Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Google Analytics #242

Open
gene1wood opened this issue Jul 2, 2024 · 5 comments
Open

Update Google Analytics #242

gene1wood opened this issue Jul 2, 2024 · 5 comments
Assignees

Comments

@gene1wood
Copy link
Collaborator

Update Google Analytics code to use this new or additional code

https://bugzilla.mozilla.org/show_bug.cgi?id=1243082#c1

<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-49796218-39', 'auto');
  ga('send', 'pageview');

</script>
@janbrasna
Copy link
Collaborator

janbrasna commented Jul 8, 2024

While GA3/UA is closed now, it is true that some of the UA properties were (auto)migrated to GA4, and even the old analytics.js tracking script can be used to submit data via legacy APIs surprisingly even under the original UA-* property ID.

  • UA-* (GA3) is valid only if the property was (auto)migrated. For GA4 you'd need a G-* identifier otherwise. Ask the OP if the UA ID is still valid, or they had made new G-* props.
  • The config was for mozilla.github.io that's no longer in use.
  • Without a tracking consent, you'd need to run GA in "anonymous" mode.

@gstrauss
Copy link
Collaborator

In the ssl-config-generator source code, there are two locations which reference UA-66267220-1.

src/templates/index.ejs

    <!--
      Read more about our custom configuration and use of Google Analytics here:
      https://bugzilla.mozilla.org/show_bug.cgi?id=1122305#c8
    -->
    <% if (htmlWebpackPlugin.options.production) { %>
    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-66267220-1"></script>
    <script src="/analytics.js"></script>
    <% } %>

src/js/analytics.js

  gtag(
    'config',
    'UA-66267220-1',
    {
      'anonymize_ip': true,
    }
  );

@gene1wood What modifications are needed to use UA-49796218-39?

I am going to assign this issue to you. Please follow up with Mozilla staff to get clarification of the exact changes needed to comply with expected security and privacy policies, especially given @janbrasna concerns posted above.

Preferably, someone from Mozilla will submit a PR with the recommended changes to the two files src/templates/index.ejs and src/js/analytics.js. Updating this is trivial. However, updating this properly requires clarification from Mozilla admins overseeing the analytics collection. Thank you.

@gstrauss
Copy link
Collaborator

I should note that src/js/analytics.js checks DNT before executing the snippet of code I posted above.
The entire contents of src/js/analytics.js:

/*
  Read more about our custom configuration and use of Google Analytics here:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1122305#c8
*/

const doNotTrack = navigator.doNotTrack || navigator.msDoNotTrack || window.doNotTrack;

if (doNotTrack !== '1' && doNotTrack !== 'yes') {
  window.dataLayer = window.dataLayer || [];

  function gtag() {
    dataLayer.push(arguments);
  }

  gtag('js', new Date());
  gtag(
    'config',
    'UA-66267220-1',
    {
      'anonymize_ip': true,
    }
  );
}

@gstrauss
Copy link
Collaborator

gstrauss commented Dec 7, 2024

FYI: even though Mozilla has a strict privacy agreement with Google, that is not known to various privacy plugins, e.g.

GET https://www.googletagmanager.com/gtag/js?id=UA-66267220-1
Blocked By DuckDuckGo Privacy Essentials
Loading failed for the <script> with source “https://www.googletagmanager.com/gtag/js?id=UA-66267220-1”.

@gstrauss
Copy link
Collaborator

While I do not expect it to need to change, here is the Content-Security-Policy for ssl-config-generator from src/js/constants.js:
contentSecurityPolicy: "default-src 'none'; base-uri 'none'; connect-src https://www.google-analytics.com; font-src 'self' https://code.cdn.mozilla.net; img-src 'self' https://www.google-analytics.com; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src 'self' https://code.cdn.mozilla.net",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants