Firefox/Privacy and Security Front-End/OKRs/2017Q4: Difference between revisions

Latest revision as of 23:17, 24 January 2018

Overall Q4 Score: 68.47%

Out of the 20 Key Results, the team was able to score 17 of them. The overall q4 score was an average of the 17 scored Key Results.

Not noted in the OKR table: The Privacy Diary Study was completed. The goal of the study was to understand what causes people to perceive privacy threats in their everyday lives and how they deal with these threats. It's intended to give the team a general picture of what people's privacy needs, motivations and misconceptions are, and it can inform a broad range of existing projects. We think it'll be most relevant to the "super private browsing" mode initiative this year. It could also help to the team to think about new opportunities for helping users.

2017Q4 OKR Progress

Objective	Key Result	Champion	Confidence	Tracking/Meta Bug	Notes
Oct 30	Nov 13	Dec 4	Dec 11	Score (Jan 22)
1. Protect users from password theft and stay competitive (Phishing protection)	1.1 Complete three of the seven password phishing sub-tasks required to complete this objective.	Francois	--	--	--	--	67%	https://bugzilla.mozilla.org/show_bug.cgi?id=1384738	Oct 30 Almost completed first task. Dec 19 Completed the first task. Almost done with the second task. Postponed the bulk of the third task to next quarter. Jan 22 2 out of the 3 subtasks completed. Note that scope has changed from 7 subtasks to 3 subtasks.
2. Solidify 2018 strategy and approach to tracking	2.1 Complete in-flight studies and analysis on engagement and retention differences with tracking protection (with various positioning)	Pdol	85%	--	--	--	50%	Tracking Protection Pref Flip Study Tracking Protection UI Study	Oct 30 Onboarding study for Tracking Protection UI is delayed Jan 22 1 out of 2 studies was completed and analyzed. Tracking Protection UI study is delayed.
2. Solidify 2018 strategy and approach to tracking	2.2 Obtain agreement from product, engineering and business stakeholders for what specifically will ship in the subsequent quarters	Pdol & Wennie	--	--	--	--	15%	N/A	Jan 22 Clarified ad strategy according to the Play to Win strategy. Pdol returned from pat leave in Q1 and composed presentation that being circulated with leadership team. No confirmed plans yet on what will ship in 2018.
3. Improve Private Browsing Mode	3.1 Add 2 additional privacy protections in Private Browsing Mode (and available in regular mode).	Tanvi & Luke	50%	--	--	--	45%	Disable third party cookies in Private Browsing Mode Strip referrer to origin only in Private Browsing Mode	Jan 22 Team implemented Bug 587523 - "referer to origin only" in Private Browsing Mode in Q4. Patch landed in Q1 fx 59.
3. Improve Private Browsing Mode	3.2 Lightbeam / Containers bug fixes and maintenance	Jkt	--	--	--	--	100%	Containers Cleanup	Jan 22 Team nominated and prioritized dependent bugs and fixed bugs accordingly. Ex. Containers fixes landed in fx 57 and fx 58.
4. Develop a process to burn down sec-critical and sec-high bugs	4.1 Consistently maintain less than x number of sec-high and sec-critical bugs in monthly basis	Wennie	80%	--	--	--	100%	Proposed Process: Security/Firefox/Security Bug Triage Process	Oct 30 Process description is done. Will share it with team Jan 22 SecEng Team triaged Q4 sec-high and sec-critical bugs. Wennie has circulated "bug nomination" process to security leadership (ekr, selena,etc.).
5. Make Firefox Privacy controls/options more intuitive	5.1 Ensure our privacy and security setting UI match the users’ mental model and work as expected.	Johann	--	--	--	--	100%	Overview of Site Storage Site Storage - Current State and Proposals	Jan 22 Johann audited all options and presented it to the team.
	5.2 Update individual UI components that don’t do what they appear to do (either from a user’s perspective, from the platform perspective, or both)	Johann	--	--	--	--	80%	UX spec for Privacy Preferences UI Redesign improved UI for clearing site storage data	Jan 22 Jacqueline and Johann created design mock up that was 80% done.
	5.3 Doorhanger for Google Hangout Permissions	Johann	--	--	--	--	90%	1333468 - Implement "Device Accessible" privacy indicator (spec requirement)	Jan 22 Johann has uploaded a patch for this bug. Blocked on platform pieces. When platform piece is ready, Johann will update his patch and land it.
6. Enable Firefox developers to write secure code by default. (Security by Default)	6.1 Set the correct triggering principal for top-level loads by completing 12 remaining bugs.	Christoph & Kate	--	--	0%	--	7%	1333030 - meta Assert nsDocShell::loadURIWithOptions receives a non null triggeringPrincipal	Dec 13 12 remaining bugs Jan 22 Much of the ground work was completed in Bug 1374741. This bug is 90% complete.
7. Enable web developers to produce secure web sites through use of relevant web standards, increased test coverage via web-platform tests & parity with other browsers	7.1 Update Mixed Content Implementation per Spec	Christoph & Kate	--	--	--	--	30%	part 1: where did we differ from the spec (30% of work) part 2: implementing the differences from the spec (70% of work)	Jan 23 Part 1 is complete. Part 2 was never started.
	7.2 Land CSP Violation reports and enable web-platform tests	Ethan/ Christoph	--	75%	100%	--	90%	Bug 1432523- Switch pref to enable CSP violation reports	already have patch and has been reviewed. Spec is missing core aspects. Email thread circulating. Might have to revise spec. 12/4 patches have landed in 59. team has filed bugs the missing core aspects Bug ID: 1418241, 1418246, 1418243, 1418236 Jan 23 Bugs 1418236, 1418241, 1418246 have not landed yet. Moreover, after all dependent bugs land, we would need to enable the pref Bug 1432523 Bugs that have landed in nightly have enable web platform tests that provide a huge benefit additional test coverage across browsers. Therefore we are scoring this at 90%.
	7.3 Land CSP worker-src	Christoph	--	--	--	--	100%	Bug 1302667 - CSP: Implement 'worker-src'	Jan 23 Bug was fixed in Fx 58.
8. Protect users from data: URI phishing attacks	8.1 Enable toplevel data: URI navigation blocker	Christoph	--	--	--	--	100%	1401895 - Block top-level navigations to data: URIs Blog Post	Jan 23 Bug was fixed in 59. Blog post went out when fixed.
9. Enable Firefox developers to query referrer (including policy) information from a single source of truth.	9.1 Revamp referrer policy setup	~~Tanvi~~ Christoph	--	--	--	--	10%	N/A	Jan 22 Initial document is here. Francois and Christoph sat down with Thomas (TPE) and went over document because there were missing pieces. They sketched out a plan during a whiteboard session addressing the concerns but no documentation of event. No implementation work has started.
10. Lay foundation for shipping Breach Alerts	10.1 File all bugs for the shipment MVP with published UI spec	Nihanth	--	--	--	--	--	N/A	Jan 22 Goals have changed due to scope and resources. Team focused on back-end implementation and standing up an add-on prototype. UI spec has not started and was deprioritized for now.
11. Improve Firefox privacy by implementing W3C spec of Referrer Policy	11.1 Land Referrer Policy support for CSS	Ethan/ Christoph	--	100%	75%	--	80%	Bug 1330487 - Implement referrer policy for CSS	Dec 4 patches are under review. dbaron has provied feedback to change patches. turns out to be more complex than originally intended because of servo code. tnguyen is working on patch this week. Jan 22 TPE resource was working on this. Bug is almost completed but resource was pulled off this project.
	11.2 Land Referrer Policy support for downloads	Ethan/ Christoph	--	100%	80%	--	100%	Bug 1073187 - add referrer policy support to Downloads.jsm	Dec 4 patches are waiting for review. have been waiting for review for 7+ days. Jan 22 Bug landed in fx 59.
12. Provide Firefox users an approach to protect against browser fingerprinting	12.1 Ship Fingerprinting Resistance MVP (parity with Tor Browser) in Firefox 59	Ethan	--	75%	75%	--	--	Dashboard of Anti-Fingerprinting MVP	Technical difficulties- solutions for Tor browsers are under review and have not yet received a review+ Dec 4 2 out of 3 bugs remaining to be fixed Jan 22 No resources or status to score OKR
	12.2 Deliver a development plan for Fingerprinting Resistance Phase 2 (to improve the feature by minimizing web breakages and being more user-friendly)	Ethan	--	100%	80%	--	--	Document to be done	Dec 4 regular triage meeting is in place. 1/4th of bugs have been triaged one more triage during all hands concern is that not enough bugs will be triaged to give a complete development plan. Team is still confident that they can provide a draft development plan by end of quarter. Jan 22 No resources or status to score OKR

Firefox/Privacy and Security Front-End/OKRs/2017Q4: Difference between revisions

Latest revision as of 23:17, 24 January 2018

Overall Q4 Score: 68.47%

2017Q4 OKR Progress

Navigation menu

Search