profiler icon indicating copy to clipboard operation
profiler copied to clipboard
verified publisher icon firefox-devtools

In the marker schema, add the ability to mark fields as privacy-sensitive

Open mstange opened this issue 1 year ago • 0 comments

We currently have two marker field formats called string and sanitized-string.

I think we should remove sanitized-string and allow marking any field, regardless of field format, as privacy-sensitive.

This would avoid the need to add a sanitized-unique-string format; instead you'd be able to just have a unique-string marked with the new field.

Another example of a privacy-sensitive field is the field that stores the screenshot image on CompositorScreenshot markers. CompositorScreenshot markers are currently handled manually during sanitization.

Yet another example are native key events: You might have a marker which carries an integer value with the native key code, which can be used to compute the pressed key. This integer would then be privacy-sensitive, because it would allow you to compute the text that the user typed into a textbox.

Proposal:

type PrivacyCategory = "screenshot" | "url" | "local-path" | "keylogger-ingredient";

type MarkerFieldBase = {
  ...,
  isPrivacySensitiveWithCategory?: PrivacyCategory,
}

The privacy category would determine which checkbox in the upload panel should cause the field to be sanitized away.

┆Issue is synchronized with this Jira Task

mstange avatar Jan 10 '25 14:01 mstange