Closed Bug 1827985 Opened 2 years ago Closed 2 years ago

Stub Attribution "source" replaces many values with (other)

Categories

(Cloud Services :: Operations: Miscellaneous, enhancement)

Product:
Cloud Services
Component:
Operations: Miscellaneous
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED MOVED

People

(Reporter: Mardak, Unassigned)

References

Details

Looks like the source whitelist filtering was added with bug 1306457 but at least for marketing usage of utm_source, generally all have been filtered out as they aren't domains:

https://docs.google.com/spreadsheets/d/1YSQriUKwq9sz4WLBKRAfupb9OWSOJabm7Qo3RrIf7kI

E.g., fxnews, aichallenge, instagram, hubs

Potentially marketing should be using something actually allowed if we care about getting that data into Firefox attribution (e.g., fake domains?? fxnews.mozilla.org) and/or move that data into medium/campaign/experiment/variation?

But maybe there shouldn't be filtering? Not sure if the original need for filtering is still necessary?

I did some code archeology and it looks like the only reason why we have such a restriction on the source field comes from this comment: https://bugzilla.mozilla.org/show_bug.cgi?id=1273940#c3, specifically:

Some sort of validation that the attribution_code came from a known source, so people can't spam the service or trick users in to downloading stubs with random information written.

This comment https://bugzilla.mozilla.org/show_bug.cgi?id=1306457#c45 suggests that disallowed sources used to prevent the generation of modified installers (i.e. we were serving unmodified installers). That has been changed since then and so we only have a restriction that converts "invalid" sources to (other).

Semi-related: this comment explains how the list was decided back in the day: https://bugzilla.mozilla.org/show_bug.cgi?id=1306457#c1. That does not really explain much of the "why", though.

Given we allow pretty much any value in the other fields, I'd be tempted to suggest that we remove the restriction (allow-list) on the source field in stubattribution. But before that, :mhowell do you remember anything about this source field by chance?

Flags: needinfo?(mhowell)

No, sorry; I was (quite intentionally) never really involved on this side of things, so I never knew any useful details in the first place.

Flags: needinfo?(mhowell)

I'll file a github issue to remove https://github.com/mozilla-services/stubattribution/blob/master/attributioncode/sourcewhitelist.go when we're good to go ahead.

Flags: needinfo?(edilee)
See Also: → 1830916
See Also: 1830916
See Also: → 1830901

Privacy policy will be updated but not a blocker for allowing any source values. There's a few instances in m-c docs that use the same description:

Referring partner domain, when install happens via a known partner

that might want to be updated although some of the nearby comments might also be too specific.

Filed https://github.com/mozilla-services/stubattribution/issues/169

Flags: needinfo?(edilee)
See Also: → https://github.com/mozilla-services/stubattribution/issues/169
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → MOVED
You need to log in before you can comment on or make changes to this bug.