Online Safety: Helping People Help Themselves

September 16th, 2009

The online world is new enough that many of us aren’t really sure how we can keep ourselves as safe as possible. In the physical world we have generations of experience about how to minimize risk (beware of dark “shortcuts” through unknown neighborhoods alone at night), and well-developed social institutions to mitigate risk (police forces, insured accounts at banks, etc.). In the online world most of us are still learning what we can do as individuals to improve our own safety. Sometimes it’s daunting.

It turns out that one important thing each of us can do is keep our software up-to-date.  By doing so we get a regular flow of security improvements. Firefox has a good update rate. But it’s easy for people to forget to update software that we don’t think about very often. One type of software that’s easy to forget about is a category known as “plugins.” Plugin software works with a browser to display additional types of content. Plugins are not created by the browser developers; they are separate teams and separate software. Because of the interaction with the browser, many people don’t know or forget about updating plugins. And a crash or security problem in a plugin often feels like a problem in the browser. So it’s easy for people to think that they’ve fixed the problem by updating the browser when in fact the plugin is still a problem.

Last week Mozilla tried something new to help people help themselves. The results so far have been encouraging. We realized that a lot of people are using old version of the “Flash” plugin. We suspected that this is because people didn’t know they should update or that updating is an important safety habit. Flash is not a Mozilla product — it’s  from Adobe — so updating the browser doesn’t update Flash. And nearly everyone uses Flash to view video. So we put a notice on the Firefox update page, letting people with old, less-secure versions of Flash know that Adobe offers an updated version with security fixes.

The response to this notice has been very high. The percentage of people viewing this (in the English language, US version) and then following the link to update flash is about 30%. This is a very high response rate. A typical response rate for this page is around 5%. A more detailed analysis can be found at our metrics blog.

We’re very careful about putting anything on the Firefox update page, so asking people to deal with a different product is new. The response suggests that people are receptive to clear information about how to keep themselves safer. That’s encouraging. It benefits the individual doing the updating, and also provides a system wide “public health”- like benefit as well.

Online security is a tough problem. It will be with us constantly, just like questions of physical security never go away. There are things each one of us can do to improve our setting. At Mozilla we’ll keep thinking about how we can help people figure out and do these things. And hopefully we’ll be part of a growing community of people doing this.

11 comments for “Online Safety: Helping People Help Themselves”

  1. 1

    Lennie said on September 16th, 2009 at 10:38 pm:

    So what about the other frequently installed plugin that has had a lot of updates lately because it was targetted.

    The other one I’m thinking of is Acrobat Reader ofcourse.

  2. 2

    Pingback from Glyn Moody (glynmoody) 's status on Thursday, 17-Sep-09 09:01:24 UTC -

    […] a few seconds ago from Gwibber […]

  3. 3

    Kevin said on September 17th, 2009 at 1:17 am:

    Well, the right thing to do about Acrobat of course is to offer a Free alternative 😉 Something like

  4. 4

    Pingback from Tristan Nitot (nitot) 's status on Thursday, 17-Sep-09 11:49:35 UTC -

    […] more details on why Mozilla suggests Flash ugrade: […]

  5. 5

    Mitchell Baker said on September 17th, 2009 at 6:23 am:

    Yes, we’re thinking about other plug-ins and other things we might do to help people. And as in all things, how to be helpful without irritating people. They’re trying to use their browser, so adding to much, even stuff that we know is “helpful” can end up pushing people away if we’re not careful and attentive.

  6. 6

    iang said on September 19th, 2009 at 5:00 pm:

    Wow, good stuff! I feel nervous about the method, because responsibility for others’ problems should never be taken on without thought. But for high profile issues, I agree this can deliver an overall benefit. Or, at least it’s worth a try.

  7. 7

    Pingback from Above The Fold » 10,000,000 and counting update to secure version of Flash

    […] Mitchell Baker and Johnathan Nightingale also commented on the success of the effort in blog posts last week. […]

  8. 8

    Pingback from Firefox’s Flash check drives 10M to Adobe’s download « I.T News & Stuff

    […] is a very high response rate,” said Baker in a post to her blog . “A typical response rate for this [landing] page is around 5 per […]

  9. 9

    niketochina said on September 28th, 2009 at 5:49 pm:

    a very high response rate,” said Baker in a post to her blog . “A typical response rate for this [landing] page is around 5 per […]

  10. 10

    tech news said on October 7th, 2009 at 10:28 am:

    Informative post, I doubt and check details before installing any mozilla plugins. My email password has been already hacked using plugin method, so I am very careful about it.

  11. 11

    Tech Updates said on October 7th, 2009 at 10:32 am:

    Very good information about browser security. Now a days more and more peoples are using mozilla, this post will really help to make people more consious about browser security.

Skip past the sidebar