privacy reviews: call for comments

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

privacy reviews: call for comments

Sid Stamm-2
Hi All,

To follow up from the thread about changing the underlying storage
mechanisms on Android, I'll begin posting messages to dev.planning when
privacy reviews happen.

Two reviews are open and I'd like your feedback on any risks missing from
the reviews or questions that you may have.  I plan to leave these both
open for a week (until 12/14), then discuss any recommendations with the
engineering teams.  The two reviews are:

Firefox Mobile (birch) Android System Storage (this is what has recently
been debated here in planning)
https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage

Thunderbird Account Provisioner
https://wiki.mozilla.org/Privacy/Reviews/AccountProvisioner

Cheers,
Sid
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Henri Sivonen
On Thu, Dec 8, 2011 at 12:47 AM, Sid Stamm <[hidden email]> wrote:
> Firefox Mobile (birch) Android System Storage (this is what has recently
> been debated here in planning)
> https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage

"Recommendation: Provide an option to store data separate from the
globally accessed store. When enabled, this feature would not use the
global system services to store history, bookmarks, and passwords but
instead hide them from the rest of the phone and discourage cross-app
data sharing on the device. Consider this separate data store as the
default storage for Firefox for Android and have users opt in to using
system storage."

I very happy to see this recommendation (and work on the corresponding
bug). Thanks.

In that light, this is a bit odd:

"Recommendation: Migration should not happen automatically. Updating
to the new version of Firefox should create a clean profile. Consider
offering users a way to pull in their data from Sync, giving
information about the potential side-effects of doing this in whatever
disclosure explains how to do it."

Wouldn't it make sense to automatically migrate user data to the
Firefox-specific non-global storage now that it seems to be coming to
existence? (I agree data shouldn't be automatically migrated to the
system-global storage.)

--
Henri Sivonen
[hidden email]
http://hsivonen.iki.fi/
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Marco Bonardo-2
In reply to this post by Sid Stamm-2
On 09/12/2011 16:43, Henri Sivonen wrote:
> Wouldn't it make sense to automatically migrate user data to the
> Firefox-specific non-global storage now that it seems to be coming to
> existence? (I agree data shouldn't be automatically migrated to the
> system-global storage.)

At this point, I'm honestly still missing why Mobile didn't keep using
Places and write a simple Sync engine to copy data to the system global
storage, on user's request (as simple as adding a checkbox to Sync
preferences). I feel like would have been much cheaper than rewriting
another local storage and switching the engine on the fly.
-m
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Ian Melven
In reply to this post by Henri Sivonen

Hi,

the two recommendations are independent of each other.

the intent was to recommend that data not be migrated automatically to the system
storage - I agree that auto-migrating data from XUL Fennec's application specific store to the native Fennec application
specific store would definitely be useful for users.

please see https://bugzilla.mozilla.org/show_bug.cgi?id=704490 "Bug 704490 - Add support for using local DBs for Bookmarks and History"
also (which is RESOLVED FIXED currently)

thanks !
ian

----- Original Message -----
From: Henri Sivonen <[hidden email]>
To: [hidden email]
Sent: Fri, 09 Dec 2011 07:43:52 -0800 (PST)
Subject: Re: privacy reviews: call for comments

On Thu, Dec 8, 2011 at 12:47 AM, Sid Stamm <[hidden email]> wrote:
> Firefox Mobile (birch) Android System Storage (this is what has recently
> been debated here in planning)
> https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage

"Recommendation: Provide an option to store data separate from the
globally accessed store. When enabled, this feature would not use the
global system services to store history, bookmarks, and passwords but
instead hide them from the rest of the phone and discourage cross-app
data sharing on the device. Consider this separate data store as the
default storage for Firefox for Android and have users opt in to using
system storage."

I very happy to see this recommendation (and work on the corresponding
bug). Thanks.

In that light, this is a bit odd:

"Recommendation: Migration should not happen automatically. Updating
to the new version of Firefox should create a clean profile. Consider
offering users a way to pull in their data from Sync, giving
information about the potential side-effects of doing this in whatever
disclosure explains how to do it."

Wouldn't it make sense to automatically migrate user data to the
Firefox-specific non-global storage now that it seems to be coming to
existence? (I agree data shouldn't be automatically migrated to the
system-global storage.)

--
Henri Sivonen
[hidden email]
http://hsivonen.iki.fi/
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning

_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Mike Connor-4
In reply to this post by Marco Bonardo-2

On 2011-12-09, at 11:11 AM, Marco Bonardo <[hidden email]> wrote:

> At this point, I'm honestly still missing why Mobile didn't keep using Places and write a simple Sync engine to copy data to the system global storage, on user's request (as simple as adding a checkbox to Sync preferences). I feel like would have been much cheaper than rewriting another local storage and switching the engine on the fly.

There are certain advantages for the current solution, not least of which is that Sync will be able to run as a completely different process, even if Gecko isn't running, which will yield major performance and UX improvements.  That, to me, is a huge factor against just using Places.

- Mike
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Doug Turner-2
In reply to this post by Marco Bonardo-2

On Dec 9, 2011, at 8:09 AM, Marco Bonardo wrote:

> On 09/12/2011 16:43, Henri Sivonen wrote:
>> Wouldn't it make sense to automatically migrate user data to the
>> Firefox-specific non-global storage now that it seems to be coming to
>> existence? (I agree data shouldn't be automatically migrated to the
>> system-global storage.)
>
> At this point, I'm honestly still missing why Mobile didn't keep using Places and write a simple Sync engine to copy data to the system global storage, on user's request (as simple as adding a checkbox to Sync preferences). I feel like would have been much cheaper than rewriting another local storage and switching the engine on the fly.
> -m

Marco, I am pretty sure we have explained it in many times in many different forums.  I am also sure that this thread is not the right place for this.

Doug
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Marco Bonardo-2
In reply to this post by Marco Bonardo-2
On 09/12/2011 17:25, Mike Connor wrote:
> There are certain advantages for the current solution, not least of which is that Sync will be able to run as a completely different process, even if Gecko isn't running, which will yield major performance and UX improvements.  That, to me, is a huge factor against just using Places.

Why can Sync access the system database but not places.sqlite? The
system SQLite version (afaict only ICS has a decent SQLite version)?
-m
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Marco Bonardo-2
In reply to this post by Marco Bonardo-2
On 09/12/2011 17:26, Doug Turner wrote:
> Marco, I am pretty sure we have explained it in many times in many different forums.  I am also sure that this thread is not the right place for this.
>
> Doug

Sorry, it's hard to follow all the recent changes and decisions, there
are just too many and not a good place collecting all of those. So the
fact we were now going back and storing again data in a local rewritten
database for privacy reasons was a bit surprising. I replied here just
because that decision is pretty much related to privacy and data
migration. Btw, will keep the discussion elsewhere if that's the idea.
-m
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Doug Turner-2
> Sorry, it's hard to follow all the recent changes and decisions,

Yes, we are moving fast, and if you aren't actively working on Mobile
you will miss things.  HG commits, bugs and some wikis notes are
probably the only way to track our progress.

> local rewritten database for privacy reasons was a bit surprising

I am not sure that it was only privacy.  It sounded like each global
database had its own schema that we'd have to support.  On the short
timeframe, it would be easier to build out only the local store.


On Fri, Dec 9, 2011 at 8:32 AM, Marco Bonardo <[hidden email]> wrote:

> On 09/12/2011 17:26, Doug Turner wrote:
>>
>> Marco, I am pretty sure we have explained it in many times in many
>> different forums.  I am also sure that this thread is not the right place
>> for this.
>>
>> Doug
>
>
> Sorry, it's hard to follow all the recent changes and decisions, there are
> just too many and not a good place collecting all of those. So the fact we
> were now going back and storing again data in a local rewritten database for
> privacy reasons was a bit surprising. I replied here just because that
> decision is pretty much related to privacy and data migration. Btw, will
> keep the discussion elsewhere if that's the idea.
>
> -m
> _______________________________________________
> dev-planning mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-planning
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Lawrence-36
In reply to this post by Sid Stamm-2
On Dec 7, 5:47 pm, Sid Stamm <[hidden email]> wrote:
> Firefox Mobile (birch) Android System Storage (this is what has recently
> been debated here in planning)https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage

I think the scope of the Unintended Dissemination of User Data section
needs to be expanded. As any app can access the system store it is
reasonable to think that another provider may create a sync style
service that pulls data from the system store and publishes it to an
external service. In this case the potential exposure is not only to
Google's service but to any 3rd party services that behave in the same
way.

Lawrence
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning
Reply | Threaded
Open this post in threaded view
|

Re: privacy reviews: call for comments

Sid Stamm-2
In reply to this post by Sid Stamm-2
On Wed, 07 Dec 2011 16:47:20 -0600, Sid Stamm wrote:
> Firefox Mobile (birch) Android System Storage (this is what has recently
> been debated here in planning)
> https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage
>
> Thunderbird Account Provisioner
> https://wiki.mozilla.org/Privacy/Reviews/AccountProvisioner

Thanks all for the feedback on these two items.  I'll be forwarding the
group's comments to the Mobile and Thunderbird teams.  Action items will
be posted in the review wiki pages.  If there is any disagreement in
whether or not to proceed with the recommendations, I will schedule a
discussion and invite you all.

Regards,
Sid
_______________________________________________
dev-planning mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-planning