Closed
Bug 731852
Opened 13 years ago
Closed 13 years ago
Privacy Policy Violation: Improper Web Analytics / User Tracking
Categories
(developer.mozilla.org Graveyard :: Editing, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
2.5
People
(Reporter: amuntner, Assigned: craigcook)
Details
(Whiteboard: u=user c=security p=1)
Attachments
(1 file)
476 bytes,
patch
|
craigcook
:
review+
|
Details | Diff | Splinter Review |
** Summary: Privacy Violation - Improper Web Analytics / User Tracking
** Reproduction Steps:
1. Visit HTTP://developer.mozilla.org/en/HTML/Canvas
2. View source
3. Search for the string "UA-68075-16" to navigate to the affected code. (reproduced below)
</div><script type="text/javascript">$(function() {var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");$.getScript(gaJsHost + "google-analytics.com/ga.js", function() {try {var pageTracker = _gat._getTracker("UA-68075-16");pageTracker._setDomainName(".mindtouch.com");pageTracker._trackPageview();} catch(e) {}});});</script>
** Recommended Remediation: Remove the javascript
Updated•13 years ago
|
Whiteboard: u=user c=security p=
Target Milestone: --- → 2.5
Comment 1•13 years ago
|
||
Can you point to what's actually violating any policy? Is it the ".mindtouch.com", or the fact that we're using GA at all? Do we have any other analytics on MDN?
Reporter | ||
Comment 2•13 years ago
|
||
UA-68075-16 is a google analytics cookie owned by mindtouch.com. Mozilla doesn't get these analyitcs, they do.
I looked further, and it appears to be on every page of MDN under Docs.
A web search turned this up: http://forums.developer.mindtouch.com/showthread.php?9620-Google-Analytics-default-Account-ID
indicating this is likely a widespread issue for all mindtouch customers.
Anyone know who has a relationship with Mindtouch/can put me in touch with someone there?
Reporter | ||
Comment 3•13 years ago
|
||
http://developer.mindtouch.com/en/kb/Configuration_keys_and_values
Configuration of the MindTouch API service is handled a startup xml file (/etc/dekiwiki/mindtouch.deki.startup.xml) and the database table 'config'. [SNIP]
ui/analytics-key UA-68075-16
It's a default mindtouch configuration, it sounds like their installation docs probably don't mention changing this value.
Comment 4•13 years ago
|
||
I left a comment on http://forums.developer.mindtouch.com/showthread.php?486-Google-Analytics but we'll remove this from the footer code ourselves if there's no way to disabled via configuration.
Reporter | ||
Comment 5•13 years ago
|
||
Luke - nice find! On the page you linked to, I saw one to http://developer.mindtouch.com/Deki_Wiki/Features/Google_Analytics - based on this page, it looks like the answer is to just blank the field in the config.
Are there any other Mozilla sites using this wiki software? They may have the same issue.
Comment 6•13 years ago
|
||
(In reply to Adam Muntner :adamm from comment #5)
> Are there any other Mozilla sites using this wiki software? They may have
> the same issue.
Absolutely not. :)
We do have a support contract with MindTouch if we need it, but hopefully this is something we can change via configuration or a template.
Comment 7•13 years ago
|
||
There is a Google Analytics entry on the MDN control panel: https://developer.mozilla.org/deki/cp/analytics.php
The UA string is currently empty. (Maybe somebody just flipped it)
Comment 8•13 years ago
|
||
the config change didn't affect local so I think we'll have to do this with a template/skin change.
Updated•13 years ago
|
Whiteboard: u=user c=security p= → u=user c=security p=1
Updated•13 years ago
|
Assignee: nobody → lcrouch
Comment 9•13 years ago
|
||
Attachment #604604 -
Flags: review?(craigcook.bugz)
Updated•13 years ago
|
Assignee: lcrouch → craigcook.bugz
Assignee | ||
Comment 10•13 years ago
|
||
Comment on attachment 604604 [details] [diff] [review]
remove analytics call
Patch applied in r102846
Attachment #604604 -
Flags: review?(craigcook.bugz) → review+
Assignee | ||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 11•13 years ago
|
||
qa-verified-trunk https://developer-stage9.mozilla.org/en/HTML
Comment 12•13 years ago
|
||
verified fixed https://developer.mozilla.org/en-US/
Status: RESOLVED → VERIFIED
Updated•12 years ago
|
Component: Docs Platform → Editing
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•