What is Mozilla's unique user identifier data retention policy?
I recently read in the FF privacy policy that a unique browser ID is sent to Mozilla along with an IP Address every time the browser checks for updates:
"This feature also sends Potentially Personal Information to Mozilla in the form of your IP address and a cookie that contains a unique numeric value to distinguish individual Firefox installs."
http://www.mozilla.org/en-US/legal/privacy/firefox.html
This feature can potentially provide Mozilla with a complete list of IP addresses and locations that a user has employed to access the Internet. Can you please clarify your data retention policy on this? In other words, how long are either the IP address or the identifier stored on your servers?
Chosen solution
Hi! I'm chiming in from Mozilla's Privacy Team.
For FHR pings, we don't retain anything in FHR that's > 6 months (180 days) old. Does that answer your question? Here's a link to the info - it's under "how to turn data sharing on or off".
https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf
Read this answer in context 👍 1All Replies (11)
You asked about Mozilla's data retention policy related to unique identifiable information. You referenced the Mozilla Firefox Privacy Policy at http://www.mozilla.org/en-US/legal/privacy/firefox.html
You're asking this in the Support Forum, which is basically a help site for using Mozilla products. The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees.
I'm escalating this question to our new HelpDesk.
If you don't get an answer here, I would suggest sending an inquiry to Mozilla. The "For More Information" section of that page says the following:
For More Information
You may request access, correction, or deletion of Personal Information or Potentially Personal Information, as permitted by law. We will seek to comply with such requests, provided that we have sufficient information to identify the Personal Information or Potentially Personal Information related to you.
Any such requests or other questions or concerns regarding this Policy and Mozilla's data protection practices should be addressed to:
Mozilla Corporation Attn: Legal Notices - Privacy 650 Castro Street, Suite 300 Mountain View, CA 94041-2072 Phone: +1-650-903-0800 E-mail: [email protected]
I will follow this with interest. I know I have seen discussions where great lengths have been gone to in collecting useful data from Firefox but ensuring it does not remain in a form that could be personally identifiable.
IIRC part of the reasoning was it must be such that even if it were to be demanded by due process of law it could be disclosed but would not then identify individuals.
As for a users IP Address itself that is being sent all the time by users in day to day use of the Internet.
It my be an off topic question but I am sure one that recent events may have led more Firefox users to think about. We want user of firefox to use Telemetry, FHR and Crash reporting and they may be reluctant if they have concerns about privacy.
Use of such feature helps sumo.
(So if off topic here we could consider asking on another of our fora, but it probably benefits end users more if it stays here and gets an authoritative answer.)
Thanks for the replies so far. I have emailed the privacy department as well. I know there was a lengthy discussion about unique user IDs in the developers forum about the Metrics Data Ping function (although automatic updates are a different feature of the browser, it's still good reading):
https://groups.google.com/forum/#!topic/mozilla.dev.planning/6q4kvRTAcow
While I realize that IP addresses are obviously the basis of the Internet, what UUIDs do is setup lengthy IP chains, so that every location and specific IP address that user has used will be preserved. While one IP makes it very difficult to identify a person, a complete history of IPs is another story.
I did not find the blog or bug I was thinking about but I did find this
Usage Statistics (also known as Telemetry). .... if this functionality is enabled, users can disable it in Firefox's Options/Preferences by simply deselecting the "Submit performance data" item.
Usage statistics are transmitted using SSL (a method of protecting data in transit) and help us improve future versions of Firefox. Once sent to Mozilla, usage statistics are stored in an aggregate form and made available to a broad range of developers, including both Mozilla employees and public contributors."
- Some of the data analysis results can be seen at
http://telemetry.mozilla.org/#path=nightly/28/A11Y_CONSUMERS
I'm familiar with the Telemetry data, but right now it seems that there are several systems that Mozilla is using with identifiers. The topic is discussed in more detail here as well:
http://www.wilderssecurity.com/showthread.php?t=320123
Even in the FF browser itself there is a "Data" tab:
However, this data tab is still separate from the automatic update opt-in. Also, it still hasn't been confirmed whether or not the UUID is generated per install of FF, or is generated by your computer (in other words, if you reinstall, will you get the same ID?).
Ultimately, I know that Mozilla needs to have this data to determine usage metrics in order to improve their product and their market. What I'm asking for is more transparency with regard to their practices- especially data retention periods. Even Google, the king of data collection, has removed unique IDs from Chrome (they're deleted the first time Chrome checks for an update).
Telemetry data seems to be stored in files with a GUID name in the saved-telemetry-pings folder in the Firefox profile folder.
The source code show that different ID is generated for each session;
// Generate a unique id once per session so the server can cope with // duplicate submissions.
That's some good research cor-el, thanks for that. However, again, Telemetry data isn't my focus- I'm more interested in the automatic update feature. FF's privacy policy does not mention a UUID when discussing Telemetry, and the feature has been confirmed to not disclose any personal info when transmitting usage stats.
However, as of now, it still seems that the auto-update DOES disclose an IP string. I'm just trying to figure out for how long.
Chosen Solution
Hi! I'm chiming in from Mozilla's Privacy Team.
For FHR pings, we don't retain anything in FHR that's > 6 months (180 days) old. Does that answer your question? Here's a link to the info - it's under "how to turn data sharing on or off".
https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf
Hi Stacy, I guess Patrick or Rachel from the new HelpDesk must have pinged you.
I suppose that confirms the FHR article
- Firefox Health Report - understand your browser performance_how-to-turn-data-sharing-on-or-off
is accurate in that respect. I note a distinct lack of references whilst the article was being written.
On a slightly different subject the article & section mentioned also says
and you can view the comparison data from other browsers that are sharing their data.
As far as I can see that is not some thing that may be done within FHR as it is currently seen. That data is publicly (once signed in) available though http://telemetry.mozilla.org as I mentioned upthread.
I am not sure the questions by the mikey212 the OP have been answered yet. I caused the thread to drift by mentioning FHR.
The original topic seem to be more about the updates i.e.
I recently read in the FF privacy policy that a unique browser ID is sent to Mozilla along with an IP Address every time the browser checks for updates: ....
.... This feature can potentially provide Mozilla with a complete list of IP addresses and locations that a user has employed to access the Internet. Can you please clarify your data retention policy on this? In other words, how long are either the IP address or the identifier stored on your servers? ....
.... I'm familiar with the Telemetry data, but right now it seems that there are several systems that Mozilla is using with identifiers. ....
.... However, this data tab is still separate from the automatic update opt-in. Also, it still hasn't been confirmed whether or not the UUID is generated per install of FF, or is generated by your computer (in other words, if you reinstall, will you get the same ID?).
Ultimately, I know that Mozilla needs to have this data to determine usage metrics in order to improve their product and their market. What I'm asking for is more transparency with regard to their practices- especially data retention periods. ....
Question clarification: There are reports for each install that is correct, but they are new after the 180 day period. This is retained for 180 days.
The only data that is sent is the data listed in the Learn More articles:
- https://www.mozilla.org/en-US/legal/p.../firefox.html#telemetry
- https://www.mozilla.org/en-US/legal/p.../firefox.html#health-report
- https://support.mozilla.org/en-US/kb/firefox-health-report-understand-you...
Auto Updater info in this article: [also 180 days]
Modified