Privacy/Roadmap/2012
|
THIS PAGE MAY BE OUTDATED |
| This article is in parts, or in its entirety, outdated. Hence, the information presented on this page may be incorrect, and should be treated with due caution until this flag has been lifted. Help by editing the article, or discuss its contents on the talk page. |
 |
Privacy and User Control 2012 Roadmap | |
| Owner: Sid Stamm | Updated: 2018-04-19 | |
| The vision behind Mozilla's 2012 privacy roadmap is focused on users : calling for increased anonymity on the web, starting with sensible privacy defaults, giving users the ability to make informed choices about disclosing their information, facilitating web transparency so users understand how their data is being collected and used, and allowing for flexibility while maintaining sensible baselines for those who are not concerned with privacy. | ||
|
THIS PAGE IS A WORKING DRAFT | 
|
| The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly. If you have any questions or ideas, please add them as a new topic on the discussion page. |
Contents
Operating Principles:
Mozilla uses a set of privacy operating principles as guidelines as we work to grow the Web. Those principles that specifically relate to privacy in Firefox are:
- Transparency / No Surprises
- Only use and share information about our users for their benefit and as disclosed in our notices.
- Real Choice
- Give our users actionable and informed choices by informing and educating at the point of collection and providing a choice to opt-out whenever possible.
- Sensible Defaults
- Establish default settings in our products and services that balance safety and user experience as appropriate for the context of the transaction.
- Limited Data
- Collect and retain the least amount of information necessary for the feature or task. Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users, or developers
Outcomes:
Here are the desired major outcomes that are realized by completion of multiple features. Some features may potentially advance multiple outcomes, but are only identified here under the most relevant one.
Contextual Identity
People don't have a single identity in the real world or online. Instead they behave differently depending on the context. This is one of the reasons people use Private Browsing mode in Firefox, but it's not a perfect feature for that use case. It should be easy for users to easily switch contexts into a guest mode, borrow a browser, focus on semi-private information, bank securely, or act in one of the many other contexts they want to use throughout their life.
This outcome can be realized when users have an ability to quickly switch between contexts online and port their contexts to other use spots (such as other copies of Firefox) on the web.
| Pr | Feature | Stage | Release target | Product manager | Feature manager |
| P1 | Cookie tagging | Development | ` | Sid Stamm | ` |
| P1 | Multiple Cookie Jars | Draft | ` | Sid Stamm | Sid Stamm |
| P2 | Require master password when using Sync to protect locally stored passwords | Draft | ` | Sid Stamm | ` |
| P2 | Improve the UX on master password so that it is comfortable to be used by default | Draft | ` | Sid Stamm | ` |
| P2 | Improve Site identity button to show more about how you've interacted with a site in the past | Draft | ` | Sid Stamm | ` |
| P2 | Per-window Private Browsing | Landed | Firefox 20 | Sid Stamm | Josh Matthews |
| P3 | Plugin awareness of users privacy prefs | Draft | ` | Sid Stamm | ` |
| P3 | Geolocation: Let the user pick where they are or lie using a map or other UI | Draft | ` | Sid Stamm | ` |
Tracking Control
Users must have control over their data, including greater transparency in data sharing practices, and in general bringing consumers in touch with how their data is shared, brokered and used throughout the web. A user should be able to assert the following claims:
- I know what tracking is
- I know who is tracking me
- I can tell them to stop tracking me
- I can discern if they listened to my request to stop
- I can stop sites from tracking me if they don't listen
This outcome can be realized when users can confirm each of the five abilities.
| Pr | Feature | Stage | Release target | Product manager | Feature manager |
| P1 | Shortened HTTP Referer header | Development | ` | Sid Stamm | Sid Stamm |
| P1 | Opt-back-in-from-DNT capability | Draft | ` | Sid Stamm | ` |
| P1 | Per-Site Third-Party Cookie Setting | Landed | Firefox 18 | ` | Monica Chew |
| P1 | Tracking Map | On hold | TBD - Not dependent on train schedule | Sid Stamm | Sid Stamm |
| P2 | "Tracking alert" to inform users when an entity is tracking them across sites | Draft | ` | Sid Stamm | ` |
| P3 | In-flight as-it-happens control of disclosure | Definition | ` | Sid Stamm | ` |
| P3 | Find a way to visualize and present to users the way a site interacts with other entities | Draft | ` | Sid Stamm | ` |
| Unpri | investigate implementing ping attribute for explicit tracking for honest organizations who want to track when users consent. | Concept | ` | Sid Stamm | ` |
Not Yet Awesome Enough
Features or themes that are not easily executed because they need lots of design work, research, or need to be fully understood -- those fall into this category. These are good ideas, just not ready to be pushed out the door quite yet.
Cookie work (make cookies easier to control):
| Pr | Feature | Stage | Release target | Product manager | Feature manager |
| P2 | Create API so sites can request third-party cookies | Draft | ` | Sid Stamm | ` |
| P3 | Explore disabling third-party cookie sending by default | Concept | ` | Sid Stamm | ` |
And uncategorized features too.
| Pr | Feature | Stage | Release target | Product manager | Feature manager |
| P2 | Improve the geolocation UX so it's better connected to the user | Definition | ` | Sid Stamm | ` |
| P2 | Create unified API for sites to request additional potentially privacy-sensitive features | Draft | ` | Sid Stamm | ` |
| P2 | Improve transparency of authentication state so users know when they're sending credentials to sites (and which ones) | Draft | ` | Sid Stamm | ` |
| P2 | Deploy an API for sites to trigger second-factor authentication | Draft | ` | Sid Stamm | ` |
| P2 | Incorporate fingerprint-minimizing features into private browsing | Draft | ` | Sid Stamm | ` |
| P2 | Make DNT documentation and pref accessible from first-run page | Draft | ` | Sid Stamm | ` |
| P3 | Use privacy icons or similar to show what privacy policy add-ons have | Definition | ` | Sid Stamm | ` |
| P3 | mozCipherAddressbookAPI | Planning | ` | Chris Blizzard | Dietrich Ayala |
| P3 | Explore randomizing non-essential HTTP request data that can be used for fingerprinting | Concept | ` | Sid Stamm | ` |
| P3 | Investigate simplifying Private Browsing Mode into profile switching. | Concept | ` | Sid Stamm | ` |
| P3 | Explore potentially using a journaled profile service so all modifications to a profile can be rolled back when user exits private mode | Concept | ` | Sid Stamm | ` |
| P3 | Explore turning off more fingerprinting entropy sources | not started | ` | Sid Stamm | ` |
| P3 | Leverage information we have about sites' data sharing habits to publish anonymous statistics on privacy practices (Test Pilot?) | Research | ` | Sid Stamm | ` |
| P3 | Use concept series to harness designers' talent in finding a good way to represent data sharing patterns to users. | Research | ` | Sid Stamm | ` |
| P3 | Prevent SafeBrowsing from being an accidental vector to track users between physical locations. The SafeBrowsing cookie is isolated to network location: a user has one ID at home, another at work, another at a coffee shop &c. | Concept | ` | Sid Stamm | ` |
