info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Improving trust and transparency for Suggested Tiles
64 views
Skip to first unread message
Ed Lee
Apr 23, 2015, 2:22:38 PM4/23/15
to
[ For context around Suggested Tiles, please read http://ed.agadak.net/2015/04/whys-and-hows-of-suggested-tiles ]
Similar to how we iterate on code to make Firefox faster, more usable, or more functional; we would like to improve on user trust and transparency for Suggested Tiles.
The current state of Suggested Tiles in Beta 38 is that Firefox only shows suggestions that match a hardcoded set of top-sites-matching logic. This was done to allow people to verify the source code and have some guarantees around what Firefox can and cannot do.
One particular attack this implementation prevents is the arbitrary querying of Firefox top sites data. In the situation that Mozilla did not follow its policies, Firefox could be tricked to show a fake suggestion and report back if the user has visited a specific site.
However, this hardcoding approach limits the ability to make better suggestions or improve them quickly. For example, if Firefox only has a predefined "News" matching logic, it wouldn't be able to match on users who are more interested in "Technology News," so if there's a great technology news recommendation, Firefox would show it to way too many people who aren't interested in technology. A related issue is if for some reason a non-news site was put as part of "News," users could get quickly annoyed by seeing things that aren't actually relevant until the next update of Firefox fixes the bug.
So assuming that the user control to easily turn off the Suggested Tiles functionality is not enough, what technical measures could be used to improve transparency to help users verify that Mozilla is not doing anything malicious?
Here's some initial ideas of what Firefox could do, and I hope people can provide some more:
- support specialized update mechanisms
- ask the user to approve each new type of suggestion
- verify with multiple (non-mozilla?) servers before making suggestions
- notify the user of incoming changes a day in advance
- allow the user to specify a whitelist/blacklist of sites
Ed Lee
Similar to how we iterate on code to make Firefox faster, more usable, or more functional; we would like to improve on user trust and transparency for Suggested Tiles.
The current state of Suggested Tiles in Beta 38 is that Firefox only shows suggestions that match a hardcoded set of top-sites-matching logic. This was done to allow people to verify the source code and have some guarantees around what Firefox can and cannot do.
One particular attack this implementation prevents is the arbitrary querying of Firefox top sites data. In the situation that Mozilla did not follow its policies, Firefox could be tricked to show a fake suggestion and report back if the user has visited a specific site.
However, this hardcoding approach limits the ability to make better suggestions or improve them quickly. For example, if Firefox only has a predefined "News" matching logic, it wouldn't be able to match on users who are more interested in "Technology News," so if there's a great technology news recommendation, Firefox would show it to way too many people who aren't interested in technology. A related issue is if for some reason a non-news site was put as part of "News," users could get quickly annoyed by seeing things that aren't actually relevant until the next update of Firefox fixes the bug.
So assuming that the user control to easily turn off the Suggested Tiles functionality is not enough, what technical measures could be used to improve transparency to help users verify that Mozilla is not doing anything malicious?
Here's some initial ideas of what Firefox could do, and I hope people can provide some more:
- support specialized update mechanisms
- ask the user to approve each new type of suggestion
- verify with multiple (non-mozilla?) servers before making suggestions
- notify the user of incoming changes a day in advance
- allow the user to specify a whitelist/blacklist of sites
Ed Lee
Chris Hofmann
Apr 24, 2015, 2:16:00 PM4/24/15
to Ed Lee, group, mozilla.dev.planning
> - ask the user to approve each new type of suggestion
this seams like it would get pretty annoying.
It might be better to just give users a menu of the types of content we
have to offer, and they could check off would like to see mixed in among
their tiles.
That also greatly reduces the need for so much inference out of there
browsing history, and any problems that might turn up in not being able to
get that right.
-chofmann
> dev-planning mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-planning
>
Mike Hoye
Apr 24, 2015, 2:33:28 PM4/24/15
to dev-pl...@lists.mozilla.org
On 2015-04-24 2:15 PM, Chris Hofmann wrote:
>> - ask the user to approve each new type of suggestion
> this seems like it would get pretty annoying.
>> - ask the user to approve each new type of suggestion
>
Maybe it depends on how you put it - if the feedback is anonymous and
handled on the client side consistently, options like
- I don't like this ad (or type of ad)
- I'm not interested in this product or type of product.
would seem to be valuable for both the user who doesn't see ads they
dislike and advertisers who are showing people ads that aren't effective.
- mhoye
Ed Lee
Apr 26, 2015, 2:22:24 AM4/26/15
to
On Friday, April 24, 2015 at 11:16:00 AM UTC-7, Chris Hofmann wrote:
> It might be better to just give users a menu of the types of content we
> have to offer, and they could check off would like to see mixed in among
> their tiles.
Even with a menu for user to pick, how would a user know if it's safe real suggestion vs a fake suggestion that is just trying to extract browsing history?
> It might be better to just give users a menu of the types of content we
> have to offer, and they could check off would like to see mixed in among
> their tiles.
For example, one policy for creating the site matching is to use at least 5 sites. We could build that logic into Firefox to make sure there's at least 5. But Firefox doesn't have enough information to determine that some sites are fake, e.g., ["mozilla.org", "looksrealbutfake.com", "yetanotherfake.com", "site4.com", "site5.com"]. Because 4 of the 5 sites will never be in the user's history, if this suggestion is shown, then it must be because the user went to mozilla.org.
Patrick Finch
Apr 27, 2015, 4:33:28 AM4/27/15
to Chris Hofmann, Ed Lee, group, mozilla.dev.planning
On 4/24/2015 8:15 PM, Chris Hofmann wrote:
>> - ask the user to approve each new type of suggestion
>
> It might be better to just give users a menu of the types of content we
> have to offer, and they could check off would like to see mixed in among
> their tiles.
Something like the Discover feature in Opera's new tab?
> It might be better to just give users a menu of the types of content we
> have to offer, and they could check off would like to see mixed in among
> their tiles.
http://www.operasoftware.com/press/reviews/desktop#discover
I find that instinctively interesting as a product direction, but at the
moment, Opera Discover seems to be basically a fairly coarse-grained
news feed, lacking the kind of specificity that makes it interesting.
(Opera Discover has 1 tier of interest categories and 1 tier of
geographic preference)
Patrick
>
> That also greatly reduces the need for so much inference out of there
> browsing history, and any problems that might turn up in not being able to
> get that right.
>
> -chofmann
>
> On Thu, Apr 23, 2015 at 11:22 AM, Ed Lee <edi...@mozilla.com> wrote:
>
0 new messages