matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
https://matomo.org/
GNU General Public License v3.0
19.9k stars 2.65k forks source link

JS tracker should not track anything when the protocol is file:// to avoid tracking personal data by accident #17017

Closed tsteur closed 1 year ago

tsteur commented 3 years ago

Use case:

Someone downloads a page from your website and stores it locally. Then the user opens it and the user will be tracked and the URL might look like

file:///C:/Users/myname/AppData/Local/...

This way we actually track personal data potentially by accident without knowing.

As this could be seen as a BC break we need to maybe wait for Matomo 5 for this and/or clearly announce this and warn users of this change.

tsteur commented 3 years ago

see https://developer.matomo.org/guides/jstracker-core this would need to be changed in js/piwik.js see how to embed tracking code https://developer.matomo.org/guides/tracking-javascript-guide

tsteur commented 2 years ago

This would be a great new privacy feature which be quick to implement 👍

peterhashair commented 2 years ago

@tsteur just found we have something similar, but not the same. Do we consider removing that one? https://github.com/matomo-org/matomo/blob/6be3e32e29ef8c70e13ace7ef02efcacb64154b5/js/piwik.js#L6524-L6528

tsteur commented 2 years ago

@peterhashair we would keep it to not break the API as some people might use this

peterhashair commented 2 years ago

Add documents here. https://matomo.org/?post_type=faq&p=59435&preview=true

sgiehl commented 2 years ago

@peterhashair the new method should also be added here: https://developer.matomo.org/api-reference/tracking-javascript But as this will be included in Matomo 5 only, we maybe should first start the documentation for 5.x. See https://github.com/matomo-org/developer-documentation/issues/675

peterhashair commented 2 years ago

@sgiehl should I wait for the 5.x documentation created? Or should I created PR follow those steps https://github.com/matomo-org/developer-documentation/#how-to-add-docs-for-a-new-matomo-version

sgiehl commented 2 years ago

Let's wait till https://github.com/matomo-org/developer-documentation/issues/675 is done

justinvelluppillai commented 1 year ago

Looks like this is ready now @peterhashair @sgiehl - 5.x-dev documentation is now live.

peterhashair commented 1 year ago

@justinvelluppillai added updates.

MatomoForumNotifications commented 1 year ago

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/strange-item-in-analytics/53432/2

manufitoussiwit commented 11 months ago

And what about tracking in Electron based application ? UI is often served with file:// protocol. It the case of my application.

The solution explained here https://fr.matomo.org/faq/how-to/enable-file-protocol-tracking/ is not really a good solution. It requires to build a new version of my application to reactivate tracking. In other words, update matomo in v5 leads to loose tracking of my current clients untill they update their app.

Is there another solution?

sgiehl commented 11 months ago

@manufitoussiwit Guess that depends a bit how you have integrated Matomo into that application. If you use the TagManager it would be easy to add an additional call like this. Otherwise I think there might only be the possibility to adjust the tracker file yourself to enable file tracking.