canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Privacy/Reviews/PhonebookAPI: Difference between revisions
→Document Overview
| (9 intermediate revisions by 4 users not shown) | |||
| Line 8: | Line 8: | ||
|'''Product Champions:''' || Aakash Desai, Jishnu Menon, James Socol | |'''Product Champions:''' || Aakash Desai, Jishnu Menon, James Socol | ||
|- | |- | ||
|'''Privacy Champions:''' || | |'''Privacy Champions:''' || David Dahl | ||
|- | |- | ||
|'''Security Contact:''' || Curtis Koenig | |'''Security Contact:''' || Curtis Koenig | ||
|- | |- | ||
|'''Document State:''' || <section begin='status'/>{{ | |'''Document State:''' || <section begin='status'/>{{ok|Responses and Verification needed}}<section end='status'/> | ||
|} | |} | ||
| Line 85: | Line 85: | ||
|} | |} | ||
'''Communication with | '''Communication with Community Site/Tool (ex. Exact Target)''' | ||
* Vouched Mozillian Authorization | |||
{| class="wikitable" | |||
|- | |||
! Direction | |||
! Message | |||
! Data | |||
! Notes | |||
|- | |||
| ''In:'' | |||
| N/A | |||
| query including e-mail address | |||
| | |||
|- | |||
| ''Out:'' | |||
| N/A | |||
| is_vouched status of e-mail address | |||
| | |||
|} | |||
* Sharing of Mozillian E-mails | |||
{| class="wikitable" | {| class="wikitable" | ||
| Line 96: | Line 118: | ||
| ''In:'' | | ''In:'' | ||
| message 1 | | message 1 | ||
| | | query including specified group(s), skills or country/region/city | ||
| | | | ||
|- | |- | ||
| ''Out:'' | | ''Out:'' | ||
| message 2 | | message 2 | ||
| | | Blob of e-mail addresses corresponding to message | ||
| | |||
|} | |||
* Sharing Mozillian profile data | |||
{| class="wikitable" | |||
|- | |||
! Direction | |||
! Message | |||
! Data | |||
! Notes | |||
|- | |||
| ''In:'' | |||
| message 1 | |||
| query including specified e-mail address | |||
| | |||
|- | |||
| ''Out:'' | |||
| message 2 | |||
| Blob of Mozillian profile data: display_name, ircname, country/region/city, groups, skills, website | |||
| | | | ||
|} | |} | ||
| Line 116: | Line 158: | ||
====Principle: Transparency / No Surprises==== | ====Principle: Transparency / No Surprises==== | ||
Contributors give explicit consent by opting-in for profile sharing when they register for the service. They need to be able to see how the data is being used. | |||
''Recommendations'': ( | ''Recommendations'': It would also be helpful to show the user how their data is being shared/used via the api -- perhaps by sending them a message when a new site access the API (including a list of sites accessing their data through the api). | ||
{{ResolutionBox|{{new|Provide way for users to see which sites are accessing their data through the api and perhaps also what is being accessed}}}} | |||
====Principle: Real Choice==== | ====Principle: Real Choice==== | ||
Users have an opportunity to opt-in at registration, but should have control if they change their minds later. | |||
''Recommendations'': Expose an option in the user's "edit profile" screen to allow them control over whether their data is exposed via the API. | |||
{{ResolutionBox|{{new|Expose setting/checkbox to enable/disable sharing via this api}}}} | |||
====Principle: Sensible Defaults==== | ====Principle: Sensible Defaults==== | ||
* the sensible default action will be no sharing of profile data, which is good. | |||
''Recommendations'': | ''Recommendations'': | ||
* none | |||
====Principle: Limited Data==== | ====Principle: Limited Data==== | ||
* As all users must be logged in and vouched by other Mozillians to view profile data that is more than beyond name. This limits web/data scrapers from collecting these profiles. | |||
''Recommendations'': | ''Recommendations'': | ||
* none | |||
= Follow-up Tasks and tracking = | = Follow-up Tasks and tracking = | ||