canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Privacy/Reviews/ThunderbirdBigFiles: Difference between revisions
Privacy/Reviews/ThunderbirdBigFiles (view source)
Revision as of 15:53, 27 August 2012
, 27 August 2012no edit summary
No edit summary |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 12: | Line 12: | ||
|'''Security Contact:''' || Curtis Koenig | |'''Security Contact:''' || Curtis Koenig | ||
|- | |- | ||
|'''Document State:''' || <section begin='status'/>{{ | |'''Document State:''' || <section begin='status'/>{{done|}}<section end='status'/> | ||
|} | |} | ||
| Line 104: | Line 104: | ||
''Requirement:'' We will vet the privacy and security policies of the link-providers and provide in-product links to their privacy policies and terms of use. | ''Requirement:'' We will vet the privacy and security policies of the link-providers and provide in-product links to their privacy policies and terms of use. | ||
{{ResolutionBox|{{ | {{ResolutionBox|{{done|Link from here to screenshot or diff of in-product links to privacy policies and terms of use. See [[Media:Filelink_privacy_policy_links.png]]}}}} | ||
=== Eavesdropping === | === Eavesdropping === | ||
| Line 120: | Line 120: | ||
''Requirement:'' make sure it's reasonably hard to guess the download URLs. | ''Requirement:'' make sure it's reasonably hard to guess the download URLs. | ||
{{ResolutionBox|{{ | {{ResolutionBox|{{done|document how much entropy is in each download URL. Yousendit: 22 char hash of file contents. Ubuntu One: 22 char hash of file contents. Other providers?}}}} | ||
= Alignment with Privacy Operating Principles = | = Alignment with Privacy Operating Principles = | ||
| Line 138: | Line 138: | ||
''Recommendation'': Make it clear to users that uploaded files will be world-readable (to members of the world who know where to find it). | ''Recommendation'': Make it clear to users that uploaded files will be world-readable (to members of the world who know where to find it). | ||
{{ResolutionBox|{{ | {{ResolutionBox|{{done|Make it clear to users that uploaded files can be downloaded by anybody with the link or who can guess the link. Filed as {{bug|772072}}}}}}. | ||
====Principle: Real Choice==== | ====Principle: Real Choice==== | ||
| Line 154: | Line 154: | ||
To minimize potential for unnecessary use, we should increase the trigger size to be closer to the attachment limit for most SMTP servers. 5 MB is a common attachment limit for SMTP servers. | To minimize potential for unnecessary use, we should increase the trigger size to be closer to the attachment limit for most SMTP servers. 5 MB is a common attachment limit for SMTP servers. | ||
{{ResolutionBox|{{ | {{ResolutionBox|{{done|Increase trigger size from 1 MB to a larger value (5 MB). Filed as{{bug|772070}}}}. | ||
====Principle: Limited Data==== | ====Principle: Limited Data==== | ||
| Line 185: | Line 185: | ||
| 13-June-2012 | | 13-June-2012 | ||
|- | |- | ||
| {{ | | {{done|Increase trigger size for files}} | ||
| Mike Conley | | Mike Conley | ||
| [https://bugzilla.mozilla.org/show_bug.cgi?id=772070 Bug 772070] | | [https://bugzilla.mozilla.org/show_bug.cgi?id=772070 Bug 772070] | ||
| | | | ||
|- | |- | ||
| {{ | | {{done|Make it clear to users that uploaded files are world-readable}} | ||
| Mike Conley | | Mike Conley | ||
| [https://bugzilla.mozilla.org/show_bug.cgi?id=772072 Bug 772072] | | [https://bugzilla.mozilla.org/show_bug.cgi?id=772072 Bug 772072] | ||
| | | | ||
|- | |- | ||
| {{ | | {{done|Document (on this page) how much entropy is in each provider's download URLs}} | ||
| | | | ||
| | | | ||
| | | | ||
|- | |- | ||
| {{ | | {{done|Add link from this page to screenshot or diff of in-product links to providers' privacy policies.}} | ||
| | | | ||
| | | | ||