Thanks for bringing this up. I'm going to try and explain why GA is there and what we do with it. Please note that I'm also on the privacy minded camp, I hear you.

First and foremost, let me assure you we are not into tracking users. As you may have noticed, we don't request any data from you, because we simply don't care. What we do care a lot about is the quality of the conferences our users have.

Quality analysis (in many shapes and forms) is where analytics are useful to us. To that effect we use a number of services (which you can check in https://meet.jit.si/config.js) including GA, Amplitude (currently disabled) and CallStats.

Why do we need these? We need to know if your call failed. We need to know if ICE took too long. We'd like to know if nobody is using feature X. Or how many page reloads have happened recently and why. See the pattern? Without this information we'd be flying blind and we can't just rely on some testing we can perform. We rely on the community using the service so we can keep on improving it.

Even just the name of a chat room might contain sensible data.

You can pick arbitrary room names. If you don't want to leak sensible data you shouldn't put it out there to begin with, right? Users should pick something completely impresonal like a UUID v4 in that case, wouldn't you agree?

"But there are alternatives!" I hear you. Setting up a custom analytics backend is not something that will happen overnight, and while we have been looking into alternatives like Amplitude and HOMER, this is slow to change, but like the song goes: don't stop believin'.

Be it Google or our own backend, some of your data will always leak because you are using a service you don't control. So, what can you do about it? Here is what you can do:

• block tracking in your browser
• use #config.analytics.disabled=true in your URLs, for example: https://meet.jit.si/foo#config.analytics.disabled=true
• setup your own deployment (there are no analytics enabled by default, of course), it's now pretty aproachable either with the quick install or our dockerfiles.

If you made it this far, ❤️ , I hope you understand.

Hi @saghul, nice to meet you and thanks for your kind answer.

At the very best, there is either a PR/marketing issue or a UI/UX error at work, here.

Misleading marketing?

Meet.jit.si market itself as a "Secure, fully featured, and completely free video conferencing", all over the world, but

• it's not as secure if it informs third parties that could identify you
• it's not completely free if people pay with their personal data

For sure, those who use meet.jit.si, necessarily trust you.
But they trust YOU. Neither Google, nor CallStats.
They just trust you.

Misleading UI?

In the home page there is no mention about Google¹ being informed I'm joining a certain chatroom or being able to learn who I'm talking with. Or to learn then name of our chatroom.

Even just the name of a chat room might contain sensible data.

You can pick arbitrary room names. If you don't want to leak sensible data you shouldn't put it out there to begin with, right?

With all respect, this sound a bit like victim blaming.
Many people trust you, they are connecting to your server through encrypted TLS connections and have no reason to suspect that others will learn the name of their chatroom.

Moreover most of people have no control about their User-Agent and IP which are personal data according, for example, to European GDPR. And they are leaking such data to a third party that can use them to identify them by relating such data to the one collected into a huge amount of other websites and services.

Most users are helpless about such data: they cannot really decide to "put it out there to begin with".
As you provide a secure service, it's your responsibility to inform them (and to protect them).

Users should pick something completely impresonal like a UUID v4 in that case, wouldn't you agree?

You are talking with a hacker. Sure, I agree.
And I'm actively working to teach Informatics to kids, so that the next generation of people will be able to understand who they could trust and how much.

BUT, today, how many people know what a UUID v4 is?
Google shouldn't be able to exploit their ignorance, don't you think?

block tracking in your browser

Yeah... but unfortunately most people today don't even understand how Web tracking works. When they visit a Web page they are not aware about protocols, encryption, includes and so on...

And we are talking about a secure application and they trust you to protect their privacy.

We need to know if your call failed. We need to know if ICE took too long. We'd like to know if nobody is using feature X.

All of this can be done via (opt-in) logging in your own JavaScript code.

Or how many page reloads have happened recently

Look at the web server's logs. ;-)

setup your own deployment

Sure! This is one of the reasons why I'm taking the time to compile this bug report.
Because I think Jitsi is a great software and has a great potential.

But this is not the topic here.
You are providing a service, marketing it as a secure service.... and leaking users' personal data.

An actual UI bug?

use #config.analytics.disabled=true in your URLs, for example: https://meet.jit.si/foo#config.analytics.disabled=true

This is interesting, but as far as I can see, users can't chose this option from the current UI.
I'm a web developer with 20 years of experience and I had no idea this was possible till now.

Moreover, technically speaking, using an URI fragment interpreted client side isn't safe for the user. Try it yourself:

1. Start a new instance of Google Chrome
2. Paste this address https://meet.jit.si/GoogleIsProfilingYouRightNow#config.analytics.disabled=true into the address bar
3. Press enter

You will see the page will start loading but the URI fragment will disappear after a few seconds.
What will the user do if the connection hangs? Click the refresh button.
The browser will then load the page without that fragment.
So the user will leak personal data to Google anyway².

I understand

If you made it this far, ❤️ , I hope you understand.

Yeah, I really understand you and I really appreciate your work.

But the more successful you are, the more Google's surveillance will be dangerous.
They will know more about your users, more about their relationship.

To fix this is your own responsibility, as developers and as provider of a service used all around the world.

¹ or CallStats, but they are slightly less dangerous than Google these days

² AFAICS, nobody is asking consent about this, so this might even be considered a data breach of which European users should be informed, according to Article 34 of GDPR (but remember, IANAL).

Just a quick heads up. We are going to have a discussion about this. I'll get back to you.

Just wanted to bring up in case it is helpful: Matomo is a good Open Source analytics platform that you can host yourself and that has support for asking for concent to collect metrics. I use it for my own sites.

@Shamar Thank you for sharing

You can use Firefox, that has by default trackers blocked
(and clearly shown what trackers are on the page)

There is Brave browser saying they disable trackers

There are plugins for Chrome, like NoScript (disable js execution from specific sites)

Hi @paulvi thanks for your suggestions.
Unfortunately this not really an issue for people with a technical background, but for everybody else.

Out of curiosity @saghul, do you have any news on this issue?
I have a further question: is Google's surveillance also active when using meet.jit.si as a server from the native Android app available at https://play.google.com/store/apps/details?id=org.jitsi.meet ?

I have no updates at this moment, sorry.

Google Analytics is not used on mobile.

Has there been any progress on this ? I can help testing Matomo. Matomo could also help understand mobile use for those using F-Droid and opting-in.

Hi there! Sorry, alas we have no news. Legal is slow 😔

I asked about pricing for Matomo cloud service, this may help :

https://forum.matomo.org/t/is-there-a-free-offer-or-discount-for-free-software-projects/35412

Can't you gather the data you need for development from https://piwik.pro/
It still collects data but is self-hosted I think

@Echolon Piwik (the project) is now Matomo.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Adding config.analytics.disabled=true to the link like so: https://meet.jit.si/foo#config.analytics.disabled=true disables Google Analytics.

But it doesn't fully disable all third party integration. According to the config.js file that's what disableThirdPartyRequests is for. But adding it in the same way like so: https://meet.jit.si/foo#config.disableThirdPartyRequests=true doesn't disable anything. Not even Google Analytics.

Would love to hear if someone can shed some light on the proper way to disable third party integration (and tracking).

Thanks!

I am interested also in this because I didn't know and I am advising to use Jitsi to many people. Thanks for the software and I hope you change to Matomo.

But adding it in the same way like so: https://meet.jit.si/foo#config.disableThirdPartyRequests=true doesn't disable anything. Not even Google Analytics.

Damn, that's a bug. It must have snuck in when we refactored loading analytics handlers. Apologies.

@Jip-Hop Thanks for the report. Should be fixed by https://github.com/jitsi/jitsi-meet/pull/5450

Just in case people want a list of jitsi servers that don't use Google and other trackers

https://fediverse.blog/~/DonsBlog/videochat-server?responding_to=745

I've posted a workaround to permanently disable the analytics etc. while still using the official hosted Jitsi instances. You will need to host at least 1 static HTML file for this to work.

Zoom is getting a lot of bad press recently wrt privacy, ex:
https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/

It could be a coup for jitsi to remove the Google Analytics!

Zoom is getting a lot of bad press recently wrt privacy, ex:
https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/

It could be a coup for jitsi to remove the Google Analytics!

Very good point. And the list that I passed is ruling a lot in internet. People we want privacy. Take advantage of that. Go for Matomo!

Yeah, I really like Jitsi and its so simple to use by just clicking the links - my non-aware friends were so happy that you don't need to register. It is a big thing of Jitsi I think!

Hey all, sorry it took so long, but it finally happened: meet.jit.si no longer has Google Analytics. Thanks a lot for your feedback.