Skip to content
This repository has been archived by the owner on Dec 3, 2020. It is now read-only.

Collect category 1-2 data and enable background price updates from consenting users in privacy-sensitive contexts #186

Closed
chuckharmston opened this issue Oct 19, 2018 · 8 comments
Closed

Collect category 1-2 data and enable background price updates from consenting users in privacy-sensitive contexts #186

chuckharmston opened this issue Oct 19, 2018 · 8 comments
Assignees
@biancadanforth
Milestone
Post-Launch Devel...

Comments

@chuckharmston
Copy link

chuckharmston commented Oct 19, 2018
edited
Loading

Moving out a comment from #72:

As @johngruen mentioned in Slack yesterday evening, the traditional Test Pilot practice to not send any usage information for users with DNT or Tracking Protection largely exists because Test Pilot experiments generally use Google Analytics to collect data. Since we're using event telemetry, that gives us a bit of leeway.

That said, we still do have a responsibility to be as lean as possible when collecting personal data of users regardless of their privacy settings. To that end, I chatted with @groovecoder this morning to try to work out the right place where we get the usage information we need to evaluate and iterate upon the experiment while still respecting users' privacy and wishes. Here's where I landed:

I do think we should omit any category 3 data (i.e. the aggregate counts of visits to sites we support) if DNT, Tracking Protection or cookie settings indicate a user's intent not to be tracked. I do think we should still collect basic extension interaction metrics in those cases. This is consistent with Firefox, which still collects cat 1 + 2 telemetry data from those users.

I propose amending the above table thusly:

Feature Private Browsing Do Not Track Tracking Protection Reject cookie
Price Polling false true* true* true*
Content Extraction false true true true
Extension Telemetry (category 1-2) false true true true
Extension Telemetry (category 3) false false false false

* As additional consent to the polling, we should add information to the "no products" screen for these users to make sure that they understand that by adding an item to their list, we'll be checking prices on their behalf. This is tracked in #184.

This all meets @groovecoder's goal of making sure we don't make third-party requests for users with DNT/TP without their consent, and does some great proactive reinforcement of our organizational privacy stance.

This is not MVP, but we should endeavor to land this before launching.
@chuckharmston chuckharmston added the [ENG]: Triage Work the team needs to review to determine if it will be included as part of the next milestone. label Oct 19, 2018
@chuckharmston chuckharmston mentioned this issue Oct 19, 2018
Closed
1 task
@biancadanforth biancadanforth mentioned this issue Oct 19, 2018
Closed
@muccimoz muccimoz removed the [ENG]: Triage Work the team needs to review to determine if it will be included as part of the next milestone. label Oct 23, 2018
@Osmose Osmose changed the title Collect category 1-2 data from consenting users in privacy-sensitive contexts Collect category 1-2 data and enable background price updates from consenting users in privacy-sensitive contexts Oct 25, 2018
@groovecoder
Copy link
Member

There's a ** on Content Extraction in the table above ... what's that associated with? The additional consent to polling/extraction?

@chuckharmston
Copy link
Author

what's that associated with?

It's associated with my scattered brain. Amended and apologies!

@Osmose Osmose mentioned this issue Oct 30, 2018
Merged
@biancadanforth
Copy link
Collaborator

We will also need to update the "Opt Out" section of METRICS.md accordingly.

@biancadanforth
Copy link
Collaborator

biancadanforth commented Nov 7, 2018
edited
Loading

@chuckharmston Did we get approval for these changes as part of the Data Collection Review?

Edit: Doesn't look like it just yet.

@chuckharmston
Copy link
Author

We did! Conversation starts here: https://bugzilla.mozilla.org/show_bug.cgi?id=1501420#c7

@biancadanforth
Copy link
Collaborator

Ah, the second paragraph of that comment is what you are referring to, since we are only enabling Cat 1-2 data for DNT, TP and Cookie settings and still disabling any telemetry of any category in Private Browsing. Okay thanks.

@biancadanforth biancadanforth self-assigned this Nov 14, 2018
@biancadanforth
Copy link
Collaborator

biancadanforth commented Nov 14, 2018
edited
Loading

@chuckharmston , Re: Row 1, Column 1 of your table: disabling Price Polling in Private Browsing is a little complicated (our conversation starts here, and is handled by a separate issue (#177 )).

For that reason, we currently do not disable Price Polling in Private Browsing. Would you accept a patch that addressed everything here except that one case, which would be handled by #177 ?

Please note that #177 is not currently in our list of issues to fix during this post-launch Milestone.

biancadanforth added a commit to biancadanforth/price-tracker that referenced this issue Nov 14, 2018
@biancadanforth
mozilla#186: Enable category 1/2 event telemetry in certain privacy c…
2d69786 
…ontexts
biancadanforth added a commit to biancadanforth/price-tracker that referenced this issue Nov 14, 2018
@biancadanforth
mozilla#186: Enable category 1/2 event telemetry in certain privacy c…
be6588e 
…ontexts

In order to avoid the eslint `no-cycle` error, I moved all events to be registered to their own `events.js` script, so that both `privacy.js` and `extension.js` could import from `events.js`. (thanks Osmose for the idea)

More about the `no-cycle` error that was avoided: This error came up when I tried to import CATEGORY_3_EVENTS from `./src/telemetry/extension.js` into `./src/privacy.js`, since we were already importing `shouldCollectTelemetry` from the latter into the former.
biancadanforth added a commit to biancadanforth/price-tracker that referenced this issue Nov 14, 2018
@biancadanforth
mozilla#186: Enable price polling in certain privacy contexts
7b76128 
Previously, price polling (a.k.a. background price updates) was disabled when Do Not Track, Tracking Protection or certain cookie settings ('reject_third_party' and 'reject_all') were enabled.

Now, price polling occurs in these situations. This leaves the `shouldUpdatePrices` function in `privacy.js` kind of useless, but I left it there instead of removing it entirely in order to add the Private Browsing check that is part of mozilla#177.
@chuckharmston
Copy link
Author

That's definitely fine, although it'd be great to try to bring #177 into that milestone. I've inquired about that on the bug.

biancadanforth added a commit to biancadanforth/price-tracker that referenced this issue Nov 15, 2018
@biancadanforth
mozilla#186: Enable category 1/2 event telemetry in certain privacy c…
f9d7c5e 
…ontexts

In order to avoid the eslint `no-cycle` error, I moved all events to be registered to their own `events.js` script, so that both `privacy.js` and `extension.js` could import from `events.js`. (thanks Osmose for the idea)

More about the `no-cycle` error that was avoided: This error came up when I tried to import CATEGORY_3_EVENTS from `./src/telemetry/extension.js` into `./src/privacy.js`, since we were already importing `shouldCollectTelemetry` from the latter into the former.
biancadanforth added a commit that referenced this issue Nov 16, 2018
@biancadanforth
Merge pull request #270 from biancadanforth/186-more-data
c04cb82 
Fix #186: Enable event telemetry and price polling in certain privacy contexts
@biancadanforth biancadanforth mentioned this issue May 30, 2019
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@biancadanforth biancadanforth

Labels
None yet
Projects
None yet
Milestone
Post-Launch Development-1
Development

No branches or pull requests
4 participants
@chuckharmston @groovecoder @biancadanforth @muccimoz