{"id":180,"date":"2012-01-13T10:19:24","date_gmt":"2012-01-13T18:19:24","guid":{"rendered":"http:\/\/blog.mozilla.org\/privacy\/?p=180"},"modified":"2016-01-19T14:19:45","modified_gmt":"2016-01-19T22:19:45","slug":"mozilla-to-offer-new-user-centric-services-in-2012","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/netpolicy\/2012\/01\/13\/mozilla-to-offer-new-user-centric-services-in-2012\/","title":{"rendered":"Mozilla to Offer New User-Centric Services in 2012"},"content":{"rendered":"

At Mozilla, we’ve long focused on building software that gives users sovereignty over their online lives. This means designing in ways that provide people deeper insights into how the web works, unique software features to personalize their online experience, and controls over their personal data. Lately, we’ve been thinking about how user sovereignty has grown to depend on more than just the browser<\/a>. Many web sites store extensive user data and act on behalf of the user. While the browser may be fully under the user’s control, many of the services that users enjoy are not. Sometimes, these web services handle data in ways that are of questionable value to the user, even detrimental.<\/p>\n

It’s clear that Mozilla needs to step up and provide, in addition to the Firefox browser, certain services to enhance users’ control over their online experience and personal data. Mozilla’s Chairwoman, Mitchell Baker, puts it this way<\/a>:<\/p>\n

I believe it is imperative we develop additional offerings. We need open, open-source, interoperable, public-benefit, standards-based platforms for multiple layers of Internet life. […] We choose to take our values to where people live.<\/p><\/blockquote>\n

The services we’re imaging and working hard to launch over the coming weeks and months include: an innovative approach to identity<\/a>, a mobile web-based operating system<\/a>, and an app store<\/a>. To offer these services, we’ll need to store user data on Mozilla servers at a much larger scale than we have to date. This requires great care and deliberation. We’ve started the process of figuring out how to do this and tried a few pilot evaluations. I’d like to tell you what we’re thinking and solicit your thoughts and ideas.<\/p>\n

Our Current Approach \u2014 Firefox Sync<\/h4>\n

Mozilla already stores encrypted<\/em> data with Firefox Sync, which lets millions of Firefox users keep bookmarks, history, and passwords synchronized across multiple installations of Firefox, including Mobile Firefox. We secure this data with cryptography more advanced than even that used by financial institutions. Typically, banks use transport-level encryption\u00a0 (SSL): your data is encrypted in transit between your browser and the bank’s servers. Once it arrives at the bank’s servers, it is, of course,\u00a0 decrypted. By comparison, Firefox Sync uses application-level encryption: your data is encrypted by Firefox before it’s sent over the network, and it stays encrypted once it arrives on our servers and is stored on our disks. Only your Firefox client can decrypt the data. Mozilla doesn’t have the decryption keys.<\/p>\n

This means that we never see your data. If we suffered a server breach, or if someone walked out of our data centers with a few hard drives in hand, then your data would remain safe from prying eyes. Few other companies go to such lengths to secure your data.<\/p>\n

The new services we envision will, whenever possible, continue to use this level of data security.<\/p>\n

Limits of Application-Level Encryption<\/h4>\n

If we can’t see your data, then you’re incredibly safe, but we can’t do much to help you either. Application-level encryption is like the safe you keep in your closet: you can place valuables there, and you can retrieve them if you’re there in person, but you can’t easily ask a roommate to quickly tell you over the phone how much cash you have stored in the safe. By comparison, it’s easy to call a roommate and ask them to read you a phone number you left on the kitchen table. Some data is so valuable you need to keep it in a safe. Other data may not be quite as sensitive, and may be quite a bit more useful if you can get help managing, retrieving, and processing it. Something as simple as sending you reminders of friends’ birthdays requires the service to see that data when you’re offline.<\/p>\n

I wrote previously about the limitations of encryption to safeguard data<\/a>. Encryption isn’t magic. It isn’t appropriate for all applications. If\u00a0we want to provide realistic alternative services that set an example\u00a0of user sovereignty, then that will require storing user data on our servers, often without application-level encryption.<\/p>\n

Design Guidelines<\/h4>\n

We propose a few starting design guidelines:<\/p>\n