[ For context around Suggested Tiles, please read
http://ed.agadak.net/2015/04/whys-and-hows-of-suggested-tiles ]
Similar to how we iterate on code to make Firefox faster, more usable, or more functional; we would like to improve on user trust and transparency for Suggested Tiles.
The current state of Suggested Tiles in Beta 38 is that Firefox only shows suggestions that match a hardcoded set of top-sites-matching logic. This was done to allow people to verify the source code and have some guarantees around what Firefox can and cannot do.
One particular attack this implementation prevents is the arbitrary querying of Firefox top sites data. In the situation that Mozilla did not follow its policies, Firefox could be tricked to show a fake suggestion and report back if the user has visited a specific site.
However, this hardcoding approach limits the ability to make better suggestions or improve them quickly. For example, if Firefox only has a predefined "News" matching logic, it wouldn't be able to match on users who are more interested in "Technology News," so if there's a great technology news recommendation, Firefox would show it to way too many people who aren't interested in technology. A related issue is if for some reason a non-news site was put as part of "News," users could get quickly annoyed by seeing things that aren't actually relevant until the next update of Firefox fixes the bug.
So assuming that the user control to easily turn off the Suggested Tiles functionality is not enough, what technical measures could be used to improve transparency to help users verify that Mozilla is not doing anything malicious?
Here's some initial ideas of what Firefox could do, and I hope people can provide some more:
- support specialized update mechanisms
- ask the user to approve each new type of suggestion
- verify with multiple (non-mozilla?) servers before making suggestions
- notify the user of incoming changes a day in advance
- allow the user to specify a whitelist/blacklist of sites
Ed Lee