All posts in Features

Firefox’s Redesigned Preferences Feel More like the Web

By On May 20, 2014 In Customization, Design, Features, Firefox, Mozilla, Preferences, usability, User Experience With 41 Comments Permanent Link to Firefox’s Redesigned Preferences Feel More like the WebPermalink

Another great Firefox improvement is releasing soon!

Firefox’s Preferences, until now, have required navigation through a cumbersome floating window where it’s nearly impossible to find what you’re looking for. This window is a classic example of a common software problem: settings are slowly added onto the interface as new functionality is introduced, and eventually it sags under the weight.

The mess that is current Firefox Preferences

The mess that is current Firefox Preferences

Until now, that is!

The Firefox UX team is excited to announce that brand new, beautiful Preferences are now the default in Firefox nightlies and will soon be in release Firefox. In this redesign, the interface is visually consistent, the information architecture is improved, and the whole thing is rendered in content space rather than as a separate window.

Firefox’s new in-content preferences

Why is it important that Preferences are in the content space rather than a separate window?

  1. Consistency across devices. By using the content space, we no longer have to rely on the ability of a device to draw separate windows and dialogs. This is particularly important on tablets and phones, where window management is more difficult. Now, users of mobile Firefox will see a familiar interface when move to desktop Firefox, and vice versa.
  2. Consistency across operating systems. Windows, OSX, and Linux all create windows and dialogs differently, which means the user’s experience with Preferences was different depending on the OS. Now, as we draw this interface within Firefox, we can make it look and feel identical across systems.
  3. Consistency with the web. Ultimately, the browser is a doorway to the rest of the web. For the browser to behave like a dialog-heavy desktop application rather than the web itself was jarringly anachronistic. Beneficially, rendering like a website also means users won’t need to find and manage a separate window in addition to their open tabs.
  4. Space to grow. Not being bounded by a small, floating window means we can create richer customization experiences. The Add-ons manager has already  moved to content space, and we’ve been able to explore richer use cases as a result. Similarly, expect to see innovative customization experiments as well as the usual Firefox settings.

And before you ask, yes, the next step is absolutely a search field in Preferences to summon the exact setting you’re looking for. This is needed particularly so users won’t have to “learn” our interface, but can instead focus on their task.

A special thank you goes to Senior Visual Designer Michael Maslaney, who’s been spearheading Project Chameleon, the style guide behind this redesign. Another thank you goes to MSU students Owen Carpenter, Joe Chan, Jon Rietveld, and Devan Sayles for creating the award-winning first version of Firefox’s in-content Preferences in May 2012.

Enabling Real-Time Communication on the Web Platform

By On October 19, 2011 In Features, Firefox, Mozilla, Next Version, uxurblog, WebRTC With 12 Comments Permanent Link to Enabling Real-Time Communication on the Web PlatformPermalink

Mozilla’s manifesto describes the internet as an integral part of modern life and a key component in communication. However, communication on the web has far to go before it’s as rich as face-to-face communication. Real-time video communication on the web should be easy, rich, and readily available to developers in a way that proprietary formats can’t be.

That’s why a new project is spinning up at Mozilla called WebRTC (Real-Time Communication). WebRTC will allow developers to use the web platform to include video and audio conferencing as part of their websites and applications, both mobile and on the desktop. In its first phase, WebRTC will make webcam feeds a primary object in the browser, allowing sites to create rich interactions such as video calling and conferencing. In later phases, WebRTC will allow interactions like co-browsing, in which users can share their screen with a friend.

Privacy and Security

Privacy and security are major concern in enabling open video communication on the web. A face and voice are two of the most identifiable kinds of shareable data, and keeping users in absolute control of who has access to them is vital. As the IETF states in its WebRTC draft document, the ability for users to control access to their webcam, be able to cancel communication at any time, and not be eavesdropped upon are essential.

Some of the challenges we’ll face are in giving users the most accurate information possible about the site and caller who are requesting access to their webcam. Most requests for webcam access will simply be from a trusted site itself, but a malicious site could potentially try to gain access by embedding its call request within a trusted site. In this paper, Eric Rescorla outlines how potential “ad-hoc” calling attacks could come from ads in iFrames embedded within trusted sites.  Many other potential attacks need to be dealt with.  For instance, because WebRTC would be controlled by a web server rather than conventional real-time systems, web browsers might expose JavaScript APIs which allow a server to place a call. If access to such an API were unrestricted, sites could “bug” a user’s computer and capture video camera activity (Rescorla).

