User Choice & Bug 633773 - "Use Google's HTTPS search by default"

[Anthony Long]

A Firefox "bug" (633773 -
https://bugzilla.mozilla.org/show_bug.cgi?id=633773#c47) reported by the
same person who submitted a 29 page complaint against Google to the U.S.
Federal Trade Commission
(http://online.wsj.com/public/resources/documents/FTCcomplaint100710.pdf
and
http://paranoia.dubfire.net/2010/10/my-ftc-complaint-about-googles-private.html)
was closed on 3/16 with a target release of Firefox 14. This adjustment
to the way Google searches are handled in Firefox will have significant
and sweeping ramifications for users and web publishers. To me it
appears one individual's agenda is being pushed through to all users by
source code changes in the Firefox browser. I would like the issues in
the below note seriously considered before the change is released to the
public in a forthcoming Firefox update.

In response to the last comment on the bug, I'm posting in this forum,
as requested:

[Sid Stamm [:geekboy] 2012-03-23 11:22:09 PDT

John A. Bilicki III, Virtual_ManPL: as abillings said, this is a fine discussion you're having but please take it over to mozilla.dev.platform.
That is a better forum for this discussion and you will get more engagement there than on a closed bug.

http://www.mozilla.org/about/forums/#dev-platform]

*Dear Mozilla & Google: Give users choice in search query tracking*

I'm all for user privacy and respecting sensitive search information.
However, my problem with enabling this change to https (no query
tracking) in Google search plugin by default is that it assumes a high
degree of user ignorance and does not give users choice to disclose
information or not. IMHO, this flies in the face of the very freedoms
and rights central to the spirit of the change. It eliminates choice,
and effectively places Mozilla into the position of "big brother" making
choices for "ignorant" or "uninformed" users. This is not democracy of
the web, this is decision making from the top down. It could actually
be considered public policy through source code, and it completely
side-steps the democratic process, freedom, and user choice.

I am a user of the Internet, of Firefox, and I am perfectly capable of
deciding whether or not I want search engines to disclose my search
queries to third parties or not. But with this change, I cannot make
that choice. It is effectively made for me by Mozilla. And that feels
too much like dictatorship, IMO.

If given the choice, I choose to "OPT IN" to letting search engines
disclose my queries to third parties. Why? Because I know that I have
a better online experience when my usage data is used by publishers to
create more compelling, relevant experiences for me. And as an online
marketer, I use search query data to create the kinds of experiences
users enjoy that helps them accomplish their goals quickly and efficiently.

To me this is about choice - and making this change takes that away from
users. It's a very slippery slope. What if Firefox decided it was in
my best interest to "protect" me from certain categories of content it
deemed inappropriate and blocked those by default without a way for me
to change the decision? I don't believe that would be tolerated. In
fact, when I encounter a potentially risky site, Mozilla warns me, but
still gives me choice to continue onto that site. It also allows me to
"Start Private Browsing" to shield my browsing and search history from
other users of the same computer, and informs me data might still be
shared with ISPs, employers, or other sites. These are good example of
giving users choice and informing them of the effects of their choices.

If I'm signed out of Google and I search with the Firefox search bar,
I'm okay with my queries being transmitted to third parties. If I don't
want that, then I should be able to click a button or otherwise activate
a choice to not be tracked (or just go to Google secure search).
Likewise, if I want to be tracked, then I should be able to specify that
also. I don't want software making decisions for me. And I don't
believe other users want that either.

Dear Mozilla & Google: Give users choices for how and when they want to
be tracked and how that data is shared with third parties or not.

An alternative to the fix made in this "bug" is allowing users to opt-in
or opt-out of "secure search" just like private browsing or other user
browser choices. Defaulting Firefox's Google search box to secure
search eliminates user choice, and this cannot be a good thing for the web.

Thanks for your consideration.

