Closed
Bug 1282824
Opened 8 years ago
Closed 4 years ago
document a process by which we can share crash info with external parties
Categories
(Socorro :: General, task)
Socorro
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: lonnen, Unassigned)
Details
Sometimes we encounter crashes that require working with another company to solve. Rarely this is a website, more often it is other software running on the users box -- plugins, antivirus, etc. We have limited guidance around what and how we may share data with these third parties. We need some documentation and established process.
|
||
Comment 1•8 years ago
|
||
The current policy is straightforward: * If a community member or user gives explicit permission to share their own crash minidump with a partner, we may do so. * We try to resolve without giving a partner direct access: if they provide us with debug symbols, we will debug and send them non-sensitive information/stacks. * If no other resolution can be found, we may have a partner do direct debugging under the following conditions: ** The partner company must sign a privacy agreement. ** The debugging must occur in a Mozilla office, on Mozilla hardware, and under the supervision of a Mozilla employee. I'd be happy to discuss whether/how we can change this, but given the sensitivity of the potential information, we'd still want very close controls.
|
Reporter | |
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
|
||
Comment 2•6 years ago
|
||
Lonned, did the policy change? Should we always ask a data steward before sharing a crash dump now?
Status: RESOLVED → REOPENED
Flags: needinfo?(chris.lonnen)
Resolution: WORKSFORME → ---
|
|
Reporter | |
Comment 3•6 years ago
|
||
I don't think the policy has changed but I will add some context: Our standard for determining the owner of a crash is quite high. It's not enough for them to claim a crash ID or even show the ID in about:crashes locally. They need to have provided an email address when they submitted the crash, which is non public, and then confirm the email attached to the crash ID for us. Alternatively they can get their own minidump off the disk and send it to us. This obviously has a high technical barrier, and often requires a reproducible crash. The on prem debugging option basically means shoulder surfing a Firefox employee as they look through the crash data with you. I'm not aware of any examples of this in the last few years, but Benjamin would have been the point of contact while he was here.
Flags: needinfo?(chris.lonnen)
|
|
||
Comment 4•6 years ago
|
||
(In reply to Lonnen :lonnen from comment #3) > I don't think the policy has changed but I will add some context: > > Our standard for determining the owner of a crash is quite high. It's not > enough for them to claim a crash ID or even show the ID in about:crashes > locally. They need to have provided an email address when they submitted the > crash, which is non public, and then confirm the email attached to the crash > ID for us. Alternatively they can get their own minidump off the disk and > send it to us. This obviously has a high technical barrier, and often > requires a reproducible crash. Can we consider an email address as confirmed, if the user accepts to share the dump with a comment on Bugzilla coming from an account with the same email address as the one submitted during the crash? Or do we have to ask them to also send us an email from that address?
Flags: needinfo?(chris.lonnen)
|
||
Comment 5•6 years ago
|
||
OK, so to get those privacy agreements, we still need to talk with Lonnen or another data steward from https://wiki.mozilla.org/Firefox/Data_Collection. Do they still need to sign a privacy agreement if we have permission from the user to send the crash minidump?
|
|
||
Comment 6•6 years ago
|
||
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #5) > OK, so to get those privacy agreements, we still need to talk with Lonnen or > another data steward from https://wiki.mozilla.org/Firefox/Data_Collection. > > Do they still need to sign a privacy agreement if we have permission from > the user to send the crash minidump? From comment 1, this is only needed in the case where we have no permission from the user and we have to let the other company come to one of our offices and do direct debugging.
|
|
Reporter | |
Comment 7•6 years ago
|
||
re: comment 4 -- Bugzilla requires verification over email before the account can be used. Using Bugzilla is fine for this purpose. Marco's response to comment 5 in comment 6 is good.
Flags: needinfo?(chris.lonnen)
|
||
Comment 8•4 years ago
|
||
I didn't realize we had a bug for this until just now when I was looking through old bugs. I talked with Alicia (Trust and Security) about this recently because it came up. That discussion resulted in the policy we're going to use going forward.
This is the updated policy:
* Do not share personal data with non-employees, including partner organizations; any
requests to review exceptions to this policy can be brought up with Trust and Security
I updated the text on the website:
https://crash-stats.mozilla.org/documentation/protected_data_access/
I think that covers the issues here. Marking as FIXED.
Status: REOPENED → RESOLVED
Closed: 7 years ago → 4 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•