SecurityEngineering/Jan2013WorkWeek/04-Collusion Roadmap

From MozillaWiki
Jump to: navigation, search

The future of collusion (roadmappy things)

1/15 at 11:15 am

Session Lead: Dethe

vidyo recording

etherpad link

Hypotheses:

  • Users would like to see the benefit from their data
  • Users would like to share their graph easily
  • Users would like to see the benefits of profiles from each tracker
  • Users would like to use it as a tool in their every day use

Working on making collusion easier to use, more understandable. Working on a public database where people can upload their graph (so Mozilla can build a bigger picture of tracking on the web). We are working on a public server that uses that database for mash-up experimentation. Maybe a reputation system for crowdsourcing tracker info. Doing all of this in a really public way we might be able to get a higher quality data set.

Reworking collusion to gather richer data without compromising privacy.

  • Gathering data over time (right now graph is showing most recent stuff) -- timestamps in milleseconds, rounded off to 5-10 minutes.
  • Getting more granular data about URLs (not just ETLD+1, but actually FQDN).
  • Storing a list of every connection you make to third party sites.
  • Grabbing path depth (number of slashes, not the path, but the size) and query term count.
  • Much can be stripped out before exporting since the data is a bit "safer" on the local machine.

Open question:

  • How can we use the add-on to compare what you're seeing compared to what others see (over time)?

Getting ready to wire in new UI and visualizations.

Forward Direction:

  • Working on pulling in chrome/safari version changes back in-house.
  • Trying to identify potential ports to Android or Firefox OS.
  • Want to eventually support leak detection (find out who's leaking stuff).
  • Want to make visible other types of tracking -- not just cookies.
  • Want to be view-source: of privacy!

Goal for end of February: New version of collusion with back-end and server support! Q&A:

  • Do you have plans to expire data over time? Yeah, especially since we're gathering more. Will time-box and space-box collection.
  • Delete data from server? Maybe, but we're only exposing an API that allows aggregate data access (no individual data sets).
  • Do you see a way that the majority of people can benefit from collusion directly? Right now it's tough for many people to understand/care about the visualization.
  • Have the student designs been shown to "ordinary users" to see how things resonate? Students have shown their work to novices, but nothing formal.
Retrieved from "https://wiki.mozilla.org/index.php?title=SecurityEngineering/Jan2013WorkWeek/04-Collusion_Roadmap&oldid=500739"