Privacy Issue with nodejs.org Tracking Statistics and Marketing Without User Consent

[june07]

• URL: https://nodejs.org/en
• Browser version: Chrome Version 75.0.3770.100 (Official Build) (64-bit)
• Operating system: Windows

@fhemberger
Interesting how this has not been addressed, as it seems to clearly fit:

This is indeed illegal under European GDPR laws.

Link to the full report

Given your quickness to point to GDPR in the recent past, I assume you already know this information but here is the link anyway: https://ec.europa.eu/info/law/law-topic/data-protection_en

@ea167

I doubt this is GDPR compliant, and the author does not provide a clear justification of why they require such a private information.

@oncletom

GDPR is about providing a choice of consent about data collection.

@WaleedAshraf

I think doing analytics shouldn't be that important? Why not just remove it?

@tniessen

Regarding GDPR: From my perspective as an EU citizen (IANAL), the GDPR is covered by federal laws and if an extension violates the GDPR, the author can be sued, no matter whether they are EU citizens themselves or not. And even if they don't violate the GDPR, they still have to adhere to laws with difficult and cumbersome consequences (e.g., Article 15 and Article 17 of the GDPR) which might not be worth the marginal gain from obtaining user data. In this particular case, if email addresses are stored even after a user uninstalls the extension, that might violate Article 89 of the GDPR. Anyway, that is ultimately not our problem, so I am fine with either not recommending any extensions or adding a disclaimer.

Maybe we could all do well by looking into the mirror.

[MylesBorins]

@june07 it seems like all of the unnecessary cookies on the domain are coming from google analytics, which we had attempted to remove in 2018... it looks like we missed a couple references... I've opened a PR to fix that.

If I'm reading the report correctly we should be compliant after that lands as we will only have the cloudflare cookie with is deemed "necessary" and allowed by GDPR without a notice.

I understand you are upset with us, and genuinely appreciate a call to action for us to do better... but I have to honestly say that the way you are engaging, the extent of content, the way you are presenting it, makes it seem like you have a vendetta and are trying to prove a point. Seeing folks be hypocritical is frustrating, but if you continue to engage like this you are going to only distance yourself from the project and risk longer term repercussions in your ability to participate in our projects.

This website is run by volunteers and I urge you to consider that.

[ChALkeR]

@june07 Does this issue still stand after #2305 being merged?

Thanks for locating the Google Analytics traces, btw, that was apparently missed last year when it was removed.

@MylesBorins Thanks for taking care of that!

[june07]

@MylesBorins "Disappointed" would be a more apt description of my current feelings.

However I will also add that my engagement, content, and presentation has been far from brash. I'm simply presenting FACTS from a vantage point that seems to differ widely from many here, as well as a historical (very recent) view into the different manner we are treating/have treated issues/individuals/organizations. If my doing so results in "longer term repercussions" as you state, that would be unfortunate. As you so rightly put it,

Seeing folks be hypocritical is frustrating

I'm at least glad you, yourself, called attention to the hypocrisy above...

and if me calling it or other issues out is a problem... well, that is a problem.

FYI: Node is not unique in it's being run by volunteers, and my consideration of that is constant, yet it doesn't excuse the preferential treatment, bias, and hypocrisy I've been witness to.

I'm glad this is being resolved. It's a perfect demonstration of how OSS should work. Problem identified, people work together, problem fixed. More emphasis should be put on fixing things and working together... regardless of the time/effort involved in doing so... and that ethos should extend to EVERYONE.

And please, consider my continued attempt of amicability.

[MylesBorins]

Closing as it appears we are now compliant