Closed Bug 843871 Opened 9 years ago Closed 9 years ago

Security Review: Mozillians Profile Privacy Controls


( :: Security Assurance: Review Request, task)

Not set


(Not tracked)



(Reporter: hoosteeno, Assigned: freddy)



(Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Web])

Initial Questions:

Project/Feature Name: Mozillians Profile Privacy Controls
Tracking  ID:
We have a Q1 goal to "Release privacy controls to allow Mozillians to have a public profile page and be recognized for their contributions."

To implement this goal we want to create a mechanism whereby registered users of can make some fields in their Mozillians profile public. Doing so would make these profiles and the specified fields viewable by...
* non-vouched Mozillians
* not-logged-in internet visitors
* search engines and other crawlers

Additional Information:
Urgency: 2-4 weeks
Key Initiative: All
Release Date: 2013-03-28
Project Status: active
Mozilla Data: Yes
New or Change: Existing
Mozilla Project: Marketing Initiative
Mozilla Related: and current/future API users of
Separate Party: No

Security Review Questions:

Affects Products: No
Review Due Date: 2013-03-18
Review Invitees: :sancus,:giorgos,:hoosteeno,:williamr
Extra Information:
It's not clear right now whether this feature warrants security review. And we may need to ask for a later date, depending on how development goes.
marked for triage on 27-Feb-2013
Whiteboard: [triage needed]
Group: mozilla-corporation-confidential
Assignee: nobody → fbraun
Whiteboard: [triage needed] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
What stage is the development at now?
Just wondering when it will be ready to test.
Development is underway right now. We'd love to have testing late during the week of 3/17. Will that work?
The interface for privacy controls has landed on the dev server. This is just the interface: The backend code is not complete. In other words, you can't actually submit changes and have them be saved in the database or have them apply to viewers. However, I think the backend functionality is explained fairly well by the interface.

1) Here is the interface where users will edit their privacy settings. There are settings on several tabs:

2) You'll also want to see the profile view interface; we added a dropdown there that lets users see their profile as if they were members of a particular group. To get there, click on your username at the top right and choose "View Profile".

Your feedback is welcome!
The new Mozillians privacy controls are in staging and tagged for a 3/28 release.
I reviewed the privacy controls on and the source code based on this branch:
Closed: 9 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Web]
You need to log in before you can comment on or make changes to this bug.