Privacy/Reviews/Telemetry: Difference between revisions

Jump to navigation Jump to search

Privacy/Reviews/Telemetry (view source)

Revision as of 18:31, 18 May 2011

247 bytes removed ,  18 May 2011
→‎User Data Risk Minimization
Line 128: Line 128:


In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.
In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.
{{Message|This section is incomplete until data storage on the client and server in the above sections is completed, and the UI is documented for consideration in risks below.}}


=== Fingerprinting ===
=== Fingerprinting ===
Line 139: Line 137:
''Recommendation'': If possible, the SSL certificate fingerprint should be hard coded into the client and verified before transmitting data so the client can be sure the server where it is sending data is indeed the Telemetry server (and not an attacker intercepting traffic).
''Recommendation'': If possible, the SSL certificate fingerprint should be hard coded into the client and verified before transmitting data so the client can be sure the server where it is sending data is indeed the Telemetry server (and not an attacker intercepting traffic).


''Taras Says'': Once telemetry is deployed, we will be using ssl on the server. We set .mozBackgroundRequest on the XmlHttpRequest which makes it fail if the ssl certificate is invalid.
{{ResolutionBox|{{resolved|Required action completed, SSL used on server and invalid certificates cause connection to drop. Recommended fingerprint-hardcoding not implemented.}} }}
 
{{ResolutionBox|{{risk|Not Resolved. (not yet discussed)}} }}


= Conformity to Private Browsing Mode =
= Conformity to Private Browsing Mode =
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/310241"

Navigation menu