Closed Bug 1201832 Opened 4 years ago Closed 4 years ago

Add Unify to screenshare whitelist

Categories

(Firefox Graveyard :: Screen Sharing Whitelist, defect, P1)

All
Other
defect

Tracking

(firefox43 fixed, firefox44 fixed, firefox45 fixed)

RESOLVED FIXED
Firefox 45
Tracking Status
firefox43 --- fixed
firefox44 --- fixed
firefox45 --- fixed

People

(Reporter: paul.maddison, Assigned: mreavy)

Details

Attachments

(1 file)

>> Vendor name
Unify

>> Point of contact
paul.maddison@unify.com

>> Site URLs
https://eu.yourcircuit.com/
https://na.yourcircuit.com/
https://de.circuit.com/
https://ansiblebeta.unify.com/


>> Does the application provide users with notice and control?
http://www.unify.com/uk/Home/Internet/web/uk/misc/tac/privacy_policy.aspx?tac=1

>> Have you seen and agree with the Developer Screen Sharing Submission policy?
Yes

>> Does the usage comply with the Developer Screen Sharing Submission Policy guidelines?
Yes
Since filing this request we have added additional URLs we require white listing:

Below are the URL that we require white listing (replacing the above list):

*.circuit.com
*.yourcircuit.com
circuit.siemens.com
yourcircuit.siemens.com
circuitsandbox.net
*.unify.com
approved. adding to Firefox 44
Priority: -- → P1
Thank you if not too late one more URL https://tandi.circuitsandbox.net/
It's not too late.  I'm creating the patch today which will include the new domain you requested in comment 3.  The patch will likely land in Nightly over the weekend or on Monday.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: nobody → mreavy
Attachment #8676273 - Flags: review?(rjesup)
Hi Paul -- We have the patch ready to land, but I have questions about your privacy policy.  Can you explain which parts of it cover the requirements for screensharing and how users are expected to find this information?  (Ref: https://wiki.mozilla.org/Screensharing.) It's unclear to me how the user selects the intended recipients and who else may have access to the data being shared, but perhaps there is a section of your policy that I missed?  I need to get this resolved before I can land your patch.  Thanks!
Flags: needinfo?(paul.maddison)
Comment on attachment 8676273 [details] [diff] [review]
unify_screenshare

Review of attachment 8676273 [details] [diff] [review]:
-----------------------------------------------------------------

r+; waiting on response about privacy statement IIRC
Attachment #8676273 - Flags: review?(rjesup) → review+
Hi guys -

The terms and conditions, privacy policy, Acceptable Use Policy (AUP) and licence agreement and need to be explicitly accepted upon sign up.

They can be later viewed in the about section of the application.

The following links are available in the about.

http://www.unify.com/us/Home/Internet/web/us/misc/tac/use_policy.aspx?tac=1
http://www.unify.com/us/Home/Internet/web/us/misc/tac/privacy_policy.aspx?tac=1
http://www.unify.com/us/Home/Internet/web/us/misc/tac/license_agreement.aspx?tac=1
http://www.unify.com/us/Home/Internet/web/us/misc/tac/terms_of_use.aspx?tac=1

The acceptable use policy esepically clearly lays down that circuit must not be used must not harm users, organisations or conduct any sort of illegal or malicious activity.

and the terms of use cloevr the security and data priavcy (sections 10 and 11).

Regarding "selecting the receipts the intended recipients and who else may have access to the data being shared"......

All communications in circuit are organised around "conversations". Conversations can consist of IM messages voice and video calling and screensharing. Participants of a conversation must be explicitly invited. Therefore the user has complete control over who will be part of the conversation.

The short videos links below will give you more background about conevrsation and how screenshare is started.

https://static.cdn-ec.viddler.com/js/arpeggio/v3/embed.html?videoId=b6a5a58d&f=1&player=full&loop=0&secret=32758627&nologo=0&hd=0&autoplay=1#embedId=undefined

https://static.cdn-ec.viddler.com/js/arpeggio/v3/embed.html?videoId=75fee24f&f=1&player=full&loop=0&secret=32758627&nologo=0&hd=0&autoplay=1#embedId=undefined
Flags: needinfo?(paul.maddison)
Hi guys -

The terms and conditions, privacy policy, Acceptable Use Policy (AUP) and licence agreement and need to be explicitly accepted upon sign up.

They can be later viewed in the about section of the application.

The following links are available in the about.

http://www.unify.com/us/Home/Internet/web/us/misc/tac/use_policy.aspx?tac=1
http://www.unify.com/us/Home/Internet/web/us/misc/tac/privacy_policy.aspx?tac=1
http://www.unify.com/us/Home/Internet/web/us/misc/tac/license_agreement.aspx?tac=1
http://www.unify.com/us/Home/Internet/web/us/misc/tac/terms_of_use.aspx?tac=1

The acceptable use policy esepically clearly lays down that circuit must not be used must not harm users, organisations or conduct any sort of illegal or malicious activity.

and the terms of use cloevr the security and data priavcy (sections 10 and 11).

Regarding "selecting the receipts the intended recipients and who else may have access to the data being shared"......

All communications in circuit are organised around "conversations". Conversations can consist of IM messages voice and video calling and screensharing. Participants of a conversation must be explicitly invited. Therefore the user has complete control over who will be part of the conversation.

The short videos links below will give you more background about conevrsation and how screenshare is started.

https://static.cdn-ec.viddler.com/js/arpeggio/v3/embed.html?videoId=b6a5a58d&f=1&player=full&loop=0&secret=32758627&nologo=0&hd=0&autoplay=1#embedId=undefined

https://static.cdn-ec.viddler.com/js/arpeggio/v3/embed.html?videoId=75fee24f&f=1&player=full&loop=0&secret=32758627&nologo=0&hd=0&autoplay=1#embedId=undefined
I think my colleague Andy Hutton may have already reached out to you and ask. But is there any chance that we could patch this in to f43? It would prevent us needing to delay the release of firefox support by a month and have push a number of customer to use chrome.
I think my colleague Andy Hutton may have already reached out to you and ask. But is there any chance that we could patch this in to f43? It would prevent us needing to delay the release of firefox support by a month and have push a number of customer to use chrome.
I believe we can get this into Fx43, but first, (in order to land this in any release) I need to know where the policies state that no one other than the user and the user's intended recipients have access to, can view, or can record any of the screenshare data.  For example, is there anything in your policy that prevents you (or the user's employer) from keeping and viewing a copy of the screenshare data?
Flags: needinfo?(paul.maddison)
Hi Paul -- Do you have any update on your side? I would like to land this for you, but I first need to know the answer to my question about your privacy policy (see Comment 12 above).
From their Terms of Service:
Section 8.1 is applicable.  It does say "except as defined in the Acceptable Use Policy", but that doesn't really seem to mention much in the way of exceptions about this other than subpoenas.

    "Unify is only acting as a passive conduit for your User Content. Unify does not claim any ownership rights in your User Content. Unify will not review, share, distribute, or reference your User Content except as provided herein or in the Acceptable Use Policy (AUP) for Circuit, or as this may be required by Applicable Laws."

11.3 is also applicable:

    "With regard to the Personal Data stored or otherwise processed by Unify, Unify will observe the Customer's directions and shall take the necessary technical and organizational measures to protect the Personal Data from disclosure or misuse."
NI for Maire to request uplift once it merges
Flags: needinfo?(paul.maddison) → needinfo?(mreavy)
https://hg.mozilla.org/mozilla-central/rev/2a8dbcd0bd84
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 45
Comment on attachment 8676273 [details] [diff] [review]
unify_screenshare

Approval Request Comment
[Feature/regressing bug #]: screensharing whitelist 
[User impact if declined]: Unify needs their domain added to the whitelist to allow screensharing and to avoid having users modify settings in about: config.  They are deploying their service and they'd like it to work with Firefox.
[Describe test coverage new/current, TreeHerder]: manually verified (it's a text only change)
[Risks and why]: Extremely low risk, very easily verified, pref only change.  It would help Unify tremendously to have this in Firefox43 to coincide with their new features/service.
[String/UUID change made/needed]: No strings
Flags: needinfo?(mreavy)
Attachment #8676273 - Flags: approval-mozilla-beta?
Attachment #8676273 - Flags: approval-mozilla-aurora?
Comment on attachment 8676273 [details] [diff] [review]
unify_screenshare

This sounds like a good idea, let's uplift to Aurora44.
Attachment #8676273 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment on attachment 8676273 [details] [diff] [review]
unify_screenshare

Small change to screenshare whitelist, ok to uplift to beta.
Attachment #8676273 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Summary: Unify → Add Unify to screenshare whitelist
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.