Evaluate Google FeedBurner for Mozilla's use

RESOLVED FIXED

Status

Privacy
Vendor Review
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: cmore, Assigned: stacy)

Tracking

(Blocks: 1 bug)

Details

(Whiteboard: privacy review completed - resolved - project team to make final decision based on feedback)

(Reporter)

Description

5 years ago
We would like to evaluate the use of Google FeedBurner for RSS/feed stats for use on blogs.

Product URL: http://feedburner.google.com

Robert Nyman can give some specific use-cases on how we would like to use it.
(Reporter)

Updated

5 years ago
Blocks: 785342
(Assignee)

Comment 1

5 years ago
Hi Chris and Robert - My apologies - I don't know why I didn't see this one.  Is this still needed?  If so, please include the use cases, as I'm not familiar with feedburner.  Thank you!
Whiteboard: under privacy review

Comment 2

5 years ago
Hi,

Yes, it's still needed. It will be used for redirecting the feed URL to a Feedburner URL, meaning that we can track the number of RSS subscribers we have, click-through, most popular posts and more.
(Assignee)

Comment 3

5 years ago
My understanding is that Feedburner can be somewhat frustrating for privacy-or security-conscious people because it makes it hard to use technical measures to manage privacy, and forces every subscriber to put some trust and info in Google's hands. 

Do you know what type of personal info would be involved?  Or what the terms and conditions would look like?

Comment 4

5 years ago
No, I don't know what information that would be. Not sure what it would encompass, though, since it's just about retrieving a RSS feed from them.

Additionally, we now use Google Analytics for our web sites, which has been approved in this aspect, so I guess it would be good for you to talk to the people behind that to find more information.
(Assignee)

Comment 5

5 years ago
Hi Robert,

OK, I'm pretty familiar with Google Analytics (bug 692579).  It got approved because our main concerns in the past have been related to user privacy and making sure Google couldn't use information about our site visitors obtained through use of Google Analytics on our sites.  Google had changed their Premium Service TOS to make that an opt-in, enabling us to disallow use of our info for any other purpose - by using the Settings page - so it resolved our concerns.  Do you have a copy of the Feedburner terms of service? Would it fall under our Google Enterprise Agreement?  I can add Jen Hayashi to this bug, as I think she manages the enterprise agreement.

Comment 6

5 years ago
No, sorry, I don't know more about Feedburner's terms of service, and how our relation with them might come into play with them.
Hi Stacy -

When I log into our Enterprise account, here is hte link to the Feedburner's terms
http://www.google.com/intl/en/policies/terms/ -- but it looks like that applies to all services under our acccount.  If you want more specific information, I'll have to loop in our account rep.

Jen
(Assignee)

Comment 8

5 years ago
Jen, do you know what type of personal information would be involved for Google Feedburner?

Updated

5 years ago
Flags: needinfo?(jhayashi)
(Assignee)

Comment 9

5 years ago
If we add the feedburner icon to our blogs, would Google get info about all visitors, or just those who click on the icon?
Let me find out.  I'll email our rep.
Flags: needinfo?(jhayashi)
Let me find out.  I'll email our rep and cc you Stacy in case you have follow up questions.   I'm also adding Michael Coates and Joe Stevenson from Security in case they have any concerns.
(Assignee)

Comment 12

5 years ago
Jen has also added our questions to a support case:

Status: New
Subject: Google Feedburner Questions
Description:
Hi - Not sure if this is the right place - but we'd like to know what information is shared and collected by Google Feedburner.  And if we add the Feedburner icon to our blogs, will Feedburner get information on all visitors to our page?  Or just the ones that click on the Feedburner icon?
Thanks!

Google Enterprise Support
http://enterprise.google.com/customerportal
Followed up with Google rep.  Still waiting to hear back.
(Assignee)

Comment 14

5 years ago
Hi Jen - I wonder if we can add their icon in a privacy-friendly way, like we do with Twitter and Facebook icons.  

Chris - is that the plan for adding the Feedburner icon?
(Reporter)

Comment 15

5 years ago
(In reply to Robert Nyman from comment #4)
> No, I don't know what information that would be. Not sure what it would
> encompass, though, since it's just about retrieving a RSS feed from them.
> 
> Additionally, we now use Google Analytics for our web sites, which has been
> approved in this aspect, so I guess it would be good for you to talk to the
> people behind that to find more information.

Robert: When we add the feedburner icon and URL, isn't the URL already pre-set and isn't dynamically generated client side?

Stacy: If the answer to Robert's question above is "yes" then it is not the same as the twitter/facebook buttons. The twitter and facebook buttons are dynamic widgets that execute JavaScript on page load. If the feedburner icon is hosted locally and links to an external URL, then user privacy is not leaked on page load.
(Assignee)

Comment 16

5 years ago
I talked to Tom about this today. Some things to consider include - the PII involved is IP address, user agent and cookie dropping.  Potentially, we could have a picture of what feeds someone has, but it's pretty difficult; however, Google could have a much stronger picture, so there is info leakage to Google.  This is because users would not be able to subscribe without using Feedburner, vs. perhaps using a raw RSS feed from our own servers.  Tom feels this may alienate a small, but dedicated group of readers.  Depending on what the purpose is for using Feedburner (ex: one way to get stats on the use of our blogs), he hopes we've considered using a privately hosted version or looking at our own server logs, since he's concerned that the convenience to us may be small compared to the impact of alienating a portion of our readers.

That said, I'm going to close this bug as resolved, since we've provided our feedback and it's not a blocker.  We'll leave you to make the final decision about whether you think the tradeoffs are worth it in your context.

Here's a link to our new privacy reviews process page https://wiki.mozilla.org/Privacy/Reviews.  Tom's concerns would fall under feedback.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Whiteboard: under privacy review → privacy review completed - resolved - project team to make final decision based on feedback
You need to log in before you can comment on or make changes to this bug.