privacy reviews: call for comments

[Sid Stamm]

Hi All,

To follow up from the thread about changing the underlying storage
mechanisms on Android, I'll begin posting messages to dev.planning when
privacy reviews happen.

Two reviews are open and I'd like your feedback on any risks missing from
the reviews or questions that you may have. I plan to leave these both
open for a week (until 12/14), then discuss any recommendations with the
engineering teams. The two reviews are:

Firefox Mobile (birch) Android System Storage (this is what has recently
been debated here in planning)
https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage

Thunderbird Account Provisioner
https://wiki.mozilla.org/Privacy/Reviews/AccountProvisioner

Cheers,
Sid

[Henri Sivonen]

On Thu, Dec 8, 2011 at 12:47 AM, Sid Stamm <s...@mozilla.com> wrote:
> Firefox Mobile (birch) Android System Storage (this is what has recently
> been debated here in planning)
> https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage

"Recommendation: Provide an option to store data separate from the
globally accessed store. When enabled, this feature would not use the
global system services to store history, bookmarks, and passwords but
instead hide them from the rest of the phone and discourage cross-app
data sharing on the device. Consider this separate data store as the
default storage for Firefox for Android and have users opt in to using
system storage."

I very happy to see this recommendation (and work on the corresponding
bug). Thanks.

In that light, this is a bit odd:

"Recommendation: Migration should not happen automatically. Updating
to the new version of Firefox should create a clean profile. Consider
offering users a way to pull in their data from Sync, giving
information about the potential side-effects of doing this in whatever
disclosure explains how to do it."

Wouldn't it make sense to automatically migrate user data to the
Firefox-specific non-global storage now that it seems to be coming to
existence? (I agree data shouldn't be automatically migrated to the
system-global storage.)

--
Henri Sivonen
hsiv...@iki.fi
http://hsivonen.iki.fi/

[Marco Bonardo]

On 09/12/2011 16:43, Henri Sivonen wrote:
> Wouldn't it make sense to automatically migrate user data to the
> Firefox-specific non-global storage now that it seems to be coming to
> existence? (I agree data shouldn't be automatically migrated to the
> system-global storage.)

At this point, I'm honestly still missing why Mobile didn't keep using
Places and write a simple Sync engine to copy data to the system global
storage, on user's request (as simple as adding a checkbox to Sync
preferences). I feel like would have been much cheaper than rewriting
another local storage and switching the engine on the fly.
-m

[Ian Melven]

Hi,

the two recommendations are independent of each other.

the intent was to recommend that data not be migrated automatically to the system
storage - I agree that auto-migrating data from XUL Fennec's application specific store to the native Fennec application
specific store would definitely be useful for users.

please see https://bugzilla.mozilla.org/show_bug.cgi?id=704490 "Bug 704490 - Add support for using local DBs for Bookmarks and History"
also (which is RESOLVED FIXED currently)

thanks !
ian

----- Original Message -----
From: Henri Sivonen <hsiv...@iki.fi>
To: dev-pl...@lists.mozilla.org
Sent: Fri, 09 Dec 2011 07:43:52 -0800 (PST)
Subject: Re: privacy reviews: call for comments

On Thu, Dec 8, 2011 at 12:47 AM, Sid Stamm <s...@mozilla.com> wrote:
> Firefox Mobile (birch) Android System Storage (this is what has recently
> been debated here in planning)
> https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage

"Recommendation: Provide an option to store data separate from the
globally accessed store. When enabled, this feature would not use the
global system services to store history, bookmarks, and passwords but
instead hide them from the rest of the phone and discourage cross-app
data sharing on the device. Consider this separate data store as the
default storage for Firefox for Android and have users opt in to using
system storage."

I very happy to see this recommendation (and work on the corresponding
bug). Thanks.

In that light, this is a bit odd:

"Recommendation: Migration should not happen automatically. Updating
to the new version of Firefox should create a clean profile. Consider
offering users a way to pull in their data from Sync, giving
information about the potential side-effects of doing this in whatever
disclosure explains how to do it."

Wouldn't it make sense to automatically migrate user data to the
Firefox-specific non-global storage now that it seems to be coming to
existence? (I agree data shouldn't be automatically migrated to the
system-global storage.)

--
Henri Sivonen
hsiv...@iki.fi
http://hsivonen.iki.fi/

_______________________________________________
dev-planning mailing list
dev-pl...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-planning

[Mike Connor]

On 2011-12-09, at 11:11 AM, Marco Bonardo <ma...@supereva.it> wrote:

> At this point, I'm honestly still missing why Mobile didn't keep using Places and write a simple Sync engine to copy data to the system global storage, on user's request (as simple as adding a checkbox to Sync preferences). I feel like would have been much cheaper than rewriting another local storage and switching the engine on the fly.

There are certain advantages for the current solution, not least of which is that Sync will be able to run as a completely different process, even if Gecko isn't running, which will yield major performance and UX improvements. That, to me, is a huge factor against just using Places.

- Mike

[Doug Turner]

Marco, I am pretty sure we have explained it in many times in many different forums. I am also sure that this thread is not the right place for this.

Doug

[Marco Bonardo]

On 09/12/2011 17:25, Mike Connor wrote:
> There are certain advantages for the current solution, not least of which is that Sync will be able to run as a completely different process, even if Gecko isn't running, which will yield major performance and UX improvements. That, to me, is a huge factor against just using Places.

Why can Sync access the system database but not places.sqlite? The
system SQLite version (afaict only ICS has a decent SQLite version)?
-m

[Marco Bonardo]

On 09/12/2011 17:26, Doug Turner wrote:
> Marco, I am pretty sure we have explained it in many times in many different forums. I am also sure that this thread is not the right place for this.
>
> Doug

Sorry, it's hard to follow all the recent changes and decisions, there
are just too many and not a good place collecting all of those. So the
fact we were now going back and storing again data in a local rewritten
database for privacy reasons was a bit surprising. I replied here just
because that decision is pretty much related to privacy and data
migration. Btw, will keep the discussion elsewhere if that's the idea.
-m

[Doug Turner]

> Sorry, it's hard to follow all the recent changes and decisions,

Yes, we are moving fast, and if you aren't actively working on Mobile
you will miss things. HG commits, bugs and some wikis notes are
probably the only way to track our progress.

> local rewritten database for privacy reasons was a bit surprising

I am not sure that it was only privacy. It sounded like each global
database had its own schema that we'd have to support. On the short
timeframe, it would be easier to build out only the local store.

[Lawrence]

On Dec 7, 5:47 pm, Sid Stamm <s...@mozilla.com> wrote:
> Firefox Mobile (birch) Android System Storage (this is what has recently
> been debated here in planning)https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage

I think the scope of the Unintended Dissemination of User Data section
needs to be expanded. As any app can access the system store it is
reasonable to think that another provider may create a sync style
service that pulls data from the system store and publishes it to an
external service. In this case the potential exposure is not only to
Google's service but to any 3rd party services that behave in the same
way.

Lawrence

[Sid Stamm]

On Wed, 07 Dec 2011 16:47:20 -0600, Sid Stamm wrote:
> Firefox Mobile (birch) Android System Storage (this is what has recently
> been debated here in planning)
> https://wiki.mozilla.org/Privacy/Reviews/AndroidSystemStorage
>
> Thunderbird Account Provisioner
> https://wiki.mozilla.org/Privacy/Reviews/AccountProvisioner

Thanks all for the feedback on these two items. I'll be forwarding the
group's comments to the Mobile and Thunderbird teams. Action items will
be posted in the review wiki pages. If there is any disagreement in
whether or not to proceed with the recommendations, I will schedule a
discussion and invite you all.

Regards,
Sid