[00:00.000 --> 00:21.000]  One minute, please sit down, everyone.
[00:21.000 --> 00:23.000]  I'll start.
[00:23.000 --> 00:25.000]  Whenever you're ready.
[00:25.000 --> 00:27.000]  Okay, team.
[00:27.000 --> 00:29.000]  You started?
[00:29.000 --> 00:34.000]  Hello, everyone. Welcome to our third call, where we have Vincent.
[00:34.000 --> 00:40.000]  Vincent Turu is a UI engineer on Mozilla Privacy and Security Products Team,
[00:40.000 --> 00:44.000]  working on tools like Firefox Relay and Firefox Monitor.
[00:44.000 --> 00:49.000]  And he's going to talk about over a decade of anti-tracking work at Mozilla.
[00:49.000 --> 00:54.000]  Yeah, thank you, Francesca. That was actually the first sentence of my presentation just gone now.
[00:54.000 --> 00:59.000]  Yeah, so I worked on the Privacy and Security Products Team.
[00:59.000 --> 01:05.000]  Yeah, and so I want to start this presentation with a bit of a personal anecdote.
[01:05.000 --> 01:09.000]  My open source journey started with the release of Firefox 1.0.
[01:09.000 --> 01:12.000]  It was my first interaction with open source software.
[01:12.000 --> 01:16.000]  Later started using Linux, started contributing.
[01:16.000 --> 01:20.000]  First with translations, later I became a software engineer.
[01:20.000 --> 01:25.000]  But I only joined Mozilla as an employee about a year and a half ago.
[01:25.000 --> 01:31.000]  So for this presentation, where I'm going to discuss a little over a decade of anti-tracking work at Mozilla,
[01:31.000 --> 01:35.000]  I'm going to be leaning a lot on the experience of my coworkers,
[01:35.000 --> 01:42.000]  specifically Luke Crouch and Max Crawford, other engineers on the Privacy and Security Products Team.
[01:42.000 --> 01:47.000]  They wrote this blog post, so most of the content of this presentation is also in that blog post.
[01:47.000 --> 01:52.000]  So if you want to have a quick high-level recap, you can read that afterwards.
[01:52.000 --> 01:54.000]  It's also linked on the FOSTEM side, I think.
[01:54.000 --> 01:57.000]  But Luke has been at Mozilla for basically forever.
[01:57.000 --> 02:00.000]  Mozilla went through and through lots of institutional knowledge,
[02:00.000 --> 02:03.000]  so lots of the content is by him.
[02:03.000 --> 02:08.000]  Max did most of the illustrations, so that's credits where credit is due.
[02:08.000 --> 02:12.000]  So tracking. It can be beneficial.
[02:12.000 --> 02:18.000]  I want to do one short scary slide and then the rest will be more positive.
[02:18.000 --> 02:24.000]  But I want to take a bit of a moment to discuss the risk of tracking.
[02:24.000 --> 02:30.000]  Why are we actually trying to minimize the harmful effects of tracking?
[02:30.000 --> 02:32.000]  So tracking is a personal risk.
[02:32.000 --> 02:37.000]  You can fall victim to phishing attacks, for example, or the people around you can fall victim to it.
[02:37.000 --> 02:43.000]  So if more of your data is known, or if your data leaks,
[02:43.000 --> 02:47.000]  it can be used to impersonate you and get, for example, people around you
[02:47.000 --> 02:49.000]  to transfer large sums of money or whatever.
[02:49.000 --> 02:52.000]  So, for example, if someone contacts my father and says,
[02:52.000 --> 02:56.000]  hey, it's your son, could you please wire me 5,000 euros?
[02:56.000 --> 03:00.000]  You know, it's a lot less believable than if they were to say, hey, it's Vincent.
[03:00.000 --> 03:03.000]  I just got fired from Mozilla. Hopefully, it never happens.
[03:03.000 --> 03:08.000]  But, you know, could you wire me 5,000 euros because I'm in money trouble or whatever?
[03:08.000 --> 03:09.000]  That's a lot more convincing.
[03:09.000 --> 03:14.000]  So data can be abused, but it's also more of a societal risk.
[03:14.000 --> 03:19.000]  So ransomware has been in the news a lot recently.
[03:19.000 --> 03:21.000]  It costs a lot of money.
[03:21.000 --> 03:25.000]  It can even be used to convince people not to vote
[03:25.000 --> 03:28.000]  if they are aligned with a certain political party or et cetera.
[03:28.000 --> 03:32.000]  So there's risks involved with tracking.
[03:32.000 --> 03:36.000]  The rest of my presentation should be more positive.
[03:36.000 --> 03:40.000]  I'm going to discuss what we're doing to minimize those harmful effects
[03:40.000 --> 03:46.000]  to allow you to confidently use the internet carefree.
[03:46.000 --> 03:49.000]  So there's a variety of ways to track you.
[03:49.000 --> 03:52.000]  Historically, a lot of attention both inside of Mozilla
[03:52.000 --> 03:55.000]  and outside of Mozilla has been given to tracking cookies.
[03:55.000 --> 03:59.000]  So I'll start my presentation with an overview of what we've been doing there.
[03:59.000 --> 04:03.000]  And then I'll go over these other forms as well.
[04:03.000 --> 04:09.000]  So cookies and a bunch of related technologies that all call cookies.
[04:09.000 --> 04:12.000]  There are bits of data that websites can store on your computer,
[04:12.000 --> 04:14.000]  which can be useful.
[04:14.000 --> 04:19.000]  So if you load a website and the website sees a bit of data that proves that you are you,
[04:19.000 --> 04:23.000]  it can decide to give you your shopping cart or your private messages
[04:23.000 --> 04:25.000]  or whatever and not show someone else's.
[04:25.000 --> 04:27.000]  So that's a good thing.
[04:27.000 --> 04:30.000]  But it can also be used to track you if you don't want that.
[04:30.000 --> 04:33.000]  So every website you visit can set cookies.
[04:33.000 --> 04:35.000]  But not just that website.
[04:35.000 --> 04:37.000]  Websites can also embed other websites.
[04:37.000 --> 04:40.000]  So for example, a website could contain a YouTube video
[04:40.000 --> 04:42.000]  and then YouTube can set cookies as well.
[04:42.000 --> 04:44.000]  It can contain ads.
[04:44.000 --> 04:47.000]  And then those are often also served by a third-party website.
[04:47.000 --> 04:49.000]  It can also set cookies.
[04:49.000 --> 04:52.000]  Websites can even embed other websites without just seeing them.
[04:52.000 --> 04:58.000]  So for example, with the goal of tracking you, so those can also set cookies.
[04:58.000 --> 05:04.000]  So we've been clamping down on that primarily through Firefox.
[05:04.000 --> 05:10.000]  So I'll start my overview with Firefox Private Browsing introduced in 2008
[05:10.000 --> 05:13.000]  after Chrome was released, which had an incognito window.
[05:13.000 --> 05:17.000]  But a private browsing window is basically a window that as soon as you close it,
[05:17.000 --> 05:21.000]  forgets everything you did in there, forgets the cookies that were stored as well.
[05:21.000 --> 05:24.000]  It's often jokingly referred to as porn mode,
[05:24.000 --> 05:27.000]  but it's definitely also an anti-tracking tool.
[05:27.000 --> 05:30.000]  So for example, my girlfriend used it as such.
[05:30.000 --> 05:34.000]  She's a kind of ridiculous Harry Potter fan,
[05:34.000 --> 05:39.000]  like participates in international pub quizzes about Harry Potter level.
[05:39.000 --> 05:41.000]  But she's also a high school teacher.
[05:41.000 --> 05:44.000]  And so sometimes she'll need to show, I know,
[05:44.000 --> 05:47.000]  a video of something that happened in the news recently.
[05:47.000 --> 05:52.000]  And she'll go to YouTube, share her screen, and show a YouTube video to her class.
[05:52.000 --> 05:54.000]  And she doesn't necessarily want her entire private life,
[05:54.000 --> 05:59.000]  which is entirely Harry Potter, shown in the YouTube recommendations.
[05:59.000 --> 06:02.000]  So what she does is at home, when she's, I don't know,
[06:02.000 --> 06:08.000]  listening to YouTube, to Harry Potter music or ASMR or podcast or whatever on YouTube,
[06:08.000 --> 06:12.000]  she'll open a private browsing window and do that thing in there.
[06:12.000 --> 06:16.000]  And then if she closes it, then YouTube can't correlate those two sessions.
[06:16.000 --> 06:21.000]  So won't show Harry Potter recommendations when she's sharing something with her class.
[06:21.000 --> 06:26.000]  Another reason why I'm starting my overview with this private browsing window
[06:26.000 --> 06:30.000]  is that we interpret, if someone uses a private browsing window,
[06:30.000 --> 06:34.000]  we interpret that as a signal that someone wants less tracking
[06:34.000 --> 06:37.000]  and is willing to accept some more breakage.
[06:37.000 --> 06:41.000]  And so unfortunately, often when we're trying to block tracking,
[06:41.000 --> 06:45.000]  websites assume that they can track you and then build their functionality on that.
[06:45.000 --> 06:48.000]  So there's a risk if you combat that, that you break the website.
[06:48.000 --> 06:52.000]  So whenever we want to introduce new measures to combat tracking,
[06:52.000 --> 06:56.000]  we'll first introduce it in private browsing, see how much it breaks there,
[06:56.000 --> 07:01.000]  and then later we can try to port it over to your regular browsing window.
[07:01.000 --> 07:05.000]  So that's why I mentioned private browsing first.
[07:05.000 --> 07:10.000]  In 2013, we introduced more granular cookie control,
[07:10.000 --> 07:13.000]  so you could make that trade of yourself as a user.
[07:13.000 --> 07:16.000]  You could choose, for example, to not use cookies at all.
[07:16.000 --> 07:19.000]  Lots of breakage. You wouldn't even be able to log into websites anymore,
[07:19.000 --> 07:23.000]  but also remove that tracking vector.
[07:23.000 --> 07:27.000]  You could also choose to, for example, not the third party cookie.
[07:27.000 --> 07:30.000]  So if you visit a website, then that YouTube video that's in there
[07:30.000 --> 07:32.000]  might not be able to set cookies.
[07:32.000 --> 07:34.000]  Less breakage, but still quite a bit.
[07:34.000 --> 07:38.000]  So it gave you that control, which is helpful,
[07:38.000 --> 07:42.000]  but it's also kind of out of the way you have to know of these options.
[07:42.000 --> 07:45.000]  You have to understand what they do, understand their risks,
[07:45.000 --> 07:48.000]  and just making that trade between breakage and less tracking
[07:48.000 --> 07:51.000]  isn't a great one in the first place.
[07:51.000 --> 07:54.000]  So later on, we also introduced a block list,
[07:54.000 --> 07:58.000]  so that it's basically a list of cookies that we know are just used to track you.
[07:58.000 --> 08:01.000]  Don't provide any functionality for you as a user,
[08:01.000 --> 08:04.000]  and we allowed you to block those cookies.
[08:04.000 --> 08:09.000]  So less breakage doesn't prevent all tracking, but helps there.
[08:09.000 --> 08:13.000]  And then not too long ago, 2021, that's really state-of-the-art
[08:13.000 --> 08:16.000]  anti-tracking cookie work.
[08:16.000 --> 08:19.000]  We introduced what we call total cookie protection,
[08:19.000 --> 08:21.000]  so that doesn't actually block cookies,
[08:21.000 --> 08:24.000]  but for example, if you visit youtube.com,
[08:24.000 --> 08:27.000]  and then later visit a different website that also includes a YouTube video,
[08:27.000 --> 08:30.000]  they'll both have cookies, but they'll be different cookie jars.
[08:30.000 --> 08:33.000]  So YouTube will still not be able to correlate those two sessions.
[08:33.000 --> 08:36.000]  So that helps prevent that tracking vector
[08:36.000 --> 08:39.000]  without actually breaking it, because from YouTube's point of view,
[08:39.000 --> 08:41.000]  they still have cookies.
[08:41.000 --> 08:43.000]  So that's the work so far.
[08:43.000 --> 08:45.000]  Obviously, the timeline here stops at 2021.
[08:45.000 --> 08:48.000]  We're in 2023 now, but they're still the future,
[08:48.000 --> 08:51.000]  so we're always working on more things to come with that.
[08:51.000 --> 08:55.000]  But that's my overview of cookies so far.
[08:55.000 --> 08:58.000]  With that, let's move on to IP addresses.
[08:58.000 --> 09:02.000]  So IP addresses are basically addresses for every device
[09:02.000 --> 09:04.000]  that's connected to the internet.
[09:04.000 --> 09:06.000]  They are relatively stable.
[09:06.000 --> 09:08.000]  They can change, but most of the time,
[09:08.000 --> 09:12.000]  most devices have the same address.
[09:12.000 --> 09:15.000]  And this is a pretty strong identifier.
[09:15.000 --> 09:18.000]  Like, for example, I'm the only one that uses this phone,
[09:18.000 --> 09:20.000]  often has the same IP address,
[09:20.000 --> 09:24.000]  so everything you can link to that IP address is quite sure to be me.
[09:24.000 --> 09:28.000]  Same goes for this laptop, for example.
[09:28.000 --> 09:32.000]  And they're not just able tools to link you,
[09:32.000 --> 09:37.000]  but they're also often correlated to your geographical location.
[09:37.000 --> 09:40.000]  So it's not super specific, but when I'm at home,
[09:40.000 --> 09:44.000]  you can deduce from my IP address which city I am.
[09:44.000 --> 09:45.000]  I'm in.
[09:45.000 --> 09:49.000]  So, yeah, that's the risk of IP addresses,
[09:49.000 --> 09:51.000]  so whatever we've been doing there.
[09:51.000 --> 09:54.000]  Well, like cookies, oh, I forgot this.
[09:54.000 --> 09:57.000]  So the thing with IP addresses,
[09:57.000 --> 10:01.000]  it's inherently if two devices connect to each other
[10:01.000 --> 10:05.000]  via the internet, they can see each other's IP addresses.
[10:05.000 --> 10:08.000]  And so that means by virtue of connecting to a website,
[10:08.000 --> 10:11.000]  that website will be able to see your IP address.
[10:11.000 --> 10:14.000]  And again, websites can embed other websites,
[10:14.000 --> 10:18.000]  so those embedded websites can also see your IP address.
[10:18.000 --> 10:22.000]  So just like we did for cookie protection,
[10:22.000 --> 10:25.000]  we introduced a block list of IP addresses
[10:25.000 --> 10:29.000]  that are known to track you and not provide other functionality.
[10:29.000 --> 10:31.000]  As I mentioned, first in private browsing later,
[10:31.000 --> 10:36.000]  also gave you that option in your regular browser window.
[10:36.000 --> 10:39.000]  Which is good if you never even connect to a tracking server
[10:39.000 --> 10:41.000]  or to an answer or whatever, it can't track you,
[10:41.000 --> 10:43.000]  it can't see your IP address.
[10:43.000 --> 10:46.000]  But obviously, we can only do this for connections
[10:46.000 --> 10:48.000]  that don't provide any functionality.
[10:48.000 --> 10:50.000]  We can't start blocking YouTube.com
[10:50.000 --> 10:54.000]  because you won't be able to view that video anymore.
[10:54.000 --> 10:59.000]  So to battle that, in 2019,
[10:59.000 --> 11:01.000]  we introduced Firefox Private Network,
[11:01.000 --> 11:03.000]  which is in between your browser
[11:03.000 --> 11:06.000]  and the website you're connecting to.
[11:06.000 --> 11:09.000]  And so instead of connecting directly to that website,
[11:09.000 --> 11:11.000]  you'll connect to Firefox Private Network
[11:11.000 --> 11:16.000]  and then Firefox Private Network connects to the website
[11:16.000 --> 11:18.000]  you're trying to view.
[11:18.000 --> 11:20.000]  And then from the point of view of that website,
[11:20.000 --> 11:23.000]  it will see the IP address of Firefox Private Network.
[11:23.000 --> 11:26.000]  And so in 2020, we expanded that to your entire device
[11:26.000 --> 11:30.000]  with Mozilla VPN, which protects not just your browser traffic
[11:30.000 --> 11:32.000]  but everything on your device.
[11:32.000 --> 11:35.000]  And you can also use it on multiple devices.
[11:35.000 --> 11:41.000]  Yeah, so that's our IP protection so far.
[11:41.000 --> 11:44.000]  Yeah, then I'll move on to email addresses,
[11:44.000 --> 11:46.000]  which is the fun part because I work specifically
[11:46.000 --> 11:48.000]  on Firefox Relay, a product here
[11:48.000 --> 11:51.000]  that I'll discuss in a second.
[11:51.000 --> 11:55.000]  But first, there's a question that blew my mind
[11:55.000 --> 11:58.000]  when Luke first mentioned it.
[11:58.000 --> 12:04.000]  But email addresses, they feel like you can easily create
[12:04.000 --> 12:05.000]  a new email address, right?
[12:05.000 --> 12:07.000]  You go to g1.com, enter a username and a password,
[12:07.000 --> 12:08.000]  and you've got a new email address.
[12:08.000 --> 12:10.000]  So they feel like they're easy to change.
[12:10.000 --> 12:13.000]  But in practice, you've probably changed your house address
[12:13.000 --> 12:15.000]  more often than you've changed your email address.
[12:15.000 --> 12:19.000]  I've moved a lot, I don't know,
[12:19.000 --> 12:21.000]  six times in the past 10 years, maybe,
[12:21.000 --> 12:23.000]  but all the time I've been reachable
[12:23.000 --> 12:24.000]  via the same email address.
[12:24.000 --> 12:27.000]  So if you have that on file, there's so much history
[12:27.000 --> 12:30.000]  about me that you know via that email address.
[12:30.000 --> 12:33.000]  So it's a pretty stable identifier,
[12:33.000 --> 12:36.000]  and it's cool if you block all your third-party tracking cookies
[12:36.000 --> 12:38.000]  and you hide your IP address,
[12:38.000 --> 12:41.000]  but if you then go on and sign in with your email address,
[12:41.000 --> 12:45.000]  they can just correlate that back together.
[12:45.000 --> 12:47.000]  And this happens, for example,
[12:47.000 --> 12:51.000]  you go to an online store and you buy clothes or whatever,
[12:51.000 --> 12:53.000]  and you sign in with your email address,
[12:53.000 --> 12:55.000]  and then have the clothes delivered.
[12:55.000 --> 12:57.000]  From the point of view from that store,
[12:57.000 --> 12:59.000]  you're a very attractive customer.
[12:59.000 --> 13:01.000]  Like, compared to some random other street,
[13:01.000 --> 13:03.000]  you're far more likely to make another purchase there
[13:03.000 --> 13:05.000]  than some random person is, right?
[13:05.000 --> 13:08.000]  So what that store then does is they go to Instagram
[13:08.000 --> 13:10.000]  or whatever, and they're like,
[13:10.000 --> 13:12.000]  hey, here's an advertising campaign.
[13:12.000 --> 13:14.000]  Here's also a list of all the email addresses
[13:14.000 --> 13:16.000]  of our customers.
[13:16.000 --> 13:20.000]  Could you please show those ads to those customers?
[13:20.000 --> 13:22.000]  And so from the point of view of that store,
[13:22.000 --> 13:24.000]  that's great news.
[13:24.000 --> 13:27.000]  They can advertise to you, you're a high-potential customer,
[13:27.000 --> 13:29.000]  but from the point of view of Instagram
[13:29.000 --> 13:32.000]  or Facebook, Meta, whatever owns it,
[13:32.000 --> 13:35.000]  it's even better because they have not just your activity
[13:35.000 --> 13:38.000]  on Instagram and Facebook and WhatsApp, et cetera,
[13:38.000 --> 13:41.000]  they also know, hey, you're a customer of that store
[13:41.000 --> 13:44.000]  and of any other stores that have done the same.
[13:44.000 --> 13:46.000]  So lots of ways to track you,
[13:46.000 --> 13:48.000]  and that's the voluntary part,
[13:48.000 --> 13:52.000]  voluntary data sharing by third parties.
[13:52.000 --> 13:57.000]  But in 2018, I believe, we introduced Firefox Monitor,
[13:57.000 --> 14:02.000]  which basically keeps track of data leaks that happen.
[14:02.000 --> 14:04.000]  And if you sign up for Firefox Monitor,
[14:04.000 --> 14:07.000]  it will warn you if your data was found in the data leak,
[14:07.000 --> 14:09.000]  if there was a hack or whatever,
[14:09.000 --> 14:12.000]  to remind you, hey, maybe you want to change your password.
[14:12.000 --> 14:16.000]  But what we saw is that many people use the same email address
[14:16.000 --> 14:18.000]  at different services.
[14:18.000 --> 14:21.000]  So if there's data leaks in different services
[14:21.000 --> 14:24.000]  with the same email address, you can link the two data leaks,
[14:24.000 --> 14:26.000]  the data in the two data leaks,
[14:26.000 --> 14:29.000]  you can link them together and know that they're about the same person.
[14:29.000 --> 14:32.000]  And many people even, probably not all of you,
[14:32.000 --> 14:35.000]  but other people also use the same password
[14:35.000 --> 14:37.000]  across different websites.
[14:37.000 --> 14:40.000]  So even if there's not a data leak in a different website,
[14:40.000 --> 14:42.000]  by using your email address and your password,
[14:42.000 --> 14:46.000]  they're still able to extract data from those other websites.
[14:46.000 --> 14:48.000]  So that's obviously not great.
[14:48.000 --> 14:52.000]  So in 2020, we introduced Firefox Relay.
[14:52.000 --> 14:54.000]  And what basically Firefox Relay does
[14:54.000 --> 14:57.000]  is it provides you with a unique email address per service.
[14:57.000 --> 15:00.000]  So if you have a sign-up form, you need to leave your email address,
[15:00.000 --> 15:03.000]  you hit the Relay button, and it will generate a new email address.
[15:03.000 --> 15:10.000]  So I know ZQF40 at Mozmail.com, for example.
[15:10.000 --> 15:13.000]  And it will forward all email that goes to that email address
[15:13.000 --> 15:15.000]  to your true email address.
[15:15.000 --> 15:18.000]  So the store will still be able to communicate with you,
[15:18.000 --> 15:20.000]  send your emails at that address,
[15:20.000 --> 15:22.000]  but that won't have your actual email address on file.
[15:22.000 --> 15:24.000]  And so if there's a data leak there,
[15:24.000 --> 15:27.000]  your data can't be linked to your data elsewhere
[15:27.000 --> 15:30.000]  because you have two different email addresses there.
[15:30.000 --> 15:34.000]  So that's Firefox Relay.
[15:34.000 --> 15:35.000]  Yeah.
[15:35.000 --> 15:38.000]  Oh, actually, I'm doing well on time.
[15:38.000 --> 15:41.000]  You're welcome, Francesca.
[15:41.000 --> 15:43.000]  So then lastly, phone numbers.
[15:43.000 --> 15:46.000]  So kind of similar thread, right?
[15:46.000 --> 15:48.000]  It was super annoying when I started to use Relay,
[15:48.000 --> 15:50.000]  and cool, you can leave your email address,
[15:50.000 --> 15:52.000]  and I'm like, I've got my Firefox Relay address,
[15:52.000 --> 15:54.000]  you can catch me, and then they're like,
[15:54.000 --> 15:56.000]  can you give your phone number, too?
[15:56.000 --> 15:59.000]  Bit of a shame.
[15:59.000 --> 16:02.000]  So what we did is late last year,
[16:02.000 --> 16:05.000]  we introduced phone masking for Firefox Relay,
[16:05.000 --> 16:08.000]  added this graphic to our website,
[16:08.000 --> 16:10.000]  but it worked similar to email masking.
[16:10.000 --> 16:14.000]  You get a phone number mask,
[16:14.000 --> 16:17.000]  so a new phone number, and all the text messages,
[16:17.000 --> 16:19.000]  all the phone calls that go to that phone number
[16:19.000 --> 16:21.000]  will be forwarded to your true number
[16:21.000 --> 16:24.000]  without having to share your true phone number.
[16:24.000 --> 16:28.000]  And so if you get, for example, a text message saying,
[16:28.000 --> 16:31.000]  hey, it's your bank, could you please
[16:31.000 --> 16:34.000]  change your password and go to this website and change it,
[16:34.000 --> 16:36.000]  that's an additional signal where you can see,
[16:36.000 --> 16:38.000]  well, this is not actually my true phone number,
[16:38.000 --> 16:41.000]  which my bank has, so this is probably a scammer.
[16:41.000 --> 16:44.000]  This is a pretty new addition,
[16:44.000 --> 16:47.000]  so unfortunately for probably most of you,
[16:47.000 --> 16:49.000]  also for myself, especially given that I work on it,
[16:49.000 --> 16:52.000]  it's not available outside the US and Canada yet,
[16:52.000 --> 16:56.000]  but hopefully soon.
[16:56.000 --> 17:00.000]  But yeah, so the point there is lots of this work
[17:00.000 --> 17:02.000]  is like the broadening of the scope
[17:02.000 --> 17:05.000]  beyond just tracking cookies.
[17:05.000 --> 17:08.000]  That's all quite recent works.
[17:08.000 --> 17:10.000]  You should saw like 2018 onwards,
[17:10.000 --> 17:12.000]  we started to broaden our focus.
[17:12.000 --> 17:15.000]  That's also when the security and privacy products team
[17:15.000 --> 17:18.000]  around then started.
[17:18.000 --> 17:21.000]  So yeah, we're not done yet, obviously.
[17:21.000 --> 17:25.000]  This is the overview of the timeline so far.
[17:25.000 --> 17:30.000]  And yeah, if you have any ideas of what we can do,
[17:30.000 --> 17:33.000]  do leave them on Mozilla Connect.
[17:33.000 --> 17:36.000]  And that's, I think, everything I had.
[17:36.000 --> 17:39.000]  Damn, my practice was so much slower.
[17:39.000 --> 17:49.000]  Thank you very much.
[17:49.000 --> 17:54.000]  And so does anyone have any questions?
[17:54.000 --> 17:58.000]  So especially with the IP and email protection,
[17:58.000 --> 18:04.000]  it really seems like you are a single part of Pavia.
[18:04.000 --> 18:08.000]  What do you do to mitigate any resistance?
