[
https://issues.apache.org/jira/browse/JAMES-4109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17923128#comment-17923128
]
Benoit Tellier commented on JAMES-4109:
---------------------------------------
Indeed you are right.
Looking at the actual content website generated there is google analytics on
each and every page.
I was not aware of this and the projects does nothing with that.
Doing archeology I did indeed find the offender:
https://svn.apache.org/repos/asf/james/skin/trunk/README.txt
This release include the google analytic javascript code at the bottom of every
generated page and specifically to page starting with "download" it will also
add
a javascript to add tracking of "clicks" over the download links.
I propose to completly drop this behaviour for the time being.
Thanks for the report.
> Remove Google Analytics from the James Website
> ----------------------------------------------
>
> Key: JAMES-4109
> URL: https://issues.apache.org/jira/browse/JAMES-4109
> Project: James Server
> Issue Type: Task
> Components: site
> Reporter: Niall Pemberton
> Priority: Major
>
> Hi James Team
> The ASF {_}*Privacy Policy*{_}[1][2] does not permit the use of _*Google
> Analytics*_ on any ASF websites and the ASF Infra team will soon enforce a
> {_}*Content Security Policy*{_}(CSP) that will block access to external
> trackers:
> * [https://lists.apache.org/thread/w34sd92v4rz3j28hyddmt5tbprbdq6lc]
> Please could you remove the use of the Google Analytics from the James
> website?
> * [https://lists.apache.org/thread/d5kbn6c9k1ovj9l6m8n24qc0bhzjd05c]
> The ASF hosts its own _*Matomo*_ instance to provide projects with analytics
> and you can request a tracking id for your project by sending a mail to
> *privacy AT apache.org.*
> *
> [https://privacy.apache.org/faq/committers.html#can-i-use-web-analytics-matomo]
> Additionally I would recommend reviewing any external resources loaded by
> your website. The Content Security Policy will prevent any resources being
> loaded from 3rd Party providers that the ASF does not have a Data Processing
> Agreement (DPA) with. On the 1st February Infra will begin a temporary
> "brownout" when the CSP will be turned on for a short period. This will allow
> projects to check which parts, if any, of their websites will stop working.
> The Privacy FAQ answers a number of questions about which external providers
> are permitted or not:
> * [https://privacy.apache.org/faq/committers.html]
> Thanks
> Niall
> [1] [https://privacy.apache.org/policies/website-policy.html]
> [2]
> [https://privacy.apache.org/faq/committers.html#can-i-use-google-analytics]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
