From 74612cef20cbbb732e618c9a205476f18837202f Mon Sep 17 00:00:00 2001
From: Julian Raufelder <Julian@Raufelder.com>
Date: Wed, 30 Oct 2024 00:17:07 +0100
Subject: [PATCH 1/6] Add Plausible

---
 content/privacy.de.md        | 10 ++++++++++
 content/privacy.en.md        | 10 ++++++++++
 hugo.toml                    |  2 +-
 layouts/_default/baseof.html |  2 ++
 4 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/content/privacy.de.md b/content/privacy.de.md
index d90b7f29fd..935e5457e2 100644
--- a/content/privacy.de.md
+++ b/content/privacy.de.md
@@ -318,3 +318,13 @@ Das Recht auf Widerspruch beinhaltet die Möglichkeit für Betroffene, in einer
 Unbeschadet eines anderweitigen verwaltungsrechtlichen oder gerichtlichen Rechtsbehelfs steht Ihnen das Recht auf Beschwerde bei einer Aufsichtsbehörde, insbesondere in dem Mitgliedstaat ihres Aufenthaltsorts, ihres Arbeitsplatzes oder des Orts des mutmaßlichen Verstoßes, zu, wenn Sie der Ansicht sind, dass die Verarbeitung der Sie betreffenden personenbezogenen Daten gegen die DSGVO verstößt.
 
 Die Aufsichtsbehörde, bei der die Beschwerde eingereicht wurde, unterrichtet den Beschwerdeführer über den Stand und die Ergebnisse der Beschwerde einschließlich der Möglichkeit eines gerichtlichen Rechtsbehelfs nach Art. 78 DSGVO.
+
+## 10. Nutzung von Analytics
+
+Wir nutzen einen datenschutzfreundlichen und selbst gehosteten Analysedienst für die interne Reichweitenmessung, der eine Technologie zur seitenübergreifenden Nutzererkennung einsetzt, um das Verhalten zu analysieren.
+
+Wir erfassen verschiedene Informationen (z. B. anonymisierte IP-Adresse, Referrer-URLs, verwendete Browser und Betriebssysteme) und messen bestimmte Besucheraktionen (z. B. Klicks, Käufe usw.).
+
+Es werden keine „Cookies“ auf Ihrem Gerät gespeichert, es werden keine Informationen von Ihrem Gerät für die Analyse abgerufen. Soweit personenbezogene Daten (z.B. IP-Adressen) erhoben werden, werden diese vollständig anonymisiert gespeichert.
+
+Die Rechtsgrundlage für die Verarbeitung Ihrer Daten ist Art. 6 Abs. 1 lit. a DSGVO in Verbindung mit § 25 Abs. 1 TDDDG hat der Websitebetreiber ein berechtigtes Interesse an der anonymisierten Analyse des Nutzerverhaltens zur Optimierung seines Onlineangebotes.
diff --git a/content/privacy.en.md b/content/privacy.en.md
index 2e7990f9ce..92f1738e54 100644
--- a/content/privacy.en.md
+++ b/content/privacy.en.md
@@ -317,3 +317,13 @@ The right to object includes the possibility for data subjects to object, in a s
 Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the GDPR violates.
 
