Closed Bug 1670536 Opened 4 years ago Closed 4 years ago

Reset the ecosystemClientId when the user signs out

Categories

(Toolkit :: Telemetry, enhancement)

Product:
Toolkit
Component:
Telemetry
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
83 Branch
Tracking Flags:
Tracking Status
firefox83 --- fixed

People

(Reporter: rfkelly, Assigned: rfkelly)

References

Details

Attachments

(1 file)

Bug 1670536 - reset ecosystem_client_id when the user signs out. r?chutten,markh
47 bytes, text/x-phabricator-request
Details | Review

In the current implementation of Ecosystem Telemetry, Firefox maintains a long-lived ecosystem_client_id value which has the same lifetime as the main telemetry client_id. That means it's possible to correlate metrics gathered on the same Firefox profile across multiple sign-in and sign-out events (and even across different accounts, if you sign out of one account and in to another in the same Firefox profile).

This correlation is on purpose, because the metrics so gathered will help with optimizing the sign-in process itself. But we're still double-checking the implications and gathering the approvals required to ensure that we can safely collect such data. We can't default the current ecosystem telemetry implementation to "on" until we have such approvals in place.

This bug is a backup plan to let us ship the first version of ecosystem telemetry without blocking on that specific point. We can avoid correlation across multiple signins by resetting the ecosystem_client_id when the user signs out. I anticipate this would be a temporary measure, and we would remove this code once the conversations mentioned above have come to a conclusion (but of course, there's also a chance we decide we don't want to allow such correlation, in which case the code would be permanent).

One downside: by resetting the ecosystem_client_id on logout, we lose the ability to include the old value in the deletion-request ping, so disabling client telemetry would not delete historical AET pings if the user has signed out. My impression is that this is OK and we are not required to keep data around solely for the purpose of being able to delete telemetry, but my impression on this topic probably isn't worth that much and I wanted to mentioned it explicitly.

:chutten, what do you think of this plan, and its attendant downside?

Flags: needinfo?(chutten)
Blocks: 1659895
No longer blocks: 1635652

(In reply to Ryan Kelly [:rfkelly] from comment #0)

...we are not required to keep data around solely for the purpose of being able to delete telemetry...

That is 100% correct (at least in this case). The whole point of self-serve data deletion is to end up collecting less data, not more of it : )

I think this plan is prudent and pleasant and, depending on its implementation (about which I'll learn in the code review), could be implemented quite cleanly.

Flags: needinfo?(chutten)
Pushed by rkelly@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b5b1739460cc reset ecosystem_client_id when the user signs out. r=chutten,markh

https://hg.mozilla.org/mozilla-central/rev/b5b1739460cc

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox83: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch

I really don't think this patch was responsible for the regression in Bug 1671551, based on the information provided in that bug and the linked push. I'm taking the liberty of redirecting this regression to Bug 1670948 which AFAICT is the one mentioned in the push that triggered the regression.

No longer regressions: 1671551
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: