search

tinybirdco / web-analytics-starter-kit

Tinybird Web Analytics Starter Kit
https://tinybird.co/starter-kits/web-analytics
MIT License
350 stars 36 forks source link

[Bug] To preserve privacy, analytics dashboard should not send a 'ping' to Google on every page view #30

Closed grempe closed 2 years ago

grempe commented 2 years ago

Module

Dashboard

Describe the Bug

On every page view of the analytics tool, a 'ping' is being sent to Google in the form of an HTTP call using their undocumented service to retrieve domain favicons. I noticed this only because my browser was throwing 404 errors trying to retrieve the favicon.

https://github.com/tinybirdco/web-analytics-starter-kit/blob/c3ea3948ca7f40786f24b700827354e866e1cf11/dashboard/lib/hooks/use-domain.ts#L16

and

https://github.com/tinybirdco/web-analytics-starter-kit/blob/2e80cd34c0122ae9147e977df698866870bd0b80/dashboard/next.config.js#L6

As a tool that is explicitly being marketed to have a more private alternative to Google Analytics, it should not be leaking requests from the user's browser to Google on every visit to analytics.tinybird.co.

For an alternative approach, I would suggest a call directly to the domain to see if /favicon.ico is able to be found or loaded as talked about in the first approach here:

https://blog.jim-nielsen.com/2021/displaying-favicons-for-any-domain/

Expected Behavior

Page views should not leak http calls to Google.

To Reproduce

Visit the Tinybird analytics page.

Details

Any browser.

alejandromav commented 2 years ago

Hi @grempe, thanks for your comment.

Why do you consider this a privacy issue? I mean, the dashboard is not sending any data to Google, just requesting for the favicon they have indexed.

Given Google has a well-know index of webpages, we thought we could use their service to hotlink a page favicon.

Regarding your proposal, I'm afraid looking just for /favicon.ico is not enough, since there are many other formats for favicons these days.

grempe commented 2 years ago

Why do you consider this a privacy issue? I mean, the dashboard is not sending any data to Google, just requesting for the favicon they have indexed.

Because it is sending a request directly from my browser, including my IP address, to Google on every page view. They learn my IP, and the fact that I am using your tool through the referrer.

I would suggest that this tiny feature, showing a favicon next to the domain name, is not worth the privacy hit.

You are also, in effect, using your analytics competitor, and providing them information, on every page view.

It is not effecting the users of my website's privacy. It is effecting my privacy as a website operator.

grempe commented 2 years ago

And yes, favicons are a mess. And privacy is hard.

https://perishablepress.com/favicon-standard/

DuckDuckGo got in trouble for this.

https://changelog.com/news/duckduckgos-favicon-mismanagement-leaks-user-privacy-for-2-years-M5Yr

alejandromav commented 2 years ago

Ok, we've stopped using that service.

grempe commented 2 years ago

BTW. The new method now works. It actually displays the favicon.ico file from that domain. It didn't work before with the Google code (404) I suspect because I have a robots.txt file on that domain that forbids search (a testing domain).

win/win

grempe commented 2 years ago

Oh, and the google domain reference in this line should actually have been removed as well.

https://github.com/tinybirdco/web-analytics-starter-kit/blob/2e80cd34c0122ae9147e977df698866870bd0b80/dashboard/next.config.js#L6