Firefox/Privacy and Security Front-End/OKRs/2017Q4

From MozillaWiki
Jump to: navigation, search


2017Q4 OKR Progress

Objective Key Result Champion Confidence Tracking/Meta Bug Notes
Oct 30 Nov 13 Dec 4 Dec 11 Score (Jan 22)
1. Protect users from password theft and stay competitive (Phishing protection) 1.1 Complete three of the seven password phishing sub-tasks required to complete this objective. Francois -- -- -- -- 67%
  • Oct 30
    • Almost completed first task.
  • Dec 19
    • Completed the first task.
    • Almost done with the second task.
    • Postponed the bulk of the third task to next quarter.
  • Jan 22
    • 2 out of the 3 subtasks completed. Note that scope has changed from 7 subtasks to 3 subtasks.
2. Solidify 2018 strategy and approach to tracking 2.1 Complete in-flight studies and analysis on engagement and retention differences with tracking protection (with various positioning) Pdol 85% -- -- -- 50%
  • Tracking Protection Pref Flip Study
  • Tracking Protection UI Study
  • Oct 30
    • Onboarding study for Tracking Protection UI is delayed
  • Jan 22
    • 1 out of 2 studies was completed and analyzed. Tracking Protection UI study is delayed.
2.2 Obtain agreement from product, engineering and business stakeholders for what specifically will ship in the subsequent quarters Pdol & Wennie -- -- -- -- 15%
  • N/A
  • Jan 22
  • Clarified ad strategy according to the Play to Win strategy. Pdol returned from pat leave in Q1 and composed presentation that being circulated with leadership team. No confirmed plans yet on what will ship in 2018.
3. Improve Private Browsing Mode 3.1 Add 2 additional privacy protections in Private Browsing Mode (and available in regular mode). Tanvi & Luke 50% -- -- -- 45%
  • Jan 22
    • Team implemented Bug 587523 - "referer to origin only" in Private Browsing Mode in Q4. Patch landed in Q1 fx 59.
3.2 Lightbeam / Containers bug fixes and maintenance Jkt -- -- -- -- 100%
  • Jan 22
    • Team nominated and prioritized dependent bugs and fixed bugs accordingly.
      • Ex. Containers fixes landed in fx 57 and fx 58.
4. Develop a process to burn down sec-critical and sec-high bugs 4.1 Consistently maintain less than x number of sec-high and sec-critical bugs in monthly basis Wennie 80% -- -- -- 100%
  • Oct 30
    • Process description is done. Will share it with team
  • Jan 22
    • SecEng Team triaged Q4 sec-high and sec-critical bugs. Wennie has circulated "bug nomination" process to security leadership (ekr, selena,etc.).
5. Make Firefox Privacy controls/options more intuitive 5.1 Ensure our privacy and security setting UI match the users’ mental model and work as expected. Johann -- -- -- -- 100%
  • Jan 22
    • Johann audited all options and presented it to the team.
5.2 Update individual UI components that don’t do what they appear to do (either from a user’s perspective, from the platform perspective, or both) Johann -- -- -- -- 80%
  • Jan 22
    • Jacqueline and Johann created design mock up that was 80% done.
5.3 Doorhanger for Google Hangout Permissions Johann -- -- -- -- 90%
  • Jan 22
    • Johann has uploaded a patch for this bug. Blocked on platform pieces. When platform piece is ready, Johann will update his patch and land it.
6. Enable Firefox developers to write secure code by default.

(Security by Default)

6.1 Set the correct triggering principal for top-level loads by completing 12 remaining bugs. Christoph & Kate -- -- 0% -- 7%
  • Dec 13
    • 12 remaining bugs
  • Jan 22
  • Much of the ground work was completed in Bug 1374741. This bug is 90% complete.
7. Enable web developers to produce secure web sites through use of relevant web standards, increased test coverage via web-platform tests & parity with other browsers 7.1 Update Mixed Content Implementation per Spec Christoph & Kate -- -- -- -- 30%
  • Jan 23
    • Part 1 is complete. Part 2 was never started.
7.2 Land CSP Violation reports and enable web-platform tests Ethan/ Christoph -- 75% 100% -- 90%
  • already have patch and has been reviewed. Spec is missing core aspects. Email thread circulating. Might have to revise spec.

12/4

  • patches have landed in 59.
  • team has filed bugs the missing core aspects
    • Bug ID: 1418241, 1418246, 1418243, 1418236
  • Jan 23
    • Bugs 1418236, 1418241, 1418246 have not landed yet.
    • Moreover, after all dependent bugs land, we would need to enable the pref Bug 1432523
    • Bugs that have landed in nightly have enable web platform tests that provide a huge benefit additional test coverage across browsers. Therefore we are scoring this at 90%.
7.3 Land CSP worker-src Christoph -- -- -- -- 100%
  • Jan 23
    • Bug was fixed in Fx 58.
8. Protect users from data: URI phishing attacks 8.1 Enable toplevel data: URI navigation blocker Christoph -- -- -- -- 100%
  • Jan 23
    • Bug was fixed in 59. Blog post went out when fixed.
9. Enable Firefox developers to query referrer (including policy) information from a single source of truth. 9.1 Revamp referrer policy setup Tanvi Christoph -- -- -- -- 10%
  • N/A
  • Jan 22
    • Initial document is here. Francois and Christoph sat down with Thomas (TPE) and went over document because there were missing pieces. They sketched out a plan during a whiteboard session addressing the concerns but no documentation of event. No implementation work has started.
10. Lay foundation for shipping Breach Alerts 10.1 File all bugs for the shipment MVP with published UI spec Nihanth -- -- -- -- --
  • N/A
  • Jan 22
    • Goals have changed due to scope and resources. Team focused on back-end implementation and standing up an add-on prototype. UI spec has not started and was deprioritized for now.
11. Improve Firefox privacy by implementing W3C spec of Referrer Policy 11.1 Land Referrer Policy support for CSS Ethan/ Christoph -- 100% 75% -- 80%
  • Dec 4
    • patches are under review. dbaron has provied feedback to change patches. turns out to be more complex than originally intended because of servo code. tnguyen is working on patch this week.
  • Jan 22
    • TPE resource was working on this. Bug is almost completed but resource was pulled off this project.
11.2 Land Referrer Policy support for downloads Ethan/ Christoph -- 100% 80% -- 100%
  • Dec 4
    • patches are waiting for review. have been waiting for review for 7+ days.
  • Jan 22
    • Bug landed in fx 59.
12. Provide Firefox users an approach to protect against browser fingerprinting 12.1 Ship Fingerprinting Resistance MVP (parity with Tor Browser) in Firefox 59 Ethan -- 75% 75% -- --
  • Technical difficulties- solutions for Tor browsers are under review and have not yet received a review+
  • Dec 4
    • 2 out of 3 bugs remaining to be fixed
  • Jan 22
    • No resources or status to score OKR
12.2 Deliver a development plan for Fingerprinting Resistance Phase 2 (to improve the feature by minimizing web breakages and being more user-friendly) Ethan -- 100% 80% -- --
  • Document to be done
  • Dec 4
    • regular triage meeting is in place.
      • 1/4th of bugs have been triaged
      • one more triage during all hands
      • concern is that not enough bugs will be triaged to give a complete development plan. Team is still confident that they can provide a draft development plan by end of quarter.
  • Jan 22
    • No resources or status to score OKR