Closed
Bug 1463301
Opened 6 years ago
Closed 6 years ago
[Shield] Opt-out Study: Firefox Monitor
Categories
(Shield :: Shield Study, enhancement)
Shield
Shield Study
Tracking
(firefox61+ fixed, firefox62+ fixed)
People
(Reporter: pdol, Assigned: pdol)
References
Details
(Keywords: feature)
Attachments
(2 files, 7 obsolete files)
47 bytes,
patch
|
johannh
:
review+
|
Details | Diff | Splinter Review |
1.73 MB,
application/x-xpinstall
|
Details |
Basic description of experiment: Since we want to see which design will have the best outcomes with respect to subscriptions, scans and trustworthiness, we will test various approaches against each other What are the branches of the study? UX Spec of variations: https://mozilla.invisionapp.com/share/KEIV66OTS23#/screens/297625868 Branch 1: Site specific with [Go to Fx Monitor] and [Dismiss] buttons Account compromise warning shown on first site visited that is known to have been breached. User can click through to Firefox Monitor webpage or Dismiss Clicking Go to Firefox Monitor will go to a landing page describing that we’re testing the functionality and thank you for your interest. Branch 2: Site specific with email field and [Scan] and [Dismiss] buttons Same as branch 1, except user is asked for their email upfront to start scan User can click through to Firefox Monitor scan results or Dismiss Clicking scan will go to a landing page describing that we’re testing the functionality and thank you for your interest. Branch 3: As per 2) but with option to subscribe Same as branch 2, except that a subscribe box is selected by default (meaning that user will scan and subscribe in one step) User can click through to Firefox Monitor scan results/subscribe or Dismiss Clicking scan will go to a landing page describing that we’re testing the functionality and thank you for your interest. Branch 4: Non-site specific with [Go to Fx Monitor] and [Dismiss] buttons Account compromise warning shown on next about:newtab load after 48 hours of getting study User can click through to Firefox Monitor webpage or Dismiss Clicking Go to Firefox Monitor will go to a landing page describing that we’re testing the functionality and thank you for your interest. Branch 5: As per 2) but with some information about the site breach Same as branch 2, except detailed information presented about website breach being described User can click through to Firefox Monitor scan results or Dismiss Clicking scan will go to a landing page describing that we’re testing the functionality and thank you for your interest. All branches: If user Dismisses, they will be asked why they dismissed the offer for a scan What percentage of users do you want in each branch? 20% of users in each branch, target enrollment = 2500 per branch (who actually see the initial doorhanger - we may need to boost enrollment to hit this number in a week) What Channels and locales do you intend to ship to? Release 60 En locales What is your intended go live date and how long will the study run? June 4th Study will be live for 1 week Are there specific criteria for participants? Two targets: New users Existing users What is the main effect you are looking for and what data will you use to make these decisions? Breach scans % of users that click through to actually do a scan % of users that enter an email address to see if they’ve been in a breach Subscriptions % of users that attempt to subscribe to future notifications of breaches (note that depending on the branch this takes different forms - subscribe is opt-out in some cases and requires a click on a specific button in other cases) User reported trustworthiness (to be measured via survey) We will ship the version that scores the best based on a combination of the above factors Who is the owner of the data analysis for this study? TBD Who will have access to the data? Others with data access Do you plan on surveying users at the end of the study? Yes User facing title of the experiment: Firefox Monitor User facing description of the experiment: Firefox Monitor is a service that allows users to check if their email address has been in found in known data breaches on third party websites. Code Review performed by: Johann Hoffman QA Status of your add-on: To be requested. Link to any relevant google docs / Drive files that describe the project. Links to prior art if it exists: Original security advisor shield study: https://docs.google.com/document/d/1jchhTRx0sRSsAK7MsHdSNvQEYo1veXTv8dJc7dLLry4/edit
Assignee | ||
Comment 2•6 years ago
|
||
Saptarshi, can you look at the data being collected in this study to validate permissibility of collected data fields?
