1634557 - add support for encrypted Telemetry, and expose to privileged WebExtensions

Status: RESOLVED FIXED

(Toolkit :: Telemetry, task, P1)

Description

[Robert Helmer [:rhelmer]]

We currently expose browser.telemetry to privileged WebExtensions: https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/collection/webextension-api.html

Privileged WebExtensions are those signed as first-party by Mozilla, and not third-party by addons.mozilla.org

To support Pioneer v2, we need a way to allow privileged add-ons as well as regular Firefox code. I'm proposing that we add a few new options to submitCustomPing in the client-side Telemetry code (to enable encryption, pass a public key, and add a Pioneer ID).

Client-side encryption should use the already-in-tree jwcrypto.jsm to produce JSON Web Encryption object (https://tools.ietf.org/html/rfc7516) for a given JSON Web Key (https://tools.ietf.org/html/rfc7517).

To make it easy for Pioneer add-ons to get things right, we should expose a thin wrapper to this as a browser.telemetry.submitEncryptedPing function which only takes a payload. Other data such as the public key, option to add the Pioneer ID, etc. will be specified in the WebExtension's manifest.

Full details are in this proposal: https://docs.google.com/document/d/1OB9wTj7BKHM3q8eRyNv7zLcOKIu76Y7O92jhVj3u9IQ/edit#

Comment 1

[Chris H-C :chutten]

(setting some fields so Triagebot won't yell at me)

Comment 2

[Robert Helmer [:rhelmer]]

Attachment: Bug 1634557 - add support to Telemetry for encrypted pings, for Pioneer v2 r?chutten

Comment 3

[Robert Helmer [:rhelmer]]

Attachment: Bug 1634557 - add new browser.telemetry.submitEncryptedPing for Pioneer v2 r?mixedpuppy

Depends on D73524

Comment 4

[Robert Helmer [:rhelmer]]

Here's the URL to a sample repo that shows how to use this from a privileged WebExtension.

Comment 5

[Robert Helmer [:rhelmer]]

Try run: https://treeherder.mozilla.org/#/jobs?repo=try&selectedTaskRun=ekP7tVGxTsuT25VyN-nssA-0&revision=eb6acecfb17517de5daa184f41e9272d4a9c124a

Also did some testing to make sure it works with the new ingestion setup for Pioneer v2 in bug 1628539.

Comment 6

[Pulsebot]

Pushed by rhelmer@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/dd18c3fa87f4
add support to Telemetry for encrypted pings, for Pioneer v2 r=chutten
https://hg.mozilla.org/integration/autoland/rev/267872a67dca
add new browser.telemetry.submitEncryptedPing for Pioneer v2 r=mixedpuppy

Comment 7

[Narcis Beleuzu [:NarcisB]]

Backed out for xpcshell failures on test_TelemetryController.js

Backout link: https://hg.mozilla.org/integration/autoland/rev/18b8c731f2b3377f41ef43215e1e5530983bb727
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=301446556&repo=autoland&lineNumber=1421

Comment 8

[Robert Helmer [:rhelmer]]

(In reply to Narcis Beleuzu [:NarcisB] from comment #7)

Backed out for xpcshell failures on test_TelemetryController.js

Backout link: https://hg.mozilla.org/integration/autoland/rev/18b8c731f2b3377f41ef43215e1e5530983bb727
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=301446556&repo=autoland&lineNumber=1421

Looks like we need to disable on Android, we have no current plans to use encrypted payloads in Telemetry pings there so being Desktop-only is fine for now.

Including Android in my try run before landing again:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d90d0d28196c65eab3cf6d06e8dbf4b2c458a1a8

Comment 9

[Pulsebot]

Pushed by rhelmer@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8ee55768675e
add support to Telemetry for encrypted pings, for Pioneer v2 r=chutten
https://hg.mozilla.org/integration/autoland/rev/1b10b4ffe94d
add new browser.telemetry.submitEncryptedPing for Pioneer v2 r=mixedpuppy

Comment 10

[Razvan Maries]

https://hg.mozilla.org/mozilla-central/rev/8ee55768675e
https://hg.mozilla.org/mozilla-central/rev/1b10b4ffe94d