Glowing extension icon: signal site safety level to users

[danielgoldelman]

While we test our extension and build our analysis in the next stage of this project, it may be a cool idea to think about including recommendations to users about inputting data on the sites they are visiting. For example, if a site is sharing a lot of data, we may recommend that a user not put personal data into any forms. We could put green, yellow, or red dots in the popup with a tooltip that could explain why we would or would not trust this site with your data.

For users that are not well versed in the concepts used in this extension, this would be a very helpful feature, as it would justify putting time into learning more about the invasive procedures of the internet.

[SebastianZimmeck]

One of the critical points of this idea is what we use to say whether a site receives a green, yellow, or red color. We need something (1) meaningful and (2) reliable. One possibility is to just count the number of different ad, analytics, etc domains on it. If it is above a certain threshold, it will receive yellow or red. Maybe, there are also some practices that we find particularly bad, e.g. fingerprinting or cryptomining, that deserves a yellow or red light.

[SebastianZimmeck]

There is a difference in philosophy between our current pure factual privacy label approach and giving a possibly subjective rating of privacy. I am not saying we should do one or the other; just highlighting this difference.

If we wanted to stay in the factual realm, a scale like "This website has more trackers than 85% of all other tested websites" would be more on the factual site and may still provide guidance to users. Though, such approach would also be more intricate because it would require cross-site logic.

[SebastianZimmeck]

This is more of a thinking issue. We can all think about this. @notowen333 may specifically think about this.

[notowen333]

One idea is to make the spaceship glow (a lighter shade of the outline color or something else that fits in with the existing color scheme) when a certain number of labels are present. In this way, we let the user know that there is something to see without an implicit judgment about what they are going to see. So it would just be binary: glowing or not glowing based on a simple threshold.

[SebastianZimmeck]

Per the glowing ring in the same style as @kalicki1 implemented for OptMeowt's extension icon.

[SebastianZimmeck]

@notowen333 suggests of using just one color in the icon glowing if the number of labels is above a certain threshold. That would be simple and informative. Use non-judgmental color, too.

[SebastianZimmeck]

We discussed today that @danielgoldelman will take the lead on this.

[danielgoldelman]

^ Changes made so that the icon changes when above a certain threshold. Currently it just changes to the box with a question mark that was our previous logo:

Updates we need to discuss:

• What do we want for the replacement favicon?
• What is our threshold going to be?
• What is an adequate wait time for the initial dump of requests?

[SebastianZimmeck]

What do we want for the replacement favicon?

We could just have the background change colors like in OptMeowt. Though, rather than green, a light orange or some similar color may be better to signal that there is a problem.

Normal favicon:

Favicon in case of exceeding threshold:

What is our threshold going to be?

For the time being, let's pick something that seems reasonable; something that would have about a third of sites in the highlighted category. Setting the threshold and how exactly to do it we can address later. We would need to look more into it. Could you open an issue on that, @danielgoldelman?)

What is an adequate wait time for the initial dump of requests?

What is the wait time? The time for determining whether the threshold is exceeded, after which the changed favicon is displayed, ...?

[danielgoldelman]

@SebastianZimmeck When a website is first loading, there is a large amount of requests that appear very quickly, which tapers off quite fast. Since we don't want extra analysis per request, my thought was to change the favicon after checking if that initial dump of requests created enough evidence to go above our threshold. Thus the wait time is there so that we wait until the initial dump terminates, then change the favicon accordingly.

[SebastianZimmeck]

Yes, that is a good idea! Let's do it that way.

[danielgoldelman]

^ moved constants to constants.js, small change to make sure that we are displaying the correct favicon. There are a few examples where changing the page can keep the incorrect favicon, but this change fixes that problem.

I believe that 5 seconds is a good cutoff. By simple calculation using a limited number of sites, >90% of requests we generated evidence for occurred within the first 5 seconds after loading a site. I believe we should wait for full testing to determine the correct threshold.

Next step is to get the new favicon for large evidence.

[SebastianZimmeck]

Next step is to get the new favicon for large evidence.

Large evidence is evidence surpassing the threshold, or what is it?

[danielgoldelman]

^ New favicon added. Now it goes from our normal purple rocket ship to being the blue tint we formerly had for third parties.

[SebastianZimmeck]

Great, @danielgoldelman! Is the rocket also now uniform across the favicons and other assets?

[danielgoldelman]

@SebastianZimmeck, @Lr-Brown and I tried out multiple variations of our favicon recently, and the more stylized rocket was too small to really be able to seen easily when in dark mode (we tried multiple color variations). I am now thinking that keeping the original favicon, then just changing the color of the rocket, is a better approach. We should discuss/view the current change today.

[SebastianZimmeck]

Sounds good, @danielgoldelman!

[SebastianZimmeck]

@notowen333 will provide the final touches.