Improving trust and transparency for Suggested Tiles

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Improving trust and transparency for Suggested Tiles

Ed Lee
[ For context around Suggested Tiles, please read http://ed.agadak.net/2015/04/whys-and-hows-of-suggested-tiles ]

Similar to how we iterate on code to make Firefox faster, more usable, or more functional; we would like to improve on user trust and transparency for Suggested Tiles.

The current state of Suggested Tiles in Beta 38 is that Firefox only shows suggestions that match a hardcoded set of top-sites-matching logic. This was done to allow people to verify the source code and have some guarantees around what Firefox can and cannot do.

One particular attack this implementation prevents is the arbitrary querying of Firefox top sites data. In the situation that Mozilla did not follow its policies, Firefox could be tricked to show a fake suggestion and report back if the user has visited a specific site.

However, this hardcoding approach limits the ability to make better suggestions or improve them quickly. For example, if Firefox only has a predefined "News" matching logic, it wouldn't be able to match on users who are more interested in "Technology News," so if there's a great technology news recommendation, Firefox would show it to way too many people who aren't interested in technology. A related issue is if for some reason a non-news site was put as part of "News," users could get quickly annoyed by seeing things that aren't actually relevant until the next update of Firefox fixes the bug.

So assuming that the user control to easily turn off the Suggested Tiles functionality is not enough, what technical measures could be used to improve transparency to help users verify that Mozilla is not doing anything malicious?

Here's some initial ideas of what Firefox could do, and I hope people can provide some more:

- support specialized update mechanisms
- ask the user to approve each new type of suggestion
- verify with multiple (non-mozilla?) servers before making suggestions
- notify the user of incoming changes a day in advance
- allow the user to specify a whitelist/blacklist of sites

Ed Lee
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: Improving trust and transparency for Suggested Tiles

Chris Hofmann-2
> - ask the user to approve each new type of suggestion

this seams like it would get pretty annoying.

It might be better to just give users a menu of the types of content we
have to offer, and they could check off would like to see mixed in among
their tiles.

That also greatly reduces the need for so much inference out of there
browsing history, and any problems that might turn up in not being able to
get that right.

-chofmann

On Thu, Apr 23, 2015 at 11:22 AM, Ed Lee <[hidden email]> wrote:

> [ For context around Suggested Tiles, please read
> http://ed.agadak.net/2015/04/whys-and-hows-of-suggested-tiles ]
>
> Similar to how we iterate on code to make Firefox faster, more usable, or
> more functional; we would like to improve on user trust and transparency
> for Suggested Tiles.
>
> The current state of Suggested Tiles in Beta 38 is that Firefox only shows
> suggestions that match a hardcoded set of top-sites-matching logic. This
> was done to allow people to verify the source code and have some guarantees
> around what Firefox can and cannot do.
>
> One particular attack this implementation prevents is the arbitrary
> querying of Firefox top sites data. In the situation that Mozilla did not
> follow its policies, Firefox could be tricked to show a fake suggestion and
> report back if the user has visited a specific site.
>
> However, this hardcoding approach limits the ability to make better
> suggestions or improve them quickly. For example, if Firefox only has a
> predefined "News" matching logic, it wouldn't be able to match on users who
> are more interested in "Technology News," so if there's a great technology
> news recommendation, Firefox would show it to way too many people who
> aren't interested in technology. A related issue is if for some reason a
> non-news site was put as part of "News," users could get quickly annoyed by
> seeing things that aren't actually relevant until the next update of
> Firefox fixes the bug.
>
> So assuming that the user control to easily turn off the Suggested Tiles
> functionality is not enough, what technical measures could be used to
> improve transparency to help users verify that Mozilla is not doing
> anything malicious?
>
> Here's some initial ideas of what Firefox could do, and I hope people can
> provide some more:
>
> - support specialized update mechanisms
> - ask the user to approve each new type of suggestion
> - verify with multiple (non-mozilla?) servers before making suggestions
> - notify the user of incoming changes a day in advance
> - allow the user to specify a whitelist/blacklist of sites
>
> Ed Lee
> _______________________________________________
> dev-planning mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-planning
>
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: Improving trust and transparency for Suggested Tiles

mhoye
On 2015-04-24 2:15 PM, Chris Hofmann wrote:
>> - ask the user to approve each new type of suggestion
> this seems like it would get pretty annoying.
>
Maybe it depends on how you put it - if the feedback is anonymous and
handled on the client side consistently, options like

- I don't like this ad (or type of ad)
- I'm not interested in this product or type of product.

would seem to be valuable for both the user who doesn't see ads they
dislike and advertisers who are showing people ads that aren't effective.

- mhoye
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: Improving trust and transparency for Suggested Tiles

Ed Lee
In reply to this post by Ed Lee
On Friday, April 24, 2015 at 11:16:00 AM UTC-7, Chris Hofmann wrote:
> It might be better to just give users a menu of the types of content we
> have to offer, and they could check off would like to see mixed in among
> their tiles.
Even with a menu for user to pick, how would a user know if it's safe real suggestion vs a fake suggestion that is just trying to extract browsing history?

For example, one policy for creating the site matching is to use at least 5 sites. We could build that logic into Firefox to make sure there's at least 5. But Firefox doesn't have enough information to determine that some sites are fake, e.g., ["mozilla.org", "looksrealbutfake.com", "yetanotherfake.com", "site4.com", "site5.com"]. Because 4 of the 5 sites will never be in the user's history, if this suggestion is shown, then it must be because the user went to mozilla.org.
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: Improving trust and transparency for Suggested Tiles

Patrick Finch-2
In reply to this post by Chris Hofmann-2


On 4/24/2015 8:15 PM, Chris Hofmann wrote:
>> - ask the user to approve each new type of suggestion
> this seams like it would get pretty annoying.
>
> It might be better to just give users a menu of the types of content we
> have to offer, and they could check off would like to see mixed in among
> their tiles.


Something like the Discover feature in Opera's new tab?
http://www.operasoftware.com/press/reviews/desktop#discover

I find that instinctively interesting as a product direction, but at the
moment, Opera Discover seems to be basically a fairly coarse-grained
news feed, lacking the kind of specificity that makes it interesting.  
(Opera Discover has 1 tier of interest categories and 1 tier of
geographic preference)

Patrick



>
> That also greatly reduces the need for so much inference out of there
> browsing history, and any problems that might turn up in not being able to
> get that right.
>
> -chofmann
>
> On Thu, Apr 23, 2015 at 11:22 AM, Ed Lee <[hidden email]> wrote:
>
>> [ For context around Suggested Tiles, please read
>> http://ed.agadak.net/2015/04/whys-and-hows-of-suggested-tiles ]
>>
>> Similar to how we iterate on code to make Firefox faster, more usable, or
>> more functional; we would like to improve on user trust and transparency
>> for Suggested Tiles.
>>
>> The current state of Suggested Tiles in Beta 38 is that Firefox only shows
>> suggestions that match a hardcoded set of top-sites-matching logic. This
>> was done to allow people to verify the source code and have some guarantees
>> around what Firefox can and cannot do.
>>
>> One particular attack this implementation prevents is the arbitrary
>> querying of Firefox top sites data. In the situation that Mozilla did not
>> follow its policies, Firefox could be tricked to show a fake suggestion and
>> report back if the user has visited a specific site.
>>
>> However, this hardcoding approach limits the ability to make better
>> suggestions or improve them quickly. For example, if Firefox only has a
>> predefined "News" matching logic, it wouldn't be able to match on users who
>> are more interested in "Technology News," so if there's a great technology
>> news recommendation, Firefox would show it to way too many people who
>> aren't interested in technology. A related issue is if for some reason a
>> non-news site was put as part of "News," users could get quickly annoyed by
>> seeing things that aren't actually relevant until the next update of
>> Firefox fixes the bug.
>>
>> So assuming that the user control to easily turn off the Suggested Tiles
>> functionality is not enough, what technical measures could be used to
>> improve transparency to help users verify that Mozilla is not doing
>> anything malicious?
>>
>> Here's some initial ideas of what Firefox could do, and I hope people can
>> provide some more:
>>
>> - support specialized update mechanisms
>> - ask the user to approve each new type of suggestion
>> - verify with multiple (non-mozilla?) servers before making suggestions
>> - notify the user of incoming changes a day in advance
>> - allow the user to specify a whitelist/blacklist of sites
>>
>> Ed Lee
>> _______________________________________________
>> dev-planning mailing list
>> [hidden email]
>> https://lists.mozilla.org/listinfo/dev-planning
>>
> _______________________________________________
> dev-planning mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-planning

_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning