meandering wildly

Videos – Firefox Privacy & Security Features

Preamble (with Discussion Question)

I don’t know if there are people out there who like the way they sound in audio recordings, or look on video. I certainly don’t. I don’t think it’s a self-image issue, either; and I know I’m not alone. My recorded voice lacks the resonance I experience internally, and my recorded image just looks… mouthier (?!) than I imagine myself to be. I don’t even know what that means.

Proposed:

Nightingale’s Corollary to the Uncanny Valley Hypothesis: The depth of one’s psychological attachment to, and familiarity with, one’s own image, amplifies feelings of canny/uncanniness. This can result in greater than average affinity for moderately dissimilar representations (c.f. the popularity of “realistic cartoon avatar” generators, or caricature artists), but also particularly heightened sensitivity to minor dissimilarities.

[Discuss. Cite examples.]

The Point (i.e. Where You Should Have Started Reading)

I bring this up because the inimitable duo of Alix and Rainer recently took some of my scattered ramblings and knit them together into an educational piece on some of the security features in Firefox. I think they did a lovely job:

YouTube

In very much related news, Drew worked with Alix and Rainer to put together a video that talks about some of Firefox’s privacy features. I find it much easier to listen to Drew’s calm, matter of fact, “we did awesome stuff, and want you to know about it” delivery. I suspect you will, as well.

YouTube

Mozilla / Security / Work — 25 comments
04
Sep 09

Deletion

To a first approximation, I think you can gauge how much people think about software quality by how highly they value deletion. While most rookie developers are chiefly interested in building rather than in tearing down (for what I hope are obvious reasons), great throbbing brains like Graydon speak about deletion with the kind of reverence that I presume cardinals reserve for only the coolest of popes.

In what history will likely judge as a vain attempt to impress him, then, I recently landed bug 513147, deletion of the now antiquated “Properties” dialog that used to be available on right-clicking things like images and links. Not because it was useless (every feature is someone’s baby, and is added for a reason) but because it wasn’t useful enough, to enough people, to justify the cost.

50kb of code in our product that is poorly understood, not often used, and not covered by unit tests is not free. When bugs show up, it takes longer than it should to fix them. If a security bug were to show up (which is always a risk when content mixes with chrome, however remote it may seem) it would be particularly expensive for us to reload that context into our brains to fix it.

Deleting it isn’t free either, of course – there are 4 extensions that build off that dialog that will need to be updated, and there may be some who use it regularly who will be disappointed. But the forces of software (inertia, squeaky wheels, cynicism and inertia) bias so heavily towards keeping code in the tree that we should all try to take clear deletion opportunities when they come up. Not capriciously, not without sensitivity to the impact it can have, but with recognition that the hidden cost to keeping them is also large and… hidden.

It is in the spirit of this sensitivity that we, on the Firefox team, have tagged this bug and others like it: [killthem]. What else do you think should go? (And please, be gentle. Remember, every feature is someone’s baby.)

[Update: Geoff Lankow has taken the code that used to be built in, and made it into an add-on, which is think is fantastic. As I said to him, and as I said above, my assertion has never been that the code was useless, just that it wasn't useful enough to justify its cost in the core product. An add-on is a great place for functionality like that, and I thank Geoff for his work.]

Linkage / Mozilla / Privacy / Work — 2 comments
07
Jul 09

Privacy Features in Firefox 3.5

While talking to press in North America and Europe about Firefox 3.5 (you’re already running it, right?) one topic that really resonated with people was the way we pushed on privacy in this release.

I think, initially, some people viewed our private browsing mode as a checklist feature. Even though we’d been working on it since before Firefox 3, it wasn’t strong enough for us to ship until 3.5 and in the interim other browsers have implemented versions of the same functionality. I really like the way we’ve done it, and there seem to be significant differences between the various browsers’ implementations, but regardless of all that I also don’t think that any private browsing mode is a complete solution.

Private browsing mode assumes that you will always know ahead of time that you’re about to do privacy-sensitive things. In Firefox 3.5, we tried to match more closely the way people actually use the browser, and sometimes that means they need to clean up after the fact – forgetting a slice of time, or a particular site. It also means that sometimes they want their browser to remember things, sensitive bookmarks for example, but not publicize those in the location bar. People’s use of a web browser in 2009 is more nuanced than:

Public
Private

Alex Faaborg has done a fantastic job detailing many of the privacy features in the latest release of Firefox. I’d encourage you all to check it out.

