Privacy/Roadmap/2012

From MozillaWiki
Jump to: navigation, search

< Product Roadmaps

Privacy100.png Privacy and User Control 2012 Roadmap
Owner: Sid Stamm Updated: 2012-08-8
The vision behind Mozilla's 2012 privacy roadmap is focused on users : calling for increased anonymity on the web, starting with sensible privacy defaults, giving users the ability to make informed choices about disclosing their information, facilitating web transparency so users understand how their data is being collected and used, and allowing for flexibility while maintaining sensible baselines for those who are not concerned with privacy.
Draft-template-image.png THIS PAGE IS A WORKING DRAFT Pencil-emoji U270F-gray.png
The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly.
If you have any questions or ideas, please add them as a new topic on the discussion page.

Operating Principles:

Mozilla uses a set of privacy operating principles as guidelines as we work to grow the Web. Those principles that specifically relate to privacy in Firefox are:

Transparency / No Surprises 
Only use and share information about our users for their benefit and as disclosed in our notices.
Real Choice 
Give our users actionable and informed choices by informing and educating at the point of collection and providing a choice to opt-out whenever possible.
Sensible Defaults 
Establish default settings in our products and services that balance safety and user experience as appropriate for the context of the transaction.
Limited Data 
Collect and retain the least amount of information necessary for the feature or task. Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users, or developers

Outcomes:

Here are the desired major outcomes that are realized by completion of multiple features. Some features may potentially advance multiple outcomes, but are only identified here under the most relevant one.

Contextual Identity

People don't have a single identity in the real world or online. Instead they behave differently depending on the context. This is one of the reasons people use Private Browsing mode in Firefox, but it's not a perfect feature for that use case. It should be easy for users to easily switch contexts into a guest mode, borrow a browser, focus on semi-private information, bank securely, or act in one of the many other contexts they want to use throughout their life.

This outcome can be realized when users have an ability to quickly switch between contexts online and port their contexts to other use spots (such as other copies of Firefox) on the web.

Lucas Adamski's blog post

Pr Feature Stage Release target Product manager Feature manager
P1 Cookie tagging Development ` Sid Stamm `
P1 Multiple Cookie Jars Draft ` Sid Stamm Sid Stamm
P2 Improve Site identity button to show more about how you've interacted with a site in the past Draft ` Sid Stamm `
P2 Require master password when using Sync to protect locally stored passwords Draft ` Sid Stamm `
P2 Improve the UX on master password so that it is comfortable to be used by default Draft ` Sid Stamm `
P2 Per-window Private Browsing Landed Firefox 20 Sid Stamm Josh Matthews
P3 Geolocation: Let the user pick where they are or lie using a map or other UI Draft ` Sid Stamm `
P3 Plugin awareness of users privacy prefs Draft ` Sid Stamm `

Tracking Control

Users must have control over their data, including greater transparency in data sharing practices, and in general bringing consumers in touch with how their data is shared, brokered and used throughout the web. A user should be able to assert the following claims:

  1. I know what tracking is
  2. I know who is tracking me
  3. I can tell them to stop tracking me
  4. I can discern if they listened to my request to stop
  5. I can stop sites from tracking me if they don't listen

This outcome can be realized when users can confirm each of the five abilities.

Pr Feature Stage Release target Product manager Feature manager
P1 Shortened HTTP Referer header Development ` Sid Stamm Sid Stamm
P1 Opt-back-in-from-DNT capability Draft ` Sid Stamm `
P1 Per-Site Third-Party Cookie Setting Landed Firefox 18 ` Monica Chew
P1 Tracking Map On hold TBD - Not dependent on train schedule Sid Stamm Sid Stamm
P2 "Tracking alert" to inform users when an entity is tracking them across sites Draft ` Sid Stamm `
P3 In-flight as-it-happens control of disclosure Definition ` Sid Stamm `
P3 Find a way to visualize and present to users the way a site interacts with other entities Draft ` Sid Stamm `
Unpri investigate implementing ping attribute for explicit tracking for honest organizations who want to track when users consent. Concept ` Sid Stamm `

Not Yet Awesome Enough

Features or themes that are not easily executed because they need lots of design work, research, or need to be fully understood -- those fall into this category. These are good ideas, just not ready to be pushed out the door quite yet.

Cookie work (make cookies easier to control):

Pr Feature Stage Release target Product manager Feature manager
P2 Create API so sites can request third-party cookies Draft ` Sid Stamm `
P3 Explore disabling third-party cookie sending by default Concept ` Sid Stamm `

And uncategorized features too.

Pr Feature Stage Release target Product manager Feature manager
P2 Improve the geolocation UX so it's better connected to the user Definition ` Sid Stamm `
P2 Improve transparency of authentication state so users know when they're sending credentials to sites (and which ones) Draft ` Sid Stamm `
P2 Deploy an API for sites to trigger second-factor authentication Draft ` Sid Stamm `
P2 Incorporate fingerprint-minimizing features into private browsing Draft ` Sid Stamm `
P2 Make DNT documentation and pref accessible from first-run page Draft ` Sid Stamm `
P2 Create unified API for sites to request additional potentially privacy-sensitive features Draft ` Sid Stamm `
P3 Use privacy icons or similar to show what privacy policy add-ons have Definition ` Sid Stamm `
P3 mozCipherAddressbookAPI Planning ` Chris Blizzard Dietrich Ayala
P3 Explore randomizing non-essential HTTP request data that can be used for fingerprinting Concept ` Sid Stamm `
P3 Investigate simplifying Private Browsing Mode into profile switching. Concept ` Sid Stamm `
P3 Explore potentially using a journaled profile service so all modifications to a profile can be rolled back when user exits private mode Concept ` Sid Stamm `
P3 Explore turning off more fingerprinting entropy sources not started ` Sid Stamm `
P3 Leverage information we have about sites' data sharing habits to publish anonymous statistics on privacy practices (Test Pilot?) Research ` Sid Stamm `
P3 Use concept series to harness designers' talent in finding a good way to represent data sharing patterns to users. Research ` Sid Stamm `
P3 Prevent SafeBrowsing from being an accidental vector to track users between physical locations. The SafeBrowsing cookie is isolated to network location: a user has one ID at home, another at work, another at a coffee shop &c. Concept ` Sid Stamm `