Anthony Long

[Asa Dotzler]

On 3/26/2012 1:03 PM, Anthony Long wrote:
> Dear Mozilla & Google: Give users choices for how and when they want to
> be tracked and how that data is shared with third parties or not.

Users who want to opt out of Firefox (and Google's) secure and private
search, those users who have thought about it and would prefer to be
tracked and share their data with third parties, can easily do so. All
they have to do is visit http://www.google.com and search from there.

And for those who want the convenience of Firefox's search box but who
just love being tracked by third parties, they can get that too simply
by installing a not-https Google search plug-in from
http://mycroft.mozdev.org/google-search-plugins.html.

A third alternative is that users could create keyword searches from
google.com with a simple context menu click on the google search box.

Choices abound for users. If a user is determined to have her traffic
tracked, she has plenty of options.

- A

[Jorge Villalobos]

There are several alternatives available in the Add-ons site as well:
https://addons.mozilla.org/en-US/firefox/search/?q=google.com&atype=4

I don't think we have a plain Google.com search add-on available because
that would have been unnecessary to list before, but given this
development it would make sense to allow it to be published.

- Jorge

[Jesse Ruderman]

Mozilla will make it easier for Google to choose whether to send referrers. Currently, Google can only send referrers by sending users through an insecure redirect, which is unfortunate, because it's slow and makes it possible to MITM users on their way to a secure site.

https://bugzilla.mozilla.org/show_bug.cgi?id=704320 - Implement <meta name="referrer">

We might also allow users to force referrers to be sent or not sent.

[Jesse Ruderman]

[Anthony Long]

+1 to giving users the choice of a non-encrypted search add-on.

To Asa's earlier point, it may be true that choices abound, but these
choices are not obvious nor easy to find. I did not know of the
mentioned alternatives before commenting on this list.

Firefox already offers a "Do Not Track" setting. Rather than setting
https search by default, why not tie it together with a user's selection
of "Do Not Track" (DNT)? Here's how that could be done:

* When a user selects DNT, https search is enabled.
* When it's not selected, plain search is enabled.

That would be consistent with Mozilla's approach to privacy thus far.

By setting https search by default, Mozilla is inconsistent with it's
stated privacy policies and the specific "user choices" advocated by its
privacy team. In fact, the same developer (Sid Stamm) who wrote this
fix supported the kinds of user choices I'm advocating in a blog post
last year: "Why we won't enable DNT by default" -
http://blog.mozilla.com/privacy/2011/11/09/dnt-cannot-be-default/:

"Mozilla's mission is to give users this choice and control over
their browsing experience. We won't turn on Do Not Track by default
because then it would be Mozilla making the choice, not the
individual. Since this is a choice for the user to make, we cannot
send the signal automatically but will empower them with the tools
they need to do it."

And (from Tom Lowenthal, Privacy Strategist):

"Until the user tells us what to send, we don't want to put words
into their mouth." + "If DNT is on by default, then it's not a
conversation. For DNT to be effective, it must actually represent
the user's voice. We introduced DNT to do just that: to give users a
voice and let them tell sites that they don't want to be tracked."
See: /Deeper Discussion of our Decision on DNT Defaults/ -
http://blog.mozilla.com/privacy/2011/11/15/deeper-discussion-of-our-decision-on-dnt-defaults/

Why the sudden change of heart?

Furthermore, enabling https as a search default does not support the
stated "do not track" goals of "1. Real choices" and "3. User control",
as stated by Mozilla's Privacy Leader Alex Fowler published last month:

"Mozilla Led Effort for DNT Finds Broad Support" -
http://blog.mozilla.com/privacy/2012/02/23/mozilla-led-effort-for-dnt-finds-broad-support/

As we continue to work on Do Not Track, Mozilla is firmly committed
to user sovereignty and meaningful privacy choices. We hope to be
able to design and build a Do Not Track feature that achieves three
goals:

1. *Real choices:* give users actionable and informed choices by
allowing them to opt in or out of data collection and use.
2. *Limited data:* collect and retain the least amount of
information necessary, and use anonymous, aggregate data
whenever possible.
3. *User control:* put people in control of their information and
online experiences.

And how does enabling https as a search default support Mozilla's
privacy principles of "Real Choices" and "Sensible Settings"?:

https://wiki.mozilla.org/Privacy

* Real Choices. Give our users actionable and informed choices by
informing and educating at the point of collection and providing
a choice to opt-out whenever possible.
* Sensible Settings. Establish default settings in our products
and services that balance safety and user experience as
appropriate for the context of the transaction.

The same arguments made for leaving DNT in a "user hasn't decided" state
should also apply to search defaults, which ultimately are privacy and
tracking concerns in the case of this bug/feature/enhancement. Enabling
https search by default is the same as enabling "Do not track" for the
user by default, but only for Google search data. Why would Mozilla do
this for Google searches only? It doesn't follow the same logic and
principles consistent with Mozilla's privacy policies.

- Anthony

[Daniel Holbert]

On 03/26/2012 10:43 PM, Anthony Long wrote:
> By setting https search by default, Mozilla is inconsistent with it's
> stated privacy policies and the specific "user choices" advocated by its
> privacy team.

[...]

> And (from Tom Lowenthal, Privacy Strategist):
>
> "Until the user tells us what to send, we don't want to put words
> into their mouth." + "If DNT is on by default, then it's not a
> conversation. For DNT to be effective, it must actually represent
> the user's voice.

[...]

> Why the sudden change of heart?

I don't think this signifies any change of heart.

DNT is a special case, and the quote from Tom touches on why. DNT is
_only_ effective if ad networks cooperate & respect the header, and
they're only going to do that if they believe it expresses an explicit
intentional user choice.

Many other privacy-related features are entirely controllable on the
client-side, though, and I think it's entirely appropriate for Mozilla
to choose user-privacy-protecting defaults for such features.

~Daniel

[Jonas Sicking]

Indeed. I don't think our policy has ever been "maximize tracking,
except where users choose to disable tracking". For example we
recently fixed a bug in our CSS support as to make it significantly
harder for a website to see which other websites the user had visited.

Also note that using HTTPS for search isn't just a privacy feature.
It's also a security feature since it prevents man-in-the-middle
attacks.

/ Jonas

[Asa Dotzler]

On 3/26/2012 10:43 PM, Anthony Long wrote:
> To Asa's earlier point, it may be true that choices abound, but these
> choices are not obvious nor easy to find. I did not know of the
> mentioned alternatives before commenting on this list.

That's perfectly OK with me. I feel no obligation to make opting in to a
less secure experience of the Web a simple task. The fewer people that
do it the better.

- A

[Patrick McManus]

On 3/27/2012 8:33 AM, Jonas Sicking wrote:
>
>
> Also note that using HTTPS for search isn't just a privacy feature.
> It's also a security feature since it prevents man-in-the-middle
> attacks.

Indeed! (that includes trivial passive eavesdropping attacks by
unsophisticated attackers) This change is a very significant improvement
to Firefox.

Making SSL-everywhere a reality is an important objective; For a long
time the web has been abdicating on its responsibility for providing a
secure transport environment and its time for that to end.

I know its hard :)

-Patrick

[Neil]

Jesse Ruderman wrote:

>Mozilla will make it easier for Google to choose whether to send referrers. Currently, Google can only send referrers by sending users through an insecure redirect, which is unfortunate, because it's slow and makes it possible to MITM users on their way to a secure site.
>
>

Don't secure sites see referrers from other secure sites? (In which case
it's Google's bug that they use insecure redirects for secure sites.
This really bugs me in profiles where I have the insecure redirect
warning enabled.)

--
Warning: May contain traces of nuts.

[Robert Kaiser]

Anthony Long schrieb:

> If given the choice, I choose to "OPT IN" to letting search engines
> disclose my queries to third parties.

The fact that you are using HTTPS for search does not disable Google
sharing the queries with third parties at all. What it does instead is
ensuring it's actually Google and not someone else you get your results
from. Google can share your data with whomever they want as long as it's
within *their* Terms of Use. HTTPS doesn't change that at all. DNT
might, though, but it's a completely separate option that is off by
default, as you noted yourself.

Robert Kaiser

[JAB Creations]

I'm going to say this as plain and simple as it gets...

1.) I am moving all my clients, family, friends and subscribers away
from Google and all of it's products. There is NO excuse, we see the
agenda which is as hostile as it gets without outright government lock
down of websites.

2.) I am moving all my clients, family, friends and subscribers away
from Mozilla and all of it's products. There is NO excuse to
participate in this agenda to close off the internet and monopolize
search and webmaster tools.

No amount of "well users can opt out" BS arguments count for squat
here. The agenda is as clear as day.

No number of, "well you can undo this and we'll provide options after
the fact" count for squat either. This is undeniably intended to
change the status quo.

Privacy and security are nothing more than excuses to close off the
internet and reduce the usefulness of the information being generated.

The people advocating for this at Mozilla and Google deserve nothing
short of being shamed in public in front of everyone for their efforts
to push this agenda down everyone's throats.

[Jesper Kristensen]

Google currently redirects through http for search results on both their
http and https searches. They just choose to not include the search
query in the redirect url, when it originates from https, and they
choose to include the search query when the redirect originates from
http. (I just tested it now in Nightly with the Live HTTP Headers
add-on) So Google always send referrers, but if you search from https,
Google does not include the search query in those referrers.

[Justin Dolske]

On 3/27/12 11:41 AM, JAB Creations wrote:
> I'm going to say this as plain and simple as it gets...
>
> 1.) I am moving all my clients, family, friends and subscribers away
> from Google and all of it's products. There is NO excuse, we see the
> agenda which is as hostile as it gets without outright government lock
> down of websites.
>
> 2.) I am moving all my clients, family, friends and subscribers away
> from Mozilla and all of it's products. There is NO excuse to
> participate in this agenda to close off the internet and monopolize
> search and webmaster tools.

There are a number of other good search engines and browsers out there.
May I recommend Bing/DuckDuckGo and IE/Chrome, respectively? I hope your
clients, family, friends, and subscribers have a pleasing experience on
these alternatives.

> The people advocating for this at Mozilla and Google deserve nothing
> short of being shamed in public in front of everyone for their efforts
> to push this agenda down everyone's throats.

You're welcome to your opinion.

Justin

[Dao]

On 28.03.2012 01:10, Justin Dolske wrote:
> On 3/27/12 11:41 AM, JAB Creations wrote:
>> I'm going to say this as plain and simple as it gets...
>>
>> 1.) I am moving all my clients, family, friends and subscribers away
>> from Google and all of it's products. There is NO excuse, we see the
>> agenda which is as hostile as it gets without outright government lock
>> down of websites.
>>
>> 2.) I am moving all my clients, family, friends and subscribers away
>> from Mozilla and all of it's products. There is NO excuse to
>> participate in this agenda to close off the internet and monopolize
>> search and webmaster tools.
>
> There are a number of other good search engines and browsers out there.
> May I recommend Bing/DuckDuckGo and IE/Chrome, respectively?

Watch out, JAB, don't let Justin lead you astray. Chrome is a Google
product. You probably want IE, Opera, Safari, Epiphany or Konqueror.

[Justin Dolske]

On 3/28/12 1:16 AM, Dao wrote:

>> There are a number of other good search engines and browsers out there.
>> May I recommend Bing/DuckDuckGo and IE/Chrome, respectively?
>
> Watch out, JAB, don't let Justin lead you astray. Chrome is a Google
> product. You probably want IE, Opera, Safari, Epiphany or Konqueror.

Curses! Foiled again!

Justin