Recherche avancée

Sur d’autres sites (4654)

• To all Matomo plugin developers : Matomo 5 is coming, make your plugin compatible now

  5 mai 2023, par Matomo Core Team — Development

  We’re planning to release the first beta of Matomo 5 in a few weeks. For making it easy for Matomo users to be able to upgrade to this beta, it would be great to have as many plugins on the Marketplace as possible already updated and compatible with Matomo 5. Then many users would be able to upgrade to the first beta without any issues.

  Presumably, as you put your plugin on our Marketplace, you want people to use it. Making your plugin compatible with Matomo 5 helps ensure that people will be able to find and keep using your plugin. If your plugin is not compatible with Matomo 5, your plugin will be automatically deactivated in Matomo 5 instances. We’ll be happy to help you achieve compatibility should there be any issue.

  How do I upgrade my Matomo instance to Matomo 5 ?

  If you have installed your Matomo development environment through git, you can simply checkout the Matomo 5 branch “5.x-dev” and install its dependencies by executing these commands :

  • git checkout 5.x-dev
  • composer install

  Alternatively, you can also download the latest version directly from GitHub as a zip file and run composer install afterwards.

  How do I upgrade my plugin to Matomo 5 ?

  • We recommend you create a new branch for your plugin that supports Matomo 5. For example a branch named “5.x-dev“. This way you will be able to make changes to your plugin for Matomo 4 and Matomo 5 and release separate versions.
  • Check out our migration guide from Matomo 4 to Matomo 5 and make sure to review the list of all breaking changes.
  • Release a new version of your plugin in GitHub as usual.

  While there are some breaking changes in Matomo 5, most of our Platform APIs remain unchanged, and almost all changes are for rarely used APIs. Quite often, making your plugin compatible with Matomo 5 will just be a matter of adjusting the “plugin.json” file (as mentioned in the migration guide).

  You can find all developer documentation on our developer zone which has already been updated for Matomo 5.

  How do I know my plugin changes were released successfully ?

  If you have configured an email address within your “plugin.json” file, then you will receive a confirmation or an error email within a few minutes. Alternatively, you can also check out your plugin page on the Marketplace directly. If the plugin release was successful, you will see additional links below the download button showing which versions your plugin is compatible with.

  

  How can switch between Matomo 4 and Matomo 5 or downgrade to Matomo 4 ?

  To downgrade from Matomo 5 to Matomo 4 in your Matomo development environment :

  • check out the “4.x-dev” branch 
  • run “composer install” as usual

  When will the final Matomo 5 release be available ?

  We estimate the final stable Matomo 5.0.0 release will be released in approx. 2-3 months.

  What is new in Matomo 5 ?

  We don’t have a summary of the changes available just yet but you can see all closed issues within this release here.

  Any questions or need help ?

  If you have any questions, or experience any problems during the migration, don’t hesitate to get in touch with us. We’ll be happy to help get your plugin compatible and the update published. If you find any undocumented breaking change or find any step during the migration process not clear, please let us know as well.

  Thank you for contributing a plugin to the Marketplace and making Matomo better. We really appreciate your work !

• Meta Receives a Record GDPR Fine from The Irish Data Protection Commission

  29 mai 2023, par Erin — GDPR

  The Irish Data Protection Commission (the DPC) issued a €1.2 billion fine to Meta on May, 22nd 2023 for violating the General Data Protection Regulation (GDPR). 

  The regulator ruled that Meta was unlawfully transferring European users’ data to its US-based servers and taking no sufficient measures for ensuring users’ privacy. 

  Meta must now suspend data transfer within five months and delete EU/EEA users’ personal data that was illegally transferred across the border. Or they risk facing another round of repercussions. 

  Meta continued to transfer personal user data to the USA following an earlier ruling of The Court of Justice of the European Union (CJEU), which already address problematic EU-U.S. data flows. Meta continued those transfers on the basis of the updated Standard Contractual Clauses (“SCCs”), adopted by the European Commission in 2021. 

  The Irish regulator successfully proved that these arrangements had not sufficiently addressed the “fundamental rights and freedoms” of the European data subjects, outlined in the CJEU ruling. Meta was not doing enough to protect EU users’ data against possible surveillance and unconsented usage by US authorities or other authorised entities.

