From b715b9a730df09bf5cb27aa8edd1e52a08fb104a Mon Sep 17 00:00:00 2001
From: Jonah Aragon <jonah@triplebit.net>
Date: Wed, 12 Aug 2020 10:08:41 -0500
Subject: [PATCH] Remove Matomo (#2013)

---
 _includes/scripts.html |  9 ---------
 assets/js/main.js      | 21 ---------------------
 nginx/010-headers.conf |  2 +-
 pages/privacy.md       | 11 +----------
 4 files changed, 2 insertions(+), 41 deletions(-)

diff --git a/_includes/scripts.html b/_includes/scripts.html
index d5e84077..e17c9263 100644
--- a/_includes/scripts.html
+++ b/_includes/scripts.html
@@ -3,12 +3,3 @@
 <script src="/assets/js/bootstrap.min.js?v=4"></script>
 <script src="/assets/js/sortable.min.js?v=4"></script>
 <script src="/assets/js/main.js?v=5"></script>
-
-<!--
-  Matomo is the leading open-source analytics platform:
-  - Free open-source software
-  - 100% data ownership
-  - User privacy protection
--->
-
-<noscript><img src="https://stats.privacytools.io/matomo.php?idsite=1&amp;rec=1" class="border-0" alt=""/></noscript>
diff --git a/assets/js/main.js b/assets/js/main.js
index 1aa56caf..5f6413d5 100644
--- a/assets/js/main.js
+++ b/assets/js/main.js
@@ -94,24 +94,3 @@ if (
 ) {
   fixThemeImages();
 }
-
-
-// Matomo
-var _paq = window._paq || [];
-/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
-_paq.push(["trackPageView"]);
-_paq.push(["enableLinkTracking"]);
-(function() {
-  var u = "https://stats.privacytools.io/";
-  _paq.push(["setTrackerUrl", u + "matomo.php"]);
-  _paq.push(["setSiteId", "1"]);
-  _paq.push(['setSecureCookie', true]);
-  var d = document,
-    g = d.createElement("script"),
-    s = d.getElementsByTagName("script")[0];
-  g.type = "text/javascript";
-  g.async = true;
-  g.defer = true;
-  g.src = u + "matomo.js";
-  s.parentNode.insertBefore(g, s);
-})();
diff --git a/nginx/010-headers.conf b/nginx/010-headers.conf
index c230eeb7..ec9153bb 100644
--- a/nginx/010-headers.conf
+++ b/nginx/010-headers.conf
@@ -1,7 +1,7 @@
 add_header X-Frame-Options DENY always;
 add_header X-XSS-Protection "1; mode=block" always;
 add_header X-Content-Type-Options nosniff always;
-add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://stats.privacytools.io; style-src 'self'; img-src 'self' data: https://*.privacytools.io; object-src 'none'; frame-src https://stats.privacytools.io; font-src 'self'; base-uri 'none'; form-action 'self' https://search.privacytools.io; frame-ancestors 'none'; manifest-src 'self';" always;
+add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data: https://*.privacytools.io; object-src 'none'; frame-src 'none'; font-src 'self'; base-uri 'none'; form-action 'self' https://search.privacytools.io; frame-ancestors 'none'; manifest-src 'self';" always;
 add_header 'Access-Control-Allow-Origin' '*';
 add_header Strict-Transport-Security "max-age=31557600; includeSubDomains; preload";
 add_header Alt-Svc 'h2="privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion:443"; ma=86400; persist=1';
diff --git a/pages/privacy.md b/pages/privacy.md
index c9b91967..0277fd50 100644
--- a/pages/privacy.md
+++ b/pages/privacy.md
@@ -26,27 +26,18 @@ This data will be collected regardless of browser, device, or app used to access
 When you visit a {{ site.name }} website or service, regardless of whether you have an account or not, the website may use cookies, server logs, and other methods to collect the following data:
 
 * What pages you visit,
-* What actions you take on our website,
-* What browser, operating system, and device you use,
-* Search terms you use,
 * Your anonymized IP address: We anonymize the last 3 bytes of your IP, e.g. 192.xxx.xxx.xxx.
 
 We use this data to:
 
 * Optimize websites and services, so that they are quick and easy to use,
 * Diagnose and debug technical errors,
-* Defend websites and services from abuse and technical attacks,
-* Compile statistics on the popularity of a website, page, post, topic, etc., and
-* Compile statistics on the kinds of software and computers visitors use.
+* Defend websites and services from abuse and technical attacks.
 
 This data is processed under our [Legitimate Interest](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/when-can-we-rely-on-legitimate-interests/) to provide our services to you in a an efficient and secure manner and to ensure the legal compliance and proper administration of our business.
 
 Raw data such as pages visited, anonymized visitor IPs, and visitor actions will be retained for 60 days. In special circumstances—such as extended investigations regarding a technical attack—we may preserve logged data for longer periods for analysis. We store aggregate statistics about use of the websites and services we host indefinitely, but those statistics do not include data identifiable to you personally.
 
-You can opt out of some website tracking we do with Matomo using the form below. Our Matomo instance is blocked by most ad-blockers, so users blocking the domain `stats.privacytools.io` will not need to separately opt-out with the form below. Our Matomo instance also respects the Do Not Track (DNT) setting in your browser, so users with DNT enabled will not need to complete this form. Limited data may still be collected via server-side logs after opting out here, but this data cannot be used to identify you.
-
-<iframe style="border: 1; height: 120px; width: 100%;" src="https://stats.privacytools.io/index.php?module=CoreAdminHome&action=optOut&language=en&backgroundColor=ffffff&fontColor=212529&fontSize=1rem&fontFamily=-apple-system%2CBlinkMacSystemFont%2C%22Segoe%20UI%22%2CRoboto%2C%22Helvetica%20Neue%22%2CArial%2Csans-serif%2C%22Apple%20Color%20Emoji%22%2C%22Segoe%20UI%20Emoji%22%2C%22Segoe%20UI%20Symbol%22%2C%22Noto%20Color%20Emoji%22"></iframe>
-
 ### We collect account data.
 
 On some websites and services we provide, many features may require an account. For example, on forum.privacytools.io an account is required to post and reply to topics.