Privacy/Anti-Tracking/Interventions

From MozillaWiki
Jump to: navigation, search

Getting access to the Remote Settings admin interface

Since we already have a Remote Settings collection, getting access boils down to the following steps:

  • Setup the Mozilla VPN and request access to the server using this Bugzilla template
  • Ask an existing member of the url-classifier-skip-urls collection to get you added to the list of editors/reviewers

For a more comprehensive guide, including how to create your own collection, see https://remote-settings.readthedocs.io/en/latest/getting-started.html.

Admin Interface

Remote Settings provides a stage environment as well as a production environment:

Please test interventions on stage before pushing to production. You can use the Remote Settings DevTools to switch between them in your browser (see also the Remote Settings documentation).

Note that as of Bug 1598562 it's not possible to change to the Stage server on Firefox Release clients, so you will need to test on Nightly or Beta. Interventions that are filtered only to Release users will have to test on the Prod server by adding an additional filter restricting the skiplist record to a custom preference that you've manually added to your test browser.

Tracking Interventions

We have set up bug 1537702 to track active interventions. All interventions must have a corresponding bug that blocks this meta-bug.

Steps to create a new Intervention

  • Turn on the Mozilla VPN
  • Visit the stage or production admin interface (see above)
  • Find the url-classifier-skip-urls or partitioning-exempt-urls collection. url-classifier-skip-urls is used to allowlist resources blocked by tracking protection, while partitioning-exempt-urls excludes specific origin combinations from dFPI/TCP.
  • For url-classifier-skip-urls: If you are skiplisting a resource blocking feature you need to skiplist the corresponding annotation feature so the blocked resource isn't shown as blocked in the UI (see Bug 1590591). For example, if you are skiplisting the fingerprinting-protection feature you should also skiplist the same pattern under the fingerprinting-annotation feature. The same is true for tracking-protection and tracking-annotation, socialtracking-protection and socialtracking-annotation, and cryptomining-protection and cryptomining-annotation.
  • File a bug describing your intervention, using this template. Be sure to substitute [feature-name] and [site-name] in the bug title, and provide information for all items in the template's description.

You can also see an overview of interacting with remote settings collections in this screencast.

Removing your intervention

You should aim to fix the breakage that led to an intervention within your specified timeline. Once the fix lands you should wait until the fix ships to all channels (Nightly, Beta, and Release) before you remove the intervention. Be sure to consider whether the breakage impacts ESR users. If it does and you don't want the intervention to stick around for Nightly/Beta/Release users for the entire ESR cycle, you can issue an intervention that is scoped only to ESR users through Remote Settings filters.