Closed Bug 1498635 Opened 7 years ago Closed 1 year ago

FxA should not reveal the user's other email addresses to their email provider

Categories

(Cloud Services :: Server: Firefox Accounts, enhancement)

Product:
Cloud Services
Component:
Server: Firefox Accounts
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: b4283, Assigned: vzare)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 Steps to reproduce: 1. Add new email address to Firefox Account Actual results: Received an email notification at the primary email address containing full email addresses of the secondary address. Expected results: Received an email notification at the primary email address containing *MASKED* email addresses of the secondary address for privacy reasons. Evil corporations like Google could easily parse the notification email to track users by getting their email addresses other than gmail.
Thanks for the report and the feedback. I'm moving the bug into the "Firefox Accounts" component for further discussion, and attempting to re-word the title to be more general, as I don't think the privacy-from-your-email-provider aspect is something we've considered explicitly in the past. IIRC, we deliberately send notification emails with the "To:" address as your primary and with the secondary addresses as "CC:", in order to ensure the user has visibility into what emails are being sent and where. If we do want to make changes here for privacy, we'll need to factor that in as well.
Component: General → Server: Firefox Accounts
Summary: Primary Email Address Change Should Not Reveal Entire Address → FxA should not reveal the user's other email addresses to their email provider
Thanks for the report, we will investigate this request since we believe privacy is very important. I'm hoping that this may be of some comfort to you. Gmail no longer scans emails for the purpose of Google ad targeting. https://blog.google/products/gmail/g-suite-gains-traction-in-the-enterprise-g-suites-gmail-and-consumer-gmail-to-more-closely-align/ Quote from Google: "G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service. Consumer Gmail content will not be used or scanned for any ads personalization after this change."

Suggestion - Instead of CC'ing, send the email to each email independently.

ensure the user has visibility into what emails are being sent and where.

Maybe we can keep (or even improve) this "visibility" aspect by adding some text to say it was also sent to X secondary emails. Or maybe that would just be confusing.

I tested this recently. We don't CC anymore but we do include the full email of the secondary account in the email to the first.

Assignee: nobody → vzare
Type: defect → enhancement

Aside from not optimizing for privacy from your email provider, I suspect this likely does more good than harm for people with hijacked accounts because they'll see an unrecognized email and start asking questions.

Regardless, this issue is 6 years old and is not on any roadmaps. Thanks for the topic and filing this, but I'm going to close this as wontfix.

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.