Disable stats tracking when Do Not Track header is sent

RESOLVED WONTFIX

Status

()

bugzilla.mozilla.org
Extensions: Other
RESOLVED WONTFIX
6 years ago
5 years ago

People

(Reporter: rillian, Unassigned)

Tracking

Production
x86
Mac OS X

Details

Playing with Ghostery and Collusion this week, I noticed bugzilla.mozilla.org is sending a sampling script for webtrends.com. The Collusion add-on identifies this as a tracking site.

The privacy policy at webtrends.com mentions respecting an opt-out cookie, but it's not clear if they respect the Do Not Track header.

As a work around, inclusion of the analytics script should be conditional on not seeing the DNT header from the client.
do-not-track is for advertising, not analytics.

https://wiki.mozilla.org/Privacy/Jan2011_DoNotTrack_FAQ

> ... will allow the user to let a website know when they would like to
> opt-out of third-party tracking for behavioral advertising by transmitting
> a Do Not Track HTTP header every time their data is requested from the Web.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX

Comment 2

6 years ago
> do-not-track is for advertising, not analytics.

This is not what the Do Not Track standard proposal says:

https://tools.ietf.org/html/draft-mayer-do-not-track-00

"In general advertising networks, analytics services, and social plug-in providers are third parties."
(In reply to nickers from comment #2)
> https://tools.ietf.org/html/draft-mayer-do-not-track-00

thanks, i wasn't aware of this document.

i believe we're covered by the following exception (9.3.2):

>   2.  Data obtained by a third party exclusively on behalf of and for
>       the use of a first party.

Comment 4

6 years ago
I'm unable to find any evidence in the webtrends TOS that indicates that they will use the information exclusively for the benefit of the requesting site.
from http://webtrends.com/privacy-policy/

> Webtrends’ clients use our products and services to gather information about their
> own customers and visitors to their Web sites (‘Customer Data’). Webtrends uses
> Customer Data for the purpose of providing services to customers of our products
> and services. We treat Customer Data as the property and confidential information of
> the applicable Webtrends client. We do not share information collected for one client
> with our other clients; provided, that, if a client is a part of Webtrends’ trend
> data service, we may share anonymized, aggregated data that does not identify any
> client or any personal information included in ‘Customer Data’.
FWIW, the IETF document  referenced in comment 2 and comment 3 should be deprecated.  The DNT signal and its meaning are being standardized at the W3C:

http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html

In comment 5, glob points to how web trends policy states the data is siloed per-site.  This limits cross-site tracking, which in my opinion is the point of DNT.  I think it's appropriate that the bug was resolved wontfix since webtrends is probably not facilitating cross-site tracking, but not because it's for analytics purposes.  DNT started out scoped to address just advertising, but it has grown into more than that (read the links above if you have time).

Mozilla is not tracking users across different companies' sites on the web, and if our third parties are we should fix that.  In this case, I don't think webtrends is facilitating such cross-site tracking using our sites.  Collusion, while it shows who has the potential to track, doesn't necessarily provide hard evidence that cross-site tracking is actually occurring, so the webtrends node in this case could be a false positive.
Duplicate of this bug: 858835
You need to log in before you can comment on or make changes to this bug.