[Privacy Reviews]Call For Comments: Google Suggest in Android

classic Classic list List threaded Threaded
52 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Dao-6
On 16.08.2012 07:39, Justin Dolske wrote:
> I would further posit that part of Firefox's value proposition is
> finding a balance between a compelling (awesome) browser, while still
> being mindful of security and privacy. We pick reasonable defaults
> (which is what this discussion is about ;), and provide preferences and
> add-ons for those whose concerns fall outside the norm.

I'd phrase that differently, since people being undereducated in
technical areas impacts on whether they'll look for preferences. The
norm is that people don't know what's going on, which of course doesn't
mean that privacy is a non-issue for them. We need to take this into
account when picking defaults.
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Asa Dotzler
In reply to this post by Sid Stamm-3
On 8/8/2012 11:30 AM, Sid Stamm wrote:

> On 8/8/12 10:23 AM, Zack Weinberg wrote:
>> On 2012-08-08 9:51 AM, [hidden email] wrote:
>>>
>>> On the subject of it sending everything to Google -- my understanding
>>> is that Google handles search suggest user-data differently (more
>>> privately?) than with thing generally entered into a Google search
>>> field. Confirmation or other detail here from others on this list
>>> would be very helpful.
>>
>> I just want to stick in here the observation that the additional privacy
>> exposure from this feature is not simply because additional user data is
>> revealed *to Google*.
>
> For me, it's about avoiding surprises. Firefox users may or may not
> realize we're sending data to any third party (in this case, Google) as
> they type stuff in the single text-entry field.  So Google's treatment
> of the data isn't the focus -- their privacy policy is fine.  The focus
> is whether or not users expect us to send data to another organization.
>
> With the proposed UI, it's not clear that the suggestions are coming as
> a result of queries to Google; they seem to be suggestions from Firefox
> saying "hey, you may want to Google these."
>
> Surprises in this scenario would manifest two types of reactions:
> reactions of "I didn't know you sent Google what I just typed!" and
> "OMG, you're using my data plan even though I don't want to search!"

How is this different than the Search in Firefox on Windows/Mac/Linux. I
don't believe that I could find any mainstream Firefox users who
realizes that we're sending data to a third party when the user is
typing into the search box -- the search suggestions seem to be
suggestions from Firefox. The separate box probably helps us feel better
about some other privacy issues but I can't see how it helps at all on
the "avoiding surprises" front.

- A

_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Dao-6
On 16.08.2012 10:49, Asa Dotzler wrote:
> How is this different than the Search in Firefox on Windows/Mac/Linux. I
> don't believe that I could find any mainstream Firefox users who
> realizes that we're sending data to a third party when the user is
> typing into the search box -- the search suggestions seem to be
> suggestions from Firefox. The separate box probably helps us feel better
> about some other privacy issues but I can't see how it helps at all on
> the "avoiding surprises" front.

It's entirely different because what you type in the search box will
necessarily and obviously be exposed to the search provider when you
submit it.
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Jonathan Kew-3
On 16/8/12 10:19, Dao wrote:

> On 16.08.2012 10:49, Asa Dotzler wrote:
>> How is this different than the Search in Firefox on Windows/Mac/Linux. I
>> don't believe that I could find any mainstream Firefox users who
>> realizes that we're sending data to a third party when the user is
>> typing into the search box -- the search suggestions seem to be
>> suggestions from Firefox. The separate box probably helps us feel better
>> about some other privacy issues but I can't see how it helps at all on
>> the "avoiding surprises" front.
>
> It's entirely different because what you type in the search box will
> necessarily and obviously be exposed to the search provider when you
> submit it.

"When you submit it" is a key aspect. Suppose I begin typing a search
phrase, but have second thoughts before hitting Enter ("Hmm, I don't
think I want Google to know I'm interested in THAT after all"). So I
don't submit the query, I just delete it from the box - but (surprise!)
we've already sent it to Google anyway. Oops.

FWIW, I see a big difference between this happening when I go to
www.google.com and type into their web page, where it's clearer I am
interacting with Google's server, and the same thing happening when I
type into a Firefox search box. In this situation I might reasonably
assume that I'm only interacting with my copy of Firefox, until (unless)
I actually submit my search.

JK

_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Chris Hofmann
In reply to this post by Ehsan Akhgari
On 8/15/12 6:43 PM, Ehsan Akhgari wrote:
> On 12-08-15 5:21 PM, Chris Hofmann wrote:
>> A whopping 17% of our current mobile user base went the to trouble of
>> setting DNT.  That's almost double the rate as desktop.   So yeah, I'd
>> agree that privacy is an important feature our current set of mobile
>> users.
>
> Out of curiosity, is that percentage based on the release channel only?
>
> Ehsan

I believe this is all channels but would need metrics to verify.

About 10% if firefox mobile users are on the beta channel which is a
higher pct. than on desktop and that might be influencing the numbers.

-chofmann
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Dao-6
In reply to this post by Dao-6
On 16.08.2012 12:20, Jonathan Kew wrote:

> On 16/8/12 10:19, Dao wrote:
>> On 16.08.2012 10:49, Asa Dotzler wrote:
>>> How is this different than the Search in Firefox on Windows/Mac/Linux. I
>>> don't believe that I could find any mainstream Firefox users who
>>> realizes that we're sending data to a third party when the user is
>>> typing into the search box -- the search suggestions seem to be
>>> suggestions from Firefox. The separate box probably helps us feel better
>>> about some other privacy issues but I can't see how it helps at all on
>>> the "avoiding surprises" front.
>>
>> It's entirely different because what you type in the search box will
>> necessarily and obviously be exposed to the search provider when you
>> submit it.
>
> "When you submit it" is a key aspect. Suppose I begin typing a search
> phrase, but have second thoughts before hitting Enter ("Hmm, I don't
> think I want Google to know I'm interested in THAT after all"). So I
> don't submit the query, I just delete it from the box - but (surprise!)
> we've already sent it to Google anyway. Oops.

This sounds like an edge case. If we had statistics about how often the
search term gets cleared without having been submitted, I'd bet the rate
would be <1%. This is not at all comparable to the awesome bar where we
make awesome suggestions based on the user's local history such that the
user likely won't need to search the web.
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Robert Kaiser
In reply to this post by Dao-6
Jonathan Kew schrieb:
> FWIW, I see a big difference between this happening when I go to
> www.google.com and type into their web page, where it's clearer I am
> interacting with Google's server, and the same thing happening when I
> type into a Firefox search box.

You still type it right next to the Google logo, and you see the list
displayed with "suggestions" being written in there, so it's pretty obvious.
When typing in the main location bar, that's different.

And all that said, I find that more and more the only conclusive
"elevator-pitch" argument putting Firefox over all other browsers out
there right now is our emphasis on privacy. If we take that away, I see
a real problem in how to tell people in passing why they should use
Firefox instead of other offers.

Robert Kaiser

_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Justin Dolske-2
In reply to this post by Dao-6
On 8/16/12 12:58 AM, Dao wrote:

> On 16.08.2012 07:39, Justin Dolske wrote:
>> I would further posit that part of Firefox's value proposition is
>> finding a balance between a compelling (awesome) browser, while still
>> being mindful of security and privacy. We pick reasonable defaults
>> (which is what this discussion is about ;), and provide preferences and
>> add-ons for those whose concerns fall outside the norm.
>
> I'd phrase that differently, since people being undereducated in
> technical areas impacts on whether they'll look for preferences. The
> norm is that people don't know what's going on, which of course doesn't
> mean that privacy is a non-issue for them. We need to take this into
> account when picking defaults.

I completely agree with your rephrasing. :)

But the devil's in the details. We could disable cookies, Javascript,
non-SSL, etc and have a browser that is much more resistant to security
and privacy issues. Of course it would be awful to use for most people,
and so that's a tradeoff we have made. Search suggestions is not nearly
so dramatic an issue, but it's still about balancing building a
compelling feature while being mindful of privacy.

Justin
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Madhava Enros-2
In reply to this post by Daniel Veditz-2
On Monday, August 13, 2012 8:37:11 AM UTC-4, Henri Sivonen wrote:

> I have filed this as https://bugzilla.mozilla.org/show_bug.cgi?id=765201
>
>
>
> This would mean:
>
>  * No leakage for pasted URL, because they start with http:, https: or the like.
>
>  * No leakage of importance when the user types "www.", since sending
>
> the data would stop at the dot.
>
>  * Mitigated leakage (first component of the host name) when typing an
>
> address that doesn't start with a URL scheme or "www.".
>
>  * Mitigated leakage of intranet URLs (since sending would stop at the
>
> slash when typing "fileserver/something" where "fileserver" is really
>
> a dotless hostname.
>
>  * Lack of suggestions for strings that are really intended as search
>
> terms but have a dot or slash but no space.


Agreed - thank you for putting this list together.
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Monica Chew-3
In reply to this post by Asa Dotzler
On 8/16/12 1:49 AM, Asa Dotzler wrote:

> On 8/8/2012 11:30 AM, Sid Stamm wrote:
>> On 8/8/12 10:23 AM, Zack Weinberg wrote:
>>> On 2012-08-08 9:51 AM, [hidden email] wrote:
>>>>
>>>> On the subject of it sending everything to Google -- my understanding
>>>> is that Google handles search suggest user-data differently (more
>>>> privately?) than with thing generally entered into a Google search
>>>> field. Confirmation or other detail here from others on this list
>>>> would be very helpful.
>>>
>>> I just want to stick in here the observation that the additional
>>> privacy
>>> exposure from this feature is not simply because additional user
>>> data is
>>> revealed *to Google*.
>>
>> For me, it's about avoiding surprises. Firefox users may or may not
>> realize we're sending data to any third party (in this case, Google) as
>> they type stuff in the single text-entry field.  So Google's treatment
>> of the data isn't the focus -- their privacy policy is fine. The focus
>> is whether or not users expect us to send data to another organization.
>>
>> With the proposed UI, it's not clear that the suggestions are coming as
>> a result of queries to Google; they seem to be suggestions from Firefox
>> saying "hey, you may want to Google these."
>>
>> Surprises in this scenario would manifest two types of reactions:
>> reactions of "I didn't know you sent Google what I just typed!" and
>> "OMG, you're using my data plan even though I don't want to search!"
>
> How is this different than the Search in Firefox on Windows/Mac/Linux.
> I don't believe that I could find any mainstream Firefox users who
> realizes that we're sending data to a third party when the user is
> typing into the search box -- the search suggestions seem to be
> suggestions from Firefox. The separate box probably helps us feel
> better about some other privacy issues but I can't see how it helps at
> all on the "avoiding surprises" front.
I agree with Asa. I also don't think many users can differentiate
between URLs and search terms [1], or the difference between a search
initiated from the awesome bar, search bar, or search engine homepage.
Isn't that why the conflation between search terms and URLs in the
omnibar/awesomebar developed in the first place?

That being said, just because the UI is already not clear in the desktop
doesn't mean that we shouldn't try to make it clear what's happening in
the phone UI, although it doesn't make sense that the phone UI should be
held to a higher standard than the desktop UI.

Monica

[1] http://jonoscript.wordpress.com/2010/02/18/some-people-cant-read-urls/
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Dao-6
In reply to this post by Asa Dotzler
On 18.08.2012 01:16, Monica Chew wrote:

> On 8/16/12 1:49 AM, Asa Dotzler wrote:
>> On 8/8/2012 11:30 AM, Sid Stamm wrote:
>>> For me, it's about avoiding surprises. Firefox users may or may not
>>> realize we're sending data to any third party (in this case, Google) as
>>> they type stuff in the single text-entry field.  So Google's treatment
>>> of the data isn't the focus -- their privacy policy is fine. The focus
>>> is whether or not users expect us to send data to another organization.
>>>
>>> With the proposed UI, it's not clear that the suggestions are coming as
>>> a result of queries to Google; they seem to be suggestions from Firefox
>>> saying "hey, you may want to Google these."
>>>
>>> Surprises in this scenario would manifest two types of reactions:
>>> reactions of "I didn't know you sent Google what I just typed!" and
>>> "OMG, you're using my data plan even though I don't want to search!"
>>
>> How is this different than the Search in Firefox on Windows/Mac/Linux.
>> I don't believe that I could find any mainstream Firefox users who
>> realizes that we're sending data to a third party when the user is
>> typing into the search box -- the search suggestions seem to be
>> suggestions from Firefox. The separate box probably helps us feel
>> better about some other privacy issues but I can't see how it helps at
>> all on the "avoiding surprises" front.
> I agree with Asa. I also don't think many users can differentiate
> between URLs and search terms [1]

The link you cite says that many users don't grok URLs. They'll
completely ignore them rather than confusing them with search terms.
It's true that these users will search the web more often than they'd
need to. Too bad, but this is all within the range of expected behavior.
These users don't think they enter URLs; they actually search and
consistently see the search engine's result page. No surprises.

> or the difference between a search
> initiated from the awesome bar, search bar, or search engine homepage.

I don't see how this matters for the questions at hand.

> That being said, just because the UI is already not clear in the desktop
> doesn't mean that we shouldn't try to make it clear what's happening in
> the phone UI, although it doesn't make sense that the phone UI should be
> held to a higher standard than the desktop UI.

We're not talking about a higher standard. We simply don't submit typed
domains or the search terms for autocompleted awesome bar results to
search engines on the desktop.
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: [Privacy Reviews]Call For Comments: Google Suggest in Android

Mike Hommey
On Sat, Aug 18, 2012 at 07:22:56PM +0200, Dao wrote:

> >I agree with Asa. I also don't think many users can differentiate
> >between URLs and search terms [1]
>
> The link you cite says that many users don't grok URLs. They'll
> completely ignore them rather than confusing them with search terms.
> It's true that these users will search the web more often than
> they'd need to. Too bad, but this is all within the range of
> expected behavior. These users don't think they enter URLs; they
> actually search and consistently see the search engine's result
> page. No surprises.

There are places where web search is actually the advertized canonical
way to get to a website. In Japan, I don't think I ever saw a URL on
television. On the other hand, they advertize "keyword 検索", where
keyword is usually the name of the program or the channel, and 検索
means search.

Mike
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
123