MozillaWiki

Privacy/Roadmap 2011

< Privacy
Revision as of 18:37, 23 August 2011 by Sidstamm (talk | contribs) (→‎Improve Private & Semi-anonymous Browsing)

< Product Roadmaps

Privacy100.png Privacy and User Control 2011 Roadmap
Owner: Sid Stamm Updated: 2011-08-23
The vision behind Mozilla's 2011 privacy roadmap is focused on users, calling for increased anonymity on the web, starting with sensible privacy defaults, giving users the ability to make informed choices about disclosing their information, facilitating web transparency so users understand how their data is being collected and used, and allowing for flexibility while maintaining sensible baselines for those who are not interested in privacy.
Draft-template-image.png THIS PAGE IS A WORKING DRAFT Pencil-emoji U270F-gray.png
The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly.
If you have any questions or ideas, please add them as a new topic on the discussion page.


Vision:

  • Provide Increased Anonymity -- users who don't want to be fingerprinted should still be allowed to surf the web with reasonable expectations of pseudo-anonymity.
  • Start with Sensible Defaults -- where possible, default to non disclosure of information
  • Provide User-Informed Choice -- provide users contextually helpful, timely, and understandable choices when disclosing information
  • Facilitate Web Transparency -- help sites and service providers be transparent with their data collection and use practices
  • Allow but don't require Flexibility -- provide users flexibility to customize their defaults, but maintain sensible baselines for those less invested in privacy

Operating Principles:

Mozilla uses a set of privacy operating principles as guidelines as we do work to grow the Web. Those principles that specifically relate to privacy in Firefox are:

Transparency / No Surprises
Only use and share information about our users for their benefit and as disclosed in our notices.
Real Choice
Give our users actionable and informed choices by informing and educating at the point of collection and providing a choice to opt-out whenever possible.
Sensible Defaults
Establish default settings in our products and services that balance safety and user experience as appropriate for the context of the transaction.
Limited Data
Collect and retain the least amount of information necessary for the feature or task. Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users, or developers

Themes and Goals:

Here the concrete goals are segmented into themes. Some goals may potentially fit into multiple themes, but are only identified here under the most relevant one.

Each specific goal relates to either Firefox (product users/web sites) or the ecosystem (standards bodies, other products' users) or both. They are annotated as such.

NOTE: these goals are tentative and more may be added or some may be dropped.

Improve Private & Semi-anonymous Browsing

{{#ask: Feature roadmap::PrivacyFeature theme::Improve Private & Semi-anonymous Browsing | ?# | ?Feature name# | ?Feature priority# | ?Feature stage# | ?Feature version# | ?Feature product manager# | ?Feature feature manager# | mainlabel=- | sort=Feature priority, Feature stage | format=template | limit=500 | template=FeatureListTable }}
Pr Feature Stage Release target Product manager Feature manager
P3 Explore randomizing non-essential HTTP request data that can be used for fingerprinting Concept ` Sid Stamm `
P3 Investigate simplifying Private Browsing Mode into profile switching. Concept ` Sid Stamm `
P3 Explore potentially using a journaled profile service so all modifications to a profile can be rolled back when user exits private mode Concept ` Sid Stamm `

Secure Network Connections

Priority Item Status Eta Owner
P1 Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request, allowing add-ons greater scrutiny of secure connections before they are used. not started ? ?
P2 Help users understand which bits are unencrypted (e.g., identify form fields that will be transmitted in the clear) not started ? ?
P2 Identify and deploy a "safe" mixed-content SSL/TLS mode, displaying "secure" UI indicators to users. (e.g., http images + https html is safe) not started ? ?

Deploy Safe and Rational Defaults

Priority Item Status Eta Owner
P1 Reduce the amount of information sent with the HTTP Referer header bug 587523 not started ? ?
P3 Explore turning off more fingerprinting entropy sources not started ? ?

Enable Control of Tracking and Third-Party Sharing

Privacy/Roadmap/Tracking shows more detail on the third-party tracking work.

Priority Item Status ETA Owner
P1 Develop "tracking alert" that informs users when an entity is tracking them across sites. not started ? ?
P2 Create API so sites can request third-party cookies (may tie into next goal) bug 422357 not started ? ?
P2 Create unified API for sites to request additional potentially privacy-sensitive features like geolocation, a:ping, local storage, etc. not started ? ?
P2 investigate implementing ping attribute for explicit tracking for honest organizations who want to track when users consent. not started ? ?
P2 Geolocation: Disable automated discovery not started ? ?
P2 Cookie tagging (category labels for cookies to facilitate logout clearing, categorical blocking, etc not started ? ?
P3 Geolocation: Let the user pick where they are or lie using a map or other UI (Map could be assisted by automated discovery) not started ? ?
P3 Explore disabling third-party cookie sending by default not started ? ?

Enhance User Controlled Disclosure

Priority Item Status Eta owner
P1 Plugin awareness of users privacy prefs (e.g., clear history) bug 508167 in progress ? ?
P1 In-flight as-it-happens control of disclosure (versus a preference pane) not started ? ?
P1
P2 Improve the geolocation UX so it's better connected to the user (user knows when geolocation data is being used) bug 630614 in progress ? ?
P2

Enrich Add-ons

Priority Item Status Eta owner
P1 Use privacy icons or similar to show what capabilities add-ons have Not Started ? ?
P2 Migrate as many add-ons as possible to a capabilities manifest system as proposed for Jetpack (add-ons ask for capabilities and that's all they get to do). Not Started ? ?

Improve Local Privacy

Priority Item Status Eta owner
P1 Improve the UX on master password so that it is comfortable to be used by default. ("Log-In to your Browser") not started ? ?
P2 Require master password when using Sync to protect locally stored passwords. not started ? ?

Improve User Authentication

Priority Item Status Eta owner
P1 Improve transparency of authentication state so users know when they're sending credentials to sites (and which ones) not started ? ?
P2 Deploy an API for sites to trigger second-factor authentication (e.g., SMS) through the browser. not started ? ?

Research & Understand Data Sharing

Priority Item Status Eta owner
P1 Leverage information we have about sites' data sharing habits to publish anonymous statistics on privacy practices (Test Pilot?) not started ? ?
P2 Find a way to visualize and present to users the way a site interacts with other entities (sharing cookies, XHR, etc). This can help them understand data sharing patterns. (beltzner: Privacy Reports) not started ? ?
P2 Use concept series to harness designers' talent in finding a good way to represent data sharing patterns to users. not started ? ?

Roadmap

Links to implementation plan and progress:

Retrieved from "https://wiki.allizom.org/index.php?title=Privacy/Roadmap_2011&oldid=342388"