Firefox3.1/themes/privacy
Contents
Introduction
The purpose of private browsing is to put Firefox into a temporary state where no information about the user's browsing session is stored locally. Firefox currently handles the user's privacy with a feature in preferences to clear all private data. This feature forces the user to choose between having privacy (even if only momentary), and other useful features like browsing history, and saved passwords. Users should be able to go "off the record", they shouldn't have to shoot the reporter.
If we later improve the functionality of history to include full text indexing, and possibly capturing thumbnails of sites visited, the need to respect user's privacy only increases.
Use Cases
Many people believe that the primary use case for private browsing mode is viewing pornography. While viewing pornography may be a popular use case due to the nature of content on the Web, assuming that this is the only reason that users need private browsing trivializes the overall feature. For instance, users may wish to begin a private browsing session to research a medical condition, or plan a surprise vacation or birthday party for a loved one. Use cases will range from users cheating on their spouse, to users buying engagement rings. Given the breadth of our user base, specific use cases are likely to be extremely varied.
User's Goals
The design of private browsing mode is based on the premise that our users have the following goals:
1) The ability to view sensitive information without worry of their browser later exposing that they viewed that information to other people
2) The ability to easily clear Firefox's recent history after viewing sensitive information in the case that the user forgot to enter private browsing mode to begin with
3) The ability to completely reset Firefox, removing every single trace of personal information (for instance when returning a work computer).
Additionally we may want to try to address the following user goal in the future when we begin to integrate in Weave functionality:
4) The ability to place the browser in a "Guest Mode" where (like private browsing mode) no personal information is stored during the course of the browsing session, but additionally no information about the user's previous browsing habits is accessible to the guest user. This would potentially involve a major profile manager redesign, and it out of scope for 3.1.
Visual / Emotional Design
One of the most intensely negative emotional reactions users can have towards their Web browser is when it embarrasses them in front of others. Conversely, I believe private browsing mode will potentially elicit a very positive emotional response from our users. I believe we should direct the visual design of private browsing mode to leverage the following thoughts and feelings:
- Uninhibited
- Free
- Stealthy
- Secret
- Someone just gave you an invisibility cloak
- Sneaky
- Fun
To evoke this range of concepts in the user's mind, I suggest we leverage the following design elements:
Visual Metaphor / Icon: masquerade mask
- Covering one's face is a direct and universal metaphor for concealing identity
- Connotation of fun, even if you have never seen this type of mask before
- Classy (literally, masquerade balls were held for members of the upper class)
This icon appears on private browsing contextual dialogs, and replaces the door hanger on a revamped privacy prefpane in the Options dialog. The icon could also serve as a visual symbol of all of our privacy features in reviewers guides, or on mozilla.com
Color Black
- Universal metaphor for night, or being visually concealed
Transparency
- Provides a sense of being invisible
Interface Design
Goal
The ability to view sensitive information without worry of their browser later exposing that they viewed that information to other people
Interface
1) The user goes to Tools > Begin Private Browsing. This immediately effects all windows, and the user's current session persists into and out of private browsing mode.
2) The browser window changes to indicate that the user has entered private browsing mode:
Goal
The ability to easily clear Firefox's recent history after viewing sensitive information in the case that the user forgot to enter private browsing mode to begin with
Interface
The user goes to Tools > Delete Recent History
A mockup of the interface will be posted tomorrow.
Goal
The ability to completely reset Firefox, removing every single trace of personal information (for instance when returning a work computer).
Interface
The user goes to Tools > Reset Firefox
This is the same interface that we currently provide with the menu command "Clear Private Data." The dialog should be expand to include other forms of personal information, like bookmarks. This interface is intentionally renamed to encourage users to try selectively deleting recent history or entering private browsing mode, instead of regularly obliterating all personal information.