Protection contre le pistage

Cette traduction est incomplète. Aidez à traduire cet article depuis l'anglais.

Qu'est-ce que la protection contre le pistage ?

Démarrée dans la version 42, Firefox pour bureau et Firefox pour Android inclus une une protection contre le pistage. En navigation privée, Firefox bloque le contenu chargé depuis des domaines qui pistent les utilisateurs à travers les sites.

Some blocked content is part of the page layout, and users may notice layout issues where Firefox blocked these loads. Sometimes users won’t notice at all, if the page grid works such that other page elements slide in to fill holes left by blocked elements.

Quand Firefox bloque un contenu, il écrit un message dans la console web comme ceci :

The resource at "http://some/url" was blocked because tracking protection is enabled.

Note that with Firefox for Android, you can access console output using the remote debugger.

The Firefox UI will indicate to users when content has been blocked and enable them to unblock it for the current session if they choose. Users will also be able to disable tracking protection entirely if they choose.

Comment Firefox choisit quoi bloquer ?

Content is blocked based on the domain from which it is to be loaded.

Firefox will ship with a list of sites which have been identified as engaging in cross-site tracking of users. When tracking protection is enabled, Firefox will block content from sites in the list.

Sites that track users are most commonly third-party advertising and analytics sites.

Ce que cela signifie pour vos sites

Most obviously, it means that when tracking protection is enabled:

  • content served from third-party trackers will not be visible to users
  • your site won't be able to use third-party advertising or analytics services that engage in tracking

More subtly, if other parts of your site depend on trackers being loaded, then these parts will also be broken when tracking protection is enabled. For example, if your site includes a callback that runs when content from a tracking site is loaded, then the callback will not execute.

Par exemple, vous ne devez pas utiliser Google Analytics de cette façon :

<a href="http://www.example.com" onclick="trackLink('http://www.example.com', event);">Visit example.com</a>
<script>
function trackLink(url,event) {
    event.preventDefault();
    ga('send', 'event', 'outbound', 'click', url, {
     'transport': 'beacon',
     'hitCallback': function() { 
       document.location = url; 
     }
   });
}
</script>

Instead, you should account for the case when Google Analytics is missing by checking to see if the ga object has initialized:

<a href="http://www.example.com" onclick="trackLink('http://www.example.com', event);">Visit example.com</a>
<script>
function trackLink(url,event) {
    event.preventDefault();
    if (window.ga && ga.loaded) {
         ga('send', 'event', 'outbound', 'click', url, {
         'transport': 'beacon',
         'hitCallback': function() { document.location = url; }
       });
    } else {
        document.location = url;
    }
}
</script>

More information about this technique is available at Google Analytics, Privacy, and Event Tracking.

Note that depending on a third party in this way is not a good practice anyway, as it means your site can be broken if the third party is slow or unavailable, or if the tracker is blocked by an add-on.

Étiquettes et contributeurs liés au document

 Contributeurs à cette page : PifyZ
 Dernière mise à jour par : PifyZ,