5 files changed, 4 insertions, 17 deletions

diff --git a/security/certverifier/CertVerifier.cpp b/security/certverifier/CertVerifier.cpp
index 2e6086b2d5..e2ff7b55c1 100644
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@@ -434,8 +434,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
       // chosen by the server.
 
       // These configurations are in order of most restrictive to least
-      // restrictive. This enables us to gather telemetry on the expected
-      // results of setting the default policy to a particular configuration.
+      // restrictive.
       SHA1Mode sha1ModeConfigurations[] = {
         SHA1Mode::Forbidden,
         SHA1Mode::ImportedRoot,
@@ -474,8 +473,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
         // (mSHA1Mode) is more restrictive than the SHA1 mode option we're on.
         // (To put it another way, only attempt verification if the SHA1 mode
         // option we're on is as restrictive or more restrictive than
-        // mSHA1Mode.) This allows us to gather telemetry information while
-        // still enforcing the mode set by preferences.
+        // mSHA1Mode.)
         if (SHA1ModeMoreRestrictiveThanGivenMode(sha1ModeConfigurations[i])) {
           continue;
         }
@@ -555,8 +553,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
           // (mSHA1Mode) is more restrictive than the SHA1 mode option we're on.
           // (To put it another way, only attempt verification if the SHA1 mode
           // option we're on is as restrictive or more restrictive than
-          // mSHA1Mode.) This allows us to gather telemetry information while
-          // still enforcing the mode set by preferences.
+          // mSHA1Mode.)
           if (SHA1ModeMoreRestrictiveThanGivenMode(sha1ModeConfigurations[j])) {
             continue;
           }
@@ -612,10 +609,6 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
       if (keySizeStatus) {
         *keySizeStatus = KeySizeStatus::AlreadyBad;
       }
-      // The telemetry probe CERT_CHAIN_SHA1_POLICY_STATUS gives us feedback on
-      // the result of setting a specific policy. However, we don't want noise
-      // from users who have manually set the policy to something other than the
-      // default, so we only collect for ImportedRoot (which is the default).
       if (sha1ModeResult && mSHA1Mode == SHA1Mode::ImportedRoot) {
         *sha1ModeResult = SHA1ModeResult::Failed;
       }
diff --git a/security/certverifier/CertVerifier.h b/security/certverifier/CertVerifier.h
index 54568c0878..174562091f 100644
--- a/security/certverifier/CertVerifier.h
+++ b/security/certverifier/CertVerifier.h
@@ -44,7 +44,6 @@ namespace mozilla { namespace psm {
 
 typedef mozilla::pkix::Result Result;
 
-// These values correspond to the CERT_CHAIN_KEY_SIZE_STATUS telemetry.
 enum class KeySizeStatus {
   NeverChecked = 0,
   LargeMinimumSucceeded = 1,
@@ -52,7 +51,6 @@ enum class KeySizeStatus {
   AlreadyBad = 3,
 };
 
-// These values correspond to the CERT_CHAIN_SHA1_POLICY_STATUS telemetry.
 enum class SHA1ModeResult {
   NeverChecked = 0,
   SucceededWithoutSHA1 = 1,
@@ -92,7 +90,6 @@ public:
   // TLS feature request_status should be ignored
   static const Flags FLAG_TLS_IGNORE_STATUS_REQUEST;
 
-  // These values correspond to the SSL_OCSP_STAPLING telemetry.
   enum OCSPStaplingStatus {
     OCSP_STAPLING_NEVER_CHECKED = 0,
     OCSP_STAPLING_GOOD = 1,
diff --git a/security/certverifier/OCSPVerificationTrustDomain.cpp b/security/certverifier/OCSPVerificationTrustDomain.cpp
index 66c7e4137c..f56d685ead 100644
--- a/security/certverifier/OCSPVerificationTrustDomain.cpp
+++ b/security/certverifier/OCSPVerificationTrustDomain.cpp
@@ -57,7 +57,7 @@ OCSPVerificationTrustDomain::CheckSignatureDigestAlgorithm(
   // The reason for wrapping the NSSCertDBTrustDomain in an
   // OCSPVerificationTrustDomain is to allow us to bypass the weaker signature
   // algorithm check - thus all allowable signature digest algorithms should
-  // always be accepted. This is only needed while we gather telemetry on SHA-1.
+  // always be accepted.
   return Success;
 }
 
diff --git a/security/manager/ssl/nsCertOverrideService.h b/security/manager/ssl/nsCertOverrideService.h
index bb410f8da8..5793d1e6c3 100644
--- a/security/manager/ssl/nsCertOverrideService.h
+++ b/security/manager/ssl/nsCertOverrideService.h
@@ -163,8 +163,6 @@ protected:
     SECOidTag mOidTagForStoringNewHashes;
     nsCString mDottedOidForStoringNewHashes;
 
-    void CountPermanentOverrideTelemetry();
-
     void RemoveAllFromMemory();
     nsresult Read();
     nsresult Write();
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp
index dda936d8cd..4696d7c862 100644
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -41,7 +41,6 @@ extern LazyLogModule gPIPNSSLog;
 
 namespace {
 
-// Bits in bit mask for SSL_REASONS_FOR_NOT_FALSE_STARTING telemetry probe
 // These bits are numbered so that the least subtle issues have higher values.
 // This should make it easier for us to interpret the results.
 const uint32_t NPN_NOT_NEGOTIATED = 64;