|| ||beltzner <mbeltzner-AT-gmail.com> |
|| ||Benjamin Smedberg <benjamin-AT-smedbergs.us> |
|| ||Re: Anonymous metrics collection from Firefox |
|| ||Mon, 6 Feb 2012 15:12:22 -0500|
|| ||"mozilla.dev.planning group" <dev-planning-AT-lists.mozilla.org>|
|| ||Article, Thread
The wiki page is pretty clear about goals for the feature ("ability to
measure adoption, retention, stability, performance, and aggregated
search counts by engine") as well as requirements for success. What
it's lacking, other than in terms of caveats and warnings throughout
the documentation, is against which privacy principles those
requirements must be evaluated.
Recently Ben Adida posted on the Mozilla Privacy Blog
outlining a series of design guidelines to use when designing new
features, and committing Mozilla to a basic policy of "no surprises,
real choices, sensible settings, limited data, and user control." I
think that the Data Safety Team he outlines in that post should
evaluate the proposal (once it reaches a final stage, see below!)
using those guidelines and making a judgement on whether or not it
meets the plain-language policy as stated.
The other thing the wiki page is lacking is an understanding of who is
running the project aside from the "metrics team." A clear project
owner should be identified, I think, so that we can better know what's
in plan, in flux, etc. Once there's a final proposal about what's to
happen, it can be judged and evaluated from a privacy perspective.
Our shared goal should be to try and design a system by which we
accomplish the laudable goals and requirements of the metrics team
(plainly: better understanding our product, its users, and how it's
being used) in a way that meets our high standards for data
sovereignty and privacy. We must build a better mousetrap. I suggest
people look to the Crash Stats efforts to this end, as they have long
avoided privacy-invasive actions (at non-trivial cost) while still
mining the available data to gain significant understanding of our
broad user base's experience with the browser.
Finally, and my own personal $0.02 on the issue: I think there are
ways of pre-cleaning data so that you get the benefit of aggregate
data collection (double-blinding, binning and grouping, etc) and the
easiest way to figure those ways out is to begin with the question:
what is the end state we're trying to get to? No data should be
collected without understanding exactly how that data will be
presented to its consumers; that way you can be sure to only collect
the minimum amount of data required to answer the question.
ps: let's remember that we're all on the same team here, and all want
what's best for Firefox and its users; think carefully before writing,
and always assume the best of your colleagues and community members
when participating in this discussion!
to post comments)