 The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
+
+## 10. Use of Analytics
+
+We use a privacy-preserving and self-hosted analytics service for internal reach measurement, using technology that enables cross-page user recognition to analyse behaviour.
+
+We gather various information (e.g., anonymized IP address, referrer URLs, browsers, and operating systems used) and measure specific visitor actions (e.g., clicks, purchases, etc.).
+
+No “cookies” are stored on your device, no information are retrieved from your device for the analytics. Where personal data (e.g., IP addresses) is collected, it is stored fully anonymized.
+
+The legal basis for processing your data is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 of the TDDDG, the website operator has a legitimate interest in anonymized user behavior analysis to optimize its online offerings.
diff --git a/hugo.toml b/hugo.toml
index 2774cd9396..8ebbf45980 100644
--- a/hugo.toml
+++ b/hugo.toml
@@ -116,6 +116,6 @@ block = true
   [[server.headers]]
       for = '/**'
       [server.headers.values]
-        Content-Security-Policy = "default-src 'none'; script-src 'self' 'unsafe-eval' https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.paddle.com/; img-src 'self' data: https://static.cryptomator.org/ https://*.paddle.com/ https://paddle.s3.amazonaws.com/; connect-src 'self' https://api.cryptomator.org/ https://store.cryptomator.org/ http://localhost:8787/; font-src 'self'; media-src https://static.cryptomator.org/; frame-src https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/; base-uri 'self'; form-action 'self' https://www.paypal.com/ https://www.coinpayments.net/; frame-ancestors 'none'"
+        Content-Security-Policy = "default-src 'none'; script-src 'self' 'unsafe-eval' https://plausible.skymatic.de/ https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.paddle.com/; img-src 'self' data: https://static.cryptomator.org/ https://*.paddle.com/ https://paddle.s3.amazonaws.com/; connect-src 'self' https://api.cryptomator.org/ https://store.cryptomator.org/ https://plausible.skymatic.de/ http://localhost:8787/; font-src 'self'; media-src https://static.cryptomator.org/; frame-src https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/; base-uri 'self'; form-action 'self' https://www.paypal.com/ https://www.coinpayments.net/; frame-ancestors 'none'"
         Strict-Transport-Security = "max-age=31536000; includeSubDomains"
         X-Content-Type-Options = "nosniff"
diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html
index 57ef517579..83baffe80b 100644
--- a/layouts/_default/baseof.html
+++ b/layouts/_default/baseof.html
@@ -64,6 +64,8 @@
     {{ end }}
     {{ block "head" . }}
       <!-- optional additional page-specific stuff that goes into head -->
+      <script defer data-domain="cryptomator.org" src="https://plausible.skymatic.de/js/script.file-downloads.outbound-links.js"></script>
+      <script>window.plausible = window.plausible || function() { (window.plausible.q = window.plausible.q || []).push(arguments) }</script>      
     {{ end }}
   </head>
   <body x-data="{ isNavOpen: false }" :class="isNavOpen && 'overflow-hidden'" class="bg-dark font-body text-gray-900">

From ec1f4945e85583c8f7e951abebcae997af359195 Mon Sep 17 00:00:00 2001
From: Julian Raufelder <Julian@Raufelder.com>
Date: Wed, 30 Oct 2024 10:07:19 +0100
Subject: [PATCH 2/6] Enhance Privacy Policy

---
 content/privacy.de.md | 1 +
 content/privacy.en.md | 9 +++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/content/privacy.de.md b/content/privacy.de.md
index 935e5457e2..ebf0ef99cc 100644
--- a/content/privacy.de.md
+++ b/content/privacy.de.md
@@ -18,6 +18,7 @@ Diese Datenschutzerklärung strukturiert sich in folgende Abschnitte:
 7. [Weitergabe personenbezogener Daten an Dritte](#thirdparty)
 8. [Nutzung der Anwendung Cryptomator](#app)
 9. [Rechte der betroffenen Person](#rights)
+10. [Nutzung von Analytics](#analytics)
 
 
 ## 1. Name und Anschrift der Verantwortlichen {#contact}
diff --git a/content/privacy.en.md b/content/privacy.en.md
index 92f1738e54..bab891a664 100644
--- a/content/privacy.en.md
+++ b/content/privacy.en.md
@@ -18,6 +18,7 @@ This privacy policy consists of the following sections:
 7. [Disclosure of Personal Data to Third Parties](#thirdparty)
 8. [Using the Cryptomator Application](#app)
 9. [Rights of the Affected Person](#rights)
+10. [Use of Analytics](#analytics)
 
 
 ## 1. Name and address of the responsible company {#contact}
@@ -320,10 +321,10 @@ The supervisory authority to which the complaint has been submitted shall inform
 
 ## 10. Use of Analytics
 
-We use a privacy-preserving and self-hosted analytics service for internal reach measurement, using technology that enables cross-page user recognition to analyse behaviour.
+We use a privacy-preserving and self-hosted analytics service for internal audience measurement, using technology that enables cross-page user recognition to analyse behaviour.
 
-We gather various information (e.g., anonymized IP address, referrer URLs, browsers, and operating systems used) and measure specific visitor actions (e.g., clicks, purchases, etc.).
+We collect various information (e.g. anonymised IP address, referrer URL, browser and operating system used) and measure certain visitor actions (e.g. clicks, purchases, etc.).
 
-No “cookies” are stored on your device, no information are retrieved from your device for the analytics. Where personal data (e.g., IP addresses) is collected, it is stored fully anonymized.
+No "cookies" are stored on your device, and no information is retrieved from your device for analysis. Where personal data (e.g. IP addresses) is collected, it is stored in a fully anonymised form.
 
-The legal basis for processing your data is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 of the TDDDG, the website operator has a legitimate interest in anonymized user behavior analysis to optimize its online offerings.
+The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR in connection with § 25 para. 1 TDDDG, as the website operator has a legitimate interest in the anonymous analysis of user behaviour in order to optimise its online services.

From a7b900f2bb210261d713ebe8bdb5a7c691a34144 Mon Sep 17 00:00:00 2001
From: Julian Raufelder <Julian@Raufelder.com>
Date: Wed, 30 Oct 2024 12:31:16 +0100
Subject: [PATCH 3/6] Add Plausible 404 listener and fix unsave-inline

---
 assets/js/plausible404eventlistener.js |  1 +
 assets/js/plausible404init.js          |  1 +
 layouts/404.html                       |  9 +++++++++
 layouts/_default/baseof.html           | 11 +++++++++--
 4 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 assets/js/plausible404eventlistener.js
 create mode 100644 assets/js/plausible404init.js

diff --git a/assets/js/plausible404eventlistener.js b/assets/js/plausible404eventlistener.js
new file mode 100644
index 0000000000..b2308856ec
--- /dev/null
+++ b/assets/js/plausible404eventlistener.js
@@ -0,0 +1 @@
+document.addEventListener('DOMContentLoaded', function () { plausible('404', { props: { path: document.location.pathname } }); });
diff --git a/assets/js/plausible404init.js b/assets/js/plausible404init.js
new file mode 100644
index 0000000000..409c6bf7f9
--- /dev/null
+++ b/assets/js/plausible404init.js
@@ -0,0 +1 @@
+window.plausible = window.plausible || function() { (window.plausible.q = window.plausible.q || []).push(arguments) }
diff --git a/layouts/404.html b/layouts/404.html
index 0af9b41de4..a08538c606 100644
--- a/layouts/404.html
+++ b/layouts/404.html
@@ -1,3 +1,12 @@
+{{ define "head" }}
+  {{ if hugo.IsServer }}
+    {{ $plausible404eventlistener := resources.Get "js/plausible404eventlistener.js" }}
+    <script type="text/javascript" src="{{ $plausible404eventlistener.RelPermalink }}"></script>
+  {{ else }}
+    {{ $plausible404eventlistener := resources.Get "js/plausible404eventlistener.js" | minify | fingerprint }}
+    <script type="text/javascript" src="{{ $plausible404eventlistener.RelPermalink }}" integrity="{{ $plausible404eventlistener.Data.Integrity }}"></script>
+  {{ end }}
+{{ end }}
 {{ define "main"}}
 <div class="container flex flex-wrap justify-center py-12">
   <div class="flex justify-center items-center w-32 lg:w-64 md:pr-4 lg:pr-8 mb-4">
diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html
index 83baffe80b..0fea478f40 100644
--- a/layouts/_default/baseof.html
+++ b/layouts/_default/baseof.html
@@ -64,8 +64,6 @@
     {{ end }}
     {{ block "head" . }}
       <!-- optional additional page-specific stuff that goes into head -->
-      <script defer data-domain="cryptomator.org" src="https://plausible.skymatic.de/js/script.file-downloads.outbound-links.js"></script>
-      <script>window.plausible = window.plausible || function() { (window.plausible.q = window.plausible.q || []).push(arguments) }</script>      
     {{ end }}
   </head>
   <body x-data="{ isNavOpen: false }" :class="isNavOpen && 'overflow-hidden'" class="bg-dark font-body text-gray-900">
@@ -87,5 +85,14 @@
 
     {{ $lazysizes := resources.Get "js/lazysizes/lazysizes.min.js" | fingerprint }}
     <script type="text/javascript" src="{{ $lazysizes.RelPermalink }}" integrity="{{ $lazysizes.Data.Integrity }}" async></script>
+
+    <script defer data-domain="cryptomator.org" src="https://plausible.skymatic.de/js/script.file-downloads.outbound-links.js"></script>
+    {{ if hugo.IsServer }}
+      {{ $plausible404init := resources.Get "js/plausible404init.js" }}
+      <script type="text/javascript" src="{{ $plausible404init.RelPermalink }}"></script>
+    {{ else }}
+      {{ $plausible404init := resources.Get "js/plausible404init.js" | minify | fingerprint }}
+      <script type="text/javascript" src="{{ $plausible404init.RelPermalink }}" integrity="{{ $plausible404init.Data.Integrity }}"></script>
+   {{ end }}
   </body>
 </html>

