Standing Agenda

• Q4 Goals Recap
• Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
• Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
• Suggest additions or changes to roadmaps
• Detailed discussion of features or outstanding issues as time permits
• Additional Items
• Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/11-29-12

Q4 Goals

• [ON TRACK] Land CSP 1.0
• [ON TRACK] Deliver integrated Payments and ID for B2G
• [DONE] Host security community event (public brownbag on 11/13)

HSTS Pref

• for discussion : should we have a pref to disable HSTS ?
• https://bugzilla.mozilla.org/show_bug.cgi?id=800882
• a strong argument is made by multiple people for 'no' - users won't understand what they're opting in to and we are concerned that websites etc will publicize it without adequately explaining the consequences

Safari-like cookie blocking

• See Bug 818340 https://bugzilla.mozilla.org/show_bug.cgi?id=818340
• metabug for tracking protection: https://bugzilla.mozilla.org/show_bug.cgi?id=tracking-protection
• Do users want and understand Safari-like cookie blocking? maybe/no
• There are some ideas here - https://wiki.mozilla.org/Privacy/Features/Per-Site_Third-Party_Cookie_Setting/Brainstorm_UX

2013 security and privacy UX projects

https://firefox-ux.etherpad.mozilla.org/SPF-2013-Planning

Other

• firefox eng meeting - 10 am tuesday - Tanvi just next week
• platform meeting 11 am tuesday - Ian will attend
• Larissa's brownbag was happening -12 PST 12/13 (Thursday) at 10Fwd: Designing Meaningful Security & Privacy (in a world where no one cares?) YAY!!!
  • but has now been rescheduled