Closed bhough closed 3 years ago
Merging #559 (561ab43) into version-4-1 (8cfe69d) will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## version-4-1 #559 +/- ##
=============================================
Coverage 100.00% 100.00%
=============================================
Files 88 88
Lines 831 831
Branches 305 305
=============================================
Hits 831 831
Flag | Coverage Δ | |
---|---|---|
unittests | 100.00% <ø> (ø) |
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 8cfe69d...1eae526. Read the comment docs.
@bhough AFAICT using scarf is not GDPR-compliant because the users did not give their explicit approval to be tracked and opt-out is not enough to be compliant. I would strongly recommend to revert this PR.
:wave: Hi @Turbo87 and @bhough, author of the scarf-js package here and I'd like to respond to this claim. The @scarf/scarf
package and associated data practices have been extensively reviewed by Scarf's legal team. The telemetry provided by this package is GDPR compliant.
We are not actually storing personally identifying information, which is a key factor here. IP address metadata is looked up to understand associated company information, but IP's themselves are not being stored. If PII was being stored and/or exposed to Scarf users, you'd be absolutely correct that opt-out wouldn't be enough to be compliant. The opt-out mechanisms we offer are not GDPR considerations, but rather a consideration for how we think OSS analytics like this should behave. There's more info about this on the README of scarf-js if it's helpful.
I see that this PR has already been reverted, but just want to chime in on the legality of this telemetry. It is our hope that this lets the polished
contributors better understand how their work is being used, so they can deliver the best software they can to their users. 😄
Adds scarf.sh dependency to track library and documentation usage.