Passwords are broken. Privacy needs a helping hand online. And we live too much of our lives online to let any one site or provider own too much of it. What we need, says Mozilla vice president Jay Sullivan, is Privacy 2.0.
"From a pure browser technology point of view," Sullivan says, Mozilla has solved many of the issues it set out to deal with in 2004. ("We have gone from 97% IE to a world with great competition," he adds; "be careful what you wish for!").
But that means there's a new set of problems around identity and privacy and letting users be in control of their own information.
"What we have created is a world where people are really living more and more of their lives on line. It's almost like Privacy 2.0. Privacy [online] used to be [about] cookies and pop-up windows and artefacts of the browser itself; now it's about your real life - your location, your medical records.
"The challenges to personal information are bigger than ever. To keep users in control of their online experience now is starting to be more and more about their personal preferences, their social circle, how they feel about different issues... How do we make it so that information is not siloed in particular places on the Web where you should really own it?"
Why should it be in the browser?
Is the browser really the best place to do this? As a browser developer Mozilla is bound to think so, but Sullivan also points out that we already call browsers 'user agents'.
"We kind of backed into this word but it actually turns out to be pretty a pretty accurate description of what we want to do - which is 'as you navigate into this world, who's acting on your behalf? Who's your agent, helping you?'"
Mozilla is far from the first organisation to try and solve the issue of online identity and accounts (indeed, in a past life Sullivan worked at Firefly on a system that Microsoft bought and turned into Passport). One difference is that it's starting with small ideas that could lead to big changes. "We're not attempting to reinvent everything," explains Dan Mills, Lead Engineer at Mozilla Labs;
"We're focusing on ease of implementation." He's working on a technology called Account Manager which would let you log in and out of sites through the browser and have it create and remember a long, complex, secure password Mills calls a secret, which Mozilla's Weave technology will sync onto other devices for you.
He calls the changes websites have to make 'trivial' and Mozilla is already talking to properties like Google and Yahoo about what it would take to get them to support the idea.
This would make logging in to different sites consistent, it would give you more control about what info to share and, says Mills, "we would eliminate a whole set of phishing attacks" because it would be clear where you were logging in and when a supposedly familiar site was a fake site (because it would ask you for new details).
It's also just easier, which will matter more when Fennec brings Firefox to smartphones (in beta now for the Nokia 900 and coming this year for Android, says Sullivan); using Weave to sync encrypted copies of secrets and passwords that have been saved on your desktop means you'll be able to log in just as easily on a phone.
Sullivan demonstrates this by logging in to a secure internal Mozilla system in Fennec without ever having typed in his password on the phone. "Before I wouldn't even have bothered trying," he says; "It's the difference between giving up and doing something."
"One thing to keep in mind," Mills points out, "is that the status quo is to ask users for their username and password on other services and that is fundamentally broken." Despite the security problems passwords cause, Sullivan doesn't want to sound like an alarmist. "How do you provide something positive and engaging, that's not framed in the negative?
It can be a little fearmongery… I don't what to just make people get scared and run away from the Internet. How do we enable them to do awesome things and through that give them a path that happens to be safer and more protected? We want to do all these awesome things but we want to do them in the right way."
What kind of awesome things? Once the browser knows you're logged into a site, it could look for details of your online contacts (another Mozilla Labs project). When you want to share a news story you enjoy by email (even in the age of Twitter, that's still the way most people share links), the browser could give you a dropdown list of your contacts on any website.
Or you could find out which of your contacts are reading the same site at the same time, without anyone but you finding out who your friends are. That's where Mozilla has an advantage, suggests Sullivan.
"The thing that's different about what Mozilla can do from Google or Facebook - they have to make money, they have investors, they have [to make] returns. We're from the opposite approach. We don't really care about the money; our goal is to always be on the side of the user. It's kind of liberating! We don't have to say 'how are we going to monetise these things?'"
Article continues below