Mozilla Labs To Bring Address Book To Firefox

suraj.sun writes with this excerpt from Ars Technica: "Mozilla has announced the availability of an experimental new add-on for Firefox that is designed to import information about the user's contacts from a variety of Web services and other sources. The add-on makes contact details easily accessible to the user and can also selectively supply it to remote Web applications. ... After the add-on has imported and indexed the user's contact data, it becomes available to the user through an integrated contact management tool that functions like an address book. One of Mozilla's first experiments is an autocompletion feature that allows users to select a contact when they are typing an e-mail address into a Web form. ... To make the browser's contact database accessible to Web applications, the add-on uses the W3C Contacts API specification."

Danger... keep that door locked.

[LostCluster]

There's a reason why we don't keep address books in openly-readable unencrypted XML files.

Mix an easily-read address book with a small bit of untrusted code, and you've got a worm with the capability of sending victim-specific e-mail. Upload that list to a server, and you've just given your favorite people the gift of spam. Microsoft learned this the hard way when most users were using Outlook Express and Windows Address Book and both of them had wide-open for scripting interfaces, so that lead to a mess. We don't use those things anymore.

Please... let's make sure this requires a stored-password check so that we're sure only apps the user trusts to read the address book. All of the cool web apps are doing it.

Re:

[DarkKnightRadick]

While a very good point, it would be nice when I'm at a form trying to send someone an email from a web page (say for an article I want to share).

If they did a password check on the add-on, or had a list of trusted sites (with an unalterable block on untrusted sites), that would be even better.

Re:

[Darkness404]

...And how often does the average person do that? For me and most people the answer is... never. If I want to share a link, I copy and paste the address into where I want to share it. It takes, what, 2 seconds more? With all the privacy issues (after all the browser is the number one attack point of the average system) I'm not seeing the benefit.

Re:

[Thinboy00]

As evidenced by Facebook, Joe Sixpack doesn't give a damn about privacy.

Re:

[causality]

As evidenced by Facebook, Joe Sixpack doesn't give a damn about privacy.

I think that's only because Joe Sixpack has never taken a hard look at datamining techniques, the relative ease with which they can be implemented, and how this information can be misused. "I don't care about privacy at all" is like many other positions; it does not typically fare well among educated users who are equipped to make a factual cost-benefit analysis.

Re:

[Anonymous Coward]

As evidenced by Facebook, Joe Sixpack doesn't give a damn about privacy.

I think that's only because Joe Sixpack has never taken a hard look at datamining techniques, the relative ease with which they can be implemented, and how this information can be misused. "I don't care about privacy at all" is like many other positions; it does not typically fare well among educated users who are equipped to make a factual cost-benefit analysis.

True. But educated users who take a hard look at datamining techniques in order to make factual cost-benefit analysis of their daily activities are not, by definition, Joe Sixpack.

Re:

[Darkness404]

Yeah, but there is a big difference between being spammed via e-mail (which is generally work related) and Facebook which is home related.

Most people don't really care having what would normally be exposed in a conversation when compared to an e-mail address.

Re:

[poetmatt]

it's hard to say people don't care about privacy when the sites are deliberately misleading about what privacy you have. Facebook made the argument you did and it's a crock.

Re:

[geminidomino]

File->Send link

Opens your mail client, badda-bing. This is just more mozilla Kitchen-Sinking.

Re:

[morgan_greywolf]

"What's this 'mail client' you keep talking about? I just use Yahoo!"

Re:

[DarkKnightRadick]

Why open the mail client when the page already has a built in "send page via email" function?

Either way, I'm giving this plugin a test spin to see how it works.

Re:

[geminidomino]

Why open the mail client when the page already has a built in "send page via email" function?

Either way, I'm giving this plugin a test spin to see how it works.

Because the former method doesnt require "making the browser's contact database accessible to Web applications".

I'd have thought the last 15 years would have been sufficient to teach us not to trust the web.

Re:

[aztracker1]

Does it really make the contact list available to the application or just the user? Your auto-complete information isn't available via client-side JS, and I don't believe this is either... it's simply a more advanced auto-complete for certain types of form fields.

Re:

[geminidomino]

http://dev.w3.org/2009/dap/contacts/ [w3.org]

Unfortunately, your belief is wrong.

In fact, this is completely available via whatever language the DOM is implemented in. That's the entire point of the API.

Re:

[MichaelSmith]

There's a reason why we don't keep address books in openly-readable unencrypted XML files.

smithm@michael:~/.sylpheed-2.0$ cat addrbook-000001.xml

Re:

[coaxial]

Given that spam has been around for 32 years now [templetons.com], and with state of the art classifiers, spam really isn't that much of a problem for users. Most "spam" that gets delivered is actually from sites that the user has dealt with. Buy baseball tickets, and it seems like MLB emails you every two weeks. Buy concert tickets online, and you're autosubscribed to a marketing mailing.

While spam may be problem for network administrators, as a user, I simply don't care. It's literally not my problem.

Honestly. Even m

Re:

[scdeimos]

Most "spam" that gets delivered is actually from sites that the user has dealt with. *

* Citation needed.

Whenever I'm required to register an e-mail address for access to a web site I use [their domain name]@[my domain name], since I have my own domain. I've only ever had two of those addresses attract spam, and that's because both sites involved had their (fairly crappy) user databases compromised.

The majority of spam I see comes from addresses I've shared with groups of friends and relatives, and those "friends" have had their address books harvested by worms and trojans. Every couple of

PortableContacts.net and security

[chris-chittleborough]

Good news: web pages do require approval (through a permission dialog) to access address books. The extension's author says [mozillalabs.com]:

[T]here are two APIs. The internal “importer” API, which can only be accessed by [Firefox] extensions, allows you to perform arbitrary network and OS-level operations to get information into the system. The external “content” API, which can be accessed by any web page, allows you to request access to contact data (and then starts the “permission” dia

Great, another address book to get F*$ked up sync

[rimcrazy]

You know that is all I need... yet another address book that screws up all my contact lists when it does a sync with the 17 other address books I have......

Re:

[Dr. Evil]

'Sync'ing is the wrong solution for calendars, email and contacts. The right solution is to read all sources and present them simultaneously.

Re:

[Dr. Evil]

Caching.

Re:

[Dr. Evil]

Non-native device caches should be read-only. All devices aggregate from all sources. As long as you don't have a standard format which all your devices can read and write to, you will have to make some compromises.

It's far more forgiving to read a format incorrectly than to write to it. If it is absolutely vital for you to write in a particular situation, then you can weigh the risks of adding the contact, modifying the calendar, or whatever, vs., corrupting your calendar, creating a broken contact in

Yet another hole in my head!

[voodoo cheesecake]

Do you get a free purple pony on facebook too..... along with exclusive offers.....and a new credit report too?

Re:

[voodoo cheesecake]

I was being sarcastic there....

Um, why?

[thePowerOfGrayskull]

First of all, when I'm filling out a web form I'm *never* putting somebody else's information into it -- it's always my own. Second of all... actually, there is no second of all. When I'm using Firefox for email, it's just my front-end to GMail or other webmail which already has an address book. I'm not a big fan of the "well, I don't see a need therefore nobody should" school of thought; so I'd love to hear about use cases where this functionality is actually meeting some need not already handled more appropriately elsewhere.

Re:

[causality]

First of all, when I'm filling out a web form I'm *never* putting somebody else's information into it -- it's always my own. Second of all..

gee, when i fill out a web form, it's hardly ever anyone's actual information unless it's a legit site that really needs it (e.g. amazon) and i want them to have it. all those free-registration-required sites should never get your real information, never. virtually all of them do NOT need it

Agreed. Personally, I like to use Mailinator and other free, temporary/disposable e-mail services to deal with those Web sites that want to send a confirmation e-mail before you can gain access. A few of them seem to have gotten wise to this, and will consider e-mail addresses from certain domains invalid information on their forms. Fortunately, there are enough such services that it's really not hard to find one that they don't recognize as such. I think this is the best way to deal with the likelihood

Re:

[thePowerOfGrayskull]

I've been using gmail, and have started taking advantage of the feature where gmail will let you append things to your address. my.name+yourwebsite@gmail.com. That lets me identify pretty easily the ones who are abusing my address, as well as providing a simple rule for blocking them if they do.

Re:

[Thinboy00]

A lot of "social networking" websites ask for your password to your email so they can import your contacts. If the browser could (semi-)automagically give it that info, you'd close a huge security gap...

Re:

[Thinboy00]

P.S.: see e.g. tagged [snopes.com] for an example of such security issues (they take your contacts and spam them without your consent (or at least in a very sketchy way anyway)).

Re:Um, why?

[ucblockhead]

Given that I always say NO GODDAMNIT NO NO NO NO! to those requests because I don't want some idiot social networking fuckhead marketer spamming all my contacts, saying "we'll just do it automagically" fills me with terror.

Re:

[causality]

A lot of "social networking" websites ask for your password to your email so they can import your contacts. If the browser could (semi-)automagically give it that info, you'd close a huge security gap...

I'm assuming you refer to Web-based e-mail services like Gmail. I have no e-mail accounts like this, but I otherwise don't know what you mean. For example, the password to my POP3 e-mail account would not contain any of my contacts. Those are stored in my local e-mail client. I'm not so sure about IMAP, but POP3 remains much more common in either case.

I also don't use any social networking sites like Facebook or Myspace, so I am wondering if it is common for them to function as HTTP-to-SMTP gateways.

Re:

[maxume]

Good for you, you have correctly identified that you are not the target of this feature.

The sites import the contact list in order to simplify the process of 'connecting' with your contacts on that service (and I guess to invite them to use the service). A users page on the social site will have a list of their friends, with links to their pages. People find this easier than bookmarks.

The social site is not attempting to insinuate itself into your existing email system (but it will encourage you to use thei

Re:

[maxume]

That hole is being closed elsewhere (this feature depends on websites providing a Portable Contacts API, consuming websites can use that same API to obtain contacts, rather than asking users for credentials).

Re:

[thePowerOfGrayskull]

True, but that doesn't seem like what this is used for? As I read it, it's more for populating forms with other people's addresses from your address book.

Re:

[causality]

I'm not a big fan of the "well, I don't see a need therefore nobody should"

I take it you are not a government employee.

Re:

[thePowerOfGrayskull]

Also true. My first moment of surprise was that someone hadn't tagged this article with "bloat". While I don't necessarily agree with each app doing one thing, I *do* think it's best to stay within a single problem domain...

I want good export options

[Killjoy_NL]

This is all well and good, but I want good export options too.
I use Mozilla and Thunderbird at home, but I would love an easy option to export it to an Outlook format that I could problemlessly import in Outlook in a good format.
The place where I work (and probably the next place where I work) demands this kind of data interoperability.

No thanks

[93 Escort Wagon]

I don't personally see the need for this. I've been using Firefox on OS X for several years, and can't think of a single time when I've thought "gee, it'd be nice if only (use case mentioned in the article)". It did mention giving Gmail access to my OS X address book, but hey - I've been able to do that already for quite some time now, with no web browser intermediary required.

Additionally, given (what I perceive as) Mozilla's bad track record for finishing what they start when it comes to "added value" fun

Re:

[geminidomino]

It'll be great for all those morons that give out other people's email addresses to enter a contest!

I wish there was a way for people to contact me via email without them having my address! This is just one more way to get spammed.

There are. A properly-configured formmail (to go back a ways) or similar webform can do it.

Add a captcha or similar anti-robot check to cut down (but not eliminate) spam.

Seamonkey

[mister_playboy]

It seems you would be using Seamonkey instead of FIrefox if this sort of all-in-one approach was appealing to you. I don't see the point.

Re:

[Zarel]

Mozilla has announced the availability of an experimental new add-on

Emphasis on "add-on". That's the whole point of Firefox - it's not an all-in-one approach, and users who don't want it simply won't install it.

Re:

[owlnation]

Emphasis on "add-on". That's the whole point of Firefox - it's not an all-in-one approach, and users who don't want it simply won't install it.

In this case, yes. And I do welcome that this is, in fact, an add-on. If only they had done that for some previous "features" too -- the awesome bar, in particular.

As a few have pointed out here already, up to now Mozilla appears to have learned little from the past, and seemed determined to turn Firefox into the bloated mess that was the Netscape Navigator suit

Re:

[MacDork]

Agreed. Netscape Communicator died for a reason. It was a slow, bloated, 'all-in-one' package of crap. I'd prefer to see them working on more important things, like SVG animation. They're way behind webkit and presto on that one. HTML5 != address books. Firefox team needs to maintain focus on their core product... their rendering engine.

Re:

[AtlantaSteve]

Netscape Communicator died for a reason. It was a slow, bloated...

Ironically, this is exactly why I recently dropped Firefox and went BACK. While Seamonkey has a larger memory footprint than Firefox on initial load, it doesn't leak memory like a sieve... after a hour's use on my machine, it's still under 100MB whereas Firefox takes up 300+MB (both using essentially the same list of plugins). Also, Seamonkey's start-up time is a FRACTION of either Firefox's or Thunderbird's.

Firefox has completely forgotten it's original mission statement, and fallen victim to scope creep

Get your jacket and skis, cause we have to jump...

[Hurricane78]

Ok, I love Firefox’s add-ons and all. It’s great for web development.

But Firefox now officially has jumped the shark.

I’ll check out Opera. I’ve head they support user-supplied extensions too.

History repeats itself

[ucblockhead]

Why on Earth are they trying to turn Firefox into the Mozilla Application Suite!? There's a reason that failed, and Firefox, originally just an afterthought to quiet those complaining about Mozilla's bloat, won out.

What is wrong with "do one thing and do it well?"

In any case, I look forward to the next project, which spins off a browser from the Firefox project for people who just want a browser.

Re:

[hkmwbz]

Seriously, did you not notice the fact that this is not only an optional extension, but it is also experimental? You know, like Ubiquity.

Re:

[hkmwbz]

The point is that it's not build into the browser. It's experimental. And optional. They are also not implementing Ubiquity, but rather using what they learned there to improve the browser.

Re:

[ucblockhead]

I am all for improving the browser. I sure would like one that's faster, or uses less memory, or...

Oh, wait, you meant adding features, like last release's ultra-critical "pretty picture behind the address bar" update.

Re:

[hkmwbz]

What part of "optional experiment" is it that you do not understand?

Re:

[ucblockhead]

"Experiment" implies that they will later roll it into the browser, like the other "optional experiments".

Re:

[hkmwbz]

No, "experiment" implies that it is an experiment. Experiments are things you do to see how things work out. I'm pretty sure Mozilla Labs also makes it clear that experiments won't necessarily make it into the main product. Just like Ubiquity didn't, but some of the things they learned from that will.

Re:

[causality]

What is wrong with "do one thing and do it well?"

Absolutely nothing. That's an integral part of the philosophy behind the design of Unix and Unix-like operating systems. I believe it to be a very sound idea, which is why I use a Unix-like OS. Additionally, I think the KISS principle is especially important in a Web browser, as browsers are one of the main attack vectors for compromised computers.

Re:

[maxume]

Actually, Phoenix was mostly about cleaning up the XPFE mess:

http://home.kairo.at/blog/2007-05/old_xpfe_may_die_soon [kairo.at]

They also thought that a user focused browser would be a more successful product than a developer driven internet application suite. And then we found out they were right. It certainly wasn't an afterthought to the people doing it.

Re:

[DirePickle]

I know, I know! They can call it Phoenix, like it's rising from the ashes of Firefox!

If it's better than Gmail

[SpaghettiPattern]

If it's better than Gmail, I'll try it. I know, I sleep with the devil. But she's a pretty woman, does the things I like, doesn't seem to gossip and is quite taciturn.

Please fix Firefox 3.6 on Windows first!

[atari2600]

Even with minimal addons, FF 3.6 on my Windows machine takes upto a gig of memory after about 30mins of usage/being left idle especially with flash based sites. I don't have this problem on my trust Ubuntu netbook but the version of FF on that machine is 3.8. In the last one week, I've had to recommend 4 Firefox users to switch to Chrome (they've never even heard of Chrome). What's happening Mozilla labs? (Do an internet search for "firefox 3.6 memory hog"). So, umm, before introducing new addons - why don

Re:

[StuartHankins]

Wrong forum. If you're serious about having FireFox issues, post in one of their forums where you might make some progress. Here you'll get nothing but scorn. Well, derision and scorn. Anger, derision and scorn... wait, let me start over...

Re:

[Crimsonjade]

So wish I had mod points. +1 Funny

We already have Thunderbird why this?

[StuartHankins]

I can't think of any reason to include this into a web browser. System-wide, I use Address Book (I'm on a Mac). For those on Windows, Thunderbird has an integrated address book.

Am I missing something?

Oh, and Mozilla, DON'T SCREW UP THIS BROWSER kthksbye

Re:

[TheReal_sabret00the]

I don't use Thunderbird, I use Yahoo and Gmail. And while I don't generally trust websites with my contacts book, I am more than happy to let them search my Twitter to see if I have friends on the site, this experiment is simply an extension/road to that.

Address Book in Firefox?

[scdeimos]

Seriously? Mozilla, what flavour crack are you guys smoking this month?

There's already plenty of address book add-ons for Firefox and Mozilla, we don't need you guys adding another one to Firefox that will allow web sites to harvest contact info. If you want to do something address book-like, why don't you fix-up your LDAP support in Thunderbird so that it can actually create and update LDAP contacts - like you were supposed to have done in Thunderbird 2!

Forget an Address Book in Firefox

[rshol]

That's stupid. But, give us an address book in Thunderbird that will sync seamlessly with Gmail and I'd be deliriously happy.