[LINK] RFI: Firefox 3.5/3.6

Thu Mar 25 14:27:22 AEDT 2010

Call be paranoid by all means, but is anyone aware of an analysis of 
Firefox 3.5/3.6 from the viewpoint of consumer rights and privacy?

The product pages are in the style of an upbeat marketer.

The suspicion is that the design decisions have been made by upbeat 
marketers for upbeat marketers, rather than by consumers for 
consumers.

Sure, the product trumpets its privacy and security features.  But 
these are largely about resistance to 'unauthorised third parties'.

The bigger security and privacy concerns arise from second parties - 
the operators of the web-sites that consumers visit - and 
'pseudo-authorised third parties' - the 'strategic partners' of the 
operators of web-sites that consumers visit.

Looking at the features pages, here are some areas I'm wondering about:
http://en-us.www.mozilla.com/en-US/firefox/features/
http://en-us.www.mozilla.com/en-US/firefox/underthehood/
https://developer.mozilla.org/En/Firefox_3.6_for_developers

-   Faster DOM ... added support for new standards
     [no further information provided]

-   Network and File Access
     A new File API, based on emerging standards, now allows asynchronous
     event-based access to files (see it in action). Mixed with cross-site
     XMLHttpRequests originally introduced in Firefox 3.5 [wrong:  it
     originated at Microsoft], these give Web developers the ability to
     build exciting mashups from multiple Web sites.

     [This enables AJAX, and hijack of the browser by the web-server:
     http://www.rogerclarke.com/EC/Web2C.html#AltT ]

-   Location-aware Browsing
     ... users can share their location with requesting Web sites, allowing
     developers to customize their applications so they deliver more useful,
     more relevant output. New in Firefox 3.6, developers can lookup the
     address corresponding to a specific location
     https://developer.mozilla.org/En/Using_geolocation

     [This is quite specifically a Google tie-in, so there appears to be
     a high likelihood of disclosure of data to Google, irrespective of
     what the laws of various countries, and the weasel-words in the
     various dispersed privacy policy statements might say]

-   Personas
     The concept has been debased from a nymous identity to a prettified
     colour-scheme:
     http://en-us.www.mozilla.com/en-US/firefox/features/#look-and-feel

-   Instant Web Site ID

     [This appears to be another Google tie-in, with all the consumer
     risks that dealing with Google in the background entails

There's no doubt there's a lot of 'good things' in there for consumers.

But it looks like there's a host of 'good things' for marketers, 
which are specifically there to enable manipulation of the browser, 
the consumer's data, and the consumer.

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University