Engineer goes off and adjusts the plan. At a high level,it looks like this:
Client side code
Set up
snippet lets users know there is a new options in preferences
if the app locale does map to a supported language, the pref panel is greyed out with a message that their locale is not supported by the EU service
if not, user clicks ToS, privacy policy checkbox, confirms language
app contacts server
if server not available, throw up offline error
if server available, upload device id, language, url list
server sends back the guid assigned to this device id
notify user setup is complete
enable upload service
When new tab is opened or refreshed
send msg to server with guid + url
Turning off feature
prompt user ‘are you sure’ & confirm
notify server of deletion
delete local translated pages
Server side code
Set up
poked by client,
generate guid
insert into high risk table: guid+device id
adds rows for tabs list (med table)
adds rows for the urls (low table)
Periodic background translation job:
finds urls of rows where the translated blob is missing
for each url, submits untranslated blob to EU’s service
sticks the resulting translated text blob back into the table
Periodic background deletion jobs:
finds rows older than 2 days and evicts them in low risk table & medium risk tables
find rows in sensitive table older than 90 days and evict.
secure destruction used.
user triggered deletion
delete from sensitive table. secure destruction
delete from medium table
Database layout
sensitive data/high risk table columns: user guid, device id
maps guid to device id
medium risk table columns: user guid, url
maps guid to tabs list
low risk table columns: url, timestamp, language, blob of translated text
maps urls to translated text
The 4th Meeting
Engineer: Hey, so what do you guys think of the new plan? The feedback on the mailing list was pretty positive. People seem pretty excited about the upcoming feature.
Engineering Manager: indeed.
DBA: much better.
Operations Engineer: I agree. I’ll see about getting you a server in stage to start testing the new plan on.
Engineer: cool, thanks!
Engineer: Privacy Rep, one of the questions that came up on the mailing list was about research access to the data. Some phd students at the Sorbonne want to study the language data.
Privacy Rep: Did they say which bits of data they might be interested in?
Engineer: the most popular pages and languages they were translated into. I think it would really be just the low risk table to start.
Privacy Rep: I think that’d be fine, there’s no personal data in that table. Make we send them the basic disclosure & good behavior form.
Engineering Manager: A question also came to me about exporting data. I don’t think we have anything like that right now.
Engineer: No, we don’t.
Privacy Rep: well, can we slate that do after we get the 1.0 landed?
Engineering Manager: sounds like a good thing to work on while it’s baking on the alpha-beta channels.
Who brought up user data safety & privacy concerns in this conversation?
Engineer, Engineering Manager, & Privacy Rep.