fewucnin
commented
3 years ago @shreyasminocha
Closed fewucnin closed 3 years ago
fewucnin
commented
3 years ago @shreyasminocha
shreyasminocha
commented
3 years ago I think you're being a little heavy-handed here and in my experience being heavy-handed leads to breakage. Bazaarvoice is more than just tracking software, so I don't think that's justified here.
0.0.0.0 apps.bazaarvoice.com
0.0.0.0 apps.nexus.bazaarvoice.comI'm afraid these will break all Bazaarvoice applications, even things that aren't bv pixel.
0.0.0.0 analytics-static.ugc.bazaarvoice.com
0.0.0.0 bv-analytics-js-prod.s3.amazonaws.com
0.0.0.0 bv-analytics-js-qa.s3.amazonaws.comThese are relatively on-the-nose, so I'm okay with adding these three (although the first one seems to already be on a few lists). I looked through bv.js and it looks like the only domain that's receiving xhr requests is analytics-static.ugc.bazaarvoice.com.
With the rest of the domains: I'm not convinced that they're problematic. If you find them being used in a way that's clearly for tracking/telemetry or if you intercept a request that shows that they're receiving personal data, that would be evidence enough.
fewucnin
commented
3 years ago I think you're being a little heavy-handed here and in my experience being heavy-handed leads to breakage. Bazaarvoice is more than just tracking software, so I don't think that's justified here.
0.0.0.0 apps.bazaarvoice.com 0.0.0.0 apps.nexus.bazaarvoice.comI'm afraid these will break all Bazaarvoice applications, even things that aren't bv pixel.
0.0.0.0 analytics-static.ugc.bazaarvoice.com 0.0.0.0 bv-analytics-js-prod.s3.amazonaws.com 0.0.0.0 bv-analytics-js-qa.s3.amazonaws.comThese are relatively on-the-nose, so I'm okay with adding these three (although the first one seems to already be on a few lists). I looked through
bv.jsand it looks like the only domain that's receiving xhr requests isanalytics-static.ugc.bazaarvoice.com.With the rest of the domains: I'm not convinced that they're problematic. If you find them being used in a way that's clearly for tracking/telemetry or if you intercept a request that shows that they're receiving personal data, that would be evidence enough.
Thank you for the feedback and explanation. I have removed the apps.* URLs and the magpie.* URLs.
In the script https://analytics-static.ugc.bazaarvoice.com/prod/static/3/bv-analytics.js is the function...
(P.getTrackerHostname = function () {
var e = this._get("customTrackerHostname");
if (e) return e;
if (this.isValidating()) return "schema.mag.bazaarvoice.com";
var t = "network";
return this.getEU() && (t += "-eu"), this.getStaging() && (t += "-stg"), this.getAnonymous() && (t += "-a"), (t += ".bazaarvoice.com");
}),The URL schema.mag.bazaarvoice.com seems to contain the schemas for validating the tracking events, so I think that is safe to block?
If you go onto a Bazaarvoice customer i.e. https://www.carphonewarehouse.com and capture the traffic on a page which has reviews you can see requests for a 1 by 1 pixel or gif to a network.bazaarvoice.com address, with personally identifiable information e.g. locale, time zone, screen resolution and more. So I think all the network.bazaarvoice.com addresses are safe to block as well? Blocking it does not affect with the reviews being displayed.
shreyasminocha
commented
3 years ago The URL schema.mag.bazaarvoice.com seems to contain the schemas for validating the tracking events, so I think that is safe to block?
Nah there might be issues if it also has other schemas—which I assume it does.
If you go onto a Bazaarvoice customer i.e. https://www.carphonewarehouse.com and capture the traffic on a page which has reviews you can see requests for a 1 by 1 pixel or gif to a network.bazaarvoice.com address, with personally identifiable information e.g. locale, time zone, screen resolution and more. So I think all the network.bazaarvoice.com addresses are safe to block as well? Blocking it does not affect with the reviews being displayed.
Same thing with this one. I mean, can we be sure that network* are used only for serving tracking pixels? Judging by its name it seems a little generic, so I want to be cautious.
fewucnin
commented
3 years ago @shreyasminocha Okay, I pulled all but the on the nose URLs you mentioned.
shreyasminocha
commented
3 years ago Thanks!
Why Block... Use BV Pixel to capture data about product purchases and non-transactional events, such as clicks on a Store Locator or Where To Buy link.
Implementing BV Pixel is essential for measuring the business impact of your user-generated content (UGC).
BV Pixel is implemented using JavaScript. It’s similar to other analytics-tracking services from Google Analytics or Omniture.
How it was gathered... By reverse engineering the Chrome extension.
https://chrome.google.com/webstore/detail/bazaarvoice-analytics-ins/olmofcadoappjkcnnhomdlnpmpbleekd
https://knowledge.bazaarvoice.com/wp-content/conversations/en_US/Collect/bvpixel.html