Privacy/Reviews/Affiliates 2.0
Contents
Document Overview
See example https://wiki.mozilla.org/Privacy/Reviews/TogetherJS if needed.
| Feature/Product: | Affiliates 2.0 |
| Projected Feature Freeze Date: | 2014/04/01 |
| Product Champions: | Chelsea Novak, Justin Crawford |
| Privacy Champions: | Curtis Koenig |
| Security Contact: | Simon Bennetts |
| Document State: | [DONE] |
Timeline:
| Architectural Overview: | N/A |
| Recommendation Meeting: | N/A |
| Review Complete ETA: | 2014-04-23 |
Architecture
In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described.
The main objective of this feature/product is:
This project (codename: Affiliates 2.0) will redesign the (existing) Affiliates website to match Mozilla's current style guide, bring its technology stack up to modern standards, and add numerous features requested by users of the site. It supports organization-wide goals for increasing the size of Mozilla's contributor community and increasing awareness, adoption and usage of Mozilla's products.
Design Documents:
https://bugzilla.mozilla.org/show_bug.cgi?id=972909
Components
Describe any major components in the system and how they interact. Also include any third-party APIs (those Mozilla does not control) and what type of data is sent or received via those APIs.
Affiliates Web Application
This component recruits and registers new affiliates, stores unique information about them, allows them to configure banners for their own web sites, serves those banners to viewers of affiliate-owned web sites, and provides some additional features to logged-in affiliates.
The tables below simply summarize the data encountered by this component.
Stored Data:
| What | Where |
|---|---|
| PII provided by affiliates: name, URL, bio, email address | in MySQL database in a Mozilla datacenter |
| Metrics about performance of affiliate links and other similar derived data | in MySQL database in a Mozilla datacenter |
Communication with Affiliates Web Application
| Direction | Message | Data | Notes |
|---|---|---|---|
| In: | GET (from web browser) | URL (of affiliates.mozilla.org page) | |
| In: | POST (from web browser) | URL (of affiliates.mozilla.org profile edit page), field names and data as described in 'Stored Data' above | |
| In: | HTTP RESPONSE (to Google Analytics API request) | Metrics (in JSON or XML) related to individual or aggregate performance of affiliate banners on affiliate-owned web sites | |
| Out: | HTTP RESPONSE (to web browser) | Application layouts, content, images, scripts | |
| Out: | GET (to Google Analytics API) | Banner id(s), optionally other parameters to shape the result (time span, limit, offset, etc.) |
Persona
This component identifies and authenticates people signing up or signing in to the affiliates.mozilla.org website.
Further elaboration or review of this component is presumed beyond the scope of this project.
Google Analytics
This component captures data about the performance of affiliate links on affiliate-owned websites, as well as data about usage of the affiliates.mozilla.org website.
Further elaboration or review of this component is presumed beyond the scope of this project.
User Data Risk Minimization
In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.
Alignment with Privacy Operating Principles
In this section, the privacy champion will identify how the feature lines up with Mozilla's privacy operating principles.
See Also: Privacy/Roadmap_2011#Operating_Principles:
Principle: Transparency / No Surprises
This feature is not changing for the current Affiliats model of data collection and all data collected is given voluntarily.
Recommendations:
Principle: Real Choice
An affiliate can choose to terminate the relationship and thus data would no longer be collected.
Recommendations:
Principle: Sensible Defaults
Only data neccessary to the operation of the system is being collected.
Recommendations:
Principle: Limited Data
Only the minimum data as outlied by the Affiliates Agreement and Mozilla Privacy Policy is being gathered. Recommendations:
Follow-up Tasks and tracking
| What | Who | Bug | Details |
|---|---|---|---|
| [DONE] public comments open | Curtisk | 2014-04-07 |
