search

RabbyHub / Rabby

The game-changing wallet for Ethereum and all EVM chains
https://rabby.io
Other
1.36k stars 382 forks source link

Event tracking opt-out option #1023

Open chawyehsu opened 1 year ago

chawyehsu commented 1 year ago

https://github.com/search?q=repo%3ARabbyHub%2FRabby+stats.report&type=code Removing it completely #1018 while having the data analysis demand is unlikely, but please give the option to opt out.

My1 commented 1 year ago

I would even say tracking should be opt in

chawyehsu commented 1 year ago

Yeah but talking about business demand, you have no idea whether even an opt-out option would be provided. Hence, you might have to block the tracking domain from your network layer manually.

armaccloud commented 1 year ago

Yeah but talking about business demand, you have no idea whether even an opt-out option would be provided. Hence, you might have to block the tracking domain from your network layer manually.

Sorry if this is an obvious question, but how can I find out the tracking domain? Also, isn't this stats functionality a violation of their privacy policy, or am I mixing things up?

image

My1 commented 1 year ago

Yeah but talking about business demand, you have no idea whether even an opt-out option would be provided. Hence, you might have to block the tracking domain from your network layer manually.

I think laws (GDPR for example) have a LITTLE BIT (obviously /s) more importance over whatever cute "business demand" that may exist

chawyehsu commented 1 year ago

@armaccloud

Sorry if this is an obvious question, but how can I find out the tracking domain?

Audit the codebase, you will find out the domain within a closed source tracking library @debank/festats they are using (well, while it's published to npmjs and you can browse those files, strictly speaking it is still closed source since they haven't claimed and actually open sourced it, meanwhile, there are many other dependencies of the project not available to be viewed and audited, @debank/rabby-api for instance). Or the way of using MITM tools to intercept all network requests sending out from the wallet extension. This is more complcated but will work when lack of auditable codebase.

Also, isn't this stats functionality a violation of their privacy policy, or am I mixing things up?

I didn't know that, but I'd say YES according to what you posted.

@My1

I think laws (GDPR for example) have a LITTLE BIT (obviously /s) more importance over whatever cute "business demand" that may exist

Think about it, it's been around a year and yet no comment from the team, you'll never know that "business demand". Laws may have been circumvented when owned privacy policy wasn't even observed.