canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Privacy/Reviews/Feature Detection API: Difference between revisions
→Follow-up Tasks and tracking
| (13 intermediate revisions by 2 users not shown) | |||
| Line 12: | Line 12: | ||
|'''Security Contact:''' || Paul Theriault | |'''Security Contact:''' || Paul Theriault | ||
|- | |- | ||
|'''Document State:''' || <section begin='status'/>{{ | |'''Document State:''' || <section begin='status'/>{{done|}}<section end='status'/> | ||
|} | |} | ||
| Line 30: | Line 30: | ||
In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described. | In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described. | ||
'''The main objective of this feature/product is:''' ( | '''The main objective of this feature/product is:''' | ||
We have a number of use cases for detecting features in the platform which are not directly detectible through the usual way of feature detection (which is |"foo" in object|) because of various reasons, such as lack of sufficient permissions, or the information not being exposed through other parts of the platform, such as the amount of memory available on the device. This information is useful for Market Place because it needs to figure out whether to offer apps that will not work for the user because of things such as lack of support for a feature, not having enough memory, etc. | |||
Note that the initial implementation of this API will be hidden behind a privilege which will only be available to the MarketPlace app. We're hoping to expose this API to unprivileged contexts once we get more experience with it. | |||
Important note: this is not designed to replace the usual feature detection practices on the Web. This is only intended to address the use cases which are not possible to satisfy using the conventional feature detection techniques because the APIs are hidden behind permissions that the calling code does not possess. | |||
'''Design Documents''': | '''Design Documents''': | ||
https://wiki.mozilla.org/WebAPI/Navigator.hasFeature | |||
== Components == | == Components == | ||
This API gives you knowledge about two separate classes of things. For the "api" namespace as described in https://wiki.mozilla.org/WebAPI/Navigator.hasFeature#.22api.22_namespace, the information is basically directly derivable from the user agent string. | |||
For the "hardware" namespace as described in https://wiki.mozilla.org/WebAPI/Navigator.hasFeature#.22hardware.22_namespace, the API queries the OS to detect the amount of physical memory available to the OS. The returned values are always powers of two (for example, 256MB, 512MB, 1GB, etc.) | |||
= User Data Risk Minimization = | = User Data Risk Minimization = | ||
This API does not expose any data describing the user. | |||
= Alignment with Privacy Operating Principles = | = Alignment with Privacy Operating Principles = | ||
| Line 88: | Line 57: | ||
====Principle: Transparency / No Surprises==== | ====Principle: Transparency / No Surprises==== | ||
The feature appears to be designed in such a way as to assist users in finding apps or services that are compatible with the hardware of their phone/tablet device. However, the use of this api outside of privelaged applications or the Marketplace application itself should be closely examined as the possibility exists such that the API could be misused to fingerprint an individual users. <br> | |||
''Recommendations'':<br> | |||
In Mozilla's use of the api we should not store this information other than for point in time usage or it should be gathered and stored in such a way that we can not identify and individual user but can still in aggregate see usage statistics for research purposes.<br> | |||
{{bug|1004123}} - Feature Detection API Transparency | |||
====Principle: Real Choice==== | ====Principle: Real Choice==== | ||
There does not appear to be a user exposed interface that allows users to choose if the request for information is appropriate.<br> | |||
''Recommendations'': | ''Recommendations'':<br> | ||
{{bug|1004106}} - Feature Detection API User Choice | |||
====Principle: Sensible Defaults==== | ====Principle: Sensible Defaults==== | ||
Consideration should be given to how the API will be used by various levels of FirefoxOS apps<br> | |||
''Recommendations'': | ''Recommendations'':<br> | ||
{{bug|1004112}} - Feature Detection API Sensible Defaults | |||
====Principle: Limited Data==== | ====Principle: Limited Data==== | ||
We should consider if an application or content request should be limited in the number of items it can request at any one time or if some items should be mutually exclusive to prevent user fingerprinting.<br> | |||
''Recommendations'': | ''Recommendations'':<br> | ||
{{bug|1004115}} - Feature Detection API Limited Data | |||
= Follow-up Tasks and tracking = | = Follow-up Tasks and tracking = | ||
| Line 115: | Line 86: | ||
! Details | ! Details | ||
|- | |- | ||
| {{ | | {{done|[https://groups.google.com/forum/#!topic/mozilla.dev.planning/Oht42COywyo Public Discussion]}} | ||
| | | Curtis | ||
| | | N/A | ||
| | | public comments colsed 2014-05-07 | ||
|} | |} | ||
[[Category:Privacy/Reviews|Template]] | [[Category:Privacy/Reviews|Template]] | ||