-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dashboard telemetry are sent to app.posthog.com regardless of user consent #3609
Comments
HI @gberche-orange, thank you for the report! The fix is waiting for review, so it will be soon merged and should be available with the next release. It will fully disable tracking, when you either haven't accepted the tracking on the dashboard, or the TestKube instance has disabled telemetry. Our tracking is set for 2 reasons:
We plan to prepare the document that will cover the tracking details in testkube#3615. As I see, the kubeshop:dawid ~ % echo $'\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\xed\x92\xcbK\x031\x10\xc6\xff\x97\xd0\xe3.L6\x93dw\xcf\x82\x08\xe2\x0bO\x8a\x944\x0f\x1bK7k\x13_H\xffw\xa7\xf8(J{\xf0\xe2\xc9[\xf8\xe6\xf7}\x99d\xe6\xfa\x95\xf9G?\x14\xd6\xb3I\x1e\xcc\x98\xe7\xa9\xb0\x8a\x8d\xab4\xfaU\x89>\xb3\xfeu[\x99:S\xccF)/\xa3g\xbd\xa8\xd8\xa7\x90\xd3\xc3\xca\x92\xc4\xc9\x9br,1\rd\xa5\xf4g\xd6+\xa1*\xf6\xc2zT\xb2b\xd1\x11\x84\x9a\x94\x12\x97\xfe4\x84\xec\xe9rX\xdf\xac\xdf\x95\\\xccr$D\xb5\xa0\x1a\x10\x88\x8dn\xa84\xc9>g\n\x9dn\xfc\x8c\xb7\x1a\xadm\x02(\xe43[\x03r\xdda\xc7E#\xa0U\xb5\x95Zb\xd3\xd4<\x18\x04\xa8\xb7\xb0\xe4R\x18z\xdd\xe4)\x0e.=\xfd\xccRz\x865xk\xcdL\xa3\xef\xa4\x0c\xae\xdd\x1ff:\xa7)\xab\xa4\x85\x1f(f\x9c\xdb\xe9\xc1\xdd\xf9\xadS\xf1\xfe\xac\xbd_\xcd\xcfOT\xb8[<\x1c\xfa\xcb\xa3\x05\x00\xda\x14\x0f.\x96Gnvu|\x91R"\xa7\x8b\xb9\xc4\xc1\x96\xaf6\x00\xbd\x09(\xbd\xecL\rB\x02t<\x04\xab\x8d\x90;\xba\xf8\x80\x83t\x82\xd1\xff\xa4\x8f\x8f\xe4\xa0\xf4\xba\xfa\x8b\xa1b\xf3>TM\xd5\xddC\xadQt\x9b^6\xb4\xa2X\xa2%t\x9ftK\xa7o\xb4h\xf5\xfe-\xd0\xff[\xf0\x8b-\x90J\xado\xde\x00\xb2?\x88\xdb\xdb\x03\x00\x00' | gunzip | jq
gunzip: (stdin): trailing garbage ignored
[
{
"event": "$snapshot",
"properties": {
"$snapshot_data": {
"type": 3,
"data": {
"source": 1,
"positions": [
{
"x": 636,
"y": 465,
"id": 1476,
"timeOffset": 0
}
]
},
"timestamp": 1680620344272
},
"$session_id": "1874cc2f0641bc-04179491323086-c575422-1fa400-1874cc2f065153a",
"$window_id": "1874cc2f0667b4-0eccab74e955fd8-c575422-1fa400-1874cc2f06a9d7",
"token": "phc_DjQgd6iqP8qrhQN6fjkuGeTIk004coiDRmIdbZLRooo",
"distinct_id": "18704eaf45e59a-0350091ffc7a35-c575422-1fa400-18704eaf45f5d3"
},
"offset": 1067
},
{
"event": "$snapshot",
"properties": {
"$snapshot_data": {
"type": 3,
"data": {
"source": 1,
"positions": [
{
"x": 642,
"y": 471,
"id": 1476,
"timeOffset": -439
},
{
"x": 663,
"y": 509,
"id": 1489,
"timeOffset": -387
}
]
},
"timestamp": 1680620344772
},
"$session_id": "1874cc2f0641bc-04179491323086-c575422-1fa400-1874cc2f065153a",
"$window_id": "1874cc2f0667b4-0eccab74e955fd8-c575422-1fa400-1874cc2f06a9d7",
"token": "phc_DjQgd6iqP8qrhQN6fjkuGeTIk004coiDRmIdbZLRooo",
"distinct_id": "18704eaf45e59a-0350091ffc7a35-c575422-1fa400-18704eaf45f5d3"
