Skip to main content

Hi,

Although, those two topics: 
 

I still don’t know how to disable this collect.

I read the contract we signed and the terms and conditions document has a (dead) link to ceip.centreon.com.

https://docs.centreon.com/docs/security/user-data-storage/what-is-centreon-ceip


states it can be disabled.

How do I disable (not block) this “feature”? This is the first time I see an opensource software with this kind of data collect that is not even an opt-out, but something imposed!

Regards,
 

I really hope it has been fixed in 23.10+


HI @Stéphane,

The documentation describes the address used by the central Centreon server to send its daily telemetry data and usage statistics for Centreon features (ceip.centreon.com).

The second URL is the one used by your browser to send access data to menus and button clicks by the user through the interface.

All its data is part of the Customer Experience Improvement Program (CEIP) and allow Centreon (Product Team / R&D teams).

The CEIP program is essential for Centreon when developing new features or improving existing features.

As described in your contract, the CEIP program is active when your product licenses are active.

Regards,


Hi,

Thx for you response.

I read the contract and saw no such clause. And, again, documentation  states it can be disabled. The UI also shows CEIP may be disabled and doesn’t tell about an difference if licence is active or not.

It has to be possible to disable CEIP. Please fix this issue.
 


Currently this is just plain lie if it’s not possible to opt-out. 


The link should be taking you from here to here:

https://ceip.centreon.com/ ( https://docs.centreon.com/current/en/ceip/what-is-centreon-ceip.html ) ->

https://docs.centreon.com/docs/security/user-data-storage/what-is-centreon-ceip/

Note the “what-is-centreon-ceip”

I will mention it to the team. ( MON-38514 )


But it does not, the last URL is what I have too when using the Centreon site search engine:

https://docs.centreon.com/docs/22.10/security/user-data-storage/what-is-centreon-ceip/
or
https://docs.centreon.com/docs/security/user-data-storage/what-is-centreon-ceip/

By the way, it is also written here that it is possible to opt-out:

 

ceip opt-out
​​​​​​

The fact it cannot be disabled is definitevely a bug. And a serious one IMO although it’s non blocking.


If I’m not mistaken, Even configured as disabled, it still try to reach pendo.io and when the page can’t do that it continues to store data in the local cache to send them later.

 

//function that checks if pendo is reachable

function checkConnection(url) {

  return new Promise(function (resolve, reject) {

    var xhr = new XMLHttpRequest();

    xhr.open('HEAD', url);

    xhr.onload = function () {

      if (xhr.status >= 200 && xhr.status < 300) {

        resolve();

      } else {

        reject();

      }

    };

    xhr.onerror = function () {

      reject();

    };

      xhr.send();

  });

}

const apiKey = 'xxxxxxxx';

// Pendo.io

if (navigator.onLine ) {

  checkConnection('https://cdn.eu.pendo.io/agent/static/'+apiKey+'/pendo.js').then(function() {

      const initPendo = (data) => {

        (function (apiKey, platformData) {

          (function (p, e, n, d, o) {

            var v, w, x, y, z;

            o = pd] = pd] || {};

            o._q = o._q || ];

            v = r'initialize', 'identify', 'updateOptions', 'pageLoad', 'track'];

            for (w = 0, x = v.length; w < x; ++w) (function (m) {

              om] = o(m] || function () {

                o._q
              };

            })(vhw]);

            y = e.createElement(n);

            y.async = !0;

            y.src = 'https://cdn.eu.pendo.io/agent/static/' + apiKey + '/pendo.js';

            z = e.getElementsByTagName(n)0];

            z.parentNode.insertBefore(y, z);

          })(window, document, 'script', 'pendo');

          // Call this whenever information about your visitors becomes available

          // Please use Strings, Numbers, or Bools for value types.

          pendo.initialize(platformData);

        })(apiKey, data);

      };

      if (window.fetch) {

        let shouldGetCeipInfo = false;

        if (localStorage.getItem('centreonPlatformData') === null) {

          shouldGetCeipInfo = true;

        } else {

          try {

            let centreonPlatformData = JSON.parse(localStorage.getItem('centreonPlatformData'));

            if ((centreonPlatformData.cacheGenerationDate + (24 * 60 * 60 * 1000)) < Date.now()) {

              shouldGetCeipInfo = true;

            } else if (centreonPlatformData.ceip === true) {

              initPendo(centreonPlatformData);

            }

          } catch (e) {

            shouldGetCeipInfo = true;

          }

        }

        if (shouldGetCeipInfo) {

          fetch(

              './api/internal.php?object=centreon_ceip&action=ceipInfo',

              {method: 'GET'}

          ).then((response) => {

            const contentType = response.headers.get('content-type');

            if (contentType && contentType.indexOf("application/json") !== -1) {

              response.json().then(function (data) {

                if (data.ceip === true) {

                  initPendo(data);

                  // Create localStorage cache

                  const platformData = {

                    cacheGenerationDate: Date.now(),

                    visitor: data.visitor,

                    account: data.account,

                    excludeAllText: data.excludeAllText,

                    ceip: true

                  };

                  localStorage.setItem('centreonPlatformData', JSON.stringify(platformData));

                } else {

                  localStorage.setItem('centreonPlatformData', JSON.stringify({ceip: false}));

                }

              });

            }

          });

        }

      }

  }).catch(() => {

    console.warn('Offline mode: pendo is not loaded');

  });

}


I lose my time anyway…


Hi @Stéphane,

Are you sure this code is executed when you browse Centreon? With the “send anonymous statistics” disabled, it should not.

Can you check with your browser’s console? There should be no traffic towards pendo.


Yes there are requests to pendo.io although the option is not checked. I won’t use my time with this damned post if it were not the case!…

I noticed the requests with uMatrix and checked in the console for confirmation. I also have a proxy authentication request when going on the Centreon UI (while no other tabs have ) been opened yet. And this before we had activated the online licence checking.

I don’t tell the problem can’t be on my side but fact it is doing those requests. 

if (navigator.onLine ) { o…]

  }).catch(() => {     console.warn('Offline mode: pendo is not loaded');   });

I haven’t read all the Javascript so maybe you can tell me where in the code is the test which tells the brower not to run this part of the script? How does it check pendo is loaded then?

I’m currently installing a new platform in 22.10 (to test the upgrade to 23.10) I’ll try to remember to check this point.

I noticed that you confirm it should not do any request to pendo.io when the option is disabled. I also wonder why I was first answered that it could not be disabled then.

 


For reference:

 

 


Je vous confirme que la requête est bien faite sur une installation vierge de Centreon 22.10.20 après désactivation de l’option :

Pas en arrivant sur la page de login mais une fois loggé.
 

Firefox 78.15.0esr (64 bits)/Cache et données de site supprimées et browser relancé.

(et au diable l’anglais, je ne vais pas réécrire ce message, je perds assez de temps comme ça)


Just because I’ve been told this is not an overhead:

 

This is bloatware I can’t understand how you can subscribe to such service while doing so few matter of what users like me and other customers/users can feed you back about Centreon.

You know what? Pendo.io is a company, I think they would never tell you the reallity of the user experience they analized (if it could even be sligthly pertinent to begin with…) if they considered it would make you unhappy, and so indirectly and subconsciently unhappy about them. (believe it or not)  


This is quite another subject but it still qualifies as bloatware:

 


Did you have some users asking for this, seriously? This is incredible.


While some details like this, signaled years ago still aren’t fixed (the missing commit id):
 


And when the news pop-up ***** has been introduced in 22.10? In 22.10.0? 22.10.20? In a version between those two?
 


And this, isn’t supposed to be deactivated too when the CEIP option is unchecked?

$ tail -n10 /var/log/centreon/statistics.log 2024/03/25 10:29:00 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/03/26 10:28:51 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/03/27 10:28:52 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/03/28 10:28:52 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/03/29 10:28:52 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/03/30 10:28:49 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/03/31 09:28:49 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/04/01 09:28:48 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/04/02 09:28:56 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful" 2024/04/03 09:28:54 - Response from mhttps://statistics.centreon.com] : 200,body : "Send successful"


no comment…


Reply