-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove 'npm-monitoring' analytics. #982
Comments
Hello @blopker If you use v3 of the library, this capability is still documented, and the library version is available under a more permissive MIT license. If you use the fourth version of the library (v4), public documentation no longer includes the description of how to remove the monitoring.
This behavior is documented in the public API documentation here: Hope this is helpful. I'm going to close this issue, please feel free to reopen with additional questions or concerns. |
Thanks for the reply and confirming this will not be fixed. I've gone ahead and removed this from our dependencies. |
Scenario
I noticed that the npm version of fingerprintjs phones home to https://m1.openfpcdn.io/, with a %0.1 sampling. The right behavior is that this library would not do that. It seems like this was configurable at one point (#950), but that was removed along with all references to this behavior.
It looks like developers can set
window.__fpjs_d_m = true
to disable this, but it feels invasive not to even mention it in the README. I've disabled it for now, but including this in such a sneaky way breaks trust in a big way.Link to code:
fingerprintjs/src/agent.ts
Line 179 in c411aff
Please do the right thing and remove this, or at least tell people about it.
Desktop Firefox
Current version
The text was updated successfully, but these errors were encountered: