- Privacy & Performance Analysis of argv.cloud
- TL;DR
- Introduction
- Objectives of this analysis
- Out of Scope
- First things first: Preparation
- Test information:
- First Stage: Cookies
- Third Party analysis
- Conclusions on Cookies used by this site
- Part 2: Trackers & Javascript
- JS Conclusions
- Final stage: Performance Tests
- Performance Conclusions
Privacy & Performance Analysis of argv.cloud
I decided to do this mini-test out of curiosity and because I value privacy. Also, I wanted to learn a little bit more about how all this works, so I consider this as a “lab test”.
TL;DR
This site is good, privacy-focused, and pretty fast. It won’t track you down, it won’t initiate invasive cookies.
Some behavior data may be collected (Clicks, load rates, etc), but not linked to any personally identifiable information (PII) such as IP addresses or other identifying information.
Introduction
I completely went overkill here and performed an analysis of my own website (if I can even call it “my own” because it’s hosted everywhere except in my own infrastructure, and I don’t feel particularly the owner of the code), to clear out my privacy concerns, and also its performance.
Ever since I stopped using Open Source Software to host my own website/blog, and moved on to Notion.so, super.so, my convenience increased by 300%, but I wasn’t 100% sure about the privacy implications, mostly for my visitors.
The privacy of me being a user of such third-parties? Well, that’s up to me.
Objectives of this analysis
- Determine if there are any trackers and cookies across this website.
- Understand the overall speed & performance.
Out of Scope
I do not contemplate any third-party cookies, such as the ones loaded by thumbnails in embedded URLs (Youtube, and other websites loaded in the views, especially in the playlist section).
First things first: Preparation
General information about how this test was performed.
Test information:
Site | https://argv.cloud (Obviously) |
Browser | Chromium |
Initial State | Cleared cookies, session data. |
Privacy settings | None. Default configuration |
Privacy enhancements | 1 test with Ublock origin (privacy extension)
1 test without Ublock origin
1 test with Ghostery (privacy extension) |
Browser configuration | None. Default configuration (Clean slate, default security & privacy settings) |
Tools used:
- Only the browser, Dev Tools.
- Google’s Lighthouse (Default in Dev Tools)
First Stage: Cookies
First, I wanted to check with Ublock origin to see if it caught anything. Default Ublock settings (No Advanced mode, no special filters, nothing).
Cookie count: 2
Those seem like Cloudflare cookies.. let’s move on.
Third Party analysis
No cookies found by this test. Some Security Headers non-compliances but that’s none of my business here (I don’t “own” the code, servers, etc.). Everything’s being handled by Vercel, Super.so and Notion.
Conclusions on Cookies used by this site
Therefore:
Disclaimer: We use cookies to enhance your browsing experience and ensure the security of our website. Here are the details of the cookies we use:
__cf_bm- Description: Cloudflare’s Bot management.
- Purpose: Bot management and protection against malicious traffic.
- Duration: 30 minutes.
- Data Collected: Anonymized data to differentiate between human and bot traffic.
- Reference: https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/#__cf_bm-cookie-for-cloudflare-bot-products
_cfuvid- Description: Cloudflare’s Security trackers.
- Purpose: Identification of trusted web traffic.
- Duration: Session duration.
- Data Collected: IP address, browser type, and behavioral data for consistent user identification across sessions.
- Reference: https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/#_cfuvid-for-rate-limiting-rules
Part 2: Trackers & Javascript
Here I started with the chrome extension “Ghostery”:
Tracker:
https://argv.cloud/_vercel/speed-insights/script.jsThere are other JS files for chunks, but those are for functionality of the site.
Here I used some JS deobfuscation and ChatGPT to help me figure out what this JS file did.
JS Conclusions
Therefore:
Disclaimer: Here’s the data Vercel collects from you when visiting this site:
- Data Collected:
- Performance Metrics: Includes metrics like FCP, CLS, FID, TTFB, and interaction data.
- User Interactions: Tracks interactions like clicks and key presses, which could include user behavior patterns.
- Identifiers and Attribution:
- Event Target Identification: Records the target element of interactions, which can help in understanding user behavior but might also track specific user actions.
- Endpoint for Data Transmission:
- Data Sent to Vercel: The data is sent to Vercel’s
vitals.vercel-insights.comendpoint or a custom endpoint. This implies that performance data and possibly user interaction data are being sent to a third-party service.
This site uses performance monitoring tools to collect data about how it is used and performs. This data helps in user experience. The data collected includes:
- Performance Metrics: Time to first byte (TTFB), first contentful paint (FCP), cumulative layout shift (CLS), first input delay (FID), and other performance-related metrics.
- User Interactions: Information about user interactions such as clicks and key presses.
This data is sent to our performance monitoring service provider, Vercel, and used solely for improving website performance and user experience. No personal data is collected or stored.
Final stage: Performance Tests
I am not a developer, or an SRE, so I’ll just guess that its performance is “good” (I was kind of worried that it loaded too much content from AWS S3 as Notion uses it for its “blocks”).
For this I used Google’s Lighthouse to run and generate a performance report:
Turns out, it could be better for SEO purposes…
Performance Conclusions
Therefore:
- This website performs exceptionally well in terms of loading speed and responsiveness. All key performance metrics are in the optimal range.