Data Safety/Data Safety Consultation Meeting Notes/2012-03-15/Push Notifications Data Safety Questionnaire

From MozillaWiki
Jump to: navigation, search

Data Safety Consultation Questionnaire
Project: Push Notifications
Contact(s): Jeff Balogh, Mike Conno, JR Conlin
Date Questionnaire received by Data Safety Team: 13 March 2012
Data Safety Review Date: Thursday, 15 March 2012

About Your Project

  1. Brief description of your project.
    • Push notifications are a way for websites to send small messages to users when the user is not on the site. Notifications are featured in current iOS and Android systems and in the upcoming Windows 8 and OS X platforms. Push notifications inform users of events on a website without needing to visit the site: Bret wants to be your friend, your tests failed, you have 15 new messages on Yammer, etc.
    • With the user's consent, Firefox gives the website a URL to send messages to that user. The URL points to a server Mozilla operates; the website sends messages to Mozilla and Mozilla passes the messages to the user on mobile Firefox, desktop Firefox, B2G, etc. The Firefox client will keep a persistent connection open to the Mozilla server to deliver messages with minimal latency.
    • The URL is a secret shared between the website and the user. It can be revoked by the user to stop receiving messages from that site.
    • Additional project reference:
  2. Please provide the links to your project documentation (both internal and external).
  3. What is the current state of your project?
  4. Please provide your key release / launch dates.
    • Projections are hazy, but I'd like to be in Fennec by the end of Q2 and in desktop Firefox by the end of Q3.
  5. What are the core technical components and features?
    • Server:
      • API layer: third-party sites send messages into the system here
      • Routing/storage layer: we take messages and decide to pass it to an edge layer (if the client is connected) or store it for the client to retrieve later
      • Edge layer: these servers maintain long-term connections and pass messages to client devices
    • Client:
      • DOM API: lets third-party sites request permission to send users notifications
      • Worker: maintains the connection to the edge layer and process incoming messages
      • UI: displays messages in a way that fits in with the platform
  6. Who are the stakeholders involved with your project (internal and external)?
    • Jeff Balogh (jbalogh)
    • Mike Connor (mconnor)
    • JR Conlin (jrconlin)

Security

  1. Does your project deploy new or modify web application code that runs on Mozilla infrastructure? Does your project deploy or modify client-run software (such as Firefox or Android applications)? If YES to either of the above, please file a Security Review bug (see https://wiki.mozilla.org/WebAppSec/Security_Review_Request for more information)
    • Yes, it has both. We've done a preliminary security review with mcoates, mgoodwin, and bsterne. Security bugs will be filed once the code is past the prototype stage.

Privacy Engineering

  1. Does your project change how we generate, store, share or collect information from users? If YES, please file a Privacy Review bug
    • Yes. We will be:
      • giving out URLs where a site can contact a user
      • connecting to a Mozilla server from Firefox to retrieve messages
      • passing messages from third-party sites to users, and possibly storing them
    • We won't be collecting any user data like profile information, but there is the potential to record IP addresses in server logs.

Policy and Legal

  1. Do you have a privacy policy for your project / site? If YES, Please provide a link to it:
    • Not yet.
  2. Will user data be collected from global locations (outside the U.S.) and stored in those locations? If YES, please provide the names of the countries where data is collected and stored.
    • Users and third-party sites will be global. It will be stored in our data centers in the US.
  3. If you're collecting data only from the US, will all user data be stored in the US?
    • See above.

Data

  1. Does your project collect data from users? If YES, then someone from Data Safety will look at this bug, find out how many users' data to be involved, determine priority level (L / M / H).
    • Email data will be collected through BrowserID authentication.
    • Third-party messages could contain user data. If a user is connected the message will be delivered immediately; otherwise it will be stored on our server for up to three days. Messages older than three days will expire and be deleted.
    • We may collect and share aggregate usage statistics to analyze the usefulness of the service and help websites deliver a better user experience.
  2. Please provide list of data elements (e.g., email, name, location, log data, URLs, browser history, etc.).
    • Messages from third-party sites to users
    • Log data
    • BrowserID authentication data
  3. Why do you need to collect user data?

We need to provide a default server implementation to make the feature useful. It will be possible to use your own server (similar to Sync).

  1. How is this data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.) (Consider that you may be collecting data unintentionally such as automatic logging by web servers)
    • Authentication
    • Third-party sites sending messages to users
    • Server logs
  2. Will your project / team members need to retain user data? If YES, for how long?
    • Third-party messages will be stored for up to three days.
  3. Will any user data be shared or accessed by third party partners, customers or providers? (If YES, see additional questions below.)
    • We may provide aggregate usage statistics to third-party sites. A site admin would prove they own the website to access stats for that site.
    1. What is the data being shared or accessed?
      • how many users receive messages
      • when messages are opened
      • click rates
    1. How would the data be communicated / transferred to the third parties?
      • Analytics dashboard, CSV/JSON data downloads
    1. Who are the third party vendors and in what countries are they based?
      • Global.

User Benefit

  1. In particular, it's useful to list the user benefits that result from this data. A possible way of describing the benefits that flow from the data is:

User Benefits: (sample!) 

A - users find applications that have their photos are more friendly/fun
B - users want to be able to access this project from computers where they just have web access
C - users want to be informed of updates from specific other users of the site
D - users want notices when important changes happen
  • A - Users can recieve notifications for events of interest without needing to keep a web-page open.
  • B - Users have complete control over the notification process (can disable or silence a partner at any time)

Data collected (sample!) 

A - profile picture; user submitted image (doesn't have to be their face); meets benefit A; optional
B - pseudonym: users get to pick a screen name (mostly anything goes - see name policy [..] - meets benefit C.
C - browserid-based authentication means we store email identifiers - meets benefit D, B....etc...
  • A - We will know of sites the user wishes to recieve communication from (for the period that the connection is live, plus any archival residue from that connection)

Community Visibility and Input

  1. Has your proposal been shared publicly, including requirements for Mozilla to collect and host user data?
    1. If YES, what communication channels are you using and what kind of input have you received thus far?
Retrieved from "https://wiki.mozilla.org/index.php?title=Data_Safety/Data_Safety_Consultation_Meeting_Notes/2012-03-15/Push_Notifications_Data_Safety_Questionnaire&oldid=417542"