I'm willing to forgive Mozilla this one time - I've been a Firefox loyalist since v1.5 and have no desire to change, but this cut pretty close. To me, it felt like someone at Mozilla trying to one-up their competition by providing the Mr Robot tie-in exclusively. I can almost understand Mozilla's desperation to slow the seemingly unstoppable exodus of Firefox people to Chrome (which I refuse to use for many reasons, chiefly that it's becoming the new IE with web-breaking rendering and extensions that only work on it), or a way to bring in more revenue to a foundation that's probably losing funding, but this was a very short-sighted move that undermines what Firefox has always stood for - respecting the user's choice in their browser. It was bad enough when they bundled Pocket pre-installed, but at least that was clearly announced beforehand, and I only tolerated because I was already a Pocket user. Sneaking stuff into the browser silently, no matter how good the intentions are, is a backdoor in all but name, and that makes me, as a sysadmin, very nervous. Mozilla have a ways to go before my trust in them is restored, but I don't want to switch away. Others may not be so forgiving.
It's just another terrible decision in Mozilla's long history of mismanaging Firefox. They've been dumbing down the UI and turning Firefox into a me-too Chrome for the longest time. They broke plugin compatibility, harming Firefox's big killer feature. For the longest time they pretended their performance was competitive with Chrome, when it quite clearly wasn't.
You already mentioned the Pocket fiasco. I could've sworn they also once bundled a non-Free plugin for enhanced disabled access. They dragged their feet for years fixing a serious privacy issue regarding IndexedDB https://superuser.com/a/1250955/867963
Less scandalously, they use a non-standard licence for no clear reason.
The technical progress in Firefox has been great, but the history of mismanagement is awful. But I'm still using Firefox, for what that's worth.
Your link is about writing your own open source license, not about which licenses are standard. Nowhere in that blog is any mention of Mozilla. I am not sure what you are trying to say by linking to it.
How is the integration of Pocket in any way similar to the Mr. Robot scenario? You just pointed to a recent article where they are explaining exactly the what/why/how details of this integration. There is nothing surprising or being hidden about this integration, and it's been a long time coming if you have paid attention to the beta/nightly/dev channels.
My issue with the Pocket integration is that it's non-removeable - you get it whether you want it or not, and even if you remove the button from the toolbar, the code is still there within Firefox. You can't remove it like a plugin. To me, it adds another security problem that can only be fixed with an update of the whole browser, and you don't have the option not to have it.
But as I said, Mozilla were very up-front with the plans. They weren't with Looking Glass.
Which leads nicely into my thought - then why not make it a plugin? Why not have the browser ship with Pocket as a plugin, thereby giving users the option to completely remove it?
That's a good question and I think Mozilla simply intents to make Pocket something that people choose Firefox over Chrome for (atleast the vast majority of mainstream users). They're also heavily working on improving it's privacy impact, which is already fairly low if you don't use it at all.
What I'm wondering now is if the firing-by-moral-outrage of the Firefox exec in the last couple of years was the start of this campaign to dupe FF users in to using an advertising platform (perhaps it was entirely coincidental)? For real, they're not letting up on the backdoor commercialisation are they.
I'd love to know who, the people, is making these decisions?
For me, this whole fiasco was the last straw: Quantum had already broken the plugins I use for vertical tabs, and then I found that the only reason Quantum was introduced was to allow this Looking Glass plugin to collect telemetry from the whole of the browser window, not just the pages being rendered. Like yourself, I've been a Firefox user since the Phoenix days, but this was a step too far.
I switched to Vivaldi, which is a Chromium with high levels of customization, including a vertical tab bar.
>and then I found that the only reason Quantum was introduced was to allow this Looking Glass plugin to collect telemetry from the whole of the browser window, not just the pages being rendered.
What.
I'd really love to know how you came to this conclusion.
>Quantum was introduced was to allow this Looking Glass plugin to collect telemetry from the whole of the browser window, not just the pages being rendered.
You have no idea what you are talking about. Quantum is a name for a variety of technologies in Firefox, all of which have a shared goal of speeding the browser up. None of them have anything to do with telemetry.
Also, Looking Glass collected no data. It says it right there in the article.
Please omit personal swipes from your comments here, regardless of how wrong anyone else is. It's particularly important to do so when you're right, so you can communicate correct information without discrediting it.
If you use negatively charged language about the person you're talking to, you're taking a big step away from factual exchange. On an internet forum, where we have precious little context to convey intent, that's almost always a destructive thing to do—and since it's both unnecessary and easy to avoid, we ask people to just not do it.
I often wonder these days about the value of telemetry and A/B testing. I think many heavily used pieces of software can benefit from a BDFL-like decision maker instead, especially if the alternative is software specifically designed to use me as a guinea pig surreptitiously. I feel like, in the race for adoption, we suffer a form of the tyranny of the majority with software. Decision making based on principles instead of popularity is the only way to prevent harming some of us whose software preferences are in the minority.
It seems A/B testing provides clear numbers on what's most popular, but you can't quantify what's right.
Indeed. When A is shit and B is shit then the result of your A/B testing is going to be the least shit of the two. At the end of the day it's going to be shit either way.
I'm a firm believer that you should never ask your user to make a decision or look over their shoulder. Not once ever. You should listen to their complaints and ideas when they come to you, then build your strategy on that. Be reactive, not prescriptive. That empowers the user, shows respect and results in a satisfactory product that benefits the user which after all is the end game.
Telemetry invades the user's privacy. Feedback does not empower the user because the user expects a reaction from it which is unlikely. A/B testing results in churn for the user which does not show respect, merely that they are a test subject.
Microsoft as a fine example could learn a lot from listening to their users rather than steamroll ahead based on collected telemetry and feedback data.
A fine example: People didn't want UWP/metro and still don't today. I have yet to meet one person who uses that side of windows 10. They wanted shit that worked, was faster and kept out of their way and didn't wreck the workflow that they had invested years in learning or had someone experienced close at hand to help them with it. 90% of the userbase just installs chrome and does everything in there as well so that stuff just gets in the way.
> I have yet to meet one person who uses that side of windows 10.
I was going to say, "I do!", but then I realized that no, actually, I don't. I mean, I have a Win10 tablet PC which I often use in tablet mode, and I appreciate the Windows 10 UX. But what I most appreciate about that UX is... how well it works with regular Windows applications!
Because it turns out UWP/metro is just too dumb an interface. It's Android/iOS-level dumb (just with less apps). I'm split about Microsoft right now. On the one hand, I just don't understand why they're on the "dumb down everything" bandwagon. On the other hand, as long as they still support normal Windows interface and applications, I want to support them and wish them best, because Windows 10 is literally, honest-to-God, the best system for tablets that currently exists. Period. I don't want to have to move back to Android.
I find Windows trend to be quite odd, too. And that's really telling of an issue, because I'm still using my Windows Phone and desperately want more quality apps. However, when I move back to my desktop, I rarely use UWP apps--with the exception of a handful that sync with my phone, like podcasts or my budgeting app.
Even when I use my Surface, I rarely end up using the UWP apps because, as said, they're dumb. Even the Microsoft ones feel half-baked and lacking. I think Microsoft should have dumped more money into Research and tried to find a novel method for automatically handling different UI sizes without dumbing down the UI.
I like the idea of the Store, too, but I think instead of forcing all apps to this new interface, they could have created a new package format, like Mac's _.app_ directories, to allow one-click install distributions of classic Windows applications.
Strongly agree. I said that before back during Homebrew's telemetry fiasco - no, you don't need analytics in your desktop software. You especially don't need opt-out, active-by-default analytics. People made software totally fine without spying on everyone back in the day, and I'd hazard to say that it was often better software.
> I think many heavily used pieces of software can benefit from a BDFL-like decision maker instead, especially if the alternative is software specifically designed to use me as a guinea pig surreptitiously. I feel like, in the race for adoption, we suffer a form of the tyranny of the majority with software.
I’ve recently been feeling the same but couldn’t articulate it as well as you have.
This is one thing that the biggest open source projects seem to get wrong more often than right (trying to be all things to all people, all of the time). Management by consensus usually yields mediocre results in the commercial space, too. The BDFL model is a great compromise. Everyone gets a say, but not the final say, and there’s a consistent vision driving the project.
