New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Broken comments self-hosted by Free Software community #2257

Closed
patdavid opened this Issue Dec 31, 2018 · 8 comments

Comments

Projects
None yet
3 participants
@patdavid
Copy link

patdavid commented Dec 31, 2018

What is your browser and browser version?

Chrome Version 71.0.3578.98
Firefox 64.0

What is broken and where?

The https://pixls.us community runs a forum at https://discuss.pixls.us that also serves as the commenting back-end for multiple Free Software photography websites (pixls.us, darktable.org, digikam.org).

We (pixls.us) provide management of comments, forum, and community for various Free Software photography projects, and we use a Discourse forum as the backend for this. We basically provide an embed for forum topics to serve as comments on posts at each of these websites.

What is the "culprit" domain?

https://discuss.pixls.us
https://discuss.pixls.us/javascripts/embed.js is the specific file.

What is your debug output for this domain?

Following the instructions in Chrome yields nothing (ie: undefined).
Following the instructions in Firefox:

**** ACTION_MAP for pixls.us
discuss.pixls.us {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "block",
  "nextUpdateTime": 1546701712004
}
pixls.us {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "block",
  "nextUpdateTime": 0
}
**** SNITCH_MAP for pixls.us
pixls.us [
  "digikam.org",
  "",
  "darktable.org"
]
@ghostwords

This comment has been minimized.

Copy link
Member

ghostwords commented Dec 31, 2018

Hello! I tried to see why Badger learns to block pixls.us resources, but I'm having trouble finding the (Discourse) forums on digikam.org and darktable.org domains.

@patdavid

This comment has been minimized.

Copy link

patdavid commented Dec 31, 2018

@ghostwords There isn't a discourse forum on the digikam.org or darktable.org domains directly. The forums are at https://discuss.pixls.us.

On the darktable.org and digikam.org domains we embed forum topic posts from discuss.pixls.us at the bottom of certain posts to work as comments for the page. So if you look at the end of the page on a news post from those sites, you should see the embedded topic posts from discuss.pixls.us:

https://www.digikam.org/news/2018-12-30-6.0.0-beta3_release_announcement/
https://www.darktable.org/2018/12/darktable-260-released/

Those are examples of how the forum topics are embedded to act as comments. Does this help?

side note: the same method will be used for a few more projects in the near future as well!

@ghostwords

This comment has been minimized.

Copy link
Member

ghostwords commented Dec 31, 2018

Ah yes, thank you.

It looks like users who previously visited pixls.us directly have a Google Analytics cookie placed on pixls.us. That cookie is then sent along with requests for embedded pixls.us resources on other sites. Privacy Badger sees the cookie and considers those requests to be tracking.

If your forum domains do not actually track users in any way, you could post the EFF DNT policy (https://www.eff.org/dnt-policy) on each domain (for example, https://discuss.pixls.us/.well-known/dnt-policy.txt) to tell Privacy Badger that domain is DNT compliant and should be left alone.

We are going to teach Privacy Badger to learn to block Google Analytics (#367) in a future update, which will avoid this entire class of problem in the future.

@patdavid

This comment has been minimized.

Copy link

patdavid commented Dec 31, 2018

Would removing the Google analytics from the domain entirely help? I’ve got no problems doing that if so.

@ghostwords

This comment has been minimized.

Copy link
Member

ghostwords commented Dec 31, 2018

I think so, going forward anyway since Badgers should then have no reason to learn to block pixls.us. One thing you could do is remove Google Analytics for users who enabled the Do Not Track signal, and leave it in place otherwise.

@patdavid

This comment has been minimized.

Copy link

patdavid commented Dec 31, 2018

Ok, I've gone ahead and removed Google Analytics entirely from the pixls.us domains (just a better general policy all around I think).
Do I need to do anything to get this picked up by PB, or is this something that will sort itself out over time?

@darix

This comment has been minimized.

Copy link

darix commented Dec 31, 2018

patdavid: if you want we can just hook up the dnt-policy.txt in all domains as well.

@ghostwords

This comment has been minimized.

Copy link
Member

ghostwords commented Jan 4, 2019

Privacy Badgers should no longer learn to block pixls.us going forward. However, anyone who already visited pixls.us directly and got the Google Analytics cookie will still teach their Privacy Badger about tracking by pixls.us whenever they come across pixls.us resources embedded on other sites. You could post the EFF DNT policy on each pixls.us domain (that gets used for embedding) to take care of those users, assuming these pixls.us domains are indeed compliant with the policy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment