61 comments

[ 4.0 ms ] story [ 110 ms ] thread
> designed to simplify and strengthen the online trust and safety model.

Is this intended for the publisher to implement filtering, or for the publisher to declare semantic labels which can be filtered by 3rd-party sites with consistent editoral viewpoints?

"Strengthen the online trust and safety model" is a weird way to say "no porn."
It has many other uses, IMO.

- Disable signup/require COPPA form to be mailed & signed

- Filter out explicit content from user-generated content

- Disable vulgar sections from a blog

- Prohibit downloading software

etc

Most of these are horrible suggestions for the same reason Do Not Track is useless - no enforcement or guarantees make it pointless. Especially that last one. LOL. The notion of a webpage blocking me from downloading because of a header that my platform's client browser sent? Pfft.
> - Disable signup/require COPPA form to be mailed & signed

Somewhat off topic, but I think 13 is considerably above the age where kids have a reasonable interest in being able to actually use the web. When I was a few years younger than 13 (10 years ago...), I once accidentally put my true birthday into AIM, and was subsequently banned from the service I used to communicate with friends from school. Recently, the same happened with one of my sister's friends and Gmail. Does anyone actually think these forms are a good thing?

I don't think forms are the answer. I think it should be around 9 or 10, honestly. I'm not too sure what would replace forms though.
Sounds like a great way for kids to learn how HTTP debugging proxies work.
Was just gonna say that; "Users won’t find any UI in Firefox to enable or disable Prefer:Safe, which becomes one less thing for kids to try to circumvent to disable this control."

That's good, make them hackers instead by making them implement their own HTTP-proxy :)

Can I start sending "Prefer: Unsafe" headers and expect to see a difference, too?
I have to say, I don't really care much for this, and I'm surprised to see it coming from Mozilla.

"Prefer:Safe" is rather vague-sounding. I was expecting something about incorporating something like "HTTPS Everywhere" into Firefox.

I understand the appeal of something to prevent kids from stumbling across porn or violence online, but let's not muddy words like "trust" (which mean something very different when talking about security and privacy) with the concept of age-appropriate content.

I think the idea isn't so much a porn filter as it is a "treat this user as a child" request. So, for example, social networking sites might work in restricted mode.

I do agree "prefer safe" is a very poor way of expressing that desire, though. Maybe "child-safe", but not just "safe", which implies a related but different idea.

If this takes off at all, I can see the sites reacting by altering the advertising group selection based on the presence of the header.

"Cool, an under-10 browsing. Let's push all the autoplay toy videos we have in rotation."

I already get the creeps from the toy ads squeezed between and in the middle of children's TV shows.

I agree… If this is only done when, Parental Controls, are enable from the OS level. Then a:

"parental-control:enabled" header would make more sense, right?

"Won't someone think of the children?" comes to the HTTP standard.

Seriously though, this seems totally reasonable although "safe" does seem like an odd word choice. Maybe "modest" instead?

I'm thinking it's in the same category as "Safe For Work" and "Not Safe For Work".

But yeah, I expected a HTTP header that would, say, redirect to an encrypted version of the webpage, sort of like HTTPS Everywhere, but on the browser-server level.

NSFW is just another undefined concept. It depends on your work, on your culture/upbringing and the society you live in.

If I stumble upon pictures of tits because someone posted a link to a yellow press newspaper site or a random celebrity scandal, I .. misclicked because that wouldn't interest me in the slightest. But it wouldn't be unsafe, not even for work. On the other hand, I wouldn't exactly want to end up on a nazi propaganda page (even if I'm merely looking at current splitter groups/facts around news reports about these sort of braindead idiots). I would feel very bad about leaving a trace like that - even if I don't think I'd have to face any sort of consequences.

Point being: Safe™ is undefined, for minors or employers. You can try to find a GCD, a common global set - and you'll fail/end up with a balance act between false positives and misses.

I prefer to be safe. Can I be safe while browsing porn?
A header Id rather see is Cookies: I-know-what-they-are-for

"don't show me information about cookie usage".. )

Agreed. Can't believe the alert has to be implemented on all the websites, instead of requiring browser vendors to provide an alert (that can be globally disabled.
That would be against the law. Talk to your MEP, not browser maker, if you want to change it.
This is what websites want you to think.

Do it badly -> annoy users -> no more laws that protect users.

I was with them until they mentioned "one less thing for kids to try to circumvent to disable this control". If a kid is actively trying to circumvent the parental controls, this is no longer about "protection" but about control.

In other news, the Feynman lectures on QED are blocked in "safe" mode. https://www.youtube.com/watch?v=yvl6TBGEoO0

It's up to content providers to honor the header. I can't expect that to happen very easily when explicit content is involved, although the avenues to find that content (such as Google) might be amenable.
I can't expect that to happen very easily when explicit content is involved

Why not? Porn sites aren't interested in appearing to kids, which are unlikely to pay for their stay.

