canmove, Confirmed users
1,537
edits
Privacy/Reviews/Telemetry: Difference between revisions
Jump to navigation
Jump to search
→Conformity to Private Browsing Mode: update to include persisting data to disk
(→Conformity to Private Browsing Mode: update to include persisting data to disk) |
|||
| Line 144: | Line 144: | ||
= Conformity to Private Browsing Mode = | = Conformity to Private Browsing Mode = | ||
Private browsing is intended to protect from someone who has local access to the browser from knowing what you did in private browsing mode. Since Telemetry collects data that is ultimately affected by how the user browses the web, any data collected should not be retained persistently through private browsing mode. | Private browsing is intended to protect from someone who has local access to the browser from knowing what you did in private browsing mode. Since Telemetry collects data that is ultimately affected by how the user browses the web, any data collected should not be retained persistently through private browsing mode. | ||
Some measurements need to be persisted to disk because they are only available during shutdown (e.g., measuring how long it takes to shut down plugins). Any measurements taken between ping and shutdown are persisted to disk upon application shutdown. Telemetry ping code checks for stored data when sending it to the server, then after successfully sending it the data is erased and the telemetry "state" is reset. From [https://bugzilla.mozilla.org/show_bug.cgi?id=707320#c2 Bug 707320 comment 2]: | |||
a) if there is no serialized telemetry data, send a ping same as we do now | |||
b) if there is serialized data: | |||
b1) send serialized data | |||
b2) reset UID, wipe all histograms | |||
''Recommendations:'' | ''Recommendations:'' | ||
Telemetry should be disabled in private browsing mode. If nothing else, | Telemetry should be disabled in private browsing mode. If nothing else, new measurements must not be stored on disk or other non-volatile storage devices while the client is in private browsing mode. Any measurements taken during private mode should be erased from memory when private mode is exited. | ||
{{ResolutionBox|{{resolved|Telemetry data always kept only in volatile memory. Telemetry collection and reporting is | {{ResolutionBox|{{resolved|Telemetry data always kept only in volatile memory or temporarily persisted to disk (see above). Telemetry collection and reporting is entirely suspended when private mode is entered, and resumed on private mode exit. See {{bug|661573}}}}}} | ||
= Alignment with Privacy Operating Principles = | = Alignment with Privacy Operating Principles = | ||