search

loic-sharma / BaGet

A lightweight NuGet and symbol server
https://loic-sharma.github.io/BaGet/
MIT License
2.61k stars 669 forks source link

[baget.io] Add Application Insights #360

Open loic-sharma opened 5 years ago

loic-sharma commented 5 years ago

Updated on October 13th, 2019 at 10:23am:

... I'd like to balance privacy concerns with convenience. .... At this time, I believe that Application Insights is an acceptable solution so long as I can prevent Application Insights from collecting users' personal information (like IP addresses, network, and whatever else could be used for tracking). In effect, the only information that would be captured on baget.io are exceptions, network requests initiated by the front-end, and custom metrics the front-end emits (if any). If you self-host BaGet, Application Insights will be disabled and it won't collect telemetry. In addition, I've reviewed Application Insight's documentation:

  1. Microsoft does not access Application Insights telemetry without permission (source)
  2. Microsoft uses Application Insights data only to provide the service to Application Insights customers (source)
loic-sharma commented 5 years ago

Hey @DMW007, why did you down vote this? Just curious, I'd appreciate any feedback!

For some background: I'd like to understand:

  1. What features customers interact with
  2. How people discover BaGet

I'm hoping to better better understand what customers are looking for so that I can invest in useful experiences. At the same time, I'd like to be respectful of everyone's privacy. Please let me know if you have any suggestions.

DMW007 commented 5 years ago

Hi @loic-sharma,

while collecting usage statistics is reasonable and verifiable, using proprietary Google service is not. Especially when it comes to privacy. Google is a company that collects as many data as possible for selling them and also giving them to the US government, maybe also others. So using GA is not compatible with privacy.

If you want to respect the users privacy, please look for open solutions like Matomo and host them in a country with strong data protection laws.

loic-sharma commented 5 years ago

That makes sense. In the interest of time, I'd like to avoid hosting my own solution. I'd also prefer a solution that is free, or can be run on Azure (as I have a free Azure subscription). What do you think of Azure Application Insights' client-side telemetry? Here is the telemetry it collects:

  • Uncaught exceptions in your app, including information on
    • Stack trace
    • Exception details and message accompanying the error
    • Line & column number of error
    • URL where error was raised
  • Network Dependency Requests made by your app XHR and Fetch (fetch collection is disabled by default) requests, include information on
    • Url of dependency source
    • Command & Method used to request the dependency
    • Duration of the request
    • Result code and success status of the request
    • ID (if any) of user making the request
    • Correlation context (if any) where request is made
  • User information (for example, Location, network, IP)
  • Device information (for example, Browser, OS, version, language, resolution, model)
  • Session information

From my understanding, Microsoft does not share any telemetry collected in Application Insights. Does this seem like a decent alternative?

DMW007 commented 4 years ago

Hosting on third party cloud services always results in giving up control. Especially Azure has bad reputation in Germany as well as other EU countries, like any US based solution because of intelligence spying and the US laws that doesn't propetct users data (especially when they're not living in the USA). Azure isn't free for nothing, the same like Windows 10 (which is de facto free: Could be activated with nearly any key from previous versions or $4 keys from ebay, it runs even without activation).

So for respecting privacy, you need at least hosting in the EU. Don't think that this could be realized for free (at least not without paying by data). But a compromise could be reputated EU hosting provider that offers webspace. This shouldnt cost more than a few dollars per month. Installing Matomo on a webspace isn't a big deal. I run it myself (on Docker, I have a server where also other tools like BaGet were hosted) and also did installations without Docker in the past.

loic-sharma commented 4 years ago

I agree with you, but I'd like to balance privacy concerns with convenience. Launching this website is a large undertaking, so I'd like to keep it simple without compromising on my own morals. At this time, I believe that Application Insights is an acceptable solution so long as I can prevent Application Insights from collecting users' personal information (like IP addresses, network, and whatever else could be used for tracking). In effect, the only information that would be captured on baget.io are exceptions, network requests initiated by the front-end, and custom metrics the front-end emits (if any). If you self-host BaGet, Application Insights will be disabled and it won't collect telemetry. In addition, I've reviewed Application Insight's documentation:

  1. Microsoft does not access Application Insights telemetry without permission (source)
  2. Microsoft uses Application Insights data only to provide the service to Application Insights customers (source)

Azure isn't free for nothing, the same like Windows 10 (which is de facto free: Could be activated with nearly any key from previous versions or $4 keys from ebay, it runs even without activation).

My "free Azure subscription" statement in my previous comment was a little misleading; as a Microsoft employee I do not have to pay for the first $150 I spend on Azure each month.