On Tue, Apr 5, 2016 at 12:05 PM, Chris Hofmann <chofm...@mozilla.com> wrote: > Thie passage in https://www.mozilla.org/en-US/privacy/firefox-hello/ also > would lead me to believe that the contents of my communication with another > user (including shared URLs) are encrypted (and would be private). > > We've just invested heavily in making this point and trying to make that > association that encryption mean strong privacy and vice-versa. > https://blog.mozilla.org/blog/2016/03/30/everyday-internet-users-can-stand-up-for-encryption-heres-how/
As an outside lurker on dev-platform but a big fan of Mozilla's data stewardship folks, this is the core of the issue for me. WebRTC conversations should be assumed to be highly private and any exfiltration on the client without explicit opt-in is seems very dangerous. I'm not saying it should never be done but it should be very very important and done very very carefully. I don't get the sense that this data is that crucial to innovative Hello features. You could opt-in folks to the study just-in-time using tab sharing. I know that clobbers the UX but if it's that important I think you need to take that hit given the sensitivity of real-time comms. -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] e: j...@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
