On Tuesday, January 26, 2016 at 2:31:24 AM UTC-8, Gervase Markham wrote: > On 22/01/16 23:14, cmcgill wrote: > > "Push Notifications: Push Notifications allow sites to send > > notifications and updates to you if you opt-in. To receive > > notifications, Firefox sends information to Mozilla about what sites > > you have agreed to receive Push Notification from. > > On the SUMO page, it says: > > "On our server we store a randomized identifier for your browser, along > with a randomized identifier for each site you authorize." > > So the SUMO page suggests that Mozilla does _not_ know what sites you > have subscribed to (i.e. it only stores a randomized identifier), but > the privacy policy suggests we do know. Which is right? > > Also, it says "On our server we store a randomized identifier for your > browser". Is it possible for a user to change that identifier? Would > that break all of their Push subscriptions? Do we send this identifier > in any other context, which would allow cross-correlation? > > Gerv
Each Push subscription has two opaque identifiers associated with it: - one identifying the connected browser - one identifying the particular push subscription the user agreed to in her browser The collection of these identifiers forms a routing table. On their own, we currently can't infer what sites you've subscribed to. However, since Web sites send notifications to our servers, we can potentially both implicitly (e.g., via source IP) and explicitly (e.g., via voluntary application server self-idenitification for dev metrics) correlate these identifiers with the sending Web site. We worked with legal to arrive at plain language of "Firefox sends information to Mozilla about what sites you have agreed to receive Push Notification from." It may not be ideal, but I feel it's accurate. -chris _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
