While looking at everything.me in more detail I noticed that it reports back app usage. It has a reporting API where it posts the following types of events: * When a user switches to the Everything.me app * When a user switches to another tab in Everything.me, including the specific category * When a user opens an app and what app that is * When a user closes an app to return to the Everything.me tab, including how long the specific app was used * When a user searches for apps When submitting these reports I see cookies, credentials and device identifiers being sent back to api.everything.me. It is unclear what this data is. Note that it only submits this information for apps that have been started from the Everything.me tab of the homescreen. When apps are added to the home screen, that usage info is not collected anymore. (I need to double check this) Since we are usually pretty paranoid about these kind of things (like for example with google search suggestions) I just want to be sure that we are aware of this data collection. Specially since this is going to a third party and no user consent was required. Also, all this data is going over plain HTTP. See bug 831488

Please leave this on the nomination list until the concerns here have been addressed. Not a blocker yet obviously, as we haven't decided on actions. We don't want this to fall off of our radar though.

We're definitely aware of these issues, and they featured in the decision to use E.me. When we initially considered partnering with E.me, the privacy team analyzed the whole E.me system in detail and provided the product team with all this info. When the product team made the decision to use E.me, they were aware of the privacy dimension. Once we decided to move forward, the privacy folks made a series of suggestions about how to integrate E.me as safely as possible, like use of HTTPS rather than HTTP for the API (831488). As far as I can tell, there's no new info here: these are some of the same items which were previously factored into the decision. I don't think that there's anything we can immediately do to further mitigate any of these concerns without breaking the whole E.me integration. I think it makes sense to WONTFIX this, unless the folks who originally made this decision want to make changes.

(In reply to Alex Keybl [:akeybl] from comment #1) > Please leave this on the nomination list until the concerns here have been > addressed. Not a blocker yet obviously, as we haven't decided on actions. We > don't want this to fall off of our radar though. It's off the nomination list now... Should it be set to "leo?" now?

(In reply to Frederik Braun [:freddyb] from comment #3) > (In reply to Alex Keybl [:akeybl] from comment #1) > > Please leave this on the nomination list until the concerns here have been > > addressed. Not a blocker yet obviously, as we haven't decided on actions. We > > don't want this to fall off of our radar though. > > It's off the nomination list now... Should it be set to "leo?" now? On what justification? This was marked as WONTFIX.

Sorry, I must have misunderstood the outcome... :)

I'm still puzzled that we don't ask user consent to send this data back to a 3rd party service. We get user consent for anonymized telemetry but not for homescreen usage?