Analytics.identify() should not be called on every page view

[janeczku]

If i am not mistaken, analytics.js tracks a user's session via the Analytics cookie. The identify() method should thus only be called ONCE when the user has been identified (on log-in or sign up).

Currently the identify() method is unconditionally called on every page view for logged-in users, sending the complete users personal data with each and every HTML response. https://github.com/segmentio/analytics-wordpress/blob/master/analytics-wordpress.php#L537-L550

This not only results in HTML code overhead but introduces privacy/security concerns: Many websites would force HTTPS for pages that contain confidential/personal data (e.g. on the user's dashboard, account page). The current code renders such security precautions useless, as it will include the users personal information in every HTML response, even while the user is viewing pages that are not expected to contain any personal information and would as such not necessarily be secured by HTTPS.

[f2prateek]

Sorry about the delay here. This is intentional behaviour. From the spec https://segment.com/docs/spec/identify/#traits:

Our recommendation for when and how often you should call identify is as follows:

After a user registers
After a user logs in
When a user updates their info (eg changes or adds a new address)
Upon loading any pages that are accessible by a logged in user (optional)

Could you clarify on the privacy implications here? This will only result in data that has been already previously been sent to Segment to Segment again.