Hi Alicia, would you mind throwing your hat into the ring here? A bit of background to catch you up: The Lockwise mobile apps and desktop extension generate random ids for each entry in the user's password manager. These IDs are not derived from the usernames or passwords, they are random (i.e. they contain no pii). The IDs are also constant (via sync) across all of the Lockwise apps that are connected to an individual Firefox/Sync Account (the desktop extension, android and ios apps). The IDs are also included in the telemetry events are recorded when a user modifies or accesses a credential. Chris has raised a valid issue here in that the Lockwise desktop extension telemetry is sent with the desktop client_id, which is also associated with most of the rest of a client's telemetry measurements. If a user of Lockwise: 1. Uses the lockwise extension on two (or more) desktop profiles, 2. Has both profiles connected to sync (FxA) 3. and accesses the same item_id on both of them Then it would be possible to link telemetry from the two client_ids together via the item id. The concern is that there is a precedent for not allowing this type of cross-client_id correlation (see Chris's description of the sync ping above). However from a product management perspective, a critical question is whether or not a user is accessing the same items on both their desktop and mobile apps, since an important use case is cross-device access of credentials. Having these item IDs in our telemetry would allow us to answer this. If they are not included, we will not be able to answer it. We're trying to determine if the use case (in terms of product development) for including the item ids outweighs the possibility of being able to potentially correlate desktop client_ids for users who meet the conditions 1-3 above, or if we should remove these item ids from the lockwise extension metrics. (note that the lockwise mobile apps are stand-alone and have client_ids that are specific to the app and are not associated e.g. with mobile browser telemetry) Thank you and your sage counsel is much appreciated
Bug 1555821 Comment 8 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Hi Alicia, would you mind throwing your hat into the ring here? A bit of background to catch you up: The Lockwise mobile apps and desktop extension generate random ids for each entry in the user's password manager. These IDs are not derived from the usernames or passwords, they are random (i.e. they contain no pii). The IDs are also constant (via sync) across all of the Lockwise apps that are connected to an individual Firefox/Sync Account (the desktop extension, android and ios apps). The IDs are also included in the telemetry events that are recorded when a user modifies or accesses a credential. Chris has raised a valid issue here in that the Lockwise desktop extension telemetry is sent with the desktop client_id, which is also associated with most of the rest of a client's telemetry measurements. If a user of Lockwise: 1. Uses the lockwise extension on two (or more) desktop profiles, 2. Has both profiles connected to sync (FxA) 3. and accesses the same item_id on both of them Then it would be possible to link telemetry from the two client_ids together via the item id. The concern is that there is a precedent for not allowing this type of cross-client_id correlation (see Chris's description of the sync ping above). However from a product management perspective, a critical question is whether or not a user is accessing the same items on both their desktop and mobile apps, since an important use case is cross-device access of credentials. Having these item IDs in our telemetry would allow us to answer this. If they are not included, we will not be able to answer it. We're trying to determine if the use case (in terms of product development) for including the item ids outweighs the possibility of being able to potentially correlate desktop client_ids for users who meet the conditions 1-3 above, or if we should remove these item ids from the lockwise extension metrics. (note that the lockwise mobile apps are stand-alone and have client_ids that are specific to the app and are not associated e.g. with mobile browser telemetry) Thank you and your sage counsel is much appreciated