Open Bug 1649153 Opened 5 years ago Updated 4 years ago

Data review: Relay add-on metrics

Categories

(Cloud Services :: Operations: Firefox Private Relay, defect)

Product:
Cloud Services
Component:
Operations: Firefox Private Relay
Type:
defect

Tracking

(Not tracked)

People

(Reporter: groovecoder, Assigned: bobm)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

addon-data-review.txt
3.79 KB, text/plain
chutten
: data-review+
Details
Attached file addon-data-review.txt
No description provided.
Attachment #9160069 - Flags: data-review?(chutten)
Comment on attachment 9160069 [details] addon-data-review.txt DATA COLLECTION REVIEW RESPONSE: Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate? Yes: https://github.com/mozilla/fx-private-relay/blob/master/METRICS.md Is there a control mechanism that allows the user to turn the data collection on and off? Yes. This collection can be controlled by changing the do-not-track setting in Firefox's Preferences. If the request is for permanent data collection, is there someone who will monitor the data over time? No. This collection will expire in six months. Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under? Category 2, Interaction. Is the data collection request for default-on or default-off? Default on for all channels. Does the instrumentation include the addition of any new identifiers? No. Is the data collection covered by the existing Firefox privacy notice? Yes. Does there need to be a check-in in the future to determine whether to renew the data? Yes. :groovecoder is responsible for renewing or removing the collection before it expires in six months. --- Result: datareview+
Attachment #9160069 - Flags: data-review?(chutten) → data-review+

(In reply to Chris H-C :chutten from comment #1)

If the request is for permanent data collection, is there someone who

will monitor the data over time?

No. This collection will expire in six months.

As far as I know, GA keeps data permanently, but if needed I can use a data deletion request every 6 months to delete the data.

Does the instrumentation include the addition of any new identifiers?

No.

We do actually generate a new uuid for each add-on, specifically to be passed to GA via the GMP. The new uuid is not related or associated with any other identifiers - i.e., not the FX client ID, nor the FXA id, nor the Relay id.

Does there need to be a check-in in the future to determine whether to

renew the data?

Yes. :groovecoder is responsible for renewing or removing the collection
before it expires in six months.

I'll set myself a reminder to come back to this bug in 5 months.

Result: datareview+

Does any of the above change this to datareview- ?

Flags: needinfo?(chutten)

Good points, I neglected to ask if this particular system of using the DNT for optout and proxying to GA results in a system compliant with our Privacy Notices. Has this system been reviewed by Trust/Legal?

If the system is compliant then the additional collections within it are still datareview+. The expiry within six months is the expiry of the collection, not of the data in storage (which should be subject to our usual data retention policies) -- e.g., a ~six month expiry in Firefox means that Firefoxes with version 86+ won't report data, but the data collected from Firefoxes 80-85 will.

UIDs for each addon, hm. How long are they persisted? Do they remain the same if the user opts out and in again? If the user disables/enables the addon? Uninstalls/reinstalls it?

Flags: needinfo?(chutten) → needinfo?(lcrouch)

(In reply to Chris H-C :chutten from comment #3)

Good points, I neglected to ask if this particular system of using the DNT for optout and proxying to GA results in a system compliant with our Privacy Notices. Has this system been reviewed by Trust/Legal?

Yes, Trust + Legal have approved that using DNT for opt-out is compliant with our privacy policy - both in general, and for Relay specifically.

If the system is compliant then the additional collections within it are still datareview+. The expiry within six months is the expiry of the collection, not of the data in storage (which should be subject to our usual data retention policies) -- e.g., a ~six month expiry in Firefox means that Firefoxes with version 86+ won't report data, but the data collected from Firefoxes 80-85 will.

Note: this is collected in an add-on, and sent to the Relay server, which then stores it into Google Analaytics. (We also plan to store it with Glean after we get the first implementation going.)

UIDs for each addon, hm. How long are they persisted? Do they remain the same if the user opts out and in again? If the user disables/enables the addon? Uninstalls/reinstalls it?

Uninstall will force a refresh of the UUID.

Flags: needinfo?(lcrouch) → needinfo?(chutten)

There might be one piece of this system that needs Trust/Legal review (self-serve data deletion). Once that's squared away, these collections are good to go.

Flags: needinfo?(chutten)

:chutten got the approval from :agray in Trust that we are good to go. And we updated the metrics.md to reflect all the data collected.

The Bugbug bot thinks this bug should belong to the 'Firefox Build System::Source Code Analysis' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Source Code Analysis
Product: Firefox → Firefox Build System

Not sure operations is OK but probably better than source code analysis :)

Assignee: nobody → bobm
Component: Source Code Analysis → Operations: Firefox Private Relay
Product: Firefox Build System → Cloud Services
Blocks: 1735210
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: