Closed Bug 1594613 Opened 3 months ago Closed 3 months ago

ConfirmAuth Prompt and URI UserInfo Telemetry

Categories

(Firefox :: Security, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
Firefox 72
Tracking Status
firefox72 --- fixed

People

(Reporter: pbz, Assigned: pbz)

References

Details

Attachments

(2 files)

In Bug 1571003 we decided to put the ConfirmAuth prompts behind a pref and disable them by default.
We should add some telemetry to see how often these prompts are triggered and how widely used UserInfo in the URI is.

Attached file Data Review Request.md
Attachment #9107822 - Flags: data-review?(chutten)
Comment on attachment 9107822 [details]
Data Review Request.md

DATA COLLECTION REVIEW RESPONSE:

    Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate?

Yes. This collection is Telemetry so is documented in its definitions file [Histograms.json](https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/Histograms.json) and the [Probe Dictionary](https://telemetry.mozilla.org/probe-dictionary/).

    Is there a control mechanism that allows the user to turn the data collection on and off?

Yes. This collection is Telemetry so can be controlled through Firefox's Preferences.

    If the request is for permanent data collection, is there someone who will monitor the data over time?

No. This collection will expire in Firefox 75.

    Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?

Category 2, Interaction. (I'm pretty sure these collections are actually Category 1 since counting the number of prompts shown is not the same thing as counting the number of interactions with prompts, and the number of auth connections is 100% a technical detail... but it's moot for the purposes of this review)

    Is the data collection request for default-on or default-off?

Default on for all channels.

    Does the instrumentation include the addition of any new identifiers?

No.

    Is the data collection covered by the existing Firefox privacy notice?

Yes.

    Does there need to be a check-in in the future to determine whether to renew the data?

Yes. :pbz is responsible for renewing or removing the collection before it expires in Firefox 75.

---
Result: datareview+
Attachment #9107822 - Flags: data-review?(chutten) → data-review+

(Sorry for the delay, it's been A Week)

Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9e0759e69df2
Added telemetry for http basic-auth confirm prompts and URI UserInfo usage. r=valentin
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 72
You need to log in before you can comment on or make changes to this bug.