cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do you talk about Privacy & Security?

Tony-Cinotto
Employee
Employee

Hello there! I’m Tony Amaral-Cinotto, a Product Manager on Firefox Relay and our other privacy and security tools.

Working in online privacy and security, it seems like it’s my entire world for most of the day, and it’s easy to forget that for most people out there, it’s just a minor part, if at all. I’m someone who gets excited if a friend comments at dinner that they think their phone is listening to them because of an ad that showed up recently. I love dissecting that and sharing information on how companies use highly sophisticated advertising practices to target them. Or when my mom asks while she’s traveling if it’s safe to connect to her banking website from hotel wifi. 

I’m curious how you talk to others about privacy and security, like your friends, family, and coworkers. 

  • How do you get them to care about their online privacy and security?
  • What steps, tools, and protections do you recommend they take steps to protect themselves? What has worked? What hasn’t? 
  • Where do you see pushback? 
  • What questions do they ask you? 
  • Are there any stories or metaphors that help support the discussion? 

Looking forward to learning from you!

45 REPLIES 45

KERR
Making moves

I'm not a tinfoil hat wearer, but I think if people realised they could drastically improve their privacy with minimal effort they might think about it.

If the only way to protect your privacy was to buy a new phone or delete your facebook account - nobody's gonna do that. But switching browsers and search engine to Firefox and DDG, there's very little (if any) downside! You don't need to sacrifice functionality by ditching chrome.

I explained this to a mate and he switched straight away. We just need to reassure people that it's easy and that you lose nothing (except the snooping). There are other benefits too!

DDG is not "as good" as google for searching... that's true, but it can sure find "facebook" and "youtube". I'm technical and it's rare that I have to add "!g" to my DDG query to find what I need via google.

Gotta make sure people know that Firefox is independent and protect you against all those ads that read your mind and tracking that the big techs make $$$ from. I also suggested that FF could "showcase" just how much it's helping by making the tracking stats more visible here:

https://connect.mozilla.org/t5/ideas/new-tab-home-page-improvements/idi-p/4165

Hi @KERR thank you so much for sharing this insight. I really like the concept of it's the little wins that can have a big impact! It's great to hear that people are listening to these suggestions. Thank you for the recommendation as well about showcasing the privacy protections of Firefox more.

Anonymous
Not applicable

I don't find DuckDuckGo inconvenient to use. I used to be dissatisfied with it, but it is improving.

I got a bit put off by DDG and the Bing trackers that hit the news the other month. Had a good experience with Startpage so far.

I've been using Startpage for 2-3 years. I've switched back to DDG on a few occasions to compare engines but i've always gone back to Startpage. It's much close to Google without the down sides.

Anonymous
Not applicable

Some people think that Firefox should be able to use Mozilla VPN for free.

https://connect.mozilla.org/t5/ideas/mozilla-vpn-in-browser-for-free/idi-p/9313

s1fly
Familiar face

Definitely agree with everything @KERR has written -it's the little changes that have the least tangible effect on everyday life.

Two years ago, I worked in a public-facing technical support and repair role for a long time. Many people used the same password for everything or had "little black books" so talking about OS based password managers like Apple Keychain and Chrome and then third party apps like 1Password, Bitwarden and Firefox Lockwise (as it was then), made a big difference. Customers had no idea it was actually quite easy to use complex passwords for different sites and have their devices store them safely. I think Firefox has a great opportunity to promote secure password generation and make a few tweaks to make the built-in manager even more useful.

Advising people to use Facebook less was just a non-starter because for many, Facebook is the internet.

The one thing people do want is for their data to be available on whatever device is closest to them and in this world of ecosystems and platforms, this has become the assumed standard, when in fact, syncing can be quite hard. When I suggest to friends and family now to use alternate browsers and search engines, they want to be sure that bookmarks, tabs and passwords sync everywhere. Luckily Firefox does that.

It's actually fairly easy to suggest to someone to change to a computer browser but there's a bigger pushback with mobile and I guess the reason for that is that the browser is far more entrenched on mobile. So much so, that all browsers on iOS are skins for Webkit and this reduces what you can do. So if I say someone to use Firefox and uBlock Origin on desktop, they will get a great experience, come to mobile though and iOS doesn't allow extensions. Android does allow uBlock but even when you set Firefox as default browser, apps like News, Maps and others still default to a Chrome window which is really frustrating.

I realise I've gone on a bit! Focussing on the questions:

  • How do you get them to care about their online privacy and security?
    • When people say they have nothing to hide, I ask them what the ate for breakfast and explain why someone might want that information. Let them consider what's important. If keeping secret comes up, I suggested that everyone knows what happens in a bathroom, but most people still close the door! This leads on to a positive conversation about privacy and the right to keep things secret. Or ask, would you upload everything website or every photo to a public website for all to see?
  • What steps, tools, and protections do you recommend they take steps to protect themselves? What has worked? What hasn’t? 
    • The first thing are simply software updates for both apps and OS. Many people don't bother but it's so important. While it can be an inconvenience, most people pledge to at least do their updates overnight.
    • Talking about password managers definitely works along with spam protection, phishing attempts.
    • Using a service like Firefox Relay to help deal with email issues.
    • Discussing anti-virus and explaining you're far more likely to receive phishing email or dodgey attachments than actual targeted virus attacks. Safe Browsing from Google and adjusting simple toggles like Enhanced Tracking Protection to Strict can make a big difference.
    • A lot of people complain about spam and it has to be said that Google does do a very good job at sniffing out phishing and spam mail. Without paying for Startmail or Proton, it's hard not to recommend Gmail.
  • Where do you see pushback? 
    • People don't really want to spend money on web services as they think everything should be free. Even 79p/month for extra storage to backup their own data will bring resistance.
    • Suggesting leaving a social network!
  • What questions do they ask you? 
    • How do I know apps are safe?
    • Do I need anti-virus?
    • How safe is my data online?
    • Shall I use xxxx free VPN?
  • Are there any stories or metaphors that help support the discussion?
    • When discussing about privacy, talking about what you'd prefer others not to know
    • I've recently starting talking about the Mozilla Foundation ethical dilemma cafe experiment which is interesting on its own, but great to discuss with others
    • Running software updates is like giving a list of sneaky behaviours to your personal security guard - they can't be on guard all the time if they can't identify what the latest sneaky behaviours are!

Sorry this has become a long post and there's lots more to talk about!

 

Super interesting @s1fly! One thing I'd like to hear more about is: what's your answer when people ask you "Shall I use xxxx free VPN?" And how do people respond to your answer?

 

Thanks @Vincent!

I've met several customers who are looking at VPNs and I like to explain it using a similarly of walking to a library.

Without a VPN, you leave home, walk to the library and pick up a book and everyone can see you during that journey. In fact, some might give you a flier for an event on the way or leaflet about a book sale or make a note that you left your home at a certain time and went to the library to build a pattern.

With a VPN, you're doing the same thing but wearing an invisible cloak. You're still leaving home for the library, but no-one can see you make the journey so you can't be ihanded anything and no-one is making notes.

With a free VPN, you have a translucent cloak so most people can't see you but the providers of free VPNs can hand you leaflets when you reach the library or tip someone else that you'll be there, simply because when it's free, you're the product.

 

I've found that this idea of going from one place to another resonates quite well and obviously you can personalise it by asking the customer a hobby and make it about a music shop or restaurant etc.

interestintech
Making moves

I agree with @KERR and @s1fly alot. Making it easier to switch is a small but extremely helpful feature. I'm thinking maybe a package of all privacy + security tools to make it easier to switch from facebook, google, etc.

@interestintechthat's an interesting idea, you're right it has to be an easy switch and a package with it all built in would help. It's a little outside the scope of Firefox as it's a browser and can't replace the services, but what it can do is say "Hey you want to use ..... then do it on Firefox because ...." The message being Firefox can make your existing existing safer without causing too much change.

Maybe a bundle of add-ons that install in one go? Turnkey solution to making your life more private?

Google, Facebook, Amazon run services that mean different things to different people, but ultimately have the same business model applied in different ways. They all collect data and monetize it by either selling it, or allowing advertisers to target specific profiles. Of course those profiles follow us around which is why we have things like Total Cookie Protection in Firefox. Interestingly, Google does a huge amount of work to protect users with Safe Browsing, Spam protection etc. Gmail is probably one of the best email providers. The reason why Apple are outspoken about privacy is that they make all their money from the hardware you buy along with their services, like iCloud and Music. Compare though iCloud Mail to Gmail. Gmail is far better for identifying phishing, spam etc.

I guess what I'm getting at, is a) follow the money and b) sometimes switching isn't necessarily the best thing to do, just making it more private.

Thank you @s1fly ! The bundle of add-ons in one install is very interesting as a turnkey solution! Especially I could see that being such a great way to help my friends and family, where I can tell them just download this one package and you don't have to worry.

Exactly and it provides a gateway to other Firefox add-ons and products. The bundle would need to be preconfigured so it really is a turnkey. There could be some promotion created and maybe a video to explain what it is, how it works and why it's important or maybe separated into three for easy snack-able consumption.

In a perfect world, you would have a bundle that worked on desktop and mobile. I guess until Apple loosen their grip on the Webkit requirement and whatever Google needs to do to allow more extensions for Firefox mobile, it's bit more difficult.

Thank you so much @interestintech ! What are some of the specific problems that a package could help solve around privacy and security for you and others that would be the most beneficial?

Some addons that could be handy on mobile:

  • LocalCDN (supersedes Decentralise): This makes pages load faster as many common frameworks are hosted in the addon. It also has privacy benefits
  • FIrefox Translations: Since it works offline. I wonder how annoying it must be to translate a site on mobile currently (without addons)? Never tried but guessing it would be frustrating!
  • uBlock Origin: Not only for blocking ads/trackers, it can block malicious sites (think of all the scam SMSes/emails that people are falling victim to) but also for removing the tracking parameters of URLs (Firefox is starting to work on this). I use this list: https://github.com/DandelionSprout/adfilt/discussions/163
  • Don't Track Me Google: Google Search results are converted to an ugly link upon click. This link enables tracking for Google. This addon removes Google's link-conversion/tracking feature. This speeds up loading search results and allows you to normally copy links.
  • Facebook Container: Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook.

s1fly
Familiar face

Great suggestions @KERR I’d add in there that a some kind of configuration that sets Firefox up in Strict Tracking Protection and sets DNS over HTTPS using Cloudflare (or preferred partner)

This is fantastic and really appreciate this suggestion! These are some of my favorite add-ons too! I'm going to share this list as well with our add-ons team as we look into this more!

Adding to the conversation, this article was published today suggesting Firefox mobile is bundled with on-by-default  add-ons and settings. Worth a read

https://www.ghacks.net/2022/07/28/opinion-firefox-for-android-needs-best-in-class-ad-blocking-and-pr...

Simular to what @KERR said, it would be handy to automatically download those extensions in a package to make it easier to convince your friends and family to easily download it, however I was thinking more of a complete file that deletes Google Chrome, Facebook, etc and installs Firefox, automatically adjusts the settings to your need (set in the installer) and automatically installs/replaces all services with data collection on your computer. Think of it like you go up to your parents, they use all these bad data collection services like Google and Facebook and once they download that ONE SIMPLE file it changes EVERYTHING instantly.

s1fly
Familiar face

@Tony-Cinottoor @Vincent do you know the status of this project?

https://fpn.firefox.com/

It would be great to see this rolled out outside the US.

Unfortunately I do not! But generally, lack of announcements probably means that there's nothing to announce 🙂

Thank you! I'm trying to get an update for you on this 🙂

Anonymous
Not applicable

> Are there any stories or metaphors that help support the discussion?

Some people get a little worried when i share them this https://contrachrome.com/

Anonymous
Not applicable

Oh, it is Omni Chrome Products!

Anonymous
Not applicable

I have an idea called Possibility of Desktop Firefox OS. While mobile Firefox OS was certainly a difficult challenge, I don't think it would be as reckless on a desktop or laptop. I think it's dangerous for something like Chrome OS to become popular, and it is worth competing against.

s1fly
Familiar face

Just a thought about VPNs and pricing.

Many users only really need a VPN when they go on a trip and have to use some kind of public Wi-Fi, be it hotel, cafe, shopping mall or open working space. But unless they are doing this a lot, they don't need to pay for it every month.

I work at home and don't need a VPN unless I'm either travelling for work or going on holiday (vacation).

There needs to be a pricing model alternative where someone can pay for a day or a week at a sensible (not inflated) price rather than signing up for a subscription. I know subs are popular with developers but I think for a VPN that you don't need all the time, there needs to be a better way to engage with customers.

I appreciate this could be difficult with App Store/Google Play policies - I don't know if you can charge a one off fee for the day or week. Another option would be to pay for a voucher code on the FIrefox VPN site and use it in the app.

Then follow up with some ads that target users like me or those who book their package holidays as being the bit the holiday reps forgot to add!

This is really a fantastic suggestion and something we've been doing some research into. I really like the idea of the VPN subscription models matching people's needs instead of forcing longer term subscription. As someone who loves to travel this would personally be great for me 🙂

Mac6
Making moves

Hi, Tony ~

Please know that I and, likely others, care about privacy and security.  I just don't want to get "buttoned up" so tightly that I cannot move about the web easily.  I am cautious and selective with regard to searches.   Recently, I find more and more of my sites are not accessible from the Foxfire browser so I end up going to

Safari.  Today, a Nespresso customer rep wanted me to download Chrome.  I do not want Chrome. I am wondering why this is; why I cannot sign on using the Firefox browser.  Any ideas?  Another concern, I receive notification of updates but no info re: the purpose for the update.  This makes me feel uncomfortable as well as uninformed.  How best to resolve this?   Kindly respond so I can improve my understanding of changes.

Thank you,

C.M.

 

 

KERR
Making moves

@Mac6you can report issues like this to webcompat.com. I actually found an existing case there for Nespresso, dunno if it's same issue as yours though:

https://webcompat.com/issues/107030

 

Thank you @Mac6 for sharing this and @KERR for sharing where to submit web compatibility issues. There could be a mix of reasons for these issues including the sites themselves, tracking protection impacting the site and some other reasons. We strive to make sure users have their best experience on the web that is privacy preserving, many times though when we try to ensure users have a private experience on the web, some sites and 3rd parties that sites use do have different things that hamper this. Some of them are legitimate, like preventing fraud, while others might be more nefarious patterns to discourage the use of privacy preserving features. 

moznewbie
Making moves

Firefox has an 'Enable DNS over HTTPS' option in the Network settings options. I would recommend that setting to Firefox users. I've manually changed my default and VPN Network Connections to Cloudflare's IPv4 and IPv6 addresses in as a default. As a Firefox insider do you recommend DNS over HTTPS? Perhaps you'd like to like to talk about any relationship between Firefox and Cloudflare. Does Firefox plan to add other DNS options rather than custom options?

Tony-Cinotto
Employee
Employee

Hi everyone: Thank you so much for your great insights! I've loved so many of the ideas that you've shared including turnkey add on bundles, connecting to everyday behaviors with powerful metaphors, and looking to share changes that are very easy for people to make the switch like switching their browser to Firefox! A lot of the learnings here point to small nudges and encouragement by having your friends, family, coworkers, and connections take friction-less steps that seem small but have very big benefits. I would be interested to continue the conversation and learn more about if you've had any friends, family, coworkers that maybe weren't concerned about their privacy but you were able to get them to take a step towards improving their privacy practices online? How'd you go about that?

Sometimes when I have begun a conversation about these issues, it's started by talking about backups and it's important to use the 3-2-1 model (3 versions, 2 separate ones in your home and 1 online). Of this relates mostly to computer users rather than mobile, but it does open up a conversation. From theew, I ask about mobile and the answer is usually iCloud or Google Drive (or One).

Eventuallly, after talking about damaging or losing a device, we get to data privacy - I appreciate it takes a while but it's the journey that starts people thinking. By starting with "what happens if your computer is burnt/dropped/stolen" people begin to think what is important to them eg pictures, contacts, messages etc.

The next step is to the ask the question, "So if that data is so important to you, then who do you trust to store it safely?" Then we talk about trust, the internet and the services that companies offer. It's then easy to talk about making small changes like using Firefox!

Car
Making moves

Adding Presearch as a search engine would allow us even more privacy options within Mozilla.

Agreed I use Presearch to write blogs about how to start a business and it helps me find unique sources that other search engines miss. 

Thank you for sharing!

AbinandhanK
Making moves

I tell people to use Firefox, Signal, DDG, Proton etc. Some people don't understand the necessity of Online privacy and security. Even though people don't care its my responsibility to spread awareness.

Thank you for the response! What are people's reactions typically when you tell them to use Firefox, Signal, DDG, Proton?

I think it's easier to get someone to use another browser like Firefox than changing their messaging app because people use what their friends and family use. Convincing a whole group to change is a lot harder than an individual.

At the moment, Google is firing on all cylinders in a marketing campaign to make Apple adopt RCS in iMessage. Cleverly, they explain that it isn't Android users who have the issue, but Apple downgrading iMessage to SMS for anyone outside the iOS ecosystem. It seems to be more important in the US, but here in the UK most don't care that much because they use WhatsApp which is cross platform. I use Signal, after iMessage, but trying to get anyone else to is very difficult, even with Meta changing policies all the time and having a pretty poor record with people's data.

So while I have positive results with suggesting Firefox with Mozilla being a non-profit (which interestingly carries more weight than I realised), changing messaging is very difficult.