Guidelines for Metrics

Metrics is responsible for stewardship of all analytical data at Mozilla. The metrics team also undertakes planned and prototype analyses of this data as required on an on-going basis. The full set of data comes both from normal client-server operation of our products and from certain external third-party market research vendors. In daily operation, following the Mozilla Privacy Principles is a core focus of the metrics team and privacy policy considerations govern all our operations.

Mozilla Privacy Principles

No Surprises

To avoid surprise we always are open about how users' data are treated. We ensure that each user is always aware of the nature and detail of the Metrics data that Mozilla acquires as part of the installation, operation, and enhancement of our products. No user should be surprised by the analytical data collected for metrics measurements even when the data is provided to improve effectiveness and utility of a product (for example, silent Release updates or add-on certification, in Firefox). All data acquired will be used only for the direct and publicly disclosed measurements purposes as agreed to by our informed users.

Real Choices

We ensure that user preferences are accurately reflected in their selected data acquisition options and their user experiences are enhanced by decisions we ask them to make. We do not demand that our users be data or metrics experts and we do not impose on them the challenge of following obscure implications or consequences of alternative data options. Therefore any prompts or questions asked of users should be in plain language and understandable by the largest possible fraction of our user community.

Sensible Settings

User selectable alternatives are presented against a set of pre-existing, default or recommended settings. Great care is needed in designing a user interface that exhibits the settings and facilitates changes. We plan to use best practices in the development of such settings. We will provide proven sensible defaults for the settings that users are least likely to change. For data acquisition, policies will be outlined in a readily accessible fashion - available and clear - avoiding needless difficulty or confusion for our users. With clear and appropriate defaults, we provide our users without privacy expertise a clear route to understanding and controlling what happens to their data.

Limited Data

We begin with a simplicity axiom. We should acquire the minimum of data that can support the necessary functioning of Mozilla at the strategic and operational levels. Data collection does not require pervasive or exhaustive data capture in almost all situations. Just a few situations require census-type approaches; these revolve around security issues for the most part. In almost all other cases, sampling on a random basis is adequate to deliver the measurement capabilities required. Thus we seek to acquire a very limited extent of data – as few measurements as possible for as few instances or users as possible – consistent with a non-trivial characterization of product usage and performance. We must do better than one size fits all; while avoiding uniquely identifiable data.

User Control

In every case the Mozilla user has inalienable ownership of their data. They can exercise full control over all data acquisition and stewardship through configuration or preference selection. We intend to ask for users to concede to our undertaking limited measurement of their data regarding product usage and performance. We will ask them to relinquish control for limited time duration and for the minimally viable set of parameters or characterizing data. Furthermore we will publish full information on the data flows and storage strategies for all user data whether held at the user instance level or as blended aggregates. This approach will permit a very transparent way to return data (current and historic) to the user’s sole custody and control – data deletion.

Trusted Third Parties

When we enter into 3rd party transactions we investigate and establish the privacy practices of such 3rd parties and we evaluate their approaches against our principles. Projects like web analytics, search volume measurement, crash reporting, and others that involve third parties will be driven in a manner that models and recommends (for adoption by these third parties) the privacy principles by which we seek to operate.