All posts tagged ‘Identity’

File Under: Browsers, Identity, Security
Jan
24
2011

Mozilla Plans ‘Do-Not-Track’ Privacy Tools for Firefox

By

Mozilla wants to create a new HTTP header that will allow Firefox and other browsers to shut off web tracking tools like cookies. The new header would offer a universal way to tell websites that a user wishes to opt-out of third party, advertising-based tracking.

Behavioral advertising, as such tracking is known, is becoming increasingly common on the web. Advertisers use cookies to follow you around the web, tracking which sites you visit, what you buy and even, in the case of mobile browsers, where you go. The U.S. Federal Trade Commission has already outlined a Do Not Track mechanism (PDF link), which would work much like the FTC’s Do Not Call list, offering a way to opt-out of online tracking.

The proposed do-not-track HTTP header is one of several ways Mozilla plans to implement the FTC’s suggestions. While the header idea has been around for a while — the Do Not Track Firefox add-on from the Stanford Law School is one example — currently most online opt-out schemes use cookies to set user preferences. Mozilla believes “the header-based approach has the potential to be better for the web in the long run because it is a clearer and more universal opt-out mechanism than cookies or blacklists.”

While the new header is just a proposal at the moment, Mozilla already has some code ready and is considering adding the feature to future versions of Firefox. The current plan is to create a new preferences option that would allow you to opt-out from tracking. Check the box in the preferences and Firefox will start sending the do-not-track header each time you request a new page.

Interestingly, the header Mozilla proposes is not the same as the “X-Do-Not-Track” proposal, which is already implemented in Firefox add-ons NoScript and Adblock Plus. For more details on how Mozilla’s new HTTP header will work, see Mozilla developer Sid Stamm’s blog post.

Like Mozilla’s proposed privacy icons, the problem with the new header is getting third-party ad sites to obey it. Mozilla calls it a “chicken and egg” problem and hopes to jumpstart the idea by including the header in future releases of Firefox. At that point it would be up to third party websites to support the header and, as Mozilla puts it, “honor people’s privacy choices.”

See Also:

Tags: , ,
File Under: Identity, Web Standards
Dec
23
2010

New Privacy Icons Aim to Save You From Yourself

By

A few of the proposed privacy icons

Mozilla has taken the lead among browser vendors to make a site’s privacy settings more explicitly visible. It’s doing so by proposing visual cues in the browser that indicate what level of privacy you’re currently browsing at, and what pieces of your personal data the site you’re currently visiting is sharing with the rest of the web.

Earlier this year, Mozilla’s head user experience designer Aza Raskin proposed creating a set of icons to denote the privacy policy of a website. Now, after getting feedback from a wide range of interested groups — from the Electronic Frontier Foundation to the Federal Trade Commission — Raskin has drawn up a new and improved icon set.

The idea behind Raskin’s proposal is that the browser is the most logical place to display identity and privacy information to the user as they click around on the social web. The end goal is to produce a set for warnings similar to the way that Firefox (and other browsers) currently handle phishing attack warnings, using visual icons and simple language to explain what you’re getting into when you load a page with a different level of privacy or security.

For the active social web user, keeping track of which bits of your data are public and which are private on different sites is a chore. Some websites share your photos, status updates, your list of friends, who you’re following and other data default. Some share nothing. The rest are somewhere in the middle.

Part of the problem is the privacy policies themselves. They are complex, mind-numbingly long legal documents. We routinely ignore them, breezing past them by clicking “I agree.” Once clicked, your rights are compromised, and you may not be able to fully restore them.

A set of icons in the browser, to quickly and easily allow users to know what will happen to their data, means that users don’t need a law degree to know what’s happening to their images, status updates and other data.

The big difference between privacy icons and the phishing warnings your browser already offers, is that these icons are targeted at the websites themselves. The biggest counter-argument to Raskin’s proposal is that there’s nothing stopping a site from displaying these icons and then doing the opposite.

Raskin’s solution is to make the privacy icons supersede the written privacy policy. “When you add a Privacy Icon to your privacy policy,” writes Raskin, “it says the equivalent of ‘No matter what the rest of this privacy policy says, the following is true and preempts anything else in this document…’”

In other words, sites using the icons maliciously would face legal consequences. Of course differences in international laws mean enforcing such violations would be complex.

Still, as Raskin points out, privacy policies are fast becoming a selling point for many sites. Nearly every site we’ve tested lately has some sort of large, obvious banner that proudly proclaims the site will never share your data. Those are the kinds of sites, says Raskin, that would adopt privacy icons.

But it’s still unlikely any site would ever adopt the negative icons. If you’re sharing everything users give you with anyone who pays for it, you probably don’t want to advertise that. So the privacy icons actually become most useful when they aren’t present. Of course, as Raskin writes, “people don’t generally don’t notice an absence; just a presence.”

The solution to that problem is to make the privacy icons machine readable. The workflow would be something like this: You visit a website and decide to sign up. When Firefox encounters the sign-up form, it looks for the privacy icon. If it finds it, Firefox displays it. If Firefox doesn’t see an icon it warns you that your information may be shared using the negative icon. Either way, you know where you stand.

For now the privacy icons, good idea though they may be, are a long way from reality. Raskin calls the current mockups an “alpha” release and since Raskin is leaving Mozilla, the future of the project is unclear. If you’d like to get involved, head over the Mozilla Drumbeat Privacy Icons project page.

See Also:

Tags: , , ,
File Under: Browsers, Social
Nov
7
2010

First Look at RockMelt, a Browser Built For Facebook Freaks

By

The rumor mill has been buzzing for months about the imminent arrival of a new “Facebook browser” called RockMelt.

Well, it really does exist, and it’s here. RockMelt is being released as a limited public beta Sunday. Anyone can sign up to test it out, but the release will be throttled so as not to overload the cloud-based components of the app. RockMelt will be doling out download links as quickly as it can manage on a first-come, first-served basis.

The two founders, CEO Eric Vishria and CTO Tim Howes, demonstrated RockMelt to Wired a few days before Sunday’s launch.

It’s based on Chromium, so it inherits Google Chrome’s speed, looks, and basic functionality on both Mac and Windows.

And while its Facebook integration runs deep, RockMelt is not exactly a Facebook browser. It’s a social web browser, allowing you to post links, videos and status updates to both Facebook and Twitter (that’s it for now, but more services will be added later). There are also built-in clients for consuming your Facebook feed and managing multiple Twitter feeds, a chat client, and lightweight RSS reader. It does use your Facebook account to personalize the experience, but its reach is broader than just Facebook.

We’ve seen browsers custom-built for the social web before, most notably Flock, which launched as a MySpaced-up version of Firefox. Mozilla experimented with Ubiquity, an in-browser tool for posting to different social sites and interacting with web services. There are a number of add-ons that can embed social networking dashboards into the browser for you. These tools have grown in popularity as we’ve struggled to manage the ever-increasing flow of links, media and bits shared by our online friends.

So, the idea isn’t original. And RockMelt doesn’t sport a complete re-invention of the browser interface, either. But it is very streamlined, and there are some key elements that people who live and breathe the social web will find intriguing.

Continue Reading “First Look at RockMelt, a Browser Built For Facebook Freaks” »

Tags: , , ,
File Under: Identity, Security
Jan
28
2010

EFF Reveals How Your Digital Fingerprint Makes You Easy to Track

By

Think that turning off cookies and turning on private browsing makes you invisible on the web? Think again.

The Electronic Frontier Foundation (EFF) has launched a new web app dubbed Panopticlick that reveals just how scarily easy it is to identify you out of millions of web users.

The problem is your digital fingerprint. Whenever you visit a site, your browser and any plug-ins you have installed can leak data. Some of it isn’t very personal, like your user agent string. Some of it is more personally revealing, like which fonts you have installed. But the what if you put it all together? Would the results make you identifiable?

As the EFF says, “this information can create a kind of fingerprint — a signature that could be used to identify you and your computer.”

The EFF’s test suite highlights what most of us probably already suspect — we’re readily identifiable on the web. We ran the test on a Mac using Firefox, Safari and Google Chrome, all of which leaked enough data to make us identifiable according the EFF’s privacy explanations.

The purpose of Panopticlick is to show you how much you have in common with other browsers. The more your configuration mirrors everyone else’s, the harder it would be to identify you. The irony is, the nerdier you are — using a unique OS, a less common browser, customizing your browser with plug-ins and other power-user habits — the more identifiable you are.

For example, say you’re running Firefox on Ubuntu with the Gnash plug-in instead of Flash — way to stick it to the man — but you’re also showing up with a unique configuration of browser, OS, installed fonts, plug-ins and more which can be combined to identify you via a unique online fingerprint.

So what can you do to make yourself less identifiable? Well, by disabling cookies, the Flash plug-in, the Java plug-in and most of our extensions we were able to blend in better. Actually, the fact that we didn’t have Java or Flash turned on made us more identifiable in those categories, but it also denied the test access to our installed fonts and other bits of data, so overall, less identifiable.

