Closed Bug 1235065 Opened 9 years ago Closed 4 years ago

[privacy] URL bar search suggestions: UI fails to warn users about severe privacy implications

Categories

(Firefox :: Address Bar, defect, P3)

43 Branch
defect

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: yumpusamongus, Assigned: shorlander)

References

Details

(Keywords: privacy, Whiteboard: [suggestions, notification] fxsearch)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Build ID: 20151216175450 Steps to reproduce: 1. Create a new profile. 2. Begin typing in the address bar. Actual results: Prompt appears, which reads, "Would you like to improve your search experience with suggestions? (Learn more...)" "Learn more" links to a page which says: >Enabling Search Suggestions will send the keywords you type in a search field - unless they appear to be a URL or hostname - to the default search engine. The default search engine may collect that information according to the terms of their privacy policy, and users concerned about this information being collected may not wish to enable Search Suggestions. Expected results: Prompt appears, which reads, "Would you like to turn on search suggestions from $search_provider? ⚠Warning!⚠ If you say yes, the characters you type in the URL bar will be sent to $search_provider, who may use them for targeted advertising or any other purpose. If you do not like this, you should say no and do your searching with the search bar. (Learn more...) "Learn more" links to a page which says: >Enabling Search Suggestions will send each keystroke you type in the URL field to the default search engine. The default search engine will likely collect that information according to the terms of their privacy policy, which may permit targeted advertising, can change without notice, and may not be followed at all. >Firefox will make a cursory attempt to detect URLs and hostnames and filter them from the information sent to your search provider, but everything up to the first "." is still sent, so a lot of information is leaked unless you paste URLs into the address bar. If you commonly use the address bar's local search to navigate by typing the first few characters of domain names or words that appear in URLs, your search provider will be able to see when you visit common websites. For example, if you visit Facebook by typing "fac<enter>", your search provider will see "fac", and will probably infer that you visited Facebook. If you type a URL, your search provider will see the first part of the domain name (everything before the first "."). This can be a substantial leak for some types of websites, such as Tumblr blogs, and even high-traffic domain names can carry substantial information about your interests, which can be used to subject you to more effective targeted advertisements. >Users who are concerned about this information being collected may not wish to enable Search Suggestions in the URL bar. Fortunately, it only requires three keystrokes (ctrl-t, ctrl-k) to begin a search with instant suggestions without URL bar suggestions, as opposed to two (ctrl-t) with them.
Blocks: 958204
Keywords: privacy
Component: Untriaged → Search
we have discussed updating this notification process. will include your comments when we consider the update.
Assignee: nobody → shorlander
Priority: -- → P2
Whiteboard: [triaged] suggestions notification
Whiteboard: [triaged] suggestions notification → [suggestions, notification] fxsearch
I'd like to add that, now that the UI has been misleading users for 5 months, a substantial number of people may have been tricked into allowing search suggestions. Therefore, anyone with search suggestions enabled should be shown the new prompt and given an opportunity to disable them.
I'm not sure why you say people are "tricked", when there is an _opt-in_ bar with a link that explains the whole feature. If users would be "tricked" I'd expect most of them to select yes, the reality is that many don't even answer the question, so it's pretty clear the bar is not misleading users toward "yes", it's not even forcing them to make a choice... It may be unclear, and that's what we will work on. Please let's avoid pointless j'accuse, when it's pretty clear there are no malicious intentions here. Your point has been taken into account, but has to go through the normal measurement, experimentation, coding, QA process.
>If users would be "tricked" I'd expect most of them to select yes, the reality is that many don't even answer the question, so it's pretty clear the bar is not misleading users toward "yes" That does not follow. You shouldn't compare the number of users who select yes to the number of users who don't select anything. You should compare to the number of users who select yes in an alternate universe where the prompt properly discloses the true nature of instant search suggestions. Then you would multiply that number by the additional revenue Google and Yahoo gain per user from ads targeted with instant suggestion derived data (unfortunately, a proprietary secret), and you would have an estimate of the damage caused by this unclear prompt.
Priority: P2 → P3
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Component: Search → Address Bar

The prompt has gone quite some time ago, Shorlander is not in Mozilla anymore. This is not actionable.

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.