MozillaZine

Mozilla Privacy and Security Tutorial

Wednesday July 16th, 2003

Gunnar writes: "I have published a tutorial for Mozilla's privacy and security features. It explains and recommends settings. Feedback is very appreciated."


#1 Great Article (and some spelling...)

by derek_allard

Wednesday July 16th, 2003 6:13 AM

Reply to this message

WOW! Great job! I love it, and I'll be pointing many people towards it. Very complete and well written. You have done some fantastic work. I hope you don't mind, but I noticed a number of spelling/grammer mistakes. I thought you might want to clean it up before you start getting a lot of traffic from the non-converted :)

Derek --

<http://mozilla.gunnars.ne…nd_security_tutorial.html> People have various reasons for chosing Mozilla [I think that should be choOsing]

<http://mozilla.gunnars.net/privacy_security2.html> Animated images should loop: When used seletively, this [seleCtively] Do a search for "reuinion" and make it "reuNIion" Thoughts about blocking banner ads: Keep in mind, hoever, that [hoWever]

<http://mozilla.gunnars.net/privacy_security3.html> Do a search for "occured" and make it "occurRed"

<http://mozilla.gunnars.net/privacy_security5.html> First sentence "addingfeatures" should be two words Last sentence "attachements" sould be "attachments" Also on this page, your screen capture of what scripts should be allowed to do is not the same as your recommendations (you have "change status bar text" as allowable").

#4 Re: Great Article (and some spelling...)

by Gunnar

Wednesday July 16th, 2003 7:35 AM

Reply to this message

Derek,

thanks a lot for your encouraging feedback and for pointing out the (embarrassing ;-) errors I made. They have all been corrected.

Regarding the screenshot: It does show the recommendations I made. "change status bar text" is not specifically mentioned, i.e. it is one of the features that "neither hurt if selected or deselected".

BTW: I have added a link to my article that describes how Mozilla's Spam filter works (and how it has to be trained) and summarizes Hard Tecs 4U's review of it (where they compare Mozilla's Spam filter to Mailshield).

#5 Re: Re: Great Article (and some spelling...)

by derek_allard

Wednesday July 16th, 2003 7:50 AM

Reply to this message

D'uh. Sorry, of course.

I think you could argue that allowing javascript to change the status bar IS a security liability, as it is possible for me to mislead a visitor into thinking they'll go to one place, when actually they are linking to another. For example consider: <a href="reallybadsite.com" onmouseover="status='reallygoodsite.com';">

Derek

#8 About the spam filtering

by Anthracks

Wednesday July 16th, 2003 11:02 AM

Reply to this message

First of all, I enjoyed both your articles, it's a great summary for newbies which I'll be sure to pass along. I do have a question, however.

When Mozilla (as well as your article) says it need to be trained as to which mail is NOT spam, does that actually mean you need to select non-junk messages and mark them non-junk again? I was under the impression it simply meant you have to be sure to re-classify messages that are incorrectly deemed junk. I'm not sure which is true, but I think either way it's a fairly confusing point and one which the Mozilla documentation should make clearer.

#9 About the spam filtering

by Gunnar

Wednesday July 16th, 2003 11:12 AM

Reply to this message

Yes, to get the best results, you should indeed marky all non-spam messages as "not junk". The filter will work without doing it, but I have heard from a few people who complained about false positives. When I first started using Mozilla's Spam filter (I just recently upgraded from 1.0.2 to 1.4 because of Netscape's spell checker) I trained the filter with my entire inbox (approx. 2000 messages) and I have so far gotten zero positives. Due to the way the filter works, training it with both spam and non-spam will noticeably improve the results adn its reliability.

I believe that false positives will annoy users more than a missed Spam message and unfortunately Mozilla's documentation (and useability) is IMHO lacking in that respect.

#2 Great Article (and some spelling...)

by derek_allard

Wednesday July 16th, 2003 6:14 AM

Reply to this message

WOW! Great job! I love it, and I'll be pointing many people towards it. Very complete and well written. You have done some fantastic work. I hope you don't mind, but I noticed a number of spelling/grammer mistakes. I thought you might want to clean it up before you start getting a lot of traffic from the non-converted :)

Derek --

Page One <http://mozilla.gunnars.ne…nd_security_tutorial.html> People have various reasons for chosing Mozilla [I think that should be choOsing]

Page Two <http://mozilla.gunnars.net/privacy_security2.html> Animated images should loop: When used seletively, this [seleCtively] Do a search for "reuinion" and make it "reuNIion" Thoughts about blocking banner ads: Keep in mind, hoever, that [hoWever]

Page Three <http://mozilla.gunnars.net/privacy_security3.html> Do a search for "occured" and make it "occurRed"

Page Five <http://mozilla.gunnars.net/privacy_security5.html> First sentence "addingfeatures" should be two words Last sentence "attachements" sould be "attachments" Also on this page, your screen capture of what scripts should be allowed to do is not the same as your recommendations (you have "change status bar text" as allowable").

#3 Sorry for the double-post

by derek_allard

Wednesday July 16th, 2003 6:16 AM

Reply to this message

damn...

#6 about cookies

by ndeakin

Wednesday July 16th, 2003 8:08 AM

Reply to this message

I really hate it when people say "Cookies are small text files that are saved on your harddrive". They're not. It's misleading. It implies that web sites have the ability to save files on your system, which they don't. I think this may have led many people to think that cookies are a larger privacy/security threat than they actually are.

Instead you should say something like cookies are small bits of information remembered for a web site, or something like that.

#7 Is this better

by Gunnar

Wednesday July 16th, 2003 8:30 AM

Reply to this message

ndeakin,

you are, of course, right. The last thing I want to do is frighten or confuse anyone. Is this better:

"Cookies are small bits of information remembered for a web site that are saved on your harddrive as a text file by the browser (i.e. not the site/server itself). Cookies by themselves pose no security risk: They cannot contain a computer virus, nor can they be used to spy on you by reading your harddrive's content."

#10 better, but could be better still

by webgremlin <junk@transientweb.com>

Wednesday July 16th, 2003 11:16 AM

Reply to this message

Passive voice is the bane of clarity. Try this instead:

"Cookies are small bits of information your browser remembers for a web site. Your browser saves your cookies in a text file on your harddrive. Cookies by themselves pose no security risk: They cannot contain a computer virus, nor can they be used to spy on you by reading your harddrive's content."

-wg <><

#11 better, but could be better still

by Gunnar

Wednesday July 16th, 2003 11:56 AM

Reply to this message

Thanks a lot ! I changed the offending text ;-)

#12 about recommendations

by Lemerly

Wednesday July 16th, 2003 11:57 AM

Reply to this message

make the recommended settings stand out more. maybe with border/background or something.

#13 about recommendations

by Gunnar

Wednesday July 16th, 2003 1:09 PM

Reply to this message

I made the recommended settings stand out by adding a yellow background (for the first page), but I'm not sure if that improves the overall useability of the page.

What do you think?

#14 =)

by Lemerly

Wednesday July 16th, 2003 2:30 PM

Reply to this message

i was thinking more along the lines of this <http://superinetmall.com/helptest.html>

starting with the 3rd page i noticed you started using the style of "The recommended settings are:" that seemed to stand out to me best.

maybe it would be good to have a summary of recommended settings at the bottom of the page?

could be something like:

Recommended settings: "Enable all cookies" Check "Ask me before storing a cookie". Check "Disable cookies in Mail & Newsgroups" just my thoughts after telling my fiance many times this very thing ^^

#15 doh

by Lemerly

Wednesday July 16th, 2003 2:35 PM

Reply to this message

recommended settings stuff should be a list going down but it didnt post that way.

#16 about recommendations

by Gunnar

Wednesday July 16th, 2003 3:07 PM

Reply to this message

For now, the name of the setting is in a different color and bold. The summary at the end of the page is an excellent idea. I'll try to do that tomorrow, otherwise it'll have to wait until after my vacation :-)

#17 More info requested

by motobass

Wednesday July 16th, 2003 6:44 PM

Reply to this message

Perhaps you could also provide or point people to information on encrypting e-mail. There's a lot to learn on that topic and it is not easy to explain. Also, hardly anyone does it (except perhaps internal mail for large corporations), it seems. However, it definitely goes under the heading of privacy and security. See <http://www.gnupg.org/> for some explanatory stuff.

#18 Re: More info requested

by Lemerly

Wednesday July 16th, 2003 11:44 PM

Reply to this message

I second that as i have no idea how to do it.

#19 Re: More info requested

by jeti

Thursday July 17th, 2003 12:50 AM

Reply to this message

I second that.

Plus I think that Thawte offers free certificates for keys supported by Mozilla Mail. An advanced tutorial about how to obtain and use one would be great!

#20 cookies

by leafdigital

Thursday July 17th, 2003 3:54 AM

Reply to this message

IMO the best answer for cookies is just to use the 'allow from originating web site only' option. This gives you almost all the security of the approach you've chosen (since let's face it, if it comes from the originating site you are generally going to click yes) and none of the hassle.

You said it might cause problems on smaller sites; does it really? I've had this option on ever since... well I don't know which version of Netscape introduced it but it was in Netscape 4 wasn't it? Ever since then anyhow. Which is quite a long time. And I've never encountered a Web site that had a problem with it, as far as I know.

Other comments:

* I recommend setting animated images to loop only once as it's a problem on the general Web, not just a few sites. However, your page explains the option which should be good enough to let anyone make their decision.

* In the bit about blocking banner ads you don't mention the 'Flash Click To View' extension which is AWESOME and erases all Flash ads while still letting you play Flash files whenever you want to (a game or whatever) with a very easy interface.

* About passwords: in reality nobody I've ever seen in RL can be arsed to turn on the encryption. :) I suppose you can still recommend it.

In general I think the article is excellent and is fairly easy to understand. You could work a little bit on dividing up sections clearly, or perhaps splitting the document into more pages, but other than that it's good.

There is one typographical problem, it's a fairly serious one:

* Do *not* (ever!) use underline to indicate headings or emphasis.

In printed media, using underline only demonstrates that you don't know what you're doing, it doesn't really cause a serious problem. (Note: There is such a thing as a horizontal rule, which is not the same as underline. You're using underline, not horizontal rules.)

On the Web, though, using underline is a much worse idea as it makes things look like links. Even though after a while you're going to realise it, it's still disturbing.

So that underline really should go. For example, on the final page:

[[

_The recommended settings for "Enable Javascript for" are:_

Check ...

]]

This can easily be changed. Simply use a subhead and reword the text as appropriate:

[[

* Recommended "Enable Javascript for" settings

Check...

]]

That's it really, nice document otherwise.

--sam

#21 Re: cookies

by Gunnar

Thursday July 17th, 2003 5:37 AM

Reply to this message

Sam,

thanks for your suggestions: I implemented some of the style / design / typographical suggestions you made.

Regarding the Flash Click To View' extension: Do you have a URL for that?

Gunnar

#23 "flash click to view" homepage

by derek_allard

Thursday July 17th, 2003 7:11 AM

Reply to this message

#25 Animated images

by Tar

Thursday July 17th, 2003 9:56 AM

Reply to this message

No need for loop only once option since now there is press Esc to stop the annoying animations possibility: <http://bugzilla.mozilla.org/show_bug.cgi?id=70030>

#28 Re: Animated images

by ken_fallon

Friday September 19th, 2003 7:47 AM

Reply to this message

This is an excellent feature withouth having to press Esc on every page. It is one of the reasons we changed to Phoenix. The fact that this has been removed is the reason we're staying with Phoenix/0.5. Is it possible to activate this again - it makes Phoenix stand out.

Ken.

#29 Re: Animated images

by ken_fallon

Friday September 19th, 2003 7:48 AM

Reply to this message

This is an excellent feature withouth having to press Esc on every page. It is one of the reasons we changed to Phoenix. The fact that this has been removed is the reason we're staying with Phoenix/0.5. Is it possible to activate this again - it makes Phoenix stand out.

Ken.

#22 Image setting

by jdarnold <jdarnold@buddydog.org>

Thursday July 17th, 2003 6:06 AM

Reply to this message

The problem with turning off images in mail & newsgroups is that you can't ever get them back. I get a few emails that need to display images (for instance, from Comics.com). If I set that setting, then I can't see them!

I leave that setting turned off, but use the View|Message Body As option to toggle between "Simple HTML" and "Original HTML" (I wish there were a button for this). I leave it on "Simple HTML", which displays HTML but doesn't go and fetch anything. When I read my Comics messages, I switch it to "Original HTML", read the messages, and then switch it back.

#24 Re: Image setting

by jwilkinson

Thursday July 17th, 2003 9:36 AM

Reply to this message

That is a problem with the mail & newsgroups design. It'd be nice to have a command that would let you optionally load them for a particular email you are reading when the default is off. Perhaps there is a bugzilla feature request for it... I haven't looked yet.

#26 Great article!

by pointwood

Friday July 18th, 2003 6:49 AM

Reply to this message

I thought I had my preferences setup more or less perfect, but I found a few things to change.

Thanks again!

#27 Cookie's

by ed_welch

Monday July 21st, 2003 2:03 AM

Reply to this message

Recommend if you don't like websites tracking you that you also set the "enable cookies based on privacy settings", then click "view" and select level of privacy = "high". (By the way my personal opinion is that cookies should be implemented like pop-up blocking, with a white list of places that you allow cookies, rather than the other way around, becuase there are an infinite amount of cookie sites that you will want to block and it's just a waste of time blocking each one individually)