John’s Blog

(photo credit: wikipedia)

Well, hmm. Featured on Fake Steve Jobs today — my dad will be so proud. No, seriously, Dad loves Fake Steve. Not sure how to respond to someone who’s wishing you a big dose of crabs — case of crabs? not sure what the word is there — so I’ll just go with “Hey, thanks!”

Anyway, lots and lots of interesting conversations going on about this the past few days — Mozilla is in an unusual position in that we are a mission-driven organization, but also have an actual product in the market that does compete with commercial organizations. Because of that competition, I think much of what we do & say gets viewed through a revenue/marketshare lens, regardless of intent. It’s easy to fall into that line of thinking — the world is geared towards it. And so it’ll continue to be a challenge for us, as Mozilla, to point out practices that are troubling in products that are competitive.

I think that no matter what we say, we’ll get articles and blog posts written about our motivations and whether they’re related to revenue.

But we’ll continue to make decisions and build products based on user experience first and let folks make their own minds up regarding our motives. That’s the way Mozilla has always been, seems to me.

update:  beltzner points out that Zoidberg is really more of a lobster-oid. To quote the good sideways-walking doctor himself: “Now Zoidberg is the popular one!“

What Apple is doing now with their Apple Software Update on Windows is wrong. It undermines the trust relationship great companies have with their customers, and that’s bad — not just for Apple, but for the security of the whole Web. What they did yesterday was to use their updater for iTunes to also install their Safari Web browser –what follows is some background and analysis.

Keeping software up to date is hard — hard for consumers to understand what patches are for, how to make sure they’re up to date.

It’s also critically, crucially important for the security of end users and for the security of the Web at large that people stay current. If people don’t update software regularly, it is impossible for them to remain safe; good software developers are creating improvements constantly. That’s why Mozilla spends so much time making sure our own Automatic Update Service works, and why we spend so much time agonizing over the user interface for the updates. We look at the data every time we do an update; we obsess about what we call “uptake rates” — the percentage of Firefox users who are on the most current version of the browser a day or a week or a month after release. As a result, Firefox users are incredibly up to date, and adopt very quickly.

There’s an implicit trust relationship between software makers and customers in this regard: as a software maker we promise to do our very best to keep users safe and will provide the quickest updates possible, with absolutely no other agenda. And when the user trusts the software maker, they’ll generally go ahead and install the patch, keeping themselves and everyone else safe.

Anyone who uses iTunes on Windows has Apple Software Update installed on their machines, which does just what I’ve described above: it checks for new patches available for Apple-produced software on your Windows machine, alerts the user to the availability, and allows updates to be installed. That’s great — wonderful, in fact. Makes everyone more likely to have current, patched versions of Apple’s software, and makes everyone safer.

Here’s screen that comes up on Windows XP if you’ve got iTunes installed:

(photo credit CNET)

The problem here is that it lists Safari for getting an update — and has the “Install” box checked by default — even if you haven’t ever installed Safari on your PC.

That’s a problem because of the dynamic I described above — by and large, all software makers are trying to get users to trust us on updates, and so the likely behavior here is for users to just click “Install 2 items,” which means that they’ve now installed a completely new piece of software, quite possibly completely unintentionally. Apple has made it incredibly easy — the default, even — for users to install ride along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices.

It’s wrong because it undermines the trust that we’re all trying to build with users. Because it means that an update isn’t just an update, but is maybe something more. Because it ultimately undermines the safety of users on the web by eroding that relationship. It’s a bad practice and should stop.

[I’ll make 2 points that I want to make very clear: (1) this is not a criticism of Safari as a web browser in any way, and (2) I have no objections to the basic industry practice of using your installed software as a channel for other software. This is specifically a criticism of the way they’re using the updating system. I’d much prefer to be writing about Firefox, but this practice hurts everyone and is important to note.]