},
"offset": 566
}
] |
The fix has been merged into |
thanks a lot @rangoo94 ! I tried to test but I'm currently blocked by kubeshop/helm-charts#453 |
@rangoo94 , unfortunately while testing with helm chart version 1.10.321, I only observed the situation got worse:
|
Hi @gberche-orange, sorry, looks like the front end was not updated with If it goes about the video, I believe that most likely you have telemetry disabled on the cluster, and the frontend shows the cookie notice until received information from the backend that it shouldn't. The network calls were because of this previous bug, which was fixed in the newest version. |
Thanks @rangoo94 With version However, it seems to me that when I'm enabling the telemetry from the cli, the front-end is still not sending telemetry calls, nor displaying the user consent overlay. I properly see the following front-end call to {"id":"","clusterId":"clusterb418fa91c9eb41032e413ec63f2310a3","enableTelemetry":true} I'm testing this on firefox 102.9.0esr (64-bit) on windows. |
@gberche-orange, thanks for reporting, and sorry, that was actually a newly introduced bug. The cookies banner wasn't displayed, so it didn't track anything without a consent. The fix has landed in |
Thanks @rangoo94. I'm away from desk for 10 days, I'll test and report back on my return. |
Hi @gberche-orange, did you have a chance to test if it works fine for you? |
@rangoo94 sorry for late response, with version 1.11.210, the telemetry optin and opt-out from cli work as expected during the user scenario of user consenting and user rejecting consent. Thanks for the fixes! |
Describe the bug
The dashboard seems sending analytics to app.posthog.com even before the user accepts the cookies
Even after denying the cookies, posts to app.posthog.com are made.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
According to #2550
The analytics should therefore likely not be sent to app.posthog.com prior to use giving consent by accepting cookies, nor after the user denying cookies
Also, providing more transparency to users as to what information is shared would be useful. The current requests made to PostHog are currently hard to reason about from users, appearing as black box data sending
Here is curl capture from firefox requests
curl 'https://app.posthog.com/s/?compression=gzip-js&ip=1&_=1680620339336&ver=1.51.5' -X POST -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0' -H 'Accept: */*' -H 'Accept-Language: en-US,fr-FR;q=0.8,fr;q=0.5,en;q=0.3' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: text/plain' -H 'Origin: https://testkube-ui.domain.org' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Referer: https://testkube-ui.domain.org/' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: cross-site' -H 'TE: trailers' --data-raw $'\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\xed\x93[k\x021\x10\x85\xffK\xf0q\x17&\x9b\xeb\xees\xa1\x08\xa5T\xe9SK\x91\x98K\x8d\xe2f\xdd\xc4Z\x91\xfe\xf7Fz\x11\x8aB}\xf1\xc9\xd733\x87a\xbe9\xcf;d\xdfl\x9bP\x83\x06\xb1U]\x9c\x85\x84\n\xd4\xf5\xa1\xb3}\xf26\xa2fw\xa8L\x8cJj\xaf\xa4mgQC\n\xf4#\xc4\xb0\xee\xf5\x97\xe4\rjj"\x0b\xf4\x8e\x1a(\xd0\x165\x98V\x1f\x05J~icR\xcb.