I am just looking into using cloud services such as deploy and push, so I included
ionic.cloud.min.js into my project. I did not use the insights module.
But when I looked at the web console, I noticed that it was attempting to send insights to the ionic cloud by default, and was only prevented from doing so because of the Content Security Policy.
[Error] Refused to connect to https://api.ionic.io/insights because it appears in neither the connect-src directive nor the default-src directive of the Content Security Policy. [Error] Ionic Insights: Could not send insights. – Error: Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc. — ionic.cloud.min.js:6 Error: Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc. — ionic.cloud.min.js:6crossDomainError — ionic.cloud.min.js:6086 error error (ionic.cloud.min.js:11:13215) (anonymous function) (ionic.cloud.min.js:11:12552) callback (ionic.cloud.min.js:7:2044) crossDomainError (ionic.cloud.min.js:7:2354)
Having insights turned on by default without developer opt-in seems like a pretty major overreach. In particular, sending out information about when the user navigates to certain screens could leak information (e.g. about their timezone, and thus about their possible location).
Many developers may not care about this, but some do and for those people, this is pretty egregious. In particular, I am using ionic for a research project in which I have to specify where the data collected will be stored and who will have access to it, and I cannot do that if data is being collected without my knowledge or approval.