I maintain a couple independent, small, privacy-focused websites. They currently don’t collect any analytics.
I personally use uBlock for every website I visit. Would it be hypocritical of me to include privacy-friendly analytics on my own sites?
To narrow it down:
I’d only use verifiably privacy-friendly options that legally don’t even require consent, such as Plausible & Fathom.
I would block the loading of my analytics depending on Do Not Track/Global Privacy Control settings.
My definition of privacy-friendly is:
No cookies or cross-site tracking
No tracking across devices
Aggregated data only
No PII collected
I read PrivacyGuides used to use Plausible, but doesn’t anymore. Is that a stance on collecting data for something that inherently advocates against it, or is there a deeper reason?
Some of this data is incredibly helpful - especially referrers, bounce rate, locations, and basic conversion data, and cannot be tracked to any given individual. Do you use analytics on your site?
hypocritical doesn’t mean bad or wrong, but it is the definition of hypocrisy (unless the analytics is opt-in). but yeah, if you whitelist similar analytics then it’s not
your situation kinda reminds me of how brave blocks ads but then offers its own in-browser ones (which has its own issues and i heavily disagree with it)
There are many ways you can think about this, whether it is or isn’t hypocritical depends on your thinking, but here is one way of thinking that is ethically consistent:
It is my right to control my system, that includes controlling my browsing experience, what resources I allow my system to load or not load, etc.
2/ Likewise, it is your right to control your system, that includes your server and includes your right to use privacy preserving analytics to gain insights into how your server is being used.
So long as your intentions are in-good-faith, and not malicious or deceptive, you are transparent, and you are there is nothing inconsistent about the above (your system your choice, my system my choice)
If you believe all analytics are objectively wrong, then yes, it would be objectively hypocritical, but that is a pretty extreme, and not very common or practical belief.
only if it’s opt-in (or at least there’s an easy way to disable on landing page for an ordinary user who doesn’t have ublock)
Likewise, it is your right to control your system, that includes your server and includes your right to use privacy preserving analytics to gain insights into how your server is being used.
the analytics are being run on client’s devices, not the server
This doesn’t seem to relate at all to what I wrote/what you quoted.
Soft or hard opt-in or opt-out is a separate consideration, It is something you can have an opinion on, and worthy of discussing, but it is a separate topic, independent from what I wrote above.
you said that OP can “only control the server side”. that’s not really true, as they control what resources and scripts the user pulls and runs on their browser (though of course, users can override this but that doesn’t mean OP has no control on what is executed by default)
i.e. it’s OP’s choice whether the telemetry is run and uploaded from client’s devices by default (although they have to abide by laws) and they can easily make their implementation opt-in if they wanted to, just as they can choose not to have telemetry at all.
opt-in is more similar to the approach op is taking with their ad blocker, white listing by default and not running anything unless they want it to. im not really talking about ethics (although it’s hard not to), just whether what their proposal is “hypocritical”. and i concede that it is subjective, but i think there’s a very strong argument that with opt-out analytics, the answer would be a firm “yes”
they control what resources and scripts the user pulls and runs on their browser
I don’t feel this is accurate.
they control what resources and scripts the user pulls
I don’t feel this is accurate
(if it were extensions like noscript and uBlock Origin could not function as they do)
OP can control their end. But you as the user are not a passive/powerless subject, you have agency.
OP can choose to use analytics software on their server, and you can choose to block it.
and i concede that it is subjective
We are in agreement here. Whether you consider it ethical or not, or hypocritical or not, will largely depend on your personal perspective and philosophy. And I don’t believe there is a single correct philosophy.
just whether what their proposal is “hypocritical” […], but i think there’s a very strong argument that with opt-out analytics, the answer would be a firm “yes”
While I do not share this point of view. I can empathize with and understand your position.
If the assumption that the metrics you are concerned with are privacy respecting, then that answers the question - if it respects privacy it’s fine. However, defining what respects privacy or not is really the hard part.
For me…
Is it strictly internal for developing product? More acceptable.
Is it sold to third parties for profit? Not acceptable for paid products, annoyingly part of a lot of “free” products, and I want to be able to opt out of this or I will find a way to block it.
Also keep in mind some metrics have little impact on privacy, some have greater impact, but it can be hard to tell what’s collected if not defined.
I think it’s largely best to evaluate on a case by case basis, and generally try to block by default when possible. If you really enjoy a service and trust + respect the company, consider enabling metrics to assist with their efforts and provide active feedback. Otherwise, it’s easier to play it safe than sorry.
I think the bigger issue is opt-in or opt-out as defaults, or maybe some fine tuned granularity between the two (default “respectable” opt in, possible to opt in further for complete information sending, or opt out entirely).
I’ve made up my mind in that it’s okay for me personally, for a couple of a reasons:
I cannot use the analytics mentioned to compromise your privacy or anonymity as an individual
I have no monetary incentive to include the analytics: I provide resources/information for free. If you can’t find what you’re looking for on my websites, that is a disservice to you and me
I have whitelisted domains for analytics providers I’m okay with
As for making them opt in: you can barely get someone to opt out, and if you do, the method is obtrusive. I see no way of making analytics opt-in and unobtrusive in a way that does not render them useless.
