pj wrote: > Since Mark is asking for input on the service, I will tell you that the first thing I do is > turn off antiphishing services, along with every other thing that tends to track my > surfing. I turn off Javascript and cookies too, for example, so I'm definitely not the > average person in my habits. I turn stuff on as needed, clean up, and turn it off > again. > In the community of folks who are very aware of the sort of abuse that goes on, being conservative about JS and cookies isn't unusual. Those are definite attack vectors on one's online identity and privacy. Out of curiosity, would you prefer that cookies and javascript be disabled in the default case for Ubuntu, too? If the argument is that anti-phishing might be used to track your surfing, like cookies and JS, and therefor it should be turned off, would it not also be consistent to want JS and cookies disabled by default? We certainly take the view that we (Ubuntu) are entrusted with our users security, so this would be worth exploring. My gut feel would be though that most people would say "I'll turn that off for myself where I'm concerned, but I understand that the default should for JS to be switched on". A second question would be: how would one know when to turn on the anti-phishing service? With JS and cookies it's relatively straightforward. One surfs along without them, and then something doesn't work, and you decide "I think this site looks trustworthy, and I really want to complete this thing I started, I'll enable JS and cookies". But, how would you decide to enable the anti-phishing service? And isn't the anti-phishing service very useful in helping to decide whether or not to enable JS and cookies? I certainly wouldn't want cookies on at a site that was red-flagged in the anti-phishing service. > So I don't think one can assume that there are no people who will find the antiphishing > service objectionable. > Fair enough :-). I think this is what makes our discussion interesting - we have to be aware of the extremes of abuse or attack, and we also have to be aware of what "most people want". And in the case of Ubuntu, it's not even that, it's what "most people like us want", where "people like us" means people alive to these issues and interested in finding pragmatic and usable expression for that awareness. > I personally would prefer that it be turned off by default and allow folks to turn it on > if they want it. There seems no reason to treat people like children, needing our > protection whether they want it or not. How much pain would that cause Mozilla, > compared to the pain caused to those of us who really care about Main being > clean? > I don't think that people "turning off" the anti-phishing service causes Mozilla pain. I don't have any reason to think that's anything other than an expense for Google or Mozilla. I think though, that the general feeling is that having it there and on makes for a better, safer browsing experience, and the idea is that "Firefox stands for the best browsing experience and is also, amazingly, all free software". So, I imagine that to the Mozilla folks (and I'm *not* conveying anything that's been said to me by them, just trying to put myself in their shoes) they would want to make sure that anyone who ships something called "Mozilla Firefox" delivers a consistent, predictable experience in this regard. Say you installed FF on your Mom's computer, she gets some nasty phishing mail, clicks on the link, FF says "this is a scam", and she falls in love with Mozilla on the spot and tells all her friends "That Firefox is the right way to web". Then one of her friends installs Ubuntu (OK, a stretch, or the sort of granny *I* want to have) and is delighted to see Firefox there. But when her friend gets the same scam email, she gets phished, because we turned this off by default. I can see how that would be bad for Mozilla and for Firefox (and frankly for Ubuntu too). This is not treating people like children, it's taking a view on the most appropriate configuration for folks when they start out. I can see how reasonable people might take different views, but I don't think it's unreasonable for us to take the view that this is the right default configuration. > The software is modifiable, but after you say I agree, then is it? Under the same > license? I was sick last week, so I haven't had a chance to seriously review the > language on the services part, so this is just to make clear that while I definitely > see the major issue, the EULA, resolved, I haven't said the same about the > services agreement to date. > I would be very interested in the results of your analysis, and there are also other folks looking carefully at the legalese to make sure there are no conflicts with the MPL, GPL and other specific licenses involved. If anything comes up it will have to be addressed, or we'll have to drop FF from main. So far, nothing has. > My question is this, and please excuse a stupid question, but I'm not a programmer, so > I don't know, and to analyze the language, I need to understand this point: is the > antiphishing part strictly services, or is there not software involved too? If the latter, > surely that software is not freely redistributable and modifiable, is it? If it isn't, > then where are we if it is on by default? > My understanding is this: there is software on your machine, in Firefox, and that code is under the same license as everything else. You can take it, study it, change it (but you may not be allowed to *call the result Firefox*), redistribute it, charge for it if you want, but you're bound by the usual copyleft. There's a network service, which if you use, you must accept is not guaranteed to be 100% perfect. I.e. if you get phished while using it, tough. There's the software on the server which provides the phishing service, and afaik nobody has said publicly what software that is, or what license it runs under. I think the key piece is what sorts of restrictions are placed on you by your "acceptance of the terms of the service when you use it". I think accepting that the service is not guaranteed to be 100% foolproof is reasonable. I think accepting that after you use the service you should hand over your first born son would not be :-). And this is where we will probably have a very fruitful discussion over the next few years, not only about this service, but about others. And lastly, can I say, how cool to be discussing this on a bug report with you ;-) Mark