Analytical
When I was talking about Huffduffer, I mentioned that I don’t have any analytics set up for the site:
To be honest, I’m okay with that—one of the perks of having a personal project is that only metric that really matters is your own satisfaction.
For a while, I did have Google Analytics set up on The Session. But I started to feel a bit uncomfortable about willingly opening up a wormhole between my site and the Google mothership. It bothered me that Adblock Plus would show that one ad had been blocked on the site. There are no ads on the site, but the presence of the Google Analytics code was providing valuable information to Google—and its advertiser customer base—so I can understand why it gets flagged up like any other unwanted tracking.
Theoretically, users have a way of opting out of this kind of tracking by switching on the Do Not Track header (if it isn’t switched on by default). Looking at the default JavaScript code that Google provides for setting up Google Analytics, I don’t see any mention of navigator.doNotTrack
.
Now, it may well be that Google sniffs for that header (and abandons any tracking) when its server is pinged via the analytics code, but there’s no way to tell from this side of the Googleplex. I certainly don’t see any mention of it in the JavaScript that gets inserted into our web pages.
I was wondering whether it makes sense to explictly check for the doNotTrack
header before opening up that connection to google-analytics.com via a generated script
element.
So if the current code looks like:
<script>
// generate a script element
// point it to google-analytics.com
</script>
Would it make sense to wrap it with some kind of test for navigator.doNotTrack
:
<script>
if (!navigator.doNotTrack || navigator.doNotTrack != 'yes') {
// generate a script element
// point it to google-analytics.com
}
</script>
For the love of mercy, don’t actually use that code—it’s completely untested and probably causes more harm than good. But you can see the idea that I’m trying to get at, right? Google Analytics most definitely counts as tracking so it seems like the ideal use-case for Do Not Track.
It raises a few questions:
- Is anyone doing this already? It might well be that the answer is “no”, not because of any reluctance to respect user preferences but because the
doNotTrack
spec is very much in flux. - Would you consider doing this?
- If you were to do this, could you foresee getting pushback from within your own company?
Responses
Kevin Beynon
Jeremy raises important points about privacy in Analytical. Whichever way you look at it, if you use Google Analytics, you’re sharing your visitor’s information with Google.
I completely agree with him and have avoided Google Analytics on my own site for a few years now. Instead, I use Piwik.
Piwik is an Open Source, self-hosted web analytics package that runs on your own server and does much the same job as Google’s product, but with one big difference: Piwik respects privacy.
It allows you to anonymise IP addresses, allow site visitors to set Opt-Out Cookies and, best of all, gives you the option of respecting the user’s Do Not Track setting.
On this site you’ll find privacy settings, along with supporting information, on the Privacy page. Try them out and see what you think. The next time you’re building a website, consider using Piwik - for your user’s sake.
Craig Mod
@adactio @gruber one of many reasons I still <3 @haveamint to no end.
Jeremy Keith
@craigmod @gruber @haveamint Me too! adactio.com/mint/
Craig Mod
@adactio @gruber @haveamint Whoa, what caused the major traffic spike from Jan?
Jen Simmons
@adactio I feel terribly quilty about putting Google Analytics on thewebahead.net.
Jen Simmons
Did you vote today?
@jensimmons @adactio Crappy, yes, but it’s the only alternative I’ve found that does what’s needed and is under my control.
Did you vote today?
@jensimmons @adactio As for a company that holds the data private, that’s a utopian dream at this point. On the web, everything is for sale.
Did you vote today?
@jensimmons @adactio My bigger concern is tracking by ISPs, web hosts, governments <- invisible and happening at the infrastructure level.