I made a thoughtful comment and it was rejected with a response that I need to show I'm familiar with Differential Privacy and RAPPOR before commenting. I'll do that before my actual comment.
I'm a computer scientist working in an adjacent field and I've read enough papers on Differential Privacy to understand it. The objection is not to DP's privacy guarantees, but to the fact that FF will phone home with every website we visit. A neat list of all the websites I visit will be sent to a central location, in chronological order. A second objection is the users' response, regardless of guarantees. You can't explain DP to everyone. For many users it will amount to "trust us". Microsoft did the same with the Windows 10 telemetry and it resulted in enormous backlash from users, widely reported in tech websites. Consider that before committing. --- What follows was my actual suggestion, which is orthogonal to DP. The example questions can be answered with no need for the bulk telemetry that's proposed: > "Which top sites are users visiting?" There's enough public data available on what sites are most popular. No need for yet another database on that. > "Which sites using Flash does a user encounter?" Mozilla can crawl this information itself, based on the above websites list. It doesn't need to ask users to do it. > "Which sites does a user see heavy Jank on?" Slowdowns and similar bad user experiences would better be treated like crash reports. Offering to send anonymous info on one of these events, through a popup or dropdown hanger (similar to the password manager, security certificates, etc), would fulfill the same objective. A user is inclined to help when his/her favorite website suddenly starts slowing down, or throwing errors. At this point it's also easy to check a box to "always do this from now on". Rather than authorizing abstract, bulk usage, the user would see the value in sending a report about the current issue, because he/she is experiencing it and wants Mozilla to fix it. I'm sure there would be more reports in this manner, just like there are more than enough crash reports being sent. --- In conclusion, no telemetry is one of the main reasons for adopting FF over Chrome. Without dismissing the developers' point of view, given the importance of this feature, the onus should be on them to show that the alternatives have been explored and are not feasible, rather than putting the onus on users to show holes in the DP scheme, which is too restrictive for a discussion. _______________________________________________ governance mailing list governance@lists.mozilla.org https://lists.mozilla.org/listinfo/governance
