Privacy and tracking

Question

Privacy and tracking

Closed this issue 5 years ago · 10 comments

First I'd like to say that your project is awesome. It works pretty well and I'm really glad and thankful you have chosen to go Open Source with it. As you say on your web page (and it's something I really love) "Zipcall is built privacy first." and I've seen some things that could be improved about it.

First it would be good also to remove the Google Analytics from the site. If you still want to use analytics you could use some privacy-friendly analytics like Maotomo, Ackee or Open Web Analytics or just using none of them at all.

Secondly, I see that you're using Twilio to get ephemeral credentials to use the TURN server. I don't think this really compromises the user privacy in any way, but I think it would be great, from a self hosting perspective, to find an alternative (it would be great if it didn't depend on a 3rd party) to do what Twilio is doing. In order to register there (I was trying to set up Zipcall locally) I need to give my phone number and that's a thing that I and maybe other users who are interested aren't willing to do. I would love to see different Zipcall instances working on the internet, this would be really great, so making thins easy for self hosting is a nice thing.

And lastly, it would be good to locally host the fonts you're getting from Google Fonts as there are some concerns about getting them via their API, you can read more here. I'd say the same with jQuery but I understand doing it the way you're doing it.

As I've said these are just some concerns I've seen, but it's nothing to really worry about. Your project is beautiful and works really well! Congratulations on this nice work you've done so far!!

Answer 1 · 2020-04-11T15:16:32.000Z

Awesome feedback! I will look into other analytics providers, but for now, I think google analytics is very valuable. I will look into Twillio and TURN improvements. I'm pretty swamped right now so this isn't my main priority, but I'm very happy you brought it up!

Answer 2 · 2020-04-12T13:39:50.000Z

coturn is an open-source TURN server implementation. We should try out how hard it is to use that instead of twilio, and if it's easy enough, we could put up some instructions on how to use zipcall with coturn and self-host both :)

Answer 3 · 2020-04-13T07:26:17.000Z

On that note, the marketing blurb on the site:

Calls are entirely between you and your caller,
decentralized from any server. Call data never
leaves the browser. Cool right?

is misleading as long as you support TURN servers instead of just STUN.

Answer 4 · 2020-04-13T14:02:06.000Z

yeah, there are some sketchy wordings throughout the site @ianramzy...

Answer 5 · 2020-04-13T15:42:03.000Z

in related news

https://news.ycombinator.com/item?id=22855407

Answer 6 · 2020-04-27T15:22:20.000Z

+1 for removing all trackers, especially Google Analytics.

Answer 7 · 2020-04-30T13:22:19.000Z

Awesome! Thanks for removing ~~GAnalitycs and~~ Ads!!!!

Answer 8 · 2020-04-30T14:30:45.000Z

I only removed GAds, Analytics is still there, and will remain for the foreseeable future. Sorry for any frustration this may cause.

Answer 9 · 2020-04-30T15:25:39.000Z

@ianramzy in that case, you should change the buzzwords on the main page to reflect the truth of the current service offered.

Answer 10 · 2020-04-30T15:42:38.000Z

Yes, the part of "Zipcall is built privacy first." should be changed.