Just wtf is this. Mozilla now jumping on the "omigod teh childr0n" bandwagon, too?

Any reasonably educated child can easily disable all of these "safety features" (e.g. boot the machine at night from USB stick...). These "features" are nothing but placebos for parents too incompetent to educate their children.

I think you misunderstand. This is a feature for 5-6yo, not for 11-12yo
[Citation Needed]

Spec makes no mention of age groups this is supposed to be used for aside from "children".

It is a matter of common sense. You can't reasonably control internet usage of teenager (and probably shouldn't). While 5yo is an avid user YouTube and google and it is a good idea to filter things they can get to
You cannot try and refute an argument based on something that is not in the spec and is "common sense" since "common sense" is not a defined value for a spec that has global implications.
Spec shouldn't define what's good and what's not for your children. That's something for parent to decide. Spec defines a "tool" which can be used by parent who thinks it makes sense for them
Then you cannot defend things as "It is meant for X year olds, not Y year olds" when someone decries the feature as easily bypassable.
I would say that the answer for the 5 year old scenario is supervision.
sure. but having several layers of "defense" is still a good idea
I would freaking love it if Youtube had the sense to not serve adult adverts during obviously children's programming.
>(e.g. boot the machine at night from USB stick...) Well it does not work, if I use a transparent proxy at home which injects "Prefer: Safe" in every HTTP request header.
In which case the browser support and whole article is useless and nothing new for that kind of weird setup.

Although I'd recommend being a responsible admin/parent in that case instead and, with the _correct_ infrastructure for this scenario already in place, define filters for things you don't like or white lists for things that are okay for your network, instead of begging the internet to correctly guess your moral boundaries.

So parents can sleep easily and kids learn how to boot machines from live USB distros? Sounds like a win-win to me.
I wonder how they're going to implement the "no circumvention" part.

Surely there's an option in about:config that affects the new behavior? Is about:config disabled too?

There are also dozens of add-ons that lets you control every single header. Are add-ons disabled too, or is there going to be a blacklist of header-modifying add-ons?

It will take less than a week for point-and-click circumvention tools to become available all over the place. Just download this little .EXE that makes a small change to your Firefox profile and might or might not also contain malware! Should Google block searches like "how to disable Prefer:Safe" if such searches come from a browser that already has "Prefer:Safe" enabled?

It will take less than a week for point-and-click circumvention tools to become available all over the place. Just download this little .EXE that makes a small change to your Firefox profile and might or might not also contain malware!

This is supposed be activated by Windows Parental Controls, which already allow you to block the user from running unknown .exe files.

Soooo.. This is sending "Hey, this is a kid on a restricted machine" to all servers now?

I mean I fail to understand the original idea, obviously. It makes no sense to me. But I question the value of the above - basically now the server can _just as easily_ do crap with that information. You can now identify minors (using that feature). Beautiful.

The server operators cannot decide what 'parental control' would mean for parents, they cannot decide what is ~okay~ or what isn't. Referencing a random US regulation/law (COPPA?) in a discussion about international traffic, international browser products seems crazy.

If you want to prevent your kids from accessing 'stuff', make sure that 'stuff' is filtered on their machine or better on the edge of your network. Don't believe that random guys on the net will correctly guess what you find questionable content for kids and hide it, because .. your kid's browser sent a friendly "My parents didn't allow me to see unspecified things" header.

Edit: I reread that thing over and over again. Something else that utterly blows my mind is this:

Users won’t find any UI in Firefox to enable or disable Prefer:Safe, which becomes one less thing for kids to try to circumvent to disable this control.

Newsflash: That includes the parents. Unless that is utterly misleading (or my English as a second language parser fails) this means that I, as a parent [1], can NOT

- activate parental control features that are somehow detected by Fx

- opt out of that idiotic header that announces decisions from my private household to each and every server, starting with Google for example

1: Hypothetical example. While I've got two kids, but both are too young to operate a computer yet and I probably won't buy into standard 'parental control' solutions anyway.

Agreed; "The server operators cannot decide what 'parental control' would mean for parents" is the most important part, for me.

There are as many definitions of "what is appropriate for kids to see" as there are parents.

The decision belongs with the parents, not with the 3rd party sites who, let's not forget, are the ones supplying the content in the first place.

This just seems like an utterly naive and vague idea.

I exactly had the same idea... I would also add that this thing is going to be useless anyway because not all the websites are going to implement it. So you will have this header + the traditional blocker...

It's totally unrelated but something I would really like to have right now would be a header with the average connection bandwidth (or just thresholds). This could be really useful to reduce the amount of data sent if the connection is really bad.

