
Polaris Privacy Initiative to Accelerate User-focused Privacy Online - bruo
https://blog.mozilla.org/privacy/2014/11/10/introducing-polaris-privacy-initiative-to-accelerate-user-focused-privacy-online/
======
Animats
Mozilla had the capability of blocking URLs before, via an add-on. The Mozilla
Foundation let it become spyware.

There's an add-on for Mozilla which will block a list of URLs called
BlockSite. Unfortunately, it's both spyware and adware.
([https://addons.mozilla.org/en-
US/firefox/addon/blocksite/](https://addons.mozilla.org/en-
US/firefox/addon/blocksite/)) A company, WIPS, bought up a large number of
abandoned Mozilla add-ons and put in tracking code that tracks all URLs
browsed. That was OK with Mozilla's head of add-ons, Jorge Villalobos.
([https://bugzilla.mozilla.org/show_bug.cgi?id=903799](https://bugzilla.mozilla.org/show_bug.cgi?id=903799)).
Many users were very angry about this.
([http://forums.mozillazine.org/viewtopic.php?f=38&t=2737553](http://forums.mozillazine.org/viewtopic.php?f=38&t=2737553))

That's when the Mozilla Foundation officially sold out. They can't be trusted
on privacy issues.

~~~
RubyPinch
as noted in the bug, those "features" are both apparently opt-in, which
complies with AMO policies ("no surprises") which existed before that add-on
update was submitted

Mozilla do not own the rights to the addons, they only act as a distribution
point. if you want to blame someone, blame the original developer for selling
access to WIPS

~~~
Animats
Read the user reports. The "opt in" is "an offer you can't refuse". If you
don't opt in to the spyware, it blocks some major sites, until you remove the
whole add-on.

Mozilla used to run job ads: "Work for mankind, not for the man". That's now
about as relevant as Google's "Don't be evil."

~~~
RubyPinch
the addon works exactly as intended by the developers of said addon

its dickish by the developer, but its not pulling surprises, and you are able
to move to competition

There are bad eggs, but the rules work. The bad eggs must ask permission to be
bad

Mozilla taking over random add-ons would be worse for the end-user, and would
be worse for Mozilla, as they would then have to start maintaining the addons
(at least, this is what it seems you are implying, considering the addons were
/not/ in a working state before the developer sale, the only way Mozilla
(which you specifically blame for this) could make those addons viable is if
they started maintaining them against the developer's wishes (reminds me of
Apple deleting competition to their new upcoming apps))

They haven't even finished maintenance on Firefox itself. Maintaining every
small forgotten plugin, along with dealing with the legal issues that would
arise from that, would be a fairly impossible task.

Of course, you probably wouldn't expect them to maintain /every/ small
forgotten plugin, but where do you draw the line? How useful does an addon
need to be to be directly taken over by Mozilla?

~~~
Animats
Mozilla has an add-on review process, "AMO". It's weak on privacy rules. I was
just looking at the source code for DoNotTrackMePlus. It's in "all the code on
one line" style. One wonders how that got through AMO. After some ed-
obfusiciation, it's kind of scary. It can tell when you're typing in a credit
card number, and tries to sell you their "credit card masking" service. The
code encapsulates XMLHttpRequest in a function called "n", so it's hard to
find all the places it phones home.

If you have DoNotTrackMePlus installed, I'd recommend un-installing it.
Ghostery has a better reputation and fewer unwanted features.

~~~
RubyPinch
AMO is the addon-site itself

the review process isn't against obfuscation, its only against addons which it
is prevented from reviewing.

the credit-card thing is mentioned on the description of the addon, same for
also the email-muckery stuff

> The code encapsulates XMLHttpRequest in a function called "n", so it's hard
> to find all the places it phones home.

I honestly don't see how that would make it much harder, personally? just
mentally alias `n` to `XMLHttpRequest`

\--- ghostery still has a tracking opt-in though, which can be too much for
some

Privacy Badger seems to be the "best" bet soon, all automated without any
inbuilt knowledge, which is fairly nice.

ghostery probably does similar, and to a better degree currently, but...
simply put, I trust EFF more

------
mbrubeck
Here's a direct link to the docs on enabling the experimental tracking blocker
in Firefox:

[https://support.mozilla.org/en-US/kb/tracking-protection-
fir...](https://support.mozilla.org/en-US/kb/tracking-protection-firefox)

------
justcommenting
There are many great things in this announcement, but I wonder if "a feature
that protects those users that want to be free from invasive tracking without
penalizing advertisers and content sites that respect a user’s preferences"
will prove to be a Faustian bargain driven by Mozilla's fealty to Google and
other major advertisers.

At some point, the goals of advertisers and privacy advocates may conflict in
ways that may be difficult to reconcile, especially if advertisers (via Google
& many other popular services) retain lots of bargaining power from the outset
in the ensuing policy discussions.

~~~
javaun
Hi, I’m on the Polaris team at Mozilla. I understand your reticence on
tracking. The news and other content we all enjoy on the open web is mostly
underwritten by ads, as are the social networks activists use to coordinate.
These sites need to get paid or they can’t keep doing what they do. It’s not
the ads, it’s the tracking. While many users love seeing personalized content,
an increasing number don’t. We’re trying to get to a place where websites
respect users self-declared preferences on tracking, and users have better
tools to enforce those preferences. It’s going to involve not just building
tools and working with privacy advocates but also working with advertisers and
publishers to help them benefit when they respect individual user wishes.

~~~
brandnewlow
The news and other content we all enjoy is underwritten by tracking. The ads
lose value without the tracking. The two are inextricably linked.

As someone who works in the industry I understand and respect the desire of
privacy advocates to push back against practices they disagree with, but the
view advanced by many that the ad industry would work just fine if ads could
not be targeted based on behavior seems willfully wrongheaded.

If advertisers can't target based on behavior, they can't get high enough
click rates and conversion rates. If they can't get those, their advertising
is unprofitable. If their advertising is unprofitable they will stop buying
it.

~~~
kibwen
This scenario assumes that the value of ads would be driven completely to zero
if tracking were not possible. For any non-zero value advertisers will still
back out as they stop seeing returns, at which point ad-space-sellers will be
forced to lower to their rates. This is still fully capable of effectively
driving low-margin ad-supported websites out of business, but it's not a
doomsday scenario.

~~~
brandnewlow
"This is still fully capable of effectively driving low-margin ad-supported
websites out of business, but it's not a doomsday scenario."

Right. That's a scenario I wish the privacy advocate folks at places like
Mozilla were more up front about.

~~~
narrowrail
Broadcast television still works and doesn't have these granular tracking
abilities. I wonder if the principles they've used could be a blueprint to
follow. The example will only be more relevant as market share shifts from
broadcast tv to web-based alternatives.

------
JetSpiegel
Or you can install [https://addons.mozilla.org/en-
US/firefox/addon/policeman/](https://addons.mozilla.org/en-
US/firefox/addon/policeman/) and get HTTPSwitchboard-like control over all the
requests made by the browser. It's still a bit green, but it's definitively
the right wa to go.

------
sazafrass
This may be slightly off topic but I think they should really clean up their
addon store if they want to help with privacy. It takes forever for something
to be available/updated in the store yet addons that log and report every page
visited etc still run amok. I think rules should be much stricter or better
enforced.

------
teacup50
Mozilla promoting privacy seems nonsensical; the browser-based SaaS server-
fetched application execution model is fundamentally antithetical to ownership
and privacy.

~~~
narrowrail
Not when the server-side software is end-user controlled:

[https://github.com/sandstorm-io/sandstorm](https://github.com/sandstorm-
io/sandstorm)

~~~
teacup50
So basically, nowhere.

Should something like Sandstorm take off, then we're still stuck with an
application distribution model that destroys the split between client/server
that allows a diverse set of clients to exist, destroys the ability for
clients to be versioned independently of the server, and destroys the ability
for clients to manage data in a way that it can't be read/captured/stolen by
the server.

~~~
narrowrail
Your claims:

1)"destroys the split between client/server that allows a diverse set of
clients to exist"

2)"destroys the ability for clients to be versioned independently of the
server"

3)"destroys the ability for clients to manage data in a way that it can't be
read/captured/stolen by the server"

In response:

1) One could create any number of clients to interact with backend software
that they control.

2) No idea what you are talking about here; perhaps you can explain more
specifically the problem. I don't think this matters. At all.

3) The whole idea is that the user controls the client _and_ server so the
data _is supposed_ to be able to be read.

All in all, I'm curious what a solution to the privacy issue would look like
that would satisfy your criteria. Any proposals?

~~~
teacup50
> _All in all, I 'm curious what a solution to the privacy issue would look
> like that would satisfy your criteria. Any proposals?_

No server other than a gateway at the house. Peer-to-peer sync.

If centralized servers are required, perhaps someday we'll have the
keying/trust infrastructure necessary to deploy sandboxed code that can't be
introspected externally, e.g., using Intel SGX.

------
zobzu
Interesting how it says it wont penalize advertisers. Some of my friends work
for mozilla and said that one of the feature does block ads as its both what
the user wants and its impossible to tell whos tracking or not. (nightly only
in about config) My understanding is that the feature will get axed/no longer
be directly blocking ads?

~~~
mbrubeck
It blocks all network requests to URLs on the blocklist. This can include ads,
if those ads are listed as known tracking resources. I believe there'll
eventually be a mechanism for publishers to declare DNT-compliance or
something, to make sure their content isn't treated as a tracker.

~~~
javaun
That's right. The Mozilla platform technology is great, we are still working
out a few kinks. The blocklist we're using is a customized version provided by
Disconnect.me. Mozilla's UX for Tracking Protection needs a lot of work, it's
just not done yet. We need to do a lot of work to understand what users want.
Hence the experiment.

There are also many third-party add-ons out there: NoScript, Privacy Badger,
Disconnect, DoNotTrackMe, Ghostery, etc. I don't think we want to compete with
them but rather give them all more powerful tools to create more anti-tracking
options for users. (EDITED to remove pronouns, fix misspells)

~~~
zobzu
Thats interesting thanks!

I must say Im a little unhappy about installing 10 addons just to have more
privacy. Some slow down Firefox more than others, and it takes time to setup
everything.

I would hope for Polaris to be a one-switch-thing that doesn't require much or
any setup (the door hangers stuff seems to be just fine now that i tried it)
and that doesn't affect performance the wrong way (in fact id hope for the
feature to just be on by default...)

The ads issue is one that's difficult to deal with. If it was up to me i'd
just block all ads on the pretext that Firefox is now clearly the underdog and
deal with consequences when marketshare rises again.

One issue with DNT-style whitelisting is that anyone can say they dont track
you but still have all the information needed for tracking (and optionally
they can also lie, or half-lie, or what not if they want to).

In my testing i noticed that other addons - while not as neatly implemented as
tracking protection with polaris - do block a lot more tracking stuff right
now (which is fine. polaris is new)

------
peatmoss
While this is welcome, I still feel goosey using Firefox given its (I believe
still) lack of sandboxing. Privacy and security go hand in hand, and recent
Pwn2Own competitions haven't been kind to Firefox.

~~~
mbrubeck
Since last week, Firefox Nightly has process separation enabled by default:
[https://groups.google.com/forum/#!topic/mozilla.dev.platform...](https://groups.google.com/forum/#!topic/mozilla.dev.platform/OQCFwGn5sXg)

A patch to enable the content process sandbox by default was posted for review
a few days ago: [http://bugzil.la/928044](http://bugzil.la/928044)

The sandboxing implementation isn't complete yet (it requires separate work
for each OS that Firefox supports) and there's a significant list of known
issues before this can be turned on in release builds, but there is now a team
working full-time on this project, so it should improve quickly.

Tracking bug for sandboxing:
[https://bugzilla.mozilla.org/showdependencytree.cgi?id=92557...](https://bugzilla.mozilla.org/showdependencytree.cgi?id=925570&maxdepth=1)

General docs on process separation:
[https://wiki.mozilla.org/Electrolysis](https://wiki.mozilla.org/Electrolysis)

