Closed Bug 1788290 Opened 3 months ago Closed 3 months ago

Add telemetry for measuring the privacy of TLS Handshakes

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
Tracking Status
firefox106 --- ?

People

(Reporter: djackson, Assigned: djackson)

References

(Regressed 1 open bug)

Details

Attachments

(4 files)

Recently developed features have the potential to substantially improve the privacy of TLS connections made by Firefox, but only when used in combination. Although we monitor the amount each individual feature is used, we don't know how often they are used together. We should telemetry which checks which privacy features are in use for a particular connection. In particular:

  • Was TLS1.3 used? This ensures the TLS server's certificate was encrypted in transit.
  • Was DoH used? This ensures the DNS lookup was encrypted in transit.
  • Was ECH used? This ensures the SNI was encrypted in transit.
  • Were any OCSP revocation checks made? These leak the domain visited to the CA, but have largely been made obsolete by crlite.

This telemetry records a single bit for each of these four fields, for a total of 16 possible values.

Depends on D156106

Attachment #9292509 - Attachment description: Bug 1788290 - Add the telemetry for Web Privacy. r=keeler. → Bug 1788290 - Add the telemetry for Web Privacy. r=keeler.
Attachment #9292826 - Flags: data-review?(chutten)

Comment on attachment 9292826 [details]
data-review-webprivacy.md

DATA COLLECTION REVIEW RESPONSE:

Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate?

Yes.

Is there a control mechanism that allows the user to turn the data collection on and off?

Yes. This collection is Telemetry so can be controlled through Firefox's Preferences.

If the request is for permanent data collection, is there someone who will monitor the data over time?

Yes, Dennis Jackson is responsible.

Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?

Category 1, Technical.

Is the data collection request for default-on or default-off?

Default on for all channels.

Does the instrumentation include the addition of any new identifiers?

No.

Is the data collection covered by the existing Firefox privacy notice?

Yes.

Does the data collection use a third-party collection tool?

No.


Result: datareview+

Attachment #9292826 - Flags: data-review?(chutten) → data-review+
Pushed by djackson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e94a38b79965
Record whether OCSP requests were made whilst making a TLS connection. r=keeler,necko-reviewers.
https://hg.mozilla.org/integration/autoland/rev/a3b5d214b5d4
Record whether Private DNS was used for a TLS Connection. r=keeler,necko-reviewers,valentin.
https://hg.mozilla.org/integration/autoland/rev/52d5a06be477
Add the telemetry for Web Privacy. r=keeler.
Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Pushed by djackson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4c5124ec3cc5
Record whether OCSP requests were made whilst making a TLS connection. r=keeler,necko-reviewers.
https://hg.mozilla.org/integration/autoland/rev/7d9a4776085f
Record whether Private DNS was used for a TLS Connection. r=keeler,necko-reviewers,valentin.
https://hg.mozilla.org/integration/autoland/rev/19c97e457625
Add the telemetry for Web Privacy. r=keeler.
Status: REOPENED → RESOLVED
Closed: 3 months ago3 months ago
Flags: needinfo?(djackson)
Resolution: --- → FIXED
Regressions: 1789458
You need to log in before you can comment on or make changes to this bug.