From d5bf065700b32253c2c8e7f7e12e14a47e8cf6eb Mon Sep 17 00:00:00 2001
From: Julian Raufelder <Julian@Raufelder.com>
Date: Wed, 30 Oct 2024 14:28:57 +0100
Subject: [PATCH 4/6] Add links to headlines and fix text

---
 content/privacy.de.md |  2 +-
 content/privacy.en.md | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/content/privacy.de.md b/content/privacy.de.md
index ebf0ef99cc..f779952813 100644
--- a/content/privacy.de.md
+++ b/content/privacy.de.md
@@ -320,7 +320,7 @@ Unbeschadet eines anderweitigen verwaltungsrechtlichen oder gerichtlichen Rechts
 
 Die Aufsichtsbehörde, bei der die Beschwerde eingereicht wurde, unterrichtet den Beschwerdeführer über den Stand und die Ergebnisse der Beschwerde einschließlich der Möglichkeit eines gerichtlichen Rechtsbehelfs nach Art. 78 DSGVO.
 
-## 10. Nutzung von Analytics
+## 10. Nutzung von Analytics {#analytics}
 
 Wir nutzen einen datenschutzfreundlichen und selbst gehosteten Analysedienst für die interne Reichweitenmessung, der eine Technologie zur seitenübergreifenden Nutzererkennung einsetzt, um das Verhalten zu analysieren.
 
diff --git a/content/privacy.en.md b/content/privacy.en.md
index bab891a664..080f5cb3a4 100644
--- a/content/privacy.en.md
+++ b/content/privacy.en.md
@@ -319,12 +319,12 @@ Without prejudice to any other administrative or judicial remedy, you shall have
 
 The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
 
-## 10. Use of Analytics
+## 10. Use of Analytics {#analytics}
 
-We use a privacy-preserving and self-hosted analytics service for internal audience measurement, using technology that enables cross-page user recognition to analyse behaviour.
+For internal audience measurement, we use a privacy-preserving, self-hosted analytics service that uses cross-page user recognition technology to analyze behavior.
 
-We collect various information (e.g. anonymised IP address, referrer URL, browser and operating system used) and measure certain visitor actions (e.g. clicks, purchases, etc.).
+We collect various information (e.g., anonymized IP address, referrer URL, browser and operating system used) and measure certain visitor actions (e.g., clicks, purchases, etc.).
 
-No "cookies" are stored on your device, and no information is retrieved from your device for analysis. Where personal data (e.g. IP addresses) is collected, it is stored in a fully anonymised form.
+No "cookies" are stored on your device, and no information is retrieved from your device for analysis. Where personal data (e.g. IP addresses) is collected, it is stored in a completely anonymized form.
 
-The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR in connection with § 25 para. 1 TDDDG, as the website operator has a legitimate interest in the anonymous analysis of user behaviour in order to optimise its online services.
+The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR in connection with § 25 para. 1 TDDDG, as the website operator has a legitimate interest in the anonymous analysis of user behavior in order to optimize its online services.

From 82285ba1abb170ea0d28e99b34dd612c205ea2ed Mon Sep 17 00:00:00 2001
From: Julian Raufelder <Julian@Raufelder.com>
Date: Wed, 30 Oct 2024 14:35:28 +0100
Subject: [PATCH 5/6] Enhance 404 error handling in Plausible

---
 assets/js/plausible404eventlistener.js | 1 +
 assets/js/plausible404init.js          | 1 -
 layouts/_default/baseof.html           | 7 -------
 3 files changed, 1 insertion(+), 8 deletions(-)
 delete mode 100644 assets/js/plausible404init.js

diff --git a/assets/js/plausible404eventlistener.js b/assets/js/plausible404eventlistener.js
index b2308856ec..f4d3cb97c5 100644
--- a/assets/js/plausible404eventlistener.js
+++ b/assets/js/plausible404eventlistener.js
@@ -1 +1,2 @@
+window.plausible = window.plausible || function() { (window.plausible.q = window.plausible.q || []).push(arguments) }
 document.addEventListener('DOMContentLoaded', function () { plausible('404', { props: { path: document.location.pathname } }); });
diff --git a/assets/js/plausible404init.js b/assets/js/plausible404init.js
deleted file mode 100644
index 409c6bf7f9..0000000000
--- a/assets/js/plausible404init.js
+++ /dev/null
@@ -1 +0,0 @@
-window.plausible = window.plausible || function() { (window.plausible.q = window.plausible.q || []).push(arguments) }
diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html
index 0fea478f40..1f90bda1d3 100644
--- a/layouts/_default/baseof.html
+++ b/layouts/_default/baseof.html
@@ -87,12 +87,5 @@
     <script type="text/javascript" src="{{ $lazysizes.RelPermalink }}" integrity="{{ $lazysizes.Data.Integrity }}" async></script>
 
     <script defer data-domain="cryptomator.org" src="https://plausible.skymatic.de/js/script.file-downloads.outbound-links.js"></script>
-    {{ if hugo.IsServer }}
-      {{ $plausible404init := resources.Get "js/plausible404init.js" }}
-      <script type="text/javascript" src="{{ $plausible404init.RelPermalink }}"></script>
-    {{ else }}
-      {{ $plausible404init := resources.Get "js/plausible404init.js" | minify | fingerprint }}
-      <script type="text/javascript" src="{{ $plausible404init.RelPermalink }}" integrity="{{ $plausible404init.Data.Integrity }}"></script>
-   {{ end }}
   </body>
 </html>

From 9c224ecd5a6b3f0fecce6f7b16c0edec13f86cda Mon Sep 17 00:00:00 2001
From: Julian Raufelder <Julian@Raufelder.com>
Date: Wed, 30 Oct 2024 14:55:05 +0100
Subject: [PATCH 6/6] Further enhance Plausible

---
 assets/js/{plausible404eventlistener.js => 404.js} | 0
 layouts/404.html                                   | 8 ++++----
 layouts/_default/baseof.html                       | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
 rename assets/js/{plausible404eventlistener.js => 404.js} (100%)

diff --git a/assets/js/plausible404eventlistener.js b/assets/js/404.js
similarity index 100%
rename from assets/js/plausible404eventlistener.js
rename to assets/js/404.js
diff --git a/layouts/404.html b/layouts/404.html
index a08538c606..b04cbfaba1 100644
--- a/layouts/404.html
+++ b/layouts/404.html
@@ -1,10 +1,10 @@
 {{ define "head" }}
   {{ if hugo.IsServer }}
-    {{ $plausible404eventlistener := resources.Get "js/plausible404eventlistener.js" }}
-    <script type="text/javascript" src="{{ $plausible404eventlistener.RelPermalink }}"></script>
+    {{ $404 := resources.Get "js/404.js" }}
+    <script type="text/javascript" src="{{ $404.RelPermalink }}"></script>
   {{ else }}
-    {{ $plausible404eventlistener := resources.Get "js/plausible404eventlistener.js" | minify | fingerprint }}
-    <script type="text/javascript" src="{{ $plausible404eventlistener.RelPermalink }}" integrity="{{ $plausible404eventlistener.Data.Integrity }}"></script>
+    {{ $404 := resources.Get "js/404.js" | minify | fingerprint }}
+    <script type="text/javascript" src="{{ $404.RelPermalink }}" integrity="{{ $404.Data.Integrity }}"></script>
   {{ end }}
 {{ end }}
 {{ define "main"}}
diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html
index 1f90bda1d3..2364dc2a4b 100644
--- a/layouts/_default/baseof.html
+++ b/layouts/_default/baseof.html
@@ -86,6 +86,6 @@
     {{ $lazysizes := resources.Get "js/lazysizes/lazysizes.min.js" | fingerprint }}
     <script type="text/javascript" src="{{ $lazysizes.RelPermalink }}" integrity="{{ $lazysizes.Data.Integrity }}" async></script>
 
-    <script defer data-domain="cryptomator.org" src="https://plausible.skymatic.de/js/script.file-downloads.outbound-links.js"></script>
+    <script defer data-domain="cryptomator.org" src="https://plausible.skymatic.de/js/script.file-downloads.outbound-links.js" integrity="sha384-+tt0STxxWB96REUfXF1ykJzPEC5cT+TVotVR/JnYqAP04zxND4o8a0JcHg+aq46t" crossorigin="anonymous"></script>
   </body>
 </html>