Tracking on the foundation's websites

The website internetfreedom.in runs google analytics, also static content is hosted on google’s cdn which may facilitate tracking. Also Ironically facebook.net and twitter.com load scripts on saveourprivacy.in.

I understand that accountability needs and need to spread the word are causing this.

For the latter I can suggest that svg icons be used and those be appropriately hyperlinked on saveourprivacy.in . For the former it seems switching to something non-invasive like seeing logs or using something like matamo analytics while hosting assets on self owned resources may help. I have no qualifications in this field so your ideas would perhaps be able to sove this better.

Hi,

Thank you so much for highlighting these concerns. Before I step to the specifics, I am providing some real, tangible examples how we take user privacy seriously and have moved away from product uses that compromise it.

In the past disabled tracking scripts on our newsletters (shift from Mailchimp to Mautic), forms (Google Forms to BlockSurvey), even online events (from Zoom to our self hosted Big Blue Button) which have caused us significant glitches (like on the day of PrivacySupreme) and cost but have been implemented due to volunteers.

On the specific web sites you have refferred let me provide some ongoing attempts and also the challenges we face so you can also appreciate them:

  • On internetfreedom.in the parent website is being run with analytics which have been pre-existing since the site first launched. We have tried and presently in the process of migration and building out a fresh one which will not carry forward Google Analytics. However, this will take time as we are nowhere having the capacity and resources available to commission a commercial web design. I would impress on this because our attempt is to ensure that such shifts account for organisational needs of having a web presence and understanding how to better serve goals of digital literacy. I do request for your patience.

  • On the embeds on SaveOurPrivacy.in, I will explore how they can be disabled. However, we are not yet contracted with any standing web design firm and it may take us time to implement. Just to let you know that we do take these issues seriously the earliest version of SOP had google fonts which we then switched over to another font family to avoid any issues of pixel tracking.

In the end, while we do try our best, such efforts are incremental. They also come at the cost of reaching larger audiences and popularising digital rights in much broader communities. Thank you for your good faith effort in helping us improve ourselves and do even better.

4 Likes

Great to know that these issues are being worked on.

Over the last year, a FOSS, privacy-focused competitor to Google Analytics has popped up:

Self-hosting instructions can be found here. I haven’t tried it but I’ve been meaning to add support for this in Discourse as an alternative to GA.

1 Like

Thanks Rishabh, this looks so good! Let me take a note of this and try to have it implemented.

1 Like

If using Greenlight with BigBlueButton, it may be a good idea to take a moment to reflect on BigBlueButton’s default recording of all meetings irrespective of whether the meeting recording is published. Unless, of course, the default has been changed.

Also, per their Privacy FAQ, the recordings are easily accessible and recording URLs can be guessed easily.

In sum, it’s a bit of a stretch to get BBB to be privacy-conscious.

1 Like

Also, I missed this. BBB is an awesome piece of software. It’s rare to hear of glitches with BBB. Let me know if I can help sort your issues out.

Thanks so much Suman, so basically the server on which we had our BBB instance crashed in a sense and we had to shift to zoom. It caused some timing issues and gave us a healthy sense of anxiety. In the end it was brilliantly handeled by @Shivani.

Now coming to the point on choosing the right webcasting tool we did make a choice after inviting comments and feedback from the community which were dead set against us using Zoom. But recently I have noticed self-hosted instances of Zoom in which the keys (please correct me here) are stored with the client. There have been instances where I have noticed some really great global digital rights even use it for larger conferences.

Do you think such a set-up is privacy preserving if we can manage the resourses and server space given that it may just make our lives at IFF a bit more easy? Also, for the participants who are frequently there on our webinars?

What is the threat model here?

Re: Zoom On-Premise deployments

In doing so, user and meeting metadata are still managed in the Zoom public cloud. However, all meeting traffic (video, voice, in-meeting chat, and data sharing) is hosted in the organization’s private cloud through the On-Premise Meeting Connector, Virtual Room Connector, and Recording Connector.

You’re still going to lose user data and metadata.

Do you think such a set-up is privacy preserving if we can manage the resourses and server space given that it may just make our lives at IFF a bit more easy?

Honestly, there’s no good answer without more information than I was able to skim from their on-prem help page on the website. E.g. it is not clear how custom backgrounds (and other AI-driven features, that require processing the video/audio) work in this setup.

Also, for the participants who are frequently there on our webinars?

Participants will still need to download and use Zoom’s app, right? (IIRC, the only browser E2E works correctly from is Chrome, so that’s a bummer.)

Meetings, and webinars are very different use cases. If you can share ball-park numbers of attendees, and required geographical coverage, we can probably get down to a minimalist architecture, and then draw up a cost-benefit analysis.

In the meantime, if you would like to try a BBB instance, just holler :smile:

1 Like