Closed Bug 1217896 Opened 9 years ago Closed 9 years ago

Wrap Google Analytics/GTM on www.mozilla.org in DNT conditional

Categories

(www.mozilla.org :: Analytics, defect)

Product:
www.mozilla.org
Component:
Analytics
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: cmore, Assigned: espressive)

References

Details

(Whiteboard: [kb=1880566])

Attachments

(1 file, 1 obsolete file)

Link to Github pull-request: https://github.com/mozilla/bedrock/pull/3478
44 bytes, text/x-github-pull-request
Details | Review
We want to add a DNT check to the Google Analytics on www.mozilla.org. Similar to bug 1163782 and bug 1164295, we need to add logic that checks to see if DNT is enabled, but only for browsers that don't have it enabled by default. For example, we need to completely ignore IE 10 and IE 11 and specific versions of Firefox that had a bug that doesn't signal user intent. We should also consider moving this JS into a helper or a main JS file so that we can call a single function containing all the logic and it can return a boolean. If the boolean is false, display the Google Analytics tag. For example: function WebAnalytics() { var _dntStatus = navigator.doNotTrack || navigator.msDoNotTrack; var fxMatch = navigator.userAgent.match(/Firefox\/(\d+)/); var ie10Match = navigator.userAgent.match(/MSIE 10/i); var ie11Match = navigator.userAgent.match(/MSIE 11/i); if (fxMatch && Number(fxMatch[1]) < 32) { // Can't say for sure if it is 1 or 0, due to Fx bug 887703 _dntStatus = 'Unspecified'; } else if (ie10Match || ie11Match) { // default is on _dntStatus = 'Unspecified'; } else { _dntStatus = { '0': 'Disabled', '1': 'Enabled' }[_dntStatus] || 'Unspecified'; } if (_dntStatus !== 'Enabled'){ // show tags return true; } else { // don't show tags return false; } } Then just call whenever you need it: if ( WebAnalytics() ) { // show tags }
+1 Thanks cmore!
(In reply to Paul [:pmac] McLanahan from comment #2) > Current implementation of the idea in bedrock: > > https://github.com/mozilla/bedrock/blob/ > c7252b483a1e9cc44b0ee99d3ce2252ef8f7c476/media/js/firefox/new.js#L173-L201 Yup! Just need to abstract the logic so that the same logic could be used for both flashtalking and GA and any use-case down the road. I just don't to be repeating the logic a bunch of times throughout the places where we need it. Would be nice to just call a function and have it return true or false.
(In reply to Chris More [:cmore] from comment #3) > I just don't to be repeating the logic a bunch of times throughout the places where we need > it. Would be nice to just call a function and have it return true or false. Definitely.
Assignee: nobody → schalk.neethling.bugs
Whiteboard: [kb=1880566]
I have done some reading about the state and "evolution" of DoNotTrack in IE and this is what I learned. IE10 and 11 on Windows 8.1 and lower has DoNotTrack enabled by default but, IE 11 and Edge on Windows 10 will not have this enabled by default. I guess that changes our logic a bit as we cannot just include IE 11 like here: > } else if (ie10Match || ie11Match) { Thoughts?
Flags: needinfo?(chrismore.bugzilla)
(In reply to Schalk Neethling [:espressive] from comment #5) > I have done some reading about the state and "evolution" of DoNotTrack in IE > and this is what I learned. > > IE10 and 11 on Windows 8.1 and lower has DoNotTrack enabled by default but, > IE 11 and Edge on Windows 10 will not have this enabled by default. I guess > that changes our logic a bit as we cannot just include IE 11 like here: > > > } else if (ie10Match || ie11Match) { > > Thoughts? That makes sense. Something like? if (Win7 or win8) and (ie10 or ie11) then // default setting _dntStatus = 'Unspecified';
Flags: needinfo?(chrismore.bugzilla)
(In reply to Chris More [:cmore] from comment #6) > (In reply to Schalk Neethling [:espressive] from comment #5) > > I have done some reading about the state and "evolution" of DoNotTrack in IE > > and this is what I learned. > > > > IE10 and 11 on Windows 8.1 and lower has DoNotTrack enabled by default but, > > IE 11 and Edge on Windows 10 will not have this enabled by default. I guess > > that changes our logic a bit as we cannot just include IE 11 like here: > > > > > } else if (ie10Match || ie11Match) { > > > > Thoughts? > > That makes sense. > > Something like? > > if (Win7 or win8) and (ie10 or ie11) then > // default setting > _dntStatus = 'Unspecified'; That looks good. I was also thinking perhaps: // for this scenario we need to respect the DNT setting if ((ie10 || ie11) && (win10) { // check dntStatus } else { // default setting _dntStatus = 'Unspecified'; }
Flags: needinfo?(chrismore.bugzilla)
(In reply to Schalk Neethling [:espressive] from comment #7) > (In reply to Chris More [:cmore] from comment #6) > > Something like? > > > > if (Win7 or win8) and (ie10 or ie11) then > > // default setting > > _dntStatus = 'Unspecified'; > > That looks good. I was also thinking perhaps: > > // for this scenario we need to respect the DNT setting > if ((ie10 || ie11) && (win10) { But what happens when Microsoft releases Windows 10.1 or 11? :) I think it makes more sense to check for Windows 7, 8, and 8.1 because those versions have the anomalous DNT behavior and we know those systems are not going to change. We want our default case to handling DNT. > // check dntStatus > } else { > // default setting > _dntStatus = 'Unspecified'; > }
> var w8Match = navigator.appVersion.match(/Windows NT 6.2/); @ Paul, note that the w10CampaignMeasurement() code you linked to in comment 2 only checks for Windows 8.0 (aka Windows NT 6.2). The new DNT check should also include Windows 8.1 (aka Windows NT 6.3), according Schalk's comment 5. https://github.com/mozilla/bedrock/blob/c7252b483a1e9cc44b0ee99d3ce2252ef8f7c476/media/js/firefox/new.js#L178
Flags: needinfo?(pmac)
Good point, so I guess something like: // We do not really care about the version of IE, if it is running on any of the known // anomalous versions of Windows, we cannot trust that the dntStatus was set by the user :( if (platform.inArray(anomalousWinVersions) && userAgent === 'IE') { // default setting _dntStatus = 'Unspecified'; } else { // check dntStatus } :agibson, care to weigh in? Thanks
Flags: needinfo?(agibson)
Yep, much better to rule out old known-bad versions if we can. I understand both IE11 and Edge on Win10 have DNT set to "off" by default, which MS have publicly stated is the new standard going forward.
Flags: needinfo?(agibson)
(In reply to Alex Gibson [:agibson] from comment #11) > Yep, much better to rule out old known-bad versions if we can. I understand > both IE11 and Edge on Win10 have DNT set to "off" by default, which MS have > publicly stated is the new standard going forward. Indeed, and thank goodness for that. Still I pity they did not do that from the get go but, alas. Thanks Alex.
Actually, this list of known good windows versions is much smaller so, perhaps rather: if (!platform.inArray(goodWinVersions) && userAgent === 'IE') { // default setting _dntStatus = 'Unspecified'; } else { // check dntStatus }
agibson mad a good point on IRC. My previous suggestion is probably better than my last. It is going to be much better to define a list of known bad versions rather then having to maintain a list of known good one's. This means the list will contain Win7, 8 and 8.1 - Should I include XP and Vista as well? Seeing that DNT was not around then, checking the dntStatus should return undefined which will then cause the function to return false (not enabled) Thoughts?
For the near future: we also use Optimize.ly on many mozilla.org pages. Optimize.ly is currently classified as an "Other Content" tracker, which is not blocked by TP by default (you'd have to select the "strict" list from Prefs > Privacy > Change Blocklist which is only available in 43+ to block "other Content trackers". This is uncommon). Optimize.ly is very likely to be re-classified as either an analytics tracker in the next few weeks, which means TP would block it by default. If the intention here is to respect user choice/DNT on mozilla.org and avoid displaying the TP shield, you'll need to account for Optimize.ly too.
(In reply to Javaun Moradi [:javaun] from comment #15) > For the near future: we also use Optimize.ly on many mozilla.org pages. > Optimize.ly is currently classified as an "Other Content" tracker, which is > not blocked by TP by default (you'd have to select the "strict" list from > Prefs > Privacy > Change Blocklist which is only available in 43+ to block > "other Content trackers". This is uncommon). > > Optimize.ly is very likely to be re-classified as either an analytics > tracker in the next few weeks, which means TP would block it by default. > > If the intention here is to respect user choice/DNT on mozilla.org and avoid > displaying the TP shield, you'll need to account for Optimize.ly too. We should probably spin up a bug for that and keep our ears to the ground.
Do we want to prevent calls to `window.dataLayer.push` from happening or, do we want to completely block GA for even loading? i.e. none of this[1] should happen. 1. https://github.com/mozilla/bedrock/blob/master/bedrock/base/templates/includes/google-analytics.html I am pretty sure that, just having the library injected, will already cause tracking protection tools to report and block. Thoughts?
(In reply to Schalk Neethling [:espressive] from comment #17) > I am pretty sure that, just having the library injected, will already cause > tracking protection tools to report and block. Thoughts? Yes, if the browser attempts to load from the google-analytics.com domain, it will be blocked and display the shield. If it doesn't, file a bug against Toolkit::Safe Browsing :)
Blocks: 1218516
Blocks: 1218626
This is up on demo4 for review
Flags: needinfo?(pmac)
Flags: needinfo?(chrismore.bugzilla)
Flags: needinfo?(chrismore.bugzilla)
(In reply to Schalk Neethling [:espressive] from comment #20) > This is up on demo4 for review Looks like it is working for me! I opened up real-time GA, went to content, types in test=cmore and hit enter. I disabled DNT and then visited: https://www-demo4.allizom.org/en-US/firefox/choose/?test=cmore Verified the GA hit. I enabled DNT and then visited: https://www-demo4.allizom.org/en-US/firefox/choose/?test=cmore Verified no GA hit. I am creating a spreadsheet now of all of the different variations that we need to QA verify.
Flags: needinfo?(chrismore.bugzilla)
Here's a spreadsheet of most of the browser/OS combinations that we should test: https://docs.google.com/a/mozilla.com/spreadsheets/d/1VeLN0mZ8r_K9_TlrSgq-5qWpNzuzM7qEIhb1iQovqb0/edit?usp=sharing :espressive: Just to confirm in this code: https://github.com/schalkneethling/bedrock/blob/7a91dafd1685541a0e806f565ee3f1128d079038/media/js/base/dnt-helper.js We are going to ignore Windows 7, 8, and 8.1 because of the mixed bag of IE DNT implementations, right?
Flags: needinfo?(schalk.neethling.bugs)
(In reply to Chris More [:cmore] from comment #22) > Here's a spreadsheet of most of the browser/OS combinations that we should > test: > > https://docs.google.com/a/mozilla.com/spreadsheets/d/1VeLN0mZ8r_K9_TlrSgq- > 5qWpNzuzM7qEIhb1iQovqb0/edit?usp=sharing > > :espressive: Just to confirm in this code: > https://github.com/schalkneethling/bedrock/blob/ > 7a91dafd1685541a0e806f565ee3f1128d079038/media/js/base/dnt-helper.js > > We are going to ignore Windows 7, 8, and 8.1 because of the mixed bag of IE > DNT implementations, right? Correct.
Flags: needinfo?(schalk.neethling.bugs)
How is testing going? I have made some updates to demo4 to improve the script in IE and avoid some potential errors. Let me know when you are happy with the end result. Thanks!
Flags: needinfo?(chrismore.bugzilla)
(In reply to Schalk Neethling [:espressive] from comment #24) > How is testing going? I have made some updates to demo4 to improve the > script in IE and avoid some potential errors. Let me know when you are happy > with the end result. Thanks! I haven't had time to do any more testing. See also fall campaign. :) Should we just get a Web QA person to test all of the variations using Saucelabs and note the results in the spreadsheet?
Flags: needinfo?(chrismore.bugzilla)
rbillings, could you take a look at https://bugzilla.mozilla.org/show_bug.cgi?id=1217896#c22 and let me know whether there is scope to tests this today? Thanks!
Flags: needinfo?(rbillings)
1) please give more notice for testing 2) I expect I/we can hit all of the combos today 3) I have no access to GA, so I won't able to confirm any of the results
Flags: needinfo?(rbillings)
Let me know in email or IRC if you need me to go ahead with the above.
(In reply to Rebecca Billings [:rbillings] from comment #28) > Let me know in email or IRC if you need me to go ahead with the above. I would say go ahead and do the testing. I am sure :cmore can verify afterward, unless you can get access to GA earlier, which would be the ideal. Thanks :rbillings, much appreciated.
Flags: needinfo?(chrismore.bugzilla)
Gave rbillings access to all GA profiles. Thanks!
Flags: needinfo?(chrismore.bugzilla)
I updated the Google doc from Comment 22 with testing status & notes.
(In reply to Rebecca Billings [:rbillings] from comment #31) > I updated the Google doc from Comment 22 with testing status & notes. Thank you! So, from looking at the expected and actual results, this works as advertised. Am I reading it correctly?
Flags: needinfo?(rbillings)
Comments in the doc show items that were not working for me. I'll need sign off that it's ok, or that it's working for others- so I am not giving this a thumbs up.
Flags: needinfo?(rbillings)
(In reply to Rebecca Billings [:rbillings] from comment #33) > Comments in the doc show items that were not working for me. I'll need sign > off that it's ok, or that it's working for others- so I am not giving this a > thumbs up. Yeah, looks all good to me except I would like to ensure that IE 6/7 traffic is coming through normally. They shouldn't be impacted by DNT status since DNT didn't exist back then. Pings should be coming through regardless.
I just tested in IE7 and IE6 using a local VM. Although I cannot confirm that it actually hit GA, the code is returning false in both cases, meaning DNT is not enabled.
Commits pushed to master at https://github.com/mozilla/bedrock https://github.com/mozilla/bedrock/commit/b5735136df5a4326982f98ea56a7d68500f2c2ed Fix Bug 1217896, wrap GA in DNT conditional https://github.com/mozilla/bedrock/commit/3c0e227e9f9d95a26e77d6ee08a697db72d74f42 Merge pull request #3478 from schalkneethling/bug1217896-wrap-ga-in-dnt-conditional Fix Bug 1217896, wrap GA in DNT conditional
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
When this pushed to production, please update this bug so we can annotate Google Analytics. We will probably see a drop in downloads and I don't want people to freak out. :)
(In reply to Chris More [:cmore] from comment #37) > When this pushed to production, please update this bug so we can annotate > Google Analytics. We will probably see a drop in downloads and I don't want > people to freak out. :) Push is at 2PM today.
(In reply to Schalk Neethling [:espressive] from comment #38) > (In reply to Chris More [:cmore] from comment #37) > > When this pushed to production, please update this bug so we can annotate > > Google Analytics. We will probably see a drop in downloads and I don't want > > people to freak out. :) > > Push is at 2PM today. Thanks. I've annotated GA with the change. We'll watch the data over the next days/weeks to see if there is a trend change.
(In reply to Chris More [:cmore] from comment #39) > (In reply to Schalk Neethling [:espressive] from comment #38) > > (In reply to Chris More [:cmore] from comment #37) > > > When this pushed to production, please update this bug so we can annotate > > > Google Analytics. We will probably see a drop in downloads and I don't want > > > people to freak out. :) > > > > Push is at 2PM today. > > Thanks. I've annotated GA with the change. We'll watch the data over the > next days/weeks to see if there is a trend change. Awesome, let me know if you see obvious things like no pings from IE6 and 7. I feel confident that they will work just fine, but good that you are keeping an eye on it.
blocking-fx: --- → ?
status-b2g-v2.0: --- → ?
status-b2g-v2.0M: --- → ?
status-b2g-v2.1: --- → ?
status-b2g-v2.1S: --- → ?
status-b2g-v2.2: --- → ?
status-b2g-v2.2r: --- → ?
status-b2g-v2.5: --- → ?
status-b2g-master: --- → ?
status-firefox46: --- → ?
status-firefox47: --- → ?
status-firefox48: --- → ?
status-firefox49: --- → ?
status-firefox-esr38: --- → ?
status-firefox-esr45: --- → ?
tracking-b2g: --- → backlog
tracking-firefox46: --- → ?
tracking-firefox47: --- → ?
tracking-firefox48: --- → ?
tracking-firefox49: --- → ?
tracking-firefox-esr38: --- → ?
tracking-firefox-esr45: --- → ?
relnote-firefox: --- → ?
relnote-b2g: --- → ?
Flags: sec-bounty?
Flags: needinfo?(chrismore.bugzilla)
Flags: needinfo?
Flags: in-testsuite?
blocking-fx: ? → ---
status-b2g-v2.0: ? → ---
status-b2g-v2.0M: ? → ---
status-b2g-v2.1: ? → ---
status-b2g-v2.1S: ? → ---
status-b2g-v2.2: ? → ---
status-b2g-v2.2r: ? → ---
status-b2g-v2.5: ? → ---
status-b2g-master: ? → ---
status-firefox46: ? → ---
status-firefox47: ? → ---
status-firefox48: ? → ---
status-firefox49: ? → ---
status-firefox-esr38: ? → ---
status-firefox-esr45: ? → ---
tracking-b2g: backlog → ---
tracking-firefox46: ? → ---
tracking-firefox47: ? → ---
tracking-firefox48: ? → ---
tracking-firefox49: ? → ---
tracking-firefox-esr38: ? → ---
tracking-firefox-esr45: ? → ---
relnote-firefox: ? → ---
relnote-b2g: ? → ---
Flags: sec-bounty?
Flags: needinfo?(chrismore.bugzilla)
Flags: needinfo?
Flags: in-testsuite?
Attachment #8750640 - Attachment description: "><script>alert(1)</script> → (spam)
Attachment #8750640 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: