[DoH] Debounce heuristics and include network ID in heuristics telemetry
Categories
(Firefox :: Security, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox80 | --- | fixed |
People
(Reporter: nhnt11, Assigned: nhnt11)
References
Details
Attachments
(3 files, 1 obsolete file)
We want to look into caching heuristics results using network ID as the key. In order to be able to experiment on this effectively we should debounce heuristics runs as well as include the network ID (or some anonymized form of it if necessary) in the heuristics telemetry event.
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 1•4 years ago
|
||
Depends on D84647
Updated•4 years ago
|
Assignee | ||
Comment 2•4 years ago
|
||
Comment 3•4 years ago
|
||
What is networkId a hash of? Unless it's profile-specific it sounds like a hardware identifier, which we don't want to collect (and would require escalated review).
I think it would be safer to collect a HMAC of the networkId keyed with the clientId so that the networkId doesn't allow us to link distinct clientId's on the same hardware.
See hmac() and hmacLegacy() at https://searchfox.org/mozilla-central/rev/828f2319c0195d7f561ed35533aef6fe183e68e3/services/crypto/modules/utils.js#169.
Comment 4•4 years ago
|
||
(I think knowing hmac(m1, key1), hmac(m2, key2), and both key1 and key2 doesn't allow you to assert that m1 and m2 are the same or not 🤔)
Assignee | ||
Comment 5•4 years ago
|
||
(In reply to Tim Smith 👨🔬 [:tdsmith] from comment #3)
What is networkId a hash of? Unless it's profile-specific it sounds like a hardware identifier, which we don't want to collect (and would require escalated review).
I think it would be safer to collect a HMAC of the networkId keyed with the clientId so that the networkId doesn't allow us to link distinct clientId's on the same hardware.
See hmac() and hmacLegacy() at https://searchfox.org/mozilla-central/rev/828f2319c0195d7f561ed35533aef6fe183e68e3/services/crypto/modules/utils.js#169.
Bah! We are salting the hash but with a fixed set of bytes, so the hashes indeed won't vary profile to profile: https://searchfox.org/mozilla-central/rev/828f2319c0195d7f561ed35533aef6fe183e68e3/netwerk/system/mac/nsNetworkLinkService.mm#747
I'll update the patch with a fix.
Assignee | ||
Comment 6•4 years ago
|
||
Pushed by nhnt11@gmail.com: https://hg.mozilla.org/integration/autoland/rev/2bb0f85b7a8e [DoH] Debounce heuristics; Include networkID and captiveState in heuristics telemetry event. r=dragana https://hg.mozilla.org/integration/autoland/rev/a3f770663a9a Concat the networkID to the clientID and SHA256 the result before including in telemetry. r=mossop
Assignee | ||
Comment 8•4 years ago
|
||
Updated the description of network ID in the doc.
Comment 9•4 years ago
|
||
Comment on attachment 9165994 [details] Data Review doc v2 Please use the newest form available at https://github.com/mozilla/data-review. 1) Is there or will there be **documentation** that describes the schema for the ultimate data set in a public, complete, and accurate way? Yes, in Events.yaml and the probe dictionary. 2) Is there a control mechanism that allows the user to turn the data collection on and off? Yes, the Firefox telemetry opt-out. 3) If the request is for permanent data collection, is there someone who will monitor the data over time? Yes, Nhi Nguyen. 4) Using the **[category system of data types](https://wiki.mozilla.org/Firefox/Data_Collection)** on the Mozilla wiki, what collection type of data do the requested measurements fall under? Category 1, technical data. 5) Is the data collection request for default-on or default-off? Default-on. 6) Does the instrumentation include the addition of **any *new* identifiers**? No; the network ID reported here is not a new identifier itself because it depends on the client_id. If the client_id changes, the network_id will change. 7) Is the data collection covered by the existing Firefox privacy notice? Yes. 8) Does there need to be a check-in in the future to determine whether to renew the data? No, permanent collection. 9) Does the data collection use a third-party collection tool? No.
Comment 10•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2bb0f85b7a8e
https://hg.mozilla.org/mozilla-central/rev/a3f770663a9a
Description
•