2014-01-22 17:47:15 -08:00
|
|
|
.. _healthreport:
|
|
|
|
|
|
|
|
|
|
=====================
|
|
|
|
|
Firefox Health Report
|
|
|
|
|
=====================
|
|
|
|
|
|
|
|
|
|
``/services/healthreport`` contains the implementation of the
|
|
|
|
|
``Firefox Health Report`` (FHR).
|
|
|
|
|
|
|
|
|
|
Firefox Health Report is a background service that collects application
|
|
|
|
|
metrics and periodically submits them to a central server. The core
|
|
|
|
|
parts of the service are implemented in this directory. However, the
|
|
|
|
|
actual XPCOM service is implemented in the
|
|
|
|
|
:ref:`data_reporting_service`.
|
|
|
|
|
|
|
|
|
|
The core types can actually be instantiated multiple times and used to
|
|
|
|
|
power multiple data submission services within a single Gecko
|
|
|
|
|
application. In other words, everything in this directory is effectively
|
|
|
|
|
a reusable library. However, the terminology and some of the features
|
|
|
|
|
are very specific to what the Firefox Health Report feature requires.
|
|
|
|
|
|
|
|
|
|
.. toctree::
|
|
|
|
|
:maxdepth: 1
|
|
|
|
|
|
|
|
|
|
architecture
|
|
|
|
|
dataformat
|
Bug 968419 - Store and submit a persistent health report identifier; r=rnewman, r=bsmedberg
Up to this point, Firefox Health Report has generated and submitted a
random UUID with each upload. Generated UUIDs were stored on the client.
During upload, the client asked the server to delete all old UUIDs.
Well-behaving clients thus left at most one record/ID on the server.
Unfortunately, clients in the wild have not been behaving properly. We
are seeing multiple documents on the server that appear to come from the
same client. Clients are uploading new records but failing to delete the
old ones. These old, undeleted "orphan" records are severely impacting
the ability to derive useful knowledge from FHR data because it is
difficult, resource intensive, and error prone to filter the records on
the server. This is undermining the ability for FHR data to be put to
good use.
This patch introduces a persistent client identifier. When the client is
initialized, it generates a random UUID. That UUID is persisted to the
profile and sent as part of every upload.
For privacy reasons, if a client opts out of data submission, the client
ID will be reset as soon as all remote data has been deleted.
We still issue and send upload IDs. They exist mostly for forensics
purposes so we may log client behavior and more accurately determine
what exactly misbehaving, orphan-producing clients are doing.
It is worth noting that this persistent client identifier will not solve
all problems of branching and orphaned records. For example, profile
copying will result in multiple clients sharing a client identifier. A
"client ID version" field has been added to facilitate an upgrade path
towards client IDs with different generation semantics.
--HG--
extra : rebase_source : b761daab39fb07b6ab8883819d68bf53462314a0
2014-02-20 11:30:52 -08:00
|
|
|
identifiers
|
2014-01-22 17:47:15 -08:00
|
|
|
|
|
|
|
|
Legal and Privacy Concerns
|
|
|
|
|
==========================
|
|
|
|
|
|
|
|
|
|
Because Firefox Health Report collects and submits data to remote
|
|
|
|
|
servers and is an opt-out feature, there are legal and privacy
|
|
|
|
|
concerns over what data may be collected and submitted. **Additions or
|
|
|
|
|
changes to submitted data should be signed off by responsible
|
|
|
|
|
parties.**
|