Nah bc you're not swapping from CNAME > A records, which could have other random networking related impacts, especially if you're running a public API.
Following this. It's my experience that for all the rhetoric about VCs being ultra-helpful at the end of the day the success of any venture lies with the founders/operators - the VCs can merely allocate some time, monetary capital or social capital to push things in the right direction. But that can be a huge lever.
It's just session replay... in 2020... if we don't want to be tracked I think it's on us at this point to use a blocker.
As someone who runs a site that uses this, I can tell you with 100% certainty that without it we (a) would not be able to optimize user experience nearly as well, (b) would not be able to serve customer support tickets nearly as well and (c) would not be able to make product decisions at the velocity we want.
Not sure what folks are doing on sites like Notion, etc. that makes session replay so creepy but also do we really think companies and startups have time to sit and watch all the user sessions?
> Why just FullStory? There are tons and tons of apps that do this?
I've clearly mentioned they are not the only ones, but the most popular.
> if we don't want to be tracked I think it's on us at this point to use a blocker.
The main point of my post is to inform people this is happening, and use a blocker.
> As someone who runs a site that uses this, I can tell you with 100% certainty that without it we (a) would not be able to optimize user experience nearly as well
Everything happens in the name of user experience. There is a limit to certain things. What next? Sending an actual person to the customer and watching everything they do on their desktop to improve user exp and serve support tickets faster? Do you clearly tell your users that you are doing this?
What if I sat behind you and watched everything you do? I want to improve your web experience, help you faster and help make your product decisions at the velocity you want. Don't worry. You can use a blocker. But you don't know I am watching you tho.
> but also do we really think companies and startups have time to sit and watch all the user sessions?
That's your excuse? Haven't you heard of artificial intelligence? It can move through thousands of recordings in minutes.
> Not sure what folks are doing on sites like Notion
Notion has another privacy issue to be concerned off. This is not their main concern. Their user generated notion pages expose the user's email, full name, the collaboraters email and full names too.
> Seems like an unfair takedown to me.
Might seem so to you. I have no problem with it, but just to clear things, I have nothing personal against them nor am I involved with any of their competitors.
> That's your excuse? Haven't you heard of artificial intelligence? It can move through thousands of recordings in minutes.
Doing what nefarious activity exactly? I'm not sure good sir, but if we want to make mountains out of molehills we're all free to do it... it's just an analytics tool like any other with the one caveat that they recreate the screen from DOM reconstruction instead of just sending over each and every click event like every other marketing tool (Heap, Segment, Intercom - you name it).
Sure, give users an opt out and respect that but otherwise the drama around this stuff is pretty wild.
You don't use the same argument when entering a grocery store - you're being tracked all over the place. Well, when you're on my website you're on my property and I'll respect the governing rules that say what I can and can't do without permission but hey, if you don't like it... leave?
This is awesome, thanks for sharing that! Can I ask a quick prying question -- who writes these principles and who approves them over on your end?
Effectively trying to gauge - is it grassroots and from the ground up, implemented and vetted by the engineers or is it more top-down "we need a way to align engineering at scale" development?
Mostly wondering about adoption and imagining whether my approach of pushing this into our team is the way to go or if it's worth allowing a collective to determine the working principles. Sorry for all the questions, you sparked my curiosity :)
It's a semi-grassroots initiative, there is a steering committee made up of various engineers, some of whom are involved in engineering education. The work is supported by senior engineering leadership.
The other core idea is that these principles are internally open source, and as such are there to be refined by engineers.
But even if you use a third party, tying identity in to your application almost always still has to be rolled on your own right? So no matter how bulletproof the 3rd party solution, it’s likely that a tremendous number of vulnerabilities on an application basis could come from faulty auth integrations as well
But folks really cache auth related data? Isn’t that better handled purely through client <> server requests and handling caching for all UI or action based data?
Not at scale. If our auth caching stops, our auth servers can get overloaded at peak times. Granted, horizontal scaling auth is a better first round choice, but caching gives you vertical scaling when you are hitting limits on your database. Another option is z-scaling, but that is really just a way to improve either of the previous two (have different pools of user databases).