Flags: needinfo?(sguha)
Assignee | ||
Comment 4•6 years ago
|
||
Full design specs: https://e-pang.github.io/breach-alerts/
Comment 5•6 years ago
|
||
Nihanth or Luke, it would be ideal if I had a place to leave review comments, could you make a pull request onto an empty commit, (like this: https://github.com/jonathanKingston/http-dns/pull/4) and add it to this bug? You can then put the regular review?johannh flag on it. Thank you!
Flags: needinfo?(nhnt11)
Flags: needinfo?(lcrouch)
Flags: needinfo?(jhofmann)
Comment 6•6 years ago
|
||
You can use the add-on repo if you like: https://github.com/mozilla/blurts-addon If you just want to make some general comments, you could file an issue. If you want to make some line-by-line comments, you could click to the last commit that touched a file and leave the comments on the specific commits.
Flags: needinfo?(lcrouch)
Comment 7•6 years ago
|
||
(In reply to Peter Dolanjski [:pdol] from comment #2) > Saptarshi, can you look at the data being collected in this study to > validate permissibility of collected data fields? The data looks great, the email address will be sent to the service and not to us? That is all we collect is did the user click through for a scan? did the user enter an email address to see if they've been in a breach? did the user subscribe for future notifications Note, in the above, we don't collect the email address. If this is correct, then r+ from me.
Flags: needinfo?(sguha) → needinfo?(pdolanjski)
Comment 8•6 years ago
|
||
We WILL receive the email address. We will hash it and send only the 6-character prefix of the hash to the service. We may or may not store the email address. (Though it will be stored in our operational log data regardless)
Comment 9•6 years ago
|
||
(In reply to Luke Crouch [:groovecoder] from comment #8) > We WILL receive the email address. We will hash it and send only the > 6-character prefix of the hash to the service. We may or may not store the > email address. (Though it will be stored in our operational log data > regardless) Following off from here: https://wiki.mozilla.org/Firefox/Data_Collection assuming the following holds : " provided there is (i) advance user notice (ii) consent and (iii) an opt-out." i guess its okay. Though how does the user opt out when the email has been sent? I believe we're giving a lot of opportunity for user consent and advanced user notice (given the hangars demonstrated ) so I'm good with this. Also, though the experiment is presumably opt out, submitting the email address is very clearly opt in/ user choice driven, so again, i believe this data collection is okay.
Assignee | ||
Comment 10•6 years ago
|
||
(In reply to "Saptarshi Guha[:joy]" from comment #9) > Following off from here: https://wiki.mozilla.org/Firefox/Data_Collection > assuming the following holds : " provided there is (i) advance user notice > (ii) consent and (iii) an opt-out." > i guess its okay. Though how does the user opt out when the email has been > sent? In this experiment, we are not keeping the email address beyond use for the scan itself.
Flags: needinfo?(pdolanjski)
Assignee | ||
Comment 11•6 years ago
|
||
Note: There have been some updates to the PHD including the target date: June 18th, locale=en-US, platform=Windows.
Assignee | ||
Comment 12•6 years ago
|
||
Note: the recruitment size for each branch has increased to 50,000.
Summary: [Shield] Opt-in/Opt-out Study: Firefox Monitor → [Shield] Opt-out Study: Firefox Monitor
Updated•6 years ago
|
status-firefox61:
--- → affected
tracking-firefox61:
--- → +
Assignee | ||
Comment 14•6 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #13) > Do you have a PHD link handy for this study? Yes, sorry, should have linked to it in the original submission: https://docs.google.com/document/d/1pCBZqux0J_49xEof4wsIJ0gSldKvvMBY5Ift00FrV00/edit?pli=1
Flags: needinfo?(pdolanjski)
Comment 15•6 years ago
|
||
Treating this as a feature for 62.