I exactly had the same idea... I would also add that this thing is going to be useless anyway because not all the websites are going to implement it. So you will have this header + the traditional blocker...

It's not useless, since it allows the site to avoid being blocked by hiding the "bad" content. Ideally blockers would be smart enough to recognize and block only the "bad" DOM elements, but they usually just block the whole page, if not the whole site.

That is absolutely meaningless. What is bad content? The header doesn't tell what the client considers 'bad' or not 'safe', it's a bool.

Given that, I see these possible outcomes

- the client's admin might not care about this site at all (effort to hide stuff would be wasted?)

- the client's admin might consider content 'unsafe' that seems fine/okay to the site operator => Blocklist, failed to archive what you suggest

- the client's admin might consider content 'safe' that the site now refuses to share => Curse site and Mozilla, switch browsers and/or consider that site broken and the operators morons (similar to 'breaks zoom on mobile devices' today, for example)

Sure, all those outcomes will happen, since servers and filters will have to implicitly agree on what is "safe". But the type of content blocked isn't random; there are a few prevalent concepts and terms which site operators are likely to follow.

That said, I think the implementation should have an admin-controlled site whitelist and even a way to disable the header even if parental controls are enabled, to prevent (3).

Your comment about the bool, got me thinking. This would have been better implemented if it was thought of along the lines of movie rating system.

http://en.wikipedia.org/wiki/Motion_picture_rating_system

However, this got me thinking that across cultural lines there are a lot of shades to what is "safe". So a website based in Austria might want to restrict different content than a website based in Australia, and who knows where the "browser" is based.

Of course your comments about the site actually implementing anything/correctly still apply.

I vaguely remember in the early days of the web (95-96?) there was a hopeful rating system very much like what you get for movies. I can't remember what the header was, but it was formatted something like "Violence 1; Sex 10; Drugs 5; Gambling 0". For obvious reasons it didn't catch on.
You can't identify minors because this isn't just a feature for minors but, e.g., for companies or public terminals as well. Of course it depends on the websites to deal with it. But, e.g., most popular porn sites actually do care about stuff like this.

There is no UI in Firefox because Firefox uses the operating systems parental control features to enable/disable it. And those features should have a UI within the system. That's why it is only implemented for OS X and Windows at the moment.

Your last paragraph is what I can't understand. Ignoring OS X for now (wouldn't know a thing about that):

Parental control in Windows just lets me set time limits/limits on what programs/games I can run as far as I know (just double checked microsoft.com and that's what they list as well). Given that and my understanding of the Fx feature means that Fx understands that this is a machine with parental controls enabled and _shares that with the world_.

That is nonsense. It's crap. The world cannot (as I stated before) decide what is okay and what not. Going with your porn example (I .. kinda expected that): I'd be entirely fine with a 16yo kid to look at porn. I might not want that very same kid to use the computer around 2am in the night. For the latter I can use parental control features. You (and Mozilla) force your (weird, from this pov) moral/set of values on me. Enabling parental control does NOT mean that I want the world to know about it. It also doesn't imply that porn isn't okay. On the other hand, maybe I would put the NRA website on the list of things I don't want to see in my household. No one can decide what is okay or not - except for the parent/admin.

"There is no UI in Firefox, because Firefox uses the OS parental control features to enable/disable it" is missing the point. Unless I fail to understand what this does I cannot use the parental controls without Firefox/Mozilla abusing that flag and asking the YouPorn administrators for parental support.

This is a misfeature and at best useless, although I'd lean towards harmful and wrong.

You are just assuming things here. I don't know the parental control features of Windows. And I don't know when this will be enabled. But I don't see a reason why this should be always enabled as soon as parental features are used. In the end Mozilla is implementing a Microsoft proposal here. I would assume that the parental controls have a setting to enable it. So it kinda seems to me that you are building a strawman to attack.

If you want to block specific websites or specific content then you obviously need to use a different tool as well.

Hah. I'm assuming things, you attack my arguments with .. assumptions.

If you look at the code [1], you'll notice that it exists _today_. There is no feature in Windows that says 'I want to restrict this account to a "safe" internet experience' and that wouldn't make a tiny bit of sense as I expressed elsewhere. Again, if you look at the code it seems (Disclaimer: I'm neither familiar with the Fx codebase nor really a C++ guy) easy enough:

    DWORD settings = 0;
    wpcs->GetRestrictions(&settings);
    
    if (settings) { // WPCFLAG_NO_RESTRICTION = 0
      gAdvAPIDLLInst = ::LoadLibrary("Advapi32.dll");
      if(gAdvAPIDLLInst)
      {
        gEventWrite = (decltype(EventWrite)*)GetProcAddress(gAdvAPIDLLInst, "EventWrite");
        gEventRegister = (decltype(EventRegister)*) GetProcAddress(gAdvAPIDLLInst, "EventRegister");
        gEventUnregister = (decltype(EventUnregister)*) GetProcAddress(gAdvAPIDLLInst, "EventUnregister");
      }
      mEnabled = true;
    }
While I admit that I argued based on 'assumptions' (more .. based on what I know about these parental controls and what the article states), these are the facts.

