Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User tracking should be removed or disabled by default #964

Closed
dpraul opened this issue Jul 2, 2019 · 2 comments
Closed

User tracking should be removed or disabled by default #964

dpraul opened this issue Jul 2, 2019 · 2 comments
Labels
discussion released request
Milestone
Patch

Comments

@dpraul
Copy link
Contributor

dpraul commented Jul 2, 2019

Hey there!

Not too keen on the tracking code you added at #934.

I understand wanting more insight on your users - who doesn't? But a library should not be getting that information from the browsers the code is installed to. If you want to know more about your users, I suggest adding tracking code to your own docs site, looking at the interactions you have with users here, and looking at npm usage data.

A library that silently installs tracking code to send user data to some outside domain (even a more trusted domain, like google analytics) is two steps away from becoming malware - you could easily manipulate that tracking code to look for & record password fields, or turn on full keylogging, and send it all to google analytics.

With all that said, I'd argue that the tracking code should be removed in its entirety. I'd be curious to hear the case for why you need to keep it, but I think if you intend to you should at the very least make it opt-in, instead of letting it be enabled by default.
@netil
Copy link
Member

netil commented Jul 3, 2019
edited

Hi @dpraul, thanks posting and showing the concerns. I really appreciate on this.
Adding stats was a long hesitation, because I didn't wanted to hurt or give any negative impact to users.

Of course, I did some research very carefully on other libraries before adding this.

But, on the other hand, in a long perspective of the library sustainability, it needed an indicator to prove the growth and its usability. Because nobody was actively saying that "I'm using the library".

The only indicator I'm getting was the download or CDN hit numbers, which I can't get any insights from that.

Well, I totally understand your concerns(which was my concerns also). I'll take one of these steps and will be release as patch as soon as possible.

  • Remove stats related code completely.
  • Disable by default

    I think this is useless, because nobody will turn on despite getting nothing beneficial from

OpenSource is basically is for users and it should be carefully listening their voices at all.
Thanks again for expressing your opinion and hope hear more 😃

@netil netil added this to the Patch milestone Jul 3, 2019
@netil netil mentioned this issue Jul 3, 2019
Merged
netil added a commit that referenced this issue Jul 3, 2019
@netil
fix(stats): Remove stats
29d6edc 
Remove stats added by #934

Ref #964
netil pushed a commit that referenced this issue Jul 3, 2019
@semantic-release-bot
chore(release): 1.9.5 [skip ci]
bf4ce70 
## [1.9.5](1.9.4...1.9.5) (2019-07-03)

### Bug Fixes

* **stats:** Remove stats ([29d6edc](29d6edc)), closes [#934](#934) [#964](#964)
@netil netil added the released label Jul 3, 2019
@dpraul
Copy link
Contributor Author

dpraul commented Jul 3, 2019

Thank you very much, I really appreciate the understanding and the quick turnaround. This is a great library and I'm glad we can continue to utilize it at our organization!

@netil netil closed this as completed Jul 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion released request
Projects
None yet
Milestone
Patch
Development

No branches or pull requests
2 participants
@dpraul @netil