privacy

  • strict warning: Non-static method view::load() should not be called statically in /var/www/freeasinkittens.com/sites/all/modules/views/views.module on line 906.
  • strict warning: Declaration of views_handler_argument::init() should be compatible with views_handler::init(&$view, $options) in /var/www/freeasinkittens.com/sites/all/modules/views/handlers/views_handler_argument.inc on line 0.
  • strict warning: Declaration of views_handler_filter::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /var/www/freeasinkittens.com/sites/all/modules/views/handlers/views_handler_filter.inc on line 0.
  • strict warning: Declaration of views_handler_filter::options_submit() should be compatible with views_handler::options_submit($form, &$form_state) in /var/www/freeasinkittens.com/sites/all/modules/views/handlers/views_handler_filter.inc on line 0.
  • strict warning: Declaration of views_handler_filter_node_status::operator_form() should be compatible with views_handler_filter::operator_form(&$form, &$form_state) in /var/www/freeasinkittens.com/sites/all/modules/views/modules/node/views_handler_filter_node_status.inc on line 0.
  • strict warning: Non-static method view::load() should not be called statically in /var/www/freeasinkittens.com/sites/all/modules/views/views.module on line 906.
  • strict warning: Declaration of views_plugin_style_default::options() should be compatible with views_object::options() in /var/www/freeasinkittens.com/sites/all/modules/views/plugins/views_plugin_style_default.inc on line 0.
  • strict warning: Declaration of views_plugin_row::options_validate() should be compatible with views_plugin::options_validate(&$form, &$form_state) in /var/www/freeasinkittens.com/sites/all/modules/views/plugins/views_plugin_row.inc on line 0.
  • strict warning: Declaration of views_plugin_row::options_submit() should be compatible with views_plugin::options_submit(&$form, &$form_state) in /var/www/freeasinkittens.com/sites/all/modules/views/plugins/views_plugin_row.inc on line 0.

A small rant about Google Analytics and Privacy Statements

This week I once again had the debate with a site's legal team about how using google analytics violates the privacy of a site's users.

This is not a huge issue for many sites, but if your site has a privacy statement, you are legally bound to adhere to it -- and many privacy statements are explicitly violated by the use of google analytics.

If your privacy statement says that "we log hits to our website by IP number and use that data to better understand how people use our site. No private information about our users is stored and no private data is shared with any company" AND you are using google analytics, you are breaking the law. You have violated your privacy statement.

I argued that the privacy statement of a site using Google Analytics should be clear. "we log hits to our website by IP number and use that data to better understand how people use out site. We use Google Analytics to do this review of website use, so any information that Google has keyed to your IP number will be coorliated with the logs of your visits to our site for whatever purpose Google's policy allows"

the end result was "Visits to this website are logged. These logs of information are used to better understand how people use our site. This analysis is done using the Google analytics service. Google's privacy policy may be found here (with a link to the google analytics Terms of Service page at http://www.google.com/analytics/en-GB/tos.html (see section 8 for privacy related info)

[note that the above privacy statement has been altered to avoid the possibility that you can use a search engine to determine the site, if you get an exact match, or one even close, you have found the wrong site]

here is the (lack of) privacy policy language that is suggested by google at that page:

"This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States . Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.".

So, essentially if you use google analytics you are violating the privacy of those that visit your website.

While they do say that they will not associate the server access information they gather about you by your ip# to any other data they have stored, it does not say anything about the 3rd parties that process data on google's behalf. Think twice before handing over so much data to the Google hive mind/data mine. There are plenty of Free Software tools available for analyzing your web server logs.

ahhhh. i feel better now. time to get back to work.

What are the services though?

You say there are free software tools availabel for analyzing web server logs, but what are they? What do you use?

It is something to be concerned about.

You know, I believe that power engenders corruption. I believe also that in the years to come, Google will become an internet monopolist by their sheer wealth of stored information about individuals and their behaviour. I think it is imperative that users be made aware of Googles uninvited presence and allow them to excercise their right to retake control of their privacy. I've searched for people through Google and am sometimes shocked at how much of "private information" is available because of Googles broad scope of analysis. thank you for bringing this usually unknown background datamining activity to our notice.

Thanks for this information,

Thanks for this information, it was very helpful. Keep up the good work.

This is very helpfull for me

This is very helpfull for me .Thanks

Swrina,
-------------

I'm adding this to our privacy statement

It makes sense to me to let users know, and I was conflicted about it until now. Google collects information, and the users should know about it if they visit your site. Thank you for your opinion which to me is more fact than anything.

Aaron

I'm sometimes amazed of what

I'm sometimes amazed of what we can see with Web Analytics about what happens in a website and I wonder how the privacy notion will evolve in the future. I guess that time will tell. I’m happy to read in WAA’s latest newsletter that they have dedicated a chair to privacy. I guess it will be of interest for everyone in the industry.

Fantastic piece. I'll be

Fantastic piece. I'll be passing it around. Hope to read more from you.

online casino

You know, I believe that

You know, I believe that power engenders corruption. I believe also that in the years to come, Google will become an internet monopolist by their sheer wealth of stored information about individuals and their behaviour. I think it is imperative that users be made aware of Googles uninvited presence and allow them to excercise their right to retake control of their privacy. I've searched for people through Google and am sometimes shocked at how much of "private information" is available because of Googles broad scope of analysis. thank you for bringing this usually unknown background datamining activity to our notice.

http://www.google.com

strangest spam comment in a while

I get a ton of spam comments these days. Many of them seem legit but contain some stupid link to some lame scam loan site or shoe store.
However, this comment just leaves me scratching my head. A spam link to google? really? what's the point? shrug. I guess I'll leave this one here so I can make this silly comment about it.

Strangest Comment

Hello there Eric,

I believe that person was probably testing whether they actually *could* leave a comment with a link in on your site, and the only way to do that is to go through the whole process and submit it, clear cookies and then see if the link appears. It tests for a number of things, whether you have mollom installed, whether you have nofollowed the links, whether you allow anchor text etc., although the fact that this person didn't submit any anchor text also leaves ME scratching MY head too! LOL.

Or, maybe they were just drunk :-)

And to finish this off, here is my own blog - lawn sweeper - shamelessly linked. Remove it if you wish but you can't knock a guy for trying. ;-)

Best Regards,

Tim

I think you are right

It makes sense that it was a test to see what might be possible to post via an automated bot.

Shortly after that post, I changed the settings so comments only show up after I approve them and I don't get around to that often so maybe I should move to mollom.

Thanks for the comment and since your comment is actually on-topic and you are self aware about the shameless nature of your link, I think I'll leave it in.

Through Google

I've searched for people through Google and am sometimes shocked at how much of "private information" is available because of Google broad scope of analysis. thank you for bringing this usually unknown background data mining activity to our notice... thanks

blocking the google hive mind

In an online discussion today, Matt pointed out to me that google analytics is less than useful because it is so easy for people to block the google javascript file via the firefox adblock add on.

Yet another reason to tell clients and friends to avoid getting hooked on google analytics.

So, everyone follow along:

Step one: get firefox ( http://getfirefox.com )
Step two: get the ad block plus addon ( https://addons.mozilla.org/en-US/firefox/addon/1865 )
Step three: open the ad block plus preferences
Step four: click "add filter" and put http://www.google-analytics.com/* in the field; click save

Done, you have no protected yourself (a bit) against the intrusion of google in your life.

For even more anonymity...

Even better, Adblock Plus allows you to subscribe to centrally-maintained lists of sites to block: http://easylist.adblockplus.org/

With EasyList, EasyElement, and the ABP Tracking Filter you'll block google analytics and many other similar services. You can give feedback on the forums if you want to suggest a new item to block, or notice a problem with the lists. Your browser will automatically download new versions when available.

Fcuk google

I agree, download latest firefox (3.5.1 at time of writing)

Then go to add ons (just gooogle firefox add ons) and download:
NoScript (superb and you can block google analytics with it, as well as anything else)
Bad Privacy (deletes all those super cookies and flash lso’s that doing a normal delete all and cleaning out ya temp files won’t get rid off, nor will even a dedicated program like cc cleaner etc as good as that is, so it’s essential in my own opinion)
Ad Block Plus (fantastic lil program)

And others that are good but in no means security related are:
Dictionary (your own language of choice of course)

Tab Mix Plus (for some reason, Mozillas addon page does not have compatitble version with the latest firefox :S wierd, but below is a link to the addonn authors page which goes to a dev link which is totally 100% compatible :)
http://tmp.garyr.net/tab_mix_plus-dev-build.xpi

Colourful tabs (pretty much self explanatory lol)
https://addons.mozilla.org/en-US/firefox/downloads/latest/1368/addon-136...

Hope that helps, adios
Super Rat

PS: actually stop using google is another opinion (also entirely mine lol)
I myself now very happily use Bing http://www.bing.com
I find there page fresher and nicer to use, its easier to say lol, and most importantly results are easily on a par if not far better IMO, especially image search IMO (please note we do not need a load of google lovers telling me im wrong, i have gone to the trouble of explaining this in my OWWWWWN opinion, after years of using google and months of happily using Bing.

Be daring, use something different and see for yourself!
Doesn't have to be Bing that was an example, many others out there…

Also if you use firefox and you want an add on to add Bing as the default search engine in the in built search engine, please go to

https://addons.mozilla.org/en-US/firefox/downloads/latest/10434/addon-10...

AND BING DOESN’T TRACK YOU LIKE GOOGLE DO – lol yet…
But the point is they don’t at present where as google blatantly do!

