Is Slimstat really GDPR Friendly?

  • kjetilk

    (@kjetilk)


    1 year ago

    I first tried to contact the company behind Slimstat, but their spam filter appeared to reject my message.

    I’m doing a project where I scan the entire Norwegian public sector for ad tracking and the like. It does not look good. In the course of this work, I have used Blacklight for the heavy lifting. One of its tests are for canvas fingerprinting, a pretty intrusive technique that attempts to evade many of the practices people do to protect themselves against snooping, including incognito browsing.

    I found a site that did canvas fingerprinting, and when tracking it down, it seemed to be wp-slimstat that did it. Furthermore, contained code that comes from an old version of https://github.com/fingerprintjs . It seems to have had an MIT license at the time, but isn’t open source anymore in the later versions.

    I’m not sure what the capabilities of that old library is, but I’d like to understand what kind of legal basis you’d have for its use today. Anyone around to shed some light on this?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Jason Crouse

    (@coolmann)

    Hi @kjetilk,

    Yes, Slimstat includes fingerprinting to track users more accurately than just relying on IP address and user agent. It can be turned off, if the site admin needs to comply with privacy regulation in their Country.

    However, keep in mind that this information is not shared with anyone outside the website where the plugin itself is installed. Unlike Facebook’s pixel and other social media tools, that take your fingerprint with the purpose of tracking your movements across the web, Slimstat uses this technique just to increase its accuracy. It was first implemented a few years ago after we received a request from a research group who was analyzing user behaviors on their University website, and needed a reliable way to identify these users, to have accurate data for their research.

    If your concern is that Slimstat monetizes this information and sells visitors data, please rest assured that this is not the case, and on the contrary, we pride ourselves with providing one of the most privacy-friendly analytics tools available on the market.

    I hope this answers your questions.

    Jason

    Thread Starter kjetilk

    (@kjetilk)

    Right, that is somewhat reassuring. However, the callback URL is configurable, right, so it could potentially be directed somewhere else, right? So, multiple sites could pool the callback to track users?

    Also, if the same site has both sensitive and not-so-sensitive content, then it could use this to track users where users would otherwise use a incognito mode?

    soolee

    (@soolee)

    Hi Jason,

    The fact that all the data is under the control of our website, and remains only on our website, is why we use Slimstat.

    Hi kjetilk,

    I am not familiar with the callback URL, and I could not find such a setting anywhere in Slimstat’s settings, but from your description it sounds like using such a configurable option is a choice that the website would have to choose to implement.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Is Slimstat really GDPR Friendly?’ is closed to new replies.
  • In: Plugins
  • 3 replies
  • 3 participants
  • Last reply from: soolee
  • Last activity: 1 year ago
  • Status: not a support question