This article was published on March 22, 2013

Mozilla updates Persona’s privacy policy to no longer collect data it wasn’t collecting


Mozilla updates Persona’s privacy policy to no longer collect data it wasn’t collecting

Mozilla on Friday announced it is changing its Persona privacy policy… to reflect that it’s actually not collecting the data the document claims it is. Seriously, as the company notes, most web services nowadays change their privacy policy to increase collection and use of your data, but Mozilla is doing the former and not the latter.

“In this case, you can rest easy,” Mozilla engineer Ben Adida writes. “We’re making the Mozilla Persona privacy policy better for users. We simply noticed that we claimed we were retaining data which, in fact, we do not retain. Specifically, we do not retain the list of sites you visit with Persona. We’re tightening the language of the privacy policy to state that explicitly.”

For those who don’t know, Persona is Mozilla’s answer to social networking logins offered by the likes of Facebook, Twitter, and Google+. The company revealed the BrowserID service in February 2012 and then launched a beta of the renamed Persona in September 2012. Developers can implement it for authentication across smartphones, tablets, and desktop browsers.

With this privacy policy update, Mozilla is once again underlining that it is a company that you can trust. Adida emphasized Mozilla’s privacy principles, noting that the company never collects data pre-emptively for future features, and that all its code is public. In fact, you can review the privacy policy patch Mozilla committed to its code repository on GitHub.

Unfortunately, GitHub’s format isn’t particularly easy to parse, so we threw the changes into Word and came up with this list:

  • As part of the normal operation of the Persona service, Mozilla will retain a log of which sites you have disclosed your email to. => Mozilla collects some log analytics data from your use of the Persona service so that we may improve the Persona service. We store this data separately from your personal information, and we delete individual datapoints once we have aggregated the data into useful statistics. (to reflect that data collection isn’t all encompassing)
  • Firefox => browser (to reflect that Persona isn’t just for Firefox).
  • New section: For clarity, Usage Statistics and Operational Data from your use of the Persona Service are not stored with your Personal Information. We take steps to aggregate or delete Operational Data and Usage Statistics after we no longer need it, unless we are required by law to keep it longer.
  • Your username and email address are transferred to Mozilla using encryption called SSL. => Your email address is transferred to Mozilla using encryption called SSL.
  • Your password is transferred to Mozilla using SSL encryption but is only retained by Mozilla’s servers in a hash format (which means a low level of encryption is applied). => Your password is transferred to Mozilla using SSL encryption but is only retained by Mozilla’s servers in an encrypted format (which means that it is not practically feasible to recover the password from this format).
  • Without your explicit approval and opt-in, Mozilla will only use the Usage Statistics to understand your use of the Persona Service. => Mozilla uses the Usage Statistics to understand your use of the Persona Service, unless you opt-in to share more information with us for this purpose.
  • We work with third parties who provide services (such as companies that help us determine the number of users of Persona) and content delivery networks and other services of an administrative nature. We may share Personal Information and Potentially Personal Information about you with such third parties for the purpose of enabling these third parties to provide such services. => We work with third parties who provide services and content delivery networks and other services of an administrative nature. We may share information about you with such third parties for the purpose of enabling these third parties to provide such services.

All other changes were minor verbiage adjustments or spacing changes that Git picked up on. One thing Mozilla isn’t being very open is when this policy will go into effect. The company merely says “in the next couple of weeks.”

Update:

Top Image Credit: Chris Chidsey

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with