New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DoNotTrack not recognized by matomo optout-script #12701
Comments
Are you able to figure out which headers your browser sends when DNT is enabled? |
I can give you this with mod_log_forensic of my apache-server
LogFormat for this line in Apache: As you can see "dnt:1" at 3rd line is send. |
Hi, I can reproduce it with LineageOS 14.1 and |
I fail to setup SSL with mitmproxy so I can only intercept HTTP requests, but it seems like no matter how one sets the "Aktivitäten nicht verfolgen" setting, it never seems to add an dnt header. Opening http://request.urih.com/ in the browser shows the same. |
@xopez Which version are you using exactly? I am having a different user agent then you
UPDATE: But the Opt-Out screen is still shown. |
@sgiehl It seems like the request even gets tracked: |
I am using
But also noticed it before the version. |
yes, cause it says it didn't find DNT. |
As it works fine with Chrome, this is a Jellybug, isn't it? |
@fdellwing At least partly. But I'm stil unsure why it isn't working when one switches to the Chrome Webview, because it sends dnt:1 and $_SERVER["HTTP_DNT"] is correctly set to "1" |
I don't have Jelly installed, only Chrome, so I cannot help figuring this out. |
Isn't it installed by default (simply called "Browser")? |
yes. The jelly-browser is called "Browser" in the app launcher in LineageOS. And it's a system app, so can't remove it so easily. |
After a lot of debugging I have now finally found (at least part of) the solution: I have created an HTML page with an opt-out-iframe of an non-https matomo instance (so I can proxy the request) It turns out that the DNT-header isn't sent to pages in iFrames. @xopez So if you could try out to directly surf to the https://yourmatomo.example/index.php?module=CoreAdminHome&action=optOut&idsite=14&language=de URL, it should correctly show the Opt-Out. |
It turns out that the DNT-header isn't sent to pages in iFrames. So, a problem with the implementation of iframe in jelly? |
And to fully solve the mystery and show that this has nothing to do with Matomo: I added JS to the page to make a AJAX request, and it turns out that it also doesn't get a DNT header: Therefore Matomo has no chance to know that the user has enabled DNT and therefore tracks the user. I'll create a bugreport to LineageOS as it seems the DNT-feature is completely useless. |
@Findus23 I dont see a thread in jira, can you provide a link? |
They only open their bug tracker from saturday to Sunday. |
Ok, if you are able to please send it to me via forum :) |
Just post it here, so we can follow it. |
@fdellwing, @xopez |
Semi-related: |
Hello everyone,
I noticed that on LineageOS (Android Rom) the default browser (built-in and I think its Jelly Browser) doesn't really recognize the DoNotTrack-function. I set the option in the browser and my page still says that I can Opt-Out. Other Browsers are working fine and I'm told I have the option set. Don't know it's a browser bug or not. Screens with German text, but the position where it stands is marked red.
android package name of the browser:
org.lieangeos.jelly
useragent:
Mozilla/5.0 (Linux; Android 7.1.2; HTC One A9 Build/NJH47F) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/65.0.3325.144 Mobile Safari/537.36
OptOut-Iframe:
<iframe style="border: 0; height: 200px; width: 600px;" src="https://analytics.mightful-noobs.de/index.php?module=CoreAdminHome&action=optOut&language=de&backgroundColor=&fontColor=606060&fontSize=100%&fontFamily=Montserrat%20Regular" width="300" height="150"></iframe>
The text was updated successfully, but these errors were encountered: