LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Tracking users vs collecting product usage data

Tracking users vs collecting product usage data

Posted Feb 12, 2012 16:29 UTC (Sun) by deinspanjer (guest, #82864)
Parent article: Tracking users

The MetricsDataPing (MDP) project proposal is not intended to be "user tracking".  If you look through the data, you see that it does not attempt to identify users, nor does it track private information such as sites visited, search terms used or bookmarked links.  A lot of the discussion so far has been focused on whether the data could be subverted to somehow identify and track users, but the proposal is specifically designed to avoid user identification or tracking and the proposal includes policy and features that make it as difficult as is reasonably possible for user identification or tracking to happen.

When contrasted to Telemetry, it is reasonable to point out the difference between opt-out and opt-in, and also the fact that Telemetry contains transient snapshot data while MDP is focused on recording longitudinal data to be able to look at the trends in performance, stability, and usage over time.  Both projects work very hard to avoid collecting PII,  both projects explicitly avoid recording IP address with the stored data, and both projects take steps to ensure that the IP address found in web access logs cannot be reasonably linked to the data that is stored.  I am familiar with this similarity because the metrics team built and supports the back-end infrastructure that supports Telemetry, and the MDP proposal uses the same back-end.

Both MDP and Telemetry contain various bits of information in them that are fairly constant and unique from installation to installation.  This means that they are both likely to be "fingerprintable".  Such fingerprinting could possibly be used in the place of the document identifier strategy in MDP, but it would not be as reliable, it would not enable users to remove the data about their installation if they wished, and it could be argued that using fingerprinting would just be trying to hide the project's intentions.

To me, one of the most important parts of the debate currently taking place on the planning forum is whether it is acceptable to collect any data using an opt-out mechanism and rely on privacy policy to restrict how that data can be used.  That answer is difficult to agree on, especially when the data is critical to the organization as well as directly beneficial to the end-user.

(Log in to post comments)

Tracking users vs collecting product usage data

Posted Feb 15, 2012 16:53 UTC (Wed) by gerv (subscriber, #3376) [Link]

"To me, one of the most important parts of the debate currently taking place on the planning forum is whether it is acceptable to collect any data using an opt-out mechanism and rely on privacy policy to restrict how that data can be used."

When you put it that way, I can see that this is an important question - and, as a participant in the discussion, I'm not sure that it's sufficiently come to the surface. Perhaps it would make sense to start a new thread focussing just on that?

Tracking users vs collecting product usage data

Posted Feb 15, 2012 18:20 UTC (Wed) by deinspanjer (guest, #82864) [Link]

I think that might be a good approach, but the most important answers in the Mozilla side of the discussion wouldn't be coming from the metrics team but rather the privacy team.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds