Being social with privacy in mind

Tom Lowenthal

People really enjoy social features that help them connect with others. To offer these features, social networks often end collecting lots of personal info, and their users don’t always understand the tradeoffs involved. We want to offer social features in Firefox, but user privacy is fundamental to Mozilla’s DNA: it’s not something we can sacrifice. Given that, we’ve set out to find a way to combine these two aspects and enable an experience that folks can enjoy, safely.

With our latest beta, we’ve started testing a new social API right inside Firefox. This API provides an open, Web-based infrastructure that allows users to connect Firefox with their favorite social networks, creating an experience that’s social, still feels like Firefox, and most importantly still respects our privacy principles. The first implementer of our new social API is Facebook, and we expect many more implementations in the coming months.

One of the social API’s key requirements is that data is only sent to a social network when the user wants to send it. The new social features are completely opt-in and are disabled until you visit a social network site and decide to turn things on. Once enabled, Firefox loads several pages from your social network over secure connections. These pages are treated just as if you’d loaded them in another browser tab. They share cookies and other data like normal but they don’t get any special treatment or additional data from Firefox, nor are any part of your social activities sent to Mozilla. Facebook, for example, will know that you’ve turned on the feature and loaded the pages, just as if you had visited pages on the main site.

There’s a slight difference however. With the new API, social content is now persistent so the social network can add new features, like notifications, status updates and chat requests, even when you don’t have a browser tab open to their website. This new functionality doesn’t give your social network access to any additional information from your browser. Again: it’s a lot like having a tab open to your social network.

One of our favorite privacy-supporting features in the social API is the recommend button. Many websites add buttons that let you share content with your friends on social networks. When a site does this, those social networks can track which of their users visit those web pages. If we add this functionality in Firefox instead, you can still interact with your social network and share pages, but without the opportunity for tracking by all those social networks. It also allows you to share pages even if that page doesn’t include social sharing widgets. The recommend button in the URL bar — for Facebook, it’s a Like button — only sends the page’s URL to your social network when you click on it.

The Social API lets networks create an experience distinctive to the way people interact with them, using their own design and features, and without sacrificing user control or privacy. This is only a first step; we’ll be continuing to look at more features that enable new functionality from social providers while improving users’ choice, control and privacy.