Additional steps to regain and retain user trust

Ask for help about NoScript, no registration needed to post

Additional steps to regain and retain user trust

Postby Sudonim » Tue May 05, 2009 9:17 am

It appears that you are still serving up the Ghostery specific CSS rule which hides the normally temporary notification box that is generated by that extension. I respectfully encourage you to remove that rule so as to better adhere to the spirit of "no surprises".

It appears that NoScript's default white-list still includes a number of Google, Microsoft, and Yahoo sites. Although white-listing those might help some small fraction of new NoScript users to email their way out of trouble, it exposes all new NoScript users to potential privacy risks. It seems to me that it would be best to remove those white-list entries and very clearly alert new users to the "Temporarily allow all this page" command. Which would prove useful to all new NoScript users including the many that use other email services and/or who turn to web forums, web chat, etc for help. Please consider this.

It appears that NoScript's default white-list still includes googlesyndication.com. I believe this would in practice expose NoScript users to potential tracking/profiling across numerous to very many sites. Ideally there would be no exceptions which expose NoScript users to ad networks. It may or may not be possible for you to achieve ad revenue without using a network. I would encourage you to explore self-hosted ads or at least make it your topmost priority to adjust things so that any default ad network white-listing applies ONLY to the NoScript site and all users are very explicitly made aware of that exception.

I think changes such as these would make for a safer and more respectable NoScript environment and serve to demonstrate that you are placing more emphasis on your users. Thanks for your time and thanks for NoScript.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
Sudonim
 
Posts: 3
Joined: Mon May 04, 2009 9:46 pm

Re: Additional steps to regain and retain user trust

Postby Sudonim » Tue May 05, 2009 9:44 am

Please forgive the self reply, but I think it important to add... I have no ties to Ghostery. I don't know anyone involved with that. I tested it but that is the extent of my relationship with it. I don't want to fan another NoScript vs OtherExtension battle. I would just like NoScript to be the most user (privacy) friendly extension it can be.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Sudonim
 
Posts: 3
Joined: Mon May 04, 2009 9:46 pm

Re: Additional steps to regain and retain user trust

Postby dhouwn » Tue May 05, 2009 9:54 am

My idea for an alternative to the predefined whitelist entries: An configuration assistant which opens on the first run.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b4) Gecko/20090503 Firefox/3.5b4
dhouwn
Bug Buster
 
Posts: 940
Joined: Thu Mar 19, 2009 12:51 pm

Re: Additional steps to regain and retain user trust

Postby Alan Baxter » Tue May 05, 2009 3:59 pm

Interesting suggestions.

Sudonim wrote:It appears that NoScript's default white-list still includes a number of Google, Microsoft, and Yahoo sites. Although white-listing those might help some small fraction of new NoScript users to email their way out of trouble, it exposes all new NoScript users to potential privacy risks.

None that they didn't have before. The default whitelist doesn't immediately reduce the new NoScript user's security or privacy, Instead, it helps mitigate the "NoScript breaks the web" experience that would be much more common if those sites weren't whitelisted. Breaking the biggest web sites by default would be a "surprise" indeed. I've felt no need to remove them from the whitelist and I've never recommended that action. Perhaps the FAQ item I mention below could include a sentence along the lines of "those who don't use sites such as Google, Microsoft, and Yahoo, and have any concern about having them whitelisted, can easily remove them using the NoScript Options Whitelist pane", if it doesn't already.

It seems to me that it would be best to remove those white-list entries and very clearly alert new users to the "Temporarily allow all this page" command. Which would prove useful to all new NoScript users including the many that use other email services and/or who turn to web forums, web chat, etc for help.

I don't think this change is desirable. Next to "Allow Scripts Globally (dangerous)", the most dangerous selection on the NoScript menu is "Temporarily allow all this page". I've used it once or twice, but only after carefully examining each of the blocked sites. I've never recommended this action to anyone, especially new users. Permanent whitelisting of vetted sites is much safer. A larger default whitelist has been requested many times before, but I'm content with the one that's there now. It's well documented in the FAQ.
Last edited by Alan Baxter on Wed May 06, 2009 4:32 am, edited 1 time in total.
Reason: spelling
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Alan Baxter
Ambassador
 
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Additional steps to regain and retain user trust

Postby Nan M » Tue May 05, 2009 5:28 pm

Alan Baxter wrote:Next to "Allow Scripts Globally (dangerous)", the most dangerous selection on the NoScript menu is "Temporarily allow all this page". I've used it once or twice, but only after carefully examining each of the blocked sites. I've never recommend this action to anyone, especially new users. Permanent whitelisting of vetted sites is much safer.


