Mobile/Projects/Firefox Accounts with Sync 1.1 integration

Goals

The goal of this MVP release is primarily to provide an easy way for users to replicate their Firefox browser experience across any desktop, mobile or tablet screen. Broken down, this includes:

• Introducing "Firefox Account" to Android users
• Providing a much-improved mechanism for sign-up and sign-in to a functional sync experience
  • Objective: reduce barrier to entry to sign-up to use sync functionality
  • Objective: reduce number of failed attempts in setting up the account
• Utilise the existing sync service as the first valuable service attached to Firefox Accounts

The underlying tactics to achieve these goals are to:

• Integrate Firefox Accounts with the Current, Existing Sync (v 1.1) service
• Improve the sign-up and sign-in flow for sync via Firefox Accounts (username & password)
• Promote sync in-product and in product marketing materials
• Only ONE flag day is allowed
  • Applicable for current users of sync and new users of Firefox Accounts integrated with current sync
  • ie when 'new sync / next.sync' is available, no user action must be required

Non-goals

• Simultaneous syncing across existing sync account with Firefox Account
• No support in syncing over reading lists or any home page management
• No support for syncing add-ons between Desktop and Firefox for Android
• No support for syncing of FxOS data types (including browser information)
• No support for syncing Marketplace data types
• No explicit UX in Firefox for Windows 8 Touch (metro) - only classic Desktop will contain the UX for Firefox Account and Sync management

Common MVP - requirements

General

• Users can create a Firefox Account
• Users can delete their Firefox Account
• Firefox Account will enable the current Sync (v1.1) service
• Users can sign in to their Firefox Account
• Users can sign out of their Firefox Account
• No support for federated accounts (although it is understood persona may be leveraged)
• Current sync functionality must be supported, with the following being must-haves:
  • Bookmarks must be synced, with no requirement to manage bookmarks from the non-originating
  • History must be synced (to make the awesomebar relevant) using the current sync algorithm for number of days we sync
  • Passwords must be synced to make the mobile experience that much tighter
  • Security standards must be adhered to in order to protect my saved passwords during syncing
  • Add-ons must be synced between desktop machines only
• ?? 'Clearing Private Data' in the Settings menu results in a new UX flow that educates users on what this means when a user has a Firefox Account that enables sync
  • Give the choice to either delete : A) session data from 'my FxA that enables sync' so that it doesn't get synced across (and back again); or B) all of my data from 'my FxA that enables sync' ??
• 'Sync' as a name remains unchanged in the UI or corresponding materials

Set-up & Account Management

• When a user first installs Firefox, a prompt will be presented to create a Firefox Account to enable Sync
• Creation of a Firefox Account is via username (email address) and password
• COPPA requirements when creating a Firefox Account must be adhered to within the creation flow
• Present to the user what data will be synced and how this relates to their Firefox experience
  • Includes messaging what 'history' really means to the user and what benefit syncing history provides
  • Provide an option for which sync data types can be synced before the initial sync begins, applied to the Firefox Account level and not on a per-device level
  • https://wiki.mozilla.org/User_Services/Sync/Datatype_Selection_Fx29
• Users must not be forced to set up a Firefox Account if they either wish to defer the setup experience or never sign up at all. In this case, the user must be able to continue using the browser as expected, but without any benefits to having a Firefox Account
  • This also means the user will not be able to benefit from sync - if a user wishes to set up sync, they can only do so via a Firefox Account come the introduction of Firefox Accounts
• Users with an existing current Sync account (2+ devices attached to existing sync) must still be able to continue using their sync account using their existing connected devices for a transition period (minimum 3 months / 2 releases from when outbound communication has begun)
• Users with an existing current Sync account (2+ devices attached to existing sync) should have a link somewhere that they can follow to explain what Firefox Accounts is and that it will be 'coming soon', given that upsell / migration will not be available to them until Fx 30
• Users must be able to change their Firefox Account passwords
• Users must be able to reset their Firefox Account passwords
• For users who have not signed up to Firefox Account upon initial install, they may be notified or prompted to set one up in order to enable Sync
• For users who have not signed up to Firefox Account upon initial install, they must be able to initiate and complete the process from somewhere in the Menu

Existing sync

• By setting up Firefox Account on a desktop or Android device, users expect the sync experience to propagate across all attached instances where Firefox Account signed-in and used; including bookmarks, history (awesomebar results), passwords, ability to send open tabs, add-ons [between desktop instances only]
• Frequency of syncing should remain the same when we transition to the new account creation model

Detaching Sync

• If a user wants to disable or delete their Firefox Account from a particular desktop or Android device, data previously synced should still remain on other instances where Firefox Account is active
• If a user wants to disable or delete their Firefox Account from a particular desktop or Android device, data should be preserved locally so that 'sync' stops, but the browser's current behaviour does not change from when sync stopped

Security/Encryption

• It is expected that synced data is encrypted securely along with their Firefox Account password
• Security defaults should be the same as per existing Sync 1.1 logic, with higher-level security options available
  • Expected: all user data currently irrecoverable

Performance & Stability

• In the event of service interruption to Sync, this must have no impact with current use of the browser
• In the event of service interruption, all data that should be synced will sync once service is restored in a way that is seamless to the user and without degradation to browser usage

Desktop MVP - contextual user stories

1. As a Firefox user, I want the "core" functionality of Sync to remain the same in every respect once a Firefox Account based registration scheme replaces the crypto-based registration scheme so that I can continue to experience the same benefits from Sync in the future as I do today.

 Acceptance criteria
  1. Any data that is syncable in current Sync will be syncable when we introduce accounts
  2. Any choices a user has to customize current Sync will be available when we introduce accounts
  3. A user will not detect any difference in performance of Sync today and performance of Sync after we introduce accounts

2. As a user who currently has a Sync account, I can choose to migrate to FxA/Sync after the release of 29 so that I can benefit from having an FxA.

 Acceptance criteria
  1.A user of current sync can find detailed instructions on a Mozilla web property for how to transition from current sync to FxA/Sync
  2.A user can follow those instructions to transition successfully from current Sync to FxA/Sync
  3.After that user has transitioned from current sync to FxA/Sync they will only be able to manage their Sync preferences by signing-in to their Firefox Account.
  4.After transition, the default views for this users will change from current Sync views to FxA/Sync views

3. As a user who is not signed-in to Sync when I upgrade to 29, I want to be able to set-up FxA/Sync so that I can benefit from Sync and FxA.

 Acceptance criteria
  1. As a user I can enter the FxA/Sync set up process by: A)Clicking a promotional snippet B)Clicking the Sync icon in the footer of the about:home our about:newtab page C)Selecting "Sync set up" from the Firefox Tools menu 
  

4. As a product owner, I want to limit the amount of exposure that current sync users have to FxA/Sync, so that I can wait until we have a more streamlined transition flow before I more actively encourage them to transition.

 Acceptance criteria
  1.Users who are signed into sync when the upgrade to 29 will see nothing different in their Sync preferences from what they see today until they transition to FxA
  2.Users who are signed into sync when they upgrade to 29 will not see promotional language offered in a Snippet on their about:home page that pushes them to transition to FxA until they transition to FxA.

5. As a product owner, I want to prevent current sync users from making any change to their current sync settings unless they upgrade to FxA so that I can simplify current sync maintenance requirements.

 Acceptance criteria
  1.Users who are signed into sync when they upgrade to 29 will not be able to change any setting in their Sync preferences or add a new device
  2.If these users attempt to change their settings or add a device they will be directed to transition to FxA
  3.Users who are signed into sync and using a version of Firefox that predates 29 will not be allowed to make any changes to their Sync preferences or add a new device

6. As a product owner I want to prevent a user who has not yet set up a Sync account from creating a current sync account after the release of 29 so that I can more easily transition all users to FxA/Sync over time.

 Acceptance criteria
  1. After the release of 29, no user, on any version of Firefox will be allowed to create a current Sync account

7. As a user I want to be able to change or reset my password so that I can continue to use Sync even if I forget my Firefox Account password.

 Acceptance criteria
  1.A user can access Firefox Account settings
  2.A user can choose to change or reset their password from the settings 

8. As a user, I want to be able to sign-out of my Firefox Account so that I can decide to stop Syncing data on a particular client.

 Acceptance criteria
  1.A user can sign-out of her Firefox Account
  2.After the user has signed out of an account on a given client, no data will be shared with or from that client

9. As a user, I want to be able to sign-in to my Firefox Account so that I can decide to Sync data from a particular client if I have previously signed-out of that client.

 Acceptance criteria
  1.A user can sign-in to her Firefox Account
  2.After the user has signed-in to a particular client, data will resume syncing to/from that client

10. As a user, I want to create a Firefox Account so that I can use Sync to trade data across my Firefox clients.

 Acceptance criteria
  1.A user can create a Firefox Account
  2.A user can use their own email address and password of their choosing to create and account

11. As a user, I want to know how strong my chosen password is against security attacks so that I can determine the password strength I want.

 Acceptance criteria
  3.A user will see a "password strength" meter as they enter their password 

12. As a user, if I am prompted to set-up Sync, I want the option to defer so that I can choose to use Firefox without creating a Firefox Account or setting up Sync.

 Acceptance Criteria
  1.If a user is prompted to set-up Sync, he can choose not to
  2.If the user wishes to set-up Sync at a later time, he can.  

