Open Bug 1219365 Opened 8 years ago Updated 8 months ago

[userstory] TP: User sees CC main and subpanel indicators of how many/who is tracking them


(Firefox :: General, defect)





(Reporter: MarcoM, Unassigned)


(Depends on 7 open bugs)


(Whiteboard: [fxprivacy] [userstory])

User Story

* As a user, I want to understand when tracking is happening, what it is, and who’s doing it so I have a greater peace of mind when surfing.

Acceptance Criteria:
* (All copy is NOT final)
*TP UI only shows in CC for users running TP in normal mode (Global pref = run TP "Always")
* TP enabled: Main panel of CC shows numeric indicator “Firefox is blocking 35 companies that may track your browsing.”
* TP disabled (but running): Main panel of CC shows numeric indicator. “Firefox detected 35 companies that may track your browsing. You have disabled protection on this site.”
* TP now has a CC subpanel. 
* Subpanel displays TP logo and headline: “Tracking protection”
* Subheader: site name as it appears in security main panel, i.e. “” or “”
* Subpanel displays blocked tracker categories as per the blocklist: “Ad trackers”, “Analytics trackers" "Social trackers" are all possibilities for the basic list, and "Ad trackers", Analytics Trackers “Social trackers”, “Content trackers” are the full possibiliites. for the strict list.  
* Category names only appear in the subpanel when tracker companies are present for that category. For example, if a page only has Ad trackers, the "Social" and "Analytics" categories do not appear in the subpanel.
* If a page has no trackers, the subpanel is disabled. (The main panel already shows "no trackers detected")
* Next to each category is the label “Blocked”
* The subpanel will only show category and company names for blocked categories. TP currently has no awareness of a list category unless that list is running (i.e. TP will not know about Content trackers unless the strict list is running)
* Under each tracker category is a threaded list of companies found under that category (i.e. Ads > AppNexus, Doubleclick, Rubicon). 
* Company names are linked to their public website, as given in the blocklist. 
* The subpanel allows for expansion in cases where a list category may have many companies listed (i.e. 10 ad companies)
* The bottom of the subpanel is a button labeled “Tracking Protection Settings”. Clicking the button navigates to Privacy UI preferences. 
* Instrument probes in telemetry:
** Control Center opens (reveal main panels)
** Clicks to subpanel by name: security, TP, etc.
      No description provided.
Depends on: 1223489
Depends on: 1225534
Design mockup
User Story: (updated)
Summary: [userstory] TP: Toggles for Ads/Analytics/Social/Content Sections → [userstory] TP: User sees CC main and subpanel indicators of how many/who is tracking them
Depends on: 1229365
User Story: (updated)
User Story: (updated)
User Story: (updated)
Since two people have already asked me the significance of this work today, I'll explain more. We know we have unsolved user problems in TP as it already exists in PBM. User research studies in January and August found that users have a weak mental model of tracking is and who is doing it. Some users conflated tracking with security issues (online banking). Users also wanted to know who was tracking them. Some user suggestions: hackers, the NSA, Internet companies, etc.

Our hypothesis is that by showing categories (ads/analytics/social) and naming company names, we can give users a clearer understanding that tracking is commercial entities mostly interested in browsing activity for marketing purposes. The categories are important because outside of big user-facing companies, users aren't going to know some of the obscure names because they don't have a relationship with this company. 

Also unstated in here but important: we're not talking about number of blocked HTTP loads, we're talking about number of *companies*. A tracking load is an implementation detail, just as a domain is an implementation detail (this is why we treat different domains owned by the same company as first-party, it's about *who* you're dealing with and who you trust). 

5 loads might be less dangerous than 1 load, depending on which company is placing it and what they do with your data. Or 1 == 5 if that one load calls 4 sub-libraries. Our number is going to be how many companies. Companies is more understandable from a user POV. We want to give the mental model of "how many other companies are in the room with you, and who are they".
Please disregard the seperate links above and refer to the design spec here:
Depends on: 1231735
Depends on: 1231737
Depends on: 1231738
Depends on: 1231739
Depends on: 1231740
Depends on: 1231741
Depends on: 1231742
Depends on: 1231743
Depends on: 1231744
Depends on: 1231746
Depends on: 1231748
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.