Recherche avancée

Sur d’autres sites (2306)

• Privacy-friendly analytics : The benefits of an ethical, GDPR-compliant platform

  13 juin, par Joe

  Your visitors shouldn’t feel like you’re spying on them — even if you’re just trying to improve the user experience or track your marketing efforts. 

  While many analytics platforms make customers feel that way thanks to intrusive cookie consent banners and highly personalised ads, there is a growing movement towards ethical, privacy-friendly analytics.

  In this article, you’ll learn what privacy-friendly analytics is, why it matters, what to look for in a solution and which of the leading providers is right for you. 

  What is privacy-friendly analytics ? 

  Privacy-friendly analytics is a form of website analytics that collects and analyses data in a way that respects the user’s privacy. It’s a type of ethical web analytics.

  Privacy-friendly platforms limit personal data collection and anonymise individual user data while being transparent about collection and tracking methods. They help companies adhere to data protection laws (like GDPR, CCPA, and HIPAA) and new privacy laws (like OCPA, FDBR, and TDPSA) without configuring custom settings. 

  Why use privacy-friendly analytics ? 

  Millions of businesses choose privacy-friendly analytics platforms like Matomo. Here are a few reasons why : 

  Build trust with customers

  Research shows that the vast majority of consumers don’t trust companies with their data, believing that they prioritise profits over data protection. 

  Privacy-friendly analytics can help businesses prove they aren’t out to profit from consumer data and regain customer trust. This can ultimately boost revenue. According to Cisco’s Data Privacy Benchmark Study, organisations gain $180 for every $100 spent on privacy. 

  Comply with privacy regulations

  Data privacy regulations, such as GDPR, protect consumer privacy and establish strict rules governing how businesses can collect and use personal data.

  The cost of non-compliance is high. Under GDPR, fines can be up to €20 million, or 4% of worldwide annual revenue.

  Thanks to features like data anonymisation and the default use of first-party cookies, privacy-friendly analytics platforms can support and strengthen compliance efforts. 

  In fact, the French Data Protection Authority (CNIL) approved Matomo as one of the only web analytics tools to collect data without tracking consent.

  Minimise the impact of a breach

  According to IBM’s Cost of a Data Breach report, the average cost of a data breach is nearly $4.5 million. The more personally identifiable information (PII) is involved, the higher the fines and penalties. 

  A privacy-friendly analytics tool can reduce the potential impact of a breach by minimising the amount of personal information you hold. 

  Is Google Analytics privacy-friendly ?

  Google may be the best-known analytics platform, but it’s not the best choice for businesses that want to collect data responsibly and ethically. 

  Here are just a few of Google Analytics’s privacy issues :

  • It uses analytics data to run its advertising business.
  • It may train large language models like Gemini with analytics data.
  • It requires a specific setup to be GDPR compliant that isn’t available out of the box.

  Google Analytics’s ongoing issues with privacy laws like GDPR also raise doubt. The French and Austrian Data Protection Authorities have banned Google Analytics in the past, and there is no guarantee they won’t do so again. 

  What to look for in privacy-friendly analytics ?

  Several privacy-friendly analytics tools are available. To find the right one for your brand, look for the following features.

  Data ownership

  Choose a provider that gives you as much control over your users’ data as possible. Ideally, this will be via an on-site solution where you store data on your servers. For cloud-based options, ensure your analytics provider can’t access, use or sell it.

  With 100% data ownership, you have the power to protect your users’ privacy. You know where your customer data is stored and what’s happening to it without external influence.

  Open source

  The only genuinely privacy-friendly software is open-source software. Open-source software means anyone can review the code to ensure it does what it promises — in this case, maximising privacy. 

  Matomo is an open-source software company. Our source code is on GitHub, where everyone can see precisely how our platform tracks and stores user data. A community of developers also regularly examines and reviews our code to further strengthen security. 

  Data anonymisation 

  Privacy-friendly analytics should allow marketers to completely anonymise the data they collect. They achieve this through several techniques like IP anonymisation and pseudonymised user IDs that modify or remove personally identifiable data so it can’t be linked to individuals.

  

  Matomo’s data anonymisation settings 

  In Matomo, for example, you can anonymise the following things in the platform’s Privacy settings :

  • IP address
  • Location
  • User ID

  IP address anonymisation is enabled by default in Matomo.

  No data sampling 

  Data sampling involves extrapolating analytics reports from an incomplete data set. Google Analytics uses this practice and relies on estimates, leading to incomplete and potentially inaccurate results.

  Privacy-friendly analytics should provide 100% accurate insights without making assumptions about your users’ data.

  GDPR compliance

  Privacy-friendly web analytics platforms adhere to even the strictest privacy laws, including GDPR, HIPAA and CCPA, thanks to the following features :

  • Data anonymisation
  • Cookieless tracking
  • EU data storage
  • First-party cookies by default

  

  Matomo data subject access request settings
  (Image Source)

  Privacy-first platforms also make it easy for companies to fulfil data subject access requests. In Matomo, for example, a dedicated feature lets you find, download and delete all of the data you hold about specific individuals. 

  Cookieless tracking

  Cookieless tracking is a form of visitor tracking that uses methods other than cookies to identify individual users. It is more privacy-friendly because no personal data is collected, and users can withhold consent from cookie banners.

  Matomo uses the most privacy-friendly industry-leading cookieless tracking method, config_id, to anonymously track visitors without fingerprinting them. 

  Top 3 privacy-friendly analytics platforms

  We’ve shortlisted three of the leading privacy-friendly analytics platforms. Learn what they offer, what makes them different and how much they cost.

  Matomo

  Matomo is an open-source web analytics tool and privacy-focused Google Analytics alternative trusted by over one million sites in over 190 countries and over 50 languages. 

  

  Matomo dashboard

  Matomo prioritises privacy and keeping businesses compliant with global privacy regulations like GDPR, CCPA and HIPAA. The data you collect is 100% accurate and yours alone. We don’t share it or use it for other purposes. 

  Benefits

  • Matomo’s all-in-one solution offers traditional web and behavioural analytics, such as heatmaps and session recordings. It also includes a free, open-source tag manager. 
  • Matomo gives you the choice of where to store your user’s data. With Matomo Cloud, that’s in our European servers. With Matomo On-Premise, that’s on your servers.
  • Matomo is open-source. Hundreds of independent developers have reviewed our code, and you can view it yourself on GitHub.

  Pricing 

  Hosting Matomo On-Premise is free, while Matomo Cloud costs $26 per month. 

  Fathom

  Fathom Analytics is a simple, easy-to-use alternative to Google Analytics that puts a premium on privacy. 

  

  Fathom dashboard
  (Image Source)

  Fathom has made its platform as easy to use as possible. You can install Fathom on any website or CMS using a single line of code. It also means the platform won’t massively impact your site’s speed or SEO performance. 

  Benefits

  • Fathom complies with all major privacy regulations, including GDPR and CCPA.
  • Fathom doesn’t sample data. It also blocks bots and scrapers, so you only see human visitors.
  • Fathom anonymises IP addresses, so you don’t have to show cookie banners.

  Drawbacks

  • Fathom doesn’t offer many of Matomo’s advanced features like e-commerce tracking, heatmaps, and session recordings.
  • The premium version of Fathom is not open-source. 

  Pricing 

  From $15 per month.

  Plausible

  Plausible Analytics is an open-source, privacy-friendly analytics tool built and hosted in the EU.

  

  Plausible dashboard
  (Image Source)

  The platform launched in 2019 as a lightweight, easy-to-use alternative to Google Analytics. Its simplicity is a big selling point. Instead of dozens of menus, it presents the information you need on a single page.

  Benefits

  • Plausible boasts an ultra-lightweight script, which means it has a minimal impact on page loading times. 
  • Plausible is GDPR and CCPA-compliant by design, so there’s no need for cookie banners.
  • Plausible is an open-source software with the source code available on GitHub.

  Drawbacks

  • Plausible lacks advanced privacy controls like a GDPR manager.
  • It has none of Matomo’s advanced features like A/B testing, session recordings or heatmaps. 

  Pricing 

  From $9 per month

  Try Matomo for free

  Ready to try a privacy-friendly analytics solution ? Making the switch is easy with Matomo, as it’s one of the only platforms to import historical Google Analytics data. You can also try Matomo for free for 21 days — no credit card required. 

• Privacy in Business : What Is It and Why Is It Important ?

  13 juillet 2022, par Erin — Privacy

  Privacy concerns loom large among consumers. Yet, businesses remain reluctant to change the old ways of doing things until they become an operational nuisance. 

  More and more businesses are slowly starting to feel the pressure to incorporate privacy best practices. But what exactly does privacy mean in business ? And why is it important for businesses to protect users’ privacy ? 

  In this blog, we’ll answer all of these questions and more. 

  What is Privacy in Business ?

  In the corporate world, privacy stands for the business decision to use collected consumer data in a safe, secure and compliant way. 

  Companies with a privacy-centred culture : 

  • Get explicit user consent to tracking, opt-ins and data sharing 
  • Collect strictly necessary data in compliance with regulations 
  • Ask for permissions to collect, process and store sensitive data 
  • Provide transparent explanations about data operationalisation and usage 
  • Have mechanisms for data collection opt-outs and data removal requests 
  • Implement security controls for storing collected data and limit access permissions to it 

  In other words : They treat consumers’ data with utmost integrity and security – and provide reassurances of ethical data usage. 

  What Are the Ethical Business Issues Related to Privacy ?

  Consumer data analytics has been around for decades. But digital technologies – ubiquitous connectivity, social media networks, data science and machine learning – increased the magnitude and sophistication of customer profiling.

  Big Tech companies like Google and Facebook, among others, capture millions of data points about users. These include general demographics data like “age” or “gender”, as well as more granular insights such as “income”, “past browsing history” or “recently visited geo-locations”. 

  When combined, such personally identifiable information (PII) can be used to approximate the user’s exact address, frequently purchased goods, political beliefs or past medical conditions. Then such information is shared with third parties such as advertisers. 

  That’s when ethical issues arise. 

  The Cambridge Analytica data scandal is a prime example of consumer data that was unethically exploited. 

  Over the years, Google also faced a series of regulatory issues surrounding consumer privacy breaches :

  • In 2021, a Google Chrome browser update put some 2.6 billion users at risk of “surveillance, manipulation and abuse” by providing third parties with data on device usage. 
  • The same year, Google was taken to court for failing to provide full disclosures on tracking performed in Google Chrome incognito mode. A $5 billion lawsuit is still pending.
  • As of 2022, Google Analytics 4 is considered GDPR non-compliant and was branded “illegal” by several European countries. 

  If you are curious, learn more about Google Analytics privacy issues. 

  The bigger issue ? Big Tech companies make the businesses that use their technologies (unknowingly) complicit in consumer data violations.

  In 2022, the Belgian data regulator found the official IAB Europe framework for user consent gathering in breach of GDPR. The framework was used by all major AdTech platforms to issue pop-ups for user consent to tracking. Now ad platforms must delete all data gathered through these. Biggest advertisers such as Procter & Gamble, Unilever, IBM and Mastercard among others, also received a notice about data removal and a regulatory warning on further repercussions if they fail to comply. 

  Big Tech firms have given brands unprecedented access to granular consumer data. Unrestricted access, however, also opened the door to data abuse and unethical use. 

  Examples of Unethical Data Usage by Businesses 

  • Data hoarding means excessively harvesting all available consumer data because a possibility to do so exists, often using murky consent mechanisms. Yet, 85% of collected Big Data is either dark or redundant, obsolete or trivial (ROT).
  • Invasive personalisation based on sensitive user information (or second-guesses), like a recent US marketing campaign, congratulating women on pregnancy (even if they weren’t expecting). Overall, 75% of consumers find most forms of personalisation somewhat creepy. 22% also said they’d leave for another brand due to creepy experiences.
  • Hyper-targeted advertising campaigns based on data consumers would prefer not to share. A recent investigation found that advertising platforms often assign sensitive labels to users (as part of their ad profiles), indicative of their religion, mental issues, history with abuse and so on. This allows advertisers to target such consumers with dubious ads. 

  Ultimately, excessive data collection, paired with poor data protection in business settings, results in major data breaches and costly damage control. Given that cyber attacks are on the rise, every business is vulnerable. 

  Why Should a Business Be Concerned About Protecting the Privacy of Its Customers ?

  Businesses must prioritise customer privacy because that’s what is expected of them. Globally, 89% of consumers say they care about their privacy. 

  As frequent stories about unethical data usage, excessive tracking and data breaches surface online, even more grow more concerned about protecting their data. Many publicly urge companies to take action. Others curtail their relationships with brands privately. 

  

  On average, 45% of consumers feel uncomfortable about sharing personal data. According to KPMG, 78% of American consumers have fears about the amount of data being collected. 40% of them also don’t trust companies to use their data ethically. Among Europeans, 41% are unwilling to share any personal data with businesses. 

  Because the demand for online privacy is rising, progressive companies now treat privacy as a competitive advantage. 

  For example, the encrypted messaging app Signal gained over 42 million active users in a year because it offers better data security and privacy protection. 

  ProtonMail, a privacy-centred email client, also amassed a 50 million user base in several years thanks to a “fundamentally stronger definition of privacy”.

  The growth of privacy-mindful businesses speaks volumes. And even more good things happen to privacy-mindful businesses : 

  • Higher consumer trust and loyalty 
  • Improved attractiveness to investors
  • Less complex compliance
  • Minimum cybersecurity exposure 
  • Better agility and innovation

  It’s time to start pursuing them ! Learn how to embed privacy and security into your operations.

• Approaches To Modifying Game Resource Files

  16 août 2016, par Multimedia Mike — Game Hacking

  I have been assisting The Translator in the translation of another mid-1990s adventure game. This one isn’t quite as multimedia-heavy as the last title, and the challenges are a bit different. I wanted to compose this post in order to describe my thought process and mental model in approaching this problem. Hopefully, this will help some others understand my approach since what I’m doing here often appears as magic to some of my correspondents.

  High Level Model
  At the highest level, it is valuable to understand the code and the data at play. The code is the game’s engine and the data refers to the collection of resources that comprise the game’s graphics, sound, text, and other assets.

  
  
  Simplistic high-level game engine model
  

  Ideally, we want to change the data in such a way that the original game engine adopts it as its own because it has the same format as the original data. It is very undesirable to have to modify the binary engine executable in any way.

  Modifying The Game Data Directly
  How to modify the data ? If we modify the text strings for the sake of language translation, one approach might be to search for strings within the game data files and change them directly. This model assumes that the text strings are stored in a plain, uncompressed format. Some games might store these strings in a text format which can be easily edited with any text editor. Other games will store them as binary data.
  

  In the latter situation, a game hacker can scan through data files with utilities like Unix ‘strings’ to find the resources with the desired strings. Then, use a hex editor to edit the strings directly. For example, change “Original String”…

  0098F800   00 00 00 00  00 00 00 4F  72 69 67 69  6E 61 6C 20  .......Original 
  0098F810   53 74 72 69  6E 67 00 00  00 00 00 00  00 00 00 00  String..........
  

  …to “Short String” and pad the difference in string lengths using spaces (0x20) :

  0098F800   00 00 00 00  00 00 00 53  68 6F 72 74  20 53 74 72  .......Short Str
  0098F810   69 6E 67 20  20 20 00 00  00 00 00 00  00 00 00 00  ing   ..........
  

  This has some obvious problems. First, translated strings need to be of equal our smaller length compared to the original. What if we want to encode “Much Longer String” ?

  0098F800   00 00 00 00  00 00 00 4D  75 63 68 20  4C 6F 6E 67  .......Much Long
  0098F810   65 72 20 53  74 72 00 00  00 00 00 00  00 00 00 00  er Str..........
  

  It won’t fit. The second problem pertains to character set limitations. If the font in use was only designed for ASCII, it’s going to be inadequate for expressing nearly any other language.

  So a better approach is needed.

  Understanding The Data Structures
  An alternative to the approach outlined above is to understand the game’s resources so they can be modified at a deeper level. Here’s a model to motivate this investigation :

  
  
  Model of the game resource archive format
  

  This is a very common layout for such formats : there is a file header, a sequence of resource blocks, and a trailing index which describes the locations and types of the foregoing blocks.

  What use is understanding the data structures ? In doing so, it becomes possible to write new utilities that disassemble the data into individual pieces, modify the necessary pieces, and then reassemble them into a form that the original game engine likes.

  It’s important to take a careful, experimental approach to this since mistakes can be ruthlessly difficult to debug (unless you relish the thought of debugging the control flow through an opaque DOS executable). Thus, the very first goal in all of this is to create a program that can disassemble and reassemble the resource, thus creating an identical resource file. This diagram illustrates this complex initial process :

  
  
  Rewriting the game resource file
  

  So, yeah, this is one of the most complicated “copy file” operations that I can possibly code. But it forms an important basis, since the next step is to carefully replace one piece at a time.

  
  
  Modifying a specific game resource
  

  This diagram shows a simplistic model of a resource block that contains a series of message strings. The header contains pointers to each of the strings within the block. Instead of copying this particular resource block directly to the new file, a proposed modification utility will intercept it and rewrite the entire thing, writing new strings of arbitrary length and creating an adjusted header which will correctly point to the start of each new string. Thus, translated strings can be longer than the original strings.

  Further Work
  Exploiting this same approach, we can intercept and modify other game resources including fonts, images, and anything else that might need to be translated. I will explore specific examples in a later blog post.

  Followup

  • Translating Return to Ringworld, in which I apply the ideas expressed in this post.