Even a trusted site could be compromised, both during a call or after. And, since the sites themselves would control and display the UI of the call itself, Firefox needs to give the user both constant indication that they are in a call and the ability to disconnect at any time.

User Interface

However, guarding against threats only goes so far towards keeping users in control of their webcam communication. Clear messaging, useful tools, and sensible defaults need to be in place for video conferencing to safely take root in the browser.

The first phase of enabling WebRTC will allow the most basic use case: giving a site access to a user’s webcam and microphone. The browser already serves as a mediator for other user data, such as location and access to cookies. Firefox usually asks for permissions using a door hanger notification. Door hangers stem from the URL bar to show the site is asking for a permission, and it extends past the content area to show that Firefox is the mediator of the permission request. Using a door hanger notification for WebRTC is both consistent within Firefox and correctly conveys visually that the site has requested access, and Firefox is asking the user for that permission.

Usually, these door hangers simply ask the user for a permission, and in a click the user can give it. However, webcam access requires a secondary stage: showing a preview of the webcam feed. This approach has three benefits:

  1. It gives users the ability to make sure their webcam and microphone work correctly
  2. If users had casually or accidentally accepted the webcam permission, nothing makes people more aware of what they’re about to transmit like showing them their own grubby mug
  3. It gives users the ability to fix their hair/put on a shirt/remove incriminating items from background before beginning call

In some ways, it’s unfortunate to ask users to pass through two dialogs to give webcam feed rather than one. After all, in most cases the site itself will be providing all necessary UI, and perhaps even a video preview before a call is initiated. So, this could all be redundant in many cases.  However, we cannot predict what purpose a site may be requesting webcam feed for, nor what UI will be in place for the user on that page. Even with all our efforts against security threats, any request for webcam access must be treated as potentially malicious.

Once a user has given a site access to their webcam and is likely engaging in face-to-face communication, that interaction should be given a heightened level of priority within the browser. For a user to lose that tab or forget they are broadcasting could range from mildly embarrassing to, well, use your imagination. If a user is actively sharing their webcam feed, they should be able to jump to the tab where data’s being shared or simply cut their webcam feed from anywhere within Firefox. This will require at the very least a toolbar-level Firefox control that appears once a user’s actively sharing.

Designing and implementing a new API is always a complex process.  If you’re interested in reading more or contributing to this project, here are some resources:

Research Spinning Up on New Tab Page

By On June 15, 2011 In Customization, Features, Firefox, Mozilla, Next Version, Research, usability, User Experience With 19 Comments Permanent Link to Research Spinning Up on New Tab PagePermalink

Whenever you open a new tab in Firefox, your goal is to navigate somewhere.  To aid your navigation, on this new tab Firefox currently offers you… nothing.  Just a blank page.  100% white, and 100% not useful.

Firefox has been displaying this blank page when users open a new tab for as long as there’s been a new tab.  And, partially, it’s deliberate.  After all, a blank page is guaranteed not to distract you from your current task.  It’s just clean and white, like a canvas, offering no suggestions for the next move and no distractions from it.  Alex Faaborg explains very well in his recent blog post the concerns we have with distracting users and the ways that data overload on a new tab page can be harmful.

This isn’t the case when you open a new tab in other browsers.  Opera was the first to offer a “Speed Dial” with giant thumbnails linking users to their most frequented sites.  Safari’s giant wall-o-televisions offers much the same.  Chrome has played around with different designs, first trying a speed dial like Opera’s and later integrating other content, such as apps.  Internet Explorer, the most unusual of the designs, offers you some options: reopen closed tabs and sessions, start private browsing, or use an “Accelerator,” which usually means do “something with Bing.”

What happens when you open a new tab in different browsers

So, which approach is best for our users?  Would presenting large thumbnail targets to direct people to sites they frequently visit save them time?  Could we present information to make it easier for users to navigate to their next destination?  Can we do so without being distracting and leading users away from the task they had in mind?

We realized that we couldn’t answer these questions without finding out more about our users.  So, a few people at Mozilla are heading up studies to find out how people use tabs and how different designs of new tab page effect how they browse and user the web.

Here’s what’s going down:

1. Quantitative study through Test Pilot on what users do after opening a new tab

Intern Lilian Weng is currently working on a quantitative study within Test Pilot to capture data on what users do after they open a new tab.  This should answer questions surrounding user intention when opening a new tab, and possibly how long users take to perform actions after opening a new tab.

2. A/B test of a new tab page vs. blank new tab

Interns Diyang Tang and Lilian Weng are preparing to do an A/B test using Test Pilot to determine how user behavior differs when presented with a new tab page vs. none.  They are attempting to answer questions such as:

– Does a new tab page slow users down (e.g., by distracting them), or speed them up (e.g., help them find the target site faster)?
– Does a new tab page discourage breadth in visited sites?
– How do users navigate to a website after they open a new tab in each scenario? (location bar, search bar, top sites, bookmarks, history, etc.)
– Are there users who are more mouse-based and some who are more keyboard-based? How does a new tab page affect them?

3. Cafe testing for current Firefox

Diane Loviglio and myself are preparing more qualitative “cafe” tests to gain insight into how people use tabs currently.  We’d like to know why and when users open new tabs in a more contextual perspective than Test Pilot data provides.  Our goal is to find a wide enough range of users that the most common new tab behaviors can be grouped and discussed in a more tractable framework.

4. Testing multiple new tab page designs

Once the research from tests 1-3 is available, variations on new tab pages will be implemented and tried out with real users.  There are multiple testing methods that could be useful here, such as a multivariate testing or even journaling to gain insight into how new tab pages effect behavior of a user over time.

5. Creating a contextual speel dial implementation

Not quite a research project, but intern Abhinav Sharma is designing and implementing an experimental new tab page which uses contextual information about a user’s current browsing session to offer suggestions.  His page makes intelligent recommendations about where you’re likely to go next based on where you’ve been.  The project’s still in alpha, but you can see the code he’s done already for a basic speed dial implementation on his github.

You’ll notice that a lot of this work is being done by our awesome new Summer 2011 interns!  It’s only early June and they’re already rocking hard.

I’ll post what we learn from these studies as results come in.  I predict we’ll gain some insight into user behavior that will inform not only Firefox’s new tab design, but many other features besides!

Simplifying and Polishing the Add-ons Manager’s List View

By On January 26, 2011 In Addons, Features, Firefox, Manager, Mozilla, Next Version, Performance, User Experience With 12 Comments Permanent Link to Simplifying and Polishing the Add-ons Manager’s List ViewPermalink

As we approach the release of Firefox 4, the last few polish and stylistic changes are happening in the add-ons manager.  Some are simply graphic cleanup, while others are the result of beta testing the new manager for the past several months.

I wanted to highlight one change in particular that you’ll be seeing in the Firefox nightlies soon.  The date an add-on was last updated, rather than being displayed in list view, will now only appear in the detailed view of an add-on.  This also means that installed add-ons can no longer be sorted by last updated date.

Old vs New Add-ons Manager: Removal of Sorting Bar and Last Updated Date

For some users, this change is substantive and will feel disruptive.  So, I wanted to give the rationale behind this design decision.

1. Providing a simplified overview

The intended purpose of the add-on manager’s list view is to give a brief overview of the users’ add-ons and to provide only the minimal, most used information and functionality.  This minimal information is the name of an add-on, its icon, and a short description.  The minimal functionality is the ability to disable and remove an add-on.  Even the author name we’ve removed to provide the simplest, most visually scannable design.  By removing the last updated date, we not only visually clean an add-on’s list entry, but also eliminate the need for a sorting bar at the top of list view.  This gives back both whitespace and a cleaner appearance at the top of the list.

2. Updated date does not provide important functionality for most users

For most users, the last updated date does not give information meaningful enough to justify its placement in list view.  It allows users to see which add-ons have been updated automatically most recently, but does not give any details about the updates nor provide tools to interpret the information.

Some advanced users use the last updated date as a diagnostic tool to identify which add-on updates may be causing a recent problem in Firefox.  However, the date makes a very poor diagnostic tool. One reason is that the date does not give any information about the size nor scope of the update, and thus can only be used for diagnosis by disabling one add-on at a time to isolate a problem.  In many cases, a problem in Firefox caused by an add-on are instantly identifiable as being caused by a particular add-on.  Even in the rare case where a problem suddenly appears in Firefox, the chances of it being from an add-on update are not large.  A problem could be caused by any number of online events, which is why Firefox provides tools such as the Error Console and about:crashes to help diagnose them.  And, even if we were to give fuller information about updates in the add-ons manager and make it into a better diagnostic tool, why should this tool be so far removed from other diagnostic tools?  How could a new user figure out that, to access diagnostic tools related to add-ons, they should go to the add-ons manager rather than a more comprehensive diagnostic tool?  It would be wildly inefficient to apply this elsewhere in Firefox by placing diagnostic tools only on the interface elements they relate to.

What we should do is add diagnostic tools about add-ons to comprehensive tools such as about:support.  Then, we could  provide expert users the information they want in a better format while keeping one-off diagnosis away from list view in the add-ons manager.

3. The goal of removing updating entirely for most users

The intended purpose of automatic updates is to remove updating from the list of items the user has to care about and remember.  By exposing the updated date in list view, Firefox insinuates both that the updated date is very important that this is a process the user should manage.

Actually, the actual reason sorting and the last updated date were initially proposed in the add-ons manager design was to give users the ability to sort their add-ons by performance, not updated date.  Sorting by performance would allow users to find out how their add-ons effect Firefox on metrics such as startup time and memory.  However, the ability to rank an add-on’s performance is going to be a part of FIrefox after the 4.0 release, making the remaining sorting categories (alphabetic and updated date) much less useful.

By the way, Firefox 4 beta 10 is out, so please try it out and tell us what you think!

What’s New in Firefox’s Add-ons Manager

By On December 5, 2010 In Add-ons, Features, Firefox, Firefox 4.0, Mozilla, Next Version, User Experience With 21 Comments Permanent Link to What’s New in Firefox’s Add-ons ManagerPermalink

One of the best reasons to use Firefox is with thousands of add-ons available to customize it, you can turn it into exactly the browser you want. To make it easier for you to find and use add-ons, members of the Firefox team and community have been working to redesign the add-ons manager for Firefox 4.0. The new add-ons manager will be easier to use, sleeker, and faster than ever before.

Here are a few highlights of the new design:

Add-ons update automatically

No more warnings when your add-ons are out of date; Firefox will now update them automatically. This should happen without you even noticing, keeping add-ons safe and fast while eliminating the hassle of updating.

Make changes to add-ons without restarting

Restarting your browser is a pain. Developers can now build their add-ons for Firefox 4 such that no restart is required; add-ons built using the Add-on SDK get this for free. Restartless add-ons can be installed, modified, and removed without a single restart needed! More and more restartless add-ons are being created and made available on addons.mozilla.org every day.

Add-on manager in a tab, not a window

 


Instead of managing your add-ons in a small, separate window, the add-ons manager now loads in a tab. This means it won’t be so small and easily lost among other windows, and you can interact with it identically to other tabs, including resizing and moving.

New Get Add-ons pane

Justin Scott has been leading a project to create a new section in the add-ons manager we call the Get Add-ons pane. In the old add-ons manager, we displayed five featured add-ons that could be installed. This was done to show you some examples of add-ons – much like buying a picture frame with a stock photo already inside. Justin’s done a thorough revamp of Get Add-ons, building a page which introduces you to the concept of add-ons, highlights particular add-ons that are editorially selected, and helps you explore and discover other add-ons that match your interests. Justin’s currently working on a new feature for this pane which makes personal recommendations of add-ons you might enjoy based on which add-ons you already have installed.

Quickly find any add-on

If you want to make a change to an add-on but don’t know which category it’s in, you can now simply search for it in the new global search box. The add-ons manager can quickly locate an installed add-on or find you some matching add-ons that are available to install.

If you’re using Firefox’s nightly builds, you can already see many of the above changes in action. Blair McBride has recently put a lot of work into the new theme change, so now we’re working on the final few bugs and polish. If you’ve already used the new add-on manager, please share your thoughts by commenting or leaving a message on Firefox 4.0’s feedback page!

Add-ons Manager UI Update

By On August 29, 2010 In Add-ons, Features, Firefox, Next Version, osx, usability, User Experience, windows 7 With 29 Comments Permanent Link to Add-ons Manager UI UpdatePermalink

I’ve posted quite a few mockups on this blog of Firefox’s redesigned add-ons manager’s features and interactions. What I haven’t shown are screenshots of how the manager will actually look in Firefox 4.0. The following are designs, based on Stephen Horlander’s work on the new Firefox theme, of the add-ons manager in OSX and Windows 7.  The icons are still placeholders, but the rest of the design is pretty near finalized.

In the image below, you’ll see three windows for each operating system.  The first row shows list view, where a short summary of each add-on and its description are shown.  Buttons allow the user to disable an add-on or launch its preferences.  Clicking “More” takes the user to detail view.

The second row shows detail view, where the user sees more information about a single add-on.  The full description is displayed as well as a contribution box if the add-on’s author chooses.

Finally, appearance view shows installed themes and backgrounds (previously personas).  Since these add-ons are primarily visual, the interface gives a large preview of each item and does not display a description.

Dave Townsend and Blair McBride have been working hard on implementing these visual changes as well as the slew of under-the-hood improvements that are making the add-ons manager faster and more stable.  To see how it’s coming along, try running a nightly build in your operating system of choice.  Hope you like it!

Removing Firefox’s Status Bar and Rehousing Add-on Icons (Part 3 of 2) (wut)

By On June 16, 2010 In Add-ons, Features, Firefox, Next Version, User Experience With Comments Off on Removing Firefox’s Status Bar and Rehousing Add-on Icons (Part 3 of 2) (wut) Permanent Link to Removing Firefox’s Status Bar and Rehousing Add-on Icons (Part 3 of 2) (wut)Permalink

It’s World Cup month! Let’s start it out right. With another post about removing the status bar.

I know I implied in my last post that you’d be free of this topic forever, but something was bothering me. A piece of the puzzle was missing. I talked it over with my skilled user experience cohorts last week. Whiteboards were involved. I think the kinks were worked out.

The problem with putting add-on icons in the bookmark bar by default is that Firefox’s interface could become easily overcrowded if add-ons add more than just a 16 by 16 pixel icon. If an add-on creates a long horizontal widget, for instance, the whole bookmark bar could taken up after its installation.

Also, many add-ons have come to rely on bottom-anchored functionality – partially because of the location of the status bar. Firebug, for instance, uses a status bar button because its interface is anchored to the status bar.

My first post on this topic noted that users should be able to easily move their add-on icons and widgets wherever they want just by dragging it – to the bookmarks bar, the UI panel, the title bar, wherever. This is still going to be a huge benefit to users who wish to configure their browser. Where add-on icons should be encouraged to install by default is the open question. My proposal is this:

When a user has no add-on installed, there is no status bar.

As soon as the user installs one add-on that wants to use the status bar, a small bar appears in the bottom right of the Firefox window. It’s only long enough to accommodate the add-on icons and widgets the user currently has installed.

If the user hovers over the status bar, a small arrow appears on its left.  If the user clicks this arrow, the status bar shrinks into a small button in the bottom of the window.  This button gives a faint glow as the status bar animates into it.  If clicked, this button will bring the status bar into visibility again.  The button is only visible if the user mouses near it, minimizing visual clutter.

The benefit of this design is that only the smallest possible status bar is shown, and if the user prefers it can be entirely dismissed. The panels for rich interaction would still be added to the API, as well as a way for add-ons to identify themselves as acting on the current page content (perhaps via a subtle “glow” effect).

I think this design addresses the multiple goals for add-ons in the ui: minimal disruption to current add-on functionality, minimal visual clutter, and trivial configuration if the user wishes to modify the default behavior.

Removing Firefox’s Status Bar and Rehousing Add-on Icons (Part 2 of 2)

By On June 7, 2010 In Add-ons, Features, Firefox, Next Version, User Experience With Comments Off on Removing Firefox’s Status Bar and Rehousing Add-on Icons (Part 2 of 2) Permanent Link to Removing Firefox’s Status Bar and Rehousing Add-on Icons (Part 2 of 2)Permalink

Recently, I wrote about Firefox’s status bar and how we’d love to remove it, relocate its functionality, and dedicate that area back to page content. Though many add-ons currently place icons in the status bar, these icons could be displayed elsewhere in Firefox’s user interface. By treating add-ons as UI elements that users can move within Firefox’s UI, the bottom of the browser window could be dedicated to content while the functionality of add-ons preserved.

I proposed that by default, add-on icons display in the bookmark bar of the Firefox window.

But, if the user wishes, he can move the add-on icons to other areas. Firefox can subtly change the appearance of an add-on icon to visually match where it is placed.

Several commenters on my previous post noted that they preferred add-ons in the bottom right of the window, both because of particular add-on functionality and familiarity. Indeed, it should certainly be an option to reenable the status bar, and one way to do this should be to drag an add-on icon to the bottom of the window in customize mode.

The cases that would be especially suited to enabling the status bar are add-ons that require long, horizontal space in the main UI. Especially newer add-ons built by Jetpacks are increasingly using this horizontal space in creative ways. If users want this kind of functionality, giving up a significant portion of the bookmark bar should not be the only way to achieve it.

While this horizontal layout that some add-on developers choose is useful for many kinds of information display, it takes up a lot of space in Firefox’s interface and may not always be necessary. Providing API support for rich content panels that launch off of add-on icons could allow add-ons to provide rich interactive content, accessible with a click, that takes up little UI.  This is a win for developers because it would enable them to easily add rich content to their add-ons.  It’s also a win for users, because accessing rich add-on content won’t always mean sacrificing interface space.  Some possible uses for such panels include:

Firefox engineer Dietrich Ayala and Labs engineer Myk Melez are already at work to add an API to Jetpack that will allow these panels to launch from add-ons.

Defeating the Cookie Monster: How Firefox can Improve Online Privacy

By On June 2, 2010 In advertising, Features, Firefox, Next Version, Privacy, Security, User Experience With Comments Off on Defeating the Cookie Monster: How Firefox can Improve Online Privacy Permanent Link to Defeating the Cookie Monster: How Firefox can Improve Online PrivacyPermalink

As we choose priorities for the next version of Firefox’s features and development, the Firefox team has been considering the state of the web and looking for areas where online content has changed faster than browser functionality. One area of concern is the growing use of private user data, especially by advertisers. User data being silently and persistently passed between sites and advertisers is disturbing for those with an interest in user choice and transparency on the web.

Privacy vs. Security

Privacy and security are related but distinct topics. Security refers to the prevention of material harm to the user. Avoiding theft, fraud, and data loss are all security issues. Browsers have been working to improve security for decades, prompted by increasingly sophisticated viruses, malware, and other exploits.
Privacy is a broader topic than security. It refers to users’ control over what they reveal about themselves online, whether or not what they reveal might lead to material harm. All internet users reveal some information about themselves to some sites, but the user has privacy if his discretion determines what information is shared with whom.

Firefox has Local Privacy but Needs Network Privacy

The Firefox team has already done some great work on local privacy with improvements such as Private Browsing mode, Clear Recent History, and Forget about this Site. These features give users better control over when their data is exposed and hidden on their own computer. However, wider privacy issues surface when data is shared over a network.

One major problem of the modern web is the ability for private user data to be collected by advertising companies via third-party cookies.

If sites provide rich interaction, they usually require user data. The problem occurs when users willingly share data with a site they trust, but unknowingly their data is shared with other sites and companies via third-party cookies. This is common practice and a growing revenue model online. It first received national attention in November of 1999, when the Federal Trade Commission held a workshop on online profiling and reported that it presented a privacy concern to consumers. The practice has grown since then, despite some failed attempts at regulation by the US’s Federal Trade Commission, the Interactive Advertising Bureau, and Britain’s Office of Fair Trading.

Any website you visit can contain ads and other components that send cookies from your browsing session on the domain you trust to an advertising domain. These third-party cookies can be used to track information about users across multiple sites and multiple browsing sessions, allowing web habits to be profiled and tracked. This data can tell companies limitless kinds of information, such as what purchases you make, what news you read, your income, if you’ve applied for work, and what dating sites you prefer. One manifestation of this data sharing is seeing to ads targeting users based on data and actions from other sites.

The ability for advertisers to gain and use this data violates user privacy for several reasons:

  • It’s nearly impossible to detect. Much of the data-sharing happens in the background during a browsing session without asking or notifying the user. Users usually only discover what has happened when they are seeing targeted ads (long after the data has been transferred).
  • It occurs without user consent. Of the sites that are even aware of third-party cookie sharing, few give users control over how their data is shared with advertisers. Sites that do offer preferences sometimes phrase them in ways that disguise their purpose, such as “do you want relevant content to be shown based on your usage” rather than “do you want ads to be shown based on your personal data.”
  • It contradicts the user’s reasonable expectation of privacy. Some sites that knowingly share data present a false image of being responsible with user data. They may show the user preferences that imply control, assure users that their data is “safe,” or offer to let users read a lengthy privacy policy in order to hide their actual practices. Of course there’s a very special hell set aside for sites that change privacy settings to be more permissive once users have already signed up and entrusted their data.
  • It’s nearly impossible to prevent. Even a user who is privacy conscious and reads all privacy policies, keeps his privacy settings up to date, and avoids sites that don’t guarantee privacy isn’t necessarily safe. Any site he’s given data to could potentially use it without asking, and third-party cookies could be sent via ads and web bugs without the knowledge of the site’s owners. Heck, any site could be scraping identifiable information from his digital fingerprint.
  • It potentially embarrasses the user. Data sharing via third-party cookies takes information given by the user at some point in time and exposes it at another time. While the user may be discrete about where he is viewing certain content and even use Private Browsing Mode for items to not appear in history, advertisers using third-party cookies can expose user actions at times out of the user’s control.

So what can Firefox do to improve its story on privacy?

1. Provide intelligent defaults for third-party cookie behavior

Simply disabling third-party cookies isn’t the solution. Third-party cookies are necessary for legitimate web functionality such as embedded content, session management, mashups, etc. Most bank websites depend on third-party cookies for functions such as bill paying. The goal should not be to outright disable third-party cookies, but to be more intelligent about what behavior is allowed.

The http-state working group is currently working to produce a specification in multiple documents to lay out how clients should behave with regard to cookies (see current drafts here). Dan Witte, the cookie module owner at Mozilla, has been in communication with them and is doing his own work to develop a modern cookie standard. The goal is to create a guideline that Mozilla can follow that aligns with our Manifesto to protect user choice on the web. Dan’s already working on one way Firefox could address the problem by enabling third-party cookies, but only temporarily. His idea is to keep third-party cookies active only for the life of one tab. When the tab is closed, the cookies are deleted – advertisers could not track users from site to site. Dan will be blogging about this later with more details on his work.

2. Give users better control over how sites can access their information in Preferences

Currently, Firefox gives users precise, fine-grained control over the many ways that sites can access user data. All the user needs to do is change their on each Preference panel that effects site privileges:

As can be seen above, the current Firefox interface gives each site privilege type – saving passwords, cookies, etc – its own separate preference window. This design is framed around the implementation model rather than the user’s mental model, meaning it’s designed in a way that corresponds with how it was built rather than how users perceive the action they want to take. Having an individual window for each permission makes sense from an implementation standpoint, because each site privilege is separate in code. From the user’s perspective, however, it’s impossible to tell what privileges a particular site has. A better design would present controls in a site-centric rather than technology-centric view. If a user decides that he doesn’t trust site X and doesn’t want it to have any access, it would be more efficient to control all of site X’s access in one – not 15 – Preference windows. Alex Faaborg made this mockup to illustrate how a site-centric UI could be achieved:

While all of Firefox’s Preferences need to be improved, including site-centric privacy controls like Alex’s above for Firefox 4.0 would go a long way towards putting users back in control of their data.

3. Give users better control of their data while they are browsing

While a site-specific Preference panel will help users have better fine-grained control of their privacy when they’re configuring Firefox, there’s some options and information that can be exposed while the user is browsing. If a site has access to geolocation, for instance, this should be constantly indicated in Firefox’s interface. If a site is storing a password, this should be easy to change or remove without opening Preferences. Firefox’s Site Identity Button, which currently gives very little information about a site, could be improved to give information about a site’s privileges and the ability to change them.

It’s our goal for Firefox 4.0 to give users more control of their data, both by literally giving them controls and, more importantly, creating intelligent defaults that protect a user’s privacy and anonymity without breaking web functionality. It’s my hope that even simply exposing what access sites have to data will be positive for the web by eroding the sense of false security that many sites try to create for their users and creating awareness of and control over how, where, and when data is being shared.

← Older Entries