When projects get very popular, it’s hard to say “no” and keep that vision focussed. This seems to come more naturally to proprietary projects, at times resulting in a better overall experience for the narrower subset of users served.
There are advantages and disadvantages to community governance. It is easier for people to feel ownership and a governance stake. Projects tend to value backwards compat more consistently, rather than following the preference of an individual BDFL, since stakeholders who are injured by a compat break can have more say. This stability over time makes them safe to invest in.
Plugin based architectures tend to work well under such governance, as then the contributors are more insulated from each other and interfere less frequently.
No single governance mechanism is so much better that the others need to go away. Not every project should have community governance, not every project should have a BDFL. Not every project should even take outside contributions -- personal projects (especially licensed under CC0) can offer great value to the wider world without having to placate opinionated contributors.
They kinda missed the point that people dont like when companies install things on their devices without permission. If its part of the shield program how about we provide more transparency on that? Like how to opt-in/opt-out, what exactly it does? etc? I've been a firefox user since it came along to displace IE6 and i've never heard of the shield program. Better communication with your userbase is essential to maintain a sustainable product for the long term.
> They kinda missed the point that people dont like when companies install things on their devices without permission.
But it's a pretty blurry line, isn't it? You give permission to install Firefox, and it's somewhat arbitrary is a specific code is "part of Firefox" or "part of an extension" when that extension is shipped with Firefox by default.
(In this case, the specific code wasn't even executed unless the user flipped a switch in about:config. The problematic part was something being listed among your extensions that you couldn't make sense of as a user.)
Any competent manager should be able to tell the difference between "functionality directly related to what users expect of a browser" and "code that we have installed on their machines without their knowledge, primarily motivated by our interests rather than theirs".
This is not about the specific implementation of such decisions, such as whether including it as "part of" or "extension to". That's a pointless distinction - also something any competent manager in the tech sector should be aware of.
I'll take up the argument that they shouldn't have shipped, sure. Bear in mind that I myself don't actually care that much, but I do think we need devil's advocates for this sort of thing on occasion.
Easter eggs started at a time when software and games were shipped on cartridges, disks, or other media. If there was extra room available, it didn't affect the user experience to include them (performance was always very much in mind back then).
Today, however, we see a couple of changes:
First, apps and games are mostly downloaded. Easter eggs take up additional space, slowing down your download in the best case, and eating away at data caps in the worst cases. So you're already doing something that is somewhat hostile to the user.
Second, both Mozilla and Google position their browsers as fast and lightweight. Does including Easter eggs actually help further either of those claims? Most likely not. One Easter egg might not really impact performance at all, but at what point does it become a problem? There are probably different teams working on the browser, and if each of them are adding Easter eggs, how long before those start to affect performance, whether because it's cruft or because many users are on older systems that don't have as much memory as the typical developer is used to?
Thanks, I think this is a reasonable viewpoint that I can understand, even if I don't agree with it - but it makes it clear that we come from different places and hence different conclusions on the situation at hand as well.
Well, the same was true for the so heftily discussed Looking Glass extension.
It did not do anything, unless you manually switched on an about:config value. And if you did, then all it did, was flip some random words on webpages upside down.
Which is a relatively arbitrary criteria to be so categorical about.
No, I don't like it either to have eastereggs in my software that wasn't just put there for the fun of it, and rather was also motivated to some degree by a continued commercial relationship. But if this commercially motivated easter egg helps to gather more money to improve the software, which itself is non-commercial, and is as harmless as Looking Glass, then I do not see a problem with that.
And let me repeat that, if it is as harmless as Looking Glass.
I do not see a reason to categorically exclude any sort of commercially motivated thing from the browser. Even including some actual ads would in my opinion not be unthinkable, given that they get enough money for it and have effective ways to do good with that money, while especially also taking into account that users will get pissed off by it and leave the browser, effectively slimming the ability of Mozilla to do good.
If you take everything into account, you can be morally on the good side without having to resort to never doing things from certain categories.
Don't know why you're getting downvote, the first part of your stmt might be debatable, but being harmless is reasonable and in the example of about:config, it's also useful for a smaller set of users.
It's their obligation to make sure the line is not blurry. As a user I always want to know the following:
- What does it do?
- Is it needed for core functionality or optional?
- How do you switch it off/on?
- Does it transmit any data, and if so, which one and how do I control the data flow?
- Who are the developers and is the code open source or is it proprietary?
- What are the default settings and why?
If it's optional, then it's an extension. If it's on by default, I better get a very good reason for it (e.g. that it ostensibly enhances security). All of the above questions need to be answered before I install it, i.e., the information needs to be freely available and easy to find on web pages, release notes, Readme, etc. If something is added in an update or upgrade, I need to be informed and given a choice about it.
It should be so, but Mozilla demonstrated they feel the line can be as blurry as they wish by integrating Pocket a year or two back. That should have remained an entirely optional addon.
This particular one didn't get complains because of a combination of reasons like:
- It is completely off-line (hell, it's only available on the "you're off-line" screen, where there isn't much else you can do with a browser).
- It's off by default (you need to be on a proper screen).
- It's a small and self-contained game. Doesn't impact anything else beyond a small area on the tab, which makes it just a step up from an animated GIF.
- It's just a joke, it isn't tied to any commercial franchise or brand, nor does it promote any ideology or organization.
- People expect less user-fairness from Google than from Mozilla.
Ultimately, the line is fuzzy, but Chrome's dinosaur is clearly more like an Easter egg, and Mozilla's Looking Glass is clearly more like a very specific extension/feature.
> It's just a joke, it isn't tied to any commercial franchise or brand, nor does it promote any ideology or organization.
This is an interesting point - I guess the blowback would also have been far less intense had it been a reference to e.g. Big Buck Bunny rather than Mr. Robot.
There's a reason Microsoft banned its developers from doing easter eggs.
There's a fine line between "Easter Egg" and "within of 3 months we've installed without user approval CliqZ's tracking, added Google Analytics to the about:addons Discovery menu, and added some easter eggs". This is how you lose all trust.
This is the kind of logic that ends up with things like a Java installer "helpfully" giving the user a Yahoo Toolbar in their browser or, for more extreme examples, Superfish and the Sony rootkit.
I would argue it's almost always obfuscatory, if not deceptive. How many emails/updates do we all get with something along the lines of `We've updated our terms, read them here!`. This extension could have easily found its way into one of those updates
I dont think the line is that blurry personally, we get asked permission if we want to send usage data back to Mozilla to help them, i allow that, because i'm asked and informed about whats happening. I dont see why the same prinipal cant be applied to the shield program.
I wasn't talking about sending data back being blurry, but about the line between code "being installed together with Firefox" and code "just being part of Firefox".
Respecting privacy is about not pulling user data without consent. The problem here is about control, i.e. not pushing content to users without consent.
@MoCo, you might think the (marketing) key for the (economic viability in the) future is privacy. I tend to agree. Currently, privacy has to be enforced because people are not in control. For everyone to be able to choose a satisfying level of privacy, we need tools we can control and education (poke @MoFo).
IMHO, what we (power?) users (influencers?) need is control. Hence the problem with the recent lack of support of legacy addons. While we can understand it from a security/privacy/technical point of view, it nevertheless goes in the wrong direction WRT control (shaping your tool for a specific usage).
That's a shame that you, we, can't imagine something better and make it available.
> Currently, privacy has to be enforced because people are not in control. For everyone to be able to choose a satisfying level of privacy, we need tools we can control and education
I agree. It's all about control. Which is why I rant so often about modern UI/UX/software design trends - they're all about disenfranchising users! The amount of control the users have over their software is being actively reduced everywhere.
IMHO, the synergy between MoFo and MoCo should be stated as "the former educates people, the latter provides them with tools they can control". The success of the MoFo would then fuel the need for software implemented by the MoCo, and the other way around.
No one, especially Mozilla, should never ever decide for us what we need.
Mozilla, you are 100% completely and absolutely out of touch. The problem is not that a study was conducted incorrectly! The problem is that software was secretly bundled with Firefox, software that is at the very least bloat and might be considered adware -are you paid for this? Was it a favor? Part of a non financial partnership/promotion?
You don't see the problem here, no, you plan on doing this again. With the only change being that you will try to answer a specific question.
You could not have mitigated the uproar by "trying to answer a specific question" and "appropriately naming the 'study'". The biggest issue is that you are unable to realize that.
> You could not have mitigated the uproar by "trying to answer a specific question" and "appropriately naming the 'study'". The biggest issue is that you are unable to realize that.
That’s not how I read it. What they’re saying here is “the fact that it didn’t try to answer a question is a red flag unto itself”. If it had tried to answer a question, it would’ve collected data, and the usual privacy process would’ve kicked in hard: is this an appropriate question to ask, are the changes narrowly tailored to ask that question, are we handling the data appropriately? On those counts, a version of Looking Glass that collects data would never have rolled out. Instead, by not collecting data, they found themselves answering an overly narrow question: does this impact user privacy? No, it does not!
Naming really was adding more fuel to the fire though. It’s a fine line between a surprise/Easter egg and being outright deceitful, and the cock up with the SHIELD test burnt through all the goodwill they might have here.
>> Instead, by not collecting data, they found themselves answering an overly narrow question: does this impact user privacy?
What makes them out of touch is that these were apparently the only criteria that needed to be met. As opposed to, say, "how would people feel if we took our software, which occupies a space in their workflow that demands a lot of trust, and auto-updated it with a marketing campaign for a TV show?"
I mean, if they wanted to answer the question "how many of our users like Big Bird?", and they crafted a pop-up survey to be delivered through this mechanism that did not impact user privacy, would that get the green light?
It's not just about respecting user privacy and safeguarding data, it's about adhering to expectations. The fact that there was apparently not a single human in the loop with the power to stop this from rolling out that recognized this is concerning, and the fact that there's no mention of it in this blog post is doubly so. What people want to hear is not just "we will safeguard your data", it's "we will never waste your time or introduce any kind of risk by pushing things like marketing campaigns into your trusted software."
Yes, absolutely. Hence my describing it as an overly narrow question.
My point is precisely that, in going the SHIELD route, they selected for people who would ask that narrow question, because that's what they're usually concerned with, rather than the bigger questions they should've been asking.
This post wasn't about answering those questions, that they have done already elsewhere (some of it linked in the article, even). This was about how they will make sure not to use SHIELD to do the same in the future.
Come on, this doesn't trigger your weasel words detector?
>An ‘experiment’ that does not capture any data is not an experiment at all.
>In retrospect, not capturing data was a strong indicator that this was not a good SHIELD study candidate, so we’re making sure we’re going to specifically evaluate future studies
So a commercial add on that _does_ collect data is ok?
3 times in, what, a year they've now tried deceptively foisting bundled changes (with commercial links) ... whoever is in charge clearly didn't get it and just thinks it's about implementation details.
Pocket integration was in 2015 (acquisition was in Feb 2017 [1] as linked in this article as well) so not last year, but the Cliqz debacle was last year. Assuming Looking Glass is the most recent one I'm not sure about #3. Describing Pocket as being #3 within a year is dishonest IMO.
Pocket, Hello/Telefonica, Pocket again (or was it Hello, my recollection is hazy, they forced the icons back for users who's removed them), Mr Robot, ...
I apologise if it causes some harm that I have imperfect recollection.
Not what I was arguing. The purpose of my post was helping out recollecting the mistakes Mozilla made. I don't remember the Hello issue. You're also forgetting the Cliqz debacle. Sure, it was German-specific, but still.
I don't think it is fine, and it is good Mozilla is being criticised. However, the alternatives are arguably much worse.
Since there's likely to be people that do not consider this sufficient, a question out of personal interest: what could Mozilla do/have done to sufficiently prevent something like this from happening in the future?
There's a certain point at which it's important to forgive the offender. Mozilla does not usually make mistakes that compromise user privacy/security. To their credit, this mistake didn't do that either. While it may have led users to suspect many things, this particular Shield Study was not sent maliciously, nor did it lead to any malicious activity. Mozilla acknowledge this, have repented for their actions, and issued a set of rules for these studies which are clear and transparent.
I'm not sure they could have done anything more short of going back in time and reversing their stupid decision.
