NMM example #1: web health + security audit
July 29, 2009 § 6 Comments
Privacy and security have always mattered deeply for Mozilla. They are central to the health of the internet at both the individual and web-wide level. For this reason, pushing the envelope on privacy and security has been a core consideration in Mozilla software since early on.
One challenge: most people who use the internet don’t care very much about privacy and security. Or, at least, they don’t understand it. Good product, technology and UI help to counter balance this, keeping people more secure. But this only goes so far. At some point, we need people to care and act.
Could we educate and engage large numbers of people to actually help make the web more secure? Other kinds of public benefit organizations ask people to help clean up beaches or promote public health. Could we do the same for the health of the web?
This seems like a good question to throw at the Next Million Mozillians funnel framework that I blogged about earlier. Here is my quick run down of how we might apply the three parts of the funnel to a possible Mozilla ‘Internet Health’ campaign:
1. Explain that good privacy and security practices keep the web healthy. This is obvious to anyone who has anything to do with Mozilla. But it isn’t obvious to most people who use the web. In some ways, this is similar to where we were with seat belts in the 1950s: we had the technology to keep people safe, but people didn’t think buckling up was important or necessary. Coming up with a simple, easy to understand social marketing campaign on privacy and security wouldn’t be hard, and would probably go a long way. We could start out by using events like Mozilla Service Week and One Web Day (both happening this fall) to promote these messages.
2. Organize a conversation within the Mozilla community to focus and define actions consumers can take to improve web security. Simply getting people to care is not enough, we also need them to act. This means coming up with a list of things that we ask people to do. At one level, making this list is easy: upgrade your browser and plugins, understand security UI, etc. However, there may be other things that we want to do that require a bit more organization (e.g. a new web safety add-ons collection) or even better technology (what about improvements to password management?). In any case, the middle step of this process definitely needs to be tapping Mozilla community expertise to make sure we’re asking people to take actions that actually help the web.
3. Design a simple way for 100,000s of people to audit and upgrade software that represents a threat to the web. This could include things like: finding copies of Internet Explorer 6 and upgrading them to a modern browser; making sure the Flash and other plug-ins are up-to-date on the computers of friends and family; encouraging people to install add-ons that improve privacy and security. We know from events like Download Day that we can get the attention of large numbers of people. An ‘Internet Health’ checkup program like this could harness the same spirit in a way that improves the web in a tangible way (e.g. measurably drop IE6 usage). And, of course, it could include many of the same techniques of tracking progress around the world or even holding competitions to drive momentum.
I’ve chosen this example because it’s close to home for Mozilla and it’s something we could act on quite quickly. It feels like a good first topic if we want to experiment with engaging the Next Million Mozillians. Other topics like identity and data in the could or opening the mobile ecosystem will be harder and require more time to flesh out. Tomorrow I will go through one of these examples in detail.
In the meantime, I want to ask: does it make sense for Mozilla to engage people on privacy and security issues in this manner? If so, what specific messages or actions would you focus on? If not, why not?