With the release of Firefox 21, Mozilla created what's called the Firefox Health Report, which will supposedly...
collect Firefox usage data that will be publically available, including data pertaining to security issues with the browser. My first question is how can IT security teams potentially use this data to improve security if they are using Firefox? I'm also wondering if there is any downside to the way Mozilla collects this data, and if we should disable the feature until we have a full understanding of what Mozilla is collecting?
Ask the Expert
SearchSecurity expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)
The Firefox Health Report is intended to help both users and Mozilla improve browser performance and stability. Mozilla says collecting specific data could help uncover patterns of problems in Firefox, determine whether reported incidents are isolated to specific browser configurations and help provide better support information for users. The report will also benefit users as they will be able to check the relative health and performance of their browser and its components against other instances of Firefox.
The Firefox Health Report dashboard built into Firefox covers five categories of metrics, shows the browser's performance and health -- both in absolute terms and in comparison to the global Firefox user base -- and offers advice on how to improve performance. For example, users can see whether a problem is unique to their installation or related to a particular add-on, and whether upgrading to the next version is likely to solve their problem.
The data collected is specific to a given browser instance and includes information such as the device's operating system, number of processors, Firefox version, and the number and type of add-ons. Information which could directly identify a user, like email addresses, websites visited and search details, will not be collected. For those who need to know exactly what is being sent before participating, the Raw Data tab in the Firefox Health Report shows the actual data that is being sent to Mozilla.
The Firefox Health Report also collects the data that is sent in crash reports. These are used to analyze which Firefox code was active at the time of the crash. Though crash reporting starts automatically after Firefox crashes, it does not send information to Mozilla until authorized to do so. Usage statistics, or telemetry, is also turned off by default and includes performance and responsiveness statistics about user interface features memory, and hardware configuration. These statistics are stored in an aggregate form and made available to a range of developers.
Users who don't want to send Firefox Health Report data to Mozilla -- it's collected by default -- can easily turn it off from the top of any FHR page or from the Data Choices section in the Firefox Options window. When sharing is turned off, Firefox not only stops sending information about the browser to Mozilla but also sends a request to the Mozilla servers to delete any previously submitted information. This request is processed immediately after being successfully received. Individual browser data is deleted after 180 days. Users who turn off sharing will still be able to see their own browser health information and view the comparison data from other browsers that are sharing their data.
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.