  Why European Regulators Are After The US Big Tech Firms ? 

  GDPR regulations have been a sore area of compliance for US-based big tech companies. 

  Effectively, they had to adopt a host of new measures for collecting user consent, ensuring compliant data storage and the right to request data removal for a substantial part of their user bases. 

  The wrinkle, however, is that companies like Google and Meta among others, don’t have separate data processing infrastructure for different markets. Instead, all the user data gets commingled on the companies’ servers, which are located in the US. 

  Data storage facilities’ location is an issue. In 2020, the CJEU made a historical ruling, called the invalidation of the Privacy Shield. Originally, international companies were allowed to transfer data between the EU and the US if they adhered to seven data protection principles. This arrangement was called the Privacy Shield. 

  However, the continuous investigation found that the Privacy Shield scheme was not GDPR compliant and therefore companies could no longer use it to justify cross-border data transfers.

  The invalidation of the Privacy Shield gave ground for further investigations of the big tech companies’ compliance statuses. 

  In March 2022, the Irish DPC issued the first €17 million fine to Meta for “insufficient technical and organisational measures to ensure information security of European users”. In September 2022, Meta was again hit with a €405 million fine for Instagram breaching GDPR principles. 

  2023 began with another series of rulings, with the DPC concluding that Meta had breaches of the GDPR relating to its Facebook service (€210 million fine) and breaches related to Instagram (€180 million fine). 

  Clearly, Meta already knew they weren’t doing enough for GDPR compliance and yet they refused to take privacy-focused action. 

  Is Google GDPR Compliant ?

  Google has a similar “track record” as Meta when it comes to ensuring full compliance with the GDPR. Although Google has said to provide users with more controls for managing their data privacy, the proposed solutions are just scratching the surface. 

  In the background, Google continues to leverage its ample reserves of user browsing, behavioural and device data in product development and advertising. 

  In 2022, the Irish Council for Civil Liberties (ICCL) found that Google used web users’ information in its real-time bidding ad system without their knowledge or consent. The French data regulator (CNIL), in turn, fined Google for €150 million because of poor cookie consent banners the same year. 

  Google Analytics GDPR compliance status is, however, the bigger concern.

  Neither Google Univeral Analytics (UA) nor Google Analytics 4 are GDPR compliant, following the Privacy Shield framework invalidation in 2020. 

  Fines from individual regulators in Sweden, France, Austria, Italy, Denmark, Finland and Norway ruled that Google Analytics is non-GDPR compliant and is therefore illegal to use. 

  The regulatory rulings not just affect Google, but also GA users. Because the product is in breach of European privacy laws, people using it are complacent. Privacy groups like noyb, for example, are exercising their right to sue individual websites, using Google Analytics.

  How to Stay GDPR Compliant With Website Analytics 

  To avoid any potential risk exposure, selectively investigate each website analytics provider’s data storage and management practices. 

  Inquire about the company’s data storage locations among the first things. For example, Matomo Cloud keeps all the data in the EU, while Matomo On-Premise edition gives you the option to store data in any country of your choice. 

  Secondly, ask about their process for consent tracking and subsequent data analysis. Our website analytics product is fully GDPR compliant as we have first-party cookies enabled by default, offer a convenient option of tracking out-outs, provide a data removal mechanism and practice safe data storage. In fact, Matomo was approved by the French Data Protection Authority (CNIL) as one of the few web analytics apps that can be used to collect data without tracking consent. 

  Using an in-built GDPR Manager, Matomo users can implement the right set of controls for their market and their industry. For example, you can implement extra data or IP anonymization ; disable visitor logs and profiles. 

  Thanks to our privacy-by-design architecture and native controls, users can make their Matomo analytics compliant even with the strictest privacy laws like HIPAA, CCPA, LGPD and PECR. 

  Learn more about GDPR-friendly website analytics.

  Final Thoughts

  Since the GDPR came into effect in 2018, over 1,400 fines have been given to various companies in breach of the regulations. Meta and Google have been initially lax in response to European regulatory demands. But as new fines follow and the consumer pressure mounts, Big Tech companies are forced to take more proactive measures : add opt-outs for personalised ads and introduce an alternative mechanism to third-party cookies. 

  Companies, using non-GDPR-compliant tools risk finding themselves in the crossfire of consumer angst and regulatory criticism. To operate an ethical, compliant business consider privacy-focused alternatives to Google products, especially in the area of website analytics. 

• Announcing our latest open source project : DeviceDetector

  30 juillet 2014, par Stefan Giehl — Community, Development, Meta, DeviceDetector

  This blog post is an announcement for our latest open source project release : DeviceDetector ! The Universal Device Detection library will parse any User Agent and detect the browser, operating system, device used (desktop, tablet, mobile, tv, cars, console, etc.), brand and model.

  Read on to learn more about this exciting release.

  Why did we create DeviceDetector ?

  Our previous library UserAgentParser only had the possibility to detect operating systems and browsers. But as more and more traffic is coming from mobile devices like smartphones and tablets it is getting more and more important to know which devices are used by the websites visitors.

  To ensure that the device detection within Piwik will gain the required attention, so it will be as accurate as possible, we decided to move that part of Piwik into a separate project, that we will maintain separately. As an own project we hope the DeviceDetector will gain a better visibility as well as a better support by and for the community !

  DeviceDetector is hosted on GitHub at piwik/device-detector. It is also available as composer package through Packagist.

  How DeviceDetector works

  Every client requesting data from a webserver identifies itself by sending a so-called User-Agent within the request to the server. Those User Agents might contain several information such as :

  • client name and version (clients can be browsers or other software like feed readers, media players, apps,…)
  • operating system name and version
  • device identifier, which can be used to detect the brand and model.

  For Example :

  Mozilla/5.0 (Linux; Android 4.4.2; Nexus 5 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.99 Mobile Safari/537.36

  This User Agent contains following information :

  Operating system is Android 4.4.2, client uses the browser Chrome Mobile 32.0.1700.99 and the device is a Google Nexus 5 smartphone.

  What DeviceDetector currently detects

  DeviceDetector is able to detect bots, like search engines, feed fetchers, site monitors and so on, five different client types, including around 100 browsers, 15 feed readers, some media players, personal information managers (like mail clients) and mobile apps using the AFNetworking framework, around 80 operating systems and nine different device types (smartphones, tablets, feature phones, consoles, tvs, car browsers, cameras, smart displays and desktop devices) from over 180 brands.

  Note : Piwik itself currently does not use the full feature set of DeviceDetector. Client detection is currently not implemented in Piwik (only detected browsers are reported, other clients are marked as Unknown). Client detection will be implemented into Piwik in the future, follow #5413 to stay updated.

  Performance of DeviceDetector

  Our detections are currently handled by an enormous number of regexes, that are defined in several .YML Files. As parsing these .YML files is a bit slow, DeviceDetector is able to cache the parsed .YML Files. By default DeviceDetector uses a static cache, which means that everything is cached in static variables. As that only improves speed for many detections within one process, there are also adapters to cache in files or memcache for speeding up detections across requests.

  How can users help contribute to DeviceDetector ?

  Submit your devices that are not detected yet

  If you own a device, that is currently not correctly detected by the DeviceDetector, please create a issue on GitHub
  In order to check if your device is detected correctly by the DeviceDetector go to your Piwik server, click on ‘Settings’ link, then click on ‘Device Detection’ under the Diagnostic menu. If the data does not match, please copy the displayed User Agent and use that and your device data to create a ticket.

  Submit a list of your User Agents

  In order to create new detections or improve the existing ones, it is necessary for us to have lists of User Agents. If you have a website used by mostly non desktop devices it would be useful if you send a list of the User Agents that visited your website. To do so you need access to your access logs. The following command will extract the User Agents :

  zcat ~/path/to/access/logs* | awk -F'"' '{print $6}' | sort | uniq -c | sort -rn | head -n20000 > /home/piwik/top-user-agents.txt

  If you want to help us with those data, please get in touch at devicedetector@piwik.org

  Submit improvements on GitHub

  As DeviceDetector is free/libre library, we invite you to help us improving the detections as well as the code. Please feel free to create tickets and pull requests on Github.

  What’s the next big thing for DeviceDetector ?

  Please check out the list of issues in device-detector issue tracker.

  We hope the community will answer our call for help. Together, we can build DeviceDetector as the most powerful device detection library !

  Happy Device Detection,