Enable DoNotTrack support by default - ignore visits with DNT or X-Do-Not-Track header #2048

Closed
robocoder opened this Issue Jan 26, 2011 · 21 comments

Comments

Projects
None yet
3 participants
@robocoder
Contributor

robocoder commented Jan 26, 2011

This plugin provides Piwik support for the DNT and X-Do-Not-Track headers, supported by FF4 and IE9.

Reference:

  • donottrack.us
  • bugzilla.mozilla.org/show_bug.cgi?id=628197

To install:

  • download and unzip in your plugins folder
  • login to your dashboard, go to Settings | Plugins, and activate this plugin
  • in your config.ini.php file add:
[Tracker]
do_not_track = 1

History:

  • 0.1 - initial version detects X-Do-Not-Track header
  • 0.2 - also detects DNT header
  • 0.3 - deletes any pre-existing tracking cookie if visit is ignored

Caveats:

@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Jan 29, 2011

Contributor

Attachment: v0.3 of DoNotTrack plugin
DoNotTrack.zip

Contributor

robocoder commented Jan 29, 2011

Attachment: v0.3 of DoNotTrack plugin
DoNotTrack.zip

@anonymous-piwik-user

This comment has been minimized.

Show comment
Hide comment
@anonymous-piwik-user

anonymous-piwik-user Feb 18, 2011

Hi, I'm curious if there are plans for putting this in the default piwik install? I'd like to turn it on for my site, but if it's coming in the main package soon, I'd rather wait for that.

Any advice?

Hi, I'm curious if there are plans for putting this in the default piwik install? I'd like to turn it on for my site, but if it's coming in the main package soon, I'd rather wait for that.

Any advice?

@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Feb 18, 2011

Contributor

Probably not going to be in 1.2. There are other privacy-related changes being discussed (eg #2094).

Contributor

robocoder commented Feb 18, 2011

Probably not going to be in 1.2. There are other privacy-related changes being discussed (eg #2094).

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab Sep 17, 2011

Member

Agreed with cl feedback, we could put this feature in the General Settings screen as a simple checkbox "Enable support for Do Not Track: if your visitors configure their browser and enable Do Not Track, Piwik will not track them as per their request"

If DonotTrack keeps increasing its support, should we integrate this capability in Core in the existing Privacy menu in Piwik?

Member

mattab commented Sep 17, 2011

Agreed with cl feedback, we could put this feature in the General Settings screen as a simple checkbox "Enable support for Do Not Track: if your visitors configure their browser and enable Do Not Track, Piwik will not track them as per their request"

If DonotTrack keeps increasing its support, should we integrate this capability in Core in the existing Privacy menu in Piwik?

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab Feb 23, 2012

Member

There is some good progress on do not track, which is supported in IE and FF and opera, and will soon be supported in Chrome!

I think we should consider moving this plugin into core, enabled by default, that users could disable from the Privacy tab if they wish to.

I would be keen to do this before 2.0.

Users who are not happy could disable it. But, in general, it would make the world a better place :)

Member

mattab commented Feb 23, 2012

There is some good progress on do not track, which is supported in IE and FF and opera, and will soon be supported in Chrome!

I think we should consider moving this plugin into core, enabled by default, that users could disable from the Privacy tab if they wish to.

I would be keen to do this before 2.0.

Users who are not happy could disable it. But, in general, it would make the world a better place :)

@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Feb 24, 2012

Contributor

OK with moving to core but I would prefer disabled by default -- the reason being, a new user who has forgotten they have dnt enabled in their browser will report 0 visits.

Contributor

robocoder commented Feb 24, 2012

OK with moving to core but I would prefer disabled by default -- the reason being, a new user who has forgotten they have dnt enabled in their browser will report 0 visits.

@anonymous-piwik-user

This comment has been minimized.

Show comment
Hide comment
@anonymous-piwik-user

anonymous-piwik-user Apr 10, 2012

This is Dan from EFF -- we've been starting to use Piwik and experimenting with privacy settings.

  1. According to the latest working draft of DNT: http://www.w3.org/TR/2012/WD-tracking-dnt-20120313/, there should be a server response too, which seems to be missing here.
  2. I think it should be enabled by default -- the whole point is to respect user preferences with respect to tracking. However, instead of ignoring the request altogether, I think logging the existence of a request would be OK, so long as no information whatsoever is retained about the request.

This is Dan from EFF -- we've been starting to use Piwik and experimenting with privacy settings.

  1. According to the latest working draft of DNT: http://www.w3.org/TR/2012/WD-tracking-dnt-20120313/, there should be a server response too, which seems to be missing here.
  2. I think it should be enabled by default -- the whole point is to respect user preferences with respect to tracking. However, instead of ignoring the request altogether, I think logging the existence of a request would be OK, so long as no information whatsoever is retained about the request.
@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Apr 11, 2012

Contributor

Thanks, Dan.

According to the TPE working draft, the Tk response header is optional. It's the TSR at /.well_known/dnt that's mandatory which may be a compliance issue given that piwik is often installed in a subdirectory of a website.

Opera 12 and Safari follow the draft for the JavaScript API. IE uses a vendor prefix. Firefox diverges to use "yes", "no", and unspecified (even though they proposed DNT).

https://developer.mozilla.org/en/DOM/navigator.doNotTrack

Contributor

robocoder commented Apr 11, 2012

Thanks, Dan.

According to the TPE working draft, the Tk response header is optional. It's the TSR at /.well_known/dnt that's mandatory which may be a compliance issue given that piwik is often installed in a subdirectory of a website.

Opera 12 and Safari follow the draft for the JavaScript API. IE uses a vendor prefix. Firefox diverges to use "yes", "no", and unspecified (even though they proposed DNT).

https://developer.mozilla.org/en/DOM/navigator.doNotTrack

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab Apr 12, 2012

Member
  1. I think it should be enabled by default -- the whole point is to respect user preferences with respect to tracking.

We can consider enabling it by default. It has been suggested before and sounds like the right thing to do. we would have to move it to the Privacy plugin for consistency and add the UI in the existing Privacy tab.

However, instead of ignoring the request altogether, I think logging the existence of a request would be OK, so long as no information whatsoever is retained about the request.

What are your thoughts regarding "logging the request" with no information whatsoever? What information could be logged at all? For reference the logging tables are piwik_log_* for example http://qa.piwik.org:8080/schema/tables/canoo_log_visit.html

Member

mattab commented Apr 12, 2012

  1. I think it should be enabled by default -- the whole point is to respect user preferences with respect to tracking.

We can consider enabling it by default. It has been suggested before and sounds like the right thing to do. we would have to move it to the Privacy plugin for consistency and add the UI in the existing Privacy tab.

However, instead of ignoring the request altogether, I think logging the existence of a request would be OK, so long as no information whatsoever is retained about the request.

What are your thoughts regarding "logging the request" with no information whatsoever? What information could be logged at all? For reference the logging tables are piwik_log_* for example http://qa.piwik.org:8080/schema/tables/canoo_log_visit.html

@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Apr 12, 2012

Contributor

(In [6201]) refs #2048 - add DoNotTrack plugin v0.3

Contributor

robocoder commented Apr 12, 2012

(In [6201]) refs #2048 - add DoNotTrack plugin v0.3

@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Apr 12, 2012

Contributor

(In [6202]) refs #2048 - update DoNotTrack plugin to conform to core plugin style; update DNT detection to only look at the 1st character per TPE working draft; enable by default in config

Contributor

robocoder commented Apr 12, 2012

(In [6202]) refs #2048 - update DoNotTrack plugin to conform to core plugin style; update DNT detection to only look at the 1st character per TPE working draft; enable by default in config

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab Apr 12, 2012

Member

Thanks vipsoft! Good to see this feature included in core now :)

Review:

  • Because the feature is enabled by default, it is important to let users disable the feature...
  • For code simplicity the code should be moved to the Privacy plugin
  • Then it would be easy to add a new setting option in the Settings>Privacy tab, to allow disable the DNT feature
Member

mattab commented Apr 12, 2012

Thanks vipsoft! Good to see this feature included in core now :)

Review:

  • Because the feature is enabled by default, it is important to let users disable the feature...
  • For code simplicity the code should be moved to the Privacy plugin
  • Then it would be easy to add a new setting option in the Settings>Privacy tab, to allow disable the DNT feature
@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Apr 12, 2012

Contributor

(In [6203]) refs #2048 - fix build (missing svn props)

Contributor

robocoder commented Apr 12, 2012

(In [6203]) refs #2048 - fix build (missing svn props)

@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Apr 12, 2012

Contributor

(In [6204]) refs #2048 - remove config setting; enabling/disabling DNT corresponds to activating/deactivating the plugin

Contributor

robocoder commented Apr 12, 2012

(In [6204]) refs #2048 - remove config setting; enabling/disabling DNT corresponds to activating/deactivating the plugin

@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder Apr 12, 2012

Contributor

I think the current PrivacyManager plugin breaks the convention of a plugin doing one thing, and doing it well.

I'm going to close for now, and open a new ticket for the Settings UX.

Contributor

robocoder commented Apr 12, 2012

I think the current PrivacyManager plugin breaks the convention of a plugin doing one thing, and doing it well.

I'm going to close for now, and open a new ticket for the Settings UX.

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab May 7, 2012

Member

Todo:

  • Add link in privacy page to link to disable the plugin seamlessly for users.
Member

mattab commented May 7, 2012

Todo:

  • Add link in privacy page to link to disable the plugin seamlessly for users.
@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder May 12, 2012

Contributor

(In [6259]) refs #2048 - add TPE draft Tk header

Contributor

robocoder commented May 12, 2012

(In [6259]) refs #2048 - add TPE draft Tk header

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab May 29, 2012

Member

(In [6376]) Fixes #2048 Added Do Not Track preference under Privacy screen. Now will update doc and FAQs!

Member

mattab commented May 29, 2012

(In [6376]) Fixes #2048 Added Do Not Track preference under Privacy screen. Now will update doc and FAQs!

@robocoder

This comment has been minimized.

Show comment
Hide comment
@robocoder

robocoder May 29, 2012

Contributor

Don't we want to avoid including token auth in urls?

Contributor

robocoder commented May 29, 2012

Don't we want to avoid including token auth in urls?

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab May 29, 2012

Member

it's OK as long as the token_auth does not persist in the URL beyond the click itself

Member

mattab commented May 29, 2012

it's OK as long as the token_auth does not persist in the URL beyond the click itself

@mattab

This comment has been minimized.

Show comment
Hide comment
@mattab

mattab May 29, 2012

Member

I notice on my box that disabling/enabling the DoNotTrack plugin does not add it to the PluginsTracker section in config file! Not sure why... I think it used to work too, maybe a temp bug

Member

mattab commented May 29, 2012

I notice on my box that disabling/enabling the DoNotTrack plugin does not add it to the PluginsTracker section in config file! Not sure why... I think it used to work too, maybe a temp bug

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment