Candidate revisions to Mozilla’s web site privacy policy
Basil Hashem
grown to be some of the top visited properties on the planet, we have
maxed out the capabilities of our current web analytics solution. We
needed to shift to a world-class, scalable option that has active
development and innovative reporting and analytics. The new solution
will help us better understand what our users are doing on our
websites so that we can continuously improve their user experience.
Mozilla has selected Omniture (http://www.omniture.com) and Google
Analytics (http://www.google.com/analytics) as additional web
analytics solutions. The major difference between what Mozilla has
today and these third-party solutions is that Omniture and Google
Analytics are hosted web site services. In order to accommodate, we
need to make some changes to our current website privacy policy,
provide opt-out procedures and affect a minor change for SUMO's Live
Chat feature (http://support.mozilla.com/).
Below are the proposed changes to the mozilla.com privacy policy.
* Redlined markup of proposed changes (Adobe Acrobat format)
http://people.mozilla.com/~basil/privacy/RedlinePrivacyFeb08.pdf
* Candidate new web site privacy policy & hosts file opt-out
instructions
http://people.mozilla.com/~basil/privacy/LOCAL-privacy-policy.html
* Current web site privacy policy
http://www.mozilla.com/en-US/privacy-policy.html
Note that this policy change is only in effect for mozilla.com and
associated web properties and does not change the existing Firefox
privacy policy.
http://www.mozilla.com/en-US/legal/privacy/firefox-en.html
We encourage any questions, discussions and followups to the
mozilla.governance mailing list and newsgroup.
Thanks.
Axel Hecht
have to bite that bullet. Detailed comments, one per paragraph:
I'm not so happy that the analytics partner can use our data to enhance
their service. In particular as I read that our data on their servers is
much more personalized than what we get from them (which is OK). I would
expect that users with privacy concerns would find this item to be most
worrysome.
I wouldn't call the steps to prevent our analysis an "opt-out" policy.
That might be true for the Omniture part, but disabling js is not
opt-out, IMHO. Neither is hacking a hosts file or installing add-ons. We
should word that more carefully, it's likely enough to just not call
that paragraph "Opt-out Policy" but something more fuzzy.
I'm not sure how the "Protection of Certain Personally-Identifying
Information" relates to the "we may make data available publically". I
guess it's that we're feeding the publically available data through a
process that makes that personally unidentifiable, but that could be
clearer from the wording.
HTH
Axel
Ben Bucksch
> needed to shift to a world-class, scalable option that has active
> development and innovative reporting and analytics.
Why can't you use one that can be installed on your servers, instead of
relying on third parties? Aren't there open-source solutions that
analyse access.log, are an apache module etc.?
> Mozilla has selected Omniture (http://www.omniture.com) and Google
> Analytics (http://www.google.com/analytics)
I don't know Omniture, but I object to Google. Google is known to
data-mine information about users, specifically trying follow users
across the internet and use the data for purposes Google won't disclose.
This has no place in an open-source project.
> and Clear GIFs
There was a time in the Mozilla project when we considered 1-pixel-GIFs
evil. When even the *press* did so, dubbing them "Web bugs". [1]
[1] Just a few from CNET:
http://www.news.com/AOL-clears-path-to-use-Web-bugs%252C-cookies/2100-1023_3-274011.html?tag=item
http://www.news.com/Web-bug-swarm-grows-500-percent/2100-1023_3-271605.html?tag=item
http://www.news.com/Congress-hands-caught-in-the-cookie-jar/2100-1028_3-6020711.html?tag=item
---
Concrete policy text:
> Mozilla's Web sites _and advertisements_ (inserted) use cookies and
> clear gifs to help Mozilla identify and track
Wait-a-sec. Advertizements?
> provide opt-out procedures
"Disable JavaScript and cookies. This may prevent Mozilla's Web sites
from functioning properly." adds insult to injury.
"modify your /etc/hosts/' or 'install ad-blocker' is hardly an opt-out
procedure. Esp. given that Google does not stick to *.google.com, but
keeps adding and using domains like google-analytics.com,
.googlesyndication.com and co., I cannot really be sure I'm not tracked
by Google when I disable certain domains.
The FTC got active on web bugs and mandated DoubleClick (now Google) to
introduce an opt-out solution that sets a cookie which disables tracking
for *all* of DoubleClick. [2]
[2]
http://www.news.com/DoubleClick-climbs-after-privacy-probe-ends/2100-1023_3-251364.html?tag=item
> Cookies cannot be used by themselves to identify you.
ID is an abbreviation for identification, and a cookie is an ID for me.
A cookie allows to follow a specific user, that's identification, even
if there's no real-world name attached to it.
Thus, this sentence is false, please remove it.
> Mozilla analyze this data. Mozilla's third party service providers have
> entered into a written agreement with Mozilla not to use the
> information for
> purposes other than to enhance and maintain their service.
"enhance and maintains their service" is interpreted by those having to
obey to it to include everything their business includes. It does not
restrict at all. It's a common deception in privacy statements, please
don't include it in the Mozilla project.
