(Apologies to governance@; this isn't the right place for this, but
unfortunately going off-list and replying to just rstrong feels wrong
too. Setting f-up to privacy@ since that looks safely dead, but
mail/new shenanigans might prevent proper functioning there.)
On 01/14/2015 11:08 AM, Robert Strong wrote:
On Wed, Jan 14, 2015 at 10:41 AM, Ehsan Akhgari <[email protected]>
wrote:
On 2015-01-14 6:29 AM, Gijs Kruitbosch wrote:
Un Virumbi, naive question: would you really want to include the update
ping in disabling this? (ie no longer getting automated updates)
Seems to me like its privacy issues (which are very small) shouldn't
outweigh the risk of running a version with known security issues.
Well, to be fair, there is no right choice when choosing between privacy
and security. It would be nice if we ensure that update pings do not have
any potential privacy issues associated with them so that users who feel
they need to take action against this type of issue do not have to disable
updates.
The app update ping only contains data that is needed to serve the right
update for the system. Example from my system:
AUS:SVC Checker:checkForUpdates - sending request to:
https://aus4.mozilla.org/update/3/Firefox/38.0a1/20150113030205/WINNT_x86-msvc/en-US/nightly/Windows_NT%206.3.0.0%20(x64)/default/default/update.xml?force=1
Please remember that you still send cookies; here's what I got out of
Firefox debugging itself as I went to Help -> About:
optimizelySegments=%7B%22245875585%22%3A%22direct%22%2C%22245617832%22%3A%22none%22%2C%22246048108%22%3A%22false%22%2C%22245677587%22%3A%22ff%22%2C%22869421433%22%3A%22true%22%7D;
optimizelyEndUserId=oeu1421293036707r0.8592334519134582;
optimizelyBuckets=%7B%7D;
__utma=150903082.1914521133.1421293040.1421293040.1421293040.1;
__utmb=150903082.2.10.1421293040; __utmc=150903082;
__utmz=150903082.1421293040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmt=1
So it's got Google Analytics and Optimizely; both are for tracking.
Steps:
1) New download of latest release, 35.0
2) Start with firefox -profile (empty directory) -offline
3) Turn on browser + remote debugging; open the browser toolbox in
Network tab.
4) Click on Try Again in the first run page to go online and trigger things
5) Help -> About Firefox.
I have not checked the addon update ping; that presumably has similar
behaviour. Being privacy-oriented there would likely involve fetching
updates for each addon separately over a period of time to avoid the
ability to track people by the combination of addons they have installed.
Quick scan of things with timestamps in prefs: app update; addon update;
telemetry; FHR; sync; openh264 / gmp; safebrowsing; phishing. Not sure
if things like social that I've disabled involve pings.
When trading between user privacy and designing a better web site, user
privacy lost. (It should be obvious, but: I believe the right choice
here would be a request with no identifying information beyond the build
of Firefox in use, the OS it's running on, and the source IP address so
it can send the response.)
--
Mook
_______________________________________________
governance mailing list
[email protected]
https://lists.mozilla.org/listinfo/governance
