I searched before posting, sorry if this is a dupe. But I hope to bring a fresh take, you be the judge.
After decades of observing industry dialog around cookies, internet privacy and everything in the browser ball park, I have the sense that most folks seem to be missing the forest for the trees when it comes to managing privacy. I have only recently (after decades of struggle) gotten Firefox to manage browsing in a “have cake and eat it too” way, however it has required several add-ons and delicately tinkered FF settings. Along the way, some broad realizations came to me with regards to how privacy policies are broadly managed in Firefox and browsers in general.
People -know- what sites they trust. Browsers simply aren’t listening in an accessible way.
People -know- that the rest of the internet should not be trusted by default. They read the news.
Yet browsers only provide an all or nothing ultimatum when one visits the settings. Trust everyone or nobody, or cook up a custom policy. Access to any other approach is barred to all but those with quite high browser tech-fu skills, like us in these forums.
Recommendation: The privacy model and related UI elements should be shifted and centred around the user’s personal mental model of who they trust. Forget distrust, that’s merely the inverse set of the trusted. And to be clear: by trust, I speak of persistent local data, cross site scripts, redirections, browsing history, and any other reasonable capability a site might want, which we would most likely grant if we feel they’re serving our best interests. Everything the browser does on the privacy front can be aligned around such high level directives far more accurately than a one shoe fits all approach as it today stands.
Example method: Add a UI element in the “address bar shield button dialog” so that in 2 clicks we can tell Firefox “I trust these guys, anything goes!” or “I kinda trust these guys, remember my login.” or the default “Untrusted”. This would end the pointless futility of trying to craft one policy for all browsing. We’d be able to craft several default policies based on the user trust levels, and rejoice. A majority of creepy tracking cookies fall off the edge of the earth a few hours after their last tab closes, if not granted the mercy of a user trust click.
That’s it. Not earth shaking perhaps, but I think it’s a small idea that can have a huge impact. I know it’s not fundamentally new, we’ve seen it before in a few forms, and a basic whitelist / blacklist tool exists in Firefox today. But none I've seen have been terribly usable or intuitive, and the privacy model out of the box doesn’t take our trust opinions into account beyond the level of a cookie. Cookies alone don't encompass the whole topic.
We also should not let the horrible implementations of the past deter us. (I’m looking at Microsoft trust settings – gag.) All past whitelist tools have failed to take hold because they haven’t cracked the nut of making it effortless to manage while browsing in real time. Also the global climate on this topic is shifting and I believe people are ready to provide two clicks to teach the browser which sites are groovy in their mind. For most people I doubt it’s more than a dozen sites which deserve the “remember my login” honor, even fewer for deeper levels of trust. (Some will trust many sites, some will trust none, and most will trust a reasonable list of their most frequent and highly trusted destinations.)
I could write a ton more on the topic, i really have given it a lot of thought. But to keep this short-ish I'll wrap this up by saying this. I believe user assigned trust values are the missing piece that Firefox needs to finally be equipped to do a near perfect job of letting people have their privacy cake, and eat their yummy websites too. Firefox can then roll out the feature carpet for sites a person cares most about, and take off the gloves wen it comes to the rest. All while relieving users from needing to worry about "private browsing" or "containers" or any other features which bring higher cognitive loads. If a site isn't trusted, we can treat them like a private browsing session. Done. Pretty straight forward from the end user's perspective.
Happy to hear peoples thoughts and poke holes in my logic. All the best.
... View more