RE: Next steps on Web Analytics Project

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!

> -----Original Message-----
> From: S Moonesamy [mailto:sm+ietf@xxxxxxxxxxxx]
> Sent: Friday, September 27, 2019 5:39 PM
> To: Roman Danyliw <rdd@xxxxxxxx>; ietf@xxxxxxxx
> Subject: Re: Next steps on Web Analytics Project
> 
> Hi Roman,
> At 04:59 AM 26-09-2019, Roman Danyliw wrote:
> >This note provides an update on the web analytics for www.ietf.org
> >project.  In response to the initial proposal [1], the community
> >provided a variety of helpful feedback [2].  The IESG and IETF Tools
> >Team reviewed this community feedback and revised the proposal.  The
> >more significant revisions included an explanation of the current
> >analytics systems and associated practices; clarifying the scope and
> >enumerating the explicit use cases; identifying the link between the
> >collected data and the uses cases; and more clearly stating the privacy
> >and security issues and their associated mitigations.
> 
> Thank you for the sharing the next steps.  I could not find any mitigation for
> the issue mentioned on Page 5 (geolocation of IP addresses).  

Section 4.1 proposes an approach to opt-out of the analytics -- "The planned configuration will only use client-side JavaScript to collect all metrics ... A visitor can prevent all web analytics functionality by disabling JavaScript for www.ietf.org in their browser. As noted in Section 1.2, a design goal of www.ietf.org is for the website to function without JavaScript enabled."

In contrast the current approach uses network-layer information which would require a Proxy/VPN to obfuscate (but not eliminate the logging of the) client origin.

> I unfortunately
> has to raise a concern about this IESG-endorsed tracking plan as I am not
> comfortable about having someone else within the IETF tracking what I read
> on the IETF web site.

I'd point out that the proposed collection is similar to the existing practices in production now, see Table 1.  As described above, there is a robust mitigation possible to ensure this tracking doesn't occur should there be concern. 

Regards,
Roman

> Regards,
> S. Moonesamy
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux