>The privacy review bug is >https://bugzilla.mozilla.org/show_bug.cgi?id=1261467. >More details added below. >> On 04/04/2016 10:01, Romain Testard wrote: >> >>> We would use a whitelist client-side to only collect domains that are >>> part of the top 2000 domains (Alexa list of top domains). This >>> prevents >>> personal identification based on obscure domain usage. >>> >> >> Mathematically, the combination of a set of (popular) domains shared could >> still be uniquely identifying, especially as, AIUI, you will get the counts >> of each domain and in what sequence they were visited / which ones were >> visited in which session. It all depends on the number of unique users and >> the number of domains they visit / share (not clear: see above). Because >> the total number of Hello users compared with the number of Firefox users >> is quite low, this still seems somewhat concerning to me. Have you tried to >> remedy this in any way? >> > >We are aggregating domain names, and are not storing session histories. >These are submitted at the end of the session, so exact timestamps of any >visit are not included.
There's been a bunch of surprises over the last few years where "anonymized" data turned out to be de-anonymizable. This is the sort of data that feels like it could lead to surprises. I think this would need more looks by someone who actually understands that and where those risks come from (not me). There are added risks if you include the case of someone using our data *and* data from one or more 3rd-party sites, and that's not easy to reason about, which is why this needs careful consideration. >> Finally, I am surprised that you're sharing this 2 weeks before we're >> releasing Firefox 46. Hasn't this been tested and verified on Nightly >> and/or other channels? Why was no privacy update made at/before that time? >> > >We are shipping Hello through Go Faster. The Go Faster process allows us to >uplift directly to Beta 46 directly since we're a system add-on >(development was done about 2 weeks ago). >Firefox Hello has its own privacy notice (details here ><https://www.mozilla.org/en-US/privacy/firefox-hello/>). Since the collection is not enabled currently anywhere, how known-stable is it for beta? Having the code in a disabled state safely is one thing; having it known to be safe to turn on is another. -- Randell Jesup, Mozilla Corp remove "news" for personal email _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
