Closed Bug 731852 Opened 13 years ago Closed 13 years ago

Privacy Policy Violation: Improper Web Analytics / User Tracking

Categories

(developer.mozilla.org Graveyard :: Editing, defect)

x86_64
Linux
defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: amuntner, Assigned: craigcook)

Details

(Whiteboard: u=user c=security p=1)

Attachments

(1 file)

** Summary: Privacy Violation - Improper Web Analytics / User Tracking ** Reproduction Steps: 1. Visit HTTP://developer.mozilla.org/en/HTML/Canvas 2. View source 3. Search for the string "UA-68075-16" to navigate to the affected code. (reproduced below) </div><script type="text/javascript">$(function() {var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");$.getScript(gaJsHost + "google-analytics.com/ga.js", function() {try {var pageTracker = _gat._getTracker("UA-68075-16");pageTracker._setDomainName(".mindtouch.com");pageTracker._trackPageview();} catch(e) {}});});</script> ** Recommended Remediation: Remove the javascript
Whiteboard: u=user c=security p=
Target Milestone: --- → 2.5
Can you point to what's actually violating any policy? Is it the ".mindtouch.com", or the fact that we're using GA at all? Do we have any other analytics on MDN?
UA-68075-16 is a google analytics cookie owned by mindtouch.com. Mozilla doesn't get these analyitcs, they do. I looked further, and it appears to be on every page of MDN under Docs. A web search turned this up: http://forums.developer.mindtouch.com/showthread.php?9620-Google-Analytics-default-Account-ID indicating this is likely a widespread issue for all mindtouch customers. Anyone know who has a relationship with Mindtouch/can put me in touch with someone there?
http://developer.mindtouch.com/en/kb/Configuration_keys_and_values Configuration of the MindTouch API service is handled a startup xml file (/etc/dekiwiki/mindtouch.deki.startup.xml) and the database table 'config'. [SNIP] ui/analytics-key UA-68075-16 It's a default mindtouch configuration, it sounds like their installation docs probably don't mention changing this value.
I left a comment on http://forums.developer.mindtouch.com/showthread.php?486-Google-Analytics but we'll remove this from the footer code ourselves if there's no way to disabled via configuration.
Luke - nice find! On the page you linked to, I saw one to http://developer.mindtouch.com/Deki_Wiki/Features/Google_Analytics - based on this page, it looks like the answer is to just blank the field in the config. Are there any other Mozilla sites using this wiki software? They may have the same issue.
(In reply to Adam Muntner :adamm from comment #5) > Are there any other Mozilla sites using this wiki software? They may have > the same issue. Absolutely not. :) We do have a support contract with MindTouch if we need it, but hopefully this is something we can change via configuration or a template.
There is a Google Analytics entry on the MDN control panel: https://developer.mozilla.org/deki/cp/analytics.php The UA string is currently empty. (Maybe somebody just flipped it)
the config change didn't affect local so I think we'll have to do this with a template/skin change.
Whiteboard: u=user c=security p= → u=user c=security p=1
Assignee: nobody → lcrouch
Attachment #604604 - Flags: review?(craigcook.bugz)
Assignee: lcrouch → craigcook.bugz
Comment on attachment 604604 [details] [diff] [review] remove analytics call Patch applied in r102846
Attachment #604604 - Flags: review?(craigcook.bugz) → review+
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Component: Docs Platform → Editing
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: