This page will serve to brainstorm potential directions to take our products with respect to privacy and user control. It's not a definitive source for anything and mostly just a place to lay out our wants and hopes.

See also: Firefox/Roadmap/Privacy & User Control

Product Roadmap Brainstorm - Goal

Ultimately the goal of this brainstorm is to put a whole lot of information in one place in order to draw out the themes and goals (sub-theme bullets) for our product growth. Once the themes are identified, we can decide when to target each and include its specific sub-goals on our product roadmap.

• Transparency / No Surprises
• User-Informed Choice
• Sensible Defaults
• Minimal Disclosure

Underlying Goals:

• Provide Increased Anonymity -- users who don't want to be fingerprinted should still be allowed to surf the web with reasonable expectations of pseudo-anonymity.
• Start with Sensible Defaults -- where possible, default to non disclosure of information
• Provide User-Informed Choice -- provide users contextually helpful, timely, and understandable choices when disclosing information
• Facilitate Web Transparency -- help sites and service providers be transparent with their data collection and use practices
• Allow but don't require Flexibility -- provide users flexibility to customize their defaults, but maintain sensible baselines for those less invested in privacy

Themes:

Here the concrete goals are segmented into themes. Some goals may potentially fit into multiple themes, but are only identified here under the most relevant one.

Each specific goal relates to either Firefox (product users/web sites) or the ecosystem (standards bodies, other products' users) or both. They are annotated as such.

Improve Private & Pseudoanonymous Browsing

• Per-tab/window private mode
• Incorporate fingerprint-minimizing features into private browsing (Security/Anonymous Browsing).
• Explore randomizing non-essential HTTP request data that can be used for fingerprinting
• Bring private browsing mode's behavior and users' expectations together.
• Explore potentially using a journaled profile service so all modifications to a profile can be rolled back when user exits private mode
• Rebuild and simplify Private Browsing Mode
  • When entering, PB create a new profile
  • When exiting, kill and shred profile.

Secure Network Connections

• Help users understand which bits are unencrypted (e.g., identify form fields that will be transmitted in the clear)
• Identify and deploy a "safe" mixed-content SSL/TLS mode, displaying "secure" UI indicators to users. (e.g., http images + https html is safe)
• Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request, allowing add-ons greater scrutiny of secure connections before they are used.

Deploy Safe and Rational Defaults

• Reduce the amount of information sent with the HTTP Referer header
• Explore turning off more fingerprinting entropy sources

Enable Control of Tracking and Third-Party Sharing

• Disable third-party cookies by default
• Create API so sites can request third-party cookies (may tie into next goal)
• Create unified API for sites to request additional potentially privacy-sensitive features (geolocation, a:ping, local storage, etc)
  • DougT started on this. Initally was going to be part of the desktop notification w3c wg, but was punted out.
• Develop "tracking alert" that informs users when an entity is tracking them across sites.
• investigate implementing ping attribute for explicit tracking for honest organizations who want to track when users consent.
• Changes to Geolocation
  • Disable automated discovery
  • Let the user pick where they are using a map or other UI
  • Map could be assisted by automated discovery

Enhance User Controlled Disclosure

• Plugin awareness of users privacy prefs (e.g., clear history)
• In-flight as-it-happens control of disclosure (versus a preference pane)
• Better site-based data management UI
• Improve the geolocation UX so it's better connected to the user (user knows when geolocation data is being used)

Enrich Add-ons

• Use privacy icons or similar to show what capabilities add-ons have
• Migrate as many add-ons as possible to a capabilities manifest system as proposed for Jetpack (add-ons ask for capabilities and that's all they get to do).

Improve Local Privacy

• Explore requiring master password when using Sync to protect locally stored passwords.
• Improve the UX on master password so that it is comfortable to be used by default. ("Log-In to your Browser")

Improve User Authentication

• Account Manager
• Improve transparency of authentication state so users know when they're sending credentials to sites (and which ones)
• Explore deploying an API for sites to trigger second-factor authentication (e.g., SMS) through the browser.

Research & Understand Data Sharing

• Find a way to visualize and present to users the way a site interacts with other entities (sharing cookies, XHR, etc). This can help them understand data sharing patterns. (beltzner: Privacy Reports)
• Leverage information we have about sites' data sharing habits to publish anonymous statistics on privacy practices (Test Pilot?)
• Use concept series to harness designers' talent in finding a good way to represent data sharing patterns to users.