HackerTrans
TopNewTrendsCommentsPastAskShowJobs

JackWritesCode

no profile record

Submissions

Fathom Acquires Gauges

usefathom.com
2 points·by JackWritesCode·3 tháng trước·0 comments

[untitled]

1 points·by JackWritesCode·2 năm trước·0 comments

[untitled]

1 points·by JackWritesCode·2 năm trước·0 comments

Running Query Insights on PlanetScale

planetscale.com
15 points·by JackWritesCode·3 năm trước·1 comments

PlanetScale Scaler Pro

planetscale.com
131 points·by JackWritesCode·3 năm trước·42 comments

Generated Hash Columns in MySQL

planetscale.com
5 points·by JackWritesCode·3 năm trước·0 comments

[untitled]

1 points·by JackWritesCode·4 năm trước·0 comments

[untitled]

1 points·by JackWritesCode·4 năm trước·0 comments

[untitled]

1 points·by JackWritesCode·4 năm trước·0 comments

Show HN: Illegal Analytics Scanner

illegal.analyticsscanner.com
13 points·by JackWritesCode·4 năm trước·13 comments

comments

JackWritesCode
·3 năm trước·discuss
Fathom's script forgets everybody by default, it's literally built into the tech. No EU personal data is touching Canada.

The background of Schrems II was that the US government can compel US companies to track foreign nationals and it would be lawful under US law. This is where the argument of "company in X under Y laws" comes into play. For example, Amazon is a US company. An EU subsidiary is still subject to it's parents control. If that parent is a US company, it's subject to US surveillance laws. Hello Schrems II.

So I'm not fully following why we're having a discussion around processing happening in Canada when personal data (IP Address) hits our EU Isolation infrastructure.

If you have any sources you can cite where the European Commission states BC as an exemption to Canada's adequacy ruling, please throw it back to me. I've not seen that.
JackWritesCode
·3 năm trước·discuss
1. I understand the piece about "stamp" of adequacy. But when the Schrems II ruling happened, the world learned that we cannot always rely on "stamps" and need to look into the laws. At this moment in time, the European Commission says that Canada has adequacy ruling as a whole and there is no note about it not apply to British Columbia.

So my question to you is: Which part of the Personal Information Protection Act in BC would undermine the EU's adequacy decision towards BC? The reason I'm pushing on this question is because the "stamp" occurs for a reason. Please let me know where the PIPA would lead to the European Commission labelling BC as inadequate.

2. We're mixing things up here with Amazon, Google and Azure. Those companies are subject to FISA 702[1] and EO12333[2]. We are not subject to these surveillance laws here in Canada. I've spoken at length about this before, about how the US government could compel one of these companies to secretly spy on people using their EU infrastructure. So our company is not in the same position.

I'll wait for your specifics around the PIPA.

[1] https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveilla... [2] https://en.wikipedia.org/wiki/Executive_Order_12333
JackWritesCode
·3 năm trước·discuss
I was linked to this post by a friend regarding the comments you made about Fathom's GDPR compliance.

1. The GDPR is regulation from the European Union

2. PIPEDA has an Exemption order for BC (British Columbia, Canada) and applies "in respect of the collection, use and disclosure of personal information that occurs within the Province of British Columbia".

Firstly, the Exemption order states "Whereas the Governor in Council is satisfied that the Personal Information Protection Act, S.B.C. 2003, c. 63, of the Province of British Columbia, which is substantially similar to Part 1 of the Personal Information Protection and Electronic Documents Act, applies to the organizations described in the annexed Order;"

Secondly, which part of BC's Personal Information Protection Act would undermine it's adequacy ruling under the GDPR?

Finally, let's get into Fathom's pageview/event collection script and explain how it works:

1. There is no collection, use and disclosure of personal information that occurs within the Province of British Columbia

2. EU traffic is automatically routed via EU Isolation and processed on German-owned servers. This allows us to stop US government snooping on EU traffic

3. Fathom Analytics is incorporated in BC. But nobody in BC has access to our EU Isolation infrastructure. I'm the CTO of Fathom Analytics and I have access to our EU Isolation infrastructure. I'm not in BC. Additional access to EU Isolation is from Germany only. Heck, not even GitHub Actions has access to EU Isolation, we self-host GitLab to keep things completely isolated. We put a lot of time and effort into this.

I'll wait back to hear back from you on which parts of the BC's PIPA undermine the adequacy ruling. Our lawyer here in Canada is incredibly well versed in Canadian privacy law, so we can definitely loop her in if there's any confusion here.

I hope that addresses your point and helps inform other people who may be reading this.
JackWritesCode
·4 năm trước·discuss
No access logs are kept, users aren't profiled or tracked across multiple sites. Ad-blockers blocking privacy-first solutions encourage use of Google Analytics. Being able to bypass ad-blockers is a competitive advantage over GA, which then leads to companies dropping GA, which leads to less data hitting Google's servers. You can read more about ad-blockers vs privacy-first analytics here: https://usefathom.com/blog/ad-blockers-war
JackWritesCode
·4 năm trước·discuss
Lmao. Hey, if I wasn't running Fathom, Dev Rel @ SingleStore is the only role I'd consider in tech right now. And I would definitely try to get some of those sweet shares as part of compensation. Alas, I don't own any SingleStore shares.
JackWritesCode
·4 năm trước·discuss
I completely agree! For the people following back home, who don’t want to move away from MySQL, can you let us know how to achieve a <10ms GROUP BY aggregation with a high cardinality column (11 million distinct values for “pathname”).

The query was:

SELECT SUM(pageviews) as total, pathname FROM pageviews GROUP BY pathname ORDER BY total DESC LIMIT 10.

If we don’t hear an answer from you, I’ll be really upset. Otherwise, we may have to add your ideas to the article!
JackWritesCode
·4 năm trước·discuss
By migrating to SingleStore, we didn’t have to change any persistence logic (we were already using SQL and Laravel Eloquent). Having explored doing that for Elasticsearch, it wasn’t something we wanted to do.

Looking back, I’m glad we went in this direction. Fathom has grown beyond what we could’ve imagined. Let’s see what happens over the next five years.
JackWritesCode
·4 năm trước·discuss
We didn’t decide that, we used SingleStore
JackWritesCode
·4 năm trước·discuss
My wife thought it was funny ;)
JackWritesCode
·4 năm trước·discuss
Clickhouse isn’t really relevant for a lot of us. SingleStore outperforms clickhouse and the latter isn’t MySQL wire compatible. Far more features come with SingleStore too. And if you speak to people running Clickhouse, they’re also maintaining a Postgres set-up. With SingleStore, you get your OLTP and OLAP in one database. So our users & sites table sit in memory (backed up by disk), meaning ultra fast read/write speeds (comparable to clustered/high availability Redis). And then we put our pageviews/events in columnstore (disk) which offers rapid performance for analytical queries.
JackWritesCode
·4 năm trước·discuss
Definitely not. No regrets after making the move. March next year will be the two year mark.
JackWritesCode
·4 năm trước·discuss
Very well written for newcomers. But I also appreciated the clarification in the auth section. I’ve used Laravel for years and the auth had confused me. Bootcamp makes things clearer.
JackWritesCode
·4 năm trước·discuss
Agreed. The next step here is to learn from what other people have written.
JackWritesCode
·4 năm trước·discuss
People are freaking out about this: https://twitter.com/usefathom/status/1481622895616950273

News like this takes time, and requires education, and we expect to see additional rulings that solidify EU DPA's commitment to enforcement.
JackWritesCode
·4 năm trước·discuss
Yup. The Illegal Analytics Scanner is deployed to Germany. We then load the website, observe the pixels loaded, run the IP returned through an IP lookup, and see who controls the server. If it's a US cloud provider, it's not lawful in the EU.
JackWritesCode
·4 năm trước·discuss
Here you go: https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-...
JackWritesCode
·4 năm trước·discuss
The Schrems II ruling occurred back in 2020. Max Schrems & noyb have filed 101 complaints, and we're now going to see DPAs make decisions (meaning the ruling is enforced). What's new now is that a DPA has actually made a decision against Google Analytics (and US cloud providers).

I can only speculate on what's going to happen.
JackWritesCode
·4 năm trước·discuss
That if they're processing EU website visitor traffic, they're in violation of the Schrems II ruling, and violating the GDPR. Very messy situation right now.
JackWritesCode
·4 năm trước·discuss
We utilized some things we had already built, and it took less than a day to put this together.
JackWritesCode
·4 năm trước·discuss
Fathom is located in Canada, a country that has an adequacy decision under the GDPR :)