From MozillaWiki
Jump to: navigation, search

Engineering is big, we could probably use a few more friends in engineering.

Guidelines for Product Security

Privacy and Security Engineering is responsible for making sure the products we release are strong, secure, and adhere to our privacy principles. In daily operation, following the Mozilla Privacy Principles are a core focus of these teams and drive much of our operation. These principles apply across all of Engineering.

Mozilla Privacy Principles

No Surprises

Always be open about how users' data is treated. Ensure that the user is always in control of their data, even when the data is provided to improve security of a system (for example, Safe Browsing/antiphishing in Firefox).

Collected data should be used only for the purposes for which users have granted us permission, always avoiding secondary (surprising) uses of the data. By avoiding surprises, we build on our promise to users that it is their data, and they are in control.

Real Choices

Ensure that users are not overwhelmed by decisions we ask them to make; it is not reasonable to expect them to be security experts and any prompts or questions asked of them should be in plain language and understandable by the majority of our user base.

Sensible Settings

Prompting is not always a good idea when security decisions are complex. We should use sensible defaults for most settings that users are unlikely to change. Rationale for data collection or use should be outlined in a publicly accessible way (available and clear), but we should also not bother users needlessly.

By choosing sensible defaults, we give users who aren't privacy experts a head start towards understanding and controlling what happens to their data, and reduce the chance of surprises.

Limited Data

Simply: if we don't need to obtain it, don't. If we don't need to keep it, don't. One of our focuses should be making sure that teams we work with only operate on the data needed for the task at hand. Anything extra is a liability without any benefit.

User Control

We should help our organization develop technologies that not only require less access to users' data by Mozilla, but actually wrap it up in a way where the data can be exposed only as absolutely necessary and as authorized directly by the user.

Trusted Third Parties

When we enter into 3rd party transactions we should understand the privacy practices of the 3rd party and evaluate those against our principles. Projects like safe browsing, crash reporting, and others that involve third parties should be driven in a way that extends to these parties the principles by which we operate.