+1, Alan Baxter.
In the usability of any security application lies its effectiveness.
The default whitelist of NS has been the core of its out-of-the-box usability for novices.
It keeps them on track while they bed in their own particular whitelist additions, or, as in the case of myself and quite a few other users, remain very happy to simply toggle a few necessary main domain's "allow" for a single session.

While I am sympathetic to those with concerns about the ethics of any of the domains in the default NS whitelist, it is an entirely separate consideration to the core use of NS, which is as an agile and accessible method to pre-empt any active use of Fx by un-vetted domains.
I'm at the same time growing a touch irritated with the assumption evident here that most plain users have no clue about web stuff in general.
I'm a plain user and I picked the general story up about tracking and data mining quite easily as I went along over the years; no surprises that there are manipulative forms of Capital out here in the wide world.
Advertising and polling didn't begin in the 1990s, after all :-)
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10
Nan M
Ambassador
 
Posts: 102
Joined: Thu Mar 19, 2009 12:44 pm

Re: Additional steps to regain and retain user trust

Postby Giorgio Maone » Wed May 06, 2009 12:07 am

Thanks Sudonim for the time you spent elaborating your suggestions.
It's very appreciated.

Sudonim wrote:It appears that you are still serving up the Ghostery specific CSS rule which hides the normally temporary notification box that is generated by that extension. I respectfully encourage you to remove that rule so as to better adhere to the spirit of "no surprises".


The "no surprise" principle applies to add-ons, not to web sites. If you want a web site to be "forced in submission" by your extension, you should code your extension properly to that effect, especially if it's supposed to serve a privacy or security purpose (as you can imagine I've got some experience in that field).

I went to the Ghostery web site (where they mistakenly wrote NoScript the program, rather than noscript.net the site, was blocking their extension) to explain my point of view on that CSS rule and why their box is not a good idea the way it's implemented at this moment:
Just to clarify, the NoScript *program* NEVER blocked Ghostery: this would have been unacceptable as much as the ABP workaround.

But the CSS is in the *website*, and it doesn't prevent Ghostery from working (the status bar info is still there).

Ghostery should use a notification bar like NoScript does: trying to delivery notifications overlaying the content is never a good idea, especially if it's security or privacy related, because it's entirely in the site's rights and powers to tamper with it (hide, relocate, or even worse maliciously modifying its content to mislead users).

BTW, it was done not to hide any info from the user, but because the box covered the donation button.
Any web site can do the same, and will do it if you cover important parts of the page.

Now could we backpedal with the FUD?


Regarding the default whitelist, which has been in place and detailed explained for a long time, I tend to agree with Alan and Nan. Not to mention removing it abruptly would likely be a suprise in the extension.

Still on topic, I've just released FlashGot 1.1.8.7 adding a feature seemingly very demanded (in the past 3 days, at least):

v 1.1.8.7
=====================================================
+ New "Show release notes on update" checkbox in
FlashGot Options|Advanced

x Basic download dialog patching made compatible with
Fx 3.5 and above
x Fixed megarotic.com links in a batch prevented it
from completing

It's already in current NoScript code tree as well, ready for next release.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
User avatar
Giorgio Maone
Site Admin
 
Posts: 7325
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: Additional steps to regain and retain user trust

Postby Sudonim » Wed May 06, 2009 3:43 am

Hopefully we can agree that the only entity which truly can and should vet websites is the user. For there are no universal, objective, metrics for trustworthiness much less ones which are context specific to a user, their browsing habits, their expectations and desires. At best, other parties can offer a subjective opinion. Which may or may not suit the user's situation and views... and which may or may not appropriately influence the user's judgement.

