[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Fwd: Intent to Ship: 3rd Party Install Tracking

To: tor-dev@xxxxxxxxxxxxxxxxxxxx, Amogh Pradeep <amoghbl1@xxxxxxxxx>
Subject: [tor-dev] Fwd: Intent to Ship: 3rd Party Install Tracking
From: Nathan Freitas <nathan@xxxxxxxxxxx>
Date: Wed, 18 Mar 2015 14:35:24 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Mar 2015 14:35:37 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Another thing to remove/disable from Tor Browser "Mini" (aka Orfox)... 

----- Original message -----
From: Mark Finkle <mfinkle@xxxxxxxxxxx>
To: "mobile-firefox-dev@xxxxxxxxxxx" <mobile-firefox-dev@xxxxxxxxxxx>,
"dev-platform" <dev-platform@xxxxxxxxxxxxxxxxx>
Subject: Intent to Ship: 3rd Party Install Tracking
Date: Wed, 18 Mar 2015 14:28:57 -0400

We wanted to start some transparency around a new integration coming to
Firefox on Mobile [1]. We are planning to integrate a 3rd party install
tracking SDK from a company called Adjust [2] which will send data,
possibly device identity data [3], to a 3rd party server. We don't do
this
very much at Mozilla so we wanted to be proactive about messaging.

There are good reasons for wanting to collect the data. Our marketing
and
growth goals for 2015 will require spending non-trivial amounts of
money.
The data will help us spend the money responsibly and efficiently.
Advertising metrics on Mobile is not as simple as some Desktop systems.
On
Desktop, we can do most of this using the download links on our web
pages.
Mobile installs come from App Stores, and it's harder to integrate into
those system.

This is Mozilla, so we are worried about integrating the SDK from a
privacy
and tracking concern. The goal is to limit the data to non-PII sensitive
information and we'll only allow the data to be pushed once, on an
INSTALL_REFERRER intent [4] sent when Firefox for Android is first run
after being installed from the Play Store, and only when the install is
coming from an advertising campaign. No other data will be sent at any
other time. Normal installs from the Play Store would not have any data
collected.

We still need to audit the open source SDK to see exactly what data is
sent
and how it's collected. We also have started doing a
security/privacy/legal
audit of the vendor and their collection/storage practices.

Just a note, this is not the first attempt to add such 3rd party data
collection to Firefox on Mobile. The other attempts did not happen
because
we found flaws in the systems or the system failed to meet our concerns
about privacy. The proposed system seems to have a decent chance of
passing
our audits around privacy and security, so it's time to open the
discussion
to a wider audience.

Here are some other notes about the Adjust system:

* This is an open source SDK, fully transparent, based in Germany,
widely
adopted and regarded, beholden to the strictest EU privacy standards.
* We will collect the absolute minimum data, once, to measure for
install.
Weâll know exactly what data is being passed.
* Weâre paying for the SDK and service, which is good because the
vendor's
model is not based on monetizing our data in aggregate to develop
behavioral segments for other advertisers.
* This will allow real-time optimization of marketing dollars, much like
virtually all major mobile apps do, and much like we have already been
able
to do on paid marketing desktop for quite some time
* We likely use this system until we can figure out how to do it by
ourselves, in house. Until then, we need to be pragmatic.

This is just a heads up email. We want the effort to be open and
transparent. Questions and comments welcome.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1143888
[2] https://github.com/adjust/android_sdk
[3] The SDK requires the use of the Google Advertising ID to uniquely
track
the device
[4] https://github.com/adjust/android_sdk/blob/master/doc/referrer.md
_______________________________________________
mobile-firefox-dev mailing list
mobile-firefox-dev@xxxxxxxxxxx
https://mail.mozilla.org/listinfo/mobile-firefox-dev

-- 
  Nathan of Guardian
  nathan@xxxxxxxxxxxxxxxxxxxx
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: Re: [tor-dev] TBB for Ubuntu Touch?
Next by Author: [tor-dev] Fwd: [guardian-dev] Orbot v15 alpha 5 is out: MeekObfs4VPNQRCodez!
Previous by thread: [tor-dev] #15349 Symbol "str_tools" not defined "Tortoise and the Hare" tutorial's script.
Next by thread: [tor-dev] Producing automated screencasts for Tor Browser
Index(es):
- Author
- Thread