Mozilla has unveiled a new distributed online identity system dubbed Mozilla Persona. The new Persona project is Mozilla’s latest effort to tackle online identity management by shifting the focus from individual websites to the web browser.

Mozilla has been playing with the idea of a browser-based identity manager for quite some time. In 2010 the company launched its Account Manager project, though it failed to gain much traction and was later scrapped.

More recently Mozilla has been working on Browser ID, a similar effort to move the process of managing passwords and online identities to the browser, rather than relying on any particular website’s login process. The Browser ID project offers developers a means of creating a browser-based login system for their sites. The code is available through GitHub and while using it is considerably simpler than similar efforts like OAuth, Browser ID has yet to catch on with many sites.

Mozilla Persona will build on Browser ID’s foundation (Browser ID will continue to be the name of the developer-facing aspect of the protocol), but add in more end user features like “an identity dashboard.” As with Browser ID, Persona will face a chicken and egg problem — why bother supporting Persona when few people are using it, and why bother using it when so few sites support it?

Thus far, aside from the proposed dashboard, Mozilla’s goals for Persona are only vaguely outlined. The closest Mozilla comes to giving it a concrete definition is to say that Persona will consist of “a collection of components and experiences we’re designing to manage the whole of a user’s online identity.”

If you’ve got ideas or opinions about what Persona ought to offer, you can let Mozilla know your thoughts via the mailing list or through Twitter using the #browserid or #mozpersona hash-tags.

For those wondering about the old Personas, the toolbar background images that can be applied to Firefox, fear not, they remain available and Mozilla is already on the hunt for a more fitting name.

Mozilla wants to create a new HTTP header that will allow Firefox and other browsers to shut off web tracking tools like cookies. The new header would offer a universal way to tell websites that a user wishes to opt-out of third party, advertising-based tracking.

Behavioral advertising, as such tracking is known, is becoming increasingly common on the web. Advertisers use cookies to follow you around the web, tracking which sites you visit, what you buy and even, in the case of mobile browsers, where you go. The U.S. Federal Trade Commission has already outlined a Do Not Track mechanism (PDF link), which would work much like the FTC’s Do Not Call list, offering a way to opt-out of online tracking.

The proposed do-not-track HTTP header is one of several ways Mozilla plans to implement the FTC’s suggestions. While the header idea has been around for a while — the Do Not Track Firefox add-on from the Stanford Law School is one example — currently most online opt-out schemes use cookies to set user preferences. Mozilla believes “the header-based approach has the potential to be better for the web in the long run because it is a clearer and more universal opt-out mechanism than cookies or blacklists.”

While the new header is just a proposal at the moment, Mozilla already has some code ready and is considering adding the feature to future versions of Firefox. The current plan is to create a new preferences option that would allow you to opt-out from tracking. Check the box in the preferences and Firefox will start sending the do-not-track header each time you request a new page.

Interestingly, the header Mozilla proposes is not the same as the “X-Do-Not-Track” proposal, which is already implemented in Firefox add-ons NoScript and Adblock Plus. For more details on how Mozilla’s new HTTP header will work, see Mozilla developer Sid Stamm’s blog post.

Like Mozilla’s proposed privacy icons, the problem with the new header is getting third-party ad sites to obey it. Mozilla calls it a “chicken and egg” problem and hopes to jumpstart the idea by including the header in future releases of Firefox. At that point it would be up to third party websites to support the header and, as Mozilla puts it, “honor people’s privacy choices.”

See Also:

• New Privacy Icons Aim to Save You From Yourself
• Warning: This Site May Be Sharing Your Data
• Firefox 4 Enters Home Stretch With Beta 9 Release

A few of the proposed privacy icons

Mozilla has taken the lead among browser vendors to make a site’s privacy settings more explicitly visible. It’s doing so by proposing visual cues in the browser that indicate what level of privacy you’re currently browsing at, and what pieces of your personal data the site you’re currently visiting is sharing with the rest of the web.

Earlier this year, Mozilla’s head user experience designer Aza Raskin proposed creating a set of icons to denote the privacy policy of a website. Now, after getting feedback from a wide range of interested groups — from the Electronic Frontier Foundation to the Federal Trade Commission — Raskin has drawn up a new and improved icon set.

The idea behind Raskin’s proposal is that the browser is the most logical place to display identity and privacy information to the user as they click around on the social web. The end goal is to produce a set for warnings similar to the way that Firefox (and other browsers) currently handle phishing attack warnings, using visual icons and simple language to explain what you’re getting into when you load a page with a different level of privacy or security.

For the active social web user, keeping track of which bits of your data are public and which are private on different sites is a chore. Some websites share your photos, status updates, your list of friends, who you’re following and other data default. Some share nothing. The rest are somewhere in the middle.

Part of the problem is the privacy policies themselves. They are complex, mind-numbingly long legal documents. We routinely ignore them, breezing past them by clicking “I agree.” Once clicked, your rights are compromised, and you may not be able to fully restore them.

A set of icons in the browser, to quickly and easily allow users to know what will happen to their data, means that users don’t need a law degree to know what’s happening to their images, status updates and other data.

The big difference between privacy icons and the phishing warnings your browser already offers, is that these icons are targeted at the websites themselves. The biggest counter-argument to Raskin’s proposal is that there’s nothing stopping a site from displaying these icons and then doing the opposite.

Raskin’s solution is to make the privacy icons supersede the written privacy policy. “When you add a Privacy Icon to your privacy policy,” writes Raskin, “it says the equivalent of ‘No matter what the rest of this privacy policy says, the following is true and preempts anything else in this document…’”

In other words, sites using the icons maliciously would face legal consequences. Of course differences in international laws mean enforcing such violations would be complex.

Still, as Raskin points out, privacy policies are fast becoming a selling point for many sites. Nearly every site we’ve tested lately has some sort of large, obvious banner that proudly proclaims the site will never share your data. Those are the kinds of sites, says Raskin, that would adopt privacy icons.

But it’s still unlikely any site would ever adopt the negative icons. If you’re sharing everything users give you with anyone who pays for it, you probably don’t want to advertise that. So the privacy icons actually become most useful when they aren’t present. Of course, as Raskin writes, “people don’t generally don’t notice an absence; just a presence.”

The solution to that problem is to make the privacy icons machine readable. The workflow would be something like this: You visit a website and decide to sign up. When Firefox encounters the sign-up form, it looks for the privacy icon. If it finds it, Firefox displays it. If Firefox doesn’t see an icon it warns you that your information may be shared using the negative icon. Either way, you know where you stand.

For now the privacy icons, good idea though they may be, are a long way from reality. Raskin calls the current mockups an “alpha” release and since Raskin is leaving Mozilla, the future of the project is unclear. If you’d like to get involved, head over the Mozilla Drumbeat Privacy Icons project page.

See Also:

• Warning: This Site May Be Sharing Your Data
• Mark Zuckerberg on Privacy and the Future of Facebook News Feeds
• Google Wants Global Privacy Rules

The rumor mill has been buzzing for months about the imminent arrival of a new “Facebook browser” called RockMelt.

Well, it really does exist, and it’s here. RockMelt is being released as a limited public beta Sunday. Anyone can sign up to test it out, but the release will be throttled so as not to overload the cloud-based components of the app. RockMelt will be doling out download links as quickly as it can manage on a first-come, first-served basis.

The two founders, CEO Eric Vishria and CTO Tim Howes, demonstrated RockMelt to Wired a few days before Sunday’s launch.

It’s based on Chromium, so it inherits Google Chrome’s speed, looks, and basic functionality on both Mac and Windows.

And while its Facebook integration runs deep, RockMelt is not exactly a Facebook browser. It’s a social web browser, allowing you to post links, videos and status updates to both Facebook and Twitter (that’s it for now, but more services will be added later). There are also built-in clients for consuming your Facebook feed and managing multiple Twitter feeds, a chat client, and lightweight RSS reader. It does use your Facebook account to personalize the experience, but its reach is broader than just Facebook.

We’ve seen browsers custom-built for the social web before, most notably Flock, which launched as a MySpaced-up version of Firefox. Mozilla experimented with Ubiquity, an in-browser tool for posting to different social sites and interacting with web services. There are a number of add-ons that can embed social networking dashboards into the browser for you. These tools have grown in popularity as we’ve struggled to manage the ever-increasing flow of links, media and bits shared by our online friends.

