Closed
Bug 948603
Opened 11 years ago
Closed 7 years ago
Review needed for crash-stats PII access for users to their own data
Categories
(Privacy Graveyard :: Product Review, task, P2)
Privacy Graveyard
Product Review
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: laura, Assigned: smartin)
References
Details
We now have Persona login on crash-stats, and a new very granular permission system. These two things enable us to build something we've wanted for a while, which is that if users log in with the Persona email that matches the email in submitted crashes, we'd like to be able to give users access to their full crash, including the binary dump and all PII. This will be especially useful for e.g. volunteer QA contributors. The feature is outlined in bug 948597. We would like Privacy to review and tell us if there are any issues about which we should be concerned.
Updated•10 years ago
|
Priority: -- → P2
Comment 1•10 years ago
|
||
Hi Laura, Do we have a real sense of the risk and security issues around providing these dumps? #3 under premises in bug 948597 is a bit concerning.
Flags: needinfo?(laura)
Reporter | ||
Comment 2•10 years ago
|
||
As long as we're confident about Persona email matching the dump, then we are only giving back the user data that came off their machine in the first place, just in a human-readable way. Happy to defer to privacy/appsec though.
Flags: needinfo?(laura)
Comment 3•10 years ago
|
||
(In reply to Shane Caraveo (:mixedpuppy) from comment #1) > Hi Laura, > Do we have a real sense of the risk and security issues around providing > these dumps? #3 under premises in bug 948597 is a bit concerning. We already bought into that premise itself a long time ago (and giving selected, trusted Mozilla employees access to that PII). The question here is if we can be confident enough that we can let someone who got their email verified by Persona get access to that PII for reports on which the user sending the report entered that same email as the one to contact them.
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•