Closed Bug 1611131 Opened 4 years ago Closed 4 years ago

improve language around protected data

Categories

(Socorro :: Webapp, defect, P3)

Product:
Socorro
Component:
Webapp
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: qdinar, Assigned: willkg)

Details

Attachments

(2 files)

pr 5429: bug 1611131: improve language around protected data and access
53 bytes, text/x-github-pull-request
Details | Review
pr 5430: bug 1611131: fix protected-info css
53 bytes, text/x-github-pull-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

i have browsed to a crash page from about:crashes. in raw dump tab i see:

Download the Raw Dump
You need to be signed in to download raw dumps.
View the Unredacted Crash
You need to be signed in to view unredacted crashes.

when i try to sign in i see

crash-stats.mozilla.com requires you to setup additional security measures for your account, such as enabling multi-factor authentication (MFA) or using a safer authentication method (such as a Firefox Account login). You will not be able to login until this is done.

installing 2 factor authentification is quite a long job, so i checked in freenode #firefox channel, whether i can access that data. and they answered that i cannot access it anyway!

Actual results:

a site requires a useless installations from me

Expected results:

i should be informed that i cannot access raw dumps and unredacted crashes, if i do not meet some criteria.

now, i have installed 2fa and tried again, and i signed in this time, but indeed, i cannot access the data, i see
You need to be signed in to download raw dumps.
You need to be signed in to view unredacted crashes.

and there is an other bug: it should not say "You need to be signed in" in this case, but "You need to be authorized".

Component: General → Webapp
Product: Developer Infrastructure → Socorro

Crash Stats contains category 4 data and it's very sensitive and requires authorization to access it as outlined here:

https://crash-stats.mozilla.org/documentation/memory_dump_access/

We should change the "You need to be signed in to download raw dumps." line on the Raw Dumps tab of the crash report and make it clearer.

Sorry about that!

Priority: -- → P3

I made a series of language improvements across the site and additionally added notes about what a user can see and how to see protected data (if they can't see it). I think that covers the underlying issues here.

This deployed to prod in bug #1642634 just now. Marking as FIXED.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Summary: crash-stats.mozilla.org requires 2fa login to access some data but it is useless → improve language around protected data
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: