Adblockers usually have privacy filters as well. Thats why some analytics apps recommend proxying over website servers instead of directly sending requests to analytics apps endpoints from the client.
Analytics is generally (in detail this might or might not apply for this project) seen as an invasion of privacy, wasting bandwidth, increasing load time and lowering performance. There is a population of users who would gladly accept advertisements without analytics, because they see the invasion into their privacy as the predominant evil. This is why most adblockers nowadays either block analytics by default, or at least provide a configuration to also block analytics.
I agree with your statement. I did originally build this for myself, with privacy in mind. I don't like being tracked either. Pathview doesn't rely on personal data but the general perception remains true. Any thoughts on navigating through that stigma?
It's worth mentioning that the first hit generally loads in ~200ms and subsequent hits in ~120ms. The difference between first and subsequent is SSL. Speed and footprint represent two of my main design considerations.
I guess the stigma is too established to get rid of. Maybe you can sway some users by transparency, i.e. a very thorough but user-friendly explanation about what your software is doing and how it cannot possibly be used to invade their privacy.
But unfortunately, as far as my opinion goes, any kind of analytics and tracking just results in an instant "yuck" reaction, like a spider landing on my lap. I don't bother with analyzing it, I'll just try to get rid of it as quickly as possible.
The notion of privacy-friendly analytics has also been thoroughly burned by sleazy marketing departments outright lying. Or technical solutions that claimed to be privacy-friendly, but actually didn't really because of technical reasons. Or technical solutions being so complicated and obscure that it might as well be a privacy-protecting voodoo ritual for all a user knows.
This is tough. I dislike tracking but approve of analytics. Without data, websites cannot improve. Without improvements we'd only have Craigslists.
In your opinion, is there a way to balance the need for feedback with respect for the user? What might that solution look like? Do you have any absolute demands?
As a user, I've yet to see the user-facing benefits of analytics. I suspect there might be some which I don't know about. But mostly what I see is "we cancelled feature X you care about because analytics told us nobody uses it" and "you now get this annoying newsletter popup, because analytics told us we get more subscriptions that way".
For that perception to change, you have to educate users about their concrete, relevant and obvious benefit from analytics. I think this is hard or impossible. I also think that all the bad players in the market make this even more impossible, because you get lumped in with them.
I think the easiest solution is log analytics, preferably from anonymized or pseudonymized logs that are present anyways. That way, you don't collect any extra data, and as long as you do not keep the logs but only aggregated results, privacy isn't an issue. While a privacy policy and legal team need of course be aware of log analytics, the users cannot adblock it away, so that might be a plus. Also, no scripts, no cookies, no performance impact, etc. But of course the insight is limited by whatever is logged. Maybe some (privacy-preserving) data can be added to the URL parameters to augment the logs and provide a little more insight.
Another solution (that I just thought of, no idea if it would work) is that of recruiting users for testing your website under observation by the UI team. While this might invoke the image of recruiting 20 people off the street and sitting them down in a lab, I have something totally online in mind: Offer a voucher (or something) in return for participation. Participation should be instant. The users session should be connected such that the UI people on duty can see the website interaction (ala VNC, but limited to the website in question, so this should be possible by getting geometry, mouse position and keypresses alone via javascript). In case of difficulties, the UI team can interact with the user via voice chat (preferred) or text chat. After the user has finished their task, maybe ask them a few extra questions. You will gain much better insights, because you can ask for motivations and problems. You can point the user at the intended way and see if it works at all. But of course this approach requires lots of manpower and is technically challenging.
My absolute demands would be: Respect the relevant laws ala GDPR. Respect the DNT bit my browser sends. That way, you would already be above 99% of the analytics industry imho.
"I think the easiest solution is log analytics, preferably from anonymized or pseudonymized logs that are present anyways."
"Maybe some (privacy-preserving) data can be added to the URL parameters to augment the logs and provide a little more insight."
Pathview iterates on the server log approach. JavaScript collects two pieces of information: the current page and the referring page. The rest of the data is acquired by parsing HTTP Messages in real-time.
Some users want to block only ads (visible content), some block everything including analytics, support widgets, mouse-over widgets, social media links, "back to top" links on pages. Some lists even block everything by file name, e.g. /tracker.php regardless of domain.
Just to add, some of us even block all third-party domains by default. I had to specifically allow "pathview-analytics.com" to see what your script does ;)
For example, it blocks a great many XSS attacks, as if every website had a strict content-security-policy header. Or if some joker on a website adds <img src="http://192.168.0.1/reboot-router.php"> or suchlike you're protected.
Websites that want to host sketchy untrusted content use iframes to external domains, so the sketchy content can't grab the user's cookies. If the website didn't trust the third party, why should you?
It can also block a variety of "features" that are actually annoyances - like third-party live chat popups, third-party cookie consent nag screens etc.
In terms of the price, how troublesome it is will depend on your web browsing needs. If you're a professional buyer visiting dozens of different companies' websites every day, you might find it inconvenient. But if most of your time is divided between your 10 favourite websites? Once you've got the whitelist right you'll barely notice it.
The vast majority of sites work with some defaults (mainly CDNs), and it stops almost all 3rd party tracking. The minor inconvenience of sometimes having to whitelist some stuff is acceptable to me.
That's ok. I'm not trying to track everyone. If a someone wants to opt out, that should be respected. I'm trying to build utility while respecting visitors' privacy. There are certainly tradeoffs, but I'm comfortable making them.