13. As a product owner, I want to send a verification email to each email address provided by an account creator so that I can provide necessary notifications to the user in the future

 Acceptance Criteria
  1.Users will receive a verification email after they submit their email address and password
  2.This email will be sent to the address provided by the user during the account creation process

14. As a user, I want to be able to verify my email address and my desire to set up a Firefox Account by clicking a link in the verification email I received from Firefox

 Acceptance Criteria
  1. Users can open the verification email
  2.Users can click a link in the email to verify their email address

15. As a user, I want to know that my account has been verified after I click a link in my verification email so that I know I have completed the process of setting up an account

 Acceptance Criteria
  1.After a user clicks a verification link in the email received from Firefox email address they will see a web page declaring a success state
 2. This page will open in their default browser
 3. If the default browser is something other than Firefox, this user will be directed to open Firefox
 

16. As a user, I want the option to review the ToS and Privacy Policy so that I can make sure I’m comfortable providing my information to Mozilla.

 Acceptance criteria
  1.Users can link to the ToS from the “Create Account” page
  2.Users can link to the Privacy Policy form the “Create Account” page
  3.Both the ToS and PP will open in New Tabs if clicked
  4.A user may accept or decline the ToS and/or PP
  5.If a user declines the FxA creation flow is stopped
  6.If a user accepts, the FxA creation flow continues

17. As a user, after I have verified my email address I want to be able to access my Sync Preferences so that I can choose what data I want to share across clients and begin syncing

 Acceptance criteria
  1.Users can access Sync Preferences after they have verified their account
  2.Users can choose to “Start Syncing” from the Preferences page
  3.Users can select to share “Everything” and will begin syncing all possible data
  4.Users can further customize what they want to share by selecting from the following list
   *Bookmarks
   *History
   *Passwords
   *Tabs
   *Add-ons (b/w Desktops only)
   *Preferences (b/w Desktops only)

18. As a user I want to tell Firefox how old I am so that I can be cleared for COPPA restricted activities

 Acceptance criteria
  1.Users will be asked to provide their year of birth on the account set up page where they enter their email address and password
  2.If a user enters a year that indicates their age is less than 13 years old on the day they attempt to set up an account she will be denied a Firefox Account
  3.If a user enters a year that indicates their age is at least 13 years old on the day they attempt to set up an account she will be granted a Firefox Account

19. As a user who is not signed-into Sync, I want the onboarding experience for Firefox 29 to include a strong call to action to set up Sync so that I can begin to take advantage of Sync and the value of Firefox Accounts.

 Acceptance criteria
 1. Users who are not signed-into sync when they upgrade to Firefox 29 will experience an interactive onboarding experience 
 2. This experience will include a strong call to action to set up Sync

Firefox for Android MVP - contextual user stories

Set-up & Account Management

• As a Firefox for Android user, I want the option of setting up a new Firefox Account when I first install Firefox, so I can sync my browser data between my devices.
• As a user, I want a way to clearly understand what data Sync is actually Syncing, what that data means in terms of my browser functionality, and what happens to that data when I have logged out of my Firefox Account.
• As a user, I want to set up a Firefox Account using an email address and password of my choice, so I am not required to use any particular third-party sign-in service - I am comfortable using an email address of my choice for this purpose.
• As a user, I don't want to be forced to create a Firefox Account when I first start using Firefox, so I can start using the browser as quickly as possible once I've downloaded and installed it.
• As a user, I want all of my data (history, bookmarks, etc.) to be saved on my local machine whether or not I've set up a Firefox Account, so I am still able to build up a collection of data and personalize my Firefox experience over time.
• As a user, I want to be able to change the password for my Firefox Account data from any device that allows me to sign into my Firefox Account, so if someone does steal my laptop or other mobile device they won't be able to access any new data that is added to my Sync Account, even though they will be able to access the data that had been previously synced and is local on the device.
• As a user, I want to be able to reset the password for my Firefox Account data from any device that allows me to sign into my Firefox Account, so I can continue using my Firefox Account even if I have forgotten my password.
• As a user, I want to be prompted to create a Firefox Account when I first install my browser, but I want it to be easy to dismiss that prompt either forever (so I don't get bothered again), or to be reminded again later in a day or two (so I remember to look at it in more detail another time). I also want it to be very easy to get more details about what a Firefox Account is and why I would want it before I go through the process of creating one.
• As a user, I want to be able to go into a settings menu to create my Firefox Account, so that I can set up it up in my own time.
• As a user, when I select 'Clear Private Data' in my browser, I need to be educated on what my choices are in how it relates to my Sync functionality so that I don't inadvertently have the wrong expectations about its behaviour.

