Closed
Bug 986091
Opened 10 years ago
Closed 10 years ago
Privacy-Technical Review: Directory Tiles (Services)
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: clarkbw, Unassigned)
Details
(Keywords: privacy-review-needed)
Initial Questions: Project/Feature Name: Directory Tiles (Services) Tracking ID:973273 Description: Directory Tiles is a feature for the New Tab page (about:newtab) of Firefox Desktop as the spearhead of the Q1 and 2014 revenue initiatives. When a new user downloads Firefox for the first time they have no history stored in their profile. When this new user opens a new tab in Firefox (estimates are 6.8 billion new tab views / month globally) our current new tab shows 9 empty tiles. Currently these empty tiles are eventually filled with interesting web sites (interesting according to Firefox) from the users browsing history. With the Directory Tiles feature the new tab page will have, instead of empty Tiles, Tiles showing websites Mozilla would like to suggest to users. The Directory Tiles will be a mix of Sponsored Tiles (NYT, Pinterest, BBC) and non-paid Tiles which are of general interest (YouTube, Facebook, Wikipedia). As a user browses the web Directory Tiles will be replaced by Browsing History as if they were empty tiles in the current New Tab page interactions. In general the new tab page interactions will continue to work as it currently does; removing, moving, and pinning tiles is all possible. Currently Directory Tiles are planned to ship with each Firefox release assigned to a single locale. Firefox 31 will have one set of Directory Tiles and Firefox 32 will ship with another set and the en-US locale will have a different set than the es-MX. Instrumentation of the Directory Tiles is a requisite feature for us to understand that there is user value in providing these suggestions. If very few Firefox users see the Tiles or interact with the Tiles then we need to know so we can change them or remove them. At the same time our partners are only interested in presenting (Sponsored) Tiles if Tiles are of value to our users. Additional Information: All of this information and more is available in great detail in the Directory Tiles Document https://docs.google.com/a/mozilla.com/document/d/1_9pTBxmabAMLxNESfchTOsY1U5E1BzFQiJgdVsQJQ20/edit?usp=sharing The current Directory Tiles implementation is going to remain in Beta Firefox builds while we gather the necessary usage data to determine its user value via Telemetry. We have hints of good user value from data collected in Nightly builds so we are assuming we will continue further already. In the near future we plan to implement two new services one for collecting instrumentation data and another for delivering updated tiles. The instrumentation required for Directory Tiles is a subset of the advertising industry standard information required for a Pay Per Click (PPC) business model. The required instrumentation data is as follows: * Click count * Unique User count * Tile Impressions * Page Views The first 3 data points will be collected in a new metrics service completely separate from FHR and Telemetry. All of these three data points will be logged along with the reporting users country level region according to their IP address (geoIP). Click count is the number of times a user clicks on a given tile. Unique User count is the number of individuals who see the Directory Tiles feature (register tile impressions). Tile Impressions is the number of views each Directory Tile receives. As we only need this required amount of data any other user data inadvertently collected will be removed as soon as possible to protect our users privacy as best as possible. The last item will be collected through the existing FHR channels. Page views is the number of times the about:newtab has been loaded in general with or without Directory Tiles. Finally the Tiles update service will deliver tiles to Firefox users through a web service API. The service will use a geoIP API to determine the requesting users region at a country level and deliver a set of Tiles designated for that region. Key Initiative: Firefox Desktop Release Date: 2014-03-31 Project Status: development Mozilla Data: Yes Mozilla Related: Separate Party: Yes Type of Relationship: Other Data Access: No Privacy Policy: Vendor Cost: N/A
|
||
Updated•10 years ago
|
Assignee: nobody → curtisk
|
|
||
Updated•10 years ago
|
Group: mozilla-employee-confidential
|
|
||
Updated•10 years ago
|
Assignee: curtisk → nobody
|
Reporter | |
Comment 1•10 years ago
|
||
The privacy notice and Tiles Data Collection pages have been created / updated. https://www.mozilla.org/en-US/privacy/firefox/ https://wiki.mozilla.org/Tiles/Data_Collection
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Comment 2•10 years ago
|
||
This statement on the wiki page is inaccurate: "When the data is received, the IP address is geo-encoded: the IP address is not stored on Mozilla’s servers. " IP addresses are in fact stored on Mozilla servers for a limited period of time (7 days), and then deleted. Several components have access to the IP of the user. This has been documented and discussed in the security review of the Tiles infrastructure at https://mana.mozilla.org/wiki/display/SECURITY/Directory+Tiles+Security+Review#DirectoryTilesSecurityReview-TrunkPIIasearlyaspossible
You need to log in
before you can comment on or make changes to this bug.
Description
•