French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5.
[…]
Covering laptops, cars and other connected objects as well as phones, the measure would allow the geolocation of suspects in crimes punishable by at least five years’ jail. Devices could also be remotely activated to record sound and images of people suspected of terror offenses, as well as delinquency and organized crime.
[…]
During a debate on Wednesday, MPs in President Emmanuel Macron’s camp inserted an amendment limiting the use of remote spying to “when justified by the nature and seriousness of the crime” and “for a strictly proportional duration.” Any use of the provision must be approved by a judge, while the total duration of the surveillance cannot exceed six months. And sensitive professions including doctors, journalists, lawyers, judges and MPs would not be legitimate targets.
Last week, the French national data protection authority (the Commission Nationale de l’informatique et des Libertés or “CNIL”), published guidelines for what it considers to be a GDPR-compliant way of loading Google Analytics and similar marketing technology tools. The CNIL published these guidelines following notices that the CNIL and other data protection authorities issued to several organizations using Google Analytics stating that such use resulted in impermissible data transfers to the United States. Today, we are excited to announce a set of features and a practical step-by-step guide for using Zaraz that we believe will help organizations continue to use Google Analytics and similar tools in a way that will help protect end user privacy and avoid sending EU personal data to the United States. And the best part? It takes less than a minute.
What we are releasing today is a new set of privacy features to help our customers enhance end user privacy. Starting today, on the Zaraz dashboard, you can apply the following configurations:
Remove URL query parameters: when toggled-on, Zaraz will remove all query parameters from a URL that is reported to a third-party server. It will turn https://example.com/?q=hello to https://example.com. This will allow users to remove query parameters, such as UTM, gclid, and the sort that can be used for fingerprinting. This setting will apply to all of your Zaraz integrations.
Hide originating IP address: using Zaraz to load tools like Google Analytics entirely server-side while hiding visitor IP addresses from Google and Facebook has been doable for quite some time now. This will prevent sending the visitor IP address to a third-party tool provider’s server. This feature is configured at a tool level, currently offered for Google Analytics Universal, Google Analytics 4, and Facebook Pixel. We will add this capability to more and more tools as we go. In addition to hiding visitors’ IP addresses from specific tools, you can use Zaraz to trim visitors’ IP addresses across all tools to avoid sending originating IP addresses to third-party tool servers. This option is available on the Zaraz setting page, and is considered less strict.
Clear user agent strings: when toggled on, Zaraz will clear sensitive information from the User Agent String. The User-Agent is a request header that includes information about the operating system, browser, extensions and more of the site visitor. Zaraz clears this string by removing pieces of information (such as versions, extensions, and more) that could lead to user tracking or fingerprinting. This setting will apply only to server-side integrations.
Removal of external referrers: when toggled-on, Zaraz will hide the URL of the referring page from third-party servers. If the referring URL is on the same domain, it will not hide it, to keep analytics accurate and avoid the session from “splitting”. This setting will apply to all of your Zaraz integrations.
How to set up Google Analytics with the new privacy features
We wrote this guide to help you implement our new features when using Google Analytics. We will use Google Analytics (Universal) as the example of this guide, because Google Analytics is widely used by Zaraz customers. You can follow the same principles to set up your Facebook Pixel, or other server-side integration that Zaraz offers.
Step 1: Install Zaraz on your website
Zaraz loads automatically for every website proxied by Cloudflare (Orange Clouded), no code changes are needed. If your website is not proxied by Cloudflare, you can load Zaraz manually with a JavaScript code snippet. If you are new to Cloudflare, or unsure if your website is proxied by Cloudflare, you can use this Chrome extension to find out if your site is Orange Clouded or not.
Step 2: Add Google Analytics via the Zaraz dashboard
All customers have access to the Zaraz dashboard. By default, when you add Google Analytics using the Zaraz tools library, it will load server-side. You do not need to set up any cloud environment or proxy server. Zaraz handles this for you. When you add a tool, Zaraz will start loading on your website, and a request will leave from the end user’s browser to a Cloudflare Worker that sits on your own domain. Cloudflare Workers is our edge computing platform, and this Worker will communicate directly with Google Analytics’ servers. There will be no direct communication between an end user’s browser and Google’s servers. If you wish to learn more about how Zaraz works, please read our previous posts about the unique Zaraz architecture and how we use Workers. Note that “proxying” Google Analytics, by itself, is not enough, according to the CNIL’s guidance. You will have to take more actions to make sure you set up Google Analytics properly.
Step 3: Configure Google Analytics and hide IP addresses
All you need to do to set up Google Analytics is to enter your Tracking ID. On the tools setting screen, you would also need to toggle-on the “Hide Originating IP Address” feature. This will prevent Zaraz from sending the visitor’s IP address to Google. Zaraz will remove the IP address on the Edge, before it hits Google’s servers. If you want to make sure Zaraz will run only in the EU, review Cloudflare’s Data Localization Suite.
According to your needs, you can of course set up more complex configurations of Google Analytics, including Ecommerce tracking, Custom Dimension, fields to set, Custom Metrics, etc. Follow this guide for more instructions.
Step 4: Toggle-on Zaraz’s new privacy features
Next, you will need to toggle-on all of our new privacy features mentioned above. You can do this on the Zaraz Settings page, under the Privacy section.
Step 5: Clean your Google Analytics configuration
In this step, you would need to take actions to clean your specific Google Analytics setting. We gathered a list of suggestions for you to help preserve end user privacy:
Do not include any personal identifiable information. You will want to review the CNIL’s guidance on anonymization and determine how to apply it on your end. It is likely that such anonymization will make the unique identifier pretty much useless with most analytics tools. For example, according to our findings, features like Google Analytics’ User ID View, won’t work well with such anonymization. In such cases, you may want to stop using such analytics tools to avoid discrepancies and assure accuracy.
If you wish to hide Google Analytics’ Client ID, on the Google Analytics setting page, click “add field” and choose “Client ID”. To override the Client ID, you can insert any string as the field’s constant value. Please note that this will likely limit Google’s ability to aggregate data and will likely create discrepancies in session and user counts. Still, we’ve seen customers that are using Google Analytics to count events, and to our knowledge that should still be doable with this setting.
Clean your implementation from cross-site identifiers. This could include things like your CRM tool unique identifier, or URL query parameters passing identifiers to share them between different domains (avoid “cross-domain tracking” also known as “site linking”).
You would need to make sure not to include any personal data in your customized configuration and implementation. We recommend you go over the list of Custom Dimension, Event parameters/properties, Ecommerce Data, and User Properties to make sure they do not contain personal data. While this still demands some manual work, the good news is that soon we are about to announce a new set of Privacy features, Zaraz Data Loss Prevention, that will help you do that automatically, at scale. Stay tuned!
Step 6 – you are done! 🎉
A few more things you will want to consider is that implementing this guide will result in some limitations in your ability to use Google Analytics. For example, not collecting UTM parameters and referrers will disable your ability to track traffic sources and campaigns. Not tracking User ID, will prevent you from using the User ID View, and so on. Some companies will find these limitations extreme, but like most things in life, there is a trade-off. We’re taking a step towards a more privacy-oriented web, and this is just the beginning. In the face of new regulatory constraints, new technologies will appear which will unlock new abilities and features. Zaraz is dedicated to leading the way, offering privacy-focused tools that empower website operators and protect end users.
To wrap up, we would really appreciate any feedback on this announcement, or new feature requests you might have. You can reach out to your Cloudflare account manager, or directly to us on our Discord channel. Privacy is at the heart of everything our team is building.
We always take a proactive approach towards privacy, and we believe privacy is not only about responding to different regulations, it is about building technology that helps customers do a better job protecting their users. It is about simplifying what it takes to respect and protect user privacy and personal information. It is about helping build a better Internet.
We blogged previously about some trends concerning the first round of the 2022 French presidential election, held on April 10. Here we take a look at the run-off election this Sunday, April 24, that ended up re-electing Emmanuel Macron as President of France.
First, the two main trends: French-language news sites outside France were clearly impacted by the local rule that states that exit polls can only be published after 20:00.
And Internet traffic was similar on both the election days (April 10 and 24) and that includes the increase in use of mobile devices and interest in news websites — there we also saw a clear interest in the Macron-Le Pen debate on April 20.
We have discussed before that election days usually don’t have a major impact on overall Internet traffic. Let’s compare April 10 with 24, the two Sundays when the elections were held. The trends throughout the day are incredibly similar (with a slight increase in traffic on April 24), even with a two-week gap between them.
Another election-day trend is the use of mobile devices to access the Internet, mainly at night. The largest spikes in number of requests made using mobile devices in France during April seemed to be all election-related:
#1. April 10 (first round of the election), 21:00 local time. 58% of traffic by mobile devices.
#2. April 24 (second round of the election), 22:00. 57% mobile traffic.
#3. April 20 (presidential debate), 22:00. 56% mobile traffic.
Not only did both the election Sundays (after the polling stations were closed) have an impact on mobile traffic in France, but the presidential debate (Wednesday, April 20) had the same type of impact, increasing requests from mobile devices.
The TV debate was seen by 15.6 million viewers in France and lasted between 21:00 and 22:45, local time; at the same time mobile traffic was higher than in any other Wednesday and was the #3 spike of April, with 10% more mobile requests than in the previous Wednesday at the same time.
The special case of French-language news sites
For the elections, local rules state that French media is barred from publishing partial results or polls of any kind until 20:00, the time when voting stations in metropolitan France officially close. So, that means that French news outlets have to wait for the allotted hour to give official projections.
Given that, we looked at French-language news websites from French-speaking countries like Switzerland and Belgium. They aren’t bound by French law and can show information about exit polls earlier (bear in mind that in most French cities polling stations close at 19:00 and only in the bigger cities does it go on until 20:00).
We can clearly see that requests to French-language news sites outside France clearly spiked earlier than those in France. News websites in France had spikes after 20:00 local time on both elections days, but Belgian and Swiss news sites had major increases in traffic at 19:00 on April 10 (1857% more than the previous Sunday!). For the runoff elections on April 24, the biggest spike of the month was at 18:00 (3100% more requests than the previous Sunday), but it was also higher than on previous days one hour later, at 19:00 (3080% higher).
There are no spikes at all related to the French debate (April 20), so that seems to show that those Belgian and Swiss news sites had a huge increase of French citizens eager to see the polls before 20:00.
Election results change online patterns
We saw two weeks ago that official election websites had a clear spike in requests on April 10, the first round of the elections. Here we’re looking at DNS request trends to get a sense of traffic to Internet properties.
Official French election-related websites had an increase in traffic throughout the week prior to the first round, after Monday, April 4, but it’s no surprise that the two major spikes were on both the elections’ day. How much? Here is the breakdown by bigger spikes in traffic:
#1. April 10 (first round of the election), 00:00 local time. 925% more requests than the previous Sunday (at the same time).
#2. April 24 (second round of the election), 20:00. 707% more requests.
#3. April 10 (first round of the election), 20:00. 370% more requests.
#3. April 11, 10:00. 115% more requests than the previous Monday.
(there’s a draw at these last two spikes)
News sites go up after polling stations close
Regarding the main French news websites, as we saw two weeks ago, 20:00 local time, after the polling stations are all closed, and the first major polls are revealed continues to be the time of the biggest spikes of the whole month.
The biggest spike of the month in our aggregate DNS chart, that shows trends from 12 news websites, was definitely on April 10, the first round election day, around 20:00 local time, when those domains had 116% more traffic than at the same time on the previous Sunday. And the second-biggest spike was the runoff election day, on April 24, at the same time (20:00 local time), with an increase of 142% in traffic compared to the previous Sunday at the same time.
Very close to those two spikes is Monday morning, April 11, after the first round of the elections. At 10:00 local time requests were 45% higher than in the previous Monday. The Macron-Le Pen debate on Wednesday, April 20, also had a spike. At 21:00, when it was starting, requests were 56% higher than on the previous Wednesday.
The same trend is seen on the major French TV station websites, with a clear isolated spike on April 10 (the first round election day) at 20:00 local time, with a 472% increase in traffic compared to the previous Sunday, when the main exit polls were announced. Something similar, at the same time (20:00), on April 24, with a 375% increase in requests compared to the previous Sunday.
That’s only matched, again, by the April 20 debate. At 21:00 traffic was 308% higher than the previous Wednesday, so people were clearly taking notice of the debate and checking news outlets and TV station websites — there were French sites like france.tv that transmitted via streaming.
Conclusion
When people are really eager to see something as important as election results, they go and search where the first polls are (in this case, before 20:00 local time, they are outside France).
Also, in two different election moments in France separated by two weeks, there are clear similarities in Internet trends that show the way people use the Internet during election periods. That’s more clear when results start to arrive, but also a debate as important for a presidential election as the Le Pen-Macron one, also impacts not only the Internet traffic but also the attention to news and TV websites.
If you’d like to read this post in French click here.
I am incredibly excited to announce that I have joined Cloudflare as its Head of France to help build a better Internet and expand the company’s growing customer base in France. This is an important milestone for Cloudflare as we continue to grow our presence in Europe. Alongside our London, Munich, and Lisbon offices, Paris marks the fourth Cloudflare office in the EMEA region. With this, we’ll be able to further serve our customers’ demand, recruit local talent, and build on the successes we’ve had in our other offices around the globe. I have been impressed by what Cloudflare has built in EMEA including France, and I am even more excited by what lies ahead for our customers, partners, and employees.
Born in Paris and raised in Paris, Normandie and Germany, I started my career more than 20 years ago. While a teenager, I had the chance to work on one of the first Apple IIe’s available in France. I have always had a passion for technology and continue to be amazed by the value of its adoption with businesses large and small. In former roles as Solution Engineer to Account Manager, Partner Director to Sales Director, and more recently Country Manager—I’ve had the chance to manage different sizes of businesses and teams, and am passionate about seeking out and providing the best solutions and value to customers and their challenging yet unique needs.
In 2011, I opened the Amazon Web Services office in France. Over the last nine years, I have advised and helped a large number of companies, across varying industries and sizes, move from on-premise infrastructure to cloud and SaaS architectures. I have seen that this major and inevitable transition has increased, exponentially, the complexity of architecture with heterogeneous infrastructure environments across public cloud, on-premise, and hybrid deployments. The threat landscape, functional requirements, and scale of business applications have evolved faster than ever before, and the volume and sophistication of network attacks can strain the defensive capabilities of even the most advanced enterprises. This is forcing a major architectural shift in how enterprises address security, performance, and reliability at the network layer.
Today, companies’ digital assets (web properties, applications, APIs, and on) have become their most valuable asset. How organizations are able to use the Internet to serve their customers, partners, and employees—is now a strategic priority for organizations around the world. Cloudflare is leading this transition.
Why Cloudflare?
Here are four reasons why I’m joining and embarking on this amazing journey.
Cloudflare’s customer base and growth: I have been impressed with the growth, technology, and pace of adoption behind the company’s suite of products. Cloudflare is servicing Internet properties of more than 3.2 million customers that are relying on us around the world, including approximately 16 percent of the Fortune 1000 companies. From the public sector to enterprises to startups—companies of all sizes and types are being powered by these critical security, performance, and reliability services. Every day thousands of new customers sign up for Cloudflare services.
Cloudflare’s Global Network: I discovered early on that Cloudflare is powered by its global network that is always learning and growing. This means, as companies grow and expand, Cloudflare will be able to help them scale and support their growth. This network spans more than 200 cities in over 100 countries. With more than 1 billion unique IP addresses passing through it every day, it works as an immune system continuously learning and adapting to new threats, as well as optimizing itself which benefits all of Cloudflare customers and users worldwide. Cloudflare’s network operates within 100 milliseconds of 99% of the Internet-connected population in the developed world (for context, the blink of an eye is 300-400 milliseconds!). What’s more, this network blocked on average 76 billion cyber threats each day last quarter.
Cloudflare’s technology and pace of innovation: At Cloudflare, the pace of innovation has stunned me. Leveraging its unique global network, the company is continuously releasing new products and features in the cloud that are available at a massive scale—worldwide to its customers and users. I discovered some products which are disrupting traditional IT approaches. To name a few: Cloudflare One, a platform to connect and secure companies and teams anywhere (remote and across offices) and on any device; Cloudflare Workers, a serverless solution redefining how applications are deployed at the network edge; Magic Transit, which delivers the power of Cloudflare services for your on-premise, cloud-hosted, and hybrid networks; Argo Smart Routing which acts as Waze for the Internet, can significantly cut the amount of time users online spend waiting for content; and Cloudflare Web Analytics, a privacy-first solution to give marketers and web creators the information they need in a simple, clean way that doesn’t sacrifice visitor privacy.
The company’s culture. During the interview process, I had the chance to meet many Cloudflare employees including some of the leadership team. I met a very diverse team of incredibly smart, curious, kind, and committed people. I was impressed by the builder mindset in all of the people I talked to, and all are truly passionate about the Cloudflare mission. I also loved the culture of openness, collaboration, and transparency—which aligns with the values I have embraced since I started my career. This wider Cloudflare mission has resonated with me: to help build a better Internet. In doing this, we provide organizations with powerful technologies that, previously, could only be used by those that could afford those large expenses and complexities to implement and maintain.
Cloudflare in France
In France, you can find a vibrant startup ecosystem, large enterprises, and a very active SMB business environment. Cloudflare has had customers in France from the very early days and today we have thousands of French customers spanning the country from not only startups, to SMBs and enterprises, but also government, education, and non-profit organizations. More than 25 percent of the CAC 40 are using Cloudflare services. Major French enterprises such as L’Oréal, Solocal, Criteo, Allianz France, DPD Group (le Groupe LaPoste), and more are protecting and accelerating their Internet properties with Cloudflare services. In addition, more than 30 percent of the Next40 are equipped with Cloudflare’s Internet security, performance, and reliability solutions—such as Back Market, Happn, Wildmoka, and SendinBlue. We take pride in being relied on by these organizations and are eager to help more French companies grow.
Looking ahead
Since the beginning of the year, the rise in remote work, cyber threats, and stress on online assets has generated an even greater need to provide secure, fast, and reliable Internet services. This goes for employees, customers, and partners—of any organization. As a result, this demand has never been so critical. We’re here to work with all types of customers. If you are a business, a public sector organisation, an NGO—or anyone that has cybersecurity, performance, or reliability challenges or questions—get in touch with us. We’d love to explore how we can help. If you are a system integrator, consulting company, MSP, and so on—let’s explore a partnership on how we may be able to help you accelerate your business.
If you are interested in joining Cloudflare and helping to build a more secure, fast, and reliable Internet—please explore our open positions and select Paris, France as the location. We are hiring talented people locally and globally, now building our initial team of Account Executives, Channel Managers, Business Development Representatives, Solution Engineers, Customer Success Managers, and more—to further serve our current customers and grow with more organizations in France. It is a great honour for me to be part of the Cloudflare family, to help build Cloudflare’s future in France, and help French organizations grow. Feel free to reach out to me at [email protected]
The collective thoughts of the interwebz
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