---
Please use a solution which keeps all the data in-house. It may not be
perfect, but at least keeps the user's privacy, and that's worth as much
as clickstream optimization.
Thanks,
Ben
Sergey Yanovich
I support all of the above.
Advertisement-related passages are most worrying. Is Mozilla going to
cash in on public interest, its products have raised, at the expense of
those who is interested?
Even Microsoft, which is a commonly referred-to evil in open-source,
doesn't display ads on MSDN.
> Please use a solution which keeps all the data in-house. It may not be
> perfect, but at least keeps the user's privacy, and that's worth as much
> as clickstream optimization.
Unless the above question has a positive answer, this is The Right Thing.
Just my $.02
--
Sergey Yanovich
Nelson Bolyard
> Mozilla has selected Omniture (http://www.omniture.com) and Google
> Analytics (http://www.google.com/analytics) as additional web
> analytics solutions.
For quite a long time, my /etc/hosts file has included these lines:
127.0.0.1 omnituretrack.local.com
127.0.0.1 omniture.112.2o7.net
127.0.0.1 omniturecom.112.2o7.net
127.0.0.1 omniturebanners.112.2o7.net
127.0.0.1 stats.esomniture.com
127.0.0.1 www.omniture.com
127.0.0.1 ssl.google-analytics.com
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com
Today, with sadness, I added
127.0.0.1 ostats.mozilla.com
127.0.0.1 mozilla.com.112.2o7.net
as suggested on the page
http://people.mozilla.com/~basil/privacy/LOCAL-optout-hostsfile.html
<heavy sigh />
Thanks for the heads up, Basil.
dolphinling
> As mozilla.com (and our 20+ other sites such as AMO, MDC, etc...) have
> grown to be some of the top visited properties on the planet, we have
> maxed out the capabilities of our current web analytics solution. We
> needed to shift to a world-class, scalable option that has active
> development and innovative reporting and analytics. The new solution
> will help us better understand what our users are doing on our websites
> so that we can continuously improve their user experience.
>
> Mozilla has selected Omniture (http://www.omniture.com) and Google
> Analytics (http://www.google.com/analytics) as additional web analytics
> solutions.
I don't see how we can get more information from a 3rd-party solution than one
using all the data that can be collected in-house. Can we hear what information
exactly wasn't being collected previously that is with the 3rd-party tracking?
Or, as may be the case, what data analysis wasn't being done that is now?
--
dolphinling
<http://dolphinling.net/>
Robert Accettura
http://www.omniture.com/privacy/2o7#optout
Basically it sets a cookie (ironic right) that will be honored on all sites
that use Omniture, which is many of the Fortune 500's. Obviously if you
clear your cookies, use another computer or browser, you'll need to do this
more than once.
--
Robert Accettura
rob...@accettura.com
Peter Weilbacher
> * Redlined markup of proposed changes (Adobe Acrobat format)
> http://people.mozilla.com/~basil/privacy/RedlinePrivacyFeb08.pdf
>
> * Candidate new web site privacy policy & hosts file opt-out
> instructions
> http://people.mozilla.com/~basil/privacy/LOCAL-privacy-policy.html
It's really a shame to have to follow these suggestions. I see the
same problems that others already listed. The most important thing
you should explain is indeed why this can't be done in-house.
> * Current web site privacy policy
> http://www.mozilla.com/en-US/privacy-policy.html
I'm actually surprised to see "Mozilla may share potentially
personally-identifying information with its employees, contractors
and affiliated organizations" already in that old policy. This is
much too broad, as a visitor I can't really tell where my data may
end up.
> Note that this policy change is only in effect for mozilla.com and
> associated web properties and does not change the existing Firefox
> privacy policy.
> http://www.mozilla.com/en-US/legal/privacy/firefox-en.html
What are the associated web properties? Can you clearly say on which
servers this will come into effect? Like, are you planning to give
data from e.g. addons.mozilla.org, www.mozilla.org, and
developer.mozilla.org to those external companies, too?
Peter.
Basil Hashem
Just so that there's no confusion...there are two ways that Omniture
implements user tracking.
Method 1: First-Party cookies
- This is what Mozilla will use on its sites. In order to opt out of
tracking using this method, I included a link in the opt-out section
of the policy which sets up an opt-out cookie specifically for Mozilla
web sites. See http://ostats.mozilla.com/optout.html
Method 2: Third-Party cookies
- We are not using this technique! We don't want to force sharing
cookie info with a third-party if not required.
The link you provided in your post will work for Method 2 only. So, I
wanted to point that out.
Thanks.
-Basil
On Feb 11, 2008, at 5:49 AM, Robert Accettura wrote:
> There is a non-hack opt-out:
>
> http://www.omniture.com/privacy/2o7#optout
>
> Basically it sets a cookie (ironic right) that will be honored on
> all sites
> that use Omniture, which is many of the Fortune 500's. Obviously if
> you
> clear your cookies, use another computer or browser, you'll need to
> do this
> more than once.
>
> --
> Robert Accettura
> rob...@accettura.com
>
>
> On Feb 9, 2008 6:34 AM, Axel Hecht <ax...@pike.org> wrote:
>
> _______________________________________________
> governance mailing list
> gover...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
--
Basil Hashem
ba...@mozilla.com
Robert Accettura
--
Robert Accettura
rob...@accettura.com
Mike Beltzner
> Method 1: First-Party cookies
> - This is what Mozilla will use on its sites. In order to opt out of
> tracking using this method, I included a link in the opt-out section
> of the policy which sets up an opt-out cookie specifically for Mozilla
> web sites. See http://ostats.mozilla.com/optout.html
Is there any way/possibility for us to add a link (perhaps on our
privacy policy page) that drops this cookie for the user? I'm thinking a
single radio button which reads/writes that cookie and provides a choice
like:
Would you like to opt-out of our website usage tracking?
( ) Yes
(o) No
[ Update my settings ]
cheers,
mike
Basil Hashem
In fact the draft policy has a link to this cookie opt out page in the
Opt Out section. It will drop the optout cookie for the user. Perhaps
we need to make the page a little more clear.
See the draft policy @ http://people.mozilla.com/~basil/privacy/LOCAL-privacy-policy.html
-Basil
--
Basil Hashem
ba...@mozilla.com
Mike Beltzner
> In fact the draft policy has a link to this cookie opt out page in the
> Opt Out section. It will drop the optout cookie for the user. Perhaps we
> need to make the page a little more clear.
Hm, sorry that I missed that, yes. I think that we do need to make it a
little more clear, and perhaps not put it behind a link but rather make
it part of that main page so that someone who's gone to the trouble of
investigating our privacy policy can get immediate satisfaction.
cheers,
mike
Luis Villa
think of them more as a useful preview of what even the most sane
privacy advocates will ask about the apparent weak points of the new
policy.
[I won't really comment on the general shift to third-party analytics;
suffice to say that I think the completely opaque data collection as
practiced by your new partners fits at best uneasily with the vision
of an open, independent web, but that I understand that the in-house
analytics options are not great, and that good analytics are critical
to the functioning of an effective website.]
On Feb 8, 6:03 pm, Basil Hashem <ba...@mozilla.com> wrote:
> * Redlined markup of proposed changes (Adobe Acrobat format)http://people.mozilla.com/~basil/privacy/RedlinePrivacyFeb08.pdf
"This privacy policy applies to our Web sites and services." What are
'our web sites' In particular, is http://www.google.com/firefox a
Mozilla web site or service for the purposes of the privacy policy?
That being the most-visited web site with firefox branding, and given
the ability to use it to attach *google.com cookies to many firefox
users, it seems like a useful thing to define one way or the other.
"do no collect"-> do not collect
"Cookies cannot be used by themselves to identify you." That is of
course, strictly speaking, correct. But much deeper into the policy
the more accurate statement comes out- "It is possible to link cookies
and clear gifs to personally-identifying information, thereby
permitting Web site operators, including our third-party analytics
providers, to track the online movements of particular individuals."
And of course 'it is possible' means 'our third-party analytics
providers work very hard to do this as extensively as possible.' :)
As a non-participant (and a gmail user), I don't think I have much
standing to comment on whether or not this is a good idea for Mozilla
to give a tacit endorsement to such tracking. (See above for my
general thoughts on that.)
But at the very least the privacy policy should not contain statements
which at worst obscure and at best deliberately mislead, like 'cookies
cannot be used by themselves to identify you.' It is sort of like 'a
bullet cannot be used by itself to kill you.' Well, duh, but no one
uses bullets by themselves- they are used in conjuction with guns,
which can kill you. Likewise, tracking cookies don't exist in a
vacuum- they exist as part of extremely sophisticated operations whose
entire goal is to identify who you are and what you do online, and
(where possible) to also link that to what you do offline. So, like I
said- this statement is at best misleading and should be removed.
"Most major websites use cookies." Most major software is proprietary.
Most lemmings jump off cliffs. Etc. Etc. This is a rationalization,
not a justification; even if it belongs in Mozilla's decision-making
process (which is arguable, but again, that is not my position to say)
it feels very out of place in the privacy policy. So I'd drop both
this and the previous statement ('used by themselves'), and instead
stick purely to the description of what cookies are, technically.
"Mozilla's third party service providers have entered into a written
agreement with Mozilla not to use the information for purposes other
than to enhance and maintain their service." What is 'their service'?
Google Analytics? Google *? In general, this sounds like a good thing,
but it needs to be more specific before anyone can actually rely on
it.
"Install the Customized Google add-on that includes a disable Google
Analytics" -> includes a way to disable?
Hope that helps-
Luis
Basil Hashem
> I'm not sure how the "Protection of Certain Personally-Identifying
> Information" relates to the "we may make data available publically". I
> guess it's that we're feeding the publically available data through a
> process that makes that personally unidentifiable, but that could be
> clearer from the wording.
Just like the way we make download counts available, we publish
aggregate
data - don't publish the IP addresses of the downloader. You can expect
something similar with web usage. Aggregated, anonymized data.
Let me see if we can tighten the wording.
