NMM example #1: web health + security audit

July 29, 2009 § 6 Comments

Privacy and security have always mattered deeply for Mozilla. They are central to the health of the internet at both the individual and web-wide level. For this reason, pushing the envelope on privacy and security has been a core consideration in Mozilla software since early on.

security header

One challenge: most people who use the internet don’t care very much about privacy and security. Or, at least, they don’t understand it. Good product, technology and UI help to counter balance this, keeping people more secure. But this only goes so far. At some point, we need people to care and act.

Could we educate and engage large numbers of people to actually help make the web more secure? Other kinds of public benefit organizations ask people to help clean up beaches or promote public health. Could we do the same for the health of the web?

This seems like a good question to throw at the Next Million Mozillians funnel framework that I blogged about earlier. Here is my quick run down of how we might apply the three parts of the funnel to a possible Mozilla ‘Internet Health’ campaign:

NMM example - security - explain

1. Explain that good privacy and security practices keep the web healthy. This is obvious to anyone who has anything to do with Mozilla. But it isn’t obvious to most people who use the web. In some ways, this is similar to where we were with seat belts in the 1950s: we had the technology to keep people safe,  but people didn’t think buckling up was important or necessary. Coming up with a simple, easy to understand social marketing campaign on privacy and security wouldn’t be hard, and would probably go a long way. We could start out by using events like Mozilla Service Week and One Web Day (both happening this fall) to promote these messages.

NMM example - security - focus

2. Organize a conversation within the Mozilla community to focus and define actions consumers can take to improve web security. Simply getting people to care is not enough, we also need them to act. This means coming up with a list of things that we ask people to do. At one level, making this list is easy: upgrade your browser and plugins, understand security UI, etc. However, there may be other things that we want to do that require a bit more organization (e.g. a new web safety add-ons collection) or even better technology (what about improvements to password management?). In any case, the middle step of this process definitely needs to be tapping Mozilla community expertise to make sure  we’re asking people to take actions that actually help the web.

NMM example - security - act

3. Design a simple way for 100,000s of people to audit and upgrade software that represents a threat to the web. This could include things like: finding copies of Internet Explorer 6 and upgrading them to a modern browser; making sure the Flash and other plug-ins are up-to-date on the computers of friends and family; encouraging people to install add-ons that improve privacy and security. We know from events like Download Day that we can get the attention of large numbers of people. An ‘Internet Health’ checkup program like this could harness the same spirit in a way that improves the web in a tangible way (e.g. measurably drop IE6 usage). And, of course, it could include many of the same techniques of tracking progress around the world or even holding competitions to drive momentum.

I’ve chosen this example because it’s close to home for Mozilla and it’s something we could act on quite quickly. It feels like a good first topic if we want to experiment with engaging the Next Million Mozillians. Other topics like identity and data in the could or opening the mobile ecosystem will be harder and require more time to flesh out. Tomorrow I will go through one of these examples in detail.

In the meantime, I want to ask: does it make sense for Mozilla to engage people on privacy and security issues in this manner? If so, what specific messages or actions would you focus on? If not, why not?

§ 6 Responses to NMM example #1: web health + security audit

  • […] Comments NMM example: web health + security audit « commonspace on Doodle: Next Million Mozillians frameworkDoodle: Next Million Mozillians framework « […]

  • “does it make sense for Mozilla to engage people on privacy and security issues in this manner?”

    Can’t speak for Mozilla’s role here, but focusing on privacy and security is becoming more critical every day (as evidenced recently).

    I was asked recently to do some security training and — when we dug into the requirements — it was clear that even the most basic aspects of using the Web require _some_ understanding of how to keep your personal information secure. Changing passwords, checking for secure connections, and so on — we’re talking _really_ basic stuff here.

    Moving the average Web user into a more security-aware direction would sure help to ensure the Web stays friendly, fun, and safe.

    So, FWIW, I think this is going in a good direction. 🙂

  • James Napolitano says:

    >3. Design a simple way for 100,000s of people to audit and upgrade software that represents a threat to the web.

    Maybe http://secunia.com/vulnerability_scanning/online/ would do what you want.

  • […] Comments Gerv on More thinking on the next million MozilliansJames Napolitano on NMM example #1: web health + security auditMasquerade Prom on Prom playlist: what’s missing?Clint Talbert on Doodle: Next Million […]

  • Majken "Lucy" Connor says:

    I saw a bank commercial recently, forgotten which now, but they included a message about how to tell you were on their site.

    I think sometimes we don’t give users enough credit when we decide what could and couldn’t work. For years now it’s been held as fact that most people couldn’t understand a url, but I think over time, it’s just so important that they do.

    Like seatbelts, I’m sure it’ll take time, but it’s not so different from phone numbers.

    You have a country code 1 = http://

    You have an area code = .com

    and you have the phone number = mozilla

    sometimes you have extensions = /firefox

    Firefox 3 betas (or was it alphas?) at one point experimented with making the domain more obvious to users in the url bar. I do think that once exposed to it, users would make use of something that shows them the domain to make sure they’re where they think they are, just like they understand how to tell if they dialed a wrong number.

    Maybe include a “you are here: mozilla.com” line in the site identity information

  • It’s a tough topic isnt it. We all want to use the net and be safe but many of the security settings Mozilla has included as they update each version of Firefox restrict the user. I have just upgraded to Firefox 4 and I wish I hadn’t. Much of the flexibilty I had in pre-4 versions have gone.

    They are caught between a rock and a hard place I guess. Now in saying that I beleive they are streets ahead of I/Explorer.

    Good article Mark….enjoyed your perspective

What’s this?

You are currently reading NMM example #1: web health + security audit at commonspace.


%d bloggers like this: