[mksaunders]

> Why does the Document Foundation need to track me?

It's not "tracking" (in the sense of monitoring what you do on other sites). On the LibreOffice website, we use the open source stats tool Matomo (formerly Piwik) to get an overview of how people use the site, how people go from one page to another, so that we can improve it. Lots of FOSS projects do this. Also, as explained in the privacy policy, JavaScript is required if you want to use certain third-party services that are embedded into some pages: https://www.libreoffice.org/about-us/privacy/privacy-policy-...

> Is LibreOffice itself doing something sneaky that I don't know about?

Of course not. We're a volunteer-driven, community open source project. It's all in the open :-) If you really want to change how the website works, we'd appreciate a hand: website+subscribe@global.libreoffice.org - thanks!

[WorkLifeBalance]

1. What you've described as 'not "tracking" ' is tracking. It's not third-party tracking but you're still deliberately adding a cookie for the purpose of tracking users across your site.

2. Your privacy policy contains:

> !!!add opt-out frame on the website at this position!!!

[kqr]

> What you've described as 'not "tracking" ' is tracking. It's not third-party tracking but you're still deliberately adding a cookie for the purpose of tracking users across your site.

I'd argue you're being unfair with terminology here. People generally talk about tracking when referring to cookies and scripts that monitor what other sites users visit. Monitoring sessions on your own site is ethically distinct enough to warrant its own term: web analytics.

You may think these are bad terms that don't reflect the true nature of the issue, and I'd be inclined to agree with you, but it is not an excuse to willingly conflate the two without qualifying it.

[mksaunders]

> 1. What you've described as 'not "tracking" ' is tracking. It's not third-party tracking but you're still deliberately adding a cookie for the purpose of tracking users across your site.

OK, we're using open source tools to try to improve the site. Plenty of other FOSS projects do this... Not sure why we're being singled out :-)

[sjmulder]

Not sure why we're being singled out :-)

Didn't mean no harm or to single you guys out. You're doing fantastic work. But broken and noncompliant notices do bother me a bit.

Sorry to drag on like this but the privacy statement (thanks for linking) says:

takes place only with the consent of the user

It does not, as there appears to be a second cookie notice underneath the first stating how consent is assumed:

We use only those functional cookies which are absolutely necessary to ensure that we give you the best navigation experience on our website. If you continue to use this site we will assume that you are happy with them.

From my understanding, if you're using only functional cookies and no tracking you don't even need consent (as you have legal basis) and you can drop the notice altogether. But I don't think analytics count as functional cookies.

Now aside from that nitpicking, thanks for writing such a clear privacy policy and making such good choices regarding the social media buttons, YouTube's privacy mode, and so on. Props!

[mksaunders]

Thanks for the feedback! I'll pass it on to the website team :-)

[mmastrac]

Don't let comments on Hacker News unduely influence your website decision making. The issues raised here tend to be laser focused on things that likely won't correlate with your success in the market.

You'll never be able to please everyone so your ability to study and run experiments is key. If anything, it sounds like you are doing things exactly the right way.

[wiz21c]

Very good answer. By these time of GDPR and privacy protection, it's super important that open source/free software project be absolute models in those areas. Indeed, when I recommend using free software like LibreOffice, its in great part because of the trust I have in your code (trust that I won't be fd now or in the future). Uncompromizing handling of cookies is part of that trust. Thanks for your wonderful job !

edit: in case it's not clear : i'm all for appropriate tracking (in your context, improving the website), provided that 1/ I know about it 2/ I have a choice (in your case, I'll opt in* if I can)

[dspillett]

> Not sure why we're being singled out

Someone who cares has noticed, and enough other people care that the thread is getting upvoted enough to hit the front page of HN.

Though still you are not being "singled" out as there are plenty of sites which have had their cookie/privacy/tracking/other behaviours picked apart recently. You are not the first/only and will not be the last!

[anc84]

You are not singled-out, this is a submission about you so it makes sense to talk about you.

Everyone who tracks has improvements in mind.

[mcbits]

It sounds like it's more intrusive than most of the GDPR cookie notice spam that's been appearing on sites. But if it's causing users to start noticing and asking questions about the tracking on web sites, then GDPR seems to be working. (uBlock Origin also seems to be working because I didn't see the notice.)

[ptero]

You are not singled out, treat this as user preferences or feature requests. People here are direct, but this is an environment feature of HN. Most folks here greatly appreciate your work (I do). That said, let me throw a few more stones:

1. The fact that you use OS tools to track users is almost irrelevant. I can still collect and lose data with FOSS tools. A tool is a tool (and tracking is tracking).

2. Sorry, I am not buying the "we need to know how you move on site to improve it". You write a great FOSS office productivity tool set. You should not care how much time users spend on your site, etc. In fact, your web site can be pretty basic for downloading new software. If you really need to figure out how people move within your site this should be easy to recover from IPs and web server logs.

Just my 2c and please keep doing your great work!

[mksaunders]

> tracking is tracking

But as another commenter here mentioned, simplifications like that do far more damage than good. In the broader world, "tracking" on the internet generally refers to companies following you all over the web and selling your data. By saying "tracking is tracking", you lump TDF's use of Piwik (for our site, for our own use, with obfuscated data in storage and a clear privacy policy) with that of advertising providers, who really do track you all over the web, don't tell you what they store, and sell your data. By saying "tracking is tracking", you tar everyone in the same brush. That's lacking nuance and really, really unfair to volunteer-driven FOSS projects (many of which use Piwik) that are just trying to do their best.

> You should not care how much time users spend on your site, etc.

Well, that's your opinion! But many of us in the LibreOffice community see the website as a major part of the product (and project). Do we want to spread the word about FOSS? Compete effectively with MS Office? Build our community and attract new contributors? Encourage donations so that we can support the community? Then we need a well-structured and useful website. Analytics tools help a lot in that.

> In fact, your web site can be pretty basic for downloading new software.

Again, that's the way you see it, fair enough. But actually the site needs to do a lot more than that. It needs to encourage people to try the software (screenshots, videos etc.) It needs to provide help, and support options, and front-ends to mailing lists. It needs to provide infrastructure for the project and community as a whole. The more we can optimise that - with the help of some analytics tools - the stronger we can make LibreOffice and the community. That's very important to us; if you disagree, join the LibreOffice project website list and put forward your case :-)

[ptero]

> ... simplifications ... that "tracking is tracking" do far more damage than good.

Point taken. I do not post-edit my posts for content, but I completely agree that LO's tracking is almost certainly at the benign end of the scale. It was a bad formulation on my part

On the other two points, though, your post reaffirmed my position. The way I understood it is you want to track (benignly, within the site only) users to generate funding, advocacy, onboarding, etc. This collecting user data to influence their behavior is, to me, starting down a slippery slope. That slippery slope has Facebook-like mind manipulation at the end of it; it is very far, but once you start in that direction it is very hard to stop.

Well structured and useful website indeed helps greatly. But one should be able to get there, or 90% there, using only anonymous information. This is just my opinion (I do take a harder line on privacy than most users). Cheers!

[mksaunders]

Thanks for your understanding and fair discussion :-) On this point:

> This collecting user data to influence their behavior...

I think that's a really negative and cynical way to look at what we and other FOSS projects are doing. Here's an example of what we can do with some basic website analytics data: we can put a banner on the download page saying "Made by the community - you can be a part too!". The banner links to a "Get involved" page, encouraging people to join the project.

Then, with analytics tools, we can see how well that works. We can do A/B testing by having some download pages with the banner, some without, and see which ones help bring new people into our FOSS community. This is really useful and good for us all!

Now you could say this is about "influencing behavior", and in a super pedantic sense it is. But again, when people talk about websites "influencing behavior" the big topics at the moment are Russian troll farms, Cambridge Analytica etc. I don't think it's fair to use terms like that when we're not trying to play mind games with anyone!

> That slippery slope has Facebook-like mind manipulation at the end of it

Ah please, we're just a small non-profit entity organising a FOSS project and trying to make a website that encourages people to get involved. The "slipperly slope" argument doesn't work well. One thing doesn't inherently lead to another. With that argument, drinking beer leads to other substances which leads to X Y Z... Nah, I've been drinking beer for years and haven't touched anything else. Beer is great enough :-)

Really, if you have a genuine fear that some LibreOffice community members using Piwik to improve the site could lead to "Facebook-like mind manipulation at the end", please do join the website list, put forward your points and let's deal with it! But having been involved in FOSS projects for over 20 years, I don't think that's a concern. People are just trying to do the right thing :-)

[djsumdog]

> formerly Piwik

I met two of the Piwik guys years ago. They got free office space at an open source company in NZ. Cool people. I remember at the time Piwik did support log scraping and Javascript tracking, but they recommended having how Piwik instances if you wanted both (one that scraped logs and the other that just did Javascript). I'm not sure there are any platforms that actually do both (which would also let you build stats on who has Javascript off or what may or may not be a robot).

But the short story long: they can just do log parsing and not need the Javascript component.

[mrob]

Even if your tracking isn't directly harmful (I make no claims if it is or not), it's still indirectly harmful because it's training users to ignore warning pop-ups.

[mksaunders]

Look at it this way:

* If we had a bad website, people would complain that it's ineffective, and not helping drive people towards FOSS

* If we then add open source analytics tools to try to improve the site, people ask why we are "tracking" them

* If we then add a banner, people complain that we're training people to ignore banners

...so it's hard to get anything right, it seems! We could remove Piwik completely (although it's not my call - I'm just one person in the project). But then it'd be much harder to improve our website. Piwik is really useful and if we want FOSS to be more widespread and adopted, we shouldn't shy away from such tools, IMO.

[jhasse]

You're are assuming that not using tracking will automatically result in a bad website.

> We could remove Piwik completely

Yes, please do that.

> But then it'd be much harder to improve our website.

Why?

[mksaunders]

> You're are assuming that not using tracking will automatically result in a bad website.

But that's not what I said at all. Please don't just thrown in things like that. I said that analytics tools can be really useful in many ways to help to improve a website (especially a bad one).

You ask "why", well look here at the features that the open source tool we use provides: https://matomo.org/features/

I'm not sure if you've worked in website design before but many of those features are very important and effective for improving a website. If we want to spread the word about FOSS, and encourage more people to use it, shouldn't we try to make the best website we can? While also informing users about the open source tools we use, and having a clear privacy policy about them?

https://www.libreoffice.org/about-us/privacy/privacy-policy-...

[jhasse]

Well you put up the three bullet points making it sound like that these are the only options, sorry that I misunderstood you.

> You ask "why", well look here at the features the open source tool we use provides: https://matomo.org/features/

That's more about about why one should use Piwik instead of a different tracking tool.

> shouldn't we try to make the best website we can?

Sure. And IMHO the benefit of not having a banner / tracking outweigh the cons.

[dkonofalski]

You've clearly never done any work (either development or UX) for a website. If you don't know how your users are using your product, there's no way for you improve it. If the people working on the website want real usability data, then tracking is the best way to get it. Focus groups and forced testing can only give you so much information and it's not exactly easy to get a group of people that includes active users of your site.

I know you didn't intend it this way but your response smacks of complete ignorance.

[Vinnl]

Hmm, if you don't store personally identifiable information (such as the IP address), then I don't think you even need a tracking warning?