Closed
Bug 830899
Opened 12 years ago
Closed 12 years ago
Complete Privacy-Policy Review for Foxography
Categories
(Privacy Graveyard :: Product Review, task)
Privacy Graveyard
Product Review
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bwinton, Assigned: me)
Details
Initial Questions:
Project/Feature Name: Foxography
Tracking ID:
Description:
I've developed a website to make it easier for UX to create pages like http://areweprettyyet.com/
Additional Information:
A demo is running at http://foxography.jit.su/
The list of feedback is at https://firefox-ux.etherpad.mozilla.org/Foxography
Urgency: no rush
Key Initiative: I'm not really sure. It's a tool to be used by UX and Engineering…
Release Date:
Project Status: development
Mozilla Data: Yes
New or Change: New
Mozilla Project: none
Mozilla Related: Persona and Bugzilla
Separate Party: No
Privacy Policy: No
Privacy Policy Link:
User Data: Yes
Data Safety ID: not filed (I store the personaID of the person who created each mockup, is that user data?)
Legal ID: not filed
Assignee | ||
Comment 1•12 years ago
|
||
Hello! I'm not sure I understand exactly what this tool does, what data sources it connects to, and what data it stores. Could you find 45 minutes for us to talk about the tool so that I can get a handle on exactly what it is and how it works?
Reporter | ||
Comment 2•12 years ago
|
||
Sure! I'm in Toronto, and have a fairly free schedule, so if there are times you prefer that are before 2:00pm PST, they will probably work for me, too.
Having said that, here's the overview of the data I store, and what it's used for.
People log in to the site with PersonaID (which is basically their email address).
I store that address with every mockup they create, and show it in a dropdown beside the name of the mockups they've created.
i.e.
bwinton@mozilla.com - Mockup One
tom@mozilla.com - Mockup Two
james@latte.ca - Mockup Three
So, my main question is "Does someone's PersonaID, and things they create based on it, count as personal data?" I think bugzilla itself is in a similar situation, since it stores people's email addresses and displays them on top of the comments they post, so hopefully I can just do whatever bugzilla does.
If you have any questions, please let me know when you're available, or bug me on irc anytime. :)
Thanks,
Blake.
Assignee | ||
Comment 3•12 years ago
|
||
Blake and I chatted over IRC.
Foxography is a tool to make pages like <areweprettyyet.com>. A user signs in with Persona, uploads a background image, then adds labels all over it, corresponding to Bugzilla bugs. The user's email address and the bug details are all publicly visible. The app itself never emails people.
Here are the outcomes that we agreed:
1. Blake is going to talk to Larissa about making sure that there's a compelling notice that the user's email address will be public.
2. If there's ever a plan to add sharing features, analytics, or to email users, we'll do a separate review of those plans.
3. The app itself doesn't keep any logs, although Blake might need to temporarily log some things from time to time to fix things that break. Regular HTTP/S server logs will be kept while it's under development and in production, according to normal log aggregation/deletion practices.
4. The app will start life on a non-production server so that Blake can rapidly make changes. If it hits 100 users or Blake thinks it's ready, it'll move to production, with full security review and privacy technical followup. Among other things, those reviews should include:
* Persona integration safety
* Server log aggregation/deletion
I think that's everything! Please let me know if I've missed something, or we need to talk about something else.
Group: mozilla-corporation-confidential
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•