Privacy/Roadmap/Tracking: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Removed obsolete Lightbeam items and link to real TP page)
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Do-Not-Track Evolving =
== Background ==
This document is a high-level plan for Mozilla's Do-Not-Track and related features (including non-feature efforts) that help users control how they are tracked across the web.
Tracking is any technique that can be used to accumulate history (purchases, browsing, messaging) and associate it with a particular person. There are many reasons for organizations to engage in tracking, including behavioral advertising, customized content, conversions, and government surveillance. Many of these reasons are legitimate -- in fact advertising revenue subsidizes almost all free web content. However, a combination of industry and government forces have aligned in a way to incentivize silent, invisible wholesale data collection of personal information. Because typical users don't recognize when or how data collection happens, it essentially takes place without user consent.


== Vision ==
In this roadmap we focus on three major sources of tracking:
* Tracking for the purposes of advertising
* Tracking via social widgets, such as the Facebook "Like" button, the Twitter retweet button, or the Google +1 button
* Tracking via physical devices such as mobile phones.


The underlying goals of this effort are to instill users with control over their data, provide greater transparency in data sharing practices, and in general bring consumers in touch with how their data is shared, brokered and used throughout the web. We will accomplish this through a variety of directions including incentives for disclosure of behavior, technology to remove ambiguities with respect to intent of consumers and sites, as well as technological levers to facilitate fair and honest use of consumers' private data.
== Goal: Firefox users know when they are being tracked ==
Lightbeam is a Firefox addon that enables users to visualize network connections. Lightbeam already does a good job at showing users their network connections. We want to make Lightbeam even more powerful by translating this information into a human-understandable format: who is tracking you, and what can you do about it? The [https://github.com/mozilla/lightbeam/wiki/Lightbeam-Roadmap Lightbeam roadmap] discusses improvements to visualization, including per-tab visualization and automatically identifying tracking domains.


In working towards a better web, we are focused on the following consumer-focused outcomes from this work.  A user should be able to assert the following claims:
== Goal: Firefox users can avoid being tracked ==
# I know what tracking is
# I know who is tracking me
# I can tell them to stop tracking me
# I can discern if they listened to my request to stop
# I can stop sites from tracking me if they don't listen


All of the features or efforts on this roadmap should aim for at least one of these outcomes.
=== Tracking protection in Firefox ===


= Execution Plan =
See [[Security/Tracking protection]].


==Step 1: Do-Not-Track HTTP Header==
=== Tracking protection from social widgets ===
Social widgets such as the Facebook “Like” button and the Google “+1” button can be used for tracking,  are embedded on 20% of sites worldwide and generate billions of impressions daily. These widgets transmit identifiers such as cookies on load, regardless of whether the user interacts with the widget. In some cases the NSA has used this feature to identify surveillance targets [http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/].


Consumers need a way to tell web sites what they think of tracking.  In its
For users who have a first-party relationship with these service providers, blocking network loads entirely is not an option. However, we can improve privacy properties of these widgets by doing one of the following:
first incarnation, this voice is a DNT header broadcast as consumers' choice to
* Serve the widgets from locally cached copies so that no network traffic is sent unless the user interacts with the widgets.
"tell sites I do not want to be tracked." This feature may evolve into something slightly more complex, but the
* Block cookies on network requests that serve these widgets until the user interacts with the widget.
technology begins as a broadcast of what the user wants.


{|class=wikitable
=== Physical tracking protection ===
! Priority
Physical tracking is becoming increasingly important in brick-and-mortar stores [[http://centerformediajustice.org/wp-content/files/WALMART_PRIVACY_.pdf]]. Because networked devices broadcast their MAC address during wireless network discovery, simply entering the range of a wireless access point enables the wireless provider to track the device, whether or not the device connects successfully to the network. Wifi tracking is something that can only be tacked at the OS level.
! Item
! Status
! ETA
! Owner
! Outcomes
|-
| P1 || Implement DNT header
| {{StatusHealthy|status={{bug|628197|Done}}}} || Firefox 4 || Sid Stamm
| 1,3
|-
| P1 || Implement DNT header for Mobile
| {{StatusHealthy|status={{bug|648654|In Aurora}}}} || Firefox 5 || Sid Stamm
| 3
|-
| P2 || Make DNT signal accessible from the navigator global object
| {{StatusBlocked|status={{bug|629535|Ongoing Discussion}}}} || ? || Sid Stamm
| 3
|-
| P2 || Make DNT documentation and pref accessible from first-run page
| Not Started || ? || Sid Stamm
| 1,3
|}
 
==Step 2: Visualizing Tracking==
 
The next class of work that needs to be done to aid transparency and control in
tracking is to show consumers exactly what's going on with their browsing
history.  We must make accessible to Firefox users  the tracking beacon and
first-third party relationships that show up as they browse the web.
 
{|class=wikitable
! Priority
! Item
! Status
! ETA
! Owner
! Outcomes
|-
| P1 || [[Privacy/Features/Tracking_Map|Tracking Map]]
| {{StatusHealthy|status=investigating places DB, creating script to mine it}}
| Q3 2011 || Sid Stamm
| 2
|-
| P2 || [[Privacy/Features/Privacy reports|Based on hit-relationship graph, create visual representation so users
can identify which sites are tracking them (and from where)]]
| Not Started (depends on graph creation) || ? || Sid Stamm
| 1, 2
|}
 
==Step 3: Establishing Trust==
 
Once tracking can be identified, it's important for users to be able to discern
"acceptable" tracking from "unacceptable" tracking and adjust how they interact
with sites they trust.
 
{|class=wikitable
! Priority
! Item
! Status
! ETA
! Owner
! Outcomes
|-
| P2 || Improve Site identity button to show more about how you've interacted with a site in the past (relationship gauge)
| Not Started || ? || ?
| 3
|-
| P2 || Opt-back-in-from-DNT capability (so sites can ask you to turn off DNT for their site
| Not Started || ? || Sid Stamm
| 2,4
|-
| P2
| [[Privacy/Features/Third-party cookie API|API for allowing sites to request use of third-party cookies]]
| Not Started || ? || ?
| 2
|-
| P3
| [[Privacy/Features/Unified privacy API|API for allowing sites to request various other capabilities like geolocation, a:ping, localstorage, etc]]
| Not Started || ? || ?
| 2
|}
 
==Step 4: Reducing Tracking from Untrusted Parties==
 
Not all sites will honor simple requests, so it is necessary to build in
features to enhance user control of tracking.
 
{|class=wikitable
! Priority
! Item
! Status
! ETA
! Owner
! Outcomes
|-
| P2 || [[Privacy/Features/Tracking alert|Alert mechanism or auto-disabling of third party cookies when excessive tracking is encountered.]]
| Not Started || ? || Sid Stamm
| 2, 4, 5
|}

Latest revision as of 07:30, 10 July 2015

Background

Tracking is any technique that can be used to accumulate history (purchases, browsing, messaging) and associate it with a particular person. There are many reasons for organizations to engage in tracking, including behavioral advertising, customized content, conversions, and government surveillance. Many of these reasons are legitimate -- in fact advertising revenue subsidizes almost all free web content. However, a combination of industry and government forces have aligned in a way to incentivize silent, invisible wholesale data collection of personal information. Because typical users don't recognize when or how data collection happens, it essentially takes place without user consent.

In this roadmap we focus on three major sources of tracking:

  • Tracking for the purposes of advertising
  • Tracking via social widgets, such as the Facebook "Like" button, the Twitter retweet button, or the Google +1 button
  • Tracking via physical devices such as mobile phones.

Goal: Firefox users know when they are being tracked

Lightbeam is a Firefox addon that enables users to visualize network connections. Lightbeam already does a good job at showing users their network connections. We want to make Lightbeam even more powerful by translating this information into a human-understandable format: who is tracking you, and what can you do about it? The Lightbeam roadmap discusses improvements to visualization, including per-tab visualization and automatically identifying tracking domains.

Goal: Firefox users can avoid being tracked

Tracking protection in Firefox

See Security/Tracking protection.

Tracking protection from social widgets

Social widgets such as the Facebook “Like” button and the Google “+1” button can be used for tracking, are embedded on 20% of sites worldwide and generate billions of impressions daily. These widgets transmit identifiers such as cookies on load, regardless of whether the user interacts with the widget. In some cases the NSA has used this feature to identify surveillance targets [1].

For users who have a first-party relationship with these service providers, blocking network loads entirely is not an option. However, we can improve privacy properties of these widgets by doing one of the following:

  • Serve the widgets from locally cached copies so that no network traffic is sent unless the user interacts with the widgets.
  • Block cookies on network requests that serve these widgets until the user interacts with the widget.

Physical tracking protection

Physical tracking is becoming increasingly important in brick-and-mortar stores [[2]]. Because networked devices broadcast their MAC address during wireless network discovery, simply entering the range of a wireless access point enables the wireless provider to track the device, whether or not the device connects successfully to the network. Wifi tracking is something that can only be tacked at the OS level.

Retrieved from "https://wiki.allizom.org/index.php?title=Privacy/Roadmap/Tracking&oldid=1084060"