I don't think a good argument can be made for the limited white-list entries in question eliminating surprises. If a user could be surprised by the very nature of NoScript and its "block unless vetted" approach, they absolutely will be surprised... when they soon if not immediately visit any one of the countless other large and most popular homepage, portal, webmail, whatever sites that aren't white-listed by default. Clearly, the way for the user to deal with any "first surprise" is to use NoScript as intended and as they must do eventually... to selectively allow only that which they personally deem adequately vetted and trustworthy. If a user is so baffled by the nature of NoScript and can't figure out the concept, those few white-list entries aren't going to solve the problem or even reliably help him. The only reason I mentioned the Temporarily allow all this page approach is because that is the safest reliable thing that actually does assure he can email for support, visit and use help forums, whatever. I don't believe in the "it exposes them to no risks they weren't exposed to before" argument because the act of installing NoScript communicates a user's desire to avoid risks they were exposed to before and we don't know what the user was exposing himself to before. However, I suppose that is a weak argument to rationalize selective use of Temporarily allow all this page during the initial learning phase. The confused and impatient are going to do it anyway <sigh>.

NoScript's default whitelist can be broken down into perhaps four rough categories:

1) That which is absolutely essential to the functionality of the app (chrome:)
2) What might be called ultra-conservative pseudo-essential exceptions: (about:, resource:, addons.mozilla.org, nonscript.net and perhaps informaction.com since the forum resides here)
3) Non essential to functionality but possibly convenient or helpful to new users (some popular sites such as google, yahoo, microsoft)
4) Non essential to functionality but desired by the developer for revenue generating or other purposes (googlesyndication.com, flashgot.net, maone.net)

At the very least, I think any site exceptions falling into categories #3 and/or #4 should receive "clear and unavoidable explicit user consent" level treatment. Perhaps like that suggested by dhouwn, which I interpret to mean forcing the user to make a choice which is the only way to assure no surprise.

AMO posted a brief "No Surprises" proposal with some detailed guidance in regards to addons. Although one might argue it technically only applies to (actions by) addons, I personally believe that to argue such a technicality is to miss or dismiss the true principles involved. Regarding what those principles are, I think their first sentence... "Surprises can be appropriate in many situations, but they are not welcome when user security, privacy, and control are at stake."... paints the basic picture. Communicated in such a statement is the principle that it is the USER's rights (to security, privacy, control, and not being surprised)... NOT those of some other entity such as a website or addon related entity... that are given priority with respect to controlling the browser and how it processes and displays things. This is an extremely... EXTREMELY... important principle to acknowledge and fight for because we ALL are users and there is literally a war being waged over control of the browser platform.

I saw that message of yours, Giorgio, at Ghostery News. I found one part of it disturbing. It was you saying that it is entirely in a site's RIGHTS to tamper with the Ghostery box and others like it. To be honest, it sent a chill down my spine because I interpreted that mentality to be the very same mentality that contributed to the recently discussed fiasco. FWIW, I'm a software engineer. I understand and in fact admire your pointing out the shortcomings of the particular method used as well as pointing out that there is a better way. I understand that a site CAN tamper with such things. I understand a web developer's desire to have their site appear just the way they want it to. I understand that user rights can't be unbounded and others have some rights too. However, when it comes to conflicts, someone's rights have to take priority and I firmly believe that as a rule that MUST be the user's rights (to make their computer and browser do whatever it is they want it to do, be that changing fonts or scaling images or overlaying graphics or not issuing requests for certain resources or whatever). I think the Ghostery case is rather cut and dry. A user installed the Ghostery addon and by extension wants its functionality applied and expects there to be an overlayed notification box listing the items detected. From their point of view, it doesn't at all matter whether it is an addon hiding it or the website hiding it... it is being hidden. I hope they make things more resilient to tampering, but I also hope that you adopt the more user friendly approach of not even trying to hide it.

Thanks for reading all this!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Sudonim
 
Posts: 3
Joined: Mon May 04, 2009 9:46 pm

Re: Additional steps to regain and retain user trust

Postby GµårÐïåñ » Wed May 06, 2009 4:07 am

Not to step on any toes but the user can easily (granted not all of them) go to about:config and delete the contents of noscript.default and alternatively/additionally noscript.mandatory and then restart your browser and then you can remove them all from your whitelist and decide for yourself what you want need, if it serves your experience and user level, if not then its safe to say the current model is more user friendly to the less able NS user while not compromising their security.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
[ Major's Blog ] .:. [ Security Pack ] .:. [ Productivity ]
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
User avatar
GµårÐïåñ
Lieutenant Colonel
 
Posts: 2918
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA

Re: Additional steps to regain and retain user trust

Postby Alan Baxter » Wed May 06, 2009 4:46 am

Nan M wrote:I'm at the same time growing a touch irritated with the assumption evident here that most plain users have no clue about web stuff in general.

Nan, did I imply something like that?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Alan Baxter
Ambassador
 
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Additional steps to regain and retain user trust

Postby Nan M » Wed May 06, 2009 5:28 am

Alan Baxter wrote:Nan, did I imply something like that?


On the contrary, friend, you accept that web users in general have common sense and lives.
My irritation is with the implication contained in the OP that somehow NS has to become involved in holding every user's hand for every step out on the web, to be worthy of users' trust.

I probably shouldn't have expressed the irritation. It will pass.

Edit: spelling
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10
Nan M
Ambassador
 
Posts: 102
Joined: Thu Mar 19, 2009 12:44 pm

Re: Additional steps to regain and retain user trust

Postby Tom T. » Wed May 06, 2009 9:14 am

Nan M wrote:I'm at the same time growing a touch irritated with the assumption evident here that most plain users have no clue about web stuff in general.
I'm a plain user and I picked the general story up about tracking and data mining quite easily as I went along over the years; no surprises that there are manipulative forms of Capital out here in the wide world.
Advertising and polling didn't begin in the 1990s, after all :-)

You most definitely are NOT a plain user. Your posts, your teaching a library group, your being a mod here (even if no longer actively modding), and the level of knowledge in general are far above the masses.

I don't hang with the dev crowd, cuz I'm not a programmer. I don't hang with the serious-puter-enthusiast crowd, except for those here. I know in my own family, one relative has AOL (there's a n00b give-away right there) but thinks she "knows all about that web safety stuff" just from "don't open attachments in spam emails". Others blithely accept all cookies presented, and put their entire personal and sexual lives on Facebook or MySpace or whatever. People with whom I do business evince no knowledge of the Web other than how to browse and use email -- and some don't know much about that, either. I have talked to BANK customer support people, complaining about them sending me HTML-enriched email. They told me how to enable it in my browser. I said, You @#$%^&* jerks, I KNOW how to enable it. I don't WANT to. I want YOU to stop sending it. They had no clue. A financial institution has added an "authentication": they email you a link to click before you can complete your login. (Of course, I copy/paste it, delete it, delete it from trash.) I told them that experts are trying to tell users never to click on links purporting to be from a bank or whatever, as it's a common phishing technique. These bank people weren't aware of that advice, nor was the vendor who sold them this "enhanced" securiity.

I could go on, but I'll close with: I have a friend who has a Master's Degree in Computer Science, but from before the invention of the WWW, and 26 years of sw programming and program management (but not Web-related), and still needs help now and then with the finer points of Web safety in general and NS in particular.

Bottom line: Average user: Open box, take it out, hook it up, turn it on. That's why XP was a ridiculously easy target for 12-year-olds until SP2 turned the firewall on by default. It was there from the first release of XP, but off by default. All these "knowledgeable users" Nan M refers to had no clue. Hence the spread of MSBlaster etc. etc.

At the risk of repeating what I've said elsewhere, it's hard for knowledgeable people in *any* field to empathize with zero- or low-knowledge users. Perhaps that is the unique gift I can contribute to this forum. Having had no idea how to even use a computer until the late 90s, and having never owned one until y2k, I can still empathize with the vast majority who have neither the time nor the energy nor the ability nor the desire to educate themselves beyond how to make documents, surf, email, etc. Granted, most of them will stay with IE forever, but since the US Dept. of Homeland Security recommended Fx and NS in response to a specific threat, we're getting some of those low-knowledge users, not just the cognoscenti. I just converted a Medical Doctor to Fx -- he loved it, said much better than IE -- and when he's ripe, will try to get him to use NS. (He knows of my affiliation, the discussion of which is what prompted him to try Fx.)

