dutchcoders/transfer.sh
1
0
Fork 0
mirror of https://github.com/dutchcoders/transfer.sh.git synced 2026-02-06 15:32:17 +00:00
Code Issues 48 Actions Packages Projects Releases Wiki Activity

Google Analytics in Docker Container #348

New Issue
Closed
opened 2026-01-19 18:29:58 +00:00 by michael · 6 comments
michael commented 2026-01-19 18:29:58 +00:00
Owner
Copy Link

Originally created by @Flipez on GitHub.

If you deploy transfer.sh on a own server with Docker is is preconfigured with Google Analytics.

In my opinion this should be opt-in or at least not hardcoded with your UA id.

Originally created by @Flipez on GitHub. If you deploy transfer.sh on a own server with Docker is is preconfigured with Google Analytics. In my opinion this should be opt-in or at least not hardcoded with your UA id.
michael commented 2026-01-19 18:29:59 +00:00
Author
Owner
Copy Link

@nl5887 commented on GitHub:

@TheAssassin Regarding your second remark, I'll consider removing Google Analytics. Though it is interesting for me to know how and how much the product is being used.

Alternative solution is to just add a disclaimer, for implied consent.

We are using cookies to provide statistics that help us give you the best experience of our site. However, by continuing to use the site you are agreeing to our use of cookies.
@nl5887 commented on GitHub: @TheAssassin Regarding your second remark, I'll consider removing Google Analytics. Though it is interesting for me to know how and how much the product is being used. Alternative solution is to just add a disclaimer, for implied consent. ``` We are using cookies to provide statistics that help us give you the best experience of our site. However, by continuing to use the site you are agreeing to our use of cookies. ```
michael commented 2026-01-19 18:29:59 +00:00
Author
Owner
Copy Link

@TheAssassin commented on GitHub:

@nl5887 okay, sorry, that was a bit too aggressive language. I tried to describe a bit like someone totally unrelated might think about it, with some sense of sarcasm which is hard to see in written text. I didn't mean to offend anyone, and I'd like to apologize. Your tool is great, otherwise I wouldn't have deployed it myself of course.
What I'm always worried about is legal issues arising from free software, and my intention is to protect you from those issues as well as help improving user privacy, and often both can be done in the same step.

I didn't mean to say you had implemented Google Analytics on purpose, and I'll be happily sending a PR removing the analytics or making it an optional feature, whatever you prefer. (I'd like to further suggest you to set up Piwik, a free software alternative that can be hosted for free, which increases trust for privacy aware people.)

Though it is interesting for me to know how and how much the product is being used.

Regarding your interested in how this software is used, well, it's hard to implement such things in a compliant way. Most of the older web scripts written in PHP used to have an installer, where you could opt in to send some statistical data. If I should come up with a compliant way, I'll post it here. But I guess we can agree that full-blown Google Analytics isn't really necessary for this, and I think it might be an issue due to the hoster not being in charge of the analytics.

Off topic:

Regarding the cost, I assume you're using standard S3 as the backend at the moment. There's a few cheaper alternatives which you might want to consider. If you're interested, I'll make a few suggestions with an S3 compatible API. Since this is a free service, and there's no real SLA, those services provide a sufficient alternative. Saving your money keeps this service alive, I guess.

Your service is highly appreciated by many, many developers, and we'd like to keep it up and running. I've seen that your patreon profile looks a bit lonely. In my experience, it's hard to make people donate regularly (although that's the most comfortable way for you). You might want to think about implementing PayPal, Bitcoin etc., to allow for one-time donations as well. Also, patreon has its issues as well, and quite some people try to avoid it.

If we can support the service otherwise as a community, please let us know!

@TheAssassin commented on GitHub: @nl5887 okay, sorry, that was a bit too aggressive language. I tried to describe a bit like someone totally unrelated might think about it, with some sense of sarcasm which is hard to see in written text. I didn't mean to offend anyone, and I'd like to apologize. Your tool is great, otherwise I wouldn't have deployed it myself of course. What I'm always worried about is legal issues arising from free software, and my intention is to protect you from those issues as well as help improving user privacy, and often both can be done in the same step. I didn't mean to say you had implemented Google Analytics on purpose, and I'll be happily sending a PR removing the analytics or making it an optional feature, whatever you prefer. (I'd like to further suggest you to set up Piwik, a free software alternative that can be hosted for free, which increases trust for privacy aware people.) > Though it is interesting for me to know how and how much the product is being used. Regarding your interested in how this software is used, well, it's hard to implement such things in a compliant way. Most of the older web scripts written in PHP used to have an installer, where you could opt in to send some statistical data. If I should come up with a compliant way, I'll post it here. But I guess we can agree that full-blown Google Analytics isn't really necessary for this, and I think it might be an issue due to the hoster not being in charge of the analytics. *Off topic:* Regarding the cost, I assume you're using standard S3 as the backend at the moment. There's a few cheaper alternatives which you might want to consider. If you're interested, I'll make a few suggestions with an S3 compatible API. Since this is a free service, and there's no real SLA, those services provide a sufficient alternative. Saving your money keeps this service alive, I guess. Your service is **highly appreciated** by many, many developers, and we'd like to keep it up and running. I've seen that your patreon profile looks a bit lonely. In my experience, it's hard to make people donate regularly (although that's the most comfortable way for you). You might want to think about implementing PayPal, Bitcoin etc., to allow for one-time donations as well. Also, patreon has its issues as well, and quite some people try to avoid it. If we can support the service otherwise as a community, please let us know!
michael commented 2026-01-19 18:29:59 +00:00
Author
Owner
Copy Link

@TheAssassin commented on GitHub:

I totally agree. Not only that this might get problematic regarding privacy/data protection (even legally), this is something I can't stand with free software at all (I am preparing a few other of these posts on GitHub at the moment, too, when I had a look at transfer.sh proposing a security improvement). It should definitely become a opt-in thing (might be useful to some people).

Considering transfer.sh is deployed in private networks where the users' browsers might accidentally disclose private information with your Google Analytics account, this might get employees into trouble. For me, it's the "I just don't want spyware in my network" argument, which is why I just patched it in a hackish way for now.

Also, just a side note: I assume the group behind the "official" transfer.sh instance is from the EU. You have a big legal issue at the moment: The tracking is not announced on your page, neither an opt-out possibility (which you must respect so you must not track until the opt-out can be reached), this potentially violates EU laws (and most likely national laws, too). I highly recommend you to fix this behavior ASAP. Also, please reconsider whether tracking is really necessary at all. I doubt you win any meaningful information from your analytics that has any valuable impact on the development of this software and therefore might not be justified (that's the moral argument).

To sum up: Please do not attempt to spy on privately hosted instances, and make this an opt-in feature. Hardcoding your Google Analytics data is really problematic, and shouldn't be done here in the repository.

@TheAssassin commented on GitHub: I totally agree. Not only that this might get problematic regarding privacy/data protection (even legally), this is something I can't stand with free software at all (I am preparing a few other of these posts on GitHub at the moment, too, when I had a look at transfer.sh proposing a security improvement). It should definitely become a opt-in thing (might be useful to some people). Considering transfer.sh is deployed in private networks where the users' browsers might accidentally disclose private information with your Google Analytics account, this might get employees into trouble. For me, it's the "I just don't want spyware in my network" argument, which is why I just patched it in a hackish way for now. Also, just a side note: I assume the group behind the "official" transfer.sh instance is from the EU. You have a big legal issue at the moment: The tracking is not announced on your page, neither an opt-out possibility (which you must respect so you must not track until the opt-out can be reached), this potentially violates EU laws (and most likely national laws, too). I highly recommend you to fix this behavior ASAP. Also, please reconsider whether tracking is really necessary at all. I doubt you win any meaningful information from your analytics that has any valuable impact on the development of this software and therefore might not be justified (that's the moral argument). To sum up: Please do not attempt to spy on privately hosted instances, and make this an opt-in feature. Hardcoding your Google Analytics data is really problematic, and shouldn't be done here in the repository.
michael commented 2026-01-19 18:29:59 +00:00
Author
Owner
Copy Link

@nl5887 commented on GitHub:

Thanks for your clarification and support.

Currently using Amazon S3. I've added an caching layer, using the local disk as cache. This saves a lot as each recurring download will be served from cache.

A french hosting company has offered to sponsor, currently in the progress of moving to their servers. There I want to use Minio or just local disks as storage.

@nl5887 commented on GitHub: Thanks for your clarification and support. Currently using Amazon S3. I've added an caching layer, using the local disk as cache. This saves a lot as each recurring download will be served from cache. A french hosting company has offered to sponsor, currently in the progress of moving to their servers. There I want to use Minio or just local disks as storage.
michael commented 2026-01-19 18:29:59 +00:00
Author
Owner
Copy Link

@nl5887 commented on GitHub:

@Flipez you're right, this shouldn't be a hardcoded value and I'm happy to see a PR.

@TheAssassin before assuming the worst, and accusing people of spying consider the following:

  • transfer.sh has been started out of my personal requirement of being able to upload files using curl
  • the service has been made public and used by a lot of people, despite all costs I keep it running as long as possible
  • there is no business model, earning model, ads or other ways of revenue. It is just my contribution to the community.
  • as courtesy I've opensourced the original sourcecode, with the Google Analytics tag. This isn't on purpose, but everyone is welcome to make PR's and improve the code. Everyone is free to fork the frontend also and make their own changes / change or remove the analytics tag.
  • I didn't had to open up the code, but aren't gonna spend a lot of time on it either.

So long story short, this is just some technical debt and absolutely no spying.

@nl5887 commented on GitHub: @Flipez you're right, this shouldn't be a hardcoded value and I'm happy to see a PR. @TheAssassin before assuming the worst, and accusing people of spying consider the following: * transfer.sh has been started out of my personal requirement of being able to upload files using curl * the service has been made public and used by a lot of people, despite all costs I keep it running as long as possible * there is no business model, earning model, ads or other ways of revenue. It is just my contribution to the community. * as courtesy I've opensourced the original sourcecode, with the Google Analytics tag. This isn't on purpose, but everyone is welcome to make PR's and improve the code. Everyone is free to fork the frontend also and make their own changes / change or remove the analytics tag. * I didn't had to open up the code, but aren't gonna spend a lot of time on it either. So long story short, this is just some technical debt and absolutely no spying.
michael commented 2026-01-19 18:29:59 +00:00
Author
Owner
Copy Link

@TheAssassin commented on GitHub:

That's great (for all of us, I guess)! I've used minio for small-scale deployments with success so far. I'd be curious to see how a distributed set-up would work. I guess it'll make your cache obsolete then, if it's all served from the same machines.

I was looking for cheaper S3 alternatives because the way S3 works seems perfect for this kind of application (storage on demand, easy to scale). However, being sponsored by a hosting company which, as you implied, sponsors dedicated machines, that's not an option any more, they won't pay for 3rd party services. If I guessed right however, you might ask your provider about this: https://www.ovh.com/us/public-cloud/storage/object-storage/

Let me know if you need help maintaining the software installations.

@TheAssassin commented on GitHub: That's great (for all of us, I guess)! I've used minio for small-scale deployments with success so far. I'd be curious to see how a distributed set-up would work. I guess it'll make your cache obsolete then, if it's all served from the same machines. I was looking for cheaper S3 alternatives because the way S3 works seems perfect for this kind of application (storage on demand, easy to scale). However, being sponsored by a hosting company which, as you implied, sponsors dedicated machines, that's not an option any more, they won't pay for 3rd party services. If I guessed right however, you might ask your provider about this: https://www.ovh.com/us/public-cloud/storage/object-storage/ Let me know if you need help maintaining the software installations.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
docker
enhancement
hacktoberfest
help wanted
invalid
question
storage provider
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dutchcoders/transfer.sh#348
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?