Persona Privacy Policy
- Personas For Firefox
- Mozilla Persona Download
- Firefox Personas Plus
- Mozilla Personal
- Mozilla Personal Address Book
- Mozilla Persona Fork
Mozilla Persona is similar to these software: Bugzilla, Litmus (Mozilla), Mozilla Skywriter and more. In this unique approach, Jed Pearson uses stuffed animals and note cards to explain how Mozilla's Persona works under the hood.
Last Updated: 06 March 2013
This privacy policy explains to what extent Mozilla Corporation (*) ('Mozilla') collects and uses information about users of Persona ('Persona Service'), where such users use the Mozilla-created servers and client.
Definitions
'Personal Information' is information that you provide to us that personally identifies you, such as your name, phone number, or email address. Except for your email address, Mozilla does not collect or require end-users of the Persona Service to furnish Personal Information.
'Non-Personal Information' is information that cannot by itself be directly associated with a specific person or entity. Non-Personal Information includes but is not limited to your computer’s configuration and which web browser you use.
'Potentially Personal Information' is information that is Non-Personal Information in and of itself but that could be used in conjunction with other information to personally identify you. For example, Uniform Resource Locators ('URLs') (the addresses of web pages) and Internet Protocol ('IP') addresses (the addresses of computers on the internet) can be Personal Information when combined with internet service provider ('ISP') records.
'Operational Data' means data regarding a user’s usage of the Services, such as access log data (such as data about when people access the service and with what piece of software). Mozilla collects Operational Data to help us so that we can ensure that we have sufficient capacity to meet user needs and otherwise to help with the operations of the Services.
'Usage Statistics' refers to the Non-Personal Information Mozilla will use to understand your use of the Service. Such information may include but is not limited to the amount of data you are storing with the service, the frequency with which you access the service, bandwidth utilization, user interaction data, and traffic shaping.
For clarity, Usage Statistics and Operational Data from your use of the Persona Service are not stored with your Personal Information. We take steps to aggregate or delete Operational Data and Usage Statistics after we no longer need it, unless we are required by law to keep it longer.
Gathering, Use and Disclosure of Transmission Data
Account Information
Before you are able to use Persona, you will be required to register. To register, the Persona Service will require the following Personal Information and Potentially Personal Information from you: an email address and password. Your email address is transferred to Mozilla using encryption called SSL. Your email address is used by us to provide you the services, such as allowing us to help you recover your account if you lose your password. Your password is transferred to Mozilla using SSL encryption but is only retained by Mozilla’s servers in an encrypted format (which means that it is not practically feasible to recover the password from this format).
Once you have registered, your password is used to help prevent unauthorized access to your account.
Data Used to Provide the Services
Mozilla receives and uses the following information for the purpose of providing and improving the Persona Service: IP address, email, date and time of accessing the Persona Service, and various operational data such as the type of client OS and browser version (which are also known as the user agent string).
Disclosure to Third Parties
The Persona Service will disclose your verified email address to a Web site of your choosing, only after you have expressly consented to such disclosure. A Web site is allowed to request a verified email address, which results in you being prompted about the site’s request. After you have agreed, the service may remember your choice, so that you may remain signed-in on the site on subsequent visits.
Mozilla will not otherwise knowingly disclose Personal Information or Potentially Personal Information to other third parties, except when required to do so, such as in order to comply with any law, regulation, or valid legal process, such as a search warrant, subpoena, statute, court order, or if necessary or appropriate to address an unlawful or harmful activity.
What Data is Analyzed by Mozilla?
Mozilla uses the Usage Statistics to understand your use of the Persona Service, unless you opt-in to share more information with us for this purpose.
How Are the Usage Statistics Used?
Mozilla will use the Usage Statistics gathered through the operation of the Persona Service to improve our products and services. By identifying aggregate patterns and trends in usage, Mozilla and its community are able to better design products and services to improve users’ experiences, both in terms of content and ease of use.
Where is the Operational Data Available?
Mozilla is an open organization that believes in sharing as much information as possible about its products, its operations, and its associations with its wider community. As such, Persona Service users should expect that Mozilla will make all Usage Statistics publicly available at some point. However, any publicly available Usage Statistics will only be reported on an aggregate, anonymous basis. No Personal Information or Potentially Personal Information will be available in any of these public reports.
How to Disable or Opt-Out of Persona
If at any time, you decide you no longer want to use the Persona Service, you may cancel your Persona Account by visiting https://persona.org/, signing in using any of your email addresses and your password, clicking the 'edit' button, and clicking 'remove' next to each of your email addresses. If you do not remember your password, you can use the email-verification-based password-reset feature to first recover access to your account, then delete it.
Other Disclosures
In certain other limited situations, Mozilla may disclose your Personal Information, such as when necessary to protect our websites and operations (e.g., against attacks); to protect the rights, privacy, safety, or property of Mozilla or its users; to enforce our terms of service; and to pursue available legal remedies. Additionally, Mozilla may need to transfer Personal Information to an affiliate or successor in the event of a change of our corporate structure or status, such as in the event of a restructuring, sale, or bankruptcy.
Service Providers
We work with third parties who provide services and content delivery networks and other services of an administrative nature. We may share information about you with such third parties for the purpose of enabling these third parties to provide such services.
Transfer of Data to the U.S.
Mozilla is a global organization and operates in different countries. Privacy laws and common practices vary from country to country. Some countries may provide for less legal protection of your personal data; others may provide more legal protection. By using the Persona Service, you consent to the transfer of the information collected, as outlined by this Policy, to Mozilla in the United States, which may provide a lesser level of data protection than in your country of residence.
Data Retention
We will retain any information collected for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required by law and/or regulations.
Privacy Policy Changes
Mozilla may change this Privacy Policy from time to time. Each time you use the Persona Service the current version of this Privacy Policy will apply. Any and all changes will be reflected on this page. You should periodically check this page for any changes to the current policy. To make your review more convenient, we will post an effective date at the top of this page. Material changes will also be announced through the standard mechanisms through which Mozilla communicates with the Mozilla community. It is your responsibility to ensure that you understand the terms of this Privacy Policy.
What This Privacy Policy Doesn’t Cover
Personas For Firefox
This policy does not apply to other Mozilla websites, products, or services. It also does not apply to your use of third-party clients or use of non-Mozilla servers. If you choose to use a third-party Persona client or servers provided by an entity other than Mozilla, this policy does not apply and Mozilla assumes no liability whatsoever for such products or services.
For More Information
You may request access, correction, or deletion of Personal Information or Potentially Personal Information, as permitted by law. We will seek to comply with such requests, provided that we have sufficient information to identify the Personal Information or Potentially Personal Information related to you. Any such requests or other questions or concerns regarding this Policy and Mozilla’s data protection practices should be addressed to:
Mozilla CorporationAttn: Legal Notices – Privacy
331 E. Evelyn Avenue
Mountain View, CA 94041
Phone: +1-650-903-0800
Benefits for LWN subscribers The primary benefit from subscribing to LWN is helping to keep us publishing, but, beyond that, subscribers get immediate access to all site content and access to a number of extra site features. Please sign up today! |
At first blush, PyCon doesn't seemlike quite the right venue for a talk on Mozilla's Persona webauthentication and identity system. Persona is not Python-specific at all, butgiven the number of web application and framework developers at theconference, it starts to become clear why Mozilla's Dan Callahan was there.Python also gave him the ability to do a live demo of adding Persona support to aFlask-based web site during thewell-attended talk.
Kill the password
In a nutshell, Persona is Mozilla's attempt to 'kill the password',Callahan said to applause. It is a simple, open system that is federatedand works cross-browser. Beyond that set of buzzwords, though, the ideafor Persona is that it 'works everywhere for everyone'.
For an example of using Persona, Callahan visited ting.com—a mobile phone service sitefrom Tucows—that has a login page supporting Persona.Clicking the 'Sign in with Persona' button popped up a window with two of his emailaddresses and a sign-in button. Since he had already used the site before, to log in hejust needed to choose one of his email addresses (if he is using a different addressfrom the last time he visited the site) and click 'Sign in'. It's 'dead simple', he said.
Persona ties identities to email addresses. That has several advantages,he said. Everyone already has an email address and sites often alreadytrack them. For many web sites, adding Persona support requires no changeto the database schema. That also helps prevent lock-in, as sites that decidenot to continue with Persona are not stuck with it.
Some in the audience might be saying 'I can already log in with twoclicks' using a password manager, Callahan said. That's true, but Personais not managing passwords. There is no shared secret between the site and the user.
That means a database breach at the site would not discloseany information that would be useful for an attacker to authenticate to theservice as the user. While site owners will need to alert their users to abreach, they won't have to ask them to change passwords. Better still,they won't have to recommend that the users change their identical passwords atother sites.
If there are no shared secrets, many of the existing account registrationquestions can simply be skipped. The Persona sign-in process provides anemail address, so there is no reason to prompt for that (twice in many cases), nor for a password(twice almost always). For example, with sloblog.io and an existing Persona, he canset up a blog with two clicks.
To prove a point, he was doing his demos from the Opera web browser.Persona works the same in all major browsers (Firefox, Chrome, Safari,IE). It uses existing technology and standards and 'works everywhere theweb works', he said.
The story behind Persona comes right out of the Mozilla Manifesto,Callahan said. That manifesto was 'written at the height of the browserwars' and lists ten points that are 'crucial to the open web'. Principle #2,'The Internet is a global public resource that must remain open andaccessible', is particularly threatened today, while principle #5,'Individuals must have the ability to shape their own experiences onthe Internet' speaks directly to the Persona ideal. Nothing is moreimportant to shape one's internet experience than is the choice ofidentity, he said.
'Single' sign-on
There has been a movement toward single sign-on (SSO) in recent years, but'single' is a misnomer at this point. Many sites allow people to sign inwith their Facebook or Twitter (or Google or Yahoo or MSN or ...) account.His slide had an example login with a bunch of login icons for thoseservices, ending with a 'Good luck with OpenID' button.
The problem with that approach is that it is like Tribbles (with a requisiteKirk and Tribbles slide); there are more and more of these service-basedlogin mechanisms appearing. How does a site pick the right one (or, morelikely, ones)? How does a user remember which of the choices theyused so they can use it on a subsequent visit?
Mozilla Persona Download
He gave another example: the 500pxlogin screen. It splits the screen in half, into two sets of choices,either logging in via a social network (Facebook, Twitter, or Klout) on one side, or with ausername and password on the other. If a user wants to use a Google orMicrosoft login, they are out of luck. They must create a username andtrust that 500px will do the right thing with their password. He was alsoamused to note that he hadn't heard of Klout, so he visited to see what itwas and Klout wanted him to log in using either Facebook or Twitter.
There are also some implications of using the login network of certainservices. Google and Facebook have real-name policies that can sometimeslead to account suspension when a violation is suspected. That suspensionthen trickles out to any other services that use those login mechanisms.Facebook policies disallow multiple accounts (e.g. personal and business)as well. Basically, services using Facebook logins are outsourcing theiraccount policies to Facebook.
Firefox Personas Plus
It is worth a lot of money for the social networks to get their buttonsonto sites, Callahan said. So 'any solution has to come from someone outside who is not tryingto make a buck off every login'. Since Mozilla is on the outside, it iswell positioned to help solve the problem.
The earlier Persona demonstrations were for email addresses that hadalready been set up, but Callahan also wanted to show what happens forusers who are not yet signed up. In that case, the user must type in anemail address in the Persona pop-up. Persona checks with the emailprovider to see if it supports Persona, if so the email provider authenticatesthe user via its normal mechanisms (e.g. web-based login) that the user has seenplenty of times before. If the user successfully authenticates, the email provider indicatesthat to the site.
Using Persona team members as props, Callahan showed the process. Theuser claims a particular email address and the site contacts the email provider for verification. The email provider asks the user to authenticate(using a password, two-factor authentication, facial recognition, ...) andif that is successful, the provider signs the email address and hands itback to the site (along with some anti-replay-attack data). The site then verifies thesignature, at which point it knows that the user has that email identity.
Implementing Persona
Mozilla Personal
As can be seen, the description of the protocol and cryptography used wasrather high-level. Callahan's clear intent was to try to convince webapplication and framework programmers to get on board with Persona. Thereis more information about the underlying details at developer.mozilla.org/persona,he said.
For the moment, few email providers support Persona, so as an 'optionaltemporary' measure, sites can ask Mozilla to vouch for the email address.For example, Gmail does not support Persona (yet), but Mozilla can vouchfor Gmail users by way of a challenge email. Authenticating the emailaddress to Mozilla need only be done once. But that puts Mozilla in themiddle of each initial authentication right now; eventually the user's email providers will be serving that role.
The documentation lists four things that a site owner needs to do to usePersona. There is a JavaScript library to include in the loginpage, the login/logout buttons need 'onClick' attributes added, and thelibrary needs to be configured. The final piece of the puzzle is to addverification of the identity assertions (signed email addresses from theemail provider or Mozilla). That verification needs to be done in theserver-side code.
In the future, the hope is that browsers will natively support Persona, butfor now the JavaScript is needed. On the client side, it is 30 or so linesof JavaScript called from the login and logout paths. The server side is alittle more complicated, as assertions are cryptographically signed, but thatverification can be handed off to a service that Mozilla runs. The backend just posts some JSON to the Mozilla service and reads its response.Those changes take less than 40 lines to implement.
Mozilla Personal Address Book
Using the code directly from his slides, Callahan changed both client andserver sides of a demo application. That added the 'great user experience'of Persona logins. It also showed an 'amazing developer experience' in howeasy it is to add Persona. Once the demo was done, and the applause dieddown, Callahan said 'I am so glad that worked' with a relieved grin.
Callahan had three tips for site developers adding Persona support. Thefirst was to make a library specific to the framework being used that canbe reused in multiple applications. Second, his example used the Mozillaverifier, but that is not a good long-term solution for privacy reasons. But, hecautioned, make sure to use the Python 'requests' library when doingverification as the standard library does not check SSL certificatesproperly. Lastly, he wanted to make it clear that using Persona did notmean that a site had to get rid of the other login buttons, 'just thatmaybe you should', he said. Persona can peacefully coexist with theseother login mechanisms.
In conclusion, Callahan said he had a request: 'spend one hour with Personathis week'. You could add it to your site in an hour, he said, but if not,just try it out on some site.Persona is still in beta, so it is 'able to be shaped by your feedback'. Also, he requested, please ask one site thatyou use to support Persona, 'that's how we are going to change the future of theweb'. Persona will allow everyone—not just the few who understandOpenID or password managers—to have a safer, more secure web.
[ In keeping with Callahan's request, we will be looking into Personasupport for LWN. ]Mozilla Persona Fork
Index entries for this article | |
---|---|
Security | Authentication |
Security | Identity management |
Conference | PyCon/2013 |
(Log in to post comments)