Closed
Bug 1594613
Opened 5 years ago
Closed 5 years ago
ConfirmAuth Prompt and URI UserInfo Telemetry
Categories
(Firefox :: Security, enhancement)
Firefox
Security
Tracking
()
RESOLVED
FIXED
Firefox 72
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | fixed |
People
(Reporter: pbz, Assigned: pbz)
References
Details
Attachments
(2 files)
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
2.48 KB,
text/plain
|
chutten
:
data-review+
|
Details |
In Bug 1571003 we decided to put the ConfirmAuth prompts behind a pref and disable them by default.
We should add some telemetry to see how often these prompts are triggered and how widely used UserInfo in the URI is.
|
Assignee | |
Comment 1•5 years ago
|
||
|
|
Assignee | |
Comment 2•5 years ago
|
||
Attachment #9107822 -
Flags: data-review?(chutten)
|
||
Comment 3•5 years ago
|
||
Comment on attachment 9107822 [details] Data Review Request.md DATA COLLECTION REVIEW RESPONSE: Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate? Yes. This collection is Telemetry so is documented in its definitions file [Histograms.json](https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/Histograms.json) and the [Probe Dictionary](https://telemetry.mozilla.org/probe-dictionary/). Is there a control mechanism that allows the user to turn the data collection on and off? Yes. This collection is Telemetry so can be controlled through Firefox's Preferences. If the request is for permanent data collection, is there someone who will monitor the data over time? No. This collection will expire in Firefox 75. Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under? Category 2, Interaction. (I'm pretty sure these collections are actually Category 1 since counting the number of prompts shown is not the same thing as counting the number of interactions with prompts, and the number of auth connections is 100% a technical detail... but it's moot for the purposes of this review) Is the data collection request for default-on or default-off? Default on for all channels. Does the instrumentation include the addition of any new identifiers? No. Is the data collection covered by the existing Firefox privacy notice? Yes. Does there need to be a check-in in the future to determine whether to renew the data? Yes. :pbz is responsible for renewing or removing the collection before it expires in Firefox 75. --- Result: datareview+
Attachment #9107822 -
Flags: data-review?(chutten) → data-review+
|
|
||
Comment 4•5 years ago
|
||
(Sorry for the delay, it's been A Week)
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9e0759e69df2 Added telemetry for http basic-auth confirm prompts and URI UserInfo usage. r=valentin
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox72:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 72
You need to log in
before you can comment on or make changes to this bug.
Description
•