If someone fucks up, and then stands up and says "I fucked up, I'm sorry, it won't happen again" then the best thing to do is to give them a chance. If we were to crucify everyone regardless of whether they apologised or what they promise for the future, the incentive for improving behaviour is low.
I am not trying to crucify anyone but Mr CMO is definitely not a good match for the vision I want at Mozilla. As such, I want him to step down from all responsibility at Mozilla. I'm sure he is a good person and means well. I'm sure he is very good at what he does and I appreciate his contributing to Mozilla but I think he'd be more valuable outside a leadership role at Mozilla.
Mozilla still runs Google Analytics on about:addons "Discovery" page, saying that they have a contract with Google that Google won't abuse that data, and if we don't trust Google to uphold our privacy, we shouldn't use Firefox. (Statement given on the AMO bugtracker about this).
It's important not to forgive Mozilla, and to constantly remind them of CliqZ, the tracking in Firefox Focus (also using Google Analytics) and about:addons Discovery page, and of Mr Robot.
Only then, maybe, will they learn something from this. For now, it looks like they don't give a shit.
Or all the more reason to try to gain more users via a promotional ad like this one in order to stay relevant and not go the Opera route. In hindsight it backfired, but hindsight 20/20 is easy. Thing is, why assume malice?
While I understand the sentiment, does that mean they should also remove the search box/ability to use a search engine from the address bar? And what if the search engine they promote is e.g. DuckDuckGo?
A search engine frontend produces content in response to a user query, not proactively. Even before the first query I get an option to choose. It's not the same thing. It's more on the content conduit side than operator-run showcase.
Has the idea that Mozilla won't survive without advertising income been substantiated somewhere? (This ad was unpaid, though.)
Installation of the addon was not opt-in. Receiving any form of promotional content was opt-in via about:config. There is an open conduit; anybody else could offer an addon.
So I agree that it was not neutral, because there was more of a barrier to other advertisers than to Mr. Roboto. The right thing would be to have hosted the addon on addons.mozilla.org, same as for anyone else.
But it's not a dramatically uneven playing field, given that an open conduit does exist and the reception of any actual advertising was opt-in. (I'm not saying it was ok; it wasn't. But it's not as black and white as you are saying.)
"SHIELD was an inappropriate channel to use to ship this. We don't believe there is any appropriate channel for us to ship this other than an opt-in add-on in the add-ons-store, and will never ship software of this nature through any other channel in future."
As is I trust they won't use SHIELD next time (and have opted back into their studies based on the policy change), but my expectation is that next time they want to ship some garbage like that they'll use some other channel and marketing have probably already identified it.
There is no simpler lesson than "don't install unexpected software on your users machines".
So simple. So obvious. So necessary, if you value privacy.
Yet they have not acknowledged the mistake or shown any signs of willing to listen to the complaints - their entire explanation is about something else that people weren't even aware of!
Given the level of feedback and the intelligence of the recipients, this is unlikely to be a mistake or a coincidence. It is reasonable to conclude they fully intend to repeat this behaviour in future.
The root of the problem is clear by the fact that simple statement “we were wrong” is nowhere to be found in Mozilla's responses. Instead, we get nothing but glossy corporate bullshit about potentially mismatching values.
People who don't get why it is important are leading Mozilla into the grave, no matter what expertise and experience in other areas they have. Unfortunately, the world has never seen a bureaucrat who resigns on his own will.
That's the very corporate bullshit I mentioned. They talk about vague “concern in the community”, while the problem is direct, one-on-one breach of trust between Firefox and each of its users. People were fine with sending crash reports that can cause someone at Mozilla wonder if spending 10 hours at a single porn site page is a common use case, and the ability to install new code on users' systems could be a necessary evil in case of some network worm exploiting some zero-day, but that all was grounded in the firm belief that Mozilla did what it was supposed to do, i.e. making a good web browser, and was not abusing its tools.
The people responsible don't even understand the multi-layeredness of the fuck-up (because they don't understand the core problem).
a) There is a silently installed unwanted code.
b) There is a little known backdoor in Firefox that installed the code. (And that makes manual confirmation of regular updates a security circus that simply cheats the user.) Sure, they can say it is only used to satisfy a specific set of developers' needs, but
c) It has already been abused!
d) To everyone's amusement, Mozilla happens to bother itself with that baloney (“…instead of working”, many will add).
e) No one at Mozilla prevented that from happening (or was able to, or was aware of it).
f) That all makes the crack between Mozilla's declarations and Mozilla's reality shine bright. Now if someone at Mozilla decides to come up with the times and sell user browsing history (“non-personalized”, as they say), will I be able to find solace in another couple of PR bullshit blog posts?
If some engineers were Mr Robot fans and decided to implement the same functionality, it would have been forgotten in a couple of days. Easter egg, mildly amusing, go on. But a company that shows its absolute incompetence that way is not a pleasurable sight.
A good post-mortem summary does a few things: (1) describes the actual event timeline clearly and precisely; (2) describes the negative consequences of the event (if they are not implicitly clear) from the end-user's point of view; (3) lays out exactly what mistakes were made that led to and continued the event--whether in assumptions made, process failures, inadequate process, unanticipated consequences, side effects to remediation attempts, etc; (4) describes planned and potential changes that will avoid the problem in the future along with a communication plan for keeping stakeholders informed of any future changes. A good post-mortem does all of this while taking a broad, organization-level view of the event and a user-focused view of its consequences.
Maybe the internal document covers all of this, but this blog-post summary does not. And what is included here does not bring me great confidence.
Firstly, this summary indicates they were far too narrowly focused in their assessment, talking only about the Mr Robot promotion's compatibility with the purpose and restrictions of the SHIELD tool. And I suspect that maybe internally the story now is that some marketing staff misused the SHIELD approval process to get this plugin around other more robust processes.
But the intricacies of which particular avenue within Firefox or Mozilla this occurred through is a backwards view of the problem. Users aren't upset that the SHIELD tool was misused to push an ad on unsuspecting and confused users. They're upset that _Firefox_ was misused to push an ad on unsuspecting and confused users. The problem here is the entire idea of a "TV show tie-in" to Firefox.
And lastly, the action items here are pretty pathetic, and fail to address users' concerns (not a surprise since users' concerns are never explicitly recognized in the post, either). Yes, SHIELD studies should be actual studies; and yes, SHIELD studies should be clearly named; and yes, it's bad that the SHIELD program was used to ship a commercial. But never once does this post promise that Mozilla will take a broader view of the actual needs and desires of their users, or that they will correct their internal mindset that led to anyone thinking this tie-in was ever remotely a good idea.
Regardless of the rights and wrongs of Mozilla doing this in the first place, this is why open source is great. Can you imagine getting this kind of transparency and humility from Google or Apple?
I'm not sure it's an open source issue, rather than a 'why non-profits are great'.
But regarding 'Can you imagine getting this kind of transparency and humility from Google or Apple?' I think Apple's response to the the battery debacle (the software update was installed with good intentions, but with insufficient explanation) is similar and in response to similar reputational damage.
My immediate impression of this article was poor, because in the very first paragraph it used “tv” instead of “TV” and “add on” instead of “add-on”. Spelling is important. Most people won’t notice it, but there are a lot of us who do, and put quite a bit of stock by it as well—when you get it wrong, it doesn’t reassure us that things are being run well, and it distracts us and detracts from the article.
In this case, I continued to read, and it did improve; but those couple of errors at the start damaged it.
(Since I’m mentioning such errors, two more jumped out as I skimmed the article: the text which is linked in `[set of principles t]hat `, and the space in `wiki ,`.)
People may not like to hear these things, but I assert their veracity and importance nonetheless.
The way this is written, it seems like this "experiment" would have been okay -- by their standards -- if it had just captured some data... and they will make sure that any other experiments like this DO capture data... and that will somehow make them okay.
The marketing people writing this stuff (I assume) really don't get it, do they?
I read this more as "this wasn't an experiment and we've updated our procedures so we can't push things that aren't experiments through that channel", and hopefully there are no channels that they would use to push that game in future. They should have explicitly said that there aren't though, because I don't know if I trust them not to find some other channel they think is appropriate next time.
The way I read it, they pose that "if it had just captured some data", the plugin would have been flagged in their privacy review process. They're not saying the plugin was ok otherwise, they're explaining why it wasn't reviewed properly.
