What data does Camino send on the internet?
Draft: February 29, 2012
Types of Information
“Personal Information” is information that you provide to us that personally identifies you, such as your name, phone number or email address. Except as described below, Mozilla and the Camino Project do not collect or require end-users of Camino to furnish Personal Information.
“Non-Personal Information” is information that cannot be directly associated with a specific person or entity. Non-Personal Information includes but is not limited to your computer’s configuration and the version of Camino you use.
“Potentially Personal Information” is information that is Non-Personal Information in and of itself but that could be used in conjunction with other information to personally identify you. For example, Uniform Resource Locators (“URLs”) (the addresses of web pages) and Internet Protocol (“IP”) addresses (the addresses of computers on the internet), which are Non-Personal Information in and of themselves, could be Personal Information when combined with internet service provider (“ISP”) records.
“Aggregate Data” is information that is recorded about users and collected into groups so that it no longer reflects or references an individually identifiable user.
Information Collected by the Camino Project and Mozilla
Camino has a crash-reporting feature that sends a report to Mozilla when Camino crashes. The Camino Project uses the information in the crash reports to diagnose and correct the problems in Camino that caused the crash. Though this feature starts automatically after Camino crashes, it does not send information to Mozilla until you explicitly authorize it to do so. By default, this feature sends a variety of Non-Personal Information to Mozilla, including the stack trace (a detailed description of which parts of the Camino code were active at the time of the crash) and the type of computer you are using. Additional information is collected by the crash reporting feature. Which crash reporting feature is used and what additional information collected by Camino depends on which version of Camino you’re using.
- Camino 2.0 to present.
For the current versions of Camino, “Camino Crash Reporter” is Camino’s crash reporting feature. With this feature, you have the option to include a comment and your email address in the report. Camino Crash Reporter also sends the time since the start-up of the program, and, since Camino 2.1, the time the current version of Camino was first launched. The Camino Crash Reporter also collects Potentially Personal Information in the form of the URL of the site you were visiting when Camino crashed. Mozilla only makes Non-Personal Information (i.e., generic information about your computer, the stack trace, and any comment given by the user) in the public reports available online at http://crash-stats.mozilla.com/.
- Camino 0.8 – 1.6.
For these earlier versions of Camino, “Talkback” is Camino’s crash reporting feature. Talkback also collects Personal Information (including your name, if it is a part of your computer’s name or your Mac OS X username) and Potentially Personal Information (including your IP address and your computer’s name). You can selectively disable the sending of this information. Additionally, you have the option to include the URL of the site you were visiting when Camino crashed, a comment, and your email address in the report. Mozilla only makes Non-Personal Information and Potentially Personal Information in the public reports available online at http://talkback-public.mozilla.org/.
To safeguard your privacy, Mozilla makes the Personal Information, such as your name and email address, and Potentially Personal Information, such as the URL of the site you last visited, only available to its employees, contractors, and selected contributors who signed confidentiality agreements that prohibit them from using or disclosing such information other than for internal Mozilla purposes.
Automated Update Service
Camino’s automatic update feature periodically checks to see if an updated version of Camino is available from the Camino Project.
This feature sends Non-Personal Information to the Camino Project, including the version of Camino you are using, your operating system, and your language preference. The Camino Project uses this information to provide you with updated versions of Camino and to understand the usage patterns of Camino users. We use this information to improve our products and services and to support decision making regarding feature and capacity planning.
We do not collect or track any Personal Information or any information about the Web sites you visit, and we do not release the raw information we obtain from this feature to the public. We may release reports containing Aggregate Data so that our global community can make better product and design decisions. To prevent the Camino Project from obtaining this information, you can turn this feature off in Camino’s preferences. Our privacy and security Documentation provides information about changing this preference.
Information Camino Sends to Third-Party Service Providers
Beginning with Camino 2.0, Camino has additional security features, some of which are provided by third party service providers.
Secure Website Certificate Verification
When you visit a secure website, Camino will check with the certificate provider to validate that website’s certificate. Camino sends only the certificate identification to the certificate provider, not the exact URL you are visiting. If the certificate is not valid, you will receive an error page that states the certificate was revoked and you will not be able to access that website. The technical name for this process is OCSP or On-line Certificate Status Protocol. You may completely turn off the secure website certificate verification feature by changind the
security.OCSP.enabled hidden preference. If you do this, none of the information discussed here will be sent to any third party certificate provider. Our hidden preferences Documentation provides information about changing hidden preferences.
Phishing and Malware Protection Features
The Camino phishing and malware protection feature displays a warning if the website you are visiting is suspected of impersonating a legitimate website (commonly referred to as a phishing or forgery website) or a site that infiltrates or damages a computer system without your informed consent, including, without limitation, any computer viruses, worms, trojan horses, spyware, computer contaminant and/or other malicious and unwanted software (commonly called an attack site or malware). By default, Camino checks the web pages that you visit against a blacklist that is downloaded to your hard drive at regularly scheduled intervals (e.g., approximately twice per hour), the rate of frequency may change from time to time. The blacklist does not include the full URL of each suspicious site. Instead, each URL is hashed (obscured so it can’t be read) and then broken into portions. Only a portion of each hashed URL is included on the blacklist on your hard drive. If there is a match, Camino will check with its third party provider to ensure that the website is still on the blacklist. The information sent between Camino and its third party provider(s) are hashed URLs. In fact, multiple hashed URLs are sent with the real hash so that the third party provider(s) will not know what site you are visiting. If there is a match, Camino displays either a “Reported Phishing Site” or “Reported Malware Site” alert, as applicable.
You may completely turn off the phishing and malware site protection features in Camino’s preferences. If you do this, none of the information discussed here will be downloaded to your hard drive or sent to any third party service provider. Our privacy and security Documentation provides information about changing this preference.
Each time Camino checks in with a third party provider to download a new blacklist, Non-Personal Information and Potentially Personal Information, such as the information that the browser sends every time you visit a website as well as the version number of the blacklist on your system, is sent to a third party provider. In order to safeguard your privacy, Camino will not transmit the complete URL of web pages that you visit to anyone. While it is possible that a third party service provider may determine the actual URL from the hashed URL sent, FIXMEMozilla’s third party service providers have entered into a written agreement with Mozilla not to use any data or other information about or from users of Camino for purposes other than to provide and maintain their service. In addition, in no event will these third party service providers correlate any Camino user data with any other data collected through other products, services or web properties of that provider. These third party service providers may inform you about additional notices regarding their applicable privacy policies. FIXME(For example, see Google Safe Browsing Service in Mozilla Firefox Version 3.)
Please note that we’re not yelling at you in this paragraph. Our lawyers have advised us that we need to make sure this information is conspicuous so you’ll read it. The phishing and malware site protection feature is provided “as is” and for your information as advice and guidance only. Mozilla and its contributors, licensors and partners do not guarantee that these protection features will prevent you from being deceived by a malicious website and we strongly recommend that you continue to be vigilant while online, particularly when following links sent to you in e-mail. The Camino Website Services Terms describes this in more detail.
Report Phishing Page Feature
Information Camino Sends to Visited Websites
Like most web browsers, Camino sends information to the websites you visit, including (1) Non-Personal Information of the type that web browsers typically make available, such as the type of browser you are using, your language preference, the referring site, and the date and time of your visit; and (2) Potentially Personal Information such as your IP address. This information may be logged on the websites you visit. What information is logged and how that information is used depends on the policies of each of the websites you visit.
For More Information