Closed Bug 1484035 Opened 3 years ago Closed 3 years ago

Document/get review on targeting required for CFR

Categories

(Firefox :: Messaging System, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
Firefox 63
Iteration:
63.5 - Sep 3
Tracking Status
firefox63 --- fixed

People

(Reporter: k88hudson, Assigned: nanj)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

Let's document our exact pings required for CFR and get review from privacy/our analylist for this project.
Blocks: 1480099
Severity: normal → enhancement
Iteration: --- → 63.5 - Sep 3
Priority: P2 → P1
Blocks: 1471389
Hey francois, just wanted to give you some more context about this data collection since it includes category 3 data.

After meeting with merwin and mfeldman earlier to discuss what's the proper way to do the CFR reporting, the conclusion is as follows:

* We will have different data collection strategies for CFR in release and prerelease channels
* In release, we would collect impression_id and bucket_id
* In prerelease channels, we would collect client_id and message_id

Please see the attached file for the details about the difference.
Flags: needinfo?(mfeldman)
Is there public documentation about the CFR? For example, is the full list of recommendations (therefore the websites involved like amazon.com) in a public repo somewhere?

If someone wanted to find out the exact visited sites that this could leak in the pre-release channels, I imagine that's possible?
Flags: needinfo?(najiang)
Flags: needinfo?(najiang)
Comment on attachment 9004633 [details]
data_review_request_cfr.txt

1) Is there or will there be **documentation** that describes the schema for the ultimate data set available publicly, complete and accurate?

Yes, in https://github.com/mozilla/activity-stream/blob/master/docs/v2-system-addon/data_events.md.

2) Is there a control mechanism that allows the user to turn the data collection on and off?

Yes, either by disabling telemetry entirely or just browser.newtabpage.activity-stream.telemetry.

3) If the request is for permanent data collection, is there someone who will monitor the data over time?**

Yes, Nan.

4) Using the **[category system of data types](https://wiki.mozilla.org/Firefox/Data_Collection)** on the Mozilla wiki, what collection type of data do the requested measurements fall under?  **

Category 2 on release and category 3 on prerelease chanels.



5) Is the data collection request for default-on or default-off?

Default ON.

6) Does the instrumentation include the addition of **any *new* identifiers** (whether anonymous or otherwise; e.g., username, random IDs, etc.  See the appendix for more details)?

No, client_id and impression_id are already used in Firefox.

7) Is the data collection covered by the existing Firefox privacy notice?

Need confirmation from mfeldman on this because in pre-release channels:

* The data falls within the Web activity category AND is default-on.

8) Does there need to be a check-in in the future to determine whether to renew the data?

No, permanent.
Attachment #9004633 - Flags: review?(francois) → review+
Note that the datareview+ is conditional on mfeldman confirming Q7 (data collection is covered by the existing privacy notice).

The amount of category 3 data is limited to the websites involved in the targeting for the 6 recipes that will be distributed via CFR in this first milestone: https://github.com/mozilla/activity-stream/blob/master/lib/CFRMessageProvider.jsm

There is however an impression ping as soon as the tile shows up so a click by the user is not required to leak the fact that this domain was previously (and more or less recently) visited. Even if the user hides the tile with the X, we get an impression ping.
(In reply to François Marier [:francois] from comment #6)
> Note that the datareview+ is conditional on mfeldman confirming Q7 (data
> collection is covered by the existing privacy notice).
> 
> The amount of category 3 data is limited to the websites involved in the
> targeting for the 6 recipes that will be distributed via CFR in this first
> milestone:
> https://github.com/mozilla/activity-stream/blob/master/lib/
> CFRMessageProvider.jsm
> 
> There is however an impression ping as soon as the tile shows up so a click
> by the user is not required to leak the fact that this domain was previously
> (and more or less recently) visited. Even if the user hides the tile with
> the X, we get an impression ping.

I am providing the response for MFeldman (on PTO) re: question 7.  The answer is yes, this data collection is covered by the existing Firefox Privacy Notice, in the "prerelease section" where we say that pre-release versions of Firefox (including Nightly, Beta, Developer Edition and TestFlight) by default may send certain types of web activity and crash data to Mozilla but always pursuant to our Firefox Data Collection guidelines.
Flags: needinfo?(mfeldman)
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Blocks: 1489962
https://hg.mozilla.org/mozilla-central/rev/8937a84b0811
Blocks: 1487538
No longer blocks: 1489962
Target Milestone: --- → Firefox 63
Component: Activity Streams: Newtab → Messaging System
You need to log in before you can comment on or make changes to this bug.