Intent to Merge: Google Analytics on

Boris Zbarsky bzbarsky at
Sat Nov 18 06:06:55 UTC 2017

On 11/17/17 7:50 PM, Harald Kirschner wrote:
> nothing private about the profile itself is collected in GA.

Assuming GA itself is not buggy or malicious, right?

> As alternative to uploading you can also download the profiles locally 
> and attach them to private bugs; so you stay in control over them and 
> can remove them as needed.

I don't see how that's possible in a sane way.  Capturing a profile 
automatically hands the data to scripts running on, no?  It 
may not be uploaded in the sense of being stored on the server, but it's 
in the global the GA scripts are running in.

I have to admit that this change makes me a lot less comfortable using 
the Gecko profiler at all.  :(

> Would it be helpful to have anonymization as 
> an option; to have a best-effort approach on removing PII like URLs from 
> profiles?

If it were done in the profiler itself (i.e. in code we control), not in (which we don't fully control if we load third-party 
scripts into it), it would help with the privacy issue.  Of course it 
would make the profiles a lot less useful (e.g. make it harder to figure 
out which site of the several I have open is causing the performance 


More information about the firefox-dev mailing list