Data Safety/Data Safety Consultation Meeting Notes/2012-02-14/2012-02-17

From MozillaWiki
Jump to: navigation, search

Data Safety Follow-up Meeting Details

  • Friday, 17 February 2012, 2.00-2.45 PM (Pacific)
  • Location: SF / Mtn View / Vidyo

Agenda

  • Follow-up discussion for Marketplace
  • Follow-up discussion for Open Badges

Action Items

Items below are tracked with all Action Items related to the February Data Safety Consultation.

Owner Action Item Due-Dt Status Comment
Justin Scott Provide responses to additional questions / action items from DS Team. See below. 22-Feb In progress Responses received. Waiting for flows / mockups w.r.t. sign-in.
DS Team Schedule another time to discuss Open Badges. 17-Feb Done

Marketplace Discussion

  • Marketplace structure needs better understanding of the requirement of tie-in of Identity to the Apps.
    • Implications? Compliance concerns with COPPA
  • Flow is also unclear - why people are signing in when they're signing in
    • Would be good for team to acknowledge use cases that exist
    • Need to be very explicit about requirements
    • Use case1: Installation of free app
    • Use case2: ?
    • Team would like to see mockups, prototype flows, use case - would be helpful
  • Crucial to our reviews: Landing date of features
  • Important feedback to give to Marketplace team: free apps --> minimize data sharing
  • Add-ons: They don't require login with BrowserID. All AMO users will be forced into creating a BrowserID account.
    • Need clarification, notice, some sort of acknowledgement of what's happening here.
    • Good model is the way MDN did this: Click a button and a drop-down appears to explain the why, then user can choose to sign in. MDN did this on their own.
  • Apps (free or paid): Requires login to BrowserID
  • Security review update: In process since early Dec 2011. Continual process as they keep adding code. No action needed here.
  • PayPal: Fear that contributors will be upset with us using this.
    • Do we have a strict Data Safety issue with this choice?
    • PayPal signed our data addendum, they're PCI-compliant - this gives some comfort that basics of data in-transit / data stored is covered.
    • We can add PayPal to our list of 3rd Party vendors who have signed data addendums
    • Community Engagement issue: The message has been out there somewhat, but not enough
      • Need to better explain why we picked them, make clear that they're the first, but not the only one. Should do this in a matter of days or weeks.
      • Should create a coordinated plan around data and products. Data ping, apps, etc.
  • Notion of working with data partners - this will come up more frequently. Need to post blog soon.
  • NEW issue: Metrics team wants to add another ping for Marketplace for understanding how the apps are installed.
    • Ping would be part of access logs, tracking add-on usage
    • Metrics team wants to understand apps usage. No proposal yet for what this would look like.
    • Need to know more on this, needs lots more oversight, need more lead time.
    • Is there a right to be forgotten button? This was brought up last week - need to raise again with team
  • Personalization / Recommendations: This is related to Add-ons today, not user specific

Questions / Action Items for Marketplace

Responses from Justin Scott (received 21-Feb) in italics below each request.

  • Provide additional info about what the team is doing with regards to forced BrowserID account registration in the changeover of AMO members to the Marketplace (see what MDN did to explain the switch to BrowserID to their users)
    • There's significant messaging to be done about AMO becoming Mozilla Marketplace; I'm currently unsure if we will deploy BrowserID on AMO prior to the Marketplace launch or as part of the Marketplace launch. I would like to find a way to inform existing users that there's a new login system, while at the same time not annoying BrowserID users (as the current MDN implementation does). I'm not sure what this will look like yet -- it's not going to be ideal for one of the use cases. Unless we can import AMO's list of account emails to BrowserID such that when a user tries to log the first time, BrowserID tells them "Hey, this website switched to BrowserID and it's awesome and you should pick a password and agree to our TOU." (Ben, we can take this off list :)
  • Is it possible for a user to selectively tell the Marketplace that an app should be forgotten?
    • Not sure what you mean by forgotten: if you mean from the Marketplace transaction history, at launch it won't be possible, but we may be able to in the future. Account history is critical for purchased apps as it serves as receipt of the transaction in case of billing disputes, refunds, support, etc. and, even if we removed the app from the user's account history page, we would still need to know about the purchase to validate the receipt. Free apps are less of an issue to remove, but this functionality isn't currently a priority for us. User feedback or other app stores implementing this functionality could cause this use case to become more important. If you mean forgotten as in uninstalled from a device, that will be possible.
  • Provide screenshots / mockups explaining the UI, especially w.r.t. sign-in.
    • I can share these when they are available; for now, imagine AMO with apps instead of add-ons and you have most of the functionality. For sign-in, it will be the typical BrowserID sign in pop-up.
  • Regarding free apps, is there a way to not associate them with an identity?
    • There's been discussion of this between the Apps and BrowserID team, but I don't know that it will be available at launch. This is a larger question for Apps/BrowserID and is not specific to the Marketplace.
  • Is there / will there be a Marketplace ping for usage statistics?
    • I started discussion of this recently in the dev.webapps newsgroup (I would link but Google Groups has been broken for all new newsgroups for months) and the verdict from the Apps team is that there will be, but it's currently unspecified, including whether the app developer, Mozilla, the source app store, or some combination of the former would receive such a ping.

Additionally noted to Justin: Before Marketplace starts doing user-specific recommendations (personalization), Marketplace will need to get back to Data Safety for review.

Open Badges Discussion

  • Time ran out. Schedule another call.

Attendees

Michael Coates, Ben Adida, David Ascher, Jishnu Menon, Mitchell Baker, Alex Fowler, Alina Hua, Tom Lowenthal

Declined
Jay Sullivan, Brendan Eich, Chris Beard, Johnathan Nightingale

Retrieved from "https://wiki.mozilla.org/index.php?title=Data_Safety/Data_Safety_Consultation_Meeting_Notes/2012-02-14/2012-02-17&oldid=402697"