Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JS tracker should not track anything when the protocol is file:// to avoid tracking personal data by accident #17017

Closed
tsteur opened this issue Dec 24, 2020 · 13 comments · Fixed by #19835
Closed

JS tracker should not track anything when the protocol is file:// to avoid tracking personal data by accident #17017

tsteur opened this issue Dec 24, 2020 · 13 comments · Fixed by #19835
Assignees
@peterhashair
Labels
c: Privacy For issues that impact or improve the privacy.
Milestone
5.0.0

Comments

@tsteur
Copy link
Member

tsteur commented Dec 24, 2020
edited

Use case:

Someone downloads a page from your website and stores it locally. Then the user opens it and the user will be tracked and the URL might look like

file:///C:/Users/myname/AppData/Local/...

This way we actually track personal data potentially by accident without knowing.

  • We would always exclude page urls with this protocol by default
  • There should be a method to opt out of this feature so you can track these requests if needed.
  • We create an FAQ to document this behaviour / feature.

As this could be seen as a BC break we need to maybe wait for Matomo 5 for this and/or clearly announce this and warn users of this change.
@tsteur tsteur added the c: Privacy For issues that impact or improve the privacy. label Dec 24, 2020
@tsteur tsteur added the RFC Indicates the issue is a request for comments where the author is looking for feedback. label Mar 7, 2021
@tsteur tsteur added this to the 4.4.0 milestone Mar 7, 2021
@tsteur
Copy link
Member Author

tsteur commented Mar 19, 2021

see https://developer.matomo.org/guides/jstracker-core this would need to be changed in js/piwik.js see how to embed tracking code https://developer.matomo.org/guides/tracking-javascript-guide

@mattab mattab mentioned this issue Apr 6, 2021
Closed
@tsteur tsteur modified the milestones: 4.5.0, 5.0.0 Jun 28, 2021
@tsteur tsteur removed the RFC Indicates the issue is a request for comments where the author is looking for feedback. label May 10, 2022
@tsteur
Copy link
Member Author

tsteur commented May 10, 2022

This would be a great new privacy feature which be quick to implement 👍

@peterhashair
Copy link
Contributor

@tsteur just found we have something similar, but not the same. Do we consider removing that one?

matomo/js/piwik.js

Lines 6524 to 6528 in 6be3e32

this.redirectFile = function (url) {
if (windowAlias.location.protocol === 'file:') {
windowAlias.location = url;
}
};

@tsteur
Copy link
Member Author

tsteur commented Oct 4, 2022

@peterhashair we would keep it to not break the API as some people might use this

@peterhashair peterhashair self-assigned this Oct 10, 2022
@peterhashair peterhashair mentioned this issue Oct 10, 2022
Merged
11 tasks
@peterhashair peterhashair linked a pull request Oct 13, 2022 that will close this issue
add file:// protocal exclude option in tracker #19835
Merged
11 tasks
@peterhashair
Copy link
Contributor

Add documents here. https://matomo.org/?post_type=faq&p=59435&preview=true

@sgiehl
Copy link
Member

sgiehl commented Nov 7, 2022

@peterhashair the new method should also be added here: https://developer.matomo.org/api-reference/tracking-javascript
But as this will be included in Matomo 5 only, we maybe should first start the documentation for 5.x. See matomo-org/developer-documentation#675

@peterhashair
Copy link
Contributor

@sgiehl should I wait for the 5.x documentation created? Or should I created PR follow those steps https://github.com/matomo-org/developer-documentation/#how-to-add-docs-for-a-new-matomo-version

@sgiehl
Copy link
Member

sgiehl commented Nov 8, 2022

Let's wait till matomo-org/developer-documentation#675 is done

@justinvelluppillai
Copy link
Contributor

Looks like this is ready now @peterhashair @sgiehl - 5.x-dev documentation is now live.

@tsteur tsteur mentioned this issue Nov 24, 2022
Closed
@peterhashair
Copy link
Contributor

@justinvelluppillai added updates.

@tsteur tsteur mentioned this issue Nov 24, 2022
Closed
@mattab mattab added the 5.0.0 label Jan 4, 2023
@sgiehl sgiehl mentioned this issue Mar 23, 2023
Open
@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/strange-item-in-analytics/53432/2

@manufitoussiwit
Copy link

And what about tracking in Electron based application ? UI is often served with file:// protocol. It the case of my application.

The solution explained here https://fr.matomo.org/faq/how-to/enable-file-protocol-tracking/ is not really a good solution.
It requires to build a new version of my application to reactivate tracking.
In other words, update matomo in v5 leads to loose tracking of my current clients untill they update their app.

Is there another solution?

@sgiehl
Copy link
Member

sgiehl commented Dec 21, 2023

@manufitoussiwit Guess that depends a bit how you have integrated Matomo into that application. If you use the TagManager it would be easy to add an additional call like this. Otherwise I think there might only be the possibility to adjust the tracker file yourself to enable file tracking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@peterhashair peterhashair

Labels
c: Privacy For issues that impact or improve the privacy.
Projects
None yet
Milestone
5.0.0
Development

Successfully merging a pull request may close this issue.

add file:// protocal exclude option in tracker matomo-org/matomo
8 participants
@tsteur @mattab @justinvelluppillai @sgiehl @peterhashair @manufitoussiwit @MatomoForumNotifications @innocraft-automation