Hacker News new | ask | show | jobs
by erhardm 2694 days ago
"We build open-source mobile operating systems that respect users’ data privacy." yet your website pulls gstatic.com.

How can I trust the project when I can't even visit the official website without being logged by the biggest company of online tracking?
5 comments
liquidise 2694 days ago
Dismissing privacy projects because the website pulls from google fonts or analytics is a recent favorite behavior here. It’s become a sort of inspector fueled “first!”.

When someone shows me an: open sourced, graphical, log based, spam ip filtering, self hosted, server alternative to GA that I can set up in < 10x the time I will happily switch to it. In the meantime, if I want to know how my website performs I don’t know of privacy-forward competitive options.

link
y0ghur7_xxx 2694 days ago
> When someone shows me an: open sourced, graphical, log based, spam ip filtering, self hosted, server alternative to GA that I can set up in < 10x the time I will happily switch to it.

If privacy is your core business you make compromises, and you should be prepared to spend some time to set up something like a self hosted piwik instead of using GA.

This should be obvious.

Of course if your site is about your new facebook app, just go ahead and use GA, nobody will bother you about it.

link
coldtea 2694 days ago
>If privacy is your core business

Privacy in abstract is not their core business. A clean, privacy friendly fork of Android is.

In fact, it's not even a business, is a non-profit effort.

link
krn 2694 days ago
> When someone shows me an: open sourced, graphical, log based, spam ip filtering, self hosted, server alternative to GA that I can set up in < 10x the time I will happily switch to it.

https://goaccess.io/ ?

I would pick it over Google Analytics for any privacy-focused open-source project even if it doesn't tick every single box in your list.

link
erhardm 2694 days ago
You have to be willing to pay the price. If you want privacy for your users from $E_CORP then you have to protect yourself from becoming the $E_CORP.

How can you say "Privacy is important! $E_CORP is tracking you! - btw, here run this script so I can track you"?

link
xorcist 2694 days ago
Don't know if the above is meant seriously or not (the reason people don't switch from a piece of software is lack of familiarity, never ignorance), but I've had luck installing Piwik (which has now changed name to Matomo) for a few clients.

It works very much like Google Analytics and is not log based but should otherwise tick all your boxes. Installation is very straightforward but the using the dashboard, reporting etc. has a bit of a learning curve.

Nothing can ever compete with Google if you need statistics for "single middle aged mothers in a major city" simply because few others can profile users at that level but although it looks impressive it's not always correct and can be hard to use correctly. Piwik has great reporting tools and is easy to integrate with other systems.

It's also less likely to be blocked by adblock lists.

link
laurent123456 2694 days ago
I understand where they are coming as often it's convenient to know from where visitors come from - that's how you can find threads in here, Reddit and elsewhere, and then contribute to the discussion. There aren't good alternatives to GA for this unfortunately, even paid options aren't as convenient. As a user though you can choose to block GA using various extensions so that's always an option.
link
14 2694 days ago
Every once in a while I see someone talk about how a page loading loads a bunch of tracking elements from various known tracing sites and things like scripts. I don't suppose you could head me in the right direction as to where I could read a bit on how to do this myself? Thanks for any help
link
tya99 2694 days ago
A good place to start is https://www.privacytools.io/#browser

Spend some time using uMatrix (much better than NoScript these days). If you're running uMatrix you do not need NoScript.

Some good documentation in regard to uMatrix:

https://www.electricmonk.nl/docs/umatrix_tutorial/umatrix_tu...

https://github.com/gorhill/uMatrix/wiki/The-popup-panel

https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-par...

https://github.com/gorhill/uMatrix/wiki/How-to-create-rules-...

link
aw3c2 2694 days ago
Also give https://addons.mozilla.org/en-US/firefox/addon/lightbeam/ a try
link
YawningAngel 2694 days ago
Chrome has developer tools which allow you to see every request a page makes.

https://developers.google.com/web/tools/chrome-devtools/

link
coldtea 2694 days ago
You can trust (or not) the project, because what BS their website uses is not relevant at all to what the project is making.

The website could just have been some pages thrown together by someone with a ready made template or a total afterthought...

Their value proposition, good or bad, is on their main focus: an FOSS/clean Android fork.

Not on how privacy friendly their website is...

link
fourier_mode 2694 days ago
> How can I trust the project

Simple. Just scroll through the source code.

link