Privacy/Reviews/Necko: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "= Document Overview = {| |'''Feature/Product:''' || (feature or product name here) |- |'''Projected Feature Freeze Date:''' || <section begin='eta' />(tbd)<section end='eta' ...")
 
 
(17 intermediate revisions by 2 users not shown)
Line 2: Line 2:


{|
{|
|'''Feature/Product:''' || (feature or product name here)
|'''Feature/Product:''' || Necko Predictive Network Actions
|-
|-
|'''Projected Feature Freeze Date:''' || <section begin='eta' />(tbd)<section end='eta' />
|'''Projected Feature Freeze Date:''' || <section begin='eta' />(tbd)<section end='eta' />
|-
|-
|'''Product Champions:''' || (your name here)
|'''Product Champions:''' || Nick Hurley
|-
|-
|'''Privacy Champions:''' || (the privacy Friend you're working with)
|'''Privacy Champions:''' || Curtis Koenig
|-
|-
|'''Security Contact:''' || (the security Friend you're working with)
|'''Security Contact:''' || Frederik Braun
|-
|-
|'''Document State:''' || <section begin='status'/>{{new|}}<section end='status'/>
|'''Document State:''' || <section begin='status'/>{{done|[https://groups.google.com/forum/#!topic/mozilla.dev.planning/aiV8k4XqvJs Public Comments]}}<section end='status'/>
|}
|}


Line 19: Line 19:


{|
{|
|'''Architectural Overview:''' || (date TBD)
|'''Architectural Overview:''' || 2013.10.17
|-
|-
|'''Recommendation Meeting:''' || (date TBD)
|'''Recommendation Meeting:''' ||  
|-
|-
|'''Review Complete ETA:''' || <section begin='revieweta' />tbd<section end='revieweta' />
|'''Review Complete ETA:''' || <section begin='revieweta' />2013.11.05<section end='revieweta' />
|}
|}


Line 30: Line 30:
In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described.  
In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described.  


'''The main objective of this feature/product is:''' (describe the goals of the feature/product here)
'''The main objective of this feature/product is:'''
To improve page load time by performing overhead for connections (DNS lookup, TCP handshake, TLS handshake) before the connections are actually needed.


'''Design Documents''':  
'''Design Documents''':  
Link to any design or architectural documents here.
Link to any design or architectural documents here. (There are no design documents)


== Components  ==
== Components  ==


Describe any major components in the system and how they interact. Also include any third-party APIs (those Mozilla does not control) and what type of data is sent or received via those APIs.
The major component in this is the Seer, interface defined by nsINetworkSeer. This keeps track of URLs the user has visited, along with URLs that were loaded by the loading of the initial URL. For example, when the user visits http://example.com/index.html, we keep track of that, as well as the fact that visiting that URL also caused us to load http://images.example.com/image.jpg, http://styles.example.com/style.css, and http://scripts.example.com/jquery.js because those resources were included in index.html. Then, the next time the user visits http://example.com/index.html, we can set up connections to images.example.com, styles.example.com, and scripts.example.com, reducing the overhead on the page load.


=== Component X ===
The seer does not record any data, nor does it take any action, when in private browsing mode.
 
=== Seer ===


This component does A, B and C and interacts with component Y to do D.


The tables below simply summarize the data encountered by this component.  
The tables below simply summarize the data encountered by this component.  
Line 52: Line 54:
! Where
! Where
|-
|-
| data type
| history (with subresources)
| where stored
| sqlite database in the profile
|}
|}


'''Communication with Component Y'''  
'''Communication with Docshell'''  


{| class="wikitable"
{| class="wikitable"
Line 66: Line 68:
|-
|-
| ''In:''  
| ''In:''  
| message 1
| Redirect detected
| types of data received from component Y with the message
| Tells the seer that url1 redirected to url2
|  
|  
|-
|-
| ''Out:''  
| ''In:''  
| message 2
| Start predicting for a page load
| types of data sent to component Y with the message
| Tells the seer that url1 is being loaded, and it should start trying to predict for url1 if possible
|
|-
| ''In:''
| Start predicting for a link hover
| Tells the seer that url1 has been hovered over on a page at url2, and it should start trying to predict for url1 if possible
|  
|  
|}
|}


'''Communication with Script, Stylesheet, Font, and Image loaders'''
{| class="wikitable"
|-
! Direction
! Message
! Data
! Notes
|-
| ''In:''
| Loaded script from page
| Tells the seer that a script, stylesheet, font, or image at url2 was loaded because a page at url1 was loaded
|
|}
'''Communication with Firefox UI'''
{| class="wikitable"
|-
! Direction
! Message
! Data
! Notes
|-
| ''In:''
| Erase data
| Tells the seer to erase all its data because of Clear Private Data or Forget About Site
|
|}


= User Data Risk Minimization =
= User Data Risk Minimization =


In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.
In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.
* none raised


= Alignment with Privacy Operating Principles =
= Alignment with Privacy Operating Principles =
Line 88: Line 126:


