Hello dear Folks,
when I’m at the the login Site to itsfoss.com, there are google analytics scripts, external fonts and other Ressources included. I just wonder, why is it necessary to include all this stuff and giving the ip adresses of all of your users, as they try to log in? And there’s even a ‘login with…’ alternate Loginpage. 
How does this fit with the idea of FOSS?
I dont want t be bashy, it’s just a question.
Benny
Geez, I must be losing it. I don’t see any of what Maiskolben is talking about on the home page of itsfoss.com. It doesn’t even have a login page. There’s a subscription option, but no login page. And IP addresses of all the users??
Huhu berninghausen,
thanks for taking a look at.
I missed it to put a photograph to the post. As you can see here, on itsfoss.com, my umatrix is blocking several external Ressources. One of them is google analytics-scripts amongst others.
At the loginpage under foss-community, there are external ressources, but no google-scripts, as long as I’m not using this alternate login feature to google or facebook. And what you would like to ask, when you say “And IP addresses of all the users??” I don’t understand the question. 
1 Like
You’re using several add-ons that I don’t recognize. I still don’t see any ip addresses.
@Maiskolben Meant to say, that all ip addresses are collected and gathered through all those reflinks from advertisement and tracking companies’ products. That’s where all the IP addresses go to, if you are not using an Ad Blocker.
So, it’s a bit ironic that a site like It’sFOSS uses a full arsenal of tracking stuff, when a huge point of using FOSS in the first place is avoiding being tracked and exploited by companies.
2 Likes
OK. Full ad-blocker. Never remember history. DuckDuckGo. This issue requires a statement from Abishek.
It became so “normal” to spy on users, that I doubt one can blame single Admins here and there. It’s probably even easier to implement a website template with all the tracking crap in it, than manually ripping it out after the fact.
That said, FOSS does not force the exclusion of “usage tracking” of any kind. It just usually goes hand in hand. But there is no must in that.
@Maiskolben and @berninghausen
I’ll try to address it.
itsfoss.com is our main website that is dependent on advertising revenue. Like any mainstream website, it has some essential cookies and scripts and some scripts for third-party and tools.
You can see there are several from wp.com. That’s WordPress and their tool JetPack which provides CDN and other speed improvements and features. This includes visitor stats.
There are 2 from searchiq. This is for the advanced search feature on the website. I use them just to provide you better search capability.
Cloudflare is another layer for security and speed. Without them, the website will be significantly slower.
Quantcast scripts are the one I dislike the most. Never wanted to put them in place at all. It is used for CMP (cookie consent) which is mandatory for the GDPR stuff. I have tried a number of other ‘respectable solutions’ but Quantcast is the one that works completely with our ad-service provider Freestar.
Google Analytics… I thought I had removed them because we have stats from Jetpack and Plausible (privacy friendly). I’ll check and remove it completely.
Google Fonts… probably coming from some other element used by external tool. Fonts are enqueued in WP as far as I know.
pub.network is from our ad-service provider. There could be some more scripts like this and as I explained, either they are from the tools that provide functionality to the site or ads.
It’s FOSS main website has no login option, not for the readers at least. Perhaps you were talking about It’s FOSS Community login page.
As I mentioned previously, itsfoss.com is our main website and the (only) one that makes money for us so that we can pay 4 full time people and several part-time contributors.
I understand that many people do not like ads, tracking scripts etc but they are essential for the functioning of a website.
We have tried going ‘ethical’ with our other website linuxhandbook.com with no tracking ads, no google tracking (as much as possible). Just a clean reading and learning experience with premium membership option (revenue coming from reader). This was an experiment to see if we could do the same with itsfoss.
It’s been over a year that we switched to that model and Linux Handbook has not made profit yet (it generates revenue but not profit). This is why itsfoss continues to be on the old, ad-supported, revenue model.
So, bottom line, many of the scripts stuff are essential for functionality of the website, some are for the ads. As much as you (and I) dislike, there is not much that can be done at this point.
I hope I answered some of your questions
2 Likes
We might add that a simple http request, say for a font or an external image, which obviously will have to include your ip-address is not a breach of privacy. It only can become one if it is linked to other information, say a social media user account or cookie content provided by the same source.
Otherwise, it’s just statistical information.
There is a difference between being privacy aware and being paranoid.
2 Likes
First, thanks for your response, and your description of your used services, very nice! For me it’s definitely not only about “not liking ads” why people are against the sellout of their online life and try to avoid it where possible, changing their behavior while surfing, using adblockers, alternative browsers, foss software, using linux or tor, etc… You know, and I don’t think it’s necessary to list up more points, why the behavior of websites is like a main key for any real change in this. As long as websiteowners act this way, nothing will really change, and I think it is important to have a change (slowly, someday, in … futur… no). So therefore your argument, that a website needs this stuff for functionality is definitely not true. It’s only about your needs, and what you think is the best for the community. 
(btw, there is a shareasale script in the forum itsfoss-community, too)
Yes, that’s so true, unfortunately! Most of the wp-themes you can get on themeforest or other ressources are full of external Content. If someone buy such one, it can hardly (!) be optimized later.
That is true indeed. When a user connects to a web server, a bunch of data is passed to the servers by default this includes IP, device type, browser make etc.
1 Like
True to an extent.
Does the website need a CDN? It can obviously run without a CDN but it will be slower. Most people would not care about the scripts from CDN, but they will be bothered with slow speed.
So, the inclusion of CDN is ‘what I think is best for the readers’ 
Similar argument for other services and tools.
Not a JavaScript. It’s a clickable image link for Linux Foundation course deal. It does not track you on its own. Another one is for CrossOver (Wine like software with premium support).
This is the kind of stuff @Mina mentioned earlier. People see a “script” in uBlock or other such tools and they automatically think it is a bad thing.
I mean uBlock extension even blocks the Plausible scripts. Plausible is the privacy-friendly, GDPR compliant alternative to Google Alternative.
So, just because your extension says there is a script, it may not necessarily be a bad one
1 Like
I think, @abhishek explained the situation pretty well, already.
I want to extend the explanation with my 2 cents:
If one wants to issue honest critique, that one has to differentiate between extreme tracking solely for advertising (Google AdSense, Facebook, etc.) and tracking for site performance, design and UX improvements.
So, tracking to see how your site is received or what links people click on the most and what people read the most is, in my opinion, “acceptable” tracking and I personally do not find it intrusive, because I can understand when, whoever is running that website, wants to have statistics on where the visitors go or where they come from, etc.
For example, there might be a burger menu on the top edge, but almost nobody uses it. Why? Perhaps its in the wrong place? It’s not visible enough? It could perhaps be moved to the top left corner and the colours could be contrasted more, to let it be more visible.
If you use tracking for this kind of stuff, it’s very easy to detect such issues. However, if you do not track your users at all, you literally have no idea how your site works for a majority of its users. You could perhaps start a poll, but this is a pretty old and uncomfortable solution.
3 Likes
I fully agree:
See the output of my Privacy Badger FF plugin below. And this is just the result after uBlock Origin blocked quite a lot of domains. For “potential trackers” one should read “trackers”
Privacy Badger (privacybadger.org) is a browser extension that automatically learns to block invisible trackers. Privacy Badger is made by the Electronic Frontier Foundation, a nonprofit that fights for your rights online.
Privacy Badger blocked 11 potential trackers on itsfoss.com:
ssl.google-analytics.com
fonts.gstatic.com
static.mailerlite.com
track.mailerlite.com
a.pub.network
pub.searchiq.co
c0.wp.com
i0.wp.com
i1.wp.com
i2.wp.com
stats.wp.com
1 Like
Huhu Mina,
http is out, long live https!
I am visiting a picture on a website, which is included through a third party domain (that’s what bloggers do, when the copy the url of the picture they seen anywhere and link to it with an ‘img’-tag in the sourcetext), It would be the same, for you as a visitor, if I you’re surfing to this third domain directly (to the picture). As far as I know, there’s not only the IP transmitted, the http-header includes your useragent-string, with information about your browser (take a look at xhttps://coveryourtracks.eff.org/). So, surely there is a privacy concern, if the website you surf to uses third party content, or not. In my social-circle there are not really much people who are interested in this “weird” shit I am talking about all the time… ^^
More about this “I want to be in a safe haven, when using a website, but I can’t cause everyone is calling, calling, calling somewhere I don’t knoooowwwwuuuu”… (it’s a song, the affiliateprogram-song) -
Wikipedia for overview (remove x):
xhttps://en.wikipedia.org/wiki/Device_fingerprint
More detailed Information about cookie tracking, Section 5:
xhttps://spia.princeton.edu/system/files/research/documents/Felten_Cookies%20that%20Give%20You%20Away.pdf
Browser Fingerprinting, Section 6:
xhttps://www.cs.princeton.edu/~arvindn/publications/OpenWPM_1_million_site_tracking_measurement.pdf
Able to ruin my day, be aware!
I agree fully, unfortunately most of the users, me included, are not (now) very versatile enough with this things “happen behind the scenes”, but you are. It’s a learning process (for me).
2 Likes
Hey dear People,
thanks for the responses to this question! Kind of a living discussion, that’s cool!
2 Likes
A good tool is Ghostery if you are running FireFox.
You can block all ads or specific ones for a site.
It has been around for a few years and it is free.
Works well.
I do not have personal data / proof but there were claims a while back that Ghostery was doing it’s own tracking and sale of data on users - It was long enough ago that I don’t recall the specific details of the claims, but at the time I found them convincing enough that I decided to remove it and use other protection extensions instead…
FWIW, I am running Ffox 78.13.0esr (64-bit), with almost all of the protection options set to block as much as possible. My add-ons and what they show as I look at this page
Https Everywhere - blocking (probably doesn’t matter here since it’s already https…
Ublock origin - blocked 3 on this page, not sure how to tell what they are (I find the program a bit obscure, possibly because I haven’t spent enough time on the docs?)
Cookie Autodelete - shows 2 cookies
Privacy Badger - no trackers blocked
DuckDuck suite - Gives a B+ grade, no trackers, encrypted, but “unknown privacy practices”
Decentraleyes - no problems listed
Noscript - shows …itsfoss.community ( set to trusted) and …chmod777.ltd (set to default / untrusted)
So IMHO this site doesn’t look to bad…
ex-Gooserider