Privacy/Reviews/Affiliates 2.0

From MozillaWiki
Jump to: navigation, search

Document Overview

See example if needed.

Feature/Product: Affiliates 2.0
Projected Feature Freeze Date: 2014/04/01
Product Champions: Chelsea Novak, Justin Crawford
Privacy Champions: Curtis Koenig
Security Contact: Simon Bennetts
Document State: [DONE]


Architectural Overview: N/A
Recommendation Meeting: N/A
Review Complete ETA: 2014-04-23


In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described.

The main objective of this feature/product is:

This project (codename: Affiliates 2.0) will redesign the (existing) Affiliates website to match Mozilla's current style guide, bring its technology stack up to modern standards, and add numerous features requested by users of the site. It supports organization-wide goals for increasing the size of Mozilla's contributor community and increasing awareness, adoption and usage of Mozilla's products.

Design Documents:


Describe any major components in the system and how they interact. Also include any third-party APIs (those Mozilla does not control) and what type of data is sent or received via those APIs.

Affiliates Web Application

This component recruits and registers new affiliates, stores unique information about them, allows them to configure banners for their own web sites, serves those banners to viewers of affiliate-owned web sites, and provides some additional features to logged-in affiliates.

The tables below simply summarize the data encountered by this component.

Stored Data:

What Where
PII provided by affiliates: name, URL, bio, email address in MySQL database in a Mozilla datacenter
Metrics about performance of affiliate links and other similar derived data in MySQL database in a Mozilla datacenter

Communication with Affiliates Web Application

Direction Message Data Notes
In: GET (from web browser) URL (of page)
In: POST (from web browser) URL (of profile edit page), field names and data as described in 'Stored Data' above
In: HTTP RESPONSE (to Google Analytics API request) Metrics (in JSON or XML) related to individual or aggregate performance of affiliate banners on affiliate-owned web sites
Out: HTTP RESPONSE (to web browser) Application layouts, content, images, scripts
Out: GET (to Google Analytics API) Banner id(s), optionally other parameters to shape the result (time span, limit, offset, etc.)


This component identifies and authenticates people signing up or signing in to the website.

Further elaboration or review of this component is presumed beyond the scope of this project.

Google Analytics

This component captures data about the performance of affiliate links on affiliate-owned websites, as well as data about usage of the website.

Further elaboration or review of this component is presumed beyond the scope of this project.

User Data Risk Minimization

In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.

Alignment with Privacy Operating Principles

In this section, the privacy champion will identify how the feature lines up with Mozilla's privacy operating principles.

See Also: Privacy/Roadmap_2011#Operating_Principles:

Principle: Transparency / No Surprises

This feature is not changing for the current Affiliats model of data collection and all data collected is given voluntarily.


Principle: Real Choice

An affiliate can choose to terminate the relationship and thus data would no longer be collected.


Principle: Sensible Defaults

Only data neccessary to the operation of the system is being collected.


Principle: Limited Data

Only the minimum data as outlied by the Affiliates Agreement and Mozilla Privacy Policy is being gathered. Recommendations:

Follow-up Tasks and tracking

What Who Bug Details
[DONE] public comments open Curtisk 2014-04-07