exactly what privacy features do you want?

Posted Aug 13, 2009 15:57 UTC (Thu) by dlang (guest, #313)
In reply to: where does it says that? by coriordan
Parent article: Ubuntu removes "multisearch"

you complain that mozilla/firefox are not doing enough to protect privacy.

exactly what is it that you want to see happen?

and please don't respond 'ship privacy modules by default', state what you want the privacy modules to do.

In my opinion, 'protecting privacy' is like 'blocking spam', everyone agrees that it's a good idea, but when you get down to the nitty-gritty of exactly what to do people can't agree on what is a reasonable trade-off between protection and false-positives breaking something that you want to work.

exactly what privacy features do you want?

Posted Aug 13, 2009 17:57 UTC (Thu) by coriordan (guest, #7544) [Link] (1 responses)

> exactly what is it that you want to see happen?

Despite Mozilla's massive amount of funding, large developer team, and proven ability to innovate, I suspect you're going to reject any suggestion I offer that would require them to invest more than one programmer-day of work. So I'll start dead simple:

How about blocking cookies that are known to be of no use to the user?

Even just one. Pick one single cookie that tracks users and provides no benefit, and block it. This would be better than nothing, but they don't do it.

By putting in more than one programmer-day of effort, this could be well done. Maybe maintain a very conservative list of bad cookies (I think there's already a similar feature about a list of phishing sites to avoid, so maybe this idea could be implemented similarly), and block them. Maybe block DoubleClick's cookie?

When I search mozdev for "privacy", I get 215 hits. Most aren't about online privacy, but there must be some ideas in there that aren't too hard to implement or adapt.

exactly what privacy features do you want?

Posted Aug 13, 2009 18:16 UTC (Thu) by dlang (guest, #313) [Link]

I actually don't care how much effort it is to implement something, if that something can be fully agreed to.

however, your example is exactly what I feared it would be.

you want someone to appoint themselves the arbitrators of what cookies should be allowed and what ones should be blocked (either by name or by server)

I have _no_ objection to people creating such lists and allowing users to opt to use such lists.

however I have a very strong objection to building such blacklists into the application by default.

the history of blacklisting should prove this. if blacklists were so obviously good and infallible they would be built into every mail server and every mail client. they aren't (although support for them is common in mail servers), precisely because different people have different opinions on what should be blocked.

firefox already _has_ extensive privacy features, they just aren't configured the way that you want to force everyone to have them configured out of the box.

firefox has per-domain controls over cookies (to deny cookies from that domain), all that someone would have to do is to pre-populate that file, no mozilla programming time needed.

as for the 215 hits on "privacy", I don't care how many ideas there are, or how hard to implement. what I want to know is if they are something that _nobody_ objects to (not just none of the privacy advocates object to)