Web Analytics and Solid principle


#1

This is cross-posted from solid/information#76.
I’d like to see the outcome documented in the GitHub issue, but we can have the discussion about it here.

This is something which came to my mind after reading solid/node-solid-server#1153

Please point me to the correct place if I’m wrong here (would like to discuss „best practice”).

Now to the meat:
From what I get, Solid is about redecentralisation. That it, giving power back to the users.
As such, I am wondering, whether web analytics should be used.
I mean, to a certain degree it is about recording user behaviour, so the user should have a say in it.

Here in Europe we had the cookie directive and now GDPR. (Let me know if you need links).

So in theory the user should give informed consent before a web author is allowed to track. In praxis that happened rarely in that fashion.

So how would you design that with solid?


#2

As I’ve never used statistics yet, this is from an users point of view

I personally don’t see a problem with analytics if they are only used for improving the application.

Of course, you should be GDPR compliant and let the user make an informed decision about how much data should be sent. For instance, I would be totally fine with two options when entering a webpage: “Send anonymized usage data for improving this service [this includes [checkbox] crash reports, …]” and “Send no statistics”.

This would give the power to the user while maintaining (not complete) statistics, which can be used to identify errors and the way user interact with the service.


#3

Advantage of SoLiD is that if a user don’t agree on the web analytic terms on an APP, user can switch to another APP.
Besides that, I think nothing can stop an APP to use analytic, it happends on client side, node-solid-server can’t touch that.


#4

There are a lot of sites quoting GDPR, but it is important to always read the legislation itself to see what it really says.

It is worth noting that the GDPR regulations state that the regulations themselves only apply to ‘organisations’ and state that they do not apply to ‘individuals’ unconnected with any organisation. They were specifically devised to protect users of sites owned by business ‘organisations’ or other similar organised groups.

Hence, if you are a business, club, or ‘organisation’ of any sort or size then you have to comply with GDPR. However, if you host only a personal hobby information site that is unrelated to any ‘organisation’ then your site does not need to comply with GDPR.


#5

Thanks for your clarification on the GDPR. It’s always important to read it itself when considering to implement it.

Nonetheless I think the GDPR is a good (but not ultimate) guideline when working on such a project, as it gives you several points for consideration. Even if you don’t have to comply, it still may be a good starting point.


#6

if youre talking about ones ability to log people looking at your property like a page or a group or your timeline wall what have you i think a person should be able to log all such activity… otherwise it gives other people the ability to snoop on you… on facebook facebook keeps track of who visits your property but doesnt give you that info in total… for instance it will tell you 20 people looked at your page this week but not who they were… that always pissed me off that facebook knew things about my page that i didnt even know… so i think you should be in control of anything that keeps track of your foot print in any inrupt ap and no one else


#7

You can do so on the official website.

Hm, well, how would you that, technically? I mean, if you submit data, the server will at the very least see your user agent and IP address (among some other information like preferred language etc).
You would need to trust them to throw away data they won’t need.

Plus, what I observed is that by blocking tracking scripts, even some first-party scripts may break (so you won’t see the experience you came for).

If it was designed that way …

Yeah, that’s pretty much was attracted me to SoLiD after reading the blog post by Sir Tim Berners-Lee.

What about things like forums? Think community-run ones.

It doesn’t hurt to design with privacy by default + privacy by design, I guess. I’d even consider this a competitive advantage :slight_smile:

Yeah, well, you could see it as twisted interpretation of „privacy” :wink:


#8

A community is an organized community so it is an organization.

An individual (to which the GDPR doesn’t apply) is a solitary individual unconnected to any organization.


#9

Okay, here’s another idea: What kind of data would you like to share?
For me as frontend engineer, those information would be helpful:

  • Operating System (GNU/Linux, Windows, macOS, Android, iPhone, Windows Phone, Firefox OS, Symbian …)
  • Browser (Firefox, Chrome, Vivaldi, Safari, Edge, Brave, Chromium, Midori, uzbl, …) + Version
  • Viewport (width and height of the browser window)
  • Enter Page (on which page did you started the journey?)
  • Exit Page (where you left?)
  • Bounce rate (how many visitor just jumped back after they came?)
  • Time on page (how long did you stay?)
  • Revisits (how many people came back within a certain time frame. Normally 30 days)

Do you can come up with more information?


#10

Another idea of mine is to integrate with ToS;DR[dot]org (can’t link because new user).
Or what about reviving the idea of Privacy Icons. You can find all of them next to each other on a netzpolitik.org blog post covering them.
I wonder, whether it would be possible, to express it in an API …


#11

https://tosdr.org/


#12

I meant, that the app creator should take care of anonymizing the usage data. I’ve never done something like this, but I’m pretty confident that it should be possible (e.g. only store the ip as long as necessary, don’t link it with other information, don’t store information which could fingerprint the user, …). I don’t think that SOLID itself can make sure it’s anonymized, but that each app will have to do this itself.

I think that highly depends on the application you want to analyze, but I guess that errors would be interesting too.


#13

dont get me started… its obvious that fb also manages who sees (even your friends) your posts… its trying to get you to pay to boost your posts… and that to me is beyond contempt… and it makes fb a place NOT to put any effort into the quality or quantity of your footprint… i keep trying though… either that or my 5000 friends hate me and ignore me lol… because i post a lot of good stuff and get nothing… on the other hand the people who have made it plain to me how much they love my segments are there everyday responding… i seriously doubt 5000 people friended me and then unfollowed me… no… it stinks of fb