Intent to Merge: Google Analytics on

Boris Zbarsky bzbarsky at
Tue Nov 21 17:13:58 UTC 2017

On 11/19/17 9:55 AM, Julien Wajsberg wrote:
>  1. You are privacy-conscious so you have DNT enabled. You capture a
>     profile with the Gecko Profiler, and share it through 
>     Locally GA is _not_ loaded because DNT is enabled.

Ah, thank you for reminding me that DNT does disable GA.  And tracking 
protection auto-enables DNT, so at least doing normal profiles is safe, 

That said, I think there's a significant step up from "OK with tracking" 
to "OK with sharing URLs I currently have open, including ones that 
themselves don't embed tracking crud, with a third party".  That is, 
there can be, and I expect are, people who do NOT have DNT turned on who 
would nevertheless be surprised to discover that their private URL data 
is ending up in the same page as GA.

>  2. You then hand over the link to another person.

I think at this point you've already lost, fwiw.  We really need better 
redaction features for profile upload....

>   * we already do load a 3rd-party script to shorten URL: we use the
>     JSONP-based API and therefore it involves loading a <script>.
>     Looking at it closer it seems they now support CORS so we should
>     switch to that instead.

That would be good.

>   * when sharing profiles we already send the profiles to google cloud
>     storage, plain and uncrypted.

Yes, the sharing situation is more or less all lost.  My concern was 
about the _non-sharing_ case.


More information about the firefox-dev mailing list