(In reply to Chris H-C :chutten from comment #2) > High Category. (Cat 3 at least, possibly Cat4). :agray, could we have Trust's input on the category of the user identifier and whether the mitigation (opt-out collection restricted to Mozilla Employees) is sufficient to permit its collection? The identifier is the hashed email address, but the notes say this is indirectly reversible? Can :glob expand on this? > > Does the instrumentation include the addition of any new identifiers? > > Yes, a persistent (and reversable? :glob?) user identifier, and a persistent (random) installation identifier. We've not allowed persistent (random) installation identifiers historically because there is no method for the user to control these. We have made a conscious decision not to allow this for Firefox installations vs. profiles, for instance. A couple of additional questions, tho. 1) If an employee-user opts-out of the telemetry, will this be treated as a telemetry deletion ping and remove all related data? 2) All installations will be tied to a hashed email address? There are no occurrences of non-account moz-fab access scenarios that need to be considered? > > Is the data collection covered by the existing Firefox privacy notice? > > Nope. (:agray, another question here about which privacy notice that would apply) > Good question. We'd have to figure out where this would be most appropriate. Let's determine the answer to the data collection piece first and then once that decision is made we can address this question.
Bug 1621025 Comment 6 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Chris H-C :chutten from comment #2) > High Category. (Cat 3 at least, possibly Cat4). :agray, could we have Trust's input on the category of the user identifier and whether the mitigation (opt-out collection restricted to Mozilla Employees) is sufficient to permit its collection? The identifier is the hashed email address, but the notes say this is indirectly reversible? Can :glob expand on this? > > Does the instrumentation include the addition of any new identifiers? > Yes, a persistent (and reversable? :glob?) user identifier, and a persistent (random) installation identifier. We've not allowed persistent (random) installation identifiers historically because there is no method for the user to control these. We have made a conscious decision not to allow this for Firefox installations vs. profiles, for instance. A couple of additional questions, tho. 1) If an employee-user opts-out of the telemetry, will this be treated as a telemetry deletion ping and remove all related data? 2) All installations will be tied to a hashed email address? There are no occurrences of non-account moz-fab access scenarios that need to be considered? > > Is the data collection covered by the existing Firefox privacy notice? > Nope. (:agray, another question here about which privacy notice that would apply) Good question. We'd have to figure out where this would be most appropriate. Let's determine the answer to the data collection piece first and then once that decision is made we can address this question.