Migrate from Google Analytics to Piwik and use anonymous UUID

[narcisgarcia]

Commit 40f063e seems to reveal that UUIDs, geolocation, and google-analytics information is shared with a third party.

It's hard to have to clean a huge number of desktop computers from this useful plugin.

[davidhedlund]

It this even true?

[lejenome]

Latest version (v0.3.8, released July 23, 2017) includes reporting browser language/version, user geolocation and extension version to Google analytics.
The code to submit the data: https://github.com/lejenome/html5-video-everywhere/blob/master/data/report-geolocation.js

The UUID token is generated by the extension to identify the installation rather than using cookies. Its stored in [email protected] preference, you can check your generated UUID at about:config.

The code to generate the UUID token: https://github.com/lejenome/html5-video-everywhere/blob/master/index.js#L42-L44

I'm planning to migrate to self hosted Piwik platform. But I think ads blockers should block the extension from sending this data if an ads blocker was installed.

[davidhedlund]

@lejenome Can you please change the title to correct issue?

[davidhedlund]

@lejenome Thank you.

[narcisgarcia]

Don't leak user's data to anybody (self hosted or third-party hosted)

[davidhedlund]

Yeah @lejenome, do you have to do this?

[lejenome]

The data that I'm collecting is the same data Firefox/Mozilla is collecting in their AMO site.
The add-on statics are already public on AMO: https://addons.mozilla.org/en-US/firefox/addon/html5-video-everywhere/statistics/?last=365

The reason I'm using other solution (currently Google Analytics but self-hosted Piwik in the future) is that AMO does not give me (or collect?) statics about countries and non-official Gecko-based browsers versions (and Google Chrome/Opera versions which I'm planning to add support to).

That's why I'm not including Google Analytics js lib into the add-on and I'm just hard-coding properties values when posting to Google Analytics (e.g: host set to localhost, path set to /html5-video-everywhere and the only event type is inject content-page). See: https://github.com/lejenome/html5-video-everywhere/blob/master/data/report-geolocation.js

I may delete the add-on installation unique identifier (UUID) in the next version and just send anonymous/default value (common for all the add-on installations/users) and add a preference to disable sending data (even if ads blocker are already blocking post request and Firefox/Mozilla collected data are not blocked by the any ads blocker).

[davidhedlund]

I may delete the add-on installation unique identifier (UUID) in the next version and just send anonymous/default value and add a preference to disable sending data

Can you please add something about "UUID" and "add anonymous.." to the title?

[davidhedlund]

@lejenome I meant like "Migrate from Google Analytics to Piwik, add a preference to disable sending data, make and use anonymous UUID"

You might want to open separate issues and refer to this one.

[narcisgarcia]

The subject title: Don't leak user's data to anybody.
@lejenome why do you have to do what Mozilla/AMO does?
Can you set sending data as disabled by default?

[davidhedlund]

Or pop up a prompt at first run.

[lejenome]

Collecting statics would help me to understand the add-on state better and answer some
questions:

• Does YouTube comment section now showing most time and DRM protected videos not loading causes users to delete/disable the extension.
• What Languages to target.
• As I need to rewrite the add-on to support Firefox v57+ versions, I need to know if their is enough user base to support or most new users are just removing the add-on within few days.
• How much users re-enable/re-install the add-on after I release a new update that fix issues cause by supported websites frequent changes.

A snapshot of collected data statics: Analytics Data Reports 20170724-20170727.pdf

This data is not useful for user tracking and user behavior profiling as it does not use/share any cookies with Google Analytics and its not assigned to any website (just localhost) or any app and no user interaction data is collected. So no one can trace you back to any other website or any other collected data.

I did add a privacy policy to the add-on AMO web page. https://addons.mozilla.org/en-US/firefox/addon/html5-video-everywhere/privacy . But I think showing a notification to the user will cause confusion/misunderstanding because I'm not collection any private data but just public available data that is built-into the HTTP/Web standard (given that I delete UUID to keep the users anonymous).

An other solution to collect needed statics (countries, languages and new users count) is to open a welcoming web page on my website on every new add-on update/install (e.g: site.com/hello?v=0.3.8&w=update) and a web page when user uninstall the add-on (e.g: site.com/bye?v=0.3.8). That's the way many other add-ons developers collect needed statics about the user-base by using the ip (to trace back to the country), the user-agent (to detect the browser/version) and the Accept-Language header (to detect the language).

[davidhedlund]

@lejenome Thank you for describing all this.

[davidhedlund]

@lejenome Also, thank you for contributing to this free software! We don't forget how much effort you have put into this project.

[jomo]

There should be an option to disable collecting any and all metadata. I have DNT enabled, I have disabled telementry and I have an ad blocker that blocks any such requests. Yet, as I understand it, this plugin still connects to a third party and sends metadata to it. Ideally the plugin would detect my preferences and automatically disable metadata collection on its own. Anyway, please provide a config option to disable this, regardless of the third party used.

[lejenome]

I completed the migration into a self hosted piwik server and I deleted support for Google Analytics.

I did also rename reportGeolocation function into sendStatics and report-geolocation.js file into statics.js to avoid misunderstanding concerning the type of data being collected and how this data is being used.

Currently, statics are not collected if DNT is activated. If not, only only no user identifying data is being sent: no generated UUID, no user ID, no cookies, ...

By the way, in previous v0.4.x versions (before migrating into self-hosted piwik), collecting data by Google Analytics was broken by CORS and no statics have been sent to Google Analytics.

[davidhedlund]

@lejenome Excellent!

[RokeJulianLockhart]

This appears to be complete. Potentially close this issue consequently?