Comments for Blog of Metrics

Comment on Comparing the Bias in Telemetry Data vs The Typical Firefox User by engineering videos

engineering videos — Tue, 10 Jan 2012 04:12:06 +0000

That’s great news thank you

Comment on Understanding DNT Adoption within Firefox by Mook

Mook — Sat, 10 Sep 2011 04:27:28 +0000

I’m sorry, I didn’t realize the header was missing half of the phrase “do not track me in a personally identifiable way”, instead of what it says on the tin, “do not track”.

I don’t care if that information is not potentially identifying information; all I care about is if I’m being tracked in any way.

Again, my feelings on this is particular to Mozilla – with Google or Omniture, I can expect to be tracked and respond accordingly (by blocking access or other local means). My problem was merely that Mozilla is doing things that are against its expressed value system.

Comment on Understanding DNT Adoption within Firefox by deinspanjer

deinspanjer — Fri, 09 Sep 2011 19:49:22 +0000

We are *not* tracking anything about the users themselves. We are only monitoring how many requests are coming in to our site with the DNT feature enabled.
DNT is a complex thing to define, and it is still a source of considerable discussion. I’d suggest downloading the DNT field guide and reading through it. The background and definitions are very useful.

As far as the data in the logs that were used to generate this analysis, it is important to consider that, other than the IP address, there is no potentially identifying information (PII), and we are not building a user profile or compiling usage on a user basis to track the activity or choices of a user over time. I believe that, since we are doing none of those user tracking things, the analysis that we are doing with this data falls well outside what most people expect to be protected from when they turn DNT on.

Comment on Understanding DNT Adoption within Firefox by Ferdinand

Ferdinand — Fri, 09 Sep 2011 19:47:18 +0000

Glad to be corrected and I hope my stupid comment prevents other people from looking stupid

Comment on Understanding DNT Adoption within Firefox by deinspanjer

deinspanjer — Fri, 09 Sep 2011 19:24:44 +0000

Oh, I see that my original comment was stuck in the moderation queue. That sucks. :/

Comment on Understanding DNT Adoption within Firefox by deinspanjer

deinspanjer — Fri, 09 Sep 2011 19:21:47 +0000

The rainbow table is a valid concern in this day of clusters large enough to theoretically pull it off. That said, if the salt is large and randomly generated every day, it would not be a very feasible thing to do.

There are two possible threats that we were looking to solve and one non-threat:
1. Data theft — If someone managed a break in and they could download the TBs of data, we want to make it as difficult as is reasonably possible to prevent them from seeing IPs.
2. Data acquisition — If Mozilla were subpoenaed or otherwise required to hand over any available data about a particular IP address, we would like to have as little capability and liability to do that as is reasonable.
x. Data misuse — Any reasonably implemented strategy should prevent misuse by Mozilla itself, including the potential for a change of policy that would open up old data to be used in ways that were not originally planned.

The hashing strategy is likely to have handled all three of these concerns, but as I mentioned above, it turned out to be safer and simpler to avoid using hashing at all.

@Wladimir — Setting aside rainbow tables, the hashing strategy that was originally described was specifically designed to prevent the ability to look up a particular IP address. If you salt the hash with a good random salt that is generated every day and is *not* kept around after that day is passed, then you would not be able to do a lookup the way you describe.

Comment on Understanding DNT Adoption within Firefox by Jason

Jason — Fri, 09 Sep 2011 18:12:47 +0000

There’s something ironic about tracking the adoption of Do Not Track but I can’t quite put my finger on it…

Comment on Understanding DNT Adoption within Firefox by Danny Moules

Danny Moules — Fri, 09 Sep 2011 09:46:20 +0000

Indeed… if the IP were salted with some secret data that would be more helpful, since you would need to know the salt first. Still, ‘security by obscurity’ and all that.

Is ‘anonymised’ data also deleted after 6 months?

Anyway it’s interesting to see the ~linear increase in adoption after the pref was exposed in the menus. I feel like we should do that more often. There’s so many handy features of Fx that are relegated to the ‘about:config’ tab which I’m sure people would use if they knew the features existed.

Comment on Understanding DNT Adoption within Firefox by Wladimir Palant

Wladimir Palant — Fri, 09 Sep 2011 08:44:10 +0000

@Ferdinand: Maybe you should better read what Jim said because he is right. Creating a rainbow table for all possible IP addresses to revert the hashing isn’t unthinkable. Also, if somebody wants to check the activity of a particular IP address then hashing won’t help: hash the IP address, then look up all the log entries for this hash. So while hashing definitely helps it isn’t the ideal solution.

Comment on Understanding DNT Adoption within Firefox by Dis

Dis — Fri, 09 Sep 2011 06:13:22 +0000

@Ferdinand I think Jim is referring to the fact that with only 2^32 possible inputs (less actually), it’s fairly easy to calculate the hashes for all of them in a few seconds. See: https://en.bitcoin.it/wiki/Mining_hardware_comparison#Single_Card_Setups