Le 01/05/2014 17:17, Gijs Kruitbosch a ï¿œcrit :
> On 01/05/2014 15:43, Pascal Chevrel wrote:
>> Looking at the Piwik site, it seems some big companies like T-Mobile use
>> it, I know the volume we have on
mozilla.org so maybe Piwik doesn't
>> scale *yet* to out needs, but this is an open source project and as
>> such, fixable, and that doesn't mean that we have to fix it ourselves
>> btw. What I am afraid of is that we just picked google because of the
>> NIHSV syndrom (Not Invented Here in the Silicon Valley ;) ).
>
> It seems pretty obvious that running your own analytics system has
> non-zero cost in terms of hours spent by both volunteer and employee
> contributors, whereas an out-of-the-box solution provided by a third
> party does not. I've seen several IT/web team folks, in several
> situations, refer to the cost (in man hours, not dollars) of everything
> they have to run, a lot of it not being central to our mission. The
> ability to use a third party (irrespective of who they are) seems pretty
> compelling.
There are companies offering Piwik as a third party solution, you don't
necessary have to host it yourself. Even if we had to host it ourselves,
there are areas in which we want to control our project and think long
term, we mostly host our own code instead of using bitbucket for hg for
example, we host our mailing lists instead of using third parties, we
host our own email services instead of delegating it to a third party,
we build our own datacenters instead of just renting etc. There is a
discussion here on what should be under direct Mozilla control, what can
be safely delegated to third parties and what should be a mixed world.
If we focus Mozilla as a provject on defending user privacy (and the Web
We Want campaign shows that this is what our user base wants us to
focus), then the question of what data we share with third parties
becomes even more important than it was 3 years ago.
> The previous discussion about this subject was public and
> happened on the newsgroups/mailing lists (and I followed it at that
> time, at which I was not an employee). Therefore, I don't think your
> allegation of NIHSV syndrome makes any sense (and is somewhat insulting
> because it's suggesting people haven't spent any time to consider this
> decision, or did it in private when it was, in fact, public).
I followed the discussion too, IMO it was more a communication of a
decision on using Google Analytics than a discussion on wether we should
use Google Analytics or not. Maybe Google Analytics is the best answer
to our needs, this is not actually the point, the point is that some of
our volunteer community does not agree and I think we should have a
civil discussion with them and see if some things should be reevaluated.
Maybe that means for example that we could propose Piwik (or another
equivalent open source solution) as a Mozilla hosted service for our
community sites, which would make it easier for community sites to
deploy safe analytics, would give us experience on what is potentially
lacking there and would allow us to study alternatives to google
analytics on real sites. I believe that at some point, we also need to
be on the server side because some things cannot be fixed on the client
side. Working with other projects that share our very same goals on user
privacy but on the server side seems like a win-win solution to me,
unless we want to reinvent the wheel there. I am actually not worried
about the employee/volunteer divide, I am worried about Mozilla working
in isolation to the wider ecosystem and not achieving its long term
goals because they seem to conflict with the short term goals.
>
>> I think there is a disconnect between how employees see stuff and how
>> our community and users get to conclusions with the same data.
>> Employees, especially in the US were culture seems to be very focused on
>> contracts and private law, think that as long as a contract is signed
>> and exists between two companies, the problem is fixed. Our community
>> members don't trust those contracts,
>
> You mean our volunteer community members? Employees are just as much
> part of the community, thank you very much. And, I'm sorry, but as a
> longtime volunteer and now (somewhat recent) European employee, I am
> skeptical that people getting an employment contract suddenly have a
> massive change of heart over how trustworthy contracts are. Don't try to
> make this about "employees vs volunteers", please.
A lot of employees didn't have a history of volunteering to Mozilla
before becoming an employee. A lot of the hiring is done through
internship programs with the same universities every year. You and I are
actually more exceptions than rules. So yes, by community in this
context I meant volunteer community. I tried not to forget to put
volunteer every time I used the word community in this one ;)
>
>> The trust our community has in us is not a given, it exists because we
>> have demonstrated in the past that we do good. When our community is
>> warning us that in some areas, we are breaking their trust and they see
>> a profound disconnect between our messaging and our actions, I think we
>> should listen to them and not discard their opinion just because
>> decisions are easier to take around the coffee machine among employees,
>> all living in the same area, from the same universities, with similar
>
> As far as I know, there are no other employees that went to the
> university I got my MSc at (Imperial College, London -- I suspect some
> went to University of Amsterdam (where I got my BSc) at some point, but
> I'm not sure, and there'd definitely be <10), nor other people that live
> in Birmingham (which probably just shows they're more sensible than me).
> Certainly my direct colleagues are exclusively in other countries.
> Please don't stigmatise employees, it's very hurtful both to the actual
> employees and to the image volunteer contributors have of employees, and
> doesn't do anything to further the "trust our community has in us" (who
> is "our" and "us" in that sentence, anyway?)
Please don't take your own personal story as a rule of how Mozilla works
and please, don't reply with such anger when you don't agree with
somebody else on a topic. The question is not on how distributed the
workforce is but how centralized the decision process is. In the case of
privacy matters, I think this is too centralized and that the
*volunteer* community is not involved enough or too late in the
process. We can't change the world with just employees, most of them in
North America, we need volunteers to be with us and in numbers, we need
different view points from the rest of the world on matters such as
privacy and net neutrality. That means also that some of the decisions
in our operations; not just on policy making, have to be done in close
collaboration with volunteers and that means taking their point of view
into account too, early, not after the fact. That also I think mean we
need to work more closely with other foundations anbd projects fighting
for an open web on the server side.
>
> It's about:
> a) whether we trust Google to live up to their contractual obligations;
> b) whether we think those contractual obligations are good enough both
> in terms of actual fact, and in appearance to the outside world;
> c) what alternatives we have, and whether they are better when
> considering (a), (b) and the associated costs/rewards of the alternatives.
>
> Different people seem to have different opinions on (a) and (b), but so
> far nobody has seriously discussed (c). Just throwing up a name (or
> looking at their website) and saying "why don't we use this?" isn't
> serious discussion. If you're arguing it's better than GA, explain why,
> and try to seriously estimate switching and running costs, not just the
> PR implications or the suppositions that Google might be lying to us all.
And we are back to what I asked initially, what evaluation was done on
alternatives to Google Analytics and why wasn't it shared? Even out of
curisosity, I'd like for example to know what are the strong/weak points
of all the solutions available on the market. And BTW it's not just a
question of PR, and like Benoit I think it's a question of consistency
between what we say and what we do on the field. You seem to discard the
opinion of other community members (both volunteers and employees) that
think that a self hosted or a less controversial third party solution
should be reevaluated today, I don't, I think it's the kind of things it
is good to put some thoughts on.
Once again, maybe GA was the perfect solution 2 or 3 years ago when we
were not an organization focusing on defending our users privacy, but
our recent change of focus also means that some of the decisions made in
a different context could need a reevaluation. And maybe this
reevaluation will mean that we should actually keep GA because other
tools are lacking in features or can't scale to our needs. But once
again, this is not a tooling question, it is a policy question.
Happy labor day :)
Pascal