{"id":2443,"date":"2019-06-06T12:47:15","date_gmt":"2019-06-06T19:47:15","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2443"},"modified":"2019-06-06T12:47:15","modified_gmt":"2019-06-06T19:47:15","slug":"next-steps-in-privacy-preserving-telemetry-with-prio","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/","title":{"rendered":"Next steps in privacy-preserving Telemetry with Prio"},"content":{"rendered":"<p>In late 2018 Mozilla conducted <a href=\"https:\/\/hacks.mozilla.org\/2018\/10\/testing-privacy-preserving-telemetry-with-prio\/\">an experiment<\/a> to collect browser Telemetry data with <a href=\"https:\/\/crypto.stanford.edu\/prio\/\">Prio<\/a>, a privacy-preserving data collection system developed by Stanford Professor <a href=\"http:\/\/crypto.stanford.edu\/~dabo\/\">Dan Boneh<\/a> and PhD candidate <a href=\"https:\/\/www.henrycg.com\/\">Henry Corrigan-Gibbs<\/a>. That experiment was a success: it allowed us to validate that our Prio data collections were correct, efficient, and integrated well with our analysis pipeline. Today, we want to let you know about our next steps in testing data collection with Prio.<\/p>\n<p>As part of <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Firefox\/Privacy\/Tracking_Protection#What_is_tracking_protection\">Content Blocking<\/a>, Firefox will soon include <a href=\"https:\/\/blog.mozilla.org\/blog\/2019\/06\/04\/firefox-now-available-with-enhanced-tracking-protection-by-default\/\">default protections against tracking<\/a>. Our protections are built on top of a blocklist of known trackers. We expect trackers to react to our protections, and in some cases attempt to work around them. We can monitor how our blocklists are applied in Firefox to detect these workarounds.<\/p>\n<p>However, directly monitoring how our blocklists are applied would require data that we feel is too sensitive to collect from release versions of Firefox. That\u2019s why Prio is so important: it allows us to understand how our blocklists are applied across a large number of users, without giving us the ability to determine how they are applied in any individual user\u2019s browser or on any individual page visit.<\/p>\n<p>To support this we\u2019ve developed <a href=\"https:\/\/firefox-source-docs.mozilla.org\/toolkit\/components\/telemetry\/telemetry\/collection\/origin.html\">Firefox Origin Telemetry<\/a>, which is built on top of Prio. We will use Firefox Origin Telemetry to collect counts of the number of sites on which each blocklist rule was active, as well as counts of the number of sites on which the rules were inactive due to one of our <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Firefox\/Privacy\/Storage_access_policy#Storage_access_grants\">compatibility exemptions<\/a>. By monitoring these statistics over time, we can determine how trackers react to our new protections and discover abuse.<\/p>\n<p>In the next phase of testing we need validate that Firefox Origin Telemetry works at scale. To provide effective privacy, Prio requires that two independent parties each process a separate portion of the data &#8212; a requirement that we will not satisfy during this test. As in our <a href=\"https:\/\/hacks.mozilla.org\/2018\/10\/testing-privacy-preserving-telemetry-with-prio\/\">initial test<\/a>, we will run both data collection servers ourselves to complete end-to-end testing prior to involving a second party. That\u2019s why we are running this test only in our pre-release channels, which we know are used by a smaller audience that has chosen to help us test development versions of Firefox. We\u2019ve ensured that the data we\u2019re collecting falls within our <a href=\"https:\/\/wiki.mozilla.org\/Firefox\/Data_Collection#Data_Collection_Categories\">data collection policies<\/a> for pre-release versions of Firefox, and we\u2019ve chosen to limit the collection to 1% of Firefox Nightly users, as this is all that\u2019s necessary to validate the API.<\/p>\n<p>We expect to start this test during our Nightly 69 development cycle. Collecting this data in a production environment will require an independent third party to run one of the servers. We will provide further updates once we have such a partner in place.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In late 2018 Mozilla conducted an experiment to collect browser Telemetry data with Prio, a privacy-preserving data collection system developed by Stanford Professor Dan Boneh and PhD candidate Henry Corrigan-Gibbs. &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/\">Read more<\/a><\/p>\n","protected":false},"author":1597,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69],"tags":[],"coauthors":[320791],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Next steps in privacy-preserving Telemetry with Prio - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Steven Englehardt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/\",\"name\":\"Next steps in privacy-preserving Telemetry with Prio - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2019-06-06T19:47:15+00:00\",\"dateModified\":\"2019-06-06T19:47:15+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/4e57438e5a1cb316da982a0053c6ed53\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Next steps in privacy-preserving Telemetry with Prio\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/4e57438e5a1cb316da982a0053c6ed53\",\"name\":\"Steven Englehardt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/921e0113c6856efe3f1960058729d00f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4013c3a1151063bb911608e4c8dc6f23?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4013c3a1151063bb911608e4c8dc6f23?s=96&d=identicon&r=g\",\"caption\":\"Steven Englehardt\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Next steps in privacy-preserving Telemetry with Prio - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/","twitter_misc":{"Written by":"Steven Englehardt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/","url":"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/","name":"Next steps in privacy-preserving Telemetry with Prio - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2019-06-06T19:47:15+00:00","dateModified":"2019-06-06T19:47:15+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/4e57438e5a1cb316da982a0053c6ed53"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2019\/06\/06\/next-steps-in-privacy-preserving-telemetry-with-prio\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Next steps in privacy-preserving Telemetry with Prio"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/4e57438e5a1cb316da982a0053c6ed53","name":"Steven Englehardt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/921e0113c6856efe3f1960058729d00f","url":"https:\/\/secure.gravatar.com\/avatar\/4013c3a1151063bb911608e4c8dc6f23?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4013c3a1151063bb911608e4c8dc6f23?s=96&d=identicon&r=g","caption":"Steven Englehardt"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2443"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1597"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2443"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2443\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2443"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}