With the release of Firefox 21, Mozilla created what's called the Firefox Health Report, which will supposedly collect Firefox usage data that will be publically available, including data pertaining to security issues with the browser. My first question is how can IT security teams potentially use this data to improve security if they are using Firefox? I'm also wondering if there is any downside to the way Mozilla collects this data, and if we should disable the feature until we have a full understanding of what Mozilla is collecting?
Ask the Expert
SearchSecurity expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)
The Firefox Health Report is intended to help both users and Mozilla improve browser performance and stability. Mozilla says collecting specific data could help uncover patterns of problems in Firefox, determine whether reported incidents are isolated to specific browser configurations and help provide better support information for users. The report will also benefit users as they will be able to check the relative health and performance of their browser and its components against other instances of Firefox.
The Firefox Health Report dashboard built into Firefox covers five categories of metrics, shows the browser's performance and health -- both in absolute terms and in comparison to the global Firefox user base -- and offers advice on how to improve performance. For example, users can see whether a problem is unique to their installation or related to a particular add-on, and whether upgrading to the next version is likely to solve their problem.
The data collected is specific to a given browser instance and includes information such as the device's operating system, number of processors, Firefox version, and the number and type of add-ons. Information which could directly identify a user, like email addresses, websites visited and search details, will not be collected. For those who need to know exactly what is being sent before participating, the Raw Data tab in the Firefox Health Report shows the actual data that is being sent to Mozilla.
The Firefox Health Report also collects the data that is sent in crash reports. These are used to analyze which Firefox code was active at the time of the crash. Though crash reporting starts automatically after Firefox crashes, it does not send information to Mozilla until authorized to do so. Usage statistics, or telemetry, is also turned off by default and includes performance and responsiveness statistics about user interface features memory, and hardware configuration. These statistics are stored in an aggregate form and made available to a range of developers.
Users who don't want to send Firefox Health Report data to Mozilla -- it's collected by default -- can easily turn it off from the top of any FHR page or from the Data Choices section in the Firefox Options window. When sharing is turned off, Firefox not only stops sending information about the browser to Mozilla but also sends a request to the Mozilla servers to delete any previously submitted information. This request is processed immediately after being successfully received. Individual browser data is deleted after 180 days. Users who turn off sharing will still be able to see their own browser health information and view the comparison data from other browsers that are sharing their data.
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading