Open tleish opened 12 months ago
stefan-schweiger
commented
9 months ago Looking for exactly the same thing as we can't track sensitive data like session tokens or user ids which might be contained in the url. Any input on anyone from the clarity team maybe?
@kirazbaysal @ ibradwan @amralaa-MSFT ?
ClaritySupport
commented
7 months ago @tleish , @stefan-schweiger , Microsoft Clarity supports masking URL parameters.Please contact us Clarity support with project ID and parameters to mask to request URL parameter masking.
Here's an example:
Unmasked URL parameters: https://www.contoso.com/search?q=hello+world
Masked URL parameters: https://www.consto.com/search?q=*na*
Note:
For URLs, Masking only applies to page URL. Currently, it doesn't apply to other URLs that Clarity captures such as:
Referrer URLs Clicked URLs (the URLs that are captured when a user clicks on the page). The URL parameter's name, which is case-sensitive, is the basis for the masking. In a project, the masking is applied to all the URLs that use that URL parameter. You can't apply the masking to just a subset of URLs.
stefan-schweiger
commented
7 months ago @ClaritySupport I have contacted you via email and you told me that you have enabled the masking for projects I sent you. But it actually didn't work and I haven't gotten any response to my emails I have sent you since.
ClaritySupport
commented
7 months ago Hi Stefan,
We did responded to your email on Monday,PFA for same.
It seems you have a custom version of the Clarity script deployed on your site. You are not using any of the recommended integration options that we provide, How to setup Clarity manually | Microsoft Learnhttps://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-setup We cannot configure collection options and masking correctly if you do that.
Thanks, Clarity Support Team Visit our docs!: https://docs.microsoft.com/en-us/clarity @.**@.> @.***
Confidentiality note: This e-mail, and any attachment to it, contains privileged and confidential information intended only for the use of the individual(s) or entity named in the e-mail. If the reader of the e-mail is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that reading it is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system.
From: Stefan Schweiger @.**@.> Sent: Thursday, April 18, 2024 3:17 AM To: microsoft/clarity @.**@.> Cc: Microsoft Clarity Support @.**@.>; Mention @.**@.> Subject: Re: [microsoft/clarity] Remove sensitive data from URL (Issue #510)
@ClaritySupporthttps://github.com/ClaritySupport I have contacted you via email and you told me that you have enabled the masking for projects I sent you. But it actually didn't work and I haven't gotten any response to my emails I have sent you since.
- Reply to this email directly, view it on GitHubhttps://github.com/microsoft/clarity/issues/510#issuecomment-2063520298, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AW5BXQZLLPBPEC3BQCIUSFLY56MP5AVCNFSM6AAAAAA7W7S272VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRTGUZDAMRZHA. You are receiving this because you were mentioned.Message ID: @.**@.>>
stefan-schweiger
commented
7 months ago Just checked my spam folder and found them... sorry for the confusion.
We are using clarity-js which is a microsoft provided package with react. Does this mean with this combination it's not possible to mask url parameters?
ClaritySupport
commented
7 months ago Hi Stefan,
Yes, with your current Clarity set up we cannot configure collection options and masking correctly.
Thanks, Clarity Support Team Visit our docs!: https://docs.microsoft.com/en-us/clarity @.**@.> @.***
Confidentiality note: This e-mail, and any attachment to it, contains privileged and confidential information intended only for the use of the individual(s) or entity named in the e-mail. If the reader of the e-mail is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that reading it is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system.
From: Stefan Schweiger @.> Sent: Thursday, April 18, 2024 3:24 AM To: microsoft/clarity @.> Cc: Microsoft Clarity Support @.>; Mention @.> Subject: Re: [microsoft/clarity] Remove sensitive data from URL (Issue #510)
Just checked my spam folder and found them... sorry for the confusion.
We are using clarity-js which is a microsoft provided package with react. Does this mean with this combination it's not possible to mask url parameters?
- Reply to this email directly, view it on GitHubhttps://github.com/microsoft/clarity/issues/510#issuecomment-2063532611, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AW5BXQ7MAOYKCQZW5GVKARLY56NLPAVCNFSM6AAAAAA7W7S272VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRTGUZTENRRGE. You are receiving this because you were mentioned.Message ID: @.**@.>>
stefan-schweiger
commented
7 months ago What is your suggested way to use clarity in combination with a JS framework and consent management? Because just using the tracking code is a nogo under GDPR.
ClaritySupport
commented
7 months ago Hi Stefan,
You can use any of recommended ways of Clarity installation, How to setup Clarity manually | Microsoft Learnhttps://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-setup and also Supported Third-party Platforms | Microsoft Learnhttps://learn.microsoft.com/en-us/clarity/third-party-integrations/supported-third-party-platforms.
Cookie Consent: Clarity Cookie Consent | Microsoft Learnhttps://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-consent
Thanks, Clarity Support Team Visit our docs!: https://docs.microsoft.com/en-us/clarity @.**@.> @.***
Confidentiality note: This e-mail, and any attachment to it, contains privileged and confidential information intended only for the use of the individual(s) or entity named in the e-mail. If the reader of the e-mail is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that reading it is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system.
From: Stefan Schweiger @.> Sent: Thursday, April 18, 2024 4:12 AM To: microsoft/clarity @.> Cc: Microsoft Clarity Support @.>; Mention @.> Subject: Re: [microsoft/clarity] Remove sensitive data from URL (Issue #510)
What is your suggested way to use clarity in combination with a JS framework and consent management?
- Reply to this email directly, view it on GitHubhttps://github.com/microsoft/clarity/issues/510#issuecomment-2063614279, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AW5BXQ5GE4ZZQZ7HY2DSXCTY56S6JAVCNFSM6AAAAAA7W7S272VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRTGYYTIMRXHE. You are receiving this because you were mentioned.Message ID: @.**@.>>
stefan-schweiger
commented
7 months ago What's the point of the npm package then?
ClaritySupport
commented
7 months ago Hi Stefan,
Could you please share more details on where you found instructions to install Clarity script.
Thanks, Clarity Support Team Visit our docs!: https://docs.microsoft.com/en-us/clarity @.**@.> @.***
Confidentiality note: This e-mail, and any attachment to it, contains privileged and confidential information intended only for the use of the individual(s) or entity named in the e-mail. If the reader of the e-mail is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that reading it is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system.
From: Stefan Schweiger @.> Sent: Thursday, April 18, 2024 4:21 AM To: microsoft/clarity @.> Cc: Microsoft Clarity Support @.>; Mention @.> Subject: Re: [microsoft/clarity] Remove sensitive data from URL (Issue #510)
What's the point of the npm package then?
- Reply to this email directly, view it on GitHubhttps://github.com/microsoft/clarity/issues/510#issuecomment-2063629434, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AW5BXQZOS7L5AJRG2XDT5VLY56UANAVCNFSM6AAAAAA7W7S272VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRTGYZDSNBTGQ. You are receiving this because you were mentioned.Message ID: @.**@.>>
stefan-schweiger
commented
7 months ago The clarity integration was written by a colleague who now longer is at the company. But I think the fair assumption is that a frontend javascript dev will try to see if there is an official npm package to make his life easier and not use some ugly hardcoded script tag (as is the suggested solution as far as I can tell). If this should not be used please mark it as deprecated or add a warning. But I think having a well documented JS abstraction is very valid for anyone doing a modern single page application.
In GA Analytics, I can use javascript to change the URL sent to for analysis so that I can remove any sensitive data that may be part of the URL. Is there something similar for clarity?