Less intrusive / privacy respecting links in mails

Odin · June 16, 2025, 5:58pm

Hi!

The Konnected emails I receive in my inbox uses “ctrk.klclick.com” which is a click-tracking domain used by Klaviyo. This is a company not known to be privacy-respecting, and are therefor blocked on most blocking/tracking lists. This means clicking these links will lead to nowhere for these users (pihole or adblocker/tracking blocker anyone?)!

Reporting on what happens when one clicks one of these links in the email is as follows:

This website contacted 47 IPs in 6 countries across 31 domains to perform 297 HTTP transactions . The main IP is 23.227.38.65 , located in Ottawa, Canada and belongs to CLOUDFLARENET, US. The main domain is konnected.io .

One can also see all the hops that it goes through:

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.17.93.1	13335 (CLOUDFLARENET)
107	23.227.38.65	13335 (CLOUDFLARENET)
3	2.19.126.225	20940 (AKAMAI-ASN1 Akamai International B.V.)
4	185.146.173.20	13335 (CLOUDFLARENET)
1	3.167.227.49	16509 (AMAZON-02)
3	76.76.21.21	16509 (AMAZON-02)
10	151.101.2.133	54113 (FASTLY)
29	23.227.60.200	13335 (CLOUDFLARENET)
2	13.33.187.121	16509 (AMAZON-02)
7	104.18.21.84	13335 (CLOUDFLARENET)
4	18.244.18.101	16509 (AMAZON-02)
20	13.32.27.66	16509 (AMAZON-02)
2	52.92.154.48	16509 (AMAZON-02)
1	184.24.77.146	20940 (AKAMAI-ASN1 Akamai International B.V.)
9	35.244.157.17	396982 (GOOGLE-CLOUD-PLATFORM)
8	18.173.205.96	16509 (AMAZON-02)
3	142.250.184.232	15169 (GOOGLE)
1	18.173.205.93	16509 (AMAZON-02)
12	143.204.205.104	16509 (AMAZON-02)
2	157.240.251.9	32934 (FACEBOOK)
2	34.73.251.59	396982 (GOOGLE-CLOUD-PLATFORM)
1	188.68.242.180	197226 (SPRINT-SDC “SPRINT” S.A.)
2	172.67.134.82	13335 (CLOUDFLARENET)
1	142.250.186.74	15169 (GOOGLE)
1	3.167.226.5	16509 (AMAZON-02)
5	151.101.130.133	54113 (FASTLY)
9	13.35.58.62	16509 (AMAZON-02)
2	142.250.186.110	15169 (GOOGLE)
2 3	142.250.186.100	15169 (GOOGLE)
2	216.239.34.36	15169 (GOOGLE)
1	64.233.184.156	15169 (GOOGLE)
3	172.217.16.131	15169 (GOOGLE)
2	172.217.18.98	15169 (GOOGLE)
2	142.250.185.98	15169 (GOOGLE)
1	151.101.194.133	54113 (FASTLY)
4	13.35.58.125	16509 (AMAZON-02)
2	216.58.206.42	15169 (GOOGLE)
2 2	216.58.206.34	15169 (GOOGLE)
5	157.240.252.35	32934 (FACEBOOK)
1	3.167.227.66	16509 (AMAZON-02)
1	172.64.147.119	13335 (CLOUDFLARENET)
5	54.187.4.182	16509 (AMAZON-02)
1	13.107.253.53	8075 (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.161.82.32	16509 (AMAZON-02)
1	18.172.112.72	16509 (AMAZON-02)
2	13.59.233.65	16509 (AMAZON-02)
1	108.138.26.55	16509 (AMAZON-02)
4	3.167.227.9	16509 (AMAZON-02)
297	47

All this to just in the end connect to: Smart Garage Door Opener blaQ - A myQ alternative that's local, cloud-optional, and open source – Konnected

Really? Why the heck would I want Facebook/Amazon/Google/Microsoft/etc. to know what I am clicking?

Stop this madness!

nate · June 18, 2025, 9:47pm

Yes, we use Klaviyo for email marketing. It’s a very popular app/service for e-commerce companies.

I don’t know the details of how their link-rewriting and tracking works, but yes, the ctrk.klclick.com domain is Klaviyo’s link tracking mechanism.

It’s important to track our marketing/email effectiveness, so we can’t just do away with all link tracking. I haven’t looked into what Klaviyo is actually doing with these links … but do you have any better suggestion?

nate · June 18, 2025, 9:53pm

I just found this:

Would it be an improvement if the click tracking links were on a konnected.io domain?

Odin · June 18, 2025, 10:17pm

Hi!

There is a reason I use home assistant, it is not cloud based (no spying) and offers local control. Then getting Klaviyo pushed in my face gives a bad taste!

Not sure which one to use, but here are some alternatives/information I found:
No widely recognized click-tracking company fully aligns with strict privacy-respecting standards like those enforced by Pi-hole blocklists, as most rely on some form of user tracking. However, PostHog is a privacy-focused alternative to Klaviyo for analytics and click tracking. It offers:

Self-hosted option: Data stays on your servers, reducing third-party exposure.
GDPR compliance: Minimal data collection, anonymized tracking by default.
Open-source: Transparent code, customizable to avoid invasive tracking.
Features: Event tracking, funnels, and heatmaps with less intrusive methods.

Unlike Klaviyo, PostHog avoids third-party cookies and supports cookie-less tracking, making it less likely to be blocked by Pi-hole. For email-specific click tracking, consider SendGrid with custom domains for branded links, though it’s less privacy-centric than PostHog.

Plausible Analytics

Plausible is a privacy-focused, open-source analytics platform that does not use cookies, does not collect personal data, and only provides aggregated, anonymous insights.
All data is processed in the EU, stays on European-owned infrastructure, and is not shared with third parties.
You can self-host Plausible for even greater control over your data.
Plausible is designed to be GDPR-compliant and avoids any form of cross-site or cross-device tracking.

Clicky

Clicky offers privacy-friendly, GDPR-compliant website analytics with no personal data collection and no tracking cookies by default.
Visitor and action logs are anonymized, and you have the option to log more data only if needed for security or anti-fraud purposes.
Clicky is transparent about its privacy practices and is widely used by sites seeking a balance between analytics and user privacy.

nate · June 19, 2025, 2:23pm

Ok thanks AI

Switching away from Klaviyo is not an option. It would be a massive effort to move everything over and set up campaigns and flows and everything, and a colossal waste of time. I’d rather spend my energy on product dev than marketing apps.

That said, I’m always working to improve our apps/processes incrementally. I’ve reached out to Klaviyo about setting up a click-tracking domain under our own konnected.io domain. I think that will help some.

Odin · June 19, 2025, 2:44pm

Guess we will see if it fixes it!

There is however a reason people do not want to use the intrusive and privacy violating app MyQ, and you have an option that you market fixes that, but your links to that product violates my privacy possible more than using the MyQ app. See the irony in this?

Guess me and other privacy oriented people will just have non-working links in your marketing emails unless your suggested trick fixes the privacy violations.

This also means you will not get the important stats for this category of people, which is much higher among people using Home assistant than it is in general!

nate · June 19, 2025, 2:50pm

Yes, but receiving marketing emails or clicking on the links in them is not a requirement of using the product. You can simply not click on the links and go to konnected.io or Amazon directly, or you can opt-out of the emails entirely.

Odin · June 19, 2025, 3:17pm

Correct!

Thanks for trying to fix, hopefully it will!

Topic		Replies	Views
Homekit HomeKit (via Homebridge/HOOBS)	29	1897	May 4, 2024
Configuring GDO BlaQ for HomeSeer Konnected Garage Door Opener esphome , firmware-updates , alarm-panel-pro	5	324	May 8, 2024
Konnected App Update 1.3.2: Support for new GDO White, ESPHome devices, sign-in with Google Konnected App esphome , firmware-updates , questions	9	1920	March 17, 2024
Zones reporting status repeaditly even though they didn't change Konnected Alarm Panels	11	36	February 21, 2025
Opening the Garage Door: Comments about the MyQ press release and the importance of third-party smart home integrations Konnected Garage Door Opener esphome , firmware-updates , questions , relay-module	2	777	November 13, 2023

Less intrusive / privacy respecting links in mails

Related topics