Jira Notification e-mails

[stdedos]

Prerequisites

• [X] This site DOES NOT contains sexually explicit material, otherwise use NSFW-specific form;
• [X] Filters were updated before reproducing an issue;
• [X] AdGuard product version is up-to-date;
• [X] Browser version is up-to-date;
• [X] If the site or app is broken, disabling AdGuard protection resolves an issue.

What product do you use?

Other ad blocker

AdGuard version

N/A

What type of problem have you encountered?

Missed analytics or tracker

Which browser(s) do you use?

Chrome

Which device do you use?

Desktop

Where is the problem encountered?

https://xxx.atlassian.net/browse/xxx-xxxx?atlOrigin=eyJp...

What filters do you have enabled?

AdGuard URL Tracking filter

What Stealth Mode options do you have enabled?

No response

Add your comment and screenshots

Jira notificaiton e-mails arriving contain this https://xxx.atlassian.net/browse/xxx-xxxx?atlOrigin=eyJp..., which is decoded to a JSON (as evident), which contains no user-understandable values.

They don't seem to affect the page rendering; and the text seems esoteric enough to be tracking data.

Privacy

• [X] I agree to follow this condition

[stdedos]

Also applies to other atlassian.net subpaths

[Alex-302]

Found few jira's emails, but I don't see such requests.

[stdedos]

Maybe it's from a recent version? Older version? 😕 Some env-specific configuration?

[Alex-302]

I don't know. Can check HAR file, but not sure if this is not a secure issue for you.

[stdedos]

Apologies, I don't understand what you mean by that 😅

[Alex-302]

This https://toolbox.googleapps.com/apps/har_analyzer/ ) Requests with content can be captured to a file, which may be checked by us.

[stdedos]

Oh, nooo, noo - that will never happen 😅

I am not sure why do you need it though. I received an e-mail, I right-clicked the button, and I copied the address that this button would lead me to. From point A (button click), to point B (page loaded) the URL is missing the atlOrigin parameter. Additionally, "I know Jira well-enough" to know that I don't need this parameter to render that webpage - so it must be tracking. Idk of what, but idc either.

[Alex-302]

Oh, nooo, noo - that will never happen 😅

I mean the same)

I just do not understand what and where this request made. If you click email link, usually there are few redirects before destination(in case of regular or spam email subscriptions). Not sure if jira collects some info using emails, which they cannot get from users of their services directly on the site.

[stdedos]

I just do not understand what and where this request made. If you click email link, usually there are few redirects before destination(in case of regular or spam email subscriptions).

Actually, no redirects:

... which is not exactly accurate. But really, there are no "real" redirects here:

• Outlook does not have the "referrer-anonymizer" call (which means that hopefully they are not doing any "non-expected" business).
• If there's need for SSO it happens, otherwise it doesn't
• Page is fully loaded, then "esoterically" the parameter is dropped (i.e. no history.pushState)

Obviously, note that the URL is modified on the screenshot - the page is fully navigated to but the new URL is not navigated to

[Alex-302]

Well, I am not sure what to do with it. But found an info about it https://developer.atlassian.com/developer-guide/client-identification/

[stdedos]

This is similar to the UTM parameter used for click tracking in marketing web sites

Souunds something we don't need to me. Ofc, feel free to make a proper ruling.

[Alex-302]

Blocked for atlassian.net