Firefox/Privacy and Security Front-End/OKRs/2017Q4: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(OKR Scoring Jan 22)
(features for 2.1)
Line 49: Line 49:
|align="left"| 50%
|align="left"| 50%
|
|
*  
* Tracking Protection Pref Flip Study
* Tracking Protection UI Study
|
|
* Oct 30
* Oct 30

Revision as of 23:26, 22 January 2018


2017Q4 OKR Progress

Objective Key Result Champion Confidence Tracking/Meta Bug Notes
Oct 30 Nov 13 Dec 4 Dec 11 Score (Jan 22)
1. Protect users from password theft and stay competitive (Phishing protection) 1.1 Complete three of the seven password phishing sub-tasks required to complete this objective. Francois -- -- -- -- 67%
  • Oct 30
    • Almost completed first task.
  • Dec 19
    • Completed the first task.
    • Almost done with the second task.
    • Postponed the bulk of the third task to next quarter.
  • Jan 22
    • 2 out of the 3 subtasks completed. Note that scope has changed from 7 subtasks to 3 subtasks.
2. Solidify 2018 strategy and approach to tracking 2.1 Complete in-flight studies and analysis on engagement and retention differences with tracking protection (with various positioning) Pdol 85% -- -- -- 50%
  • Tracking Protection Pref Flip Study
  • Tracking Protection UI Study
  • Oct 30
    • Onboarding study for Tracking Protection UI is delayed
  • Jan 22
    • 1 out of 2 studies was completed and analyzed. Tracking Protection UI study is delayed.
2.2 Obtain agreement from product, engineering and business stakeholders for what specifically will ship in the subsequent quarters Pdol & Wennie -- -- -- -- 15%
  • Jan 22
  • Clarified ad strategy according to the Play to Win strategy. Pdol returned from pat leave in Q1 and composed presentation that being circulated with leadership team. No confirmed plans yet on what will ship in 2018.
3. Improve Private Browsing Mode 3.1 Add 2 additional privacy protections in Private Browsing Mode (and available in regular mode). Tanvi & Luke 50% -- -- -- 45%
  • Disable third party cookies and strip referrer to origin only in Private Browsing Mode.
  • Jan 22
    • Team implemented "referer to origin only" in Private Browsing Mode in Q4. Patch landed in Q1.
3.2 Lightbeam / Containers bug fixes and maintenance Jkt -- -- -- -- 100%
  • Jan 22
    • Team nominated and prioritized dependent bugs and fixed bugs accordingly.
      • Ex. Containers fixes landed in fx 57 and fx 58.
4. Develop a process to burn down sec-critical and sec-high bugs 4.1 Consistently maintain less than x number of sec-high and sec-critical bugs in monthly basis Wennie 80% -- -- -- 100%
  • Oct 30
    • Process description is done. Will share it with team
  • Jan 22
    • SecEng Team triaged Q4 sec-high and sec-critical bugs. Wennie has circulated "bug nomination" process to security leadership (ekr, selena,etc.).
5. Make Firefox Privacy controls/options more intuitive 5.1 Ensure our privacy and security setting UI match the users’ mental model and work as expected. Johann -- -- -- -- 100%
  • Jan 22
    • Johann audited all options and presented it to the team.
5.2 Update individual UI components that don’t do what they appear to do (either from a user’s perspective, from the platform perspective, or both) Johann -- -- -- -- 80%
  • Jan 22
    • Jacqueline and Johann created design mock up that was 80% done.
5.3 Doorhanger for Google Hangout Permissions Johann -- -- -- -- 90%
  • Jan 22
    • Johann has uploaded a patch for this bug. Blocked on platform pieces. When platform piece is ready, Johann will update his patch and land it.
6. Enable Firefox developers to write secure code by default.

(Security by Default)

6.1 Set the correct triggering principal for top-level loads by completing 12 remaining bugs. Christoph & Kate 0%
  • 12 remaining bugs
7. Enable web developers to produce secure web sites through use of relevant web standards, increased test coverage via web-platform tests & parity with other browsers 7.1 Update Mixed Content Implementation per Spec Christoph & Kate
  • this was split into two parts
7.2 Land CSP Violation reports and enable web-platform tests Ethan 75% 100%
  • already have patch and has been reviewed. Spec is missing core aspects. Email thread circulating. Might have to revise spec.

12/4

  • patches have landed in 59.
  • team has filed bugs the missing core aspects
    • Bug ID: 1418241, 1418246, 1418243, 1418236
7.3 Land CSP worker-src
8. Protect users from data: URI phishing attacks 8.1 Enable toplevel data: URI navigation blocker
9. Enable Firefox developers to query referrer (including policy) information from a single source of truth. 9.1 Revamp referrer policy setup Tanvi Francois -- -- -- -- 50%
  • Jan 22
    • Francois and Christoph sat down with Thomas (TPE) and agreed upon plan. No implementation work has started.
10. Lay foundation for shipping Breach Alerts 10.1 File all bugs for the shipment MVP with published UI spec Nihanth -- -- -- -- --
  • Jan 22
    • Goals have changed due to scope and resources. Team focused on back-end implementation and standing up an add-on prototype. UI spec has not started and was deprioritized for now.
11. Improve Firefox privacy by implementing W3C spec of Referrer Policy 11.1 Land Referrer Policy support for CSS Ethan -- 100% 75% -- --
  • Dec 4
    • patches are under review. dbaron has provied feedback to change patches. turns out to be more complex than originally intended because of servo code. tnguyen is working on patch this week.
  • Jan 22
    • No resources or status to score OKR
11.2 Land Referrer Policy support for downloads Ethan -- 100% 80% -- --
  • Dec 4
    • patches are waiting for review. have been waiting for review for 7+ days.
  • Jan 22
    • No resources or status to score OKR
12. Provide Firefox users an approach to protect against browser fingerprinting 12.1 Ship Fingerprinting Resistance MVP (parity with Tor Browser) in Firefox 59 Ethan -- 75% 75% -- --
  • Technical difficulties- solutions for Tor browsers are under review and have not yet received a review+
  • Dec 4
    • 2 out of 3 bugs remaining to be fixed
  • Jan 22
    • No resources or status to score OKR
12.2 Deliver a development plan for Fingerprinting Resistance Phase 2 (to improve the feature by minimizing web breakages and being more user-friendly) Ethan -- 100% 80% -- --
  • Document to be done
  • Dec 4
    • regular triage meeting is in place.
      • 1/4th of bugs have been triaged
      • one more triage during all hands
      • concern is that not enough bugs will be triaged to give a complete development plan. Team is still confident that they can provide a draft development plan by end of quarter.
  • Jan 22
    • No resources or status to score OKR
Retrieved from "https://wiki.allizom.org/index.php?title=Firefox/Privacy_and_Security_Front-End/OKRs/2017Q4&oldid=1187356"