Privacy Policy Violation: Improper Web Analytics / User Tracking



7 years ago
6 years ago


(Reporter: amuntner, Assigned: craigcook)




(Whiteboard: u=user c=security p=1)


(1 attachment)

** Summary: Privacy Violation - Improper Web Analytics / User Tracking

** Reproduction Steps: 

1. Visit HTTP://

2. View source

3. Search for the string "UA-68075-16" to navigate to the affected code. (reproduced below)

</div><script type="text/javascript">$(function() {var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");$.getScript(gaJsHost + "", function() {try {var pageTracker = _gat._getTracker("UA-68075-16");pageTracker._setDomainName("");pageTracker._trackPageview();} catch(e) {}});});</script>

** Recommended Remediation: Remove the javascript
Whiteboard: u=user c=security p=
Target Milestone: --- → 2.5
Can you point to what's actually violating any policy? Is it the "", or the fact that we're using GA at all? Do we have any other analytics on MDN?
UA-68075-16 is a google analytics cookie owned by Mozilla doesn't get these analyitcs, they do. 

I looked further, and it appears to be on every page of MDN under Docs. 

A web search turned this up:

indicating this is likely a widespread issue for all mindtouch customers. 

Anyone know who has a relationship with Mindtouch/can put me in touch with someone there?

Configuration of the MindTouch API service is handled a startup xml file (/etc/dekiwiki/mindtouch.deki.startup.xml) and the database table 'config'. [SNIP]

ui/analytics-key	UA-68075-16

It's a default mindtouch configuration, it sounds like their installation docs probably don't mention changing this value.
I left a comment on but we'll remove this from the footer code ourselves if there's no way to disabled via configuration.
Luke - nice find! On the page you linked to, I saw one to - based on this page, it looks like the answer is to just blank the field in the config.

Are there any other Mozilla sites using this wiki software? They may have the same issue.
(In reply to Adam Muntner :adamm from comment #5)
> Are there any other Mozilla sites using this wiki software? They may have
> the same issue.

Absolutely not. :)

We do have a support contract with MindTouch if we need it, but hopefully this is something we can change via configuration or a template.
There is a Google Analytics entry on the MDN control panel:

The UA string is currently empty. (Maybe somebody just flipped it)
the config change didn't affect local so I think we'll have to do this with a template/skin change.
Whiteboard: u=user c=security p= → u=user c=security p=1
Assignee: nobody → lcrouch
Created attachment 604604 [details] [diff] [review]
remove analytics call
Attachment #604604 - Flags: review?(craigcook.bugz)
Assignee: lcrouch → craigcook.bugz

Comment 10

7 years ago
Comment on attachment 604604 [details] [diff] [review]
remove analytics call

Patch applied in r102846
Attachment #604604 - Flags: review?(craigcook.bugz) → review+


7 years ago
Last Resolved: 7 years ago
Resolution: --- → FIXED
verified fixed
Component: Docs Platform → Editing
Product: Mozilla Developer Network → Mozilla Developer Network
You need to log in before you can comment on or make changes to this bug.