA | Owner |
|---|---|---|---|---|
| P1 | Incorporate fingerprint-minimizing features into private browsing (Security/Anonymous Browsing). | not started | ? | ? |
| P2 | Explore randomizing non-essential HTTP request data that can be used for fingerprinting | not started | ? | ? |
| P2 | Per-tab/window private mode | not started | ? | ? |
| P3 | Investigate simplifying Private Browsing Mode into profile switching. | not started | ? | ? |
| P3 | Explore potentially using a journaled profile service so all modifications to a profile can be rolled back when user exits private mode | not started | ? | ? |
Secure Network Connections
| Priority | Item | Status | Eta | Owner |
|---|---|---|---|---|
| P1 | Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request, allowing add-ons greater scrutiny of secure connections before they are used. | not started | ? | ? |
| P2 | Help users understand which bits are unencrypted (e.g., identify form fields that will be transmitted in the clear) | not started | ? | ? |
| P2 | Identify and deploy a "safe" mixed-content SSL/TLS mode, displaying "secure" UI indicators to users. (e.g., http images + https html is safe) | not started | ? | ? |
Deploy Safe and Rational Defaults
| Priority | Item | Bug | Status |
| P1 | Reduce the amount of information sent with the HTTP Referer header | bug 587523 | not started |
| P3 | Explore turning off more fingerprinting entropy sources | - | not started |
Enable Control of Tracking and Third-Party Sharing
| Priority | Item | Bug | Status |
| P1 | Develop "tracking alert" that informs users when an entity is tracking them across sites. | - | not started |
| P2 | Create API so sites can request third-party cookies (may tie into next goal) | bug 422357 | not started |
| P2 | Create unified API for sites to request additional potentially privacy-sensitive features like geolocation, a:ping, local storage, etc. | - | not started |
| P2 | investigate implementing ping attribute for explicit tracking for honest organizations who want to track when users consent. | - | not started |
| P2 | Geolocation: Disable automated discovery | - | not started |
| P3 | Geolocation: Let the user pick where they are or lie using a map or other UI (Map could be assisted by automated discovery) | - | not started |
| P3 | Explore disabling third-party cookie sending by default | bug 564877 | not started |
Enhance User Controlled Disclosure
| Priority | Item | Status | Eta | owner |
|---|---|---|---|---|
| P1 | Plugin awareness of users privacy prefs (e.g., clear history) bug 508167 | in progress | ? | ? |
| P1 | In-flight as-it-happens control of disclosure (versus a preference pane) | not started | ? | ? |
| P1 | ||||
| P2 | Improve the geolocation UX so it's better connected to the user (user knows when geolocation data is being used) bug 630614 | in progress | ? | ? |
| P2 | Implement DOMCryptAPI - a window property that exposes a fast, native crypto API to content JS bug 649154 | in progress | ? | ? |
Enrich Add-ons
| Priority | Item | Bug | Status |
| P1 | Use privacy icons or similar to show what capabilities add-ons have | - | not started |
| P2 | Migrate as many add-ons as possible to a capabilities manifest system as proposed for Jetpack (add-ons ask for capabilities and that's all they get to do). | - | not started |
Improve Local Privacy
| Priority | Item | Bug | Status |
| P1 | Improve the UX on master password so that it is comfortable to be used by default. ("Log-In to your Browser") | - | not started |
| P2 | Require master password when using Sync to protect locally stored passwords. | - | not started |
Improve User Authentication
| Priority | Item | Bug | Status |
| P1 | Improve transparency of authentication state so users know when they're sending credentials to sites (and which ones) | - | not started |
| P2 | Deploy an API for sites to trigger second-factor authentication (e.g., SMS) through the browser. | - | not started |
Research & Understand Data Sharing
| Priority | Item | Bug | Status |
| P1 | Leverage information we have about sites' data sharing habits to publish anonymous statistics on privacy practices (Test Pilot?) | - | not started |
| P2 | Find a way to visualize and present to users the way a site interacts with other entities (sharing cookies, XHR, etc). This can help them understand data sharing patterns. (beltzner: Privacy Reports) | - | not started |
| P2 | Use concept series to harness designers' talent in finding a good way to represent data sharing patterns to users. | - | not started |
Roadmap
Links to implementation plan and progress: