Closed Bug 1563388 Opened 5 years ago Closed 5 years ago

Tracking protection on Nightly gives an alarming warning about blocking google analytics cookies

Categories

(DevTools :: Console, task, P2)

task

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 1540117

People

(Reporter: wlach, Unassigned)

References

Details

Attachments

(1 file)

Attached image image.png

So I noticed while debugging another problem that nightly was giving a warning in the devtools console about blocking some google analytics tracking cookies for a site I was working on (https://alpha.iodide.io).

I discussed this a bit on slack with engelhardt and tanvi on slack: https://mozilla.slack.com/archives/CAPE8A1K2/p1562177558297900 (really wish I could easily copy slack conversations as plaintext...)

The tl;dr is that this shouldn't block google analytics site analytics (and indeed this seems to be the case) which is great, but the devtools console message is likely going to be a little bit alarming to web developers. Is there any way we could (at least) change the messaging inside devtools?

If it helps, I did up a small site which reproduces the warning here on github pages here:

https://wlach.github.io/ga-test/

Spoke with William a bit more about this on Slack. One option for how to do this is to document this in https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy/Errors/CookieBlockedTracker which is linked to from the "Learn More" link in the console but that page doesn't seem to be written in a way that's messaged towards developers currently. From the other perspective, customizing our UI with a Google Analytics specific message may not be super ideal, but I certainly see how this message can cause panic around the lines of "OMG GA doesn't work in Firefox any more".

Nicolas, can you think of any good options here? Can we have a message here that depends on the URI being reported? Thanks!

See Also: → 1493361
Component: Privacy: Anti-Tracking → Console
Flags: needinfo?(nchevobbe)
Product: Core → DevTools

Can we have a message here that depends on the URI being reported?

Technically, yes, I think.

Now, I'm not sure this would be a good idea.
If this might be confusing to users, it won't be only on google analytics message. If the wording isn't good enough, we should change it, and not only for GA.
So here, whatever we'd put for the GA message, we should put it directly for everything.
We had a similar report on those messages in Bug 1563388, so I guess we should do some rewording on them, so they don't appear as scary as they do now.

We might also have a better heuristic to when we should emit these messages (but I guess this is more complex?).
We could also lower its category (info instead of warning)
Or we might plainly drop this message if we feel it causes more harm than good.

Flags: needinfo?(nchevobbe)

If the problem is with the message being overly broad, shouldn't we mention the name of the cookie that was blocked so that the developer has a chance to figure out whether it is one they care about? Perhaps also adding a short section specific to GA cookie names in our MDN link, since GA has a dominant industry position.

Type: defect → task
Priority: -- → P2

William, for some reason the page you linked to can't load the ga script

Loading failed for the <script> with source “https://www.googletagmanager.com/gtag/js?id=UA-1648932-9”. ga-test:5:1

so I can't see the tracking protection message

(In reply to Nicolas Chevobbe [:nchevobbe] from comment #4)

William, for some reason the page you linked to can't load the ga script

Loading failed for the <script> with source “https://www.googletagmanager.com/gtag/js?id=UA-1648932-9”. ga-test:5:1

so I can't see the tracking protection message

Hi Nicolas, it works fine for me here on the latest nightly. For an alternative, https://alpha.iodide.io/ causes the same error to appear.

(In reply to Panos Astithas (he/him) [:past] (please ni?) from comment #3)

If the problem is with the message being overly broad, shouldn't we mention the name of the cookie that was blocked so that the developer has a chance to figure out whether it is one they care about? Perhaps also adding a short section specific to GA cookie names in our MDN link, since GA has a dominant industry position.

A few points about this.

  • This message isn't really only fired only for cookies. It can be fired for any of the things fired here: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy#What_does_the_storage_access_policy_block. I'm afraid the concept of name doesn't apply to them all and even for the ones that it does apply to, listing them may be more confusing than helpful.

  • GA cookie names are documented here, I don't think this is something we should document ourselves since it will eventually become out of date.

  • Now that I think about this more, I really dislike the idea of preferentially treating one service in Firefox like this. But I mentioned this since we already special case e.g. popular JS libraries in devtools, so I thought perhaps the idea of a special case improved message here (perhaps in the form of an extra string e.g. "Your visit analytics should still be submitted successfully.") may be reasonable. :-)

See Also: → 1565291

Looks like this was just a duplicate of bug 1540117 which Ehsan fixed a few weeks ago (found the bug via mozregression). Thanks Ehsan!

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: