plane icon indicating copy to clipboard operation
plane copied to clipboard

Published 20 hours ago verified publisher icon makeplane

[feature]: Privacy issues

Open nerdalertdk opened this issue 1 year ago • 4 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Summary

Hi,

We just started using plane on a test basis. When checking out what url thats getting called, I notice it called this url https://client.crisp.chat/l.js, which btw. is blocked by my ad-blocker. Any reason there is an chat client include ?

image

https://github.com/makeplane/plane/blob/3a14f19c993933415f79e98648877dbf995cd098/web/lib/wrappers/crisp-wrapper.tsx#L27

Also I notice the logo in mails from Plane selfhosted have what could be a tracking "pixel"

https://plane-marketing.s3.ap-south-1.amazonaws.com/plane-assets/emails/plane-logo.webp

This also goes for the "social logo" which don't belong in internal mails

image

Why should this be worked on?

Privacy

nerdalertdk avatar Feb 09 '24 11:02 nerdalertdk

Hello @nerdalertdk we have integrated crisp to enable our customers to immediately reach us if they have any questions. You can access this feature via the help button in our platform.

Regarding the image, it's a webP which is a basic get from our aws s3 and nothing to do with "pixels" we are also going to move the image to be a part of minio rather than accessing from our S3 in our next releases.

For emails, those links are handy for people to know more about our product or file issues. We are not tracking them with any utm links, but this should not have been there. We will remove it.

Can you please help me know what is the privacy concern specifically for using crisp?

srinivaspendem avatar Feb 09 '24 11:02 srinivaspendem

Hi again,

Totally forgot to mention we are using the self hosting version, so don't see why crisp should be active ?

For the pictures, good to hear :) I'm just half paranoid when it comes to everything cloud, which is also why we self host and use open source projects. So any call out of our network is getting looked at.

As for crisp, no issue, never heard about them before, just notice it got called and we don't use it.

nerdalertdk avatar Feb 09 '24 11:02 nerdalertdk

I too would appreciate to have an option to run plane completely detached from any outside resources , including crisp as well as google fonts.

You (plane) might not collect any data - but they almost certainly do, one way or another.

For example, you could bundle fonts during build to remove the google font calls (there's plugins for that for nextjs) and add an env var wether to include crisp in the header.

genox avatar Apr 03 '24 11:04 genox

I would also appreciate the option to remove crisp on the self-hosted version. Currently I cannot use plane because of that, but it is such a great tool!

EDIT: Actually I just had a look at the code, I'm going to submit a PR for that!

paul1278 avatar Apr 07 '24 20:04 paul1278

Thanks, @paul1278, for contributing. 🍰 Closing this issue.

vihar avatar Jul 03 '24 14:07 vihar