Remove potential tracking issue

[Sommerregen]

As per notifications.js#L258 Grav Admin always checks for new notifications despite of the configurations notifications.feed: false and notifications.dashboard: false.

This gets worse if the Grav cache is disabled. Then, every request pings the https://getgrav.org server with a unique timestamp for the file notifications.json and you all (Team Grav) are capable of tracking the IP and if more are having cache disabled, get a detailed view on which servers Grav is used, how often someone logs into the Admin panel, how long he or she uses it, and how many people have actually installed Admin plugin and are actively using it.

Please remove this potential tracking issue. As long as the user wants notifications I see no problems, but with notifications.feed: false or notifications.dashboard: false, or both, there should be no notification checks performed. Otherwise, I see heavy data privacy issues and the privacy of Grav Admin users unprotected...

[rhukster]

There are actually 4 settings that rely on the notifications feed:

I agree though, if all 4 are off, the feed should not be requested as it's not going to be used anyway. We'll look into this.

FWIW, we don't do any tracking or logging on this request, but i understand that issue is we 'could'.

[rhukster]

I also added it to the list of things to document.

[Sommerregen]

Thanks, I'm pretty sure that you don't do any tracking. It was just something I noticed, when browsing through the code and thought it should be noted somewhere.

[w00fz]

Done, now this actually look at the settings, if all 4 are disabled then no notification is ever called/processed and I also have all the DOM events related to notifications not getting attached.