-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Google Analytics is used to track users. #3145
Comments
As I mentioned in #3156: we will not be removing analytics support entirely. It is extremely useful to us and we have already weighed the cost/benefit of using tracking. That said, I think we should only be enabling tracking for users who have opted-in to sharing their data usage in Firefox. I'd guess respecting the Telemetry checkbox (https://www.dropbox.com/s/blcumfu2vzrvt9f/Screenshot%202017-07-12%2014.13.00.png?dl=0) would work. Or maybe having a new checkbox if piggy-backing on that one is problematic from a legal perspective. |
Actually, @muffinresearch pointed out we could probably just observe Do Not Track here, because this pane is actually a web page loaded in an iFrame inside the browser page. That might be faster to ship. Just thinking aloud 😄 I'm definitely for giving users the option to disable this. |
Wanted to address your position though: We don't give the "data directly to Google". See the discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=858839. The short version is:
We are collecting aggregate and non-identifiable data in numbers to ensure our development/UX changes are met well. We can respect privacy and still have analytics; in fact Mozilla's aim is for an experience that values user privacy and usability (I'd say Apple also wants UX that fits that mold, as an example). We need some data, anonymised and aggregated, to do this. |
Privacy: Option to opt-in. Anti-privacy: Option to opt-out. |
Without elaborating on opt-in or opt-out, there is one clear fact: A user that has telemetry disabled has clearly stated that he does NOT want to "Share performance, usage, hardware and customisation data about your browser with Mozilla". https://support.mozilla.org/en-US/kb/share-telemetry-data-mozilla-help-improve-firefox If you do this add-on tracking despite this option is turned off, this is a clear breach of trust. If I have this option off, then I expect that exactly such a tracking of usage and customisation like described above is NOT happening. |
Still code from a service you don't control is running on this site. You never know when Google changes anything there or get's hijacked at this point. (Which is a very good target btw.) |
(Since the comment I replied to has been deleted, I quote it without username):
Agreed, a laywer could take this route to defend that in court. But somehow I doubt that it is benefiting that Mozilla users need lawyers to be able to decide if they can trust the options they set in Firefox or if there is some legal way for Mozilla to do what they stated they do not want. |
When using Google Analytics, the data is saved on a server owned by Google, right? Then the data is given directly to Google. And I do not want that. |
Why not using a Piwik hosted by Mozilla instead of Google Analytics? |
Various users have probably opted in to Telemetry not knowing that also means opting into Google Analytics. Given that Mozilla released the billboard "Big Browser is watching" it's beyond disappointing that they would contribute to the very thing they're calling Google out on without first notifying users of the fact or giving users the option to opt out. |
Who is legally responsible for this feature (Name, Corporation, Address)? This is a clear violation of the opt-in requirement for tracking that the EU Cookie Directive (which handles all kinds of tracking) sets, and it seems like I’d have to go the legal route, considering that the suggested "fix" doesn’t fix anything. |
Let's clear a few things up:
This issue is for the discussion around disabling Google Analytics usage on the page that serves the Discovery Pane. Implementing that feature is, to me, a good idea. We have heard the opinions here of people who do not trust Google. For now obviously you can block Google Analytics domains in your DNS settings and opting not to use the So: please keep this discussion civil in tone. I would ask that you assume good faith in Mozilla if you would like to discuss how to improve Firefox and limit the pages that load analytics. If you are assuming Mozilla will act badly, then I would encourage you simply to block the discovery pane from loading as I mentioned above. |
Question is what's carrying more weight for the Mozilla Foundation: The promise of respecting user privacy, or getting more accurate usage statistics with less work. It's good to know that the Mozilla Foundation does the latter. It's bad that the MF thinks is can pass on data to third parties because it's convenient, without asking the user for consent (maybe Mozilla did, implicitly, but then I wasn't made aware that the decision involved third parties, so I still didn't consent even if the MF supposes I did). I hear you say that user tracking is not a black-or-white thing. |
This is incorrect, add-ons can block network requests made by The issue is that allowing content blockers to block network requests on Edit: correction below. |
I thought web extensions couldn't block that content. |
@tofumatt I hope I've been civil enough for your taste - it's difficult to stay strictly neutral when dealing with personal disappointment. One other thing: It's not as simple as "good faith in Mozilla" I'm feeling pretty uneasy about the priorities I am seeing being applied. A single privacy blunder, whether intentional or not, whether by Google or by Mozilla, means that user data went into the hands of people that they shouldn't have gone to, and you can never be sure that it's actually deleted even if the entity that got the data agreed to deleting it. |
Also to think making data "anonymous" would help in privacy aspects is very naive. As we all should know that google has so much data about our all lives and online activities, that it's easy for them to know from which browser/person the data is coming from. Cookies are not important any more to track users. Maybe you as the MF trust google that they handle the data anonymously, but that doesn't mean that we do too. I also want to mention that I never expected the about:addons page being a tracking monster on me at all. Maybe you have written it anywhere on page 120 in the user agreement, but tbh who reads them anyway? |
I just ran a couple of tests, and I believe you are correct. Legacy uBlock Origin can block the network request to GA. However webext-hybrid uBO as per Network pane in dev tools does not block it. Same for pure webext Ghostery, the network request to GA was not blocked, again as per Network pane in dev tools. What is concerning is that both uBO webext-hybrid and Ghostery report the network request to GA as being blocked, while it is really not as per Network pane in dev tools. It's as if the order to block/redirect the network request was silently ignored by the webRequest API, and this causes webext-based blockers to incorrectly and misleadingly report to users what is really happening internally, GA was not really blocked on This is what I have observed, hopefully this can be confirmed by others. |
This seems like something the built-in "Tracking Protection" feature (currently only available in private windows but in FF56 available to all windows) is meant to protect us from but alas it does not appear to stop the |
So, you’re saying we should just trust Google? I’m sorry, but if we’d trust Google, everyone would be using Google Chrome. Additionally, at least a standard cookie notice should exist on that page, as it is tracking the user. |
I'm not telling you or anyone else to trust Google; I don't presume to tell any user what they should do or how they should behave. If you do not trust Google to handle your data, despite the assurances (https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14) we have from them, I would suggest you block their code from your browser by disabling their Analytics domains. I think that's entirely reasonable. Again: I am happy to discuss ways we can make the blocking of GA easier for users on the discovery pane. That's what this issue is about. If you have a blanket distrust of Google that is fine but is out-of-scope for this issue or for Mozilla. Mozilla will continue to use Google Analytics on its web properties, of which the Add-ons Discovery Pane is one. The cookies notice is a separate issue which should be addressed separately; if you would like to file a bug about that feel free. Note, however, that the EU has reformed its policy on cookies and as I understand it the notices will largely go away next year: https://webdevlaw.uk/2017/01/10/cookie-law-reform-announcement/ (of course, I am not a lawyer! 😅) |
Can you file a bug for this against Firefox (i.e. in Bugzilla, not github). https://bugzilla.mozilla.org/enter_bug.cgi?product=Toolkit -> component: Safe Browsing Maybe not filtering about:* is by design but clearly extending this functionality is now very desirable. |
@tofumatt You should really just be considering the message you're sending when you say that Mozilla will use Google Analytics because it's less work for a better product. Because a lot of people could (and might) translate that to equally apply to Google Chrome. Firefox has made great strides to catch up, but you basically just gave the best argument one could for just abandoning Firefox. If even Mozilla can't be bothered to step away from El Goog, what hope do any of us have? |
Can I just state that this is fine and reiterate that the argument here is that users should be notified of third party analytics collecting their data, have the ability of opting out of third party analytics and have any protections they've taken against third party analytics or cookies respected. |
Frankly, the primary reason I use Firefox is that I hope when carrying out cost/benefit analyses, user privacy is given weighted priority. Otherwise, there's little to distinguish the product from Google Chrome, as others here have mentioned. As @justjanne has already mentioned, this is likely illegal in European countries. As a company literally trading on the promise of privacy, the bare minimum of complying with privacy law should be a bar well below the standard set.
It's already been mentioned above, but to re-iterate: you are sending data to Google servers. Any promise from Google on what will be done with that data is contingent on a user's trust of Google, which should be independent of a user's trust of Mozilla.
Regardless of where we stand on Mozilla's policy on their web properties in general, the Add-ons Discovery Pane is part of the browser chrome. Considering it a web property because of the technical implementation details behind it doesn't meet user expectation. It is not a Mozilla web property, it's a part of my browser.
As a user that did opt in to Telemetry (before this), my expectation is that this checkbox enables sending data to Mozilla and Mozilla alone and would not entail sharing my data with 3rd parties. Regardless of the legal standpoint, if enabling Telemetry necessarily involves sharing data with 3rd parties, you should tell users, and you will lose Telemetry opt-ins as a result of doing that. |
(Welcome, HN visitors! Please be patient if responses seem slow — you outnumber us 100:1 and today's a workday so there's meetings and timezones and so on.) |
A fundamental issue is that Mozilla is making a choice on the behalf of users to trust Google without a clear opt-in mechanism. This trust is not being backed by any auditing or accountability by Mozilla or any other parties, making this purely a matter of taking Google at their word. However, Google has paid $22.5M to the FTC for violating user privacy setting in Safari - which is a pretty clear indicator whatever trust Mozilla places in Google is misplaced. To quote the FTC directly: Google "misrepresented to users of Apple Inc.’s Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users".[0] The available public evidence suggests very clearly that Google should not be trusted in this way. The Safari fine is one of many examples to cite. As others have said, Firefox's main selling point is supposed to be more privacy than Chrome, the use of GA directly undermines this and raises questions about Firefox's relative value. |
Regarding
The issue isn’t just the usage of GA, but not asking users about it. If a user opts in to GA, that’s fine, and you can track them (although that’s still not ideal). But trusting GA by default, without even an opt-out, is a major issue, and also means that Mozilla will have to figure out how this was approved for shipping in the first place, as it goes against the ideals for which Mozilla stands. |
Technically, yes. For any other company that is not Mozilla, yes. For Mozilla, a company that sells their product on the back of claims of prioritising privacy, I would ideally hope that:
|
Hi all: a gentle reminder that Mozilla has considered its usage of Google Analytics, was careful in its selection of Google Analytics, and negotiated a deal with Google to ensure data was not shared for mining or with other third parties. This issue has now been posted on Hacker News and is receiving lots of traffic and comments which do not add to the issue at hand: don't load GA if the user has enabled Do Not Track. This issue tracker is not a general discussion forum for how you think Mozilla should conduct its usage tracking or interactions with Google. There is a Hacker News thread monitored by Mozilla staff where a discussion around how Mozilla handles tracking you're welcome to participate in if you'd like to continue the discussion further, but I'll be locking this issue as I think what needs to be said has been said, and further comments have not added to specific fixes for this issue. Thanks for your contributions, folks. A number of people on the Firefox team are taking note of what's been said in this thread and we'll work toward getting the Discovery Pane's usage of Analytics more in line with the privacy settings expected based on what users have set in the browser. |
@tofumatt should I file an issue to add a Privacy Policy link to the discovery pane footer? |
@potch Yes please! 👍 |
A note to all users following the discussion here: We shipped a hotfix to the Add-ons Websites today and now respect Do Not Track on the Mozilla Add-ons Website and You can disable Google Analytics in Again: this only affects users who visit the page with Tracking Protection on (which automatically enables DNT) or who manually set their DNT status to on. This was the fastest and most straightforward way to ship a fix to this issue and it is now in production without requiring a browser update. 👍 Thanks a lot to those at Mozilla who helped get these patches reviewed, landed, and on production in less than a day's turnaround. A few notes: There is an edge case regarding caching we are trying to figure out that may require a browser patch and will take more time: https://bugzilla.mozilla.org/show_bug.cgi?id=1380754. This should not affect most users, however, and the fix is straightforward: please restart your browser after enabling Do Not Track. There is a separate issue regarding disabling Sentry error reporting for app exceptions (#2802) when DNT is enabled. Thanks to all the users who brought this to our attention. I'm closing this issue as there is now a straightforward way to disable Google Analytics on If you spot an issue with our implemetation of DNT to disable Google Analytics, feel free to file an issue on this repo. |
Describe the problem and steps to reproduce it:
Google Analytics is used on the about:addons site while browsing not installed AddOns.
What happened?
It's tracking users and giving data to google directly without any consent.
EDIT from @kumar303: Mozilla has a legal contract with Google that prevents them from using our Google Analytics data for mining or from sharing it with third parties, among other privacy-protecting provisions.
What did you expect to happen?
No tracking anywhere in a browser that advertises with privacy.
Anything else we should know?
Yes, remove all tracking everywhere. (General Bug)
The text was updated successfully, but these errors were encountered: