Correct claim that this is anonymous

[rugk]

In your GitHub repo and your doc you claim this is anonymous:

Collect Anonymous Data.

You apparently use browser fingerprinting, thus it does not use cookies.

From your website, there is this object:

audio: Object { value: 35.7383340000, duration: 34 }
canvas: Object { value: {…}, duration: 3 }
colorDepth: Object { value: 24, duration: 0 }
colorGamut: Object { value: undefined, duration: 0 }
contrast: Object { value: undefined, duration: 0 }
cookiesEnabled: Object { value: true, duration: 0 }
cpuClass: Object { value: undefined, duration: 0 }
deviceMemory: Object { value: undefined, duration: 1 }
domBlockers: Object { value: undefined, duration: 10 }
fontPreferences: Object { value: {…}, duration: 49 }
fonts: Object { value: (1) […], duration: 44 }
forcedColors: Object { value: undefined, duration: 1 }
hardwareConcurrency: Object { value: 4, duration: 1 }
hdr: Object { value: undefined, duration: 0 }
indexedDB: Object { value: true, duration: 0 }
invertedColors: Object { value: undefined, duration: 0 }
languages: Object { value: (2) […], duration: 0 }
localStorage: Object { value: true, duration: 0 }
math: Object { value: {…}, duration: 0 }
monochrome: Object { value: 0, duration: 0 }
openDatabase: Object { value: false, duration: 0 }
osCpu: Object { value: "Linux x86_64", duration: 0 }
platform: Object { value: "Linux x86_64", duration: 0 }
plugins: Object { value: [], duration: 0 }
reducedMotion: Object { value: false, duration: 0 }
screenFrame: Object { value: (4) […], duration: 1 }
screenResolution: Object { value: (2) […], duration: 0 }
sessionStorage: Object { value: true, duration: 0 }
timezone: Object { value: "Europe/Berlin", duration: 0 }
touchSupport: Object { value: {…}, duration: 1 }
vendor: Object { value: "", duration: 0 }
vendorFlavors: {…}

This still identifies users and thus is not anonymous. Also, it is personal data according to the GDPR – the EU data privacy regulation. As such, your claim is misleading and users using this in the EU should be aware of thet fact due to the legal implications involved.

Proposed solution

• remove the word "anonymous", it's at best "pseudonymous".
• Document that fact in the docs.
• Describe in detail how the (fingerprinting) mechanism works there.
• Maybe a new feature request, but a template for a privacy policy would be nice – or at least a privacy policy for your site people can link to (in their privacy policies), to find out what data is collected and what is used for fingerprinting.

Backlink German forum: https://www.heise.de/forum/heise-online/Kommentare/Aurora-Webseiten-ohne-Cookies-auswerten-Anonymitaet-der-Nutzer-wahren/Umfangreiches-Hardware-Fingerprinting/thread-6789280/#posting_39170868

[askides]

Hello, thank you for your issue!

Thank you so much for your clear explanation, I will consider doing some research about it and as soon as I'm done we can talk about it and find a solution.

The idea is that the tracking remains anonymous, so if for some reason this is no longer the case with this setup. will need to be replaced.

I'll be back to you asap!

[askides]

Closing this issue, cuz this type of tracking is not used anymore.

[rugk]

Interesting, how does it work now then? Given this seemed to be the core of how it works…