Closed Bug 1752317 Opened 2 years ago Closed 2 years ago

[meta] Unintentional collection of user-edited search engine values

Categories

(Firefox :: Search, defect, P1)

Product:
Firefox
Component:
Search
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: k88hudson, Unassigned)

References

Details

(Keywords: meta)

We discovered that we have been unintentionally receiving unwanted data in some of our search telemetry for Firefox Desktop, Firefox for Android (Fenix), and Focus for Android. Although the situation in which this occurs is rare, we believe it is important to do a full assessment and take action. This bug tracks those efforts.

Cause

In order to allow attribution of search by our partners, each partner assigns Firefox one or more “search codes”. This search code appears in the URL as an HTTP query parameter. Firefox Telemetry reports “search code” counts in order to help us ensure that the correct codes are being sent. This helps us detect defects as well as search engine “hijacking” by malware. We discovered some instances in which we believe, if a user (typically accidentally) edited that part of the URL, then the contents of that field were sent back in Telemetry. For instance, if the search code was “firefox” and the user pasted an email address “example@example.com” into that part of the URL this was reported as the search code “fireexample@example.comfox”.

Note that search codes are not search queries (i.e. what you searched for). Unless edited as above, they do not include any unique or identifying information.

Impact

Our investigation found that the unwanted data was rare – a maximum of 0.0013% of recorded events on Firefox Desktop, 0.0005% on Firefox for Android, and 0.0057% on Firefox Focus for Android. This matches our expectations given that the conditions described above are difficult to trigger. Firefox on iOS and Focus on iOS have a different implementation of the telemetry and are unaffected.

Mitigation Plan

In Firefox 96.0.3 we will be pushing a fix that limits collecting codes to a known list. This will still allow us to investigate potential search hijacking by malware by targeting specific values but will stop the unwanted collection of data. We have also started removing all submitted values not on the known list when the data is received by our telemetry servers. We will additionally remove all unknown values from existing data, which we expect to be completed by the end of February.

The update for clients landed on Nightly on January 25. Updates will start shipping January 27 on Release and ESR channels:

In addition, we will be disabling telemetry collection for this value entirely on older Firefox versions back to Firefox 83, which is the earliest version where that change can be made with remote configuration. We encourage people with versions of Firefox older than 96.0.3 to update their version of Firefox.

Summary: Unintentional collection of user-edited search engine values → [meta] Unintentional collection of user-edited search engine values

We will additionally remove all unknown values from existing data, which we expect to be completed by the end of February.

Reprocessing of existing data is being tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=1751979 and is nearly complete, but wanted to give a brief update here since we're now at the end of February. Unknown values have been removed from all source data and from nearly all derived data. We have a final process running now that will finish in approximately one week that will finish removal of unknown values from older data that couldn't be recomputed from source datasets.

Depends on: 1751979

Reprocessing of existing data is complete.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.