Tracking on Tor forum and donation page

pwn · October 28, 2021, 8:31am

Hi. Both https://donate.torproject.org/ and this forum are full of third-party trackers. Will you get rid of them in the future?

pwn

championquizzer · October 28, 2021, 9:03am

There are no third-party trackers on both Donate (https://donate.torproject.org/) and this Forum.

pwn · October 28, 2021, 2:14pm

Hey.

please explain why my post was flagged as inappropriate. (“the community feels it is offensive, abusive, or a violation of our community guidelines”). Thank you.

Regarding the topic:

donate torproject org sets 4 third-party cookies and uses canvas fingerprinting. (-> check)
forum torproject net loads resources from discourse cdn, google and keycdn.
- Discourse tracks people.
  
  When you visit a forum that Discourse hosts, whether you have an account or not, the forum uses cookies, server logs, and other methods to collect data about what pages you visit and when. […] Discourse usually stores data about how you use the forum in identifiable form for just a few weeks.
- keycdn is probably ok
- google… well, is google.

HackerNCoder · October 28, 2021, 2:42pm

Canvas fingerpriting is done by Stripe according to themarkup. As they say: “[we] cannot determine if the purpose is user behavior monitoring or for fraud prevention or bot detection.”, I would expect Stripe to use the canvas for fraud prevention/bot detection.

The cookies are from Stripe and PayPal, I believe we kind of need them to be able to get donations.

Canvas fingerprinting and third-party cookies are not necessarily trackers, and are not necessarily malicious.

smith · October 29, 2021, 2:50am

The cookies are from Stripe and PayPal, I believe we kind of need them to be able to get donations.

This is correct. In order to change https://donate.torproject.org’s current setup, we’d need to find alternative payment processors. Possibly there is a way to change how both Stripe and PayPal are implemented on our site to further limit their behavior, but I’m not sure.

pwn · October 29, 2021, 4:56pm

How about a solution where one chooses a payment processor first and after a click only the processor’s scripts are loaded?

I think a project like Tor should set a good example when it comes to tracking, third-party scripts and a decrentralized Internet. Of course, using Discourse as a “free” as a service solution is cheap and easy and there is always a lack of administrators ‒ you only pay with the users’ data. A great anonymity network could do better

ard · November 2, 2021, 2:22pm

using standard Privacy Badger to protect myself from trackers. The Badger says on this Forum page : No trackers blocked