I'm willing to forgive Mozilla this one time - I've been a Firefox loyalist since v1.5 and have no desire to change, but this cut pretty close. To me, it felt like someone at Mozilla trying to one-up their competition by providing the Mr Robot tie-in exclusively. I can almost understand Mozilla's desperation to slow the seemingly unstoppable exodus of Firefox people to Chrome (which I refuse to use for many reasons, chiefly that it's becoming the new IE with web-breaking rendering and extensions that only work on it), or a way to bring in more revenue to a foundation that's probably losing funding, but this was a very short-sighted move that undermines what Firefox has always stood for - respecting the user's choice in their browser. It was bad enough when they bundled Pocket pre-installed, but at least that was clearly announced beforehand, and I only tolerated because I was already a Pocket user. Sneaking stuff into the browser silently, no matter how good the intentions are, is a backdoor in all but name, and that makes me, as a sysadmin, very nervous. Mozilla have a ways to go before my trust in them is restored, but I don't want to switch away. Others may not be so forgiving.
It's just another terrible decision in Mozilla's long history of mismanaging Firefox. They've been dumbing down the UI and turning Firefox into a me-too Chrome for the longest time. They broke plugin compatibility, harming Firefox's big killer feature. For the longest time they pretended their performance was competitive with Chrome, when it quite clearly wasn't.
You already mentioned the Pocket fiasco. I could've sworn they also once bundled a non-Free plugin for enhanced disabled access. They dragged their feet for years fixing a serious privacy issue regarding IndexedDB https://superuser.com/a/1250955/867963
Less scandalously, they use a non-standard licence for no clear reason.
The technical progress in Firefox has been great, but the history of mismanagement is awful. But I'm still using Firefox, for what that's worth.
For me, this whole fiasco was the last straw: Quantum had already broken the plugins I use for vertical tabs, and then I found that the only reason Quantum was introduced was to allow this Looking Glass plugin to collect telemetry from the whole of the browser window, not just the pages being rendered. Like yourself, I've been a Firefox user since the Phoenix days, but this was a step too far.
I switched to Vivaldi, which is a Chromium with high levels of customization, including a vertical tab bar.
I often wonder these days about the value of telemetry and A/B testing. I think many heavily used pieces of software can benefit from a BDFL-like decision maker instead, especially if the alternative is software specifically designed to use me as a guinea pig surreptitiously. I feel like, in the race for adoption, we suffer a form of the tyranny of the majority with software. Decision making based on principles instead of popularity is the only way to prevent harming some of us whose software preferences are in the minority.
It seems A/B testing provides clear numbers on what's most popular, but you can't quantify what's right.
Indeed. When A is shit and B is shit then the result of your A/B testing is going to be the least shit of the two. At the end of the day it's going to be shit either way.
I'm a firm believer that you should never ask your user to make a decision or look over their shoulder. Not once ever. You should listen to their complaints and ideas when they come to you, then build your strategy on that. Be reactive, not prescriptive. That empowers the user, shows respect and results in a satisfactory product that benefits the user which after all is the end game.
Telemetry invades the user's privacy. Feedback does not empower the user because the user expects a reaction from it which is unlikely. A/B testing results in churn for the user which does not show respect, merely that they are a test subject.
Microsoft as a fine example could learn a lot from listening to their users rather than steamroll ahead based on collected telemetry and feedback data.
A fine example: People didn't want UWP/metro and still don't today. I have yet to meet one person who uses that side of windows 10. They wanted shit that worked, was faster and kept out of their way and didn't wreck the workflow that they had invested years in learning or had someone experienced close at hand to help them with it. 90% of the userbase just installs chrome and does everything in there as well so that stuff just gets in the way.
Strongly agree. I said that before back during Homebrew's telemetry fiasco - no, you don't need analytics in your desktop software. You especially don't need opt-out, active-by-default analytics. People made software totally fine without spying on everyone back in the day, and I'd hazard to say that it was often better software.
> I think many heavily used pieces of software can benefit from a BDFL-like decision maker instead, especially if the alternative is software specifically designed to use me as a guinea pig surreptitiously. I feel like, in the race for adoption, we suffer a form of the tyranny of the majority with software.
I’ve recently been feeling the same but couldn’t articulate it as well as you have.
This is one thing that the biggest open source projects seem to get wrong more often than right (trying to be all things to all people, all of the time). Management by consensus usually yields mediocre results in the commercial space, too. The BDFL model is a great compromise. Everyone gets a say, but not the final say, and there’s a consistent vision driving the project.
When projects get very popular, it’s hard to say “no” and keep that vision focussed. This seems to come more naturally to proprietary projects, at times resulting in a better overall experience for the narrower subset of users served.
They kinda missed the point that people dont like when companies install things on their devices without permission. If its part of the shield program how about we provide more transparency on that? Like how to opt-in/opt-out, what exactly it does? etc? I've been a firefox user since it came along to displace IE6 and i've never heard of the shield program. Better communication with your userbase is essential to maintain a sustainable product for the long term.
> They kinda missed the point that people dont like when companies install things on their devices without permission.
But it's a pretty blurry line, isn't it? You give permission to install Firefox, and it's somewhat arbitrary is a specific code is "part of Firefox" or "part of an extension" when that extension is shipped with Firefox by default.
(In this case, the specific code wasn't even executed unless the user flipped a switch in about:config. The problematic part was something being listed among your extensions that you couldn't make sense of as a user.)
Respecting privacy is about not pulling user data without consent. The problem here is about control, i.e. not pushing content to users without consent.
@MoCo, you might think the (marketing) key for the (economic viability in the) future is privacy. I tend to agree. Currently, privacy has to be enforced because people are not in control. For everyone to be able to choose a satisfying level of privacy, we need tools we can control and education (poke @MoFo).
IMHO, what we (power?) users (influencers?) need is control. Hence the problem with the recent lack of support of legacy addons. While we can understand it from a security/privacy/technical point of view, it nevertheless goes in the wrong direction WRT control (shaping your tool for a specific usage).
That's a shame that you, we, can't imagine something better and make it available.
> Currently, privacy has to be enforced because people are not in control. For everyone to be able to choose a satisfying level of privacy, we need tools we can control and education
I agree. It's all about control. Which is why I rant so often about modern UI/UX/software design trends - they're all about disenfranchising users! The amount of control the users have over their software is being actively reduced everywhere.
Mozilla, you are 100% completely and absolutely out of touch. The problem is not that a study was conducted incorrectly! The problem is that software was secretly bundled with Firefox, software that is at the very least bloat and might be considered adware -are you paid for this? Was it a favor? Part of a non financial partnership/promotion?
You don't see the problem here, no, you plan on doing this again. With the only change being that you will try to answer a specific question.
You could not have mitigated the uproar by "trying to answer a specific question" and "appropriately naming the 'study'". The biggest issue is that you are unable to realize that.
> You could not have mitigated the uproar by "trying to answer a specific question" and "appropriately naming the 'study'". The biggest issue is that you are unable to realize that.
That’s not how I read it. What they’re saying here is “the fact that it didn’t try to answer a question is a red flag unto itself”. If it had tried to answer a question, it would’ve collected data, and the usual privacy process would’ve kicked in hard: is this an appropriate question to ask, are the changes narrowly tailored to ask that question, are we handling the data appropriately? On those counts, a version of Looking Glass that collects data would never have rolled out. Instead, by not collecting data, they found themselves answering an overly narrow question: does this impact user privacy? No, it does not!
Naming really was adding more fuel to the fire though. It’s a fine line between a surprise/Easter egg and being outright deceitful, and the cock up with the SHIELD test burnt through all the goodwill they might have here.
This post wasn't about answering those questions, that they have done already elsewhere (some of it linked in the article, even). This was about how they will make sure not to use SHIELD to do the same in the future.
Since there's likely to be people that do not consider this sufficient, a question out of personal interest: what could Mozilla do/have done to sufficiently prevent something like this from happening in the future?
There's a certain point at which it's important to forgive the offender. Mozilla does not usually make mistakes that compromise user privacy/security. To their credit, this mistake didn't do that either. While it may have led users to suspect many things, this particular Shield Study was not sent maliciously, nor did it lead to any malicious activity. Mozilla acknowledge this, have repented for their actions, and issued a set of rules for these studies which are clear and transparent.
I'm not sure they could have done anything more short of going back in time and reversing their stupid decision.
"SHIELD was an inappropriate channel to use to ship this. We don't believe there is any appropriate channel for us to ship this other than an opt-in add-on in the add-ons-store, and will never ship software of this nature through any other channel in future."
As is I trust they won't use SHIELD next time (and have opted back into their studies based on the policy change), but my expectation is that next time they want to ship some garbage like that they'll use some other channel and marketing have probably already identified it.
There is no simpler lesson than "don't install unexpected software on your users machines".
So simple. So obvious. So necessary, if you value privacy.
Yet they have not acknowledged the mistake or shown any signs of willing to listen to the complaints - their entire explanation is about something else that people weren't even aware of!
Given the level of feedback and the intelligence of the recipients, this is unlikely to be a mistake or a coincidence. It is reasonable to conclude they fully intend to repeat this behaviour in future.
The root of the problem is clear by the fact that simple statement “we were wrong” is nowhere to be found in Mozilla's responses. Instead, we get nothing but glossy corporate bullshit about potentially mismatching values.
People who don't get why it is important are leading Mozilla into the grave, no matter what expertise and experience in other areas they have. Unfortunately, the world has never seen a bureaucrat who resigns on his own will.
A good post-mortem summary does a few things: (1) describes the actual event timeline clearly and precisely; (2) describes the negative consequences of the event (if they are not implicitly clear) from the end-user's point of view; (3) lays out exactly what mistakes were made that led to and continued the event--whether in assumptions made, process failures, inadequate process, unanticipated consequences, side effects to remediation attempts, etc; (4) describes planned and potential changes that will avoid the problem in the future along with a communication plan for keeping stakeholders informed of any future changes. A good post-mortem does all of this while taking a broad, organization-level view of the event and a user-focused view of its consequences.
Maybe the internal document covers all of this, but this blog-post summary does not. And what is included here does not bring me great confidence.
Firstly, this summary indicates they were far too narrowly focused in their assessment, talking only about the Mr Robot promotion's compatibility with the purpose and restrictions of the SHIELD tool. And I suspect that maybe internally the story now is that some marketing staff misused the SHIELD approval process to get this plugin around other more robust processes.
But the intricacies of which particular avenue within Firefox or Mozilla this occurred through is a backwards view of the problem. Users aren't upset that the SHIELD tool was misused to push an ad on unsuspecting and confused users. They're upset that _Firefox_ was misused to push an ad on unsuspecting and confused users. The problem here is the entire idea of a "TV show tie-in" to Firefox.
And lastly, the action items here are pretty pathetic, and fail to address users' concerns (not a surprise since users' concerns are never explicitly recognized in the post, either). Yes, SHIELD studies should be actual studies; and yes, SHIELD studies should be clearly named; and yes, it's bad that the SHIELD program was used to ship a commercial. But never once does this post promise that Mozilla will take a broader view of the actual needs and desires of their users, or that they will correct their internal mindset that led to anyone thinking this tie-in was ever remotely a good idea.
Regardless of the rights and wrongs of Mozilla doing this in the first place, this is why open source is great. Can you imagine getting this kind of transparency and humility from Google or Apple?
I'm not sure it's an open source issue, rather than a 'why non-profits are great'.
But regarding 'Can you imagine getting this kind of transparency and humility from Google or Apple?' I think Apple's response to the the battery debacle (the software update was installed with good intentions, but with insufficient explanation) is similar and in response to similar reputational damage.
My immediate impression of this article was poor, because in the very first paragraph it used “tv” instead of “TV” and “add on” instead of “add-on”. Spelling is important. Most people won’t notice it, but there are a lot of us who do, and put quite a bit of stock by it as well—when you get it wrong, it doesn’t reassure us that things are being run well, and it distracts us and detracts from the article.
In this case, I continued to read, and it did improve; but those couple of errors at the start damaged it.
(Since I’m mentioning such errors, two more jumped out as I skimmed the article: the text which is linked in `[set of principles t]hat `, and the space in `wiki ,`.)
People may not like to hear these things, but I assert their veracity and importance nonetheless.
The way this is written, it seems like this "experiment" would have been okay -- by their standards -- if it had just captured some data... and they will make sure that any other experiments like this DO capture data... and that will somehow make them okay.
The marketing people writing this stuff (I assume) really don't get it, do they?
I read this more as "this wasn't an experiment and we've updated our procedures so we can't push things that aren't experiments through that channel", and hopefully there are no channels that they would use to push that game in future. They should have explicitly said that there aren't though, because I don't know if I trust them not to find some other channel they think is appropriate next time.
The way I read it, they pose that "if it had just captured some data", the plugin would have been flagged in their privacy review process. They're not saying the plugin was ok otherwise, they're explaining why it wasn't reviewed properly.
[+] [-] gargravarr|8 years ago|reply
[+] [-] MaxBarraclough|8 years ago|reply
You already mentioned the Pocket fiasco. I could've sworn they also once bundled a non-Free plugin for enhanced disabled access. They dragged their feet for years fixing a serious privacy issue regarding IndexedDB https://superuser.com/a/1250955/867963
Less scandalously, they use a non-standard licence for no clear reason.
The technical progress in Firefox has been great, but the history of mismanagement is awful. But I'm still using Firefox, for what that's worth.
[+] [-] xgbi|8 years ago|reply
[+] [-] Two9A|8 years ago|reply
I switched to Vivaldi, which is a Chromium with high levels of customization, including a vertical tab bar.
[+] [-] kodablah|8 years ago|reply
It seems A/B testing provides clear numbers on what's most popular, but you can't quantify what's right.
[+] [-] cjsuk|8 years ago|reply
I'm a firm believer that you should never ask your user to make a decision or look over their shoulder. Not once ever. You should listen to their complaints and ideas when they come to you, then build your strategy on that. Be reactive, not prescriptive. That empowers the user, shows respect and results in a satisfactory product that benefits the user which after all is the end game.
Telemetry invades the user's privacy. Feedback does not empower the user because the user expects a reaction from it which is unlikely. A/B testing results in churn for the user which does not show respect, merely that they are a test subject.
Microsoft as a fine example could learn a lot from listening to their users rather than steamroll ahead based on collected telemetry and feedback data.
A fine example: People didn't want UWP/metro and still don't today. I have yet to meet one person who uses that side of windows 10. They wanted shit that worked, was faster and kept out of their way and didn't wreck the workflow that they had invested years in learning or had someone experienced close at hand to help them with it. 90% of the userbase just installs chrome and does everything in there as well so that stuff just gets in the way.
[+] [-] TeMPOraL|8 years ago|reply
[+] [-] davb|8 years ago|reply
I’ve recently been feeling the same but couldn’t articulate it as well as you have.
This is one thing that the biggest open source projects seem to get wrong more often than right (trying to be all things to all people, all of the time). Management by consensus usually yields mediocre results in the commercial space, too. The BDFL model is a great compromise. Everyone gets a say, but not the final say, and there’s a consistent vision driving the project.
When projects get very popular, it’s hard to say “no” and keep that vision focussed. This seems to come more naturally to proprietary projects, at times resulting in a better overall experience for the narrower subset of users served.
[+] [-] TamDenholm|8 years ago|reply
[+] [-] Vinnl|8 years ago|reply
But it's a pretty blurry line, isn't it? You give permission to install Firefox, and it's somewhat arbitrary is a specific code is "part of Firefox" or "part of an extension" when that extension is shipped with Firefox by default.
(In this case, the specific code wasn't even executed unless the user flipped a switch in about:config. The problematic part was something being listed among your extensions that you couldn't make sense of as a user.)
[+] [-] sho_hn|8 years ago|reply
[+] [-] sp332|8 years ago|reply
[+] [-] aiNohY6g|8 years ago|reply
@MoCo, you might think the (marketing) key for the (economic viability in the) future is privacy. I tend to agree. Currently, privacy has to be enforced because people are not in control. For everyone to be able to choose a satisfying level of privacy, we need tools we can control and education (poke @MoFo).
IMHO, what we (power?) users (influencers?) need is control. Hence the problem with the recent lack of support of legacy addons. While we can understand it from a security/privacy/technical point of view, it nevertheless goes in the wrong direction WRT control (shaping your tool for a specific usage).
That's a shame that you, we, can't imagine something better and make it available.
[+] [-] TeMPOraL|8 years ago|reply
I agree. It's all about control. Which is why I rant so often about modern UI/UX/software design trends - they're all about disenfranchising users! The amount of control the users have over their software is being actively reduced everywhere.
[+] [-] Traubenfuchs|8 years ago|reply
You don't see the problem here, no, you plan on doing this again. With the only change being that you will try to answer a specific question.
You could not have mitigated the uproar by "trying to answer a specific question" and "appropriately naming the 'study'". The biggest issue is that you are unable to realize that.
[+] [-] pdpi|8 years ago|reply
That’s not how I read it. What they’re saying here is “the fact that it didn’t try to answer a question is a red flag unto itself”. If it had tried to answer a question, it would’ve collected data, and the usual privacy process would’ve kicked in hard: is this an appropriate question to ask, are the changes narrowly tailored to ask that question, are we handling the data appropriately? On those counts, a version of Looking Glass that collects data would never have rolled out. Instead, by not collecting data, they found themselves answering an overly narrow question: does this impact user privacy? No, it does not!
Naming really was adding more fuel to the fire though. It’s a fine line between a surprise/Easter egg and being outright deceitful, and the cock up with the SHIELD test burnt through all the goodwill they might have here.
[+] [-] maaaats|8 years ago|reply
[+] [-] Vinnl|8 years ago|reply
[+] [-] genghizkhan|8 years ago|reply
I'm not sure they could have done anything more short of going back in time and reversing their stupid decision.
[+] [-] sho_hn|8 years ago|reply
Come up with an idea of "browser neutrality".
[+] [-] mcintyre1994|8 years ago|reply
As is I trust they won't use SHIELD next time (and have opted back into their studies based on the policy change), but my expectation is that next time they want to ship some garbage like that they'll use some other channel and marketing have probably already identified it.
[+] [-] Angostura|8 years ago|reply
The arguments will be over whether sufficient contrition has been shown and whether someone needs to be placed in the stocks.
It was a bad, bad mistake. I think they've learned their lesson.
[+] [-] contrast|8 years ago|reply
So simple. So obvious. So necessary, if you value privacy.
Yet they have not acknowledged the mistake or shown any signs of willing to listen to the complaints - their entire explanation is about something else that people weren't even aware of!
Given the level of feedback and the intelligence of the recipients, this is unlikely to be a mistake or a coincidence. It is reasonable to conclude they fully intend to repeat this behaviour in future.
[+] [-] hateduser2|8 years ago|reply
[+] [-] ogurechny|8 years ago|reply
People who don't get why it is important are leading Mozilla into the grave, no matter what expertise and experience in other areas they have. Unfortunately, the world has never seen a bureaucrat who resigns on his own will.
[+] [-] Vinnl|8 years ago|reply
[+] [-] skywhopper|8 years ago|reply
Maybe the internal document covers all of this, but this blog-post summary does not. And what is included here does not bring me great confidence.
Firstly, this summary indicates they were far too narrowly focused in their assessment, talking only about the Mr Robot promotion's compatibility with the purpose and restrictions of the SHIELD tool. And I suspect that maybe internally the story now is that some marketing staff misused the SHIELD approval process to get this plugin around other more robust processes.
But the intricacies of which particular avenue within Firefox or Mozilla this occurred through is a backwards view of the problem. Users aren't upset that the SHIELD tool was misused to push an ad on unsuspecting and confused users. They're upset that _Firefox_ was misused to push an ad on unsuspecting and confused users. The problem here is the entire idea of a "TV show tie-in" to Firefox.
And lastly, the action items here are pretty pathetic, and fail to address users' concerns (not a surprise since users' concerns are never explicitly recognized in the post, either). Yes, SHIELD studies should be actual studies; and yes, SHIELD studies should be clearly named; and yes, it's bad that the SHIELD program was used to ship a commercial. But never once does this post promise that Mozilla will take a broader view of the actual needs and desires of their users, or that they will correct their internal mindset that led to anyone thinking this tie-in was ever remotely a good idea.
[+] [-] blowski|8 years ago|reply
[+] [-] Angostura|8 years ago|reply
But regarding 'Can you imagine getting this kind of transparency and humility from Google or Apple?' I think Apple's response to the the battery debacle (the software update was installed with good intentions, but with insufficient explanation) is similar and in response to similar reputational damage.
[+] [-] LeoPanthera|8 years ago|reply
On Maps: https://www.apple.com/ca/letter-from-tim-cook-on-maps/
On "batterygate": https://www.apple.com/iphone-battery-and-performance/
On customer service in China: https://support.apple.com/zh-cn/warranties (In Chinese)
[+] [-] JepZ|8 years ago|reply
Might become a problem too. Who is responsible? We all are!
[+] [-] msla|8 years ago|reply
[+] [-] moonbug22|8 years ago|reply
[deleted]
[+] [-] chrismorgan|8 years ago|reply
In this case, I continued to read, and it did improve; but those couple of errors at the start damaged it.
(Since I’m mentioning such errors, two more jumped out as I skimmed the article: the text which is linked in `[set of principles t]hat `, and the space in `wiki ,`.)
People may not like to hear these things, but I assert their veracity and importance nonetheless.
[+] [-] jwilk|8 years ago|reply
Please don't comment about the voting on comments.
[+] [-] kkarp|8 years ago|reply
[+] [-] jlgaddis|8 years ago|reply
The marketing people writing this stuff (I assume) really don't get it, do they?
[+] [-] mcintyre1994|8 years ago|reply
[+] [-] tremon|8 years ago|reply