In the arguments over revenue and user base, Giorgio himself said that NS is a "low-retention extension". (Nice poem, descendant of Dante Alighieri! ...and Hell was sooo much more interesting than Heaven!) People d/l it, get frustrated, and drop it. Ask Giorgio or search for the thread -- it's bedtime here. I would like to see that retention rate increase dramatically. I think that's achievable, while still offering finer controls and tools to the power-users.

If I have to get more personal and brag about being successful teaching the clueless when Olympic gold medalists couldn't, I will, reluctantly. Or just trust me: I'm not as knowledgeable in coding as most or all of the other Mods, but I'm learning as fast as I can, so I have one foot in each door. I can empathize. Most power-users can't. It's not anything to be ashamed of. Just please consider the POV of him who speaks for the masses, who don't/can't spend lots of time on this stuff, but would really rather not have their security and privacy compromised if they were aware of the threats and given usable tools to protect themselves.

And *please* don't reply that "they deserve it". You can't fault someone for not taking steps against something of which they're not yet aware. What they *deserve* is a safe Internet and a safe operating system. Unfortunately for both purposes, the Internet was designed when there were, like, five computers in the world, or at least, no concept of untrusted or malicious users. Hence, no thoughts of safety whatever in the original Net. All patched on later. And Windows, like Apple, was designed before the WWW, and commendably strives to keep back-compatibility. Gates himself admitted that the popularity of the Web among home users took him completely by surprise. We're talking somewhere between Win 95 and 98 here. By then, there was so much legacy code in the codebase...

So we have to add the safety that wasn't built in at the start, not because anyone was evil. No one thought it would be used like this, and certainly never anticipated that the Web would deliver executables and that the browser, itself an application, would switch to becoming a platform for applications.

End of soapbox. "Good night, and good luck" (Edward R. Murrow)
Last edited by Tom T. on Wed May 06, 2009 9:19 am, edited 1 time in total.
Reason: slight clarification of Mods vs. public
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
Tom T.
Field Marshal
 
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Additional steps to regain and retain user trust

Postby Nan M » Wed May 06, 2009 9:41 am

Tom T. wrote:
Nan M wrote:I'm at the same time growing a touch irritated with the assumption evident here that most plain users have no clue about web stuff in general.
I'm a plain user and I picked the general story up about tracking and data mining quite easily as I went along over the years; no surprises that there are manipulative forms of Capital out here in the wide world.
Advertising and polling didn't begin in the 1990s, after all :-)

You most definitely are NOT a plain user. Your posts, your teaching a library group, your being a mod here (even if no longer actively modding), and the level of knowledge in general are far above the masses.


Plain means that I don't code, don't have any skills besides being able to read and write, and that I don't spend a lot of time online. Most web users are like this. Plain, ordinary web users as distinct from those who are online a lot and who are occupied with tweaking that online experience in depth.

For the rest of the quote - it is to do with most people having Commonsense 1.0 installed already, having a life, and not being too surprised or indignant that advertisers pinch information about them. I was trying to express irritation with the assumption that NS is now somehow supposed to hold people's hands while they're everywhere on the web.

Returning you to your program now :-)
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10
Nan M
Ambassador
 
Posts: 102
Joined: Thu Mar 19, 2009 12:44 pm

Re: Additional steps to regain and retain user trust

Postby Another guest » Wed May 06, 2009 11:38 am

Giorgio Maone wrote:Just to clarify, the NoScript *program* NEVER blocked Ghostery


I agree with you. It never did and it's a shame that some blog comments made/make it look that way.

Giorgio Maone wrote:But the CSS is in the *website*, and it doesn’t prevent Ghostery from working (the status bar info is still there).


It does keep half of Ghostery from working. While the status bar icon shows if and how many web-bugs have been identified, it does not name the services or provide means of accessing that information. The names are communicated to Ghostery-users solely through the overlay, which your stylesheet-entry keeps from showing up.

Giorgio Maone wrote:Ghostery should use a notification bar like NoScript does: trying to delivery notifications overlaying the content is never a good idea, especially if it’s security or privacy related, because it’s entirely in the site’s rights and powers to tamper with it (...).


Your criticism on Ghostery's way of delivering its information is technically correct. The overlay can easily be tampered with and any tech-savy person is aware of that.

However, you keep mentioning that as if this technical deficiency of Ghostery and the way it might negatively affect its users had always been (one of) your primary concern(s), when actually what really and in my opinion exclusively mattered to you was the fact, that the overlay might hurt your income.

You didn't care about the Ghostery users and about their user experience or safety at all. You implemented a hack that suited your needs (securing income) and didn't mind the rest. Sure, if you're actions would have led to improvements on the side of Ghostery, you'd probably have been fine with it. But actually promoting such changes was not in the slightest of interest or importance to you and thus you didn't put any effort into it. You did not approach the author of Ghostery and give him a push in the right direction, or communicate the Ghostery-related stylesheet-entries to people, least of all on your website. You did not consider moving the overlay away from the donation button by means of your stylesheet, instead of just making it disappear, or think of adding a notice to the overlay, that would point out Ghostery's deficiencies. You did nothing except for making sure that it would not block your donation-button and basta, you were through with it.

Yet, now that other people have adressed the issue, you keep stressing the technological aspects, as if there was, at least partially, some higher motif behind blocking the overlay.

Well, in my opinion, there wasn't.

You used Ghostery's flaws to your personal advantage while accepting that this was to other people's disadvantage. You had the chance to improve the situation for the both of you, but didn't take it and set your priorities differently. That's fine with me. Just don't try to make it look now as if even a part of it was some Samaritan act in the interest of web security.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16
Another guest
 

Re: Additional steps to regain and retain user trust

Postby Another guest » Wed May 06, 2009 1:45 pm

A couple of questions in addition to my previous post:

How much money in donations is possibly made/saved by blocking the Ghostery-overlay? How many users does Ghostery actually have? How many of them visit the NoScript-site and intend to or are spontaneously inspired to make a donation? How many of those people are possibly confused by the overlay to the degree, that they give up on donating?

Is it all worth risking to lose supporters?

How much effort was it to write the stylesheet-entry? How much effort was is to not communicate its implementation to the outside world? How much effort is it to explain the stylesheet-entry to people now that it's being frowned upon and discussed in public?

How would I feel, if I was a regular user of Ghostery and parts of the functions of the add-on were being tampered with against my will and without giving me any explanation as regards the motifs behind that intervention right from the start? How would I like and trust the person, who did that? How would I feel about future efforts of that person to appear as someone who is genuinely interested in security, data-privacy and openness? In general, should financial interests outweigh transparency and self-determined user-experience? If so, where are the limits and are there any at all - both in that person's and in my own opinion? Can I still trust that person? Should I consider to (financially) support someone, who breaks my add-ons' functionality and seems to believe that he knows what's best for me better than I do? Is making a donation what's best for me or what's best for that person, or the best for both of us? Is forcing the idea of making a donation upon me more important than my interest in Ghostery's overlay? Aren't there nicer ways of communicating with me, than by blocking the overlay without further comment and without even letting me know, that it is actively blocked?

How much effort would it have been to write a small blog- or forum-entry about the deficiencies of Ghostery and about possible concerns regarding its (alleged) obfuscation of the donation-button? How much effort would it have been to use cascading stylesheets not to remove Ghostery's overlay but to add a tiny annotation to it, in which issues with it could have been addressed and a link to the blog-/forum-article been found? How much credibility would that have earned? How much sympathy would that have induced? How much interest in your visitors and users would that have expressed, without losing track of the goal to make money and without seeming any less skilled? How much extra money would THAT have made you, Giorgio?

Maybe these questions and their underlying answers provide an image of what I believe is wrong about your Ghostery-related stylesheet-entry. This is not about slamming your (totally legitimate) fiscal interests, it's about transparency and openness and about positively embracing and involving users.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16
Another guest
 

Re: Additional steps to regain and retain user trust

Postby Giorgio Maone » Wed May 06, 2009 2:16 pm

@Another guest:
OK, you convinced me.
Is the following OK (already live on the site for you to check)?
Code: Select all
#__ghosteryfirefox {
  /* Moves Ghostery's box a bit on the left not to cover the GPL disclaimer and the donation box */
  right: 250px !important;
}
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
User avatar
Giorgio Maone
Site Admin
 
Posts: 7325
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Next

Return to NoScript Support

Who is online

Users browsing this forum: No registered users and 6 guests