search

vaadin / router

Small and powerful client-side router for Web Components. Framework-agnostic.
https://vaadin.com/router
Apache License 2.0
421 stars 51 forks source link

Get rid of vaadin-usage-statistics #241

Closed limonte closed 6 years ago

limonte commented 6 years ago

From https://github.com/Polymer/pwa-starter-kit/pull/195#issuecomment-406645735

I haven't investigated what vaadin-router exactly does, but I'd prefer a starter kit that does not send any usage statistics (in both development and production mode).

Whoever made the decision to add that dependency to the router please leave a comment with the answer on question "why exactly?", because the related PR doesn't contain any reasoning: https://github.com/vaadin/vaadin-router/pull/235

marcushellberg commented 6 years ago

I've been against collecting statistics from the start and I'm pushing the management team to get it dropped. Even if it doesn't send any personalized info, the fact that there's a usage-statistics dependency and that my app would ping some 3rd party server just looks bad.

abdonrd commented 6 years ago

Totally agree! :)

marcushellberg commented 6 years ago

Just to give a bit of context to anyone reading this later on, here's what the statistics gathering does: https://github.com/vaadin/vaadin-usage-statistics/blob/master/README.md. It's not that it's doing anything evil, and it only gets loaded if you are running on localhost and not bundled.

The issue more the perception of our components if they include this dependency.

limonte commented 6 years ago

Good news: vaadin-usage-statistics has been removed from the stable version https://github.com/vaadin/vaadin-router/releases/tag/v1.0.0 :tada:

Bad news: there's a possibility it'll be added again in one of future releases.

limonte commented 6 years ago

UPD: vaadin-usage-statistics will be added to the upcoming minor release 1.1.0.

⚠️ if you don't want vaadin-usage-statistics in your application, change the dependency to semver patch range: ~1.0.0 or 1.0.x.

Legioth commented 6 years ago

Yes, usage statistics collection is reintroduced. Sorry for the confusion caused by poor internal communication leading to removal and then adding it back again.

We understand that collecting statistics in this way is a controversial topic that will upset some developers. The background here is that we want to better understand to what degree our different products are used and how they are used together. Also, we are a commercial company with obligations to both the developer community as well as to our shareholders who ask for insights about how our business is thriving.

We are doing everything we can to make the usage statistics collection as unobtrusive and transparent as possible. ~For instance, the monthly stats sending trigger has a 95% chance of being a no-op so that we can only do aggregate statistics but never track any individual developer.~

Also, statistics is only gathered during development of the application, but not in production. We use multiple different heuristics for detecting whether the application might be run in production to make it extremely unlikely that any scenario would cause statistics to be collected from end users instead of developers. The two main lines of defence are checking that the page is hosted from a localhost-like URL and that dependencies are loaded from their original files instead of being loaded from a production bundle.

Another example is that we make it as easy as possible to opt out. It was the lack of a good way of opting out for NPM users combined with broken internal communication that made us prematurely remove the usage statistics collection right before releasing 1.0.0. Now that an opt-out alternative for NPM is being added, we will release 1.1.0 that makes Vaadin Router consistent with all other Vaadin products.

I would encourage anyone concerned with usage statistics being collected to still upgrade to 1.1.0 and explicitly opt out from the collection of stats since that's the version that further development will be based on.

Kind regards, Leif Åstrand CTO, Vaadin

Edited to clarify how usage statistics are only collected during development but not in production. Edited in November 2019 to reflect the fact that the 5% sampling is being changed to 100% sampling

Legioth commented 4 years ago

Just a quick update to point out that the 5% sampling that I mentioned in my previous post is being changed to 100% sampling as of https://github.com/vaadin/vaadin-usage-statistics/pull/47.

Other aspects such as the precautions to not affect end-users in production deployments are still the same.