Changes

Jump to: navigation, search

Firefox/Data Collection

1,829 bytes added, 16:32, 13 July 2016
Common pitfalls and questions.
Some data is collected as correlations: for example, we collect information about user operating system and version, and about user addon and addon versions, so that we can correlate and monitor crash rates and other error metrics against these groupings.
'''It is not sufficient that collecting data benefits Mozilla (the company/project). It is necessary that we can map collected data to benefits for either individual Firefox users or Firefox users as a group.'' == Requesting Approval == It is our intention to review every new data collection within Firefox, but to do so quickly and with minimal overhead. For every new measurement, even a simple new Telemetry probe, please request approval by setting the feedback flag for the data collection module owner or a peer. Simple requests should be handled within a day. More complex requests, and especially requests which add a new kind of data collection mechanism or require changes to the privacy notice, will require more extensive review. Please consider pinging the team about these as they are being designed! Additional discussions/review may include: * Privacy analysis: This may involve requesting feedback from the mozilla.dev.privacy mailing list and/or privacy experts within and outside of Mozilla to discuss the feature and its privacy impact.* Data compliance review: a review with the Mozilla data compliance team to ensure that changes match the Mozilla data compliance policies and documents.* Legal review: If necessary, the module owner will request a legal review from Mozilla's legal team. A legal review will be necessary for any changes to the privacy policies/notices.* Data quality/statistical review: In cases where data analysis and quality is uncertain, the module owner will request additional feedback from the Mozilla metrics team and other experts to validate data analysis plans.* UX review: We may request/require feedback from the Firefox UX team on any proposed privacy/data-control UI. == Common Problems == '''histogram descriptions''' * Histogram descriptions should record *what* is being collected, in detail.* It is important to say *when* a value is recorded, because this is often a confusing point when constructing analysis.* Include units: for example, indicate whether a time duration is measured in seconds, milliseconds, or microseconds.* When counting, be sure to indicate how repeat usage works. for example when counting decoding errors, are multiple issues counted for the same video, or only the first one? '''enumerated histograms''' Enumerated histograms should either list all the possible enumeration values in the histogram description, or reference a declared enumeration in the tree by name. '''keyed histograms''' Keyed histograms contain arbitrary strings in the key, so they get extra attention. Please be careful of: * Don't use a keyed histogram if you don't need it! Many times a simpler format such as a count or enumeration histogram can solve the same problem.* The key should not contain user-input data, or other data that can be used to identify particular users.* In general, keys should be a limited set of values. If you expect more than tens of values, the default aggregations for this histogram will blow up. If this is still required, you should file a bug to have the default aggregations disabled.* The histogram description should describe exactly what the key contains, and the format. '''JS exceptions''' It is a common request to record information about JS exceptions in certain context. In the general case, it is very difficult to prove that this information cannot contain personal data. If you have specific types of errors which are thrown at known locations, you can record information about those. This is an important but unsolved problem.
== Data Collection Properties ==
* Does this data collection represent any unusual privacy or legal risk to users or Mozilla?
== Requesting Approval ==
 
It is our intention to review every new data collection within Firefox, but to do so quickly and with minimal overhead. For every new measurement, even a simple new Telemetry probe, please request approval by setting the feedback flag for the data collection module owner or a peer. Simple requests should be handled within a day.
 
More complex requests, and especially requests which add a new kind of data collection mechanism or require changes to the privacy notice, will require more extensive review. Please consider pinging the team about these as they are being designed! Additional discussions/review may include:
* Privacy analysis: This may involve requesting feedback from the mozilla.dev.privacy mailing list and/or privacy experts within and outside of Mozilla to discuss the feature and its privacy impact.
* Data compliance review: a review with the Mozilla data compliance team to ensure that changes match the Mozilla data compliance policies and documents.
* Legal review: If necessary, the module owner will request a legal review from Mozilla's legal team. A legal review will be necessary for any changes to the privacy policies/notices.
* Data quality/statistical review: In cases where data analysis and quality is uncertain, the module owner will request additional feedback from the Mozilla metrics team and other experts to validate data analysis plans.
* UX review: We may request/require feedback from the Firefox UX team on any proposed privacy/data-control UI.
== Other Practices ==
Confirm, emeritus
1,217
edits

Navigation menu