So, the idea isn’t original. And RockMelt doesn’t sport a complete re-invention of the browser interface, either. But it is very streamlined, and there are some key elements that people who live and breathe the social web will find intriguing.

First of all, you log in to RockMelt before you use it. You authorize the browser to connect to your Facebook account, and the browser is instantly customized for your social circle, showing your friends and your favorite sites in slim sidebars — or “edges,” to use the RockMelt parlance.

The edge on the left has your picture at the top, and the friends you interact with the most appear in a list below you. To send a new tweet or to update your Facebook status, you click on your picture. To send your friend a message or start a new chat with them, click on their photo. You can also share things by grabbing an image or video on the web page and dragging it on top of your friend’s icon.

The edge on the right has small icons for each of the services RockMelt tracks for you (only Facebook and Twitter for now) as well as spaces to add RSS feeds from your favorite sites.

The “edges” aren’t intrusive — they are less than 50 pixels wide each — but they do add extra visual heft.

“You can’t forget you’re a browser, and you can’t get in people’s way,” says RockMelt CEO Eric Vishra. “We designed these edges to be very thin, to be there when you want, and to blend in when you don’t.” You can also dismiss them with hot keys.

Clicking on one of the icons in the right edge — either Twitter, Facebook or a website icon — brings up a little pane that shows recent posts and activities from that source. Following the “keep things out of the way” philosophy, these panels can pop out from the browser to float freely if you want.

All of your user data is stored in the cloud by RockMelt (on Amazon servers) and synced when you log in, so no matter whose copy of RockMelt you’re using, you see your own custom version of the browser. Others are moving in this direction, too — Chrome connects to your Google account and Firefox has an agnostic Account Manager. But RockMelt’s Facebook integration is central to the experience.

RockMelt is polling Facebook, Twitter and your favorite sites periodically to check for updates (There’s no Firehose or PubSubHubbub magic yet, the founders tell us). But the feeds are real-timey enough. Updates show up in under a minute, often less. The updates are collected by the cloud service and pushed down to the browser.

There’s also a big “Share” button at the top of the browser. Clicking this button opens up an all-purpose sharing window, so you can tweet a link, post something to your Facebook wall or send the link as a message to a friend. Not a huge innovation, as we’ve seen something similar in Flock, but it’s nice.

Lastly, when you use the web search box in the browser, you get another floating window pane that shows the top ten search results. You can click (or navigate with keys) through this list, and the results flip by in the main browser window. RockMelt starts pre-fetching and rendering each one of those ten search results as soon as they show up (with Flash blocked). When you click through the list, you’re seeing real web pages, not snapshots, and you don’t have to wait for the individual pages to load. It’s wicked fast, like flipping through a stack of cards. It sounds bandwidth hoggish, but the browser calculates how much pre-fetching your connection can handle and adjusts accordingly.

Those are the big features. But let’s consider for a moment the elephant in the room: RockMelt is very, very Facebooky. It uses Facebook to sign you in, the in-browser chat experience is built on Facebook Chat, and when you share something via a message, you’re sending them a Facebook mail.

The founders say there are investigating other login experiences, like Twitter sign-in or OpenID logins using Google, Yahoo or AOL accounts.

“We’re going to remain agnostic and pick the services that the most people want to use,” Vishra says, but the team decided to “go deep” on Facebook simply because of the site’s size and volume.

Although it’s disappointing to see that the browser doesn’t play as well on the open web as it does on Facebook’s web, the tight focus makes sense for a young browser trying to gain a foothold in the mass market: Go drop your line where the fish are biting.

The downside being, of course, that if you’re not a Facebook person, RockMelt isn’t as interesting. I could see it being useful for Twitter power users who have a Facebook account, even if they don’t use Facebook heavily. But if that’s your angle, RockMelt’s chat and messaging features, which are based entirely on Facebook, are nothing more than food coloring.

See also:

• New Flock Is Simpler, Now Based on Chrome
• Mozilla Gets It Right, Moves Identity Management Into Firefox
• New ‘OpenID Connect’ Proposal Could Solve Many of the Social Web’s Woes

Mozilla has an answer to site-centric identity systems like Facebook’s — put the browser in charge of your online logins instead.

The Mozilla Labs project called Account Manager has graduated from Labs and will soon be making its way into Firefox proper.

Account Manager allows you to log in and out of websites directly through the browser, rather than relying on a particular site’s login form. Using a new menu item in the main toolbar — a button with a picture of a key that sits next to the address field — Account Manager lets you pick a login to use at any site you visit. It stores logins you’ve already created, suggesting them whenever they can be used. It can also generate (and remember) random passwords to make your logins more secure. It’s a radical step up from Firefox’s current Password Manager feature.

Mozilla’s decision to put this new button directly into Firefox’s toolbar brings us one step closer to realizing a ubiquitous social network on the web, where you’re logged in and connected to your friends wherever you go. All the while, you remain in total control of your own identity since you can tinker with all of your logins and connections through some simple panels in the browser.

There’s no word yet on when this will make it into Firefox, but we may see it as soon as Firefox 4, which is due in early 2011. For now, Account Manager is separate add-on you can grab from the Mozilla website. The add-on is still a beta release and there are some known bugs, but in our testing, it performed as advertised.

At the moment, Account Manager works with Google, Yahoo, Facebook and several Mozilla sites. Mozilla is planning to add support for other authentication systems, including OpenID, in the near future. The post on Mozilla Hacks also has instructions for site owners that let them add support for Account Manager with “only 15 minutes of hacking,” though we suspect it will become easier to implement support once the spec is fully formed.

There are several advantages to letting the browser handle logins. The most obvious is that the login form is always in the same place, with the same user interface regardless of which site you’re on, which would make the login experience easier for less-savvy users. Such a feature is also particularly useful if you have multiple accounts on a single site (all too common with the explosion of social networking) and need an easy way to choose which account to sign in with. It also means that, for example, Firefox could implement a sort of “fast user switching” feature that would let you change Facebook accounts with just a click. Ditto for Gmail, Twitter or any other supported website.

Along with its Contacts and Weave projects, Account Manager is part of a larger effort to make Firefox a central part of your online identity. Mozilla calls this its Online Identity Concept Series. It is being developed at a time when web identity is under renewed scrutiny, with Facebook’s announcement last week of its Open Graph protocol for sharing content across websites, and its adoption of new technologies to let people use their Facebook accounts to log in to other sites on the web. Twitter also launched a web-wide sharing feature called @anywhere, which builds on the some of the same identity technologies adopted by Facebook.

Once Mozilla gets all three of its identity projects working together, you would be able to login, discover friends on new websites and sync all your data across computers, effectively eliminating the need for a centralized system like Facebook’s or Twitter’s by handing the job of making connections off to the browser. You could still use whatever login system you like, but you wouldn’t be reliant on any single provider.

And according to insiders, this path makes total sense.

Chris Messina, an OpenID Foundation board member and a longtime advocate of open web technologies, recently posted a video series outlining the work he did with Mozilla last fall to build identity management into the browser (Messina has since taken a job at Google).

“A browser is usually called a user agent, and the idea is that it’s software or a program that acts on your behalf,” Messina says in his post.

If your browser knows who you are, and who your friends are, it can show you photos or status updates posted by your friends, plus other types of social interactions.

“By layering in concepts like identity, the hope is to upgrade the browser into something that is more personal,” he says.

At Facebook’s F8 developer conference last week, Raffi Krikorian from Twitter was speaking on a panel about identity technologies, and when the conversation turned to whether or not the browser should handle logins and social connections, he agreed that such a development would be “a huge step forward for the web.”

“Since the browser exists in between the web service and the user, it makes perfect sense for the browser to handle those identity-management tasks,” Krikorian said.

Thus far, that is still a ways from reality, but with Account Manager out of Labs and headed into Firefox proper, Mozilla is getting closer to this goal.

If you’d like to add support for Account Manager to your own website, be sure to check out the post on Mozilla Hacks which walks you through the steps. It’s not overly complicated, but you will need to be familiar with JSON.

See Also:

• Mozilla Contacts Helps Firefox Discover Your Social Web
• Facebook Adopts Open Standard for User Logins
• Mozilla Labs Seeks to Tame Your Address Book With ‘Contacts’
• Warning: This Site May Be Sharing Your Data