Linkage / Mozilla / Work — 6 comments
24
Jun 09

Google Maps Geolocation Bookmarklet

I’ve been in Europe this week talking to French and German press about Firefox 3.5, and it’s been great to see all the excitement there is over here for the upcoming release.

One feature I’ve been talking a lot about is our support for Geolocation. I think that once Firefox 3.5 gets out there and sites realize they have a (privacy- and user-control-respecting) way to ask their users for their location in the world, all kinds of great services will show up. Flickr already has a photos-near-you feature, for instance, and I imagine mapping sites, restaurant reviews, and others are hot on their tails.

So I’m sure, in short order, that this won’t be necessary. In the meantime, if you’re running one of the Firefox 3.5 Release Candidates, you can use this bookmarklet to inject your current location into the google maps search box, so that you can base searches off your current location:

javascript:function sv(s){document.querySelector("#q_d").value=s};sv("Checking...");navigator.geolocation.getCurrentPosition(function(a){c=a.coords;sv(c.latitude+"%20"+c.longitude);document.forms.q_form.submit();},function(){sv("Rejected!")});

If you haven’t used a bookmarklet before, it’s easy. Open up your bookmark manager, decide where you want to put this (I like to have them on my bookmarks toolbar, since I use them a lot), and create a new bookmark. When it asks for a location, put in the code pasted above. Now, when you’re on the google maps site, click the bookmark to jump to your current location (after, of course, giving your consent).

This bookmarklet is specific to google maps (but I bet you can hack it!), and it certainly requires you to be using a modern browser with support for these features. If you don’t have the latest Firefox yet, you can become part of our early testing community by downloading a copy now.

[Update: Changed the bookmarklet code a little to give some feedback immediately by letting you know it's checking. I bet someone out there has already made a version of this that's half as long, and twice as powerful. Comment!]

Mozilla / Privacy / Work — 12 comments
16
Jun 09

Google Ads: Did You Know You Could Do This?

A couple weeks ago I was attending a panel discussion at the Computers, Freedom and Privacy conference in DC (featuring our very own Mike “Gillette Mach 3″ Shaver) when Betsy, from Google Economics, started talking about their behaviour-based advertising.

She was making a point about how Google gives users control over the kind of ads they see, and she mentioned this:

I think I always knew that the “Ads by Google” text at the bottom of ads was clickable – I’ve probably even clicked it. Historically though, it’s just been a sales pitch for would-be advertisers and content authors. Now, when you click on it (go on, there’s one at the bottom of this post), there’s a link to your very own “Ad Preferences Manager.”

This page tells you what Google thinks you’re interested in based on the browsing habits it’s observed, and hence what kinds of ads it wants to show you (seriously, go check it out). It also gives you the option to add/remove interests, or opt out entirely.

Betsy, from Google, was talking about how they had been trying to really get the word out to people about this interface, so that people could control their ad experience. I wasn’t sure whether that message was reaching people – even people who might care about the information advertisers collect.

A couple of questions, then:

Did you know about this page?
Do the contents there surprise you? How accurate are they?
How does it all make you feel? Are you more comfortable, knowing that you have some control? Or are you less comfortable, seeing the profile laid out like that?
Did you make any changes while you were there?

Life / Linkage / Mozilla / Photography / Video / navel-gazing — 6 comments
25
May 09

What’s a Few Months, Really?

I know. It’s been a few months since my last post. But what’s a few months, in the grand scheme of things?

Galactic Center of Milky Way Rises over Texas Star Party from William Castleman on Vimeo.

Stick that in your perspective and smoke it. It’s worth clicking through to the HD version.

Mozilla / Security / Work — 5 comments
25
Mar 09

Updated SSL Certificate Database

When I blogged about my database of SSL certs from the top 1M alexa sites, it got much more reaction than I expected. It’s nice to have peers in this microcosm of nerdspace.

Easily the most often requested improvement was to include intermediates in the database. People wanted to see which issuers had a bunch of subordinate CAs and which issued right from the root. They wanted to see what kind of key sizes and algorithms CAs chose, and how they compared to the key sizes and algorithms used in regular site certs.

