When Do No Track is enabled, it seems very agressive. When I first read about the feature, I assumed it would not track personal information. For example it might not give them a cookie, and might track fewer of the details such as HTTP referrer. But now I think it excludes their visits entirely. They are just … invisible. My overall metrics, such as total pageviews, will exclude such users. That seems like overall.
Both seem overly agressive with respect to the IETF recommendation.
In otherwords, the IETF is saying these changes affect third-party tracking services not first-party tracking services. They are not saying we can’t “count” their visit, or keep security logs. They are saying we should not track data which is linked to a particular person.
I agree DNT is very aggressive, I’ve also noticed that browser extensions such as NoScript send DNT even for whitelisted domains (in particular for DNT this has to be enabled very low hidden in about:config for each domain manually :/) so I decided to disable DNT as I was missing quite a lot of data.
Also since you need to first enable the plugin in the piwik and then disable DNT in the settings --> this is quite confusing and I’m not surprised so many users complaining in the forums about having less/missing visits. One would expect with inactive plugin DNT would be ignored not the opposite.
re: you need to first enable the plugin in the piwik and then disable DNT in the settings --> this is quite confusing
Umm, I don’t think this is true. In v1.8.2 and presumably all of v1.8.x, the ‘enabled’ state of the Do Not Track plug-in in controlled by the selection under “Support Do Not Track preference” in the Privacy tab. So, you can enable or disable Do Not Track through two means: the Privacy tab or by enabling / disabling the plug-in. The toggle on the Privacy tab is just a bit more front-and-center. What it does is enable/disable the plug-in.
re: One would expect with inactive plugin DNT would be ignored not the opposite
When the Do Not Track plug-in is enabled, Piwik will respect the DNT header in the browser. This makes sense to me.
I agree that it behaves like that once plugin has been at least once activated, however when I upgraded from 1.7.1 to 1.8 plugin has been disabled in the plugin list while I still wasn’t able to track any visits with NoScript enabled, going deeper into issue I figured out that I had to first enable plugin and then disable (either under privacy or plugin itself), to make it work. Now it behaves correctly, could be related to my specific upgrade case, who knows, anyway I guess it’s good to share my experience.
mahdi1234 thanks for your report, it might indeed help other users I’ll suggest that to other users.
Regarding the “over-aggressive DNT”, this is potentially true: in the future we might enable by default a “degraded” tracking for DNT (ie. anoynmized IP, no referrer or similar), but like everything it takes time to implement
What I learned when looking at mahdi1234’s question is that Do Not Track is implemented as a plug-in. So, I’m guessing someone could create a similar plugin with slightly different behavior. And, I’m guessing that behavior won’t get lost during an automatic update. That is pretty sweet really: I’ve been reluctant to look into the PHP code for this, because I don’t want to customize the code in a manner which will prevent easily updating to the latest version. But the plug-in system appears to address this.
Related question: how stable is the plug-in API? For example if someone were to implement a less-aggressive Do Not Track plug-in, how likely is it that this plug-in will need to be updated when Piwik is updated?
We have a prior thread about this issue. Basically, the do not track feature in piwik is not a correct implementation of the browser flag for do not track. That flag refers to third party cookies. Piwik cookies are first party and are completely acceptable under the rules for do not track. I am hoping the next release will remove this “feature” or at least turn it off by default. It is incorrect.