If I translate that into prose (correct me..) that reads as "If the OS supports parental controls and ANY restrictions are active, then set this boolean flag to true". Now, before you argue that these still are just assumptions about how this flag is used ... let me present [2]:

    // add the "Send Hint" header
    if (mSafeHintEnabled || mParentalControlEnabled) {
      rv = request->SetHeader(nsHttp::Prefer, NS_LITERAL_CSTRING("safe"));
      if (NS_FAILED(rv)) return rv;
    }
Ignoring the weird comment: That translates into "If the user _opts in_ to use this header via a setting OR if we detected random parental control restrictions from [1], add the crappy header to the request"

The documentation of the Windows parental control API can be found here [3]. Note that there isn't a feature that says 'add a random useless header' or somesuch nonsense. Glancing over the docs it seems to be possible to register extensions to the parental control environment, and _those_ might offer a 'Get a random different version of the internet, maybe' option in theory. But that doesn't seem to be the case and the check at [1] and [2] seems rather broad.

IF this whole thing would be a configurable (by the responsible admin) feature (and .. ideally opt-in, not a crazy default), THEN I'd just laugh at the people that want that, but wouldn't complain. Based on every fact I can get my hands on that is NOT what they do.

Do you still disagree, at least with the implementation?

1: http://mxr.mozilla.org/mozilla-central/source/toolkit/compon...

2: http://mxr.mozilla.org/mozilla-central/source/netwerk/protoc...

3: http://msdn.microsoft.com/en-us/library/windows/desktop/ms71...

Nice work researching this. Yes, I'd say that always enabling it as soon as some parental control features are enabled is a bad decision. Maybe this should be a bug report. But we should also note that Mozilla follows Microsoft's implementation here.
My feeling is that most of the people talking here do not have children yet. As a father, I would be really pleased to have such header accepted by many providers to just filter out content which is clearly not for kids.

A small example, I am French living abroad, if I want my kids to read a bit the news, I cannot send them on one of the 3 "major" French newspaper to read a bit. Why? Because at the bottom of the first page, they put a lot of sexual content like fully naked women wresting. If this header could remove such content, together with videos where people are beheaded. I would be pleased. Really.

If you start to think that this is censoring content, it is not, it is journalist work, that is, providing adapted content to the visitor.

I would imagine the newspaper you refer to is not regarded as a serious newspaper, but I am not too familiar with the French publications. Surely there are other ones you could trust them to browse.

Which one were you referring to again?

How can the sites tell that this content isn't okay?

I posted an example elsewhere in this thread: I might want to limit a 16yo with parental controls to avoid having them use the computer the whole night, but I wouldn't mind them seeing (naked) girls on a yellow press site, if that's what they stumble upon.

I'm also reasonably sure that your particular problem could already be solved on the client site, today, and that would even make sure that your personal take on moral values is respected. Plus, as others have stated, 'parental' controls might be used for a "kiosk mode" in a hotel or elsewhere (for .. whatever reason). Would you really want these scenarios to result in the same thing ("Content filtered on a news site"), both for your personal kids and for random mature people elsewhere?

do not have children yet

"Yet"? You mean, everyone will eventually have children, and only people who have children can discuss such things?

The Web is about statelessness and hyperlinking, so I'll note that:

1) Javascript breaks stateless linking.

2) Mobile versions and browser detection breaks stateless linking.

3) Censorship headers like Prefer:Safe, and censorship in general, breaks stateless linking.

And the list goes on. Some state and inability to link is inevitable, but this is not.

Mozilla: please get back on track for a strong/stateless and cite-able web. Headers are not the place to build a censorship "UX."

Also, "safety"? That's not helping. Almost no one uses NetNanny, or similar software and, while I'd like to think we've grown as a species, even if we haven't, it doesn't make sense to force something most Web surfers have already rejected back down their throats. (And it is forcing them, even if it's optional. The social implications of even "optional" headers will be with us for a very long time.)

A browser especially should strive to be neutral, unless you want to start getting requests from governments and industry to block sites directly in the browser. Google handles a million or more every day and they are just and index list... You can't expect a different fate without discarding neutrality as a core principal.

Cite-ability requires availability, and censorship - the Web-equivalent of a frontal lobotomy - contradicts the very essence of your product. I'm starting to feel ashamed to be using a browser made by an organization that doesn't understand that.

Looks like they just enabled phishing / malware / etc sites that can target unsupervised kids and show innocuous content to everyone else.