--
Basil Hashem
ba...@mozilla.com
Basil Hashem
I want to try to address some of the concerns brought up so far with
the selection of Omniture and Google Analytics and the privacy policy
revisions.
1. Why don't you use an in-house solution? Do we have to use a third-
party solution?
Our experience to date has been to use Urchin which is an in-house web
analytics solution. Due to our scale, we’ve had issues with overall
reliability, nearly weekly log processing issues and the time required
to process the logs. Mozilla consulted with several Urchin experts
over the past year to try to permanently resolve the problems but
unfortunately the situation has not gotten any better.
From what we understand, Google has taken the Urchin base and have
used that for building up Google Analytics. All their attention has
shifted away from Urchin as a product and as a consequence Urchin
development is slowing down and is lagging in features and support
into the foreseeable future.
We expect to continue growing our site traffic and with that increase,
we are overwhelming Urchin. So, the Mozilla Metrics, Marketing, IT &
OPS teams did an extensive evaluation and came up with Omniture and
Google Analytics as the best solutions for our needs.
2. What are we going to learn that's different from what we've been
doing to date? What about the open web?
Some of the capabilities that these systems provide that Urchin
doesn't are settings, reports, clickstream analysis and cross-Mozilla
property coordination. For example, in order to ensure that the most
number of site visitors are able to get to the download Firefox pages
or to the add-ons trial pages, we need to optimize the web site
(marketing speak: the funnel). Omniture and GA let you setup goals and
see what percentage of site visitors achieve the goal or subgoals.
Other Mozilla properties may setup separate site goals and reports,
e.g. MDC may need to optimized access and do analysis of developer
docs usage.
In order to increase confidence in our numbers, we need a reliable
solution. Our goals is to be as open as we can with our data WITHOUT
violating anyone's privacy. We would love to continue to share
anonymized, aggregated information about site traffic, download
counts, active daily users, funnel analytics, etc... but we need a
reliable system to count on.
3. What Mozilla properties does this effect?
www.mozilla.com
addons.mozilla.org
developer.mozilla.org
mozilla-europe.org
www.mozilla.org
spreadfirefox.com
mozilla-japan.org
firefox.com
getfirefox.com
planet.mozilla.org
*.mozilla.com
A question was raised about http://www.google.com/firefox (aka Firefox
start page) - this is considered a special, jointly owned page with
Google. It is co-branded by Google and Mozilla and hosted on Google
servers. At the moment, it's not part of the "Mozilla website
properties".
4. Can Omniture sell or re-use my data?
No, we have a contract in place that only allows Omniture to use the
data to improve their service. What that means is that they can
provide support if we have a problem. They do not have the rights to
publish Mozilla's data in any form. It's still "our data" and we are
treating these third-parties as an outsourced service.
5. Will Mozilla be putting ads on its site(s)?
We currently have no plans to do this. The phrase in the policy that
states: "Mozilla's Web sites and advertisements use cookies and clear
gifs" is meant to cover ads that Mozilla may place on other web sites.
(e.g. for promotions such the Firefox add-on contest or download
Firefox banners, etc...)
6. What are you doing to minimize the potential leak of privacy
information by third-parties?
One the major things we are doing is using "first-party cookies". This
means that the cookies are associated with the Mozilla domain(s) and
not Omniture. This prevents the third-party solutions from correlating
between visits to random web site running Omniture with Mozilla web
site user behaviors.
7. How will you modify the policy based on the feedback so far:
- Try to put the opt out options in the policy itself (if possible)
- Remove the reference to "disable JS & cookies" as an opt-out option
- Remove some of the generic cookie boilerplate and use technical
cookie definitions (thanks Luis)
- Make various small text fixes/typos
Thanks.
--
Basil Hashem
ba...@mozilla.com
Luis Villa
On Feb 11, 2008 3:09 PM, Basil Hashem <ba...@mozilla.com> wrote:
> A question was raised about http://www.google.com/firefox (aka Firefox
> start page) - this is considered a special, jointly owned page with
> Google. It is co-branded by Google and Mozilla and hosted on Google
> servers. At the moment, it's not part of the "Mozilla website
> properties".
That should probably be explicit in the policy.
> 4. Can Omniture sell or re-use my data?
>
> No, we have a contract in place that only allows Omniture to use the
> data to improve their service. What that means is that they can
> provide support if we have a problem. They do not have the rights to
> publish Mozilla's data in any form. It's still "our data" and we are
> treating these third-parties as an outsourced service.
Great to hear. Same with Google?
> 6. What are you doing to minimize the potential leak of privacy
> information by third-parties?
>
> One the major things we are doing is using "first-party cookies". This
> means that the cookies are associated with the Mozilla domain(s) and
> not Omniture. This prevents the third-party solutions from correlating
> between visits to random web site running Omniture with Mozilla web
> site user behaviors.
That's great to hear- certainly resolves most of my policy-level concerns.
Luis
Basil Hashem
>>
>> No, we have a contract in place that only allows Omniture to use the
>> data to improve their service. What that means is that they can
>> provide support if we have a problem. They do not have the rights to
>> publish Mozilla's data in any form. It's still "our data" and we are
>> treating these third-parties as an outsourced service.
>
> Great to hear. Same with Google?
We do not have a contract with Google for analytics per se. Mozilla's
use
of Google Analytics is guided by a combination of their Terms of Service
for Google Analytics: http://www.google.com/analytics/tos.html
and the end user privacy policy:
http://www.google.com/privacypolicy.html
The "Information sharing" section on the end user privacy policy which
states that they will not share the data with third-parties. Here is
the excerpt:
"Google only shares personal information with other companies or
individuals outside of Google in the following limited circumstances:
* We have your consent. We require opt-in consent for the sharing
of any sensitive personal information.
* We provide such information to our subsidiaries, affiliated
companies or other trusted businesses or persons for the purpose of
processing personal information on our behalf. We require that these
parties agree to process such information based on our instructions
and in compliance with this Policy and any other appropriate
confidentiality and security measures.
* We have a good faith belief that access, use, preservation or
disclosure of such information is reasonably necessary to (a) satisfy
any applicable law, regulation, legal process or enforceable
governmental request, (b) enforce applicable Terms of Service,
including investigation of potential violations thereof, (c) detect,
prevent, or otherwise address fraud, security or technical issues, or
(d) protect against imminent harm to the rights, property or safety of
Google, its users or the public as required or permitted by law. "
--
Basil Hashem
ba...@mozilla.com
Myk Melez
> "Cookies cannot be used by themselves to identify you." That is of
> course, strictly speaking, correct. But much deeper into the policy
> the more accurate statement comes out- "It is possible to link cookies
> and clear gifs to personally-identifying information, thereby
> permitting Web site operators, including our third-party analytics
> providers, to track the online movements of particular individuals."
And right after that it says "Mozilla, however, does not do so." I
believe that statement also applies to anyone we contract with.
> But at the very least the privacy policy should not contain statements
> which at worst obscure and at best deliberately mislead, like 'cookies
> cannot be used by themselves to identify you.' It is sort of like 'a
> bullet cannot be used by itself to kill you.' Well, duh, but no one
> uses bullets by themselves- they are used in conjuction with guns,
> which can kill you.
The parallel is inaccurate, since bullets are useless without guns,
whereas cookies are quite useful even when they aren't linked to
personally-identifying information.
For example, many sites use cookies to keep track of items you place in
your shopping cart while shopping, whether or not you are logged in.
And Bugzilla uses cookies for a variety of purposes, including some
(f.e. remembering the last search you did) that don't require a link to
any personally-identifying information.
> Likewise, tracking cookies don't exist in a
> vacuum- they exist as part of extremely sophisticated operations whose
> entire goal is to identify who you are and what you do online, and
> (where possible) to also link that to what you do offline. So, like I
> said- this statement is at best misleading and should be removed.
The reason we state it that way in the policy is because we don't use
cookies to "identify who you are and what you do online" but rather to
analyze the behavior of web site visitors in the aggregate. We should
only change the text if that's unclear or if we're changing what we do.
-myk
Luis Villa
> >> 4. Can Omniture sell or re-use my data?
> >>
> >> No, we have a contract in place that only allows Omniture to use the
> >> data to improve their service. What that means is that they can
> >> provide support if we have a problem. They do not have the rights to
> >> publish Mozilla's data in any form. It's still "our data" and we are
> >> treating these third-parties as an outsourced service.
> >
> > Great to hear. Same with Google?
>
> We do not have a contract with Google for analytics per se.
How are you using first-party cookies for Analytics then? I guess I
assumed that required a special agreement with them, since, AFAIK, the
standard analytics jscript include sets a google cookie. (I may be
totally wrong about that, though; would be happy to be corrected.)
> Mozilla's use
> of Google Analytics is guided by a combination of their Terms of Service
> for Google Analytics: http://www.google.com/analytics/tos.html
>
> and the end user privacy policy:
> http://www.google.com/privacypolicy.html
>
> The "Information sharing" section on the end user privacy policy which
> states that they will not share the data with third-parties. Here is
> the excerpt:
Thanks for clarifying. This seems to conflict with:
"Mozilla's third party service providers have entered into a written
agreement with Mozilla not to use the information for purposes other
than to enhance and maintain their service."
Written agreements can't (typically) be updated arbitrarily by a
single party, whereas the Analytics TOSs and Google Privacy Policy
can. So 'written agreement' implies a level of certainty and
permanence that isn't present (if I understand things correctly-
entirely possible that I don't.)
Also, 'their service' is still vague- the language of the Moz policy
seems to suggest that it is the analytics service that will be
improved through the data collected (since that is the clear use of
'service' in the first part of the sentence), but the Google Analytics
policy clearly states that the data collected through GAnalytics can
be used by any Google property, not just analytics.
Hope this is useful in helping you clarify the policy-
Luis
Basil Hashem
Thanks for calling these out. We should be explicit on the policy -
we'll take care of the edits.
With Google Analytics, we have to use third-party cookies. With
Omniture, we use first party cookies.
We'll have to monitor the Google ToS carefully for any changes and if
anything objectionable
comes up, we'll re-evaluate our options.
> "Mozilla's third party service providers have entered into a written
> agreement with Mozilla not to use the information for purposes other
> than to enhance and maintain their service."
We'll fix that so that it's Omniture specific.
> Written agreements can't (typically) be updated arbitrarily by a
> single party, whereas the Analytics TOSs and Google Privacy Policy
> can. So 'written agreement' implies a level of certainty and
> permanence that isn't present (if I understand things correctly-
> entirely possible that I don't.)
Your understanding is right. We'll need to monitor the Analytics TOS
for any objectionable changes and re-evaluate if necessary.
> Also, 'their service' is still vague- the language of the Moz policy
> seems to suggest that it is the analytics service that will be
> improved through the data collected (since that is the clear use of
> 'service' in the first part of the sentence), but the Google Analytics
> policy clearly states that the data collected through GAnalytics can
> be used by any Google property, not just analytics.
We'll tighten the language to make it clearer.
> Hope this is useful in helping you clarify the policy-
>
> Luis
This has been very useful. Thank you!
--
Basil Hashem
ba...@mozilla.com
Bob Clary
We have already experienced some negative effects simply by becoming a
corporation. I personally believe that we are given less of the "benefit
of the doubt" than we used to receive with one result being that many
vulnerability issues are now publicly exposed without first working with
us to fix the problem. In my opinion, associating ourselves with the
"Data Collection" and "Data Mining" of our users web usage, even if it
is only perception, will exacerbate the problem.
Are the benefits of such web analytic results worth the possible costs?
Let me say I don't have any qualms about the intentions or integrity of
those in Mozilla who have proposed this change and I trust Mozilla
without reservation to do the right thing.
However, I don't believe that I can place any amount of trust in third
parties to do the right thing. For example, I subscribe to a web service
where they also use Omniture and Google Analytics. It has led me to
second guess whether the personally identifiable information I have
provided to the service are somehow being cataloged by Omniture and
Google and whether I will continue to subscribe to the service.
With regard to the cookie opt out solution...
I normally browse with session cookies for sites I have not explicitly
granted permission to set cookies and had explicitly blocked 2o7.net. In
order to install the opt out cookie that Robert mentioned, I had to
change my pref to allow cookies to be installed, unblock 2o7.net and
install the cookie, then block 2o7.net and set my preferences to only
allow session cookies again. It was less of a problem with the Mozilla
opt-out first-party cookie at <http://ostats.mozilla.com/optout.html>
since I allow mozilla.(org|com) rights to set cookies. However, both
cookies expire in a little over two years in 2010.
Considering the range of custom preference changes our users may have
made, I think Mike's idea of an automatic method of opt-in|opt-out for
allowing the web analytics is a good idea. I would prefer a stable
preference over a cookie however.
If cookies are the chosen method, they should be set to expire well into
the future so that someone doesn't unintentionally transition from
opt-out to opt-in just because the date on the calendar changes.
Bob
Dan Mosedale
>
> I want to try to address some of the concerns brought up so far with the
> selection of Omniture and Google Analytics and the privacy policy
> revisions.
This information is very helpful; it seems like having an FAQ maintained
along with the draft policy is likely to help people feel better about
what's happening.
> 1. Why don't you use an in-house solution? Do we have to use a
> third-party solution?
The paragraphs following this question mostly seem to answer the
question "why can't we use Urchin?", not the above two questions, which
strike me as the important ones. Addressing the posed questions more
directly would be worthwhile, it seems to me.
Dan
Mike Connor
On 15-Feb-08, at 11:52 AM, Dan Mosedale wrote:
> Basil Hashem wrote:
>> 1. Why don't you use an in-house solution? Do we have to use a
>> third-party solution?
>
> The paragraphs following this question mostly seem to answer the
> question "why can't we use Urchin?", not the above two questions,
> which
> strike me as the important ones. Addressing the posed questions more
> directly would be worthwhile, it seems to me.
I think, and I may be jumping into without enough knowledge, Urchin
is the only in-house analytic solution that's even remotely scalable
enough to deal with our traffic, which is why we were using it. If
its not getting the job done, I don't think there's other in-house
solutions that will scale in better ways and provide equal or better
data. If there are, it'd be worth naming some to ensure that we've
got the viable options out there.
-- Mike
Basil Hashem
address your concern over the negative perception issue except to say that
we'll try to be as forthright what we are doing, will monitor any negative
impact on Mozilla, it's brand, etc. over time. The trust issue with the
third-party again can only be earned over time. Certainly, if they violate
our agreement and lose our trust we will have to investigate second-tier
solutions (not sure what those might be at the moment).
I've filed a bug to see how we can change the cookie duration past 2 years,
I agree, that's a bit short. (https://bugzilla.mozilla.org/show_bug.cgi?id=417757)
--
Basil Hashem
ba...@mozilla.com
Bob
Basil Hashem
in-house solution we were able to find is "custom development" where you
customize the type of logging, processing and reporting to your exact needs.
Unfortunately, we found that the initial development and ongoing maintenance
associated with that was too costly.
--
Basil Hashem
ba...@mozilla.com
----- Original Message -----
From: "Mike Connor" <mco...@mozilla.com>
To: "Dan Mosedale" <dm...@mozilla.org>
Cc: gover...@lists.mozilla.org
Sent: Friday, February 15, 2008 9:17:25 AM (GMT-0800) America/Los_Angeles
Subject: Re: Candidate revisions to Mozilla's web site privacy policy
-- Mike
fantasai
> Luis,
>
> Thanks for calling these out. We should be explicit on the policy -
> we'll take care of the edits. With Google Analytics, we have to use
> third-party cookies. With Omniture, we use first party cookies.
> We'll have to monitor the Google ToS carefully for any changes and
> if anything objectionable comes up, we'll re-evaluate our options.
It sounds like Omniture offers a system that is very close to what
we'd want from an outsourced solution privacy-wise, but Google
Analytics doesnt. Is there a reason why we have to use both?
~fantasai
Jean-Marc Desperrier
> [...]
> 1. Why don't you use an in-house solution? Do we have to use a
>
> Our experience to date has been to use Urchin which is an in-house web
> analytics solution. Due to our scale, we’ve had issues with overall
> From what we understand, Google has taken the Urchin base and have used
> that for building up Google Analytics. All their attention has shifted
> away from Urchin as a product and as a consequence Urchin development is
> slowing down and is lagging in features and support into the foreseeable
> future.
>
> Some of the capabilities that these systems provide that Urchin doesn't
> are settings, reports, clickstream analysis and cross-Mozilla property
And from your other message :
> Urchin was the only semi-scalable solution. The only other
> in-house solution we were able to find is "custom development" where you
> customize the type of logging, processing and reporting to your exact needs.
> Unfortunately, we found that the initial development and ongoing maintenance
> associated with that was too costly.
What strikes me most about this discussion is that the direction your
intend to take is not the one Mozilla has taken until now when
confronted to similar situations.
It's not the first time it happens that the best existing open source
software is not up to the task for Mozilla.
And the solution has always been, instead of paying for a proprietary
solution, to develop an in-house solution, either based on the best
available open source software, or from scratch when the existing
situation was really bad, and the solution always very rapidly evolved
to becoming a World class quality software that is now useful to a lot
of people outside Mozilla.
The first example of course is Bugzilla. Then Tinderbox, Bonsai, ...
Cairo has gained so much from Mozilla's implication it can be included
in the list.
But another striking one is Breakpad. In that case Mozilla did suffer a
very long while with a proprietary solution before deciding to switch.
And the result is a great product developped in a shorter timeframe than
the one where the previous product was still used but obviously had
became about unusable.
Also Breakpad is important to cite here because of the server side of
the project, Socorro, both that is not so far from what's needed here
and whose feature are already simply amazing. It can handle the reports
that come in at a simply unearthly pace, just a few minutes, whereas the
previous solution took days sometimes ! And the level and quality of
stat details it gives is so amazing I found myself deliberatly crashing
my browser for the fun of seing how they would update ;-) (no joking !)
When I see the quality of the stats Socorro gives out, and obviously the
scalability it has succesfully reached in just a few months, I can not
not be convinced that creating the top notch web analytics solution
Mozilla needs is out of reach.
Too costly initial development and ongoing maintenance are the problems
of proprietary organizations. In the case of Mozilla, you have the power
to make the projet visible enough to attract enough externals
developpers to offset the larger part of that problem. And as it's quite
different from most of the projects Mozilla already does, it would
certainly attract and get interested mostly new people, and so not much
divert the effort of those already involved in other Mozilla projects.
I see only one negative point I'm not sure Google would like it much
:-). But if you want to prove your independance from Google, now is the
chance.
More seriously when I started writting this I thougth Urchin was
open-source. If you do need to start from scratch, the task is much more
daunting. It might take a while and be inedequate as a short time
solution. But still I think mutualizing with Socorro could accelerate
the developement speed a lot.
Luis Villa
> grown to be some of the top visited properties on the planet, we have
> maxed out the capabilities of our current web analytics solution. We
> needed to shift to a world-class, scalable option that has active
> development and innovative reporting and analytics. The new solution
> will help us better understand what our users are doing on our
> websites so that we can continuously improve their user experience.
>
> Mozilla has selected Omniture (http://www.omniture.com) and Google
> Analytics (http://www.google.com/analytics) as additional web
> today and these third-party solutions is that Omniture and Google
> Analytics are hosted web site services. In order to accommodate, we
> need to make some changes to our current website privacy policy,
> provide opt-out procedures and affect a minor change for SUMO's Live
> Chat feature (http://support.mozilla.com/).
>
> Below are the proposed changes to the mozilla.com privacy policy.
>
> * Redlined markup of proposed changes (Adobe Acrobat format)http://people.mozilla.com/~basil/privacy/RedlinePrivacyFeb08.pdf
>
> instructionshttp://people.mozilla.com/~basil/privacy/LOCAL-privacy-policy.html
>
By the way, Basil, when googling for this issue, I noticed that the
top hit on Google for 'mozilla privacy policy' is
http://www.mozilla.org/privacy-policy.html, whose relationship with
http://www.mozilla.com/en-US/privacy-policy.html is at best unclear.
You may wish to clarify that relationship, both in the current public
information and in the proposed future drafts.
Luis
Basil Hashem
-Basil
> _______________________________________________
> governance mailing list
> gover...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
--
Basil Hashem
ba...@mozilla.com
Luis Villa
> Thanks Luis, I'll see what I can do.
>
>
>> top hit on Google for 'mozilla privacy policy' is
>> http://www.mozilla.org/privacy-policy.html, whose relationship with
>> http://www.mozilla.com/en-US/privacy-policy.html is at best unclear.
>> You may wish to clarify that relationship, both in the current public
>> information and in the proposed future drafts.
Note that this is still a problem. One appears to have been updated
with the new policy; the other has not.
Luis
Frank Hecker
> On Fri, Mar 7, 2008 at 3:51 AM, Basil Hashem <ba...@mozilla.com> wrote:
>> Thanks Luis, I'll see what I can do.
>>
>> On Mar 6, 2008, at 7:08 AM, Luis Villa wrote:
>>
>>> By the way, Basil, when googling for this issue, I noticed that the
>>> top hit on Google for 'mozilla privacy policy' is
>>> http://www.mozilla.org/privacy-policy.html, whose relationship with
>>> http://www.mozilla.com/en-US/privacy-policy.html is at best unclear.
>>> You may wish to clarify that relationship, both in the current public
>>> information and in the proposed future drafts.
The document on www.mozilla.org is for *.mozilla.org sites and is issued
by the Mozilla Foundation. The document on www.mozilla.com sites is for
*.mozilla.com sites and is issued by the Mozilla Corporation.
Unfortunately both pages are titled "Mozilla Privacy Policy", which I
admit is confusing.
On the www.mozilla.org side we tried to lessen the confusion with a note:
"Note: This privacy policy applies to the Mozilla.org Web sites and
services. We have a separate privacy policy for our products and for
some Mozilla.com web properties. Please see for example: Mozilla Firefox
Privacy Policy."
We're open to suggestions for how to make this clearer.
> Note that this is still a problem. One appears to have been updated
> with the new policy; the other has not.
Which policy are you referring to as not having been updated? IIRC we
tried to get the www.mozilla.org policy up to date with respect to
suggested changes. However we didn't put in anything about third party
analytics providers and similar stuff, because the *.mozilla.org sites
do not in fact use such providers (as noted in the policy itself).
Frank
--
Frank Hecker
hec...@mozillafoundation.org
Gen Kanai
On Aug 19, 2008, at 6:51 AM, Frank Hecker wrote:
> We're open to suggestions for how to make this clearer.
>
>>
Perhaps stating the obvious but how about we change the page so that
the .org page says, "Mozilla Foundation Privacy Policy" whereas
the .com page says "Mozilla Corporation Privacy Policy."
Luis Villa
> On Fri, Mar 7, 2008 at 3:51 AM, Basil Hashem <ba...@mozilla.com> wrote:
>> Thanks Luis, I'll see what I can do.
>>
>> On Mar 6, 2008, at 7:08 AM, Luis Villa wrote:
>>
>>> top hit on Google for 'mozilla privacy policy' is
>>> http://www.mozilla.org/privacy-policy.html, whose relationship with
>>> http://www.mozilla.com/en-US/privacy-policy.html is at best unclear.
>>> You may wish to clarify that relationship, both in the current public
>>> information and in the proposed future drafts.
>
> with the new policy; the other has not.
Never mind, I'm an idiot. Could be clearer, but the first paragraph of
each does in fact specify what it covers.
Luis
Jonas Sicking
Another question is, does the two really need to be different? I think
moco and mofo shares values wrt privacy.
/ Jonas
Gen Kanai
Agreed, and yet I think the divergence goes back to Basil's post on
Feb 9th stating that for many reasons Mozilla.com has chosen to use
Omniture which entailed an update to the privacy policy. Basil can
correct me if I am wrong.
Frank Hecker
> Perhaps stating the obvious but how about we change the page so that the
> .org page says, "Mozilla Foundation Privacy Policy" whereas the .com
> page says "Mozilla Corporation Privacy Policy."
Well, the difference really isn't a Foundation vs. a Corporation issue,
it's an issue of *.mozilla.org sites vs. *.mozilla.com sites. So maybe a
better approach would be to rename them to "Mozilla Privacy Policy for
mozilla.org sites" and "Mozilla Privacy Policy for mozilla.com sites"?
Frank Hecker
> Another question is, does the two really need to be different? I think
> moco and mofo shares values wrt privacy.
We looked at doing a unified privacy policy. The problem was that the
policy would still have to discuss mozilla.org sites different than
mozilla.com, because they have different practices (because of the third
party analytics issue). Rather than spend more time trying to merge
everything into one document we decided to punt on unification for now.
We can revisit this if the mozilla.org sites are ever set up the same as
mozilla.com.
Jonas Sicking
This sounds like a good plan to me. Especially if the two can be merged
once the technical differences between them have been reduced.
/ Jonas