Open Bug 1282824 Opened 4 years ago Updated 2 years ago

document a process by which we can share crash info with external parties

Categories

(Socorro :: General, task)

task
Not set
normal

Tracking

(Not tracked)

REOPENED

People

(Reporter: lonnen, Unassigned)

Details

Sometimes we encounter crashes that require working with another company to solve. Rarely this is a website, more often it is other software running on the users box -- plugins, antivirus, etc.

We have limited guidance around what and how we may share data with these third parties. We need some documentation and established process.
The current policy is straightforward:

* If a community member or user gives explicit permission to share their own crash minidump with a partner, we may do so.
* We try to resolve without giving a partner direct access: if they provide us with debug symbols, we will debug and send them non-sensitive information/stacks.
* If no other resolution can be found, we may have a partner do direct debugging under the following conditions:
** The partner company must sign a privacy agreement.
** The debugging must occur in a Mozilla office, on Mozilla hardware, and under the supervision of a Mozilla employee.

I'd be happy to discuss whether/how we can change this, but given the sensitivity of the potential information, we'd still want very close controls.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
Lonned, did the policy change? Should we always ask a data steward before sharing a crash dump now?
Status: RESOLVED → REOPENED
Flags: needinfo?(chris.lonnen)
Resolution: WORKSFORME → ---
I don't think the policy has changed but I will add some context:

Our standard for determining the owner of a crash is quite high. It's not enough for them to claim a crash ID or even show the ID in about:crashes locally. They need to have provided an email address when they submitted the crash, which is non public, and then confirm the email attached to the crash ID for us. Alternatively they can get their own minidump off the disk and send it to us. This obviously has a high technical barrier, and often requires a reproducible crash.

The on prem debugging option basically means shoulder surfing a Firefox employee as they look through the crash data with you. I'm not aware of any examples of this in the last few years, but Benjamin would have been the point of contact while he was here.
Flags: needinfo?(chris.lonnen)
(In reply to Lonnen :lonnen from comment #3)
> I don't think the policy has changed but I will add some context:
> 
> Our standard for determining the owner of a crash is quite high. It's not
> enough for them to claim a crash ID or even show the ID in about:crashes
> locally. They need to have provided an email address when they submitted the
> crash, which is non public, and then confirm the email attached to the crash
> ID for us. Alternatively they can get their own minidump off the disk and
> send it to us. This obviously has a high technical barrier, and often
> requires a reproducible crash.

Can we consider an email address as confirmed, if the user accepts to share the dump with a comment on Bugzilla coming from an account with the same email address as the one submitted during the crash? Or do we have to ask them to also send us an email from that address?
Flags: needinfo?(chris.lonnen)
OK, so to get those privacy agreements, we still need to talk with Lonnen or another data steward from https://wiki.mozilla.org/Firefox/Data_Collection. 

Do they still need to sign a privacy agreement if we have permission from the user to send the crash minidump?
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #5)
> OK, so to get those privacy agreements, we still need to talk with Lonnen or
> another data steward from https://wiki.mozilla.org/Firefox/Data_Collection. 
> 
> Do they still need to sign a privacy agreement if we have permission from
> the user to send the crash minidump?

From comment 1, this is only needed in the case where we have no permission from the user and we have to let the other company come to one of our offices and do direct debugging.
re: comment 4 -- Bugzilla requires verification over email before the account can be used. Using Bugzilla is fine for this purpose.

Marco's response to comment 5 in comment 6 is good.
Flags: needinfo?(chris.lonnen)
You need to log in before you can comment on or make changes to this bug.