Syntax error throwing formatting out

Anything about use of this forum : NOT about cycling
User avatar
mjr
Posts: 8187
Joined: 20 Jun 2011, 7:06pm
Location: Norfolk or Somerset, mostly
Contact:

Syntax error throwing formatting out

Postby mjr » 13 Jul 2017, 1:00pm

The last day or two has seen a large blank space appear at the top of the page, about half the height of the banner.

There's a syntax error in the page header, with the script preceded with the comment

Code: Select all

<!-- Piwik -->

being in the <head> when it contains a <p> tag pair (which should only appear inside the <body>) and an unescaped & in the src, too. The blank space is probably caused by the extra <p> which holds an zero-size tracking image.

I also think that the forum terms should be updated to explain this tracking by piwik.fonant.com - I expect it's nothing untoward, but it seems a bit sneaky and leaking to another domain seems contrary to "We will do all we can to keep your personal information safe & secure".
MJR, mostly pedalling 3-speed roadsters. KL+West Norfolk BUG incl social easy rides http://www.klwnbug.co.uk
All the above is CC-By-SA and no other implied copyright license to Cycle magazine.

User avatar
gaz
Posts: 12264
Joined: 9 Mar 2007, 12:09pm
Location: Kent

Re: Syntax error throwing formatting out

Postby gaz » 13 Jul 2017, 4:15pm

Probably not relevant and probably something you already know, admin runs Fonant. AIUI the forum is hosted on Fonant's servers.
It's got nothing to do with vorsprung durch technic you know ...

User avatar
mjr
Posts: 8187
Joined: 20 Jun 2011, 7:06pm
Location: Norfolk or Somerset, mostly
Contact:

Re: Syntax error throwing formatting out

Postby mjr » 13 Jul 2017, 5:21pm

gaz wrote:Probably not relevant and probably something you already know, admin runs Fonant. AIUI the forum is hosted on Fonant's servers.

That's my understanding too, plus I'm hoping that piwik.fonant.com is a subdomain under admin's control, but it really ought to be in the terms, rather than setting off privacy plugin alarms in some browsers and making others mysteriously say "waiting for piwik.fonant.com" while loading forum pages.
MJR, mostly pedalling 3-speed roadsters. KL+West Norfolk BUG incl social easy rides http://www.klwnbug.co.uk
All the above is CC-By-SA and no other implied copyright license to Cycle magazine.

User avatar
admin
Site Admin
Posts: 1070
Joined: 14 Dec 2006, 8:27pm
Location: Lancing, West Sussex
Contact:

Re: Syntax error throwing formatting out

Postby admin » 13 Jul 2017, 9:23pm

It's just me, adding some client-side data about how people use the Forum as extra usage information to add to server log file analysis. Piwik is very like Google Analytics, but the data is kept private rather than being given to Google.

I've removed the invalid <noscript><p> tags from the page header - quite surprised that a browser would try to render those, though!

If anyone objects to the analytics I recommend uBlock Origin as a browser extension.

However people can be sure that I have no intention of selling usage data gathered by Piwik, nor sharing it with anyone else. The Forum has been using Google Analytics (Cycling UK's account) for some time now, and the same applies to that (except, of course, Google gets to see and use that data).

UPDATE: Piwik is configured to respect a browser's "Do Not Track" setting, too. When users have set their web browser to "I do not want to be tracked" (DoNotTrack is enabled) then Piwik will not track these visits.

User avatar
mjr
Posts: 8187
Joined: 20 Jun 2011, 7:06pm
Location: Norfolk or Somerset, mostly
Contact:

Re: Syntax error throwing formatting out

Postby mjr » 13 Jul 2017, 11:28pm

So the privacy section of the terms was completely out of date? Google Analytics use really should be in such documents.
MJR, mostly pedalling 3-speed roadsters. KL+West Norfolk BUG incl social easy rides http://www.klwnbug.co.uk
All the above is CC-By-SA and no other implied copyright license to Cycle magazine.

User avatar
admin
Site Admin
Posts: 1070
Joined: 14 Dec 2006, 8:27pm
Location: Lancing, West Sussex
Contact:

Re: Syntax error throwing formatting out

Postby admin » 14 Jul 2017, 8:00am

Good point, I've added a "Site Usage Analytics" section.

Psamathe
Posts: 7648
Joined: 10 Jan 2014, 8:56pm

Re: Syntax error throwing formatting out

Postby Psamathe » 14 Jul 2017, 11:05am

I think you need to clarify further. Your updated text says
Site Usage Analytics

In common with many websites, we use server log file analysis to provide basic information such as trends in visitor numbers, and which browsers and device types are most popular over time.

For more detailed usage analysis, we also use Google Analytics (https://analytics.google.com/) and Piwik (https://piwik.org/ - Piwik is very similar to Google Analytics, but the data is kept private to the host, rather than shared with Google).


By "We" everybody will assume it means CTC/CUK not fonant (a 3rd party). Tracking is important; even Google provide blocking plug-ins for browsers to block their own tracking (I note the Piwik don't). Is this tracking something CTC/CUK are doing/using, part of a hosting contract - in which case you should be clear that this tracking is being contracted to 3rd parties. If it is not something CTC/CUK require then as a 3rd party should you be doing it atall? Also you should provide some mechanism to block/prevent this (beyond the global "DNT" - which Google have pretty much discredited anyway).

Ian

User avatar
admin
Site Admin
Posts: 1070
Joined: 14 Dec 2006, 8:27pm
Location: Lancing, West Sussex
Contact:

Re: Syntax error throwing formatting out

Postby admin » 14 Jul 2017, 11:47am

Psamathe wrote:By "We" everybody will assume it means CTC/CUK not fonant (a 3rd party).


Google is more of a third party than Fonant Ltd is. They use Google Analytics for many purposes, including targetted advertising, and have nothing to do with the running of the Cycling UK Forum.

Fonant (my company: I host, maintain, and administer the Forum) could perhaps be seen as "a third party". But Cycling UK have very little to do with running this Forum, it is looked after by the team of volunteer moderators and me.

Psamathe wrote:Tracking is important;


Yes, "tracking" is important, and you'll find that all major websites track visits for visitor analytics.

Some systems also track for slightly less acceptable reasons, like following people around the web to target them with personalised advertising (Google, for instance).

And there is potential to use tracking to target specific people in a malicious way, if someone was motivated enough. The Russians are accused of doing this sort of thing with Facebook visitor data to influence election results - I don't know if we'll ever know if this actually happened or not.

Psamathe wrote:even Google provide blocking plug-ins for browsers to block their own tracking (I note the Piwik don't).


Piwik doesn't need to provide a plug-in to block analysis: you can use "Do Not Track" or readily-available plugins such as uBlock Origin. These methods block many tracking systems, including Google Analytics, as well as advertising cookies, adverts, and more.

Psamathe wrote:Is this tracking something CTC/CUK are doing/using, part of a hosting contract - in which case you should be clear that this tracking is being contracted to 3rd parties. If it is not something CTC/CUK require then as a 3rd party should you be doing it atall?


The analysis is something that Cycling UK does using Google Analytics, and I, as Forum host/maintainer/administrator, do using Piwik on my own server. I also use Apache log files for things like finding the IP addresses of people abusing the Forum, seeing what percentage of visitors are using smartphones or tablets, how many people use each browser, common "page not found" errors, and so on.

If you really want to avoid being "tracked" by the Forum, you should perhaps consider using Tor or an anonymising proxy service. But since the Cycling UK Forum is not trying to provide targetted advertising, and is not ever going to sell personal usage data to anyone, there really isn't much need.

[A much bigger threat to privacy is contained in the UK's "Investigatory Powers Act 2016" - this requires internet service providers to retain "internet communication records" for everyone for a year. Even more worryingly, the service providers are explicitly prevented from telling their customers that they are doing this. I wouldn't be surprised at all if the Investigatory Powers Act considered an online Forum as being an internet service: and one that might well help tackle terrorism if forum "communication records" were legally required to be kept for a year. Unfortunately if the UK government do compel me to keep Forum usage data for a year, to track people's communications, I would be prevented from letting anybody know.]

Psamathe wrote:Also you should provide some mechanism to block/prevent this (beyond the global "DNT" - which Google have pretty much discredited anyway).


Piwik respects the global "Do Not Track" setting in anyone's browser.

You can also block Piwik by installing a advert-remover/privacy plugin like uBlock Origin.

Of course, every time you log into the Forum you are being "tracked" by phpBB: it records which threads you have read and which you haven't, and it also links your Forum posts to your username, all publicly visible to the entire internet.

Sorry, that was rather long. But internet privacy is important, and people need to understand the issues, even if just a little bit.

User avatar
mjr
Posts: 8187
Joined: 20 Jun 2011, 7:06pm
Location: Norfolk or Somerset, mostly
Contact:

Re: Syntax error throwing formatting out

Postby mjr » 14 Jul 2017, 12:09pm

Yeah, when it gets as far as basic legality (like the terms actually saying who's tracking users), I'm not going to press further. Any problems like Google and CUK's continued support of such monopolists are bigger than this forum's hosting or admins.

However, the blank space at the top of every page remains.

I'm still seeing

Code: Select all

<noscript><p><img src="//piwik.fonant.com/piwik.php?idsite=34143&rec=1" style="border:0;" alt="" /></p></noscript>

inside the <head> section, which is invalid in two ways: you can't have p blocks in the head and the & should be encoded to &amp;
MJR, mostly pedalling 3-speed roadsters. KL+West Norfolk BUG incl social easy rides http://www.klwnbug.co.uk
All the above is CC-By-SA and no other implied copyright license to Cycle magazine.

User avatar
mjr
Posts: 8187
Joined: 20 Jun 2011, 7:06pm
Location: Norfolk or Somerset, mostly
Contact:

Re: Syntax error throwing formatting out

Postby mjr » 14 Jul 2017, 12:13pm

admin wrote:I've removed the invalid <noscript><p> tags from the page header - quite surprised that a browser would try to render those, though!

Why wouldn't it? Browsers try to make the best sense they can of all sorts of random junk that people post online.

It looks like in this case, the Gecko engine decides that you simply forgot the <body> and assumes you meant to start the body already, but then of course it sees the real <body ...> tag as incorrect because you can't have two of those in one document. This seems to mean the real body tag's id and class are ignored, which is probably responsible for the small formatting changes I've noticed.

This behaviour may be different in earlier or later Gecko versions and in other engines like WebKit and whatever IE uses.
MJR, mostly pedalling 3-speed roadsters. KL+West Norfolk BUG incl social easy rides http://www.klwnbug.co.uk
All the above is CC-By-SA and no other implied copyright license to Cycle magazine.

User avatar
admin
Site Admin
Posts: 1070
Joined: 14 Dec 2006, 8:27pm
Location: Lancing, West Sussex
Contact:

Re: Syntax error throwing formatting out

Postby admin » 14 Jul 2017, 12:26pm

mjr wrote:However, the blank space at the top of every page remains.

I'm still seeing

Code: Select all

<noscript><p><img src="//piwik.fonant.com/piwik.php?idsite=34143&rec=1" style="border:0;" alt="" /></p></noscript>

inside the <head> section, which is invalid in two ways: you can't have p blocks in the head and the & should be encoded to &amp;


Arghhh! I forgot to clear the phpBB cache. It's gone now.

Psamathe
Posts: 7648
Joined: 10 Jan 2014, 8:56pm

Re: Syntax error throwing formatting out

Postby Psamathe » 14 Jul 2017, 12:27pm

admin wrote:
Psamathe wrote:By "We" everybody will assume it means CTC/CUK not fonant (a 3rd party).

Google is more of a third party than Fonant Ltd is. They use Google Analytics for many purposes, including targetted advertising, and have nothing to do with the running of the Cycling UK Forum.......

It is not a question of "degree" or "how much of a 3rd party fonant is. You are either CTC/CUK or you are not (making you a 3rd party). How much CTC/CUK have to do with running the forum is not relevant to fonant being a 3rd party or not.
admin wrote:
Psamathe wrote:Tracking is important;

Yes, "tracking" is important, and you'll find that all major websites track visits for visitor analytics.

Some systems also track for slightly less acceptable reasons, like following people around the web to target them with personalised advertising (Google, for instance).
....

You are making value decisions of behalf of site users. You are imposing what you consider acceptable and in effect forcing everybody else to follow what you consider acceptable e.g. some think targeted advertising is fantastic or at least don't have a problem with it.
admin wrote:
Psamathe wrote:even Google provide blocking plug-ins for browsers to block their own tracking (I note the Piwik don't).


Piwik doesn't need to provide a plug-in to block analysis: you can use "Do Not Track" or readily-available plugins such as uBlock Origin. These methods block many tracking systems, including Google Analytics, as well as advertising cookies, adverts, and more.
......

Google blocking tools affects only Google whereas DNT is a global setting affecting all web sites and all browsing (within a browser).

admin wrote:
Psamathe wrote:Is this tracking something CTC/CUK are doing/using, part of a hosting contract - in which case you should be clear that this tracking is being contracted to 3rd parties. If it is not something CTC/CUK require then as a 3rd party should you be doing it atall?


The analysis is something that Cycling UK does using Google Analytics, and I, as Forum host/maintainer/administrator, do using Piwik on my own server. I also use Apache log files for things like finding the IP addresses of people abusing the Forum, seeing what percentage of visitors are using smartphones or tablets, how many people use each browser, common "page not found" errors, and so on.

If you really want to avoid being "tracked" by the Forum, you should perhaps consider using Tor or an anonymising proxy service. But since the Cycling UK Forum is not trying to provide targetted advertising, and is not ever going to sell personal usage data to anyone, there really isn't much need.

[A much bigger threat to privacy is contained in the UK's "Investigatory Powers Act 2016" - this requires internet service providers to retain "internet communication records" for everyone for a year. Even more worryingly, the service providers are explicitly prevented from telling their customers that they are doing this. I wouldn't be surprised at all if the Investigatory Powers Act considered an online Forum as being an internet service: and one that might well help tackle terrorism if forum "communication records" were legally required to be kept for a year. Unfortunately if the UK government do compel me to keep Forum usage data for a year, to track people's communications, I would be prevented from letting anybody know.

If this is the CTC/CUK forum and CTC/CUK have not contracted you to collect tracking through Piwik you are doing it for your own purposes and you are a 3rd party. So the "We" encompasses the CTC/CUK (site owner) and a 3rd party collecting tracking info for their own purposes. The distinction is important. If my hosting provider was collecting tracking data from visitors to my site for their own purposes I would be taking action to stop them.

I agree about the Investigatory Powers Act, but saying "there are bigger threats" does not justify smaller ones. I don't quite understand how the government could force you to maintain logs of forum use for 12 months as you are operating a forum and thus (in that context) not a CSP and even if you were you would only we required to store their users IP address and they they visited the site (and not individual pages visited) - but IP addresses are just standard log functionality and don't require Piwik or tracking.

admin wrote:
Psamathe wrote:Also you should provide some mechanism to block/prevent this (beyond the global "DNT" - which Google have pretty much discredited anyway).

Piwik respects the global "Do Not Track" setting in anyone's browser.

You can also block Piwik by installing a advert-remover/privacy plugin like uBlock Origin.

Of course, every time you log into the Forum you are being "tracked" by phpBB: it records which threads you have read and which you haven't, and it also links your Forum posts to your username, all publicly visible to the entire internet.

Sorry, that was rather long. But internet privacy is important, and people need to understand the issues, even if just a little bit.

uBlock Origin is only supported to some browsers whilst others don't even give the option to set DNT (e.g. RSS aggregators). The 3rd party blockers provision is a complete mess at the moment, some plug-ins effectively selling advertising (being paid to let ads/trackers through), others not providing (or telling) the user what they are actually blocking and what they are not.

People need to be clear about who is tracking them and why. Is seems to have transpired that there are two organisations tracking users of this forum for different purposes. The T&Cs are not clear that a 3rd party (not the CTC/CUK) is also tracking users for their own purposes.

(I was not aware that phpBB was publishing which threads I have read to be publicly visible. Where can I see who has read which threads?)

Ian

User avatar
mjr
Posts: 8187
Joined: 20 Jun 2011, 7:06pm
Location: Norfolk or Somerset, mostly
Contact:

Re: Syntax error throwing formatting out

Postby mjr » 14 Jul 2017, 12:30pm

admin wrote:Arghhh! I forgot to clear the phpBB cache. It's gone now.

Indeed it has. Thanks.
MJR, mostly pedalling 3-speed roadsters. KL+West Norfolk BUG incl social easy rides http://www.klwnbug.co.uk
All the above is CC-By-SA and no other implied copyright license to Cycle magazine.

User avatar
admin
Site Admin
Posts: 1070
Joined: 14 Dec 2006, 8:27pm
Location: Lancing, West Sussex
Contact:

Re: Syntax error throwing formatting out

Postby admin » 14 Jul 2017, 1:10pm

Psamathe wrote:It is not a question of "degree" or "how much of a 3rd party fonant is. You are either CTC/CUK or you are not (making you a 3rd party). How much CTC/CUK have to do with running the forum is not relevant to fonant being a 3rd party or not.


"We" (the forum hosts, administrators and moderators) are not Cycling UK. "We" are the Cycling UK Forum. Cycling UK do not run this Forum, it is run by volunteers with some funding for the hosting and maintenance paid to me (Fonant Ltd).