[18:08.000 --> 18:14.000]  So the question was if, especially for Mozilla VPN
[18:14.000 --> 18:16.000]  and Firefox Relay,
[18:16.000 --> 18:20.000]  Mozilla is kind of the single point of failure there.
[18:20.000 --> 18:26.000]  And yeah, that's true.
[18:26.000 --> 18:29.000]  So the point of failure here is,
[18:29.000 --> 18:31.000]  for example, for Firefox Relay,
[18:31.000 --> 18:35.000]  if you're, imagine we're doing everything to prevent it,
[18:35.000 --> 18:39.000]  but imagine there's a data leak at Firefox Relay.
[18:39.000 --> 18:43.000]  What then happens is your email address still gets public,
[18:43.000 --> 18:48.000]  which is annoying, obviously.
[18:48.000 --> 18:50.000]  You're basically back at where you were before, right?
[18:50.000 --> 18:53.000]  But there's just one place where you could fill,
[18:53.000 --> 18:55.000]  i.e. Firefox Relay, rather than all those places
[18:55.000 --> 18:57.000]  that store your other email address.
[18:57.000 --> 18:59.000]  So yeah, it's annoying.
[18:59.000 --> 19:02.000]  Ideally, we'd have, I'm not sure,
[19:02.000 --> 19:04.000]  I'm sure Luke has probably a couple of ideas
[19:04.000 --> 19:08.000]  around minimizing that that we might look at at some point.
[19:08.000 --> 19:10.000]  It looks like you have an idea.
[19:10.000 --> 19:18.000]  Because especially if you like the central place where you store everything,
[19:18.000 --> 19:20.000]  you become a very attractive target.
[19:20.000 --> 19:22.000]  Yeah, that's true.
[19:22.000 --> 19:25.000]  So yeah, if we're a central place that has lots of email address,
[19:25.000 --> 19:27.000]  obviously we become a bigger target.
[19:27.000 --> 19:29.000]  That is true.
[19:29.000 --> 19:33.000]  I wouldn't say right now, Firefox Relay and VPN as well
[19:33.000 --> 19:39.000]  aren't that big compared to there's far bigger data faults.
[19:39.000 --> 19:42.000]  So that's definitely something we're aware of
[19:42.000 --> 19:45.000]  and want to minimize.
[19:45.000 --> 19:53.000]  I think right now, at least for me personally,
[19:53.000 --> 19:56.000]  for me personally, it's still worth it, right?
[19:56.000 --> 20:02.000]  The risk is smaller for using Firefox Relay.
[20:02.000 --> 20:07.000]  If I want to order a ticket, for example, like a concert ticket,
[20:07.000 --> 20:09.000]  I'll give them a relay address.
[20:09.000 --> 20:11.000]  They'll forward me the ticket and I'm done with them
[20:11.000 --> 20:13.000]  and I never need that again.
[20:13.000 --> 20:17.000]  If you're interacting with your bank, for example,
[20:17.000 --> 20:19.000]  I would use your actual email address.
[20:19.000 --> 20:25.000]  So yeah, there's definitely a risk calculation to make there.
[20:25.000 --> 20:28.000]  All these products are not a perfect solution.
[20:28.000 --> 20:33.000]  I think that's basically the threat in all this.
[20:33.000 --> 20:38.000]  It's all about trying to find that balance,
[20:38.000 --> 20:40.000]  trying to block cookies, for example.
[20:40.000 --> 20:42.000]  It's all trying to find this balance,
[20:42.000 --> 20:44.000]  how much tracking do we want to allow
[20:44.000 --> 20:46.000]  and how much breakage do we want to allow
[20:46.000 --> 20:48.000]  and there's always tracking that we can't prevent
[20:48.000 --> 20:51.000]  and there's always downsides of our anti-tracking measures
[20:51.000 --> 20:53.000]  that we can't prevent.
[20:53.000 --> 20:57.000]  So yeah, I wish I had a better answer, but that's it.
[20:57.000 --> 21:03.000]  We have a question also in Matrix.
[21:03.000 --> 21:05.000]  It currently doesn't work with Chalk.
[21:05.000 --> 21:07.000]  Ah, okay.
[21:07.000 --> 21:11.000]  So Danny on our Matrix is asking that,
[21:11.000 --> 21:15.000]  yeah, so he's asking about five folks
[21:15.000 --> 21:17.000]  relay phone number masks,
[21:17.000 --> 21:21.000]  not working with a bunch of tools.
[21:21.000 --> 21:25.000]  That is something we're aware of and working to fix
[21:25.000 --> 21:29.000]  for those who are familiar with phone number masking.
[21:29.000 --> 21:34.000]  Yeah.
[21:34.000 --> 21:37.000]  So my question is, is it correct to state
[21:37.000 --> 21:39.000]  that at the moment none of the services
[21:39.000 --> 21:41.000]  have been demonstrated to actually treat our data
[21:41.000 --> 21:43.000]  end-to-end as an end-to-end encryption
[21:43.000 --> 21:45.000]  so that you can't see our data?
[21:45.000 --> 21:47.000]  And the following question to this question
[21:47.000 --> 21:49.000]  is do you have any plans to implement
[21:49.000 --> 21:51.000]  end-to-end protection?
[21:51.000 --> 21:53.000]  Is it even realistic in this case?
[21:53.000 --> 22:01.000]  So the question is, do we end-to-end
[22:01.000 --> 22:03.000]  and crit the data we're handling?
[22:03.000 --> 22:05.000]  Obviously not applicable to everything,
[22:05.000 --> 22:08.000]  like cookie, et cetera, not.
[22:08.000 --> 22:11.000]  For emails that's basically not possible,
[22:11.000 --> 22:15.000]  because we need to know your email address
[22:15.000 --> 22:17.000]  to actually be able to forward email.
[22:17.000 --> 22:19.000]  We don't store the emails we forward,
[22:19.000 --> 22:22.000]  so we get them for them to you and forget about them.
[22:22.000 --> 22:24.000]  So...
[22:24.000 --> 22:26.000]  Damn it.
[22:26.000 --> 22:29.000]  VPN, actually I'm not sure.
[22:29.000 --> 22:31.000]  Maybe you're biased the way I am.
[22:31.000 --> 22:33.000]  Is that encrypted?
[22:33.000 --> 22:36.000]  I think your connection via VPN is encrypted, right?
[22:36.000 --> 22:40.000]  So, yeah.
[22:40.000 --> 22:43.000]  VPN works in a way that you generate like...
[22:43.000 --> 22:45.000]  We're using one.
[22:45.000 --> 22:47.000]  Sorry for putting you on the spot, but...
[22:47.000 --> 22:49.000]  Hi.
[22:49.000 --> 22:51.000]  Yeah, so the Mozilla VPN works
[22:51.000 --> 22:53.000]  using the WAGA protocol.
[22:53.000 --> 22:55.000]  So on the client, you generate your own private key
[22:55.000 --> 22:57.000]  and you only upload the public key
[22:57.000 --> 22:59.000]  to the Mozilla VPN network.
[22:59.000 --> 23:01.000]  And then during the server handshake with a partner,
[23:01.000 --> 23:03.000]  you generate the session key.
[23:03.000 --> 23:06.000]  So essentially, even if your public key gets leaked,
[23:06.000 --> 23:08.000]  we can't see anything.
[23:08.000 --> 23:10.000]  Yeah, so VPN is end-to-end encrypted.
[23:10.000 --> 23:19.000]  We can't see what you pass through there.
[23:19.000 --> 23:25.000]  Hey, I wonder how does Firefox Relay prevent spam?
[23:25.000 --> 23:29.000]  What kind of mechanism does it use to catch spam?
[23:29.000 --> 23:33.000]  So there's a basic spam filter.
[23:33.000 --> 23:36.000]  We make sure that if...
[23:36.000 --> 23:41.000]  So if we forward our email and you mark it as spam
[23:41.000 --> 23:45.000]  in your inbox, Firefox Relay gets a signal
[23:45.000 --> 23:48.000]  and stops forwarding emails to that email address
[23:48.000 --> 23:50.000]  to that spam.
[23:50.000 --> 23:52.000]  You know, it's spam.
[23:52.000 --> 23:56.000]  Does it use a spam assassin or R&B?
[23:56.000 --> 23:58.000]  I wouldn't know.
[23:58.000 --> 24:03.000]  So the question is, what service do we use to detect spam?
[24:03.000 --> 24:07.000]  Come to our matrix and I'll find out for you.
[24:07.000 --> 24:09.000]  Yeah, our backend engineers will know
[24:09.000 --> 24:13.000]  that I'm not involved with that part of the implementation.
[24:13.000 --> 24:15.000]  But we do have a number of anti-spam
[24:15.000 --> 24:17.000]  and anti-abuse mechanisms in there
[24:17.000 --> 24:21.000]  that we don't want to get blocked by other people as well.
[24:21.000 --> 24:23.000]  Thank you for the talk.
[24:23.000 --> 24:25.000]  It might sound like a stupid question.
[24:25.000 --> 24:28.000]  You mentioned the three or four products like Relay, VPN,
[24:28.000 --> 24:30.000]  and Monitor.
[24:30.000 --> 24:32.000]  Are they free, including the VPN?
[24:32.000 --> 24:34.000]  No, so the VPN is paid.
[24:34.000 --> 24:36.000]  I would also recommend you not to use a free VPN.
[24:36.000 --> 24:38.000]  They're almost all shady.
[24:38.000 --> 24:42.000]  Quite a few of the paid ones are also pretty shady, actually.
[24:42.000 --> 24:47.000]  No, so the VPN is, I believe, if you pay annually,
[24:47.000 --> 24:50.000]  I think five euros a month.
[24:50.000 --> 24:52.000]  I see not, so that's good.
[24:52.000 --> 24:54.000]  Firefox Relay has a free plan,
[24:54.000 --> 24:57.000]  which gives you just five email addresses.
[24:57.000 --> 25:00.000]  So that works, but then if you want to get every service
[25:00.000 --> 25:02.000]  a unique email address, that's not great,
[25:02.000 --> 25:05.000]  but it costs one euro a month.
[25:05.000 --> 25:09.000]  And Monitor is free.
[25:09.000 --> 25:13.000]  Yeah, and so part of this is also,
[25:13.000 --> 25:16.000]  part of what we're doing at Mozilla
[25:16.000 --> 25:20.000]  is building these privacy-protecting tools.
[25:20.000 --> 25:23.000]  We're also trying to find ways to have those finances themselves.
[25:23.000 --> 25:28.000]  So yeah, we're not trying to sell ad or anything.
[25:28.000 --> 25:30.000]  You pay for it, you're the customer.
[25:30.000 --> 25:32.000]  That's the idea there.
[25:32.000 --> 25:34.000]  Last question.
[25:34.000 --> 25:37.000]  So I think it's pretty obvious that the technologies
[25:37.000 --> 25:39.000]  that are being used to track us now
[25:39.000 --> 25:42.000]  kind of almost require us to have a sort of centralized entity
[25:42.000 --> 25:45.000]  to sort of resolve it, whereas cookie protection
[25:45.000 --> 25:47.000]  could be kind of done decentralized.
[25:47.000 --> 25:50.000]  And that obviously makes Mozilla as an organization
[25:50.000 --> 25:53.000]  kind of a target of critique, I guess,
[25:53.000 --> 25:56.000]  because you become centralized to some sort of tracking.
[25:56.000 --> 26:00.000]  Is there some sort of track or something that happens at Mozilla
[26:00.000 --> 26:03.000]  to mitigate the risks of being a single entity
[26:03.000 --> 26:05.000]  that could store too much information?
[26:05.000 --> 26:07.000]  For instance, in terms of relays,
[26:07.000 --> 26:11.000]  there is separate entity that, or an entrenched thing
[26:11.000 --> 26:14.000]  that tries to ensure that you don't store too much data,
[26:14.000 --> 26:17.000]  so that at least you can't kind of try to monetize it yourself.
[26:20.000 --> 26:22.000]  Yeah, everyone can hear it, right?
[26:22.000 --> 26:27.000]  So one strategy there that we have at Mozilla,
[26:27.000 --> 26:29.000]  we have our lean data practices,
[26:29.000 --> 26:32.000]  so that means collect as little data as possible.
[26:32.000 --> 26:34.000]  That's one way to mitigate that.
[26:34.000 --> 26:36.000]  And that's why Firefox Relay,
[26:36.000 --> 26:38.000]  it's why we only store your email address,
[26:38.000 --> 26:41.000]  we don't store the emails we forward.
[26:41.000 --> 26:45.000]  You can choose, so you can choose to store
[26:45.000 --> 26:48.000]  associations like which masks did I use on which website,
[26:48.000 --> 26:50.000]  but you can also choose to have that stored locally
[26:50.000 --> 26:53.000]  if you have the extension, or just not store it at all.
[26:55.000 --> 26:57.000]  And yeah, in terms of,
[26:59.000 --> 27:01.000]  it's definitely something we'd like.
[27:01.000 --> 27:04.000]  I'm not sure of initiatives going on there,
[27:05.000 --> 27:11.000]  and we do, not last my train of thought, but yeah.
[27:13.000 --> 27:15.000]  Thank you very much.
[27:15.000 --> 27:17.000]  Unfortunately, this last question we have time off.
[27:17.000 --> 27:19.000]  Please put the rest in the matrix room.
[27:19.000 --> 27:21.000]  Thank you.
[27:30.000 --> 27:32.000]  Well done.
[27:39.000 --> 27:41.000]  These are my notes.
[27:41.000 --> 27:50.000]  All right.
[27:50.000 --> 27:52.000]  I think we got 100% of them.
[27:52.000 --> 27:54.000]  That's what this came to, like 100%.
[27:54.000 --> 27:56.000]  Yeah.
[27:58.000 --> 28:00.000]  It's like fraction, like, oh god,
[28:00.000 --> 28:02.000]  I've been thinking to mom,
[28:02.000 --> 28:05.000]  and she's going to make sure I'm raising my phone.
[28:08.000 --> 28:10.000]  No, no.
[28:10.000 --> 28:12.000]  Obviously you're live.
[28:12.000 --> 28:14.000]  It connects.
[28:17.000 --> 28:20.000]  You have an adapter?
[28:20.000 --> 28:47.000]  Yeah.
[28:47.000 --> 28:50.000]  Let's see me if it's on.
[29:08.000 --> 29:11.000]  Why does it work?
[29:11.000 --> 29:14.000]  Turn on your second screen.
[29:14.000 --> 29:17.000]  It's not on, I think.
[29:20.000 --> 29:21.000]  It's difficult.
[29:21.000 --> 29:22.000]  It's difficult.
[29:22.000 --> 29:24.000]  So why does it not see it?
[29:24.000 --> 29:26.000]  Basically, we're asking about
[29:26.000 --> 29:28.000]  the current working part,
[29:28.000 --> 29:30.000]  where thousands have been located
[29:30.000 --> 29:32.000]  into that satisfied party.
[29:32.000 --> 29:34.000]  So it's conducted where,
[29:34.000 --> 29:36.000]  for example, ISPs aren't that trustworthy,
[29:36.000 --> 29:39.000]  like you had probably the first one.
[29:39.000 --> 29:41.000]  Well, it makes more sense,
[29:41.000 --> 29:43.000]  whereas in Lebanon,
[29:43.000 --> 29:46.000]  I think it would be very difficult.
[29:46.000 --> 29:49.000]  Yes, I can see you made it through.
[29:49.000 --> 29:51.000]  I get to try them all.
[29:51.000 --> 29:53.000]  It's a different department.
[29:53.000 --> 29:55.000]  I'm sorry, I'm loud,
[29:55.000 --> 29:57.000]  but if I don't see them,
[29:57.000 --> 29:59.000]  it's got to be there,
[29:59.000 --> 30:01.000]  so it doesn't go through.
[30:01.000 --> 30:04.000]  Yes, it's coming.
[30:04.000 --> 30:14.000]  Yes.