firefox-devtools / profiler

Firefox Profiler — Web app for Firefox performance analysis
https://profiler.firefox.com
Mozilla Public License 2.0
1.23k stars 399 forks source link

Clarify Data Storage in user documentation #5235

Open bbarry opened 6 days ago

bbarry commented 6 days ago

While it appears that profile data does not leave my machine when I load a profile (if it does then my tests were too small and I wasn't looking at the right place; reading the loading developer documentation it does seem implied to remain local) with the application at profiler.firefox.com until I click on the upload link, I cannot find anything in the user documentation describing how my profile data is handled. My employer would be very much against me using this tool to visualize our profiler data if it was possible that third parties could gain access to it. Additionally I cannot imagine mozilla wants to retain unlimited shared profiler data indefinitely.

Perhaps one day we could sign in somehow and configure a different url for a share/storage backend that we could self host or disable the upload/share option. For now just some high level documentation about how the profile data is loaded/shared would be appreciated.

What I'm expecting:

Some high level documentation to the effect of:


Profile Data Usage at https://profiler.firefox.com:

Further control over your profile data may be achieved by becoming involved in the development of https://profiler.firefox.com and hosting your own version of the tool in accordance with the licensing terms. Mozilla welcomes and encourages active community support.


This tool is awesome btw, I found it via https://github.com/xoofx/ultra

┆Issue is synchronized with this Jira Task

julienw commented 3 days ago

Thanks for the write-up, indeed it would be good to include this information in our documentation. Thanks for the suggestion.

To clarify a few things:

About the 3rd party access, we expect that the generated id is too random to be found by brute force. I believe our main weakness is with our use of the bitly service though, where the search domain is much lower, and could possibly be found. I'd expect bitly to be resilient to brute forcing but last time I checked they don't protect against that.

Though I understand that a company wouldn't want any data to be shared publicly. We don't currently have a solution for that.