Psamathe wrote:You are making value decisions of behalf of site users. You are imposing what you consider acceptable and in effect forcing everybody else to follow what you consider acceptable e.g. some think targeted advertising is fantastic or at least don't have a problem with it.


I am making no value decisions, merely pointing out that Piwik visitor analytics poses less of a threat to web users than Google Analytics. And that Google Analytics is routinely used on the web, even if some sites prefer the better privacy protection that self-hosted analytics like Piwik provide.

Psamathe wrote:Google blocking tools affects only Google whereas DNT is a global setting affecting all web sites and all browsing (within a browser).


Correct, except that "Do Not Track" can be ignored by less-scrupulous advertising and tracking systems.

  • If you are happy to be tracked by anyone other than Google, then installing Google's plugin is the perfect solution.
  • If you don't want to be tracked by any bona-fide systems, then setting "Do Not Track" is a better solution.
  • If you don't want to be tracked by more systems, then installing something like uBlock Origin is even better.
  • If you don't want to be trackable by anyone, using Tor or an anonymising proxy server is the best.

Psamathe wrote:I agree about the Investigatory Powers Act, but saying "there are bigger threats" does not justify smaller ones.


No, of course not. I'm not sure what the "smaller threats" are, though. What is it that you are worried about?

Psamathe wrote:I don't quite understand how the government could force you to maintain logs of forum use for 12 months as you are operating a forum and thus (in that context) not a CSP


It all hangs on what the government decide a "communication service provider" is. A Forum is a service for people to communicate with each other, but perhaps providing a Forum doesn't make me a CSP.

Psamathe wrote:uBlock Origin is only supported to some browsers whilst others don't even give the option to set DNT (e.g. RSS aggregators). The 3rd party blockers provision is a complete mess at the moment, some plug-ins effectively selling advertising (being paid to let ads/trackers through), others not providing (or telling) the user what they are actually blocking and what they are not.

People need to be clear about who is tracking them and why. Is seems to have transpired that there are two organisations tracking users of this forum for different purposes. The T&Cs are not clear that a 3rd party (not the CTC/CUK) is also tracking users for their own purposes.


Well, yes, if you want to get into the actual details, there are two "third parties" who are not Cycling UK who are tracking users for these purposes:

  • Google. Cycling UK are using Google Analytics to track visitor statistics for their own use.
  • Fonant Ltd. I am using Piwik to track visitor statistics for the purposes of maintaining and improving the Forum. I and the moderators also use phpBB's internal "tracking" for spam-busting and dispute resolving purposes. I also use server log analysis on occasion to track Forum usage.

Psamathe wrote:(I was not aware that phpBB was publishing which threads I have read to be publicly visible. Where can I see who has read which threads?)


Sorry, that wasn't what I meant. Your posts are public, anyone can see when you posted and what you posted. phpBB also "tracks" you so that you can see read and unread posts. So you are being "tracked" whenever you use the Forum, whether Piwik is in use or not. In fact, as the Forum host, I can read and even modify anything in the Forum's database, and I can read non-public message boards. If I suddenly decided to make use of personal data for malicious purposes, the visitor data gathered by Piwik is the least of your worries.

Just to be clear, I'm not trying to cover up any malicious use of "tracking" by me, I'm trying to reassure you that the Piwik "tracking" contains less of a threat to your privacy than the commonplace Google Analytics tracking, or even the posts you make on this public forum, do.

Perhaps I'm misunderstanding your specific concerns?

thirdcrank
Posts: 24442
Joined: 9 Jan 2007, 2:44pm

Re: Syntax error throwing formatting out

Postby thirdcrank » 14 Jul 2017, 1:25pm

A propos not very much, I'm a member of another forum centred on Leeds. I understand that it was originally funded with Lottery money or somesuch, but recently it has been stumbling along on the goodwill of volunteers.

I just tried to log on and found this

Notice: The website http://secretleeds.com has expired.
Description: This web site has expired.

To view this website again you have the following options:

• You are the owner of the hosting account?
You can login your Hosting Control Panel and renew your account via the Account Renewal section.

• You are a visitor?
You can come back and visit this website at a later time or inform the web site owner about the problem.


http://secretleeds.com/

Let's thank our lucky stars.

PS Secret Leeds is back up and running, but my point remains the same: we have a pretty good "user experience" on here which I, for one, appreciate.