Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow disabling Visitor Profile feature and visits log feature #16259

Closed
tsteur opened this issue Aug 2, 2020 · 5 comments · Fixed by #16561
Closed

Allow disabling Visitor Profile feature and visits log feature #16259

tsteur opened this issue Aug 2, 2020 · 5 comments · Fixed by #16561
Assignees
Labels
c: Privacy For issues that impact or improve the privacy.
Milestone

Comments

@tsteur
Copy link
Member

tsteur commented Aug 2, 2020

It be great if these feature could be disabled. Currently, the workaround is to disable the entire plugin. However, this also disables real time reports. Also on the cloud it is currently not possible to disable plugins so a user cannot disable these features yet (which may be needed to avoid tracking consent in some countries).

@tsteur tsteur added the c: Privacy For issues that impact or improve the privacy. label Aug 2, 2020
@mattab
Copy link
Member

mattab commented Aug 5, 2020

It would be important in this case, if it could be done on a per website basis, so that you can disable it for most websites but still enable it for some websites (where for example consent was collected). This is common use case when for example people may track many websites and apps. Some of the sites and the apps would gather consent, or may be eg. behind a login where terms and conditions were agreed to and may require tracking, etc.

@tsteur
Copy link
Member Author

tsteur commented Aug 5, 2020

@mattab we might create a separate issue for this later depending on how it'll be developed.

or may be eg. behind a login where terms and conditions were agreed to and may require tracking, etc.

just btw for GDPR that won't be enough to mention this in terms but if someone isn't affected by GDPR that might do

@tsteur
Copy link
Member Author

tsteur commented Oct 19, 2020

@sgiehl I quickly reopen this issue as I think we would also need to disable eg the Live.getLastVisitsDetails() API. The method might still need to be working though when using eg getSuggestedSegmentValues. In the API Request class there should be a way to check what the root API method is although if we were to rely on this then the method could probably still be called through bulk requests (if we did like Request::getRootApiRequestMethod() === 'Live.getLastVisitsDetails'). Not sure how this could be done.I suppose we could allow the Live API method to be called when the root api method is the getSuggestedValues API method.

We should also block getFirstVisitForVisitorId.

When the setting is disabled, it would also disable the real time reports. Sorry forgot to mention this. That's because it shows basically the same/similar data as the visitor log.

Also I'm getting these warnings in the UI
image

In the settings could we add also disable real time? I was thinking ideally it could be actually only one setting that disables it all but can also keep visitor profile and visit log separated. Maybe the visitor log would also disable real time so we don't need a third setting.

We'd need to add a description to the settings, and mention that when changing it here it applies to all sites. We could also mention that disabling these features may be required in some countries to avoid needing to ask for consent (eg in France) @mattab maybe you know more about this.
image

I wonder if we could also add a note somewhere in the privacy settings with a link to the Live settings. There's not really a good place but could maybe add a line break and a new sentence to the intro mentioning that visitor profiles and visit logs can be disabled too
image

I know we could usually just tell people to disable the Live plugin but that's not possible on the Cloud currently and sometimes they might be required to disable these features.

@sgiehl
Copy link
Member

sgiehl commented Oct 20, 2020

@tsteur I've created a PR to improve the last implementation and block some more api request.
Do you maybe have a backtrace for the warning? I'm not able to reproduce that.

@tsteur
Copy link
Member Author

tsteur commented Oct 20, 2020

@sgiehl created https://github.com/matomo-org/matomo/pull/16599/files . Was unrelated to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Privacy For issues that impact or improve the privacy.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants