This string is about Mozilla’s announced plan to remove the EV UI from Firefox 
in October.  Over time, this will tend to eliminate confirmed identity 
information about websites from the security ecosystem, as EV website owners 
may decide it’s not worth using a n EV certificate if browsers decide to hide 
the data from users.  As noted in my last message, this will be a tragedy for 
users, as browser phishing filters and other anti-phishing services currently 
rely on website EV data in their algorithms for protecting users.

It’s interesting to note that others in the security ecosystem, such as 
Facebook, are going exactly the opposite direction from Mozilla to deal with 
fraudsters operating under false names or posting anonymously (like phishers 
do), and are now actually *requiring* the use of third-party confirmed identity 
information before they are allowed to use Facebook’s platform.  I include a 
link to today’s New York Times article on Facebook’s policy changes [1], and 
also Facebook’s actual announcement of the new rules requiring identity 
confirmation before posting. [2]

I hope Mozilla will reconsider its plan to remove the EV UI and instead work on 
a better, more streamlined design for a new Firefox UI that tells users when 
confirmed identity is present, and when it is not.  Apple seems to be handling 
this UI challenge well – just compare the UI on an iPhone for (green 
lock symbol, green URL for EV identity) to the UI for (black lock 
symbol, black URL for DV).  Easy for users to see the difference, no need for 
users to scrutinize the actual EV identity information (unless they want to), 
tells users in a simple, binary way whether or not the website has confirmed 
identity behind it or is anonymous.  And it fits nicely on mobile devices like 
iPhones – I assume Firefox is going to continue to show users at least what URL 
they’re at (like now), so that copying the Apple UI instead of the Chrome UI 
seems like it would be a relatively easy engineering task.  By making the 
Mozilla and Apple UIs the same, we would also be taking a step forward in 
standardization of browser UIs, which makes it easier to educate users on how 
to understand what the UI means – something we should all support.

@Mozilla – please give Facebook’s announcement on the importance of identity 
some consideration before you make a final decision on changing the Firefox UI.


Facebook Announcement: Updates to Ads About Social Issues, Elections or 
Politics in the US

People should know who is trying to influence their vote and advertisers 
shouldn’t be able to  cover up who is paying for ads. That’s why over the past 
few years, we’ve made important changes to help ensure more transparency and 
authenticity in ads about social issues, elections or politics.

Today, we’re sharing additional steps we’re taking to protect elections and 
prepare for the US 2020 election. Those steps include strengthening the 
authorization process for US advertisers, showing people more information about 
each advertiser and updating our list of social issues in the US to better 
reflect the public discourse on and off Facebook. 

New Disclaimer Requirements

In 2018, we started requiring advertisers to get authorized before running ads 
about social issues, elections or politics. We also save those ads in an Ad 
Library so they’re publicly available for seven years.

The authorization process already requires advertisers in the US to provide 
identification to confirm who they are and where they are located. Advertisers 
must also place a “Paid for by” disclaimer on their ads to communicate who is 
responsible for them. Despite these requirements, there are a number of cases 
where advertisers have attempted to put misleading “Paid for by” disclaimers on 
their ads. That’s why, starting mid-September, advertisers will need to provide 
more information about their organization before we review and approve their 
disclaimer. If they do not provide this information by mid-October, we will 
pause their ads. While the authorization process won’t be perfect, it will help 
us confirm the legitimacy of an organization and provide people with more 
details about who’s behind the ads they are seeing. 

Advertisers will have five options for providing more information, three of 
which demonstrate they are registered with the US government. If they choose 
one of the three government resource options, they will be allowed to use their 
registered organization name in disclaimers and the “i” icon that appears in 
the upper right-hand corner of their ads will read “Confirmed Organization.”
In addition to providing their US street address, phone number, business email 
and a business website matching the email, they must provide one of the 

1. Tax-registered organization identification number (i.e. EIN)

2. A government website domain that matches an email ending in .gov or .mil

3. Federal Election Commission (FEC) identification number

We also want to ensure advertisers who may not have those credentials, such as 
smaller businesses or local politicians, are able to run ads about social 
issues, elections or politics. Advertisers can also choose one of the following 
two options:

1. Submit an organization name by providing a verifiable phone number, business 
email, mail-deliverable address and a business website with a domain that 
matches the email.

2. Provide no organizational information and rely solely on the Page Admin’s 
legal name on their personal identification document. For this option, the 
advertiser will not be able to use a registered organization name in 

For advertisers that choose one of these two options, the “i” icon will read 
“About this ad” instead of “Confirmed Organization.” 

The “i” icons help people on Facebook and Instagram better understand who’s 
trying to influence them and why. Now, with one tap, people will not only see 
information about the ad, but they’ll be able to see the information Facebook 
confirmed, such as whether an advertiser used an EIN or FEC identification 
number. This will allow people to confidently gauge the legitimacy of an 
organization and quickly raise questions or concerns if they find anything out 
of the ordinary. ***

Looking Forward

Over the coming months, we’ll share more information on our efforts to make 
elections safer and provide greater transparency on the ads and content people 
see on Facebook. These updates will include: ***

3. Requiring all Pages for national candidates or elected officials to go 
through Page Publishing Authorization, which requires that Page administrators 
turn on two-factor authentication and verify their primary country location so 
that we can confirm these Pages are using real accounts and are located in the 

4. Exposing more information about a Page, such as the business or organization 
behind it.

We know we can’t tackle these challenges alone. That’s why we’re calling for 
sensible regulation and working directly with governments, watchdogs and 

While our efforts to protect elections are ongoing and won’t be perfect, they 
will make it harder for advertisers to obscure who is behind ads and will 
provide greater transparency for people. We’ll continue to share updates as we 
take steps to protect people ahead of the 2020 US election and beyond. 

dev-security-policy mailing list

Reply via email to