Core existing sync user stories

• As a user, I want to be able to pick up any new device and replicate my Firefox experience so I don't have to repeat a bunch of work I've already done on another device or computer.
• AWESOMEBAR & HISTORY - As a user with several devices, I want my core Firefox experience to be available on all devices, so I don't have to spend a lot of time rebuilding my awesomebar experience or other personalizations on each. (Equal to whatever parity with current Sync is in terms of # of days of history.)
• PASSWORDS - As a user, if I have typed in and stored a password in Firefox on one device or computer, I don't want to have to type and store that password again on any of my other devices so my web accounts & passwords are magically available on all of my devices (especially important so I don't make typing mistakes on my mobile and become frustrated!).
• OPEN TABS - As a user, I want the option of syncing my tabs from other devices so I can pick up where I left off when I switch to another device. (current Sync behaviour). NB: not married to this use-case for MVP.
• BOOKMARKS - As a user, I want all of my bookmarks to be synced across my devices, although I don't expect full bookmark management tools on mobile devices. Any bookmarks I create while on mobile devices should be put into a single "Mobile" (or similar) folder which is then synced. Desktop bookmark organization & behaviour should not change and vice versa.
• As a user, I expect Firefox Sync to sync my data relatively frequently, but not instantly.

Detaching Sync

• As a user, I want to be able to stop Syncing to preserve data costs on my mobile, but be able to preserve the ability to sync when I resume syncing again.

Security/Encryption

• As a user, I expect Firefox Sync to securely encrypt all my Firefox server data with my Firefox Account password.

Performance & Stability

• As a user, in the event of Sync service interruptions, I expect to be able to use my browser and previously-synced local data as normal, even if Firefox cannot access the Sync servers for an extended period of time.

Migration

Strategy

• We want to encourage existing Sync users to migrate to a Firefox Account, without harming the experience of users who aren't ready to move for a minimum period of 3 months from when outbound communication has begun.
• There must be overlapping support for current sync account who haven't signed up to Firefox Account and to the new Firefox Account & sync v1.1 for a minimum period of 3 months from when outbound communication has begun
• As feasible, we want to encourage existing sync users to sign up to a Firefox Account
  • User data is preserved (same sync) but the sign-in process will differ, including security defaults
  • If this is NOT feasible, we must not promote any in-product snippets to existing sync users until we can ensure good migration is supported

Migration mechanism

• Detect specific states.
  • Non-email Sync account name. No migration possible.
  • Single device. Encourage migration! No partitioning possible!
  • Self-hosted. Offer to migrate to Mozilla's system if there's no locked pref to indicate that that's not desirable, provide docs to support continued self-hosting, inform the user of decommissioning plans so they can make an informed choice.
• Offer to set up a new Firefox Account using their same email address. Enter the normal account setup flow, which will take care of email verification. Don't reuse the password -- it's gone over the wire, many users won't remember it, and it's probably neither strong nor memorable.
• Preserve data syncing preferences, also allowing user to make new decisions at this point.
• Write decommissioning sentinel into the old Sync account. (bug 895526, bug 895518.)
• Disable or delete local Sync.old account.
• Clean up local prefs for sanity.
• Configure to intercept old account hooks e.g., Send Tab intents.

Open questions, issues and action items

Please strikethrough when complete. Thanks!

• Who owns Firefox Accounts & Sync from a product marketing perspective - [eric] is the assumption since he is handling Firefox product marketing currently (although he's brand new :) )
• Who will handle the SUMO articles, etc (respective product lines?) - [roland] Ibai's Garcia team (probably Michael Verdi + new hire who starts in Jan 2013) will write all required SUMO Sync articles on all products; Roland Tanglao will be reviewer and approver for Android SUMO sync articles
• Will each QA contact within each product line be responsible for testing Firefox Accounts & Sync behaviour? - [Tauni] talking to QA
• Any implications relating to FxOS support in terms of Firefox Accounts flows or behaviour? - We all assume not, but needs to be verified.
• Any implications relating to FxOS support in terms of existing Sync behaviour? - Need confirmation of FxOS FxA timing, roll-out and support plans to manage use-cases of one Firefox Account across non-FxOS and FxOS screens
• Do we gain any time by not supporting 'send open tab' or any other current sync feature?
• Need data to understand:
  • How many sync users are Android users
  • How many of the Android sync users are daily users
  • What, in majority, are they syncing
  • Do we have data on failed sign-up attempts
  • How many users 'send open tab'
• Change security defaults to allow recovery of bookmarks and history at a minimum if a user forgets their password, with the ability to provide optional, higher-security measures in the sync settings for those users who wish to upgrade their security at the expense of irrecoverable data - requirement deferred to next iteration of sync when the security model can be modified
• Modifications to the security defaults and inclusion of optional, higher-security measures - requirement deferred to next iteration of sync when the security model can be modified

[old mvp bug tracking]

• Sync MVP bug tracking
• Bugs may still be relevant, so just keeping here for the moment until they can be flushed out as needed or not