doc: is the documentation GDPR compliant since it uses Google Analytics without prompting the user about tracking?

[MirkoCovizzi]

Is your enhancement proposal related to a problem? Please describe. Discovered using an ad blocker on Firefox. Due to the usage of Google Analytics in the documentation, the search feature takes a lot longer than necessary due to heavy tracking being blocked. The user should be able to opt out of the tracking (even better opt-out by default and opt-in by choice). So far I don't see any option to do it.

Describe the solution you'd like Add a consent banner.

Commit that introduces Google Analytics: https://github.com/zephyrproject-rtos/zephyr/pull/16666

[MirkoCovizzi]

@dbkinder @nashif

[stephanosio]

cc @gmarull @carlescufi

also @bprestonlf

[henrikbrixandersen]

Personally I would like to see us move away from using any form of 3rd party analytics in our documentation.

[henrikbrixandersen]

Also asked here: https://github.com/zephyrproject-rtos/zephyr/discussions/51605

[Thalley]

Personally I would like to see use move away from using any form of 3rd party analytics in our documentation.

Indeed. There are plenty of open source self-hosted solutions out there which works well (and can of course be configured to by GDRP compliant).

[thedjnK]

Our intention is to use this to improve our documentation and experience.

Analytics don't tell you that at all. Using the documentation... it becomes very obvious very fast.

[kartben]

I'll submit a PR to add the cookie consent script to all pages. Note that going forward, it might make sense to gate the generation of analytics-related code behind a build flag, to make it easier for downstream adopters to generate a "clean" infocenter.

[henrikbrixandersen]

I'll submit a PR to add the cookie consent script to all pages. Note that going forward, it might make sense to gate the generation of analytics-related code behind a build flag, to make it easier for downstream adopters to generate a "clean" infocenter.

How about moving away from 3rd party analytics all together?

[thedjnK]

I'll submit a PR to add the cookie consent script to all pages.

Why is the linux foundation allowing this? This is on par with having cookie popups on the linux kernel git website or documentation.

[beriberikix]

As I mentioned in the TSC, there are several ways companies are addressing GPDR/CCPA compliance so I'd thought I'd share some links.

• Disable analytics via consent (which this PR is doing)
• Enable privacy controls in Google Analytics. Note, this may not be sufficient in some countries.
• Use a GPDR-compliant analytics service, many of which are OSS like:
  • Posthog
  • Fathom
  • Plausible
• Implement some custom server-side analytics
• Use server-side search analytics (ex. via Algolia, meilisearch)

[Thalley]

As I mentioned in the TSC, there are several ways companies are addressing GPDR/CCPA compliance so I'd thought I'd share some links.

* Disable analytics via consent (which this PR is doing)

* Enable [privacy controls in Google Analytics](https://support.google.com/analytics/answer/9019185?hl=en#zippy=%2Cin-this-article). Note, this may [not be sufficient](https://www.cookiebot.com/en/google-analytics-gdpr/) in some countries.

Indeed, and the courts in Austria, France, Italy and Denmark have declared Google Analytics illegal: https://www.simpleanalytics.com/blog/denmark-declares-google-analytics-unlawful

* Use a GPDR-compliant analytics service, many of which are OSS like:

  * [Posthog](https://posthog.com/)
  * [Fathom](https://usefathom.com/)
  * [Plausible](https://plausible.io/)

* Implement some custom server-side analytics

* Use server-side search analytics (ex. via Algolia, meilisearch)

I mentioned in Discord that since we are already hosting in AWS, we perhaps could just use https://aws.amazon.com/cloudfront/reporting/ which should be easy to enable and use.

Personally I'd prefer to remove any cookies for tracking users (or tracking specifics users in any way at all) for analytics, unless we have a really good reason. "Because it is easy" is not a good reason.

[stephanosio]

No longer relevant after https://github.com/zephyrproject-rtos/zephyr/pull/54875

[fabiobaltieri]

I'm surprised everyone so far argued about cookies and tracking and no one even tried to look at the actual data that's been building up since 2019 and see if it can be used to carve out any information useful to the project.

If anything what I found inadequate about the current system is that maintainers can't easily access the data since it's behind the LF account. I'd certainly like to peek at the data myself.

How about moving away from 3rd party analytics all together?

Personally I'd prefer to remove any cookies for tracking users (or tracking specifics users in any way at all) for analytics, unless we have a really good reason. "Because it is easy" is not a good reason.

That would be ideal, but is anyone willing to take the time to deploy and maintain a self hosted system? The project mission is to create a best-in-class RTOS, wondering if investing resources into this is really worth it. Why not self hosting a code review system and bug tracking? GitHub tracks you as well after all.