Full Disclosure mailing list archives
Re: Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla
From: Martijn Broos <martijn.broos () traxion com>
Date: Fri, 10 Feb 2012 16:52:53 +0100
Hi, I can imagine that developers want to have a clue what they need to repair. I only have a problem the way they do it and the way my behavior is exposed without possible influence. Let's say for the sake of argument, that 20% on similar hardware have a problem with loading times and the developers have the metrics to prove so (waiting times, load times, scripts I use, etc...) Would the conclusion be, that Firefox is at fault? - What if the major part of that % is living in a certain continent? - What if the major % has the same ISP? - How is the spread of OS usage? - etc, etc.... Without the surrounding parameters known, you have a pile of bytes instead of DATA (people tend to mix those definitions). Of course you could make "fuzzy" statistics out of it, but like most mathematicians know: statistics prove predetermined conclusions. Still would a 5% speed increase weigh up to the privacy of 200 million users? Like in the bugtrack stated. If my instance of firefox is PII bound, you can trace my laptop, determine behavior, etc... And to conclude: Modzilla states they don't intent to use the data in any other way: I have a couple of questions about the intent: - Will that intent stay the same throughout the future? The intent can easily be changed when money gets involved. - What if a legal entity (like a government, The Music branch protectors(to prove that the piratebay is used so often), etc...) "kindly" requests the data with a court-order? Also take into account the following: Since 2012, the Netherlands has a new law which forbids behavior analysis by persistent cookies...All advertisement companies are now looking into device identification. Why: they can make more money when they show you the right adds. Modzilla will help them a great deal if they can offer them a PII out of stock... And I see the comments, they won't do that! Do you want to bet 1 million bugs over it that they won't do it? -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Valdis.Kletnieks () vt edu Sent: vrijdag 10 februari 2012 15:48 To: Nick Boyce Cc: full-disclosure Subject: Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla On Fri, 10 Feb 2012 03:51:53 GMT, Nick Boyce said:
OT: They should just make FF quality high and the design impeccable -
"Quality high" is always a nice concept. But there's always 5 quality issues and resources to fix only 3. Obviously, you want to fix the 3 that matter most to your users - but which 3 are they? You really can't rely on bug reports or surveys, because those tend to have a major self-selection bias. Think about it - how many people do you know that use Firefox? How many of them have had it crash or misbehave? How many of them *reported* it? Surveys have the same problem - you can't easily run a survey of users who just want to hit their sites and *do* stuff and find out what they want - because they'll just skip your survey, hit their site, and *do* stuff. Unless of course you make the survey mandatory - in which case you tick them off because you got in the way of hitting their site and doing stuff. Or "report the list of extensions and performance numbers" - it's one thing to know that users have a range of launch times. It's something else to know that 20% of users have *consistently* longer launch times on comparabie hardware. But if you have data that shows that NoScript users take a 15% launch time hit, *that* is something you can then go do something about. Similar problems for "impeccable design" - if you want a browser that Joe Sixpack will actually *use*, then you need data on how Joe actually wants to use that browser. And *asking* Joe never works - anybody who's had to do project requirements will tell you that what the user *says* they want, what they *think* they want, and what they actually need, are almost always 3 different things. No, I'm not saying it's OK for the Mozilla crew to collect PII like that - but I can certainly understand why they feel the temptation to do so... DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla . . (Feb 09)
- Re: Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla Nick Boyce (Feb 09)
- Re: Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla Valdis . Kletnieks (Feb 10)
- Re: Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla Martijn Broos (Feb 10)
- Re: Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla Valdis . Kletnieks (Feb 10)
- Re: Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla Nick Boyce (Feb 09)