Recherche avancée

Sur d’autres sites (8117)

• Announcing Matomo 4 : More security, privacy and better performance

  17 novembre 2020, par Matomo Core Team — Community, Development, Privacy, Security
  The moment we’ve all been waiting for is here … Matomo Analytics 4 has launched !! We’re incredibly grateful for all community members and contributors who’ve helped with improvements, and our awesome team for all the fixes. 

  We can’t wait for you to gain greater security, privacy protection, and be able to boost your website performance. Now who’s ready ?

  Minimise your business’ web data security risk

  We’ve made Matomo even more secure to meet our users’ ever increasing security needs. Matomo 4 has certainly delivered on these expectations with a wide range of security enhancements and fixes across the platform :

  • Support for app specific API tokens. [#6559]
  • API tokens and session ids are now stored hashed in the database which means if someone can access your database they wouldn’t be able to get the actual token.
  • A more secure host validation. [#16169]
  • By default, you no longer can embed widgets through tokens with higher privileges. [#16264]
  • Plenty of other minor security fixes.

  More protection of your customer’s personal data

  Matomo 4 ensures you’re compliant with data privacy laws and provides you with more ways to keep your customer’s personal data private, such as :

  • The ability to automatically anonymise the referrer to avoid tracking personal data by accident. [#15426]
  • The option to enforce the disabling of cookies. [#16258]
  • Possibility in JavaScript tracker to turn cookies on and off at any time. [#13056]
  • The option to not store any IP address at all. [#16377]
  • Easily disable visits log and visitor profile feature if needed for privacy compliance [#16259]
  • New segment to separate visitors who gave consent vs visitors who didn’t give consent. [#16192]

  Matomo now offers PHP 8 support to users. Want to know more ? Get a detailed list of over 300 fixes and improvements in the Matomo 4 changelog.

  Increased conversion rates with a focus on page performance

  Our new Page Performance feature in Matomo 4 can help you increase conversion rates by showing you exactly how fast or slow your website is going, and WHY. An Akamai Online Retail Study in 2017 found that a 100-millisecond delay in website load time could underperform website conversion rates by up to 7%. 

  By using this new feature you can quickly identify slow pages and fix page speed issues as soon as they arise, meaning you never miss out on those valuable new sales opportunities.

  Improve your Google search rankings in 2021

  According to moz.com, Google’s bringing in a new ranking factor into their algorithm named Core Web Vitals, which will place greater emphasis on load speed (favouring websites that load faster). This means the slower your page loads, the worse it will rank in Google. With Matomo’s new feature, you’ll be able to optimise your pages to rank better according to the Core Web Vitals ranking factor. 

  Read more on how you can use this new feature : https://matomo.org/faq/how-to/how-do-i-see-page-performance-reports/

  Need help upgrading Matomo ?

  Read the Updating Matomo user guide or contact the Matomo experts. 

  Please note : It may take a while for you to receive a notice to update to Matomo 4.

• The problems with wavelets

  27 février 2010, par Dark Shikari — DCT, Dirac, Snow, psychovisual optimizations, wavelets

  I have periodically noted in this blog and elsewhere various problems with wavelet compression, but many readers have requested that I write a more detailed post about it, so here it is.

  Wavelets have been researched for quite some time as a replacement for the standard discrete cosine transform used in most modern video compression. Their methodology is basically opposite : each coefficient in a DCT represents a constant pattern applied to the whole block, while each coefficient in a wavelet transform represents a single, localized pattern applied to a section of the block. Accordingly, wavelet transforms are usually very large with the intention of taking advantage of large-scale redundancy in an image. DCTs are usually quite small and are intended to cover areas of roughly uniform patterns and complexity.

  Both are complete transforms, offering equally accurate frequency-domain representations of pixel data. I won’t go into the mathematical details of each here ; the real question is whether one offers better compression opportunities for real-world video.

  DCT transforms, though it isn’t mathematically required, are usually found as block transforms, handling a single sharp-edged block of data. Accordingly, they usually need a deblocking filter to smooth the edges between DCT blocks. Wavelet transforms typically overlap, avoiding such a need. But because wavelets don’t cover a sharp-edged block of data, they don’t compress well when the predicted data is in the form of blocks.

  Thus motion compensation is usually performed as overlapped-block motion compensation (OBMC), in which every pixel is calculated by performing the motion compensation of a number of blocks and averaging the result based on the distance of those blocks from the current pixel. Another option, which can be combined with OBMC, is “mesh MC“, where every pixel gets its own motion vector, which is a weighted average of the closest nearby motion vectors. The end result of either is the elimination of sharp edges between blocks and better prediction, at the cost of greatly increased CPU requirements. For an overlap factor of 2, it’s 4 times the amount of motion compensation, plus the averaging step. With mesh MC, it’s even worse, with SIMD optimizations becoming nearly impossible.

  At this point, it would seem wavelets would have pretty big advantages : when used with OBMC, they have better inter prediction, eliminate the need for deblocking, and take advantage of larger-scale correlations. Why then hasn’t everyone switched over to wavelets then ? Dirac and Snow offer modern implementations. Yet despite decades of research, wavelets have consistently disappointed for image and video compression. It turns out there are a lot of serious practical issues with wavelets, many of which are open problems.

  1. No known method exists for efficient intra coding. H.264′s spatial intra prediction is extraordinarily powerful, but relies on knowing the exact decoded pixels to the top and left of the current block. Since there is no such boundary in overlapped-wavelet coding, such prediction is impossible. Newer intra prediction methods, such as markov-chain intra prediction, also seem to require an H.264-like situation with exactly-known neighboring pixels. Intra coding in wavelets is in the same state that DCT intra coding was in 20 years ago : the best known method was to simply transform the block with no prediction at all besides DC. NB : as described by Pengvado in the comments, the switching between inter and intra coding is potentially even more costly than the inefficient intra coding.

  2. Mixing partition sizes has serious practical problems. Because the overlap between two motion partitions depends on the partitions’ size, mixing block sizes becomes quite difficult to define. While in H.264 an smaller partition always gives equal or better compression than a larger one when one ignores the extra overhead, it is actually possible for a larger partition to win when using OBMC due to the larger overlap. All of this makes both the problem of defining the result of mixed block sizes and making decisions about them very difficult.

  Both Snow and Dirac offer variable block size, but the overlap amount is constant ; larger blocks serve only to save bits on motion vectors, not offer better overlap characteristics.

  3. Lack of spatial adaptive quantization. As shown in x264 with VAQ, and correspondingly in HCEnc’s implementation and Theora’s recent implementation, spatial adaptive quantization has staggeringly impressive (before, after) effects on visual quality. Only Dirac seems to have such a feature, and the encoder doesn’t even use it. No other wavelet formats (Snow, JPEG2K, etc) seem to have such a feature. This results in serious blurring problems in areas with subtle texture (as in the comparison below).

  4. Wavelets don’t seem to code visual energy effectively. Remember that a single coefficient in a DCT represents a pattern which applies across an entire block : this makes it very easy to create apparent “detail” with a DCT. Furthermore, the sharp edges of DCT blocks, despite being an apparent weakness, often result in a “fake sharpness” that can actually improve the visual appearance of videos, as was seen with Xvid. Thus wavelet codecs have a tendency to look much blurrier than DCT-based codecs, but since PSNR likes blur, this is often seen as a benefit during video compression research. Some of the consequences of these factors can be seen in this comparison ; somewhat outdated and not general-case, but which very effectively shows the difference in how wavelets handle sharp edges and subtle textures.

  Another problem that periodically crops up is the visual aliasing that tends to be associated with wavelets at lower bitrates. Standard wavelets effectively consist of a recursive function that upscales the coefficients coded by the previous level by a factor of 2 and then adds a new set of coefficients. If the upscaling algorithm is naive — as it often is, for the sake of speed — the result can look quite ugly, as if parts of the image were coded at a lower resolution and then badly scaled up. Of course, it looks like that because they were coded at a lower resolution and then badly scaled up.

  JPEG2000 is a classic example of wavelet failure : despite having more advanced entropy coding, being designed much later than JPEG, being much more computationally intensive, and having much better PSNR, comparisons have consistently shown it to be visually worse than JPEG at sane filesizes. Here’s an example from Wikipedia. By comparison, H.264′s intra coding, when used for still image compression, can beat JPEG by a factor of 2 or more (I’ll make a post on this later). With the various advancements in DCT intra coding since H.264, I suspect that a state-of-the-art DCT compressor could win by an even larger factor.

  Despite the promised benefits of wavelets, a wavelet encoder even close to competitive with x264 has yet to be created. With some tests even showing Dirac losing to Theora in visual comparisons, it’s clear that many problems remain to be solved before wavelets can eliminate the ugliness of block-based transforms once and for all.

• Google Analytics 4 and GDPR : Everything You Need to Know

  17 mai 2022, par Erin

  Four years have passed since the European General Data Protection Regulation (GDPR, also known as DSGVO in German, and RGPD in French) took effect.

  That’s ample time to get compliant, especially for an organisation as big and innovative as Google. Or is it ? 

  If you are wondering how GDPR affects Google Analytics 4 and what the compliance status is at present, here’s the lowdown. 

  Is Google Analytics 4 GDPR Compliant ?

  No. As of mid-2022, Google Analytics 4 (GA4) isn’t fully GDPR compliant. Despite adding extra privacy-focused features, GA4 still has murky status with the European regulators. After the invalidation of the Privacy Shield framework in 2020, Google is yet to regulate EU-US data protection. At present, the company doesn’t sufficiently protect EU citizens’ and residents’ data against US surveillance laws. This is a direct breach of GDPR.

  Google Analytics and GDPR : a Complex Relationship 

  European regulators have scrutinised Google since GDPR came into effect in 2018.

  While the company took steps to prepare for GDPR provisions, it didn’t fully comply with important regulations around user data storage, transfer and security.

  The relationship between Google and EU regulators got more heated after the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield — a leeway Google used for EU-US data transfers. After 2020, GDPR litigation against Google followed. 

  This post summarises the main milestones in this story and explains the consequences for Google Analytics users. 

  

  2018 : Google Analytics Meets GDPR 

  In 2018, the EU adopted the General Data Protection Regulation (GDPR) — a set of privacy and data security laws, covering all member states. Every business interacting with EU citizens and/or residents had to comply.

  GDPR harmonised data protection laws across member states and put down extra provisions for what constitutes sensitive personal information (or PII). Broadly, PII includes any data about the person’s :

  • Racial or ethnic origin 
  • Employment status 
  • Religious or political beliefs
  • State of health 
  • Genetic or biometric data 
  • Financial records (such as payment method data)
  • Address and phone numbers 

  Businesses were barred from collecting this information without explicit consent (and even with it in some cases). If collected, such sensitive information is also subject to strict requirements on how it should be stored, secured, transferred and used. 

  7 Main GDPR Principles Explained 

  Article 5 of the GDPR lays out seven main GDPR principles for personal data and privacy protection : 

  • Lawfulness, fairness and transparency — data must be obtained legally, collected with consent and in adherence to laws. 
  • Purpose limitation — all personal information must be collected for specified, explicit and legal purposes. 
  • Data minimisation — companies must collect only necessary and adequate data, aligned with the stated purpose. 
  • Accuracy — data accuracy must be ensured at all times. Companies must have mechanisms to erase or correct inaccurate data without delays. 
  • Storage limitation — data must be stored only for as long as the stated purpose suggests. Though there’s no upper time limit on data storage. 
  • Integrity and confidentiality (security) — companies must take measures to ensure secure data storage and prevent unlawful or unauthorised access to it. 
  • Accountability — companies must be able to demonstrate adherence to the above principles. 

  Google claimed to have taken steps to make all of their products GDPR compliant ahead of the deadline. But in practice, this wasn’t always the case.

  In March 2018, a group of publishers admonished Google for not providing them with enough tools for GDPR compliance :

  “[Y]ou refuse to provide publishers with any specific information about how you will collect, share and use the data. Placing the full burden of obtaining new consent on the publisher is untenable without providing the publisher with the specific information needed to provide sufficient transparency or to obtain the requisite specific, granular and informed consent under the GDPR.”

  The proposed Google Analytics GDPR consent form was hard to implement and lacked customisation options. In fact, Google “makes unilateral decisions” on how the collected data is stored and used. 

  Users had no way to learn about or control all intended uses of people’s data — which made compliance with the second clause impossible. 

  Unsurprisingly, Google was among the first companies to face a GDPR lawsuit (together with Facebook). 

  By 2019, French data regulator CNIL, successfully argued that Google wasn’t sufficiently disclosing its data collection across products — and hence in breach of GDPR. After a failed appeal, Google had to pay a €50 million fine and promise to do better. 

  2019 : Google Analytics 4 Announcement 

  Throughout 2019, Google rightfully attempted to resolve some of its GDPR shortcomings across all products, Google Universal Analytics (UA) included. 

  They added a more visible consent mechanism for online tracking and provided extra compliance tips for users to follow. In the background, Google also made tech changes to its data processing mechanism to get on the good side of regulations.

  Though Google addressed some of the issues, they missed others. A 2019 independent investigation found that Google real-time-bidding (RTB) ad auctions still used EU citizens’ and residents’ data without consent, thanks to a loophole called “Push Pages”. But they managed to quickly patch this up before the allegations had made it to court. 

  In November 2019, Google released a beta version of the new product version — Google Analytics 4, due to replace Universal Analytics. 

  GA4 came with a set of new privacy-focused features for ticking GDPR boxes such as :

  • Data deletion mechanism. Users can now request to surgically extract certain data from the Analytics servers via a new interface. 
  • Shorter data retention period. You can now shorten the default retention period to 2 months by default (instead of 14 months) or add a custom limit.  
  • IP Anonymisation. GA4 doesn’t log or store IP addresses by default. 

  Google Analytics also updated its data processing terms and made changes to its privacy policy. 

  Though Google made some progress, Google Analytics 4 still has many limitations — and isn’t GDPR compliant. 

  2020 : Privacy Shield Invalidation Ruling 

  As part of the 2018 GDPR preparations, Google named its Irish entity (Google Ireland Limited) as the “data controller” legally responsible for EEA and Swiss users’ information. 

  The company announcement says : 

  

  Initially, Google assumed that this legal change would help them ensure GDPR compliance as “legally speaking” a European entity was set in charge of European data. 

  Practically, however, EEA consumers’ data was still primarily transferred and processed in the US — where most Google data centres are located. Until 2020, such cross-border data transfers were considered legal thanks to the Privacy Shield framework. 

  But in July 2020, The EU Court of Justice ruled that this framework doesn’t provide adequate data protection to digitally transmitted data against US surveillance laws. Hence, companies like Google can no longer use it. The Swiss Federal Data Protection and Information Commissioner (FDPIC) reached the same conclusion in September 2020. 

  The invalidation of the Privacy Shield framework put Google in a tough position.

   Article 14. f of the GDPR explicitly states : 

  “The controller (the company) that intends to carry out a transfer of personal data to a recipient (Analytics solution) in a third country or an international organisation must provide its users with information on the place of processing and storage of its data”.

  Invalidation of the Privacy Shield framework prohibited Google from moving data to the US. At the same time, GDPR provisions mandated that they must disclose proper data location. 

  But Google Analytics (like many other products) had no a mechanism for : 

  • Guaranteeing intra-EU data storage 
  • Selecting a designated regional storage location 
  • Informing users about data storage location or data transfers outside of the EU 

  And these factors made Google Analytics in direct breach of GDPR — a territory, where they remain as of 2022.

  2020-2022 : Google GDPR Breaches and Fines 

  The 2020 ruling opened Google to GDPR lawsuits from country-specific data regulators.

  Google Analytics in particular was under a heavy cease-fire. 

  • Sweden first fined Google for violating GDPR for no not fulfilling its obligations to request data delisting in 2020. 
  • France rejected Google Analytics 4 IP address anonymisation function as a sufficient measure for protecting cross-border data transfers. Even with it, US intelligence services can still access user IPs and other PII. France declared Google Analytics illegal and pressed a €150 million fine. 
  • Austria also found Google Analytics GDPR non-compliant and proclaimed the service as “illegal”. The authority now seeks a fine too. 

  The Dutch Data Protection Authority and  Norwegian Data Protection Authority also found Google Analytics guilty of a GDPR breach and seek to limit Google Analytics usage. 

  New privacy controls in Google Analytics 4 do not resolve the underlying issue — unregulated, non-consensual EU-US data transfer. 

  Google Analytics GDPR non-compliance effectively opens any website tracking or analysing European visitors to legal persecution.

  In fact, this is already happening. noyb, a European privacy-focused NGO, has already filed over 100 lawsuits against European websites using Google Analytics.

  2022 : Privacy Shield 2.0. Negotiations

  Google isn’t the only US company affected by the Privacy Shield framework invalidation. The ruling puts thousands of digital companies at risk of non-compliance.

  To settle the matter, US and EU authorities started “peace talks” in spring 2022.

  European Commission President Ursula von der Leyen said that they are working with the Biden administration on the new agreement that will “enable predictable and trustworthy data flows between the EU and US, safeguarding the privacy and civil liberties.” 

  However, it’s just the beginning of a lengthy negotiation process. The matter is far from being settled and contentious issues remain as we discussed on Twitter (come say hi !).

  

  For one, the US isn’t eager to modify its surveillance laws and is mostly willing to make them “proportional” to those in place in the EU. These modifications may still not satisfy CJEU — which has the power to block the agreement vetting or invalidate it once again. 

  While these matters are getting hashed out, Google Analytics users, collecting data about EU citizens and/or residents, remain on slippery grounds. As long as they use GA4, they can be subject to GDPR-related lawsuits. 

  To Sum It Up 

  • Google Analytics 4 and Google Universal Analytics are not GDPR compliant because of Privacy Shield invalidation in 2020. 
  • French and Austrian data watchdogs named Google Analytics operations “illegal”. Swedish, Dutch and Norwegian authorities also claim it’s in breach of GDPR. 
  • Any website using GA for collecting data about European citizens and/or residents can be taken to court for GDPR violations (which is already happening). 
  • Privacy Shield 2.0 Framework discussions to regulate EU-US data transfers have only begun and may take years. Even if accepted, the new framework(s) may once again be invalidated by local data regulators as has already happened in the past. 

  Time to Get a GDPR Compliant Google Analytics Alternative 

  Retaining 100% data ownership is the optimal path to GDPR compliance.

  By selecting a transparent web analytics solution that offers 100% data ownership, you can rest assured that no “behind the scenes” data collection, processing or transfers take place. 

  Unlike Google Analytics 4, Matomo offers all of the features you need to be GDPR compliant : 

  • Full data anonymisation 
  • Single-purpose data usage 
  • Easy consent and an opt-out mechanism 
  • First-party cookies usage by default 
  • Simple access to collect data 
  • Fast data removals 
  • EU-based data storage for Matomo Cloud (or storage in the country of your choice with Matomo On-Premise)

  Learn about your audiences in a privacy-centred way and protect your business against unnecessary legal exposure. 

  Start your 21-day free trial (no credit card required) to see how fully GDPR-compliant website analytics works ! 

  21 day free trial. No credit card required.

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I hereby accept the terms and conditions and the data processing agreeement (DPA).

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  

  » Start improving your websites now