On 6/9/15 5:03 AM, Gervase Markham wrote:
On 09/06/15 04:22, Nicholas Nethercote wrote:
What I'm saying is this: don't mix up the two arguments above. If
you're really upset by the Pocket integration, it's almost certainly
because of the first argument above, so don't get side-tracked by the
second argument.
Right. And the first argument is strange because this is not the first
time we've done this. Most of the bundled search engines, safe browsing
and (until recently) our location service are/were all commercial
third-party services with closed source back-ends.
I touched on the search engine comparison in my earlier post. I think
the difference is that nobody expects Mozilla to build a search engine,
and the privacy implications of using a search engine are clear. But
Mozilla designed a sync architecture that encrypts bookmark data
client-side explicitly to avoid collecting it, and now has rolled out a
high-profile feature that causes that data to be collected by a
VC-funded third-party company, without even particularly framing it as a
service external to Mozilla. The Share button and the search bar both
make it very clear that you're choosing among third-party services. The
Pocket integration seems almost purposely designed to blur the
distinction between Mozilla and Pocket. (As Pocket's CEO put it, "With
the exception of search, it’s rare for companies to be integrated this
deeply into the browser." [1])
Safe Browsing is a slightly better parallel, but does Firefox actually
share browsing data for that? The documentation appears to claim that,
at least in most cases, Firefox downloads a list and compares URLs
locally: "No information about you or the sites you visit is
communicated during list updates." [2] (In any case, I think Safe
Browsing more or less qualifies as a search-engine-scale problem.)
I know there are people out there who don't want to use any website
whose code is closed source
I think this is a red herring, or at least isn't even vaguely the issue
for me. A website's being open source doesn't have any bearing on its
having access to people's private data. Mozilla software is open source
and Mozilla is a widely trusted organization, but even Mozilla chose not
to collect people's private bookmark data when it designed its sync system.
In creating any feature, Mozilla has to choose between partnering to get
it, or building it ourselves. And we can't build _everything_.
Mozilla can't build everything, but it clearly can build
bookmark-syncing services, and it can build them in a way that protects
people's privacy. To roll out a very similar feature in prime toolbar
space that treats that same data in such a different manner from the
existing functionality strikes me as a bizarre and worrying choice.
[1]
https://medium.com/@nateweiner/the-internet-needs-a-save-button-db6c8c416038
[2]
https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
