[tokenizerrr]

I just installed your extension and looked at the source. The Google tracking/analytics code appears to still be there at least, both in popup.js (referenced by popup.html) and in jquery.js (which is apparently more than just jquery?). At least it seems that all you're tracking is behavioral info, but still it seems a bit much. Especially for an extension that calls itself private and secure.

[sanchitml]

How should I mention that private & secure is about the 'note data', not how much time menu item was opened.

Also I enquired about the privacy issue in Google Analytics, only thing I got was: - "Google tracks that visit via the user's IP address in order to determine the user's approximate geographic location."

I am using is custom events. Lets say I do not use Google-Analytics but my own server who just record custom events (anonymized IP Addresses) then the app will be considered private and secure.

Read Privacy Issue section on http://en.wikipedia.org/wiki/Google_Analytics#Privacy_issues.

What I feel from all these is - it is justified to call the app secure as its about the user data, not anonymized behaviour analysis. That is only for app improvement, and independent of a particular person (ie. privacy).

[tokenizerrr]

What I'm saying is that an app which claims to be secure & private should not be running any kind of analytics on user behavior in their browser.

[eps]

> Lets say I do not use Google-Analytics but my own server who just record custom events (anonymized IP Addresses) then the app will be considered private and secure.

Hahaha... No, of course it will not be. No app with phone-home analytics is private.

[ankitml]

An app promising keeping your notes and note data private doesnt necessarily need to avoid analytics. Analytics and aggregate user data cant be avoided if a developer wants to improve user experience. Keeping users and their experience at the center isnt a bad thing. Your note data isnt logged to any servers in this app.

[tokenizerrr]

I would not consider it private, at all, though. It's not privacy if every click you make is being monitored and analyzed.

[sanchitml]

Gathering aggregated and anonymized 'doesnot' hamper privacy.

If we look at any authentic reference (Ex: http://en.wikipedia.org/wiki/Google_Analytics#Privacy_issues) we will find only when an app associates behaviour-analytics with attributes such as IP Addresses and Geolocation data, it may debate privacy issues, otherwise not.

If you see the word 'privacy', it only activates when an individual is being talked about. There are no specific users on this app, no email id, no unique id. All requests are considered similar irrespective of origin.

[tokenizerrr]

Look, you're welcome to think what you think, but I've read the source code of your app and I am not comfortable using it, so I won't. Furthermore Google Analytics has access to the user's IP address, and even though it may not display it to you, Google still gets that information.

As for your claim of "no unique id", this is simply false. Google Analytics keeps track of an unique id for each user, they can tell you the count of unique visitors after all.

When you're boasting about privacy, do not track your users. What else are you meaning to imply with "privacy"? That the notes are not being sent to your server? Well, I goddamn hope so. Is there anything that makes your app more private than any other?

[eps]

> Gathering aggregated and anonymized 'doesnot' hamper privacy.

To put it bluntly, I don't give a flying f%ck about this. You said "private" and then your app phoned home behind my back - you outright lied to me. There's one definition of privacy, doubly so for people who actually care about it, and it doesn't come with weasel caveats like yours. So that one star you got is wholly justified and you should really listen to what people here are telling you, because that's exactly the feedback you are not getting from people giving you 1 star in the Chrome store.

In the end it's all really simple - either remove analytics from the app or remove "private" from its description.

[hamster_nipples]

> Your note data isnt logged to any servers in this app.

Analytics aggregate data are just the strawman. Note data WAS in fact being recorded from individual users and sent to Inspectlet servers.

[hamster_nipples]

Your app is neither private nor secure. I saved the original version before you read my review. DevTools clearly shows it recording keystroke events. Just out of curiosity, why did your app also open a websocket connection to herokuapp.com?