[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla

To: "Valdis.Kletnieks@xxxxxx" <Valdis.Kletnieks@xxxxxx>, Nick Boyce <nick.boyce@xxxxxxxxx>
Subject: Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla
From: Martijn Broos <martijn.broos@xxxxxxxxxxx>
Date: Fri, 10 Feb 2012 16:52:53 +0100

Hi,

I can imagine that developers want to have a clue what they need to repair.
I only have a problem the way they do it and the way my behavior is exposed 
without possible influence.

Let's say for the sake of argument, that 20% on similar hardware have a problem 
with loading times and the developers have the metrics to prove so (waiting 
times, load times, scripts I use,  etc...)
Would the conclusion be, that Firefox is at fault?
- What if the major part of that % is living in a certain continent?
- What if the major % has the same ISP?
- How is the spread of OS usage?
- etc, etc....

Without the surrounding parameters known, you have a pile of bytes instead of 
DATA (people tend to mix those definitions). Of course you could make "fuzzy" 
statistics out of it, but like most mathematicians know: statistics prove 
predetermined conclusions.

Still would a 5% speed increase weigh up to the privacy of 200 million users?
Like in the bugtrack stated. If my instance of firefox is PII bound, you can 
trace my laptop, determine behavior, etc...
And to conclude: Modzilla states they don't intent to use the data in any other 
way:
I have a couple of  questions about the intent:
- Will that intent stay the same throughout the future? The intent can easily 
be changed when money gets involved.
- What if a legal entity (like a government, The Music branch protectors(to 
prove that the piratebay is used so often), etc...) "kindly" requests the data 
with a court-order?

Also take into account the following:
Since 2012, the Netherlands has a new law which forbids behavior analysis by 
persistent cookies...All advertisement companies are now looking into device 
identification.
Why: they can make more money when they show you the right adds.
Modzilla will help them a great deal if they can offer them a PII out of 
stock... And I see the comments, they won't do that! Do you want to bet 1 
million bugs over it that they won't do it?

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of 
Valdis.Kletnieks@xxxxxx
Sent: vrijdag 10 februari 2012 15:48
To: Nick Boyce
Cc: full-disclosure
Subject: Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit 
anonymous product metrics to Mozilla

On Fri, 10 Feb 2012 03:51:53 GMT, Nick Boyce said:
> OT: They should just make FF quality high and the design impeccable -

"Quality high" is always a nice concept.  But there's always 5 quality issues 
and resources to fix only 3.  Obviously, you want to fix the 3 that matter most 
to your users - but which 3 are they?  You really can't rely on bug reports or 
surveys, because those tend to have a major self-selection bias.  Think about 
it - how many people do you know that use Firefox?  How many of them have had 
it crash or misbehave?  How many of them *reported* it?  Surveys have the same 
problem - you can't easily run a survey of users who just want to hit their 
sites and *do* stuff and find out what they want - because they'll just skip 
your survey, hit their site, and *do* stuff.  Unless of course you make the 
survey mandatory - in which case you tick them off because you got in the way 
of hitting their site and doing stuff.

Or "report the list of extensions and performance numbers" -  it's one thing to 
know that users have a range of launch times.  It's something else to know that 
20% of users have *consistently* longer launch times on comparabie hardware.
But if you have data that shows that NoScript users take a 15% launch time hit,
*that* is something you can then go do something about.

Similar problems for "impeccable design" - if you want a browser that Joe 
Sixpack will actually *use*, then you need data on how Joe actually wants to 
use that browser.  And *asking* Joe never works - anybody who's had to do 
project requirements will tell you that what the user *says* they want, what 
they *think* they want, and what they actually need, are almost always 3 
different things.

No, I'm not saying it's OK for the Mozilla crew to collect PII like that - but 
I can certainly understand why they feel the temptation to do so...



DISCLAIMER : This message is sent in confidence and is only intended for the 
named recipient. If you receive this message by mistake, you may not use, copy, 
distribute or forward this message, or any part of its contents or rely upon 
the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails 
from any computer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla
  - From: . .
- Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla
  - From: Nick Boyce
- Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla
Next by Date: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Previous by thread: Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla
Next by thread: [Full-disclosure] Drupal Finder Module Multiple Vulnerabilities
Index(es):
- Date
- Thread