Closed fewucnin closed 3 years ago
@shreyasminocha
I think you're being a little heavy-handed here and in my experience being heavy-handed leads to breakage. Bazaarvoice is more than just tracking software, so I don't think that's justified here.
0.0.0.0 apps.bazaarvoice.com
0.0.0.0 apps.nexus.bazaarvoice.com
I'm afraid these will break all Bazaarvoice applications, even things that aren't bv pixel.
0.0.0.0 analytics-static.ugc.bazaarvoice.com
0.0.0.0 bv-analytics-js-prod.s3.amazonaws.com
0.0.0.0 bv-analytics-js-qa.s3.amazonaws.com
These are relatively on-the-nose, so I'm okay with adding these three (although the first one seems to already be on a few lists). I looked through bv.js
and it looks like the only domain that's receiving xhr requests is analytics-static.ugc.bazaarvoice.com
.
With the rest of the domains: I'm not convinced that they're problematic. If you find them being used in a way that's clearly for tracking/telemetry or if you intercept a request that shows that they're receiving personal data, that would be evidence enough.
I think you're being a little heavy-handed here and in my experience being heavy-handed leads to breakage. Bazaarvoice is more than just tracking software, so I don't think that's justified here.
0.0.0.0 apps.bazaarvoice.com 0.0.0.0 apps.nexus.bazaarvoice.com
I'm afraid these will break all Bazaarvoice applications, even things that aren't bv pixel.
0.0.0.0 analytics-static.ugc.bazaarvoice.com 0.0.0.0 bv-analytics-js-prod.s3.amazonaws.com 0.0.0.0 bv-analytics-js-qa.s3.amazonaws.com
These are relatively on-the-nose, so I'm okay with adding these three (although the first one seems to already be on a few lists). I looked through
bv.js
and it looks like the only domain that's receiving xhr requests isanalytics-static.ugc.bazaarvoice.com
.With the rest of the domains: I'm not convinced that they're problematic. If you find them being used in a way that's clearly for tracking/telemetry or if you intercept a request that shows that they're receiving personal data, that would be evidence enough.
Thank you for the feedback and explanation. I have removed the apps.*
URLs and the magpie.*
URLs.
In the script https://analytics-static.ugc.bazaarvoice.com/prod/static/3/bv-analytics.js is the function...
(P.getTrackerHostname = function () {
var e = this._get("customTrackerHostname");
if (e) return e;
if (this.isValidating()) return "schema.mag.bazaarvoice.com";
var t = "network";
return this.getEU() && (t += "-eu"), this.getStaging() && (t += "-stg"), this.getAnonymous() && (t += "-a"), (t += ".bazaarvoice.com");
}),
The URL schema.mag.bazaarvoice.com
seems to contain the schemas for validating the tracking events, so I think that is safe to block?
If you go onto a Bazaarvoice customer i.e. https://www.carphonewarehouse.com and capture the traffic on a page which has reviews you can see requests for a 1 by 1 pixel or gif to a network.bazaarvoice.com address, with personally identifiable information e.g. locale, time zone, screen resolution and more. So I think all the network.bazaarvoice.com addresses are safe to block as well? Blocking it does not affect with the reviews being displayed.
The URL schema.mag.bazaarvoice.com seems to contain the schemas for validating the tracking events, so I think that is safe to block?
Nah there might be issues if it also has other schemas—which I assume it does.
If you go onto a Bazaarvoice customer i.e. https://www.carphonewarehouse.com and capture the traffic on a page which has reviews you can see requests for a 1 by 1 pixel or gif to a network.bazaarvoice.com address, with personally identifiable information e.g. locale, time zone, screen resolution and more. So I think all the network.bazaarvoice.com addresses are safe to block as well? Blocking it does not affect with the reviews being displayed.
Same thing with this one. I mean, can we be sure that network* are used only for serving tracking pixels? Judging by its name it seems a little generic, so I want to be cautious.
@shreyasminocha Okay, I pulled all but the on the nose URLs you mentioned.
Thanks!
Why Block... Use BV Pixel to capture data about product purchases and non-transactional events, such as clicks on a Store Locator or Where To Buy link.
Implementing BV Pixel is essential for measuring the business impact of your user-generated content (UGC).
BV Pixel is implemented using JavaScript. It’s similar to other analytics-tracking services from Google Analytics or Omniture.
How it was gathered... By reverse engineering the Chrome extension.
https://chrome.google.com/webstore/detail/bazaarvoice-analytics-ins/olmofcadoappjkcnnhomdlnpmpbleekd
https://knowledge.bazaarvoice.com/wp-content/conversations/en_US/Collect/bvpixel.html