github-starred/cobalt
2
0
Fork 0
mirror of https://github.com/imputnet/cobalt.git synced 2026-05-22 22:39:42 -05:00
Code Issues 1.9k Packages Projects Releases Wiki Activity

[GH-ISSUE #1136] Cobalt continues connecting to the Plausible instance after analytics are disabled #3636

New Issue
Closed
opened 2026-04-13 12:10:17 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-13 12:10:17 -05:00
Owner
Copy Link

Originally created by @celenityy on GitHub (Feb 28, 2025).
Original GitHub issue: https://github.com/imputnet/cobalt/issues/1136

bug description

Despite enabling don't contribute to analytics under settings -> privacy, cobalt.tools continues connecting to https://a.imput.net/js/script.js. This functionality should be entirely disabled once analytics are disabled - users have no way to verify you're dropping it on the server side (which is what I suspect is happening here).

reproduction steps

  1. On cobalt.tools, enable don't contribute to analytics under settings -> privacy.
  2. Observe that connections are still made to https://a.imput.net/js/script.js - (I confirmed with uBlock Origin).

screenshots

No response

links

platform information

Phoenix (Firefox) 135.0.1

additional context

I love Cobalt, and I'd really like to include a.imput.net on my BadBlock Ethical Whitelist, as you otherwise perfectly meet the criteria, but this issue is unfortunately preventing me from doing so.

I'd also like to ask: Would you consider disabling these analytics automatically if Global Privacy Control is enabled?

Originally created by @celenityy on GitHub (Feb 28, 2025). Original GitHub issue: https://github.com/imputnet/cobalt/issues/1136 ### bug description Despite enabling `don't contribute to analytics` under `settings` -> `privacy`, `cobalt.tools` continues connecting to `https://a.imput.net/js/script.js`. This functionality should be entirely disabled once analytics are disabled - users have no way to verify you're dropping it on the server side *(which is what I suspect is happening here)*. ### reproduction steps 1. On `cobalt.tools`, enable `don't contribute to analytics` under `settings` -> `privacy`. 2. Observe that connections are still made to `https://a.imput.net/js/script.js` - *(I confirmed with uBlock Origin)*. ### screenshots _No response_ ### links ```shell ``` ### platform information Phoenix (Firefox) 135.0.1 ### additional context I love Cobalt, and I'd really like to include `a.imput.net` on my [BadBlock](https://badblock.celenity.dev) Ethical Whitelist, as you otherwise [perfectly meet the criteria](https://codeberg.org/celenity/BadBlock/src/branch/pages/base/whitelists/ethical.txt), but this issue is unfortunately preventing me from doing so. I'd also like to ask: Would you consider disabling these analytics automatically if Global Privacy Control is enabled?
GiteaMirror added the main instance issue label 2026-04-13 12:10:17 -05:00
GiteaMirror commented 2026-04-13 12:10:20 -05:00
Author
Owner
Copy Link

@wukko commented on GitHub (Feb 28, 2025):

hey! the script should stop making requests completely once it sees plausible_ignore in local storage, can you check if it’s present in your case? i’ll look into this soon cuz this obviously shouldn’t happen

<!-- gh-comment-id:2689632331 --> @wukko commented on GitHub (Feb 28, 2025): hey! the script should stop making requests completely once it sees `plausible_ignore` in local storage, can you check if it’s present in your case? i’ll look into this soon cuz this obviously shouldn’t happen
GiteaMirror commented 2026-04-13 12:10:20 -05:00
Author
Owner
Copy Link

@wukko commented on GitHub (Feb 28, 2025):

it’s also supposed to log “ignoring event” in console: https://plausible.io/docs/excluding-localstorage

<!-- gh-comment-id:2689633228 --> @wukko commented on GitHub (Feb 28, 2025): it’s also supposed to log “ignoring event” in console: https://plausible.io/docs/excluding-localstorage
GiteaMirror commented 2026-04-13 12:10:21 -05:00
Author
Owner
Copy Link

@wukko commented on GitHub (Feb 28, 2025):

just figured out what you meant in the issue, the js script doesn't do any analytics by being loaded, it sends a separate fetch request to /api/event which is indeed not sent when plausible_ignore is present:

Image

however, i could make it not load the script at all, though i don't see how it's beneficial

<!-- gh-comment-id:2689932343 --> @wukko commented on GitHub (Feb 28, 2025): just figured out what you meant in the issue, the js script doesn't do any analytics by being loaded, it sends a separate fetch request to /api/event which is indeed not sent when `plausible_ignore` is present: <img width="831" alt="Image" src="https://github.com/user-attachments/assets/1ec31bd9-1175-42e7-9e18-906db7c7ef6d" /> however, i could make it not load the script at all, though i don't see how it's beneficial
GiteaMirror commented 2026-04-13 12:10:22 -05:00
Author
Owner
Copy Link

@wukko commented on GitHub (Feb 28, 2025):

Would you consider disabling these analytics automatically if Global Privacy Control is enabled?

cobalt's plausible analytics are already private, it doesn't track anyone, just aggregated number of traffic, so i don't think it's really applicable here?

Image
<!-- gh-comment-id:2689944409 --> @wukko commented on GitHub (Feb 28, 2025): > Would you consider disabling these analytics automatically if Global Privacy Control is enabled? cobalt's plausible analytics are already private, it doesn't track anyone, just aggregated number of traffic, so i don't think it's really applicable here? <img width="764" alt="Image" src="https://github.com/user-attachments/assets/60cea4c8-23ce-437b-9652-b51fd1312d6f" />
GiteaMirror commented 2026-04-13 12:10:22 -05:00
Author
Owner
Copy Link

@celenityy commented on GitHub (Mar 2, 2025):

Thanks for the quick response and clarification!

however, i could make it not load the script at all, though i don't see how it's beneficial

I think it'd be best not to load the script at all. If anything, it'd give users more peace of mind and not mislead them into thinking Cobalt is still sending analytics after disabling them in settings (even though it isn't). Also probably a good idea to not make unnecessary connections/load unnecessary scripts for bandwidth/resource consumption (I doubt this is making a meaningful impact there to be clear, but I think it's still a good rule of thumb). It'd also help reduce the load/unnecessary blocking for those using content blockers that block a.imput.net.

cobalt's plausible analytics are already private, it doesn't track anyone, just aggregated number of traffic, so i don't think it's really applicable here?

That's completely understandable. To be clear, I don't have any doubt that Cobalt is not tracking users - and I believe you've gone above and beyond in protecting the privacy of users. I think my main reason for suggesting this was to allow users a way to easily opt out of analytics persistently without needing to save cookies, and I feel like you'd still get quality analytics (as the majority of browsers don't enable GPC by default). But this isn't a big deal as long as analytics are disabled when the plausible_ignore cookie is present (since users can use ex. uBlock Origin to automatically set this cookie).

<!-- gh-comment-id:2692585892 --> @celenityy commented on GitHub (Mar 2, 2025): Thanks for the quick response and clarification! > however, i could make it not load the script at all, though i don't see how it's beneficial I think it'd be best not to load the script at all. If anything, it'd give users more peace of mind and not mislead them into thinking Cobalt is still sending analytics after disabling them in settings *(even though it isn't)*. Also probably a good idea to not make unnecessary connections/load unnecessary scripts for bandwidth/resource consumption *(I doubt this is making a meaningful impact there to be clear, but I think it's still a good rule of thumb)*. It'd also help reduce the load/unnecessary blocking for those using content blockers that block `a.imput.net`. > cobalt's plausible analytics are already private, it doesn't track anyone, just aggregated number of traffic, so i don't think it's really applicable here? That's completely understandable. To be clear, I don't have any doubt that Cobalt is not tracking users - and I believe you've gone above and beyond in protecting the privacy of users. I think my main reason for suggesting this was to allow users a way to easily opt out of analytics persistently without needing to save cookies, and I feel like you'd still get quality analytics *(as the majority of browsers don't enable GPC by default)*. But this isn't a big deal as long as analytics are disabled when the `plausible_ignore` cookie is present *(since users can use ex. uBlock Origin to automatically set this cookie)*.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
3rd party app support
bug
can reproduce
can't reproduce
documentation
duplicate
feature request
help wanted
instance hosting help
invalid
main instance issue
need more info
needs fixing
next major
not an issue
pull-request
Mirrored from GitHub Pull Request
 question
region lock issue
security
service request
skill issue
web ui
No Label main instance issue
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/cobalt#3636
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?