So I hear there’s this website called “The Facebook” that is really popular with the kids these days, and I decided to check it out…

Kidding, kidding. Of course I know what Facebook is. I’ve just been choosing not to participate. The whole “social networking” thing doesn’t offer me anything I want that I can’t already do through e-mail or by building websites. (I recognize that I am atypical in this regard).

I actually tried out Facebook back when it was university-students-only. I built a profile, linked it to my friends, and then said “Well, now what? I guess I’m done.” And I never went back. Eventually I deleted my profile, just to avoid spreading outdated information about myself.

Of course, Facebook now is not really the same application as Facebook in 2004. With over 350 million users (as many as Firefox), it forms a significant part of how many people experience the Internet, and as such it shapes their expectations for how web interfaces should look and feel, as well as how their real-life relationships should be represented in software.

This was the argument given by many of my coworkers, who told me that I ought to at least try out the modern Facebook, so that I could better understand where many of our users are coming from.

So I went to Facebook and started creating an account. I entered my first and last name and email address, and Facebook showed me a page saying “We think these people might be your friends”. There were several dozen people there who I actually know, mixed in with several dozen who I don’t.

Wait a minute, How does Facebook know who my friends are?? Remember, I hadn’t told them anything except an email address at this point. I was disturbed by how much they knew about me. More than disturbed. I was freaked out.

(more…)

Advertisements

How often do you recycle passwords? That is, use the same password for multiple sites? Even though you’ve probably been told this is a security no-no, it’s just too much strain on most people’s memory to come up with unique passwords every time.

Theoretically, the password manager feature of Firefox can help. Come up with a random string of characters and let Firefox remember you for it. This works great… as long as you have Weave, or if you never need to log into the site from a different computer.

And the problem’s getting worse, because these days almost every new site you come across thinks it’s important enough to ask you to create a password. Meanwhile, phishing attempts are getting more sophisticated. These are some of the reasons Mozilla is starting to explore identity management in the browser.

It would help if we knew how much password recycling is actually going on. How many different passwords does the average user use? How many times do they recycle each password? Do they have a throwaway password that they use on lots of unimportant sites, while making unique secure password for their bank?

That’s where Test Pilot comes in.

Pie chart of duplicate password use

The above pie chart, generated by Test Pilot, shows a breakdown of the passwords that I have saved in the Firefox password manager. I was running it on a throwaway profile, so it only has five sites with stored passwords. (If it was my real profile, it would have dozens.)

We should be rolling this study out sometime this week. Of course, the study will not be collecting the actual passwords themselves! Instead, it compares passwords on the client side, so they never leave your machine, and only the count of duplicate passwords gets sent across the network to the Test Pilot server.

I’ll post again when we have some findings to share from this study.

Here is the video of our Design Lunch session from last week, in which we discussed ideas for identity management in the browser.

The video is almost an hour long, so I don’t know if you have the patience to watch the whole thing… but it does open with me wearing a funny hat and narrating an imaginary legal drama. Then it proceeds to the showing off of screen mockups, followed by vigorous discussion of what the right thing is for Firefox to do in various tricky situations.

This is the first time I tried recording a design lunch using fancy cinematography techniques such as “pointing the camera at the person who’s talking”. I hope it makes it easier to follow.

You may also want to check out Aza’s blog post, which shows the mockups of potential interface designs. They should be easier to read there than they are in the video. You can also find out more at the Mozilla wiki page on the Identity project.