Intent to Merge: Google Analytics on perf-html.io

Boris Zbarsky bzbarsky at mit.edu
Sat Nov 18 06:06:55 UTC 2017


On 11/17/17 7:50 PM, Harald Kirschner wrote:
> nothing private about the profile itself is collected in GA.

Assuming GA itself is not buggy or malicious, right?

> As alternative to uploading you can also download the profiles locally 
> and attach them to private bugs; so you stay in control over them and 
> can remove them as needed.

I don't see how that's possible in a sane way.  Capturing a profile 
automatically hands the data to scripts running on perf-html.io, no?  It 
may not be uploaded in the sense of being stored on the server, but it's 
in the global the GA scripts are running in.

I have to admit that this change makes me a lot less comfortable using 
the Gecko profiler at all.  :(

> Would it be helpful to have anonymization as 
> an option; to have a best-effort approach on removing PII like URLs from 
> profiles?

If it were done in the profiler itself (i.e. in code we control), not in 
perf-html.io (which we don't fully control if we load third-party 
scripts into it), it would help with the privacy issue.  Of course it 
would make the profiles a lot less useful (e.g. make it harder to figure 
out which site of the several I have open is causing the performance 
problem).

-Boris


More information about the firefox-dev mailing list