What I'm blocking this week

A little follow-up on my earlier post about using ad block plus to keep google analytics from violating your privacy :

Here are the filters that I've added in this past week:

*.hitbox.com/*
drupal.org/files/hbx/hbx.js

These two were added to avoid the nasty slowdown and privacy violations recently instituted on the drupal.org site. It seems that the Drupal Association is doing a study of site usage, and decided to use a (donated license) proprietary system that works via complex javascript on the client side instead of a Free Software system that would use server logs. Oh well, I guess they won't learn anything from my use of the site as I am now invisible to the system in use.

Actually, given that the users of the site tend to be rather technologically savvy, I'd bet that the majority of users of the site are blocking the javascript and therefor the information generated by the expensive system will be rather useless. shrug.

I also added the following, but I can't remember what site prompted me to do so.
*.statcounter.com/counter/counter_xhtml.js
s1.amazon.com/exec/*

Nice

I didn't bother on your last post but this morning, while listening to the news about Yahoo and thinking that maybe I'd write a wee blog post about how trusting capitalists is like trusting a tiger. Meaning that we have no idea what will set them off and sure some will lie purring in your lap for decades but that doesn't mean you know the first thing about tigers. So I thought that and then went to work and I think that what is next is that I'll go ahead and install adblock plus.

a bit of a tangent, but

the entire reason opensource/free software/GNU/ the GPL etc exists is, as you point out, capitalists can't be trusted.

Software was assumed free, put in the public domain. Corporations saw code in the public domain that was useful and stole it. Legally they were allowed to take it out of the public domain and put it under their copyright. The GPL exists to prevent that from happening. It's the answer to the question of how to write code that is available to everyone in a way that can't be stolen by by anyone. (however this does not prevent capitalists from manipulating the communities that produce Free Software, that requires transparency and clear definition of process)

Router Swap, anyone?

In a reaction to Google's wardriving, I'm thinking of setting up a website to facilitate a mass swap-meet for people to exchange their wi-fi routers.

Google stepped a bit over the line (again) this week. This time, it was focused around a new effort to make it easier to geo-locate a web browser's location.

As they've been driving around in those cute cars taking images for the google maps Street View tool, they have also been mapping the identifying information of every available 802.11 wireless access point (wi-fi) and storing that information along with longitude and latitude information. I'm not sure how I feel about the image street views has of me walking down Central Park West after a meeting, but the idea that they have locative information on my wireless access point definitely upsets me.

Having been helping the folks at Open Greenmap with technology planning and development, I understand the desire to map this information. Most cellular devices (phones, iPhones, androids, etc.) are able to report their GPS coordinates when they request data from a web server. This allows for a site like Opengreenmap.org to give a mobile devices information on interesting places in proximity to where the user is at that time (that's a hypothetical, opengreenmap.org will be able to do this soon). This is not possible for people using laptops (or desktops) connected to the net via a wired network or a wifi access point. Someone looking for interesting green locations from a coffee shop has to go through a few more steps to search the maps.

Firefox has functionality for Location Aware Browsing, but without gps coordinates it's rather useless. Hats off to the folks at Mozilla who decided that these features would be off by default, requiring a user to intentionally enable this feature.

The Firefox FAQ says

If you consent, Firefox gathers information about nearby wireless access points and your computer’s IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.

Google, in an attempt to better support this feature, decided that by having a wifi access point turned on, that you have opted-in to their efforts to provide Firefox with location information. That's a big assumption.

That would be enough to generate a lot of ill-will, but they went a step further -- actually capturing data being transferred over public/non-encrypted access points. This has angered some European Governments and will probably result in some heavy fines.

It serves as a healthy reminder that we should all strive to not use plain-text data transfer protocols, we should try to use encrypted options as often as possible. For my non-techie friends who are looking at the last sentence thinking "there he goes again, talking gibberish," what I'm saying is that if you use web based email, make sure the address starts with https instead of http, if you use some form of instant messaging, see if your program supports encrypted or OTR chats.

But, I want to do more than just advocate people exercise proper data hygiene, I want to muck with google and the accuracy of their data. I figure if I can setup a site where people can swap their router with someone else that has the same model in similar condition, and enough people followed through, we could render google's wardrive harmless.

Anyone want to help?

Good plan...

It's a nice idea, but if only a small number of the people owning wireless routers in your city do that, I don't think it will have much effect. It's easy to imagine a self-healing algorithm which deals with the occasional router being moved by checking that data point against all the others in range. I hear Apple's being running such a network for years (to sell iphone location data to advertisers).

yeah, but it's fun to think about

you're probably right, without a large percentage of routers being swapped, it would be ineffectual, and getting to that level of participation would take the resources of someone like... uh... google.

Unfortunately

My router's MAC address is masquerading already and the only way I can get it to work with OptimumOnline is to mask with the one MAC that works.

Also ... I used to have a router that emitted a very very high pitched hum. I don't want that router back.