Closed triallax closed 2 years ago
chris-aeviator
commented
2 years ago The darkest point about this is that it requires someone awake like @mhmdanas to check for this (thanks!). People might trust insect with very private data like financials, using variable names even making this very non-anonymous. Further this is a direct violation of data protection laws in many countries and I urge to ask your users to consent to tracking.
sharkdp
commented
2 years ago I'm okay with removing it.
But I would also ask you (@chris-aeviator) to keep calm ("the darkest point about this…"). Insect is an open source project that I created many years ago. I invested a lot of time into it. I am investing personal money into the project for hosting the server & domain costs. There are no advertisements. All I wanted is to get some information if (and how… mostly for detecting common syntax errors) users are using my project. Admittedly: mostly for a tiny bit of gratification.
If someone has sensitive financial data, posting it to a random website is certainly not a good idea. Insect provides a downloadable command-line version that would be much better suited for such a task.
I guess you might be right concerning data protection laws, so let's just remove the GitHub Analytics instrumentation from the webpage.
chris-aeviator
commented
2 years ago @sharkdp I understand all of your claims and I think everyone is very thankful for your contribution, I am. I understand the value of getting insights in how people use your product, though we all have to be aware of the consequences of e.g. adding google analytics to your website without consent. It will not only track visitors via the action (of using the online widget) but also everyone else (downloading the JS snipped from google).
My reaction was a bit emotional, I can agree on that, but especially in this case of an OS CLI tool no one expects being tracked and thus the example with financial data is not too far fetched IMO. Thank you very much for your quick action in removing the tracking snippet.
sharkdp
commented
2 years ago Thank you for the clarifying comments.
Just to be clear: the CLI version did never send data anywhere. Only the web version on https://insect.sh was affected.
triallax
commented
2 years ago @sharkdp thank you very much for removing Google Analytics.
All I wanted is to get some information if (and how… mostly for detecting common syntax errors) users are using my project. Admittedly: mostly for a tiny bit of gratification.
Haha, I can somewhat sympathize with that.
Just to be clear: the CLI version did never send data anywhere. Only the web version on https://insect.sh/ was affected.
Right, I thought I made that clear by mentioning https://insect.sh (not Insect) in my issue, but I probably should make that more explicit. I'll edit the issue.
shreyasminocha
commented
2 years ago I welcome this decision. Also, as a user of 5/6 of your pinned repositories, I appreciate your work @sharkdp
https://insect.sh (I mean Insect the website; the command-line interface does not send any kind of analytics) sends every line it evaluates to Google Analytics, along with whether evaluation of that line succeeded or failed:
https://github.com/sharkdp/insect/blob/757624cdc236f3bc2feb2a35282cee679d1aa880/web/index.html#L84-L88
However, to put it mildly, I'm not a fan of Google Analytics (or a fan of Google in general). Google is a technological empire that thrives on the abuse of their users' personal information (much of which is collected by Google Analytics) to create detailed behavioral profiles intended to be used to tailor advertisements, which I consider to be unethical. I understand that this usage of Google Analytics may be useful to discover bugs, but I don't believe it's enough to justify the usage of a fundamentally unethical service.
Therefore, I propose removing Google Analytics from https://insect.sh. If you still want analytics of some kind, we can look for an open-source and more privacy-friendly analytics software, but analytics for Insect are overkill in my opinion.