DEV Community

EDDYMENS
EDDYMENS

Posted on

I leant something new trying to build a Github profile analytics tool

So last night an interesting idea popped into my head, a simple solution to help you track who visited your Github profile. I began thinking of an approach and finally settled on pixel tracking.

which means I will give you an image tag to embed in your GitHub profile README.md ie: <img src="https://4d0a552c1c8e02.lhr.domains/" width="0" height="0"/>.

With this when someone lands on your page and their browser tries to get the image from my server I will collect all their browser info and use it to provide you analytics, so their IP helps me know their location, user agent to get their device details, language, (Ethics aside for now :)) etc.

Also since the width and height of the image is set to 0 they won't even see that it's there, very straightforward.

This morning I decided to test this out on my own profile and I learned something interesting I never thought of.

server-log

The above is what I got back, github-camo is what was sent back as the user agent. so I googled it. It turns out to be a proxy server setup by Github, https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-anonymized-urls.

So basically the URL I used is masked by GitHub so I can't get info from the visitor's browser. So even the IP I get back is the one from GitHub's server and not the visitor.

I knew Gmail has this kind of implementation to prevent pixel tracking but I always thought Github, Twitter, etc masked URLs using domains like githubusercontent.com just for CDN purposes, I never thought it was more than just that.

I am keeping this in mind for future work I will be doing that involves allowing people to embed or share URLs.

But on the real, though Github should give us profile analytics just like they do with repos. :)

Top comments (2)

Collapse
 
cicirello profile image
Vincent A. Cicirello

I don't think it is just for profile repos but applies to readmes of all repos. They do other security related stuff as well. For example, I believe that SVGs that are embedded in READMEs go through a sanitizer first and are not served as is.

Collapse
 
eddymens profile image
EDDYMENS

Yep am very much aware of that, as for SVGs GIthub doesn't play nice with it at the moment github.com/github/markup/issues/556