Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broken comments self-hosted by Free Software community #2257

Closed
patdavid opened this issue Dec 31, 2018 · 8 comments
Closed

Broken comments self-hosted by Free Software community #2257

patdavid opened this issue Dec 31, 2018 · 8 comments
Labels
broken site DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy

Comments

@patdavid
Copy link

What is your browser and browser version?

Chrome Version 71.0.3578.98
Firefox 64.0

What is broken and where?

The https://pixls.us community runs a forum at https://discuss.pixls.us that also serves as the commenting back-end for multiple Free Software photography websites (pixls.us, darktable.org, digikam.org).

We (pixls.us) provide management of comments, forum, and community for various Free Software photography projects, and we use a Discourse forum as the backend for this. We basically provide an embed for forum topics to serve as comments on posts at each of these websites.

What is the "culprit" domain?

https://discuss.pixls.us
https://discuss.pixls.us/javascripts/embed.js is the specific file.

What is your debug output for this domain?

Following the instructions in Chrome yields nothing (ie: undefined).
Following the instructions in Firefox:

**** ACTION_MAP for pixls.us
discuss.pixls.us {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "block",
  "nextUpdateTime": 1546701712004
}
pixls.us {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "block",
  "nextUpdateTime": 0
}
**** SNITCH_MAP for pixls.us
pixls.us [
  "digikam.org",
  "",
  "darktable.org"
]
@ghostwords
Copy link
Member

Hello! I tried to see why Badger learns to block pixls.us resources, but I'm having trouble finding the (Discourse) forums on digikam.org and darktable.org domains.

@patdavid
Copy link
Author

patdavid commented Dec 31, 2018
edited
Loading

@ghostwords There isn't a discourse forum on the digikam.org or darktable.org domains directly. The forums are at https://discuss.pixls.us.

On the darktable.org and digikam.org domains we embed forum topic posts from discuss.pixls.us at the bottom of certain posts to work as comments for the page. So if you look at the end of the page on a news post from those sites, you should see the embedded topic posts from discuss.pixls.us:

https://www.digikam.org/news/2018-12-30-6.0.0-beta3_release_announcement/
https://www.darktable.org/2018/12/darktable-260-released/

Those are examples of how the forum topics are embedded to act as comments. Does this help?

side note: the same method will be used for a few more projects in the near future as well!

@ghostwords
Copy link
Member

Ah yes, thank you.

It looks like users who previously visited pixls.us directly have a Google Analytics cookie placed on pixls.us. That cookie is then sent along with requests for embedded pixls.us resources on other sites. Privacy Badger sees the cookie and considers those requests to be tracking.

If your forum domains do not actually track users in any way, you could post the EFF DNT policy (https://www.eff.org/dnt-policy) on each domain (for example, https://discuss.pixls.us/.well-known/dnt-policy.txt) to tell Privacy Badger that domain is DNT compliant and should be left alone.

We are going to teach Privacy Badger to learn to block Google Analytics (#367) in a future update, which will avoid this entire class of problem in the future.

@patdavid
Copy link
Author

Would removing the Google analytics from the domain entirely help? I’ve got no problems doing that if so.

@ghostwords
Copy link
Member

ghostwords commented Dec 31, 2018
edited
Loading

I think so, going forward anyway since Badgers should then have no reason to learn to block pixls.us. One thing you could do is remove Google Analytics for users who enabled the Do Not Track signal, and leave it in place otherwise.

@patdavid
Copy link
Author

Ok, I've gone ahead and removed Google Analytics entirely from the pixls.us domains (just a better general policy all around I think).
Do I need to do anything to get this picked up by PB, or is this something that will sort itself out over time?

@darix
Copy link

darix commented Dec 31, 2018

patdavid: if you want we can just hook up the dnt-policy.txt in all domains as well.

@ghostwords
Copy link
Member

ghostwords commented Jan 4, 2019
edited
Loading

Privacy Badgers should no longer learn to block pixls.us going forward. However, anyone who already visited pixls.us directly and got the Google Analytics cookie will still teach their Privacy Badger about tracking by pixls.us whenever they come across pixls.us resources embedded on other sites. You could post the EFF DNT policy on each pixls.us domain (that gets used for embedding) to take care of those users, assuming these pixls.us domains are indeed compliant with the policy.

@ghostwords ghostwords added the DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy label Jan 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
broken site DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@darix @ghostwords @patdavid