Closed
Bug 811402
Opened 12 years ago
Closed 12 years ago
Complete Privacy-Policy Review for Internal hosting of Wiretap REST debugging
Categories
(Privacy Graveyard :: Product Review, task)
Privacy Graveyard
Product Review
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: dre, Assigned: me)
References
()
Details
Initial Questions: Project/Feature Name: Internal hosting of Wiretap REST debugging Tracking ID: Description: Wiretap is a managed proxy that enables easy debugging and investigation of REST APIs. The URL provides a good introduction as well as a four minute webcast that explains it very well. If it were available, we would be using it in the course of developing the Firefox Health Report, the Metrics middleware query API, and other services, but it is not blocking any goals. The service is currently in private beta as a SaaS solution, but the creator plans to make it available as an internally hosted solution as well. I reached out to him and he stated that he would love to work with us to define the requirements for such a service and use us to tailor the offering. This would most likely involve setting up the application on a machine or VM, and it would be useful to provide him with access to the system to be able to set up, configure, and troubleshoot as needed. He would be happy to sign an NDA or contract to ensure the privacy of any data captured by the system to which he may have access. Additional Information: The website has a good technical description of the SaaS solution and the four minute webcast on that page provides a great explanation of how it is used. Urgency: no rush Current Goal: Release Date: 2013-01-31 Project Status: future Mozilla Data: Yes New or Change: New Mozilla Project: none Mozilla Related: Metrics, Webdev, Services, potentially OpsSec as well. Separate Party: Yes Privacy Policy: No Privacy Policy Link: User Data: Yes Data Safety ID: Legal ID: not filed
Assignee | ||
Comment 1•12 years ago
|
||
There seems to be a website link missing there? A web search for "wiretap" is not supremely effective. Since we're using it for debugging and investigation, what's the plan for logs and log retention? I suspect you and I should sit down for half an hour to braindump on the plan here, but I'd like to look over their web site first.
Flags: needinfo?(deinspanjer)
Reporter | ||
Comment 2•12 years ago
|
||
Sorry, I had the URL in the original bug, but forgot to include it when I used the new security review request form because it wasn't an explicit field. https://httpkit.com/wiretap In the SaaS model, the default is for recorded data to expire in 24 hours. It is customizable per collection end point and also per specific headers so you can do things like throw away auth headers after 5 minutes and such. Definitely take a look at the website, it should give you a good feeling for the concept, and then feel free to ping me to chat about the plan.
Flags: needinfo?(deinspanjer)
Assignee | ||
Comment 3•12 years ago
|
||
Okay, I totally understand what the deal is here. Based on the use case evangelised on the site, it looks like users wouldn't be interacting with the service: it'd just be developers/testers. If that's the case, then I don't see any privacy impact at all. Please re-open if I don't get it.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 4•12 years ago
|
||
This assessment is how I see it and works fine for me. If there are any privacy concerns that come up in other bugs, I will make sure and let you know.
You need to log in
before you can comment on or make changes to this bug.
Description
•