On Tue, Aug 22, 2017 at 5:59 PM, dan.callahan--- via governance
<governance@lists.mozilla.org> wrote:
> Differential privacy is a great tool, however, I'm concerned that even if we
> do everything *technically* correctly to preserve user privacy, the *optics*
> associated with this sort of data collection were not address in this email.
>
> We attempted to do similarly with User Profile ("UP") / Directory Tiles
> projects in Content Services, which proposed completely local history
> analysis for purposes of advertising and content discovery. All of which was
> done in a way that absolutely protected user privacy (the analysis never left
> the local machine), but we weren't able to overcome the superficial
> impression that Firefox was tracking users.
I think Dan's point is super-important. Reputational damage will occur
if people *think* Mozilla performs a privacy violation even if the
technical implementation was carefully privacy-preserving.
It's difficult for me to imagine a scenario where the usefulness of
the results of the planned study could outweigh the risk of a meme of
Mozilla doing something privacy violating spreading around. That's
why, I think Mozilla should not gather opt-out telemetry that sends
information about the sites accessed in any manner (even if users
could deem it privacy-preserving after looking into the details of the
implementation; my concern is about the case when users form their
opinion without reading papers from arxiv, etc.).
As a Gecko developer, very much want to see feature usage data and,
while I haven't had the need yet, I can very well imagine needing
in-the-field performance metrics. I don't want users to opt out of or
not to opt into feature usage and performance telemetry because they
think that enabling it would send a list of the sites accessed to
Mozilla.
So I would like to ask that Mozilla categorically not gather telemetry
about sites accessed and *clearly say so* in order to maximize user
comfort with having feature usage and performance telemetry enabled.
Failing that, I would like to ask that feature usage and performance
metrics be behind a different checkbox than telemetry about sites
accessed and the latter be clearly opt-in. (And, yes, I realize that
having a different checkbox for the latter makes it look more
nefarious, because the distinct checkbox implies an admission that the
two are somehow of different impact.)
--
Henri Sivonen
hsivo...@hsivonen.fi
https://hsivonen.fi/
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
