Mozilla F1 Privacy policy data collection, analysis, and retention

F1 is an experiment by Mozilla to understand how people like to share links they find on the web. It consists of an add-on for Firefox and a web service, with which Firefox users can easily send links and commentary about those links to their contacts on a variety of service providers. In this beta phase, three services are provided: Twitter, Facebook, and Gmail. F1 uses OAuth to ask the user for permission to access their profile data on these services, and to send messages on their behalf each time they choose to share a link.

Data collection

Authentication Data

To use F1, the user authenticates F1 to their service provider (gmail, twitter, facebook, etc.). Doing so results in the service provider sending F1:

• the user's username on the service
• the user's userid
• the user's profile information, including their name and profile image. The kind of data included in the profile will differ from service to service, but typically does include personally identifiable information by design, including name, email addresses and userids.
• OAuth "tokens" which F1 can then use to do later authorized transactions on the user's behalf (tweeting, posting on a wall, emailing).

In order to function, F1 needs to store all of the above information to be able to send on the user's behalf without asking for a reauthorization each time.

Sharing Data

When a user sends a link, information about the action is stored, including: who sent it, to whom was it sent, using what service, when, and including the message and the link.

Mozilla collects this information to understand the usage of the service, and to improve it. Mozilla will not look at individual records, but instead run aggregate queries on data sets to understand the usage of the service on a population basis. Example aggregate analyses include: general number of shares/day, number of users/day, which service is more popular when, what is the distribution of number of sharing events per day per user.

Publication of the data

Mozilla will not publish any individual records from this service. We will publish summary graphs showing aggregate service usage.

Data retention

Sharing data records will be discarded after 30 days. Authentication data is retained forever, but users can revoke the authentication of F1 by their service provider using links provided by the F1 user interface.

URL Shortening via bit.ly

When sharing via twitter, F1 shortens the URLs so that users have more room for their own words in the tweets. F1 currently uses the bit.ly service to do that shortening and redirection. See http://bit.ly/pages/terms-of-service for the terms of service of bit.ly and http://bit.ly/pages/privacy for their privacy policy