Privacy/Reviews/ThunderbirdBigFiles: Difference between revisions

← Older edit

Privacy/Reviews/ThunderbirdBigFiles (view source)

Revision as of 15:53, 27 August 2012

1,278 bytes added , 27 August 2012

no edit summary

Curtisk

canmove, Confirmed users, Bureaucrats and Sysops emeriti

2,776

edits

@@ Line 6: / Line 6: @@
 |'''Projected Feature Freeze Date:''' || <section begin='eta' />(tbd)<section end='eta' />
 |-
-|'''Product Champions:''' || (JB Piacentino)
+|'''Product Champions:''' || JB Piacentino
 |-
 |'''Privacy Champions:''' || David Dahl
@@ Line 12: / Line 12: @@
 |'''Security Contact:''' || Curtis Koenig
 |-
-|'''Document State:''' || <section begin='status'/>{{ok|public comment review}}<section end='status'/>
+|'''Document State:''' || <section begin='status'/>{{done|}}<section end='status'/>
 |}
@@ Line 104: / Line 104: @@
 ''Requirement:'' We will vet the privacy and security policies of the link-providers and provide in-product links to their privacy policies and terms of use.
-{{ResolutionBox|{{new|Link from here to screenshot or diff of in-product links to privacy policies and terms of use}}}}
+{{ResolutionBox|{{done|Link from here to screenshot or diff of in-product links to privacy policies and terms of use. See [[Media:Filelink_privacy_policy_links.png]]}}}}
 === Eavesdropping ===
@@ Line 112: / Line 112: @@
 ''Requirement:'' communication channels to and from the attachment storage providers must be available in and default to HTTPS.
-{{ResolutionBox|{{new|Ensure that upload and download streams are encrypted. }}}}
+{{ResolutionBox|{{resolved|Upload and download streams are encrypted. See: [http://mxr.mozilla.org/comm-central/source/mail/components/cloudfile/nsYouSendIt.js#18] [http://mxr.mozilla.org/comm-central/source/mail/components/cloudfile/nsDropbox.js#33] [http://mxr.mozilla.org/comm-central/source/mail/components/cloudfile/nsUbuntuOne.js#30].}}}}
+=== File Crawling ===
+''Risk:'' since the files are world-readable, it may be possible for an attacker to guess the download URL of a given file.
+''Requirement:'' make sure it's reasonably hard to guess the download URLs.
+{{ResolutionBox|{{done|document how much entropy is in each download URL.  Yousendit: 22 char hash of file contents. Ubuntu One: 22 char hash of file contents. Other providers?}}}}
 = Alignment with Privacy Operating Principles =
@@ Line 130: / Line 138: @@
 ''Recommendation'': Make it clear to users that uploaded files will be world-readable (to members of the world who know where to find it).
-{{ResolutionBox|{{new|Make it clear to users that uploaded files can be downloaded by anybody with the link or who can guess the link.}}}}
+{{ResolutionBox|{{done|Make it clear to users that uploaded files can be downloaded by anybody with the link or who can guess the link. Filed as {{bug|772072}}}}}}.
 ====Principle: Real Choice====
@@ Line 146: / Line 154: @@
 To minimize potential for unnecessary use, we should increase the trigger size to be closer to the attachment limit for most SMTP servers.  5 MB is a common attachment limit for SMTP servers.
-{{ResolutionBox|{{new|Increase trigger size from 1 MB to a larger value (5 MB)}}}}
+{{ResolutionBox|{{done|Increase trigger size from 1 MB to a larger value (5 MB). Filed as{{bug|772070}}}}.
 ====Principle: Limited Data====
@@ Line 172: / Line 180: @@
 | 31-May-2012
 |-
-| {{new|Public Review}}
+| {{done|Public Review}}
+| dev.planning
+|
+| 13-June-2012
+|-
+| {{done|Increase trigger size for files}}
+| Mike Conley
+| [https://bugzilla.mozilla.org/show_bug.cgi?id=772070 Bug 772070]
+|
+|-
+| {{done|Make it clear to users that uploaded files are world-readable}}
+| Mike Conley
+| [https://bugzilla.mozilla.org/show_bug.cgi?id=772072 Bug 772072]
+|
+|-
+| {{done|Document (on this page) how much entropy is in each provider's download URLs}}
+|
+|
+|
+|-
+| {{done|Add link from this page to screenshot or diff of in-product links to providers' privacy policies.}}
+|
+|
 |
-|
-| ?
 |}
 [[Category:Privacy/Reviews|ThunderbirdBigFiles]]