I’ve gone and re-crawled to gather that information now, and you can download the zipped db (509M). It’s still an SQLite3 database, though I’ve changed the schema a bit, with certificates now stored in their own table. Let me know in the comments/email if you need help working with the data.

The schema, if you can call it that, was 100% expediency over forethought, so I would welcome any suggestions on DB organization/performance tweaking. I have done no optimizing so low-hanging fruit abounds, and a complicated query can take more than a day right now, so your suggestions will have visible effects!

Mozilla / Speaking / Work — 10 comments
13
Mar 09

Speaking to Lords – FAQ

People seem quite interested in how the trip went. Since I’m too sleepy to have anything qualifying as a coherent, synthesized opinion, FAQ format seems like the strongest play.

How Did It Go?

I think it went quite well. Of course, it’s hard to nail down short term success criteria for conversations with parliamentarians. A meeting like that is not going to end with a legislator standing up and saying “I agree. Let’s go pass a law.” Things like this are an exercise in advocacy: “Here is my opinion of the situation and the options under discussion for its remedy,” followed by others giving their versions of the same thing.

I do feel, though, that my opinion was listened to, understood, and amplified by others. The room included, in addition to invited experts and press, at least half a dozen Lords, and 3 or 4 MPs, so I am also confident that I was heard by people in a position to act on what they hear.

What Did You Say?

A couple of things. I said that this kind of data collection is not something users can be expected to understand and, if they did understand it, not something they have much ability to avoid.

I said that in many markets, even developed ones like Canada and Britain, there isn’t enough choice in ISPs to make “voting with your wallet” a realistic option for people who find this kind of surveillance invasive.

I said that the technological mechanisms for preventing this are prohibitively expensive (in the case of things like “universal SSL deployment”), largely ineffective (since traffic analysis would still be possible), and brittle (opt-out cookies assume you never switch computers or browsers, that you never reinstall or move houses, that you won’t be worn down to the point of surrender by the Nth attempt to opt out).

I said that, historically, anonymized data isn’t. The AOL data was blown wide open, for instance, and that was just search terms, not browsing history. I said that however ironclad Phorm’s current processes may be, this kind of data collection being done by multiple companies over any interesting period of time will almost certainly result in anonymity failures.

I said that the collection of this information is insidious, that however noble and scoped the initial goals, it tends towards exploitation because it is too valuable not to.

After saying a chunk of that in a single burst, I got some applause from some of the people in attendance which felt odd, but certainly seemed to suggest that I had struck a chord.

What are the Lords Like?

Parliamentarians, really, since there were MPs there, but in any event I was impressed, particularly by Baroness Miller, who organized the event. She was exceptionally good at running a room – at ensuring that legislators’ questions were answered, at bringing digressions back around to the central themes, and ensuring that multiple voices were heard. As a group, they were forthright but unapologetic about their lack of technical knowledge (that’s not their job), and asked clear questions aimed at understanding the legislative implications of various details.

Were there Swords? Powdered Wigs? Snuff Boxes?

People from the UK know that their legislators are basically like other legislators, albeit with more exciting titles. To the rest of us though, the whole thing sounds very romantic, and we entertain positively ridiculous notions like this. No swords, no wigs, no “Yes, your exalted worshipfulness.” The houses of parliament are guarded by perfectly normal police officers with perfectly normal frowns and perfectly normal assault rifles, but very little pomp.

What about the Building?

Imagine that your great great great grandparents and their friends had all the money in the country, and decided to build a place to hang out. Imagine that since then, it’s where everyone decided to put their cool stuff. Imagine walking through rooms, separated by wooden doors older than calculus. Imagine those rooms are alternately filled with statues, murals, statues in front of murals, framed masterworks, and leather bound books about anything that could matter. Imagine that there are entirely different paths, staircases and elevators for peers of the realm than for everyone else. Imagine that you could fit your current house inside the Queen’s entrance and have room to fly a kite from the roof.

It is a nice building.

Would you do it again?

Yes. Yes I would.

I still think that legislating technology is fraught with peril. The way to mitigate that peril is not to run away from it, though, but to be a voice for the kind of change we want, and against the kind of change we don’t.

Is the Bowmore 17 you brought back tasty?

Yes.