I just installed your extension and looked at the source. The Google tracking/analytics code appears to still be there at least, both in popup.js (referenced by popup.html) and in jquery.js (which is apparently more than just jquery?). At least it seems that all you're tracking is behavioral info, but still it seems a bit much. Especially for an extension that calls itself private and secure.
How should I mention that private & secure is about the 'note data', not how much time menu item was opened.
Also I enquired about the privacy issue in Google Analytics, only thing I got was:
- "Google tracks that visit via the user's IP address in order to determine the user's approximate geographic location."
I am using is custom events. Lets say I do not use Google-Analytics but my own server who just record custom events (anonymized IP Addresses) then the app will be considered private and secure.
What I feel from all these is - it is justified to call the app secure as its about the user data, not anonymized behaviour analysis. That is only for app improvement, and independent of a particular person (ie. privacy).
> Lets say I do not use Google-Analytics but my own server who just record custom events (anonymized IP Addresses) then the app will be considered private and secure.
Hahaha... No, of course it will not be. No app with phone-home analytics is private.
An app promising keeping your notes and note data private doesnt necessarily need to avoid analytics. Analytics and aggregate user data cant be avoided if a developer wants to improve user experience. Keeping users and their experience at the center isnt a bad thing. Your note data isnt logged to any servers in this app.
Gathering aggregated and anonymized 'doesnot' hamper privacy.
If we look at any authentic reference (Ex: http://en.wikipedia.org/wiki/Google_Analytics#Privacy_issues) we will find only when an app associates behaviour-analytics with attributes such as IP Addresses and Geolocation data, it may debate privacy issues, otherwise not.
If you see the word 'privacy', it only activates when an individual is being talked about. There are no specific users on this app, no email id, no unique id. All requests are considered similar irrespective of origin.
Your app is neither private nor secure. I saved the original version before you read my review. DevTools clearly shows it recording keystroke events. Just out of curiosity, why did your app also open a websocket connection to herokuapp.com?
I've seen loads of extensions that use Google Analytics to track user behavior. They of course post this on the details page with a link to the Opt-Out.
Could you tell us more about the "new analytics startup"? It seems like that's the code the reviewer was referring to (which you have said is no longer there in the extension)