website
website copied to clipboard
ScratchAddons
Add privacy policy (cont.)
Continuation of #26, resolves #24.
@WorldLanguages, you do the merge as you are the project leader.
@wgyt735yt Fixed it. You can check it again if you want.
Thanks for doing it, can we merge this?
Related: does anyone know of an analytics service that does not require us to ask for opt-in, unlike Google Analytics? That way, we could avoid the banner altogether. I believe GitHub recently did some changes like that as well - they only kept necessary cookies and removed the banner.
Related: does anyone know of an analytics service that does not require us to ask for opt-in, unlike Google Analytics? That way, we could avoid the banner altogether. I believe GitHub recently did some changes like that as well - they only kept necessary cookies and removed the banner.
Ocular uses Plausible, and they don't have a banner.
I plan to remove all cookies from the website by the second half of May.
Cloudflare will be removing the only cookie it adds on May 10th: __cfduid
And all other cookies are related to Google Analytics.
We'll probably move to a self-hosted instance of Plausible, which does not use cookies. Possibly hosted by @jeffalo. And we'll have a page that will display at least some of the data Plausible collected publicly (not sure if we want everything public yet).
We'll continue to use Cloudflare for now, so there's no other option but to let it "see" the IP addresses of our visitors (at some point of the chain, someone has to be able to do that of course). But using Cloudflare infrastructure, we could make it so other 3rd parties (GitHub Pages, Plausible, let me know if we can think of any other) don't get the full IP addresses of our visitors (or don't get them at all).
AFAIK plausible doesn't touch IPs. __cfduid doesn't show up on my site, so I think there's a way to disable it. Jeffalo should be able to add plausible easily, but if we want to use a cloud version, we'll have to pay. https://github.com/ScratchAddons/website/pull/65 would have worked for this purpose.
AFAIK plausible doesn't touch IPs
It doesn't. But the server hosting Plausible can still get it. "Never trust the client" and "never trust the server", they say.
AFAIK plausible doesn't touch IPs
It doesn't. But the server hosting Plausible can still get it. "Never trust the client" and "never trust the server", they say.
I think we can trust Jeffalo not to log IPs? I mean, we already have an Ocular addon, so we're screwed if he does.
I think we can trust Jeffalo not to log IPs? I mean, we already have an Ocular addon, so we're screwed if he does.
You have to optin into enabling the Ocular addon - but the moment the extension is installed, we immediately open ScratchAddons.com without explicit consent. Not the same. Also, why not anonymize IP addresses if we can. We're going to use Cloudflare as a proxy anyway.
@WorldLanguages Cloudflare's proxy doesn't pass the real IP unless you tell it to unless you enable the setting "True-Client-IP Header" under Network, even then you need the enterprise plan or you check the headers 'X-Forwarded-For' and 'CF-Connecting-IP'
@wgyt Are you sure they can be disabled from settings? I was thinking of using a Cloudflare Worker Also, completely removing the IP is unideal for analytics. We'd miss geolocation analytics, like how many % of our visitors are from the US (spoiler: a lot)
@wgyt Are you sure they can be disabled from settings? I was thinking of using a Cloudflare Worker Also, completely removing the IP is unideal for analytics. We'd miss geolocation analytics, like how many % of our visitors are from the US (spoiler: a lot)
AFAIK 'X-Forwarded-For' and 'CF-Connecting-IP' are always on.
@wgyt Are you sure they can be disabled from settings? I was thinking of using a Cloudflare Worker Also, completely removing the IP is unideal for analytics. We'd miss geolocation analytics, like how many % of our visitors are from the US (spoiler: a lot)
AFAIK 'X-Forwarded-For' and 'CF-Connecting-IP' are always on.
Spoiler alert: you can easily set up Nginx to de-obfuscate ips from behind cloudflare, so we have to trust whoever is hosting our server.
On my website, I use Cloudflare analytics and it works well. It uses 0 cookies, and gives a decent amount of data, including visits, page views, page load time, country data, the referer, host, path, and browser.
Spoiler alert: you can easily set up Nginx to de-obfuscate ips from behind cloudflare, so we have to trust whoever is hosting our server.
I don't think anything is stopping us from setting up a Cloudflare Worker that anonymizes the X-Forwarded-For and CF-Connecting-IP headers. Those are what's used by Nginx to de-obfuscate IPs.
Spoiler alert: you can easily set up Nginx to de-obfuscate ips from behind cloudflare, so we have to trust whoever is hosting our server.
I don't think anything is stopping us from setting up a Cloudflare Worker that anonymizes the
X-Forwarded-ForandCF-Connecting-IPheaders. Those are what's used by Nginx to de-obfuscate IPs.
I think you could anonymize those headers, but I have no experience with CF workers so 🤷🏻♂️