status-firefox62:
--- → affected
Keywords: feature
Updated•6 years ago
|
tracking-firefox62:
--- → +
Comment 16•6 years ago
|
||
Science Review: R+
Comment 17•6 years ago
|
||
Shield study code as a PR here: https://github.com/mozilla/blurts-addon/pull/66
Flags: needinfo?(nhnt11)
Attachment #8988430 -
Flags: review?(jhofmann)
Comment 18•6 years ago
|
||
Nihanth, can you please do a simple try run with the add-on included in the tree? An example is here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=2cee45c3edc7e47a4cba53ad5f898ebe3142ff65
Flags: needinfo?(nhnt11)
Comment 19•6 years ago
|
||
Comment on attachment 8988430 [details] [diff] [review] Shield Study Code Review Review of attachment 8988430 [details] [diff] [review]: ----------------------------------------------------------------- ::: src/background.js @@ +62,5 @@ > + ], > + endings: { > + "user-disable": { > + baseUrls: [ > + "https://qsurvey.mozilla.com/s3/Shield-Study-Example-Survey/?reason=user-disable", (Repeating this in Bugzilla to be sure) Please remember to update these before the study goes live.
Attachment #8988430 -
Attachment is patch: true
Attachment #8988430 -
Attachment mime type: text/x-github-pull-request → text/plain
Updated•6 years ago
|
Attachment #8988430 -
Attachment is patch: false
Attachment #8988430 -
Attachment mime type: text/plain → text/x-github-pull-request
Comment 20•6 years ago
|
||
Comment on attachment 8988430 [details] [diff] [review] Shield Study Code Review Review of attachment 8988430 [details] [diff] [review]: ----------------------------------------------------------------- r=me for this as a Shield study for a test audience. As mentioned in previous conversations, this has a bunch of polish/usability issues (flickering, no rediscoverability, missing icon for the doorhanger) that in my view do not qualify this for landing in front of a larger audience than a test sample of our user population. Thank you!
Attachment #8988430 -
Attachment is patch: true
Attachment #8988430 -
Attachment mime type: text/x-github-pull-request → text/plain
Attachment #8988430 -
Flags: review?(jhofmann) → review+
Comment 21•6 years ago
|
||
This is a build of the latest add-on, for signing.
Flags: needinfo?(nhnt11) → needinfo?(mcooper)
Comment 22•6 years ago
|
||
Updated•6 years ago
|
Flags: needinfo?(mcooper)
Comment 23•6 years ago
|
||
Here's a new build, with a QA issue fixed, for signing. Thanks!
Attachment #8988778 -
Attachment is obsolete: true
Attachment #8988798 -
Attachment is obsolete: true
Flags: needinfo?(mcooper)
Comment 24•6 years ago
|
||
I would strongly recommend bumping the version number, to make this distinct from the previous signed version.
Flags: needinfo?(mcooper)
Comment 25•6 years ago
|
||
Version number bumped (in manifest.json as well) to 1.1. Thanks!
Attachment #8988802 -
Attachment is obsolete: true
Flags: needinfo?(mcooper)
Comment 26•6 years ago
|
||
Updated•6 years ago
|
Flags: needinfo?(mcooper)
Comment 27•6 years ago
|
||
Michael, sorry for the repeated requests, but I got some feedback about the telemetry event naming and did some refactoring to better support the people who will be looking at the data later. This should be the last change. I've bumped the version number to 1.2. Thanks!
Attachment #8988803 -
Attachment is obsolete: true
Attachment #8988804 -
Attachment is obsolete: true
Flags: needinfo?(mcooper)
Comment 28•6 years ago
|
||
Updated•6 years ago
|
Flags: needinfo?(mcooper)
Comment 29•6 years ago
|
||
Breach Alerts - Firefox Monitor Targeted: Firefox Release 61.0 We have finished testing the Breach Alerts - Firefox Monitor experiment. All major and blocker issues have been fixed and verified. We consider that all other remaining issues are not blockers for the experiment. QA’s recommendation: GREEN - SHIP IT Reasoning: - "Disable/Remove" issue (https://github.com/mozilla/blurts-addon/issues/34) was fixed and verified and the PBM metrics gathering concern has been addressed. Therefore, we consider that the experiment is good to be launched. We also spent more time doing regression testing and we didn't find new issues. Testing Summary: - Full Functional test suite: TestRail - https://tinyurl.com/ycppfnxf - Verified that the Telemetry pings are correctly sent; - Performed regression testing after reported issues were fixed. Tested Platforms: - Windows 10 x64 Tested Firefox versions: - Firefox Release 61.0
Comment 30•6 years ago
|
||
Alright RyanVM, looks like you're the final NI for this experiment, from a Shield perspective.
Flags: needinfo?(ryanvm)
Comment 31•6 years ago
|
||
Looks good to me, pending executive signoff per the PHD. Signing off for RelMan.
Flags: needinfo?(ryanvm)
Comment 32•6 years ago
|
||
I'm signing off as well and flagging Nick for VP approval. Thanks everyone for all the hard work here.
Flags: needinfo?(mgrimes) → needinfo?(nnguyen)
Comment 34•6 years ago
|
||
Monitor is live.
Comment 35•6 years ago
|
||
Michael, I've made separate builds for each of the five UI variations to support our user-testing effort that will be run parallel to the shield study. Could you please sign these? I've put all five builds in one zip file for conveniently attaching here.
Flags: needinfo?(mcooper)
Updated•6 years ago
|
Attachment #8988868 -
Attachment is obsolete: true
Comment 36•6 years ago
|
||
Each of the five add-ons here has the same add-on ID and version. That will make them harder to work with in Normandy, and harder to distinguish come analysis time. Different variations should have different versions or add-on IDs. Additionally, it is generally a lot easier if the add-ons are attached directly to the bug, since the signing tool can work directly with Bugzilla. I can work with a zip bundle, but it will take longer.
Flags: needinfo?(mcooper)
Comment 37•6 years ago
|
||
(In reply to Michael Cooper [:mythmon] from comment #36) > Each of the five add-ons here has the same add-on ID and version. That will > make them harder to work with in Normandy, and harder to distinguish come > analysis time. Different variations should have different versions or add-on > IDs. > > Additionally, it is generally a lot easier if the add-ons are attached > directly to the bug, since the signing tool can work directly with Bugzilla. > I can work with a zip bundle, but it will take longer. These are not for shield. They do not interact with shield. background.js is only one line. These are for a separate user-testing study that will involve instructing users to install the addon in realtime. I'm only requesting for them to be signed so that users won't have to install an unbranded build of Firefox. I can upload 5 attachments, no big deal, but I don't want to cause confusion on this bug. I'll file another bug and ni? you there.
Updated•6 years ago
|
Attachment #8989300 -
Attachment is obsolete: true
Comment 38•6 years ago
|
||
We've ended version 1 of the study. Let's open a new bug if we decided to ship a v2. I'll leave this open until we have some analysis to share.
Comment 39•6 years ago
|
||
Matt, do you happen to know what the status on this analysis is?
Flags: needinfo?(mgrimes)
Comment 40•6 years ago
|
||
Analysis is complete. I'll let Cindy recap the results and Product decisions made as a result. Please close this bug once that is done. Thanks!
Flags: needinfo?(mgrimes) → needinfo?(chsiang)
Comment 41•6 years ago
|
||
The experiment was concluded and the Monitor team will ship the site specific doorhanger with detailed breach information and modified two things. 1. Took out the search box based on the feedback from the security review 2. UI treatment to increase the trustworthiness of the doorhanger - to address user concerns found in survey and usertesting analysis
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(chsiang)
Resolution: --- → FIXED
Updated•6 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•