Privacy: Mozilla to test opt-out telemetry collection in Firefox
Mozilla engineers working on the Firefox web browser are concerned that the current opt-in system of data collection does not allow for the collection of unbiased data about which websites users visit and so on. As such a test period of telemetry which is opt-out is planned.
In a discussion on Google Groups, Georg Fritzsche from Mozilla says: "for Firefox we want to better understand how people use our product to improve their experience. To do that, we are planning to run a new SHIELD study that tests how we can collect additional data in a privacy preserving way."
Among the questions Mozilla is seeking to answer with telemetry data are: "Which top sites are users visiting?"; "Which sites using Flash does a user encounter?"; "Which sites does a user see heavy Jank on?"
Fritzsche proposes the following:
One solution is the use of differential privacy, which allows us to collect sensitive data without being able to make conclusions about individual users, thus preserving their privacy.
An attacker that has access to the data a single user submits is not able to tell whether a specific site was visited by that user or not.
The Google Open Source project called RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response) is the most widely known and deployed implementation of differential privacy.
We have been investigating the use of RAPPOR for these kind of use-cases, with initial simulation results being promising.
What we plan to do now is run an opt-out SHIELD study to validate our implementation of RAPPOR. This study will collect the value for users' home page (eTLD+1) for a randomly selected group of our release population We are hoping to launch this in mid-September.
This is not the type of data we have collected as opt-out in the past and is a new approach for Mozilla. As such, we are still experimenting with the project and wanted to reach out for feedback.
The responses in the discussion are somewhat mixed, but the first reply sums up what many end-users are likely to feel: "I believe Opt-in is pro-privacy, while Opt-out is anti-privacy." Another said: "If this will be implemented, I’ll have to file a complaint with the relevant Landes- and Bundesbeauftragten für Datenschutz, and, possibly, escalate this to the EU Data Privacy commissioners office."
What are your thoughts?