\x0b\\\x02\xaf\x80\x10N\x19\xe4\xd2 \xda\x18}h\'\xfbY\x84\xa5\xa0ZW\x0e8\xc5S]\x02\xc5\xa2\xa65&\x15\x01\xc9K\xcd\x04\xa3UUb\xa7(@yhf\x98\x11\x95w\x1fl|k\xc2\xe6\xaf\x17\x17SZ\x82\xd5ZM\x05\xb55c\xce\xc8\xd3f\xaa6"{\xa5\xb0\xb0m\xb6\xe9fzr3\x1f\xbd\x1a\xeeW\x0fr\xd5\xcfF\xf7\xdc\xcd\x17\xeb[\xfb8\\\x00P\x1d\xfc\xcdx94\xd3\xa7\xbbq\x08\041O\x1a\x1f\x93ou\xfa]\x03\xa8U\x8e2\xcbjU\x02a\x005vN\x0bE\xd8\x91-\xbe\x9b\x1d3\x04\xe5\xfb\x04\xe7\xa2\xcd\x8c*)\xf3\xb9.\x81L\xd2S\xc4\x18\xad\xaf\xc4\xfeOL\xc8\xfc\xfb\x17\x09\xd9>HG\x89\xf1k\xc6\xce\041\xc6%\xbe\x0c\xb1\x93\xc0\xc4\x15\xd89\xc0X\x8e\xd8\xcb\'\x8dK\xd5)\xc9\x06\x00\x00'
curl 'https://app.posthog.com/s/?compression=gzip-js&ip=1&_=1680620345340&ver=1.51.5' -X POST -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0' -H 'Accept: */*' -H 'Accept-Language: en-US,fr-FR;q=0.8,fr;q=0.5,en;q=0.3' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: text/plain' -H 'Origin: https://testkube-ui.domain.org' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Referer: https://testkube-ui.domain.org/' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: cross-site' -H 'TE: trailers' --data-raw $'\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\xed\x92\xcbK\x031\x10\xc6\xff\x97\xd0\xe3.L6\x93dw\xcf\x82\x08\xe2\x0bO\x8a\x944\x0f\x1bK7k\x13_H\xffw\xa7\xf8(J{\xf0\xe2\xc9[\xf8\xe6\xf7}\x99d\xe6\xfa\x95\xf9G?\x14\xd6\xb3I\x1e\xcc\x98\xe7\xa9\xb0\x8a\x8d\xab4\xfaU\x89>\xb3\xfeu[\x99:S\xccF)/\xa3g\xbd\xa8\xd8\xa7\x90\xd3\xc3\xca\x92\xc4\xc9\x9br,1\rd\xa5\xf4g\xd6+\xa1*\xf6\xc2zT\xb2b\xd1\x11\x84\x9a\x94\x12\x97\xfe4\x84\xec\xe9rX\xdf\xac\xdf\x95\\\xccr$D\xb5\xa0\x1a\x10\x88\x8dn\xa84\xc9>g\n\x9dn\xfc\x8c\xb7\x1a\xadm\x02(\xe43[\x03r\xdda\xc7E#\xa0U\xb5\x95Zb\xd3\xd4<\x18\x04\xa8\xb7\xb0\xe4R\x18z\xdd\xe4)\x0e.=\xfd\xccRz\x865xk\xcdL\xa3\xef\xa4\x0c\xae\xdd\x1ff:\xa7)\xab\xa4\x85\x1f(f\x9c\xdb\xe9\xc1\xdd\xf9\xadS\xf1\xfe\xac\xbd_\xcd\xcfOT\xb8[<\x1c\xfa\xcb\xa3\x05\x00\xda\x14\x0f.\x96Gnvu|\x91R"\xa7\x8b\xb9\xc4\xc1\x96\xaf6\x00\xbd\x09(\xbd\xecL\rB\x02t<\x04\xab\x8d\x90;\xba\xf8\x80\x83t\x82\xd1\xff\xa4\x8f\x8f\xe4\xa0\xf4\xba\xfa\x8b\xa1b\xf3>TM\xd5\xddC\xadQt\x9b^6\xb4\xa2X\xa2%t\x9ftK\xa7o\xb4h\xf5\xfe-\xd0\xff[\xf0\x8b-\x90J\xado\xde\x00\xb2?\x88\xdb\xdb\x03\x00\x00'
Version / Cluster
Screenshots
If applicable, add CLI commands/output to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: