Update: Intent to Ship Adjust SDK in Fennec
Hi, We wanted to follow up on an email sent in March regarding the Adjust SDK [1] we are implementing for the Spring campaign. This integration [2] will send data to a third party server. As we noted earlier, this isn't something we do at Mozilla often and we wanted to be proactive about our messaging. As we mentioned in March, there are good reasons for collecting this data. Our marketing and growth goals for 2015 will require spending non-trivial amounts of money. Our relationship with Adjust will enable us to spend that money responsibly and efficiently. Mobile installs come from App Stores, and it's harder to integrate into those systems. That's where the Adjust SDK comes in. We believe we've landed on the best possible implementation given the limitations of the mobile advertising ecosystem. This tool will ensure that we're not flying blind. Here's a summary from the March email that provides some background on the Adjust SDK: * This is an open source SDK, fully transparent, and is developed by a company based in Germany, but with offices in California and other places, widely adopted and regarded, who is beholden to the strictest EU privacy standards. * We will collect the absolute minimum data, once, to measure for install. We know exactly what data is being passed. * We're paying for the SDK and service, which is good because the vendor's model is not based on monetizing our data in aggregate to develop behavioral segments for other advertisers. * This will allow real-time optimization of marketing dollars, much like virtually all major mobile apps do, and much like we have already been able to do on paid marketing desktop for quite some time Our implementation will allow us to attribute an install to a specific advertising channel by using the a user's unique Google ID. When a user installs Firefox for Android, the unique Google ID is sent to Adjust. Adjust takes that and compares it to data from the networks we've placed ads. If they find a matching ID, that install is attributed to that particular ad network. This allows Mozilla to measure which channels are providing maximum impact. Adjust collects the following Fingerprint (hashed) and stores for a maximum of three hours: * IP address * Timestamp in ms * Country * Language/locale * Operating System * App Version Adjust hangs onto the following data permanently: * Attribution source (allowing us to measure which channel produced the best ROI) * Storage of hashed MAC address and/or device ID hashes together with app token We've done an enormous amount of due diligence prior to integration. Adjust went through a legal and privacy review. It also went through and open source review/analysis. The plan is to utilize Adjust beginning on June 2 for the Spring Campaign. We'll keep this tool in place until spending is completed on July 12. At the completion of the campaign, we will evaluate the success and make a decision as to whether or not Adjust will be used in future campaigns and releases. This is just a heads up email. We want the effort to be open and transparent. Many thanks, Winston [1] https://github.com/adjust/android_sdk [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1143888 ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Intent to implement and ship: User timing API in workers
Summary: user timing API in workers. We already have this API exposed to main-thread content but it's nice to have it also in workers, shared workers and service workers. Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1155761 https://bugzilla.mozilla.org/show_bug.cgi?id=1158032 Link to standard: http://www.w3.org/TR/user-timing/ Platform coverage: all platforms Other browser support: not in workers as far as I know. Thanks, andrea ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Intent to implement and ship: User timing API in workers
On Wed, May 20, 2015 at 1:16 PM, Andrea Marchesini amarches...@mozilla.com wrote: Summary: user timing API in workers. We already have this API exposed to main-thread content but it's nice to have it also in workers, shared workers and service workers. Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1155761 https://bugzilla.mozilla.org/show_bug.cgi?id=1158032 Link to standard: http://www.w3.org/TR/user-timing/ I think its important to note that User Timing on workers is not in the current spec. In particular, there is standard definition of the time origin for workers, although we have our own definition thanks to our performance.now() on worker extension. If I remember correctly, I think you are also exposing navigationStart in workers so that the script can inspect the current time origin in absolute terms. ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
[Planned] Tree Closing Maintenance Window, Sat May 23 2015, 0800-1800 PT
Trees will be closed, and other services (such as bugzilla) unavailable for periods of time. Forwarded Message Subject: [Planned] Tree Closing Maintenance Window, Sat May 23 2015, 0800-1800 PT Date: Wed, 20 May 2015 19:19:11 - From: m...@mozilla.com To: Issue Status: Upcoming Short Summary: Mozilla IT will have a scheduled infrastructure maintenance window on Saturday, May 23rd 2015, from 0800-1800 PDT. During this window we will: bug 1138448 - upgrade PAO1 SJC2 POP router from MX80 to MX240 bug 1161314 - upgrade releng switches bug 1149321 - Enable v6 sampling on borders bug 1164501 - SCL3 Switch Software Upgrades bug TBD - upgrade data center ethernet switches to recommended OS version bug TBD - enable ipv6 sampling on border1.phx1 and border2.phx1 bug 1164509 - Upgrade Zeus/Stingray/Steelapp to 10.0r1 bug 1166319 - Patch releng datacenter nameservers Mozilla IT Outage Notification: -- Issue Status: Upcoming Bug IDs: 1164561 Start Date:2015-05-23 Start Time:08:00 PDT Site: All sites Services: Impact of Work:The NetOps team and MOC will be monitoring impact closely but it is expected that there will be intermittent access issues beyond what is normally anticipated during the TCW. If you have any questions or concerns please address them to m...@mozilla.com Also, visit whistlepig.mozilla.org for all notifications. -- m...@mozilla.com - m...@mozilla.com ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Update: Intent to Ship Adjust SDK in Fennec
On 5/20/2015 1:07 PM, Winston Bowden wrote: We've done an enormous amount of due diligence prior to integration. Adjust went through a legal and privacy review. It also went through and open source review/analysis. As the data steward I've been working with both Winston and the engineering teams on this, and the data collection system is documented using the in-tree doc system: https://gecko.readthedocs.org/en/latest/mobile/android/base/fennec/adjust.html The Android advertising ecosystem isn't very healthy, but Adjust is a service provider that takes great care with their data collection and retention practices to reduce risk to users while measuring advertising spend and effectiveness. --BDS ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Intent to implement and ship: User timing API in workers
Not yet but the editor is in CC to the first email of this thread. About navigationStart, bkelly is right: in my patch I keep the navigationStat from the window performance object. When we don't have the window I take the creation time of the WorkerPrivate. On Wed, May 20, 2015 at 7:12 PM, Boris Zbarsky bzbar...@mit.edu wrote: On 5/20/15 1:16 PM, Andrea Marchesini wrote: Link to standard: http://www.w3.org/TR/user-timing/ This standard does not define this API in workers. Have you reached out to the working group already? -Boris ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Little Reminder regarding Pulsebot and Commits to Security Bugs
On Thu, May 21, 2015 at 2:46 AM, cb...@mozilla.com wrote: a little reminder that you still need to include/paste the commit url like https://hg.mozilla.org/integration/fx-team/rev/something to a security bug when you submit your checkin. Pulsebot can not make changes/comments to security bugs. It would be great if the bot could have write-only permission to those bugs (or probably make it also have read permission for its own comments). - Xidorn ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Update: Intent to Ship Adjust SDK in Fennec
On Wed, May 20, 2015 at 1:07 PM, Winston Bowden wbow...@mozilla.com wrote: Adjust hangs onto the following data permanently: * Attribution source (allowing us to measure which channel produced the best ROI) * Storage of hashed MAC address and/or device ID hashes together with app token nit: s/hashes/hashed/ here, no? That is Adjust will store a single hash performed as hash(hash(MAC/DeviceID) + App token) Correct? (Presumably this is to identify reinstalls or something.) best and thanks, Joe -- Joseph Lorenzo Hall Chief Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Intent to implement and ship: User timing API in workers
On 5/20/15 1:16 PM, Andrea Marchesini wrote: Link to standard: http://www.w3.org/TR/user-timing/ This standard does not define this API in workers. Have you reached out to the working group already? -Boris ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: AdBlock Plus as a ServiceWorker?
So is there something that ABP developers can do at the moment to reimplement their code without CPOWs co? And is it documented anywhere on MDN? On 08/05/15 11:21, Francois Marier wrote: On 08/05/15 19:42, Frederik Braun wrote: I thought that the APIs we brought into Firefox by implementing Tracking Protection were supposed to provide a better (canonical?) way to hook your own blocker into Firefox. Yes, as long as they're willing to stand up a server [1] that serves their lists in a different format [2]. Francois [1] https://github.com/mozilla-services/shavar [2] https://developers.google.com/safe-browsing/developers_guide_v2 ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform -- David Rajchenbach-Teller, PhD Performance Team, Mozilla ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: AdBlock Plus as a ServiceWorker?
The only way to do this now is to register a content policy in the content process using a frame script. That's how the shim stuff works internally. There's some reference to this at [1]. I'm working on an API that should make this easier in bug 1157561. It's not finished yet though. -Bill [1] https://developer.mozilla.org/en-US/Firefox/Multiprocess_Firefox/Limitations_of_chrome_scripts On Wed, May 20, 2015 at 7:10 PM, Francois Marier franc...@mozilla.com wrote: On 21/05/15 07:01, David Rajchenbach-Teller wrote: So is there something that ABP developers can do at the moment to reimplement their code without CPOWs co? And is it documented anywhere on MDN? There's nothing like that at the moment, but I'd be happy to work with a blocklist add-on developer to try and make it work. Francois ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Intent to implement and ship: document.execCommand(cut/copy)
I am not sure if this is the right avenue to raise concern (again) over not requiring a prompt. It seems that user action here implies that a user intended on having their clipboard destroyed intentionally. (Like requesting a SHA from GitHub). However, I created a very basic demo here: http://jsfiddle.net/azgugmjb/3/ that shows how easy (in Chrome 43) it is to abuse the user action. I really hope this shines some light on the potential for real world abuse. The user action in my demo is simply highlighting text. The use of `.select()` prevents the user from actually using the system keybinding for copying and will inject into their clipboard something other than what they intended. ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: AdBlock Plus as a ServiceWorker?
On 21/05/15 07:01, David Rajchenbach-Teller wrote: So is there something that ABP developers can do at the moment to reimplement their code without CPOWs co? And is it documented anywhere on MDN? There's nothing like that at the moment, but I'd be happy to work with a blocklist add-on developer to try and make it work. Francois ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Little Reminder regarding Pulsebot and Commits to Security Bugs
Hi, a little reminder that you still need to include/paste the commit url like https://hg.mozilla.org/integration/fx-team/rev/something to a security bug when you submit your checkin. Pulsebot can not make changes/comments to security bugs. This avoid confusion as example that i looks like a sheriff did the commit when a sheriff is marking the bug after a merge. Thanks :) - Tomcat ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform