Video.js: Video.js uses minimal google analytics tracking pixel

@misteroneill So, what are the reasons to track your unsuspecting users?
At the very least, this should be opt-in

This was previously documented, but we accidentally lost it a few months ago in a rewrite of the setup guide. I've opened a PR to address that oversight.

This does in no way make it better, and this is no better than microsoft proudly telling its users that it collects all the data; "b-but they can use the enterprise edition".
In fact this is even worse because not only you, but also Google, is getting all the data.

The previous discussion was closed because @SirCmpwn was using inappropriate and abusive language and tone in a clear violation of our code of conduct.

He was right, though, to point out that it should be documented on the "Getting Started" page and I'm working on getting that done. It is now.

@ParadoxSpiral It's relevant to understand that the Google Analytics pixel is only included in the free CDN version of the library and only for 1% of sessions. The version on npm or on the various downloads (or other free CDNs) does not have it at all.

If you'd like to know what data is gathered and why, it's not hidden and it's nothing that exciting.

As to the "why" - the purpose is clearly stated in the open source code and (soon) on the "Getting Started" page:

We include a stripped down Google Analytics pixel that tracks a random percentage (currently 1%) of players loaded from the CDN. This allows us to see (roughly) what browsers are in use in the wild, along with other useful metrics such as OS and device.

I agree that @SirCmpwn was behaving overly confrontative.

It's relevant to understand that the Google Analytics pixel is only included in the free CDN version of the library and only for 1% of sessions. The version on npm or on the various downloads (or other free CDNs) does not have it at all.

This might be the case, but it doesn't justify tracking the 1%.

If you'd like to know what data is gathered and why, it's not hidden and it's nothing that exciting.

That is the data that you ask Google to track, and the inherently untrustable Google will most likely track all of the data they have the ability to track, and only present you the ones requested. This is their business. Visiting a video.js site and being the 1% enables Google to push tracking cookies on the user. The more websites that allow Google to track, the more complete Google's knowledge of the user gets, and the more acceptable it gets for other devs to employ Google, or other, tracking.

Regarding the why:

This allows us to see (roughly) what browsers are in use in the wild, along with other useful metrics such as OS and device.

This does actually not answer the question: it only states that you do it, but does not answer: _why exactly does video.js need to see what browsers are in the wild and their users' OSs_. Which bugs have been fixed, what insight has been gained by those statistics, _what justifies contributing to, excuse the term, the botnet_?

My proposed solution: Either completely remove the tracking (best choice), or roll out your own FOSS tracking that is both transparent and remotely trustable.

@misteroneill Make sure to mention that in addition to the device/browser/OS version, your analytics code also sends the full URL of the webpage that contains the video.js instance... Which is a pretty serious invasion of your users' privacy, in my opinion.

I'll leave any further answers (mostly because I am leaving the office for the day!) to people who've been involved in the project longer than I have, but I would like to note that the "Getting Started" page is now updated to explain how to avoid the tracking that comes with the CDN version.

Processing access logs (assuming those are accessible) could be an alternative source of usage statistics, since they contain the browser's user agent (which is also what the tracking pixel must be doing). Gathering screen resolution info unfortunately doesn't work with that.

@ParadoxSpiral It's relevant to understand that the Google Analytics pixel is only included in the free CDN version of the library and only for 1% of sessions. The version on npm or on the various downloads (or other free CDNs) does not have it at all.

I see. I encourage everyone to disable it using window.HELP_IMPROVE_VIDEOJS = false;, e.g. https://github.com/collab-project/videojs-wavesurfer/commit/df9545a815aa0bdf78fc7df9a0fbf98f63e0e184

Hi

On Jul 8, 2017, at 12:42 PM, Thijs Triemstra notifications@github.com wrote:

@ParadoxSpiral It's relevant to understand that the Google Analytics pixel is only included in the free CDN version of the library and only for 1% of sessions. The version on npm or on the various downloads (or other free CDNs) does not have it at all.

I see. I will switch away from using the CDN version in my video.js plugins in that case.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

Ping @misteroneill @videojs

So it's not an issue because only 1% of the requests is adding spyware? Sounds like a poor excuse to me. No requests at all should be adding in spyware into the project. At the very least not by default.

I would like to note that the "Getting Started" page is now updated to explain how to avoid the tracking that comes with the CDN version.

I couldn't find this (it's part of the legacy docs now). Only reference I found is in the project's README.md.

Hey,

We really screwed up our communication on GA being included by default on the CDN versions and we’re very sorry for that. We've been trying to be better at communicating what we are tracking and how. We have updated the getting-started page on the website to include a section about GA (http://videojs.com/getting-started/#download-cdn) and we also updated the README (https://github.com/videojs/video.js/pull/4481). Since this issue was opened we've been looking into how and what should happen. We've investigated some options and we're going to have an announcement about this in the next week or two. It does involve removing GA from the CDN versions of Video.js.

We had a PR open to also respect DNT for the GA tracking but apparently, it wasn't merged yet, I'll make sure that we merge it in ASAP and use it for future versions so that users who have DNT won't send data back. Setting HELP_IMPROVE_VIDEOJS globally to false before loading in Video.js will also disable GA tracking.

The data that has currently been gathered has mostly been used by the core team to look at the browser usage of Video.js players and the usage of particular versions of Video.js. We used the data currently available to inform our decision to remove support for older IE versions in the future.

I’ll make sure to keep this thread updated with any news related to this, like when the announcement goes up, and more specifics related to it. Thank you for bringing up this concern and giving us time to make the best decision for the project.

The DNT PR for the CDN has been merged and VJS releases released from now on will respect DNT.

Video.js 6.8 and 6.9 both have the DNT change as part of the pixel tracking.
The CDN script will not add any pixel tracking to vjs 7 scripts: https://github.com/videojs/cdn/commit/feea792abaec0f1f2011d210652cdb752db8fa71

Video.js 7 has been released and the CDN script doesn't include any pixel tracking at all.