From b4efa0283152b9195e4306f3fa88a321838b5655 Mon Sep 17 00:00:00 2001 From: Adrian Cochrane Date: Mon, 13 Feb 2023 19:30:50 +1300 Subject: [PATCH] Write opinion piece on analytics. --- _posts/2023-02-13-analytics.md | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 _posts/2023-02-13-analytics.md diff --git a/_posts/2023-02-13-analytics.md b/_posts/2023-02-13-analytics.md new file mode 100644 index 0000000..a5f6bd4 --- /dev/null +++ b/_posts/2023-02-13-analytics.md @@ -0,0 +1,40 @@ +--- +layout: post +title: Analytics thoughts +author: Adrian Cochrane +date: 2023-02-13 19:28:54+1300 +--- + +**NOTE** This is a personal blogpost from Adrian Cochrane, the opinions expressed within are not necessarily endorsed by other contributors to the Argonaut project. And yes, I wrote this one quickly. + +I have been seeing a massive uproar over Go [proposing](https://research.swtch.com/telemetry-intro) to [adopt](https://research.swtch.com/telemetry-design) opt-out [analytics](https://research.swtch.com/telemetry-uses), so I thought it'd be timely to discuss how I think about these issues regarding browser design. + +But first, let's be clear: Consent issues aside the Go anlytics proposal is very well thought out regarding privacy. I'd push it further, but the devs have reasonable explanations for why they wouldn't adopt my objections. I believe they accurately percieve that most of the attacks against their proposal do not recognize this. + +As for Haphaestus, I take a hardline stance: The internet brings great power & as such demands great responsibility from us developers. All networking including analytics most be performed to enact explicit user requests, uploading minimal data. Haphaestus will not have analytics for the foreseeable future, and if we ever do add analytics it will be opt-in with at least as much privacy measures as Go proposed. + +This principle permeates the design of all Argonaut Suite browsers: Network requests are only sent upon loading a new page whether upon a link click, form submission, or through the browserchrome. Once the page has fully-loaded no additional network requests will be sent. At times obtaining meaningful (i.e. don't annoy users into consenting via a confirmation dialog) consent will be an interesting UI design exercise! + +## Questioning the Value of Analytics +Personally I question how valuable analytics really are. Sure they can help you understand how a majority of your users as opposed to a vocal minority, but ultimately your interpretation of those numbers may or may not be right. And shouldn't you be listening to those who care the most? Not all uses of your software are equal. + +Afterall opensource gets by almost entirely without analytics! With the few exceptions generally being proprietary devs who have adopted an opensource project they're surprised doesn't have it. + +At least in my situation I am more concerned about what features I see used on the web, & with upholding project values. Regarding Go I'd be concerned about using a language which even considers the possibility removing old features after it has left alpha-versions, I want programming languages to be an extremely stable base to build upon. I do not want to be on even more of an upgrade treadmill. Which, yes, I'm aware this clashes with my opinions about the web. + +I consider analytics to be *more* relevant to end-user apps. + +## Proposal: Open Analytics Service +This isn't the first time a controversy has sprung up around a project adopting analytics and it will not be the last. As such I think it is incumbant on us to have a service we can offer the next dev demanding app analytics which meets our high standards of privacy & consent. + +Ultimately my proposal would barely differ from Go's, beyond offering services to any project which wants to use it in any UI framework. I'd have client libraries which collect numbers to periodically, at some probability, upload over UDP (thereby avoiding blocking I/O) with some amount of random noise. Serverside I'd aggregate these numbers into histograms with outliers deleted once it is clear they are, in fact, outliers. These histograms would be displayed publicly. Academic papers indicate this should guarantee privacy, though I gather there may be objections over the inability to correlate different metrics. + +There could actually be a good (freemium) business opportunity here running a central server. The aggregation could keep your costs low, & you could make money helping proprietary software be a little less icky! Also a central server could: + +1. Demand opt-in consent & transparency from clients in your terms-of-service. +2. Be more socially trusted (amongst folks like me who believe all network traffic should be opt-in) to operate ethical analytics services, than many of the projects which would want to integrate it. +3. Reduce costs on other on opensource project which want analytics to consult. + +--- + +P.S. I do not write Go code, Go does not appeal to me as a language. However there are several great networking projects written in Go, some of which I use to coordinate Argonaut Constellation development. You can decide how much this makes me a stakeholder. -- 2.30.2