====Principle: Transparency / No Surprises====
====Principle: Transparency / No Surprises====
(How the feature addresses this)  
* Only does pre-connect not prefetch
 
** does not pre-connect to https addresses
* no data is actually sent to the site until a user actively clicks a link
** DNS prefetch and TCP preconnect (which includes SSL handshake)
* honors settings in Private Browsing to erase data
''Recommendations'': (what can be improved)
''Recommendations'': (what can be improved)
 
* None


====Principle: Real Choice====
====Principle: Real Choice====
 
* users can disable the feature via about:config if they so choose
''Recommendations'':  
** network.seer.enabled
 
''Recommendations'':
* None


====Principle: Sensible Defaults====
====Principle: Sensible Defaults====
 
* defaults discussed above and are sensibly chosen
''Recommendations'':
''Recommendations'':
 
* None


====Principle: Limited Data====
====Principle: Limited Data====
 
* no data is collected that is outside normal browsing already and Private Browsing is respected
''Recommendations'':
''Recommendations'':
* None


= Follow-up Tasks and tracking =
= Follow-up Tasks and tracking =
Line 115: Line 158:
! Details
! Details
|-
|-
| {{new|Initial Overview Discussion}}
| {{done|Initial Overview Discussion}}
| ?
| Curtis Koenig, Nick Hurley
|
| 2013.10.11 15:51
|-
| {{new|public comment}}
| Curtis Koenig, Nick Hurley
|  
|  
| Meeting time TBD
| 2013.10.29 - 2013.11.05
|}
|}




[[Category:Privacy/Reviews|Template]]
[[Category:Privacy/Reviews|Template]]

Latest revision as of 21:40, 27 November 2013

Document Overview

Feature/Product: Necko Predictive Network Actions
Projected Feature Freeze Date: (tbd)
Product Champions: Nick Hurley
Privacy Champions: Curtis Koenig
Security Contact: Frederik Braun
Document State: [DONE] Public Comments


Timeline:

Architectural Overview: 2013.10.17
Recommendation Meeting:
Review Complete ETA: 2013.11.05

Architecture

In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described.

The main objective of this feature/product is: To improve page load time by performing overhead for connections (DNS lookup, TCP handshake, TLS handshake) before the connections are actually needed.

Design Documents: Link to any design or architectural documents here. (There are no design documents)

Components

The major component in this is the Seer, interface defined by nsINetworkSeer. This keeps track of URLs the user has visited, along with URLs that were loaded by the loading of the initial URL. For example, when the user visits http://example.com/index.html, we keep track of that, as well as the fact that visiting that URL also caused us to load image.jpg, http://styles.example.com/style.css, and http://scripts.example.com/jquery.js because those resources were included in index.html. Then, the next time the user visits http://example.com/index.html, we can set up connections to images.example.com, styles.example.com, and scripts.example.com, reducing the overhead on the page load.

The seer does not record any data, nor does it take any action, when in private browsing mode.

Seer

The tables below simply summarize the data encountered by this component.

Stored Data:

What Where
history (with subresources) sqlite database in the profile

Communication with Docshell

Direction Message Data Notes
In: Redirect detected Tells the seer that url1 redirected to url2
In: Start predicting for a page load Tells the seer that url1 is being loaded, and it should start trying to predict for url1 if possible
In: Start predicting for a link hover Tells the seer that url1 has been hovered over on a page at url2, and it should start trying to predict for url1 if possible

Communication with Script, Stylesheet, Font, and Image loaders

Direction Message Data Notes
In: Loaded script from page Tells the seer that a script, stylesheet, font, or image at url2 was loaded because a page at url1 was loaded

Communication with Firefox UI

Direction Message Data Notes
In: Erase data Tells the seer to erase all its data because of Clear Private Data or Forget About Site

User Data Risk Minimization

In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.

  • none raised

Alignment with Privacy Operating Principles

In this section, the privacy champion will identify how the feature lines up with Mozilla's privacy operating principles.

See Also: Privacy/Roadmap_2011#Operating_Principles:

Principle: Transparency / No Surprises

  • Only does pre-connect not prefetch
    • does not pre-connect to https addresses
  • no data is actually sent to the site until a user actively clicks a link
    • DNS prefetch and TCP preconnect (which includes SSL handshake)
  • honors settings in Private Browsing to erase data

Recommendations: (what can be improved)

  • None

Principle: Real Choice

  • users can disable the feature via about:config if they so choose
    • network.seer.enabled

Recommendations:

  • None

Principle: Sensible Defaults

  • defaults discussed above and are sensibly chosen

Recommendations:

  • None

Principle: Limited Data

  • no data is collected that is outside normal browsing already and Private Browsing is respected

Recommendations:

  • None

Follow-up Tasks and tracking

What Who Bug Details
[DONE] Initial Overview Discussion Curtis Koenig, Nick Hurley 2013.10.11 15:51
[NEW] public comment Curtis Koenig, Nick Hurley 2013.10.29 - 2013.11.05
Retrieved from "https://wiki.mozilla.org/index.php?title=Privacy/Reviews/Necko&oldid=775831"