privacybadger icon indicating copy to clipboard operation
privacybadger copied to clipboard

Published 20 hours ago verified publisher icon EFForg

Atlassian's Global Analytics Service (GASv3) API in Jira

Open AGhost-7 opened this issue 5 years ago • 6 comments

Noticed that some new endpoints appear to be sending data over to segment.io when using Jira, which isn't being blocked by privacy badger:

https://*.atlassian.net/gateway/api/gasv3/api/v1/p Screen Shot 2019-05-07 at 12 01 35 PM

https://*.atlassian.net/gateway/api/gasv3/api/v1/t Screen Shot 2019-05-07 at 12 03 05 PM

AGhost-7 avatar May 07 '19 16:05 AGhost-7

Is the issue here that Privacy Badger should be blocking the requests? If so, can you check whether "segment.io" is present in your snitch map at all? (just step 3 here)

bcyphers avatar May 07 '19 16:05 bcyphers

Yes, the issue is that I think Privacy Badger should be blocking those requests. It doesn't look like segment.io is in the map.

AGhost-7 avatar May 07 '19 23:05 AGhost-7

Possibly related: #367

bcyphers avatar May 08 '19 06:05 bcyphers

Looks like these are POST requests. Related to #794, which is probably about looking into GET request query strings.

ghostwords avatar May 16 '19 16:05 ghostwords

If we were to implement this, we'd probably want to ignore user-initiated form submissions (https://github.com/EFForg/privacybadger/issues/2221#issuecomment-442134054).

ghostwords avatar May 16 '19 16:05 ghostwords

I think this is part of Atlassian's Global Analytics Service (GASv3).

https://www.atlassian.com/engineering/cloud-overview

GASv3 exposes an API that is used by all of our product analytic client libraries to transmit structured data into our pipeline.

So then this is first party tracking but maybe integrated into third parties on the backend?

Does segment.io show up anywhere in your browser's network tools when these "gasv3" requests are sent?

How would Privacy Badger know that these are tracking requests?

ghostwords avatar Dec 01 '23 20:12 ghostwords