Jump to content

Stripe Tracking & Telemetry


Arne Postma
 Share

Go to solution Solved by Hatsu,

Recommended Posts

Hello,

I have noticed that after having activated Stripe as a payment option in my Invision Community Forums that user information is always being sent to m.stripe.com even when a user is not on the store page at all. It just always loads it and logs info. Is there any way that this can be updated to not load the script unless actually doing a checkout? I care about my users their privacy and don't want to be a data collector for a third party.

Here is someone that documented this issue, and found out what is being logged:
Stripe is Silently Recording Your Movements On its Customers' Websites · mtlynch.io

Link to comment
Share on other sites

Arne,

I agree, you don't need to be a conspiracy enthusiast or tin foil hat wearing website owner to see it's grossly invasive of privacy and quite unjustifiable in the days of GDPR. We can't restrict it to commerce or checkout related pages only and Stripe bless 'em, surely can't detect card fraud by 100's if not 1000's of updates about individuals reading topics about say favourite pizza toppings, looking after tropical fish etc.

When you factor in more or highly sensitive content, perhaps medical conditions or preferences, thats really not good, off the scale not good!

Site visitors can't opt out of it, certainly before it starts tracking them, as far as I can see, which isn't right.
There have been numerous topics here about it in the past. Its only a recommendation but certainly not a requirement, so I wish IPS (as established corporate advocates of anonymous posting and pride etc) would step up and take some ownership on improving this, and provide us with AdminCP options either for sidewide, commerce or checkout Stripe integration only.

Edited by The Old Man
Link to comment
Share on other sites

  • 3 weeks later...

Thanks @Matt

They provide a good and valuable service, if you take payments it's a huge reassurance, but it's the integration within IPS Community Suite that is the issue, it's disproportionate and unjustified. It just needs to be included within Commerce, not Gallery, Blog, Forums etc.

For years staff in their responses about this issue have effectively been saying it's necessary throughout the whole suite because that's what Stripe say and recommend, but it's not mandatory or binding. At worst it may be less effective if their system doesn't know whether one of my members or visitors read a blog post, viewed a Gallery image or forum.

I also think their recommendation is based and in relation to being used on an e-commerce site, where it would much more sense from that perspective. In fact I just read this on that page...

Quote

Stripe therefore encourages including Stripe.js on every page of the shopping experience, not just the checkout page.


and on https://stripe.com/docs/js/including

Quote

To best leverage Stripe’s advanced fraud functionality, include this script on every page, not just the checkout page. This allows Stripe to detect suspicious behavior that may be indicative of fraud as customers browse your website.

Again I think they wrote this from the perspective that you are integrating it into an online store, with 'every page' meaning product description pages, etc. I think if asked, they'd agree.

Apologies if this reads very passionately but I don't see why, if the integration won't be limited to the Commerce app, that we can't have a simple toggle to be able to choose for ourselves to limit it to Commerce or not, since after all, we're the site owners being responsible under GDPR.

IPS provide useful tools to assist us with GDPR compliance, so it's confusing why this is overlooked.

Edited by The Old Man
Couple of additional points
Link to comment
Share on other sites

17 minutes ago, The Old Man said:

I also think their recommendation is based and in relation to being used on an e-commerce site…

This Up Here GIF by Chord Overstreet

Following a user through some shop categories is very different from online communities, where 99.9% of the user’s activity might be in the community area and the shop is maybe used once a year. 

In that sense an option to limit the use of the Stripe call would make a lot of sense. 

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...