Le site amplitude.com est-il sûr ?

From the site's meta description tag, "Amplitude Mobile Analytics helps you leverage cross-platform behavioral data to drive explosive user growth. Pinpoint your path to user growth in hours." At least I give them credit for not trying to hide what they are - an end-user tracking engine. Their focus is to help their customers (web sites) get and retain customers (you and me). In a nutshell, a web site uses Amplitude's tools to track everything you do on that (Amplitude customer's) web site. Amplitude does not track you as an individual (e.g., john.doe@anywhere.com) but rather a number (e.g., you are "2d5fbfb6-7435"). As their privacy policy states when tracking "end users" (i.e., you and me), they do not keep any personally identifiable information (PII) - just that number. They keep that number associated with you (presumably as a cookie) persistently so they can track you every time you use the site. (Since I have mentioned Amplitude's privacy, I would note that it mostly addresses the privacy of Amplitude's customers [i.e., web sites] not end users.) The idea is that their customers (the web sites that you visit and that buy Amplitude's services) can see how often you come to the site, how long you were on a page, where you went from that page, did you invite a friend, did you post on Facebook, did you buy anything or subscribe or whatever makes money for the site, and so on. The sites want to turn visitors into customers (called "conversion") and determine what keeps visitors/customer coming back. On the surface, that doesn't sound too bad. Further, I believe Amplitude when they say *they* don't keep PII. However, assuming their customers have access to your Amplitude ID number and you have given any PII to that site - such as signing up for an account, it would be trivial for that site to associate your PII to Amplitude's ID number and have a complete picture of your activities tied to you as a name, address, etc. That's pretty detailed tracking of you specifically. Where it gets a more concerning is that I didn't see anything that says that Amplitude's service gives different IDs to the same individual visiting different sites (assuming the other sites are also using the Amplitude tools). If they reuse the same ID, they now have detailed tracking data about you across sites. If so, does site A have a way to find out what you did at site B? I could see why a site would find that very valuable. Imagine this scenario: User ID 4f223ac-4432 (who we know has the real name John Doe and email john.doe@anywhere.com), visited our site, looked at the pricing/services page, also went to our competitor's site, looked at their pricing/services page, and signed up with our competitor. Hmm, maybe we should send John Doe an email offering a lower price for the first year. Assuming I take Amplitude's meta tag as factual, they also track you cross-platform. That is from your desktop to your laptop to your tablet to your phone, etc. (I think they can only pull that off if the sites using Amplitude report the Amplitude ID to Amplitude when the user uses different platforms.) If they keep the same ID, they can track you at different sites regardless of if you use your phone for one site and a laptop for another. Honestly, I doubt cross-site tracking happens, but I don't see what would prevent it, technically. First, Amplitude would need to be pretty commonly used by many web sites or at least many web sites in the same market segment (which I am sure Amplitude would be happy with). Second, as soon as site A finds out they have access to site B's user tracking, they will realize site B has similar access to their tracking. Say goodbye to both sites as customers of Amplitude. At a high enough level (more than $1000/month using Amplitude's pricing page at this time), the web sites have low-level direct access to the Amplitude database where they can query the data in any manner that's acceptable at a database level. However, as a third point, the information at Amplitude's web site makes me believe they keep the data from each of their customers in separate (Amazon Redshift) databases, so that should prevent site A from looking at site B's data as well. So, it's pretty detailed tracking by a site about your usage of that site. This is a site you probably have already signed up with or at least visit often, so is there any harm? Interestingly, I first encountered the Amplitude tracker at patreon.com. I would assume Patreon uses this information to see what Patreon pages I look at and which ones I donate to. Presumably, that would make it easy for them to suggest new/other projects that I might be interested in (i.e., want to donate to). More patrons means more money to Patreon.com. Done sparingly, I would find this useful; done regularly would be more annoying or even badgering. All this being said, I'm more or less OK with letting this service to run in my browser. It's potentially concerning - especially at the levels they claim they can track, but I believe it's tracking on a specific site and available only to that site.

The website focuses on online tracking and analytics that people can include on their website. It even includes user behavior tracking, which seems much more invasive compared to other common analytics websites. Overall, I wouldn't trust if you value your privacy.