How (not) to track product usage
-
Tarquin Wilton-Jones, Security Expert at Vivaldi, explains how listening to users is much more beneficial to product development than tracking them.
Click here to see the full blog post
-
@susanbn It’s a good article. Is the new way to count users fully implemented yet?
-
@luetage , the link to the blogpost of the user ID are from Vivaldi v2.7.
-
Very well written.
There are huge data centres that collect our virtual data all over the world, They are owned mostly by marketing companies and they store (probably forever) collecting everything form inputs from online surveys to software/hardware vendors.
For those who rely on Open Source, FOSS or just free software (like me) we now have to take on the onerous challenge of reading the Terms of Service, Privacy Policy, and EULAs of all our software and apps. Most of these are not even written in a language we understand. They are all some variation of "LegalSleeze" possibly from the planet Magrathea as @guigirl mentioned as we earthlings are a very basic folk following the path of Least Resistance and just clicking "Accept".
But all this is a moot point if we have to pay for a piece of necessary software and get a license... -
@greybeard , is this what I mean, when I say it's a big common error to think that FOSS is sinonym for privacy and security, it isn`t. FOSS have otger advantages and reasons, but has nothing to do with privacy, they track bearly the same as comercial soft.
A lot of them includes APIs of Google, Alphabet, Facebook, Amazon and others, also FOSS like other APIs.
Read TOS and PP is the only way to protect for the user, pages like TOSdr may help.>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
@catweazle said in How (not) to track product usage:
Read TOS and PP is the only way to protect for the user
Agreed.
-
@greybeard , I wish all the TOS and PP are like this (Not FOSS)
-
@greybeard said in How (not) to track product usage:
@catweazle said in How (not) to track product usage:
Read TOS and PP is the only way to protect for the user
Agreed.
It is very nicely said.
We do not sell your data, except to offer you free software you requested.
They know everything of you, but they paid the software.
Or I have too much imagination. -
@gloops , to much imagination. You can scab the activitys of the services they have online and offline, there is nothing suspect. Their page with the online tools is one of the cleanest I know, no registry, no pay, enter and use it in PC and mobile (Html5)
-
Great article - I love Vivaldi's stance on this
On one hand I can kind of understand the temptation for developers to start usage tracking and statistics - it's a relatively cheap and easy to implement way to find out what users are actually doing in the product and what features are used the most. But on the other it will inevitably lead removal of little-used features, and alienating the subset of dedicated users who use these features a lot.
Looking at Chrome and how advanced features are hidden away behind page after page of obtuse options. And Firefox is going the same way, dumbing the UI down in case us "poor users" should happen to click the wrong button and get into trouble. Then you get hordes of users who don't even know what Settings or a dropdown menu is, or how to access it. They expect a "button" for everything and if it's no immediately obvious where something is they assume it doesn't exist...
Keep listening to your users and stay away from trying to use statistics to understand usage patterns
-
Blacklight has become a must-have for me. It is logical what you say @Pathduck, that developers want to have income in a simple way, collecting data that can be sold to make money, but some abuse this and disseminate a huge amount of private data of users that can no longer be controlled, or know in which hands they end up.
Example of Blacklight analytic of a webpageSome of the ad-tech companies this website interacted with:
The inspected website contacted some well known actors in the ad-tech industry. Not all of these loaded trackers, so they may be different from those listed in the tests section above. For more information on each company, what it does, and which of its domains Blacklight found during the inspection, click the arrow. Reading this can give you a better idea of how the ad-tech industry works.
Adobe
Blacklight detected the inspected website sending user data to Adobe. While Adobe is primarily associated with creative design products, a company spokesperson told The Markup that it also offers a suite of digital marketing products. Of the Adobe trackers that appeared in our scan of popular websites in September 2020, the most common were Adobe Audience Manager and Adobe Advertising Cloud. Audience Manager helps advertisers build profiles of consumers based on their web browsing history and other data to target both ads and content on their own websites. Advertising Cloud sells ads on websites, streaming video, or TV, and tracks their performance.
The site sent information to the following domain demdex.net.
Company description accurate on Sept. 3, 2020
Read Adobe's Privacy Policy
Alphabet
Blacklight detected this website sending user data to Alphabet, the technology conglomerate that encompasses Google and associated companies like Nest. The Silicon Valley giant collects data from twice the number of websites as its closest competitor, Facebook. An Alphabet spokesperson told The Markup that internet users can go here if they want to opt out of the company showing them targeted ads based on their browsing history.
The site sent information to the following domains doubleclick.net, google-analytics.com, googlesyndication.com, googletagmanager.com, googletagservices.com.
Company description accurate on Sept. 3, 2020
Read Google's Privacy Policy
comScore
Blacklight detected the inspected website sending user data to comScore, a company that monitors traffic on millions of websites to create market research data on how people use the internet, which it sells to advertisers, according to The Guardian. The company’s analytics also incorporate user data collected from its dozens of corporate partners, such as Facebook, Oracle, and Salesforce, according to its own website. Representatives from comScore did not respond to multiple requests for comment.
The site sent information to the following domain scorecardresearch.com.
Company description accurate on Oct. 5, 2011
Read comScore's Privacy Policy
Neustar
Blacklight detected this website sending user data to the analytics company Neustar. Beginning as a division of the defense contractor Lockheed Martin, Neustar managed the system that assigned three-digit area codes to U.S. phone numbers. Neustar now provides advertisers “accurate targeting based on ZIP, age, and gender, but also a wide range of attributes, including brand preferences, product affinities, and psychographic variables.” Representatives from Neustar did not respond to multiple requests for comment.
The site sent information to the following domain agkn.com.
Company description accurate on Sept. 3, 2020
Read Neustar's Privacy Policy
Quantcast
Blacklight detected the inspected website sending user data to the analytics company Quantcast. A Quantcast spokesperson told The Markup that the company collects data about a website’s visitors and “provides it in aggregated, de-identified form to publishers based on the overall demographics of the collection of user cookies based on visits to their websites.” Quantcast builds “psychographic” metrics of the types of people who visit a given site, which are enhanced with third-party data about web users from the company’s corporate partners. The company claims to have data about the audience visiting more than 100 million mobile and web destinations.
The site sent information to the following domain quantserve.com.
Company description accurate on Sept. 3, 2020
Read Quantcast's Privacy Policy
Magnite
Blacklight detected the inspected website sending user data to Magnite. Created by the 2020 merger of ad tech companies Rubicon Project and Telaria, Magnite places advertisements on more than million websites and apps. The company claims to have reached more than a billion consumers with ads placed on websites, mobile apps, and streaming videos. Representatives from Magnite did not respond to multiple requests for comment.
The site sent information to the following domain rubiconproject.com.
Company description accurate on Sept. 3, 2020
Read Rubicon Project's Privacy Policy
TowerData
Blacklight detected the inspected website sending user data to Tower Data, an ad tech company that creates profiles of web users anchored to their email address, according to its website. It also sells data about voters to political campaigns. Representatives from Tower Data did not respond to multiple requests for comment.
The site sent information to the following domain rlcdn.com.
Company description accurate on Sept. 3, 2020
Read TowerData's Privacy Policy
Verizon
Blacklight detected the inspected website sending user data to Verizon. While best known for providing cellphone and broadband service, Verizon has gained a significant presence in online advertising through acquisitions of ad-focused companies like AOL and Yahoo!, which offer advertising services in addition to content. Domains associated with Yahoo! and AOL (specifically, advertising.com, which was part of AOL before Verizon’s purchase of the company) appeared the most frequently among the many Verizon-controlled trackers appearing in our scan of popular websites in September 2020. Representatives from Verizon did not respond to multiple requests for comment.
The site sent information to the following domain yahoo.com.
Company description accurate on Sept. 3, 2020
Read Verizon's Privacy Policy
That is, the user can read and accept TOS and PP of a specific page, but then is obliged to read all the TOS and PP of the websites and services to which these data are sent, if he knows where (usually not) but without the possibility of accepting it or not, nor knowing where these in turn continue to disseminate this data.
This is unacceptable and a serious intrusion into a person's privacy and a violation of their basic rights.>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
@catweazle said in How (not) to track product usage:
It is logical what you say @Pathduck, that developers want to have income in a simple way, collecting data that can be sold to make money,
I was more focused on data collection to find usage patterns, not necessarily for the purpose of selling it but for potentially "improving" the software, and how it inevitably leads to just the blandest lowest-common-denominator features surviving over time.
Of course collected usage data can also be abused, sold or stolen, and it is a huge privacy issue. Which is another reason I'm happy Vivaldi doesn't believe in doing it.
Here's a good article from Vice on the issue:
"A growing market of data brokers that collect and sell data from countless apps has made it so that anyone with a bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information."
The Inevitable Weaponization of App Data Is Here🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@pathduck , agree, colecting data to improve a product is legit, but as you see, that isn't the case of the Example, that is data traffic to gain money, include for politic proposes.
-
@guigirl: Full marks for picking up the cheeky homage to H2G2!
-
I think Linux Mint tracks installations in a very "approximate" way - the default start page of the web browser contains the distribution's name (version) in the URL - so on the web page, if the web server gets a load of hits with "Uma" in the URL, they know most people have updated to the latest version - whereas if they get loads of hits with "Petra" in the URL, then a lot of people haven't updated their systems for at least 5 years. Nothing identifying there, but you get an approximate idea of the versions running out there. Of course, anyone can change their start page so it's not foolproof. I guess they probably also count hits to the update repositories too, to get a more accurate picture. This is something Vivaldi could do. After all, if you count Vivaldi updates rather than downloads, you have a fairly good idea of the number of active installations - which is the actual figure that counts. If it's online, it'll probably update at some point. You can also use it to break down the numbers by geographic region (unless the user's on a VPN). Depending on the nature of the updater downloaded, you also know what computer architecture and OS the users are on.
If you track users by spying on them, there's the danger you see them ignore a feature and then you remove the feature. If you instead ask them, they'll say "how do I find this feature?" and you can move it to a more prominent position or move it under a more logical menu.
I have often wondered why the usability of user-interfaces seems to be inversely proportional to how much tracking and spying occurs.
Taking Windows as an example... When Windows 95 (home) and NT4 (business) were released, they were such a radical departure from Windows for Workgroups - (introduction of explorer instead of file manager, and the "start" menu), that you'd have expected "die-hard old fogeys" and people with "baby-duck syndrome" to be in uproar. If people really are as resistant to change as many developers keep bleating, Windows 95 would have sank without trace - yet 95 and NT4 were welcomed at the time because they were a massive improvement. The story is repeated for Windows XP and 7 (if we ignore Vista). The changes introduced in these operating systems were probably not universally liked, but this was more due to personal preference than making things more difficult outright. I tended to prefer the Windows-95 style start-menu in XP, although I was happy with either. My point is, the changes introduced weren't outright regressions.
However what we see now in more recent versions of Winodws is settings being given confusing, dumbed-down names, scattered over illogical and disparate locations, and simple things (like loading a program from the start menu) taking many more mouse-clicks/scrolls/keypresses than before, just to do the same thing. Everything is harder and takes much longer than it used to - and that's coming from someone who's lost count of the number of operating systems and desktop-environments he's called "home". This is not progress. Adding search to the Windows 95/XP/7 start menu, or modelling something new based on the Cinnamon, XFCE (whisker menu) or KDE's launchers, would be progress. It'd be providing more functionality without confusing the user, and without requiring extra mouse-clicks or keypresses to perform the same task. If a new feature makes your life more difficult, especially if it's not an essential feature, it's not progress.
I find it interesting that Windows 95 and XP, and to some extent 7, were largely developed at a time when interface-designers formally studied willing participants, and asked alpha- and beta- testers specifically what they wanted and what they actually thought. In short, actual progress was made when developers actually talked to users, and it seems to have gone off the rails since ignoring them and just silently watching. Yes, they can see everything you do, where your mouse goes and how long you spend on each screen... but they clearly don't understand what you were thinking when you did it, or their products would be better!
I really wish a lot of developers (not just at Microsoft) would go back to school and read basic 101 texts such as Xristine Faulkner's "Usability Engineering" before they start pratting-about on real-world systems that people actually have to use for real tasks on a daily basis. It's now 21 years old yet more needed and relevant than ever.
Let's contrast all this with Vivaldi, where the developers are often on the forums, talking to the users. Now, considering that Vivaldi is to web browsers what Emacs and SystemD are to text-editors and init-systems, I'd say that Vivaldi's ease-of-use and intuitive interface are evidence that you build better software by talking to users, not spying on them!
-
@pathduck said in How (not) to track product usage:
@catweazle said in How (not) to track product usage:
It is logical what you say @Pathduck, that developers want to have income in a simple way, collecting data that can be sold to make money,
I was more focused on data collection to find usage patterns, not necessarily for the purpose of selling it but for potentially "improving" the software, and how it inevitably leads to just the blandest lowest-common-denominator features surviving over time.
Of course collected usage data can also be abused, sold or stolen, and it is a huge privacy issue. Which is another reason I'm happy Vivaldi doesn't believe in doing it.
Here's a good article from Vice on the issue:
"A growing market of data brokers that collect and sell data from countless apps has made it so that anyone with a bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information."
The Inevitable Weaponization of App Data Is HereInteresting side-note if we go down the privacy rabbit-hole....:
Apparently it only takes 4 low-resolution data-points to de-anonymise you from "anonymised" cellphone data, with a 95% chance of success[1]. This is just one of the reasons why I object to targeted advertising, behavioural tracking, profiling and the like, and why I encourage people to care, even if they think they're OK because everything's "anonymised" with "personally-identifiable information removed". I'm even wary of "aggregate" data because the term is sometimes misused to stand-in for "anonymised"... and again, even true aggregate data can still theoretically be combined with other data to help de-anonymise users.
In fact, this is how browser fingerprinting works. If you browse a site in Vivaldi, the site might think it's Chromium or a Chromium-based browser (i.e. most of the online-world), but then if you use Linux you're suddenly 1 in 10 internet users. Then they may see your language and timezone and you drop to 1 in 100 users. With CPU architecture you might drop to 1 in 1000, GPU model takes you to 1 in 100,000 and then perhaps the list of installed fonts makes that particular instance of Vivaldi now reliably and uniquely identifiable in the world.
Another reason I don't believe there's any sort of "safe" or "ethical" level of spyware operation, is that metadata is sometimes even more valuable/useful than data. e.g. Your phone spends the night in a cheap hotel in close proximity to another phone, but nobody knows what you did. You then ring up a sexual-health clinic the next day, but nobody knows what you said in the conversation. Immediately after ringing-up the clinic, your phone is traced as visiting the clinic and then the pharmacy, but nobody knows what your prescription was. Now, even if there's an innocent explanation for the story above (e.g. you had a business meeting and the other phone was on the other side of the wall, or it was a twin room not a double; you needed to pick up an embarrassed friend's prescription etc.) - we all know what you'd initially think! And that initial conclusion is all the data-collectors, advertisers, authorities and your insurance company care about!
I don't think we can completely stop tracking but we can express distaste, vote with our feet, resist it, reduce it and poison datasets. Anything that makes it less profitable.
-
@guigirl said in How (not) to track product usage:
@jamesbeardmore I was wondering where my phone was. Damn horny device!
Based on the average life span of a phone (2.5 years) and of a Finnish* human (82.5 years), my Nokia 3310 cell phone (complete with Buffy the Vampire Slayer interchangable-cover) is the equivalent of 660 years old. It's a little too arthritic to get up to the sort of antics your phone does, but remembers them with a wry smile. I suppose we had better be careful discussing this much more, or the poor little Nokia will have a heart-attack!
*I chose to compare to Finnish people, because the town of Nokia in Finland is of course where the headquarters of Nokia the phone company used to be.
-
@jamesbeardmore , I have one of these for a few years in a drawer, I think the battery still has some charge. It is gray, without special cover, it only has a small crack in one corner, since it fell from a second floor.
-
Ppafflick locked this topic on