Obviously that approach has a downside — without Flash there’s not much in the way of online video, a lack of cookies will cause issues with logins, and without Java, you won’t be able to crash your browser or cause it to get hung up for hours.

In short, the disabling method isn’t much fun. Strange though it may seem, the best way to lose the unique online fingerprint is to blend in with the herd. As the EFF points out, mobile browsers are hardest to identify since there are few customization options and, for the most part, one version of Mobile Safari looks just like another.

By the same token, if you want to blend in, stick with stock system fonts, run Windows XP, use Firefox with no add-ons and turn off cookies. You’ll be much harder to identify.

We should point out that, no matter how well you blend in the fingerprint test, you are of course still identifiable by your ISP. Advertisers and websites generally can’t access the information your ISP has on you, but of course governments — with the cooperation of your ISP — always can. So don’t think just because you’ve eliminated your fingerprints no one knows who you are.

Front door photo: Brian Lane Winfield Moore/Flickr (CC)

See Also:

Tags: , ,
File Under: Identity, Security, UI/UX
Jan
13
2010

Warning: This Site May Be Sharing Your Data

By

Aza Raskin, head of user experience at Mozilla, is leading a charge to make privacy settings more explicit to users by creating visual cues in the browser. Raskin’s idea uses a set of small icons to denote the limits of a website’s privacy policy.

Raskin likens the idea to how Firefox (and other browsers) currently handle phishing attack warnings, using visual icons and simple language.

For the active social web user, keeping track of which bits of your data are public and which are private on different sites is a chore. Some websites share your photos, status updates, your list of friends, who you’re following and other data on the open web by default. Some share nothing. The rest are somewhere in the middle.

Part of the problem is the privacy policies themselves. They are complex, mind-numbingly long legal documents. We routinely ignore them, breezing past them by clicking “I agree.” Dangerous behavior, indeed.

Raskin and his supporters have borrowed some ideas from the way Creative Commons licensing works, and the way licensing options are denoted on content sites. Originally, the idea was to create a Creative Commons model for privacy policies — that is, a common, readable, reusable set of policies much like the Creative Commons licenses for content — but that plan was abandoned because policies differ too much from site to site. There’s no easy boilerplate for privacy like there is for content publishing.

But the icon concept remains: A website creates a privacy policy and chooses from a limited set of standard icons that reflect the written policy. Is your profile public by default? Your photos, or status messages? Each setting has its own icon, and the group of settings are indicated by a short stack of icons. The icon set is then detected by the browser and displayed to the user. If there are no icons chosen, the browser offers a warning along the lines of its phishing warning, something like: Be careful, this site might be giving away or selling your data.

Raskin is very clear that, so far, this is a work in progress. There are, as of yet, no icons designed, and the details of how they would be implemented remain vague. Nor has Mozilla made any official announcement that it would support such a system.

However, recent events have proven there’s clearly a need for a standardized, front-and-center privacy notification system. In December, Facebook began a shift towards looser default privacy settings that encourage users to share more of their data. Just last week, Facebook CEO Mark Zuckerberg, in an interview with TechCrunch’s Mike Arrington, noted that people’s notions of privacy on the social web evolve often, and that social web sites will have to continually update their own privacy policies to reflect those changes. As a result, Facebook’s new defaults will offer less privacy. Zuckerberg’s words set off a fierce debate on the topic, with Marshall Kirkpatrick of ReadWriteWeb presenting the clearest counterargument that changing social mores should not lead to looser default privacy settings on the social web.

We’ve often said the browser is the most logical place to display identity and privacy information to the user. As people surf from site to site, they should be able to see, at a glance, what level of privacy they’re currently working with. Raskin’s model sounds like a pretty good plan, though implementing it might be a bit more difficult.

One obvious problem: What’s to stop a site from using icons that are totally different than what the written policy actually says? Raskin and crew want the icons to supersede the written policy so, in that scenario, the written policy is trumped by the icons and the user retains their rights. Whether or not an icon can legally trump a written document is something Raskin doesn’t directly address, and, as one commenter points out, the situation gets much more complex when you start considering international legal systems.

If you’ve got ideas or would like to participate in the discussion, head over to Raskin’s blog or sign up for the upcoming privacy workshop hosted at Mozilla on Jan. 27 (see Aza’s post for full details).

See Also:

Tags: , ,
File Under: Identity, Social, UI/UX
Dec
17
2009

OpenID: Over One Billion (Potentially) Served

By

OpenID, the single sign-on solution which allows you to use a unified identity across the web, now boasts one billion potential users. Providers like Google, Yahoo and WordPress have adopted the technology, providing nearly everyone on the web with easy access to an OpenID account.

OpenID lets you log in to your favorite website using only your e-mail address or a URL — your blog’s address, a profile page on a social network or your social network username/password. Using one of those identifiers, you can log in to any website or service where OpenID is welcome, saving you the trouble of having to keep track of dozens of account names and passwords. There are also companion technologies that help you automatically fill out a profile and connect you with your friends once you’re logged in to a new social website.

For a long time, OpenID was a fringe technology, and few large players supported it. In January 2008, Yahoo and AOL were the first major destination sites to host OpenID accounts. 2009 has seen everyone from Microsoft to Facebook to the U.S. Government embracing OpenID. In addition to the one billion accounts coming from OpenID providers, the OpenID foundation says that nearly 9 million websites will allow you to login using your OpenID credentials.

The short story is that OpenID is now well established on the web. But the story doesn’t end there.

Sadly, one billion potential users does not one billion users make. Many people with OpenID accounts remain blissfully unaware of OpenID and what it can do for them. OpenID also faces strong competition from proprietary ID solutions like those of Facebook or Twitter.

OpenID interfaces are another problem we’ve covered before — different sites use vastly different sign-in forms which has creates confusion for less-than-savvy web users. Couple that with Facebook’s far simpler Facebook Connect tools and you begin to see why OpenID doesn’t have one billion actual users.

The good news is that the OpenID Foundation and its partners have been working hard to streamline the login process and improve the usability of OpenID on those 9 million sites that accept OpenID.

We’re excited to see that what began as little more than a grassroots effort to solve the problem of remembering too many usernames and passwords, has turned into a massive, web-wide effort to create better, portable identity tools. So even if OpenID hasn’t seen the widespread adoption of other login systems, it certainly set the ball rolling among the web’s social networking technicians.

See Also:

Tags: , ,
File Under: Web Basics
Jan
18
2008

Google’s Blogger Service Joins the OpenID Dance

By

openid.jpgNot to be outdone by Yahoo’s recent OpenID announcement, Google has announced that Blogger URLs can now be used as OpenID identities. With two very large announcements back to back, OpenID availability is fast approaching critical mass.

To use the new Blogger OpenID support you’ll need to be using the beta version of Blogger and you’ll have to enable the new features in the user profile section. Once you do that, any time you encounter a site that accepts OpenID, just plugin in your Blogger or Blogspot domain address and you’ll be able to login.

Blogger’s OpenID support isn’t entirely new, the service already allowed OpenID as a means of authenticating when posting a comment on a blog.

In other words, Blogger’s support is now two-way, providing a URL for logging in elsewhere and also accepting OpenID URLs as a way to login to Blogger (at least in the comments). On the other hand, Yahoo’s forthcoming service will only provide an OpenID.

Continue Reading “Google’s Blogger Service Joins the OpenID Dance” »

Tags:
File Under: Software & Tools, Web Basics
Jul
19
2007

Plaxo With Sauce: PIM Site Now Supporting OpenID And Microformats

By

Plaxid
Plaxo is the latest high profile web service to announce support for OpenID, the standard for online identity management. Plaxo’s recently unveiled beta of Plaxo 3.0 has been updated to offer support for OpenID and the company says it plans to become an OpenID provider in the near future.

In addition to the OpenID support, Plaxo is now encoding contact and event information in the microformats hCard and hCal in an effort to both improve the site’s ease-of-use and raise the profile of microformats.

Both OpenID, which is a decentralized single sign-on system that enables you to securely use the same login information across multiple sites, and microformats, which are standards-based markup formats that wrap calendar events, contact information and more in code which allows them to be easily shared with other services, are fast becoming de rigueur for web platform services.

Continue Reading “Plaxo With Sauce: PIM Site Now Supporting OpenID And Microformats” »

Tags:
File Under: Web Basics
May
8
2007

Sun Shines Light On OpenID

By

250pxopenid_logosvgSun has announced it will start supporting OpenID, but with a unique twist. Sun won’t be offering a consumer solution, rather it’s starting with its own employees.

With Microsoft, Yahoo, AOl and others embracing OpenID one might wonder why Sun’s rather limited foray warrants attention, but the difference is in how Sun is using OpenID.

Continue Reading “Sun Shines Light On OpenID” »

Tags:
« OLDER POSTS