Update 2020 Privacy chapter for CDNs and Hosting categories #1935
Conversation
| The largest player on the online tracking market is without doubt Google, with eight of its tracking domains present in the top 10 trackers and prevalent on at least 70% of websites. They are followed are Facebook and Cloudflare–though the latter is probably more reflective of the popularity of them as a hosting site. | ||
| The largest player on the online tracking market is without doubt Google, with eight of its domains present in the top 10 potential trackers and prevalent on at least 70% of websites. They are followed by Facebook and Cloudflare–though the latter is probably more reflective of the popularity of them as a hosting site. | ||
|
|
||
| WhoTracksMe's tracker list also defines categories that the trackers belong to. If we remove CDNs and Hosting sites from our statistics, under the assumption they may not track—or at least that that is not their primary function—then you get a slightly different view of the top 10. |
There was a problem hiding this comment.
"under the assumption that they may not track" sounds a bit weaker than what I'd consider ideal. We are talking about CDN domains that are often cookieless. Might be interesting to scan HA to see if those CDN domains have cookies set on them, and if they don't, clarify that they are not tracking today, but are "potential trackers" as they have the power to start tracking in the future (which IIRC is the reasoning).
There was a problem hiding this comment.
Understand your concerns @yoavweiss but I would still prefer to err on the side of caution here given the chapters topic and the power these entities could wield in this space. I think your suggested proposal to scan HA would be limited in nature, and many do set cookies for LoadBalancing or WAF reasons. Plus cookies are far from the only way of tracking (particularly for hosting providers with access to IP addresses and the like).
My initial thought was to include a link to Google Fonts FAQ about this as an example with an explicit comment like "and some of these providers have statements they do not track"" but on re-reading that, I'm not sure that's what it really says so I find that a little weaker, so thought more confusing to include, hence went with above. If that FAQ or privacy policy was stronger in this regards, I think we could be stronger too.
I've tried to be present an independent and balanced view here, and certainly think it's an improvement on just including them as trackers without comment - but it's gonna be difficult to make everyone happy!
@ydimova @KenjiBaheux what's your view here? Guessing you'll both be on either side of this argument! 🙂
There was a problem hiding this comment.
I think your suggested proposal to scan HA would be limited in nature, and many do set cookies for LoadBalancing or WAF reason.
Sure. But if they don't set cookies, that's a strong indication.
Plus cookies are far from the only way of tracking (particularly for hosting providers with access to IP addresses and the like)
That's fair. That would've been a different story if e.g. the relevant snippets included a referrerPolicy=no-referrer attribute, but that's not typically the case.
I've tried to be present an independent and balanced view here, and certainly think it's an improvement on just including them as trackers without comment
Agree that it's a significant improvement. Just think that it can be improved further... :)
|
Heads up: I'm going to merge this tomorrow unless I hear any further comments on this. While we may not all agree if this goes far enough, I've not heard any feedback to suggest this isn't an improvement and as I said above, I think it gives a balanced view so I'm happy with it. So shout not if you've big concerns about merging or any further suggestions. And of course, we're always willing to take further pull requests in future if people want to work on it further. |
Fixes #1760
I made some edits to note these are potential trackers for first set of figures, and added an additional chart of actual trackers, without CDNs (like Google Fonts) and Hosting categories.
I think this more accurately reflects the privacy situation, without removing those with the power to potential track completely.
Let me know your thoughts.
Staged new version here: https://20210128t212346-dot-webalmanac.uk.r.appspot.com/en/2020/privacy
FYI @KenjiBaheux @yoavweiss