On Wed, Mar 18, 2015 at 2:49 PM, <kgu...@mozilla.com> wrote: > On Wednesday, March 18, 2015 at 2:29:32 PM UTC-4, Mark Finkle wrote: > > There are good reasons for wanting to collect the data. Our marketing and > > growth goals for 2015 will require spending non-trivial amounts of money. > > The data will help us spend the money responsibly and efficiently. > > > We still need to audit the open source SDK to see exactly what data is > sent > > and how it's collected. We also have started doing a > security/privacy/legal > > audit of the vendor and their collection/storage practices. > > These two statements to me imply that (1) we don't have a clear idea of > what data we *want* in order to help us make spending decisions and > consequently (2) we are free to pick a 3rd party provider which provides > as-yet-unknown amounts of data, with the assumption that it will give us > what we want. > > It seems to me that when doing something as privacy sensitive as this we > should probably figure out exactly what data we want to collect *first*. > Then, if and only if we can't collect it using in-house code, we should > consider going with a third party service. Thoughts? > > Good points. I can clarify a bit:
1. We only need to send enough data to allow the 3rd party vendor to associate an install with an ad campaign. We believe that should only be the Google Advertising ID. And we should only need to send this ID when launching an install that occurred from ad campaign. We have been doing this via the Google Campaign Tracking [1] system, which we convert to Mozilla Distribution IDs. We can't do that with any of the important Mobile Ad Networks because they strip (or override) the Campaign Tracking URL sent to Firefox via the INTENT_REFERRER intent. A side note: The Google Advertising ID should also allow the Ad Engine to optimize the way Firefox ads are served to various ad networks too. This is the "using our money efficiently" part. 2. The vendor and SDK allow for collecting more data. The SDK supports mechanism that mirror Mozilla's FHR and Telemetry data collection systems. We do not want any of these systems or data to be collected and sent, even accidentally. The audit of the SDK and a discussion with the vendor will hel;p us lock down parts of the SDK we do not want to activate. All that said, we are continuing to audit and discuss with the vendor to make sure our assumptions are valid. [1] https://developers.google.com/analytics/devguides/collection/android/v4/campaigns _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
