Installing Google Analytics, even for our own purposes, is a bad idea.
For one, it creates a link to google that is not necessarily what we
want; it would be a big target for people to try and hack, and it
presents tempting security risks on Google's end. Not to mention, as
far as I know the program is proprietary.
If we're going to do something like this, it should be open source,
and it should something that we can internally install and monitor
without external options. That is, again, assuming we do something
like that. That's not a foregone presumption. I'm not convinced that
we need to be tracking user behavior at this point in time, or that
the tradeoffs for doing so are worth any benefits, or that doing so is
in furtherance of our mission.
-Dan
On Jun 4, 2009, at 11:13 AM, Unionhawk wrote:
Surely this is
something which should be possible to block at the
MediaWiki level
Maybe if we set up Google Analytics in the first place (done by the
Foundation office) and never used it; the foundation could set up
analytics
for all projects with a super secure password, and never use it.
Will this
work, or will somebody else be able to set up analytics still?
Go Freedom!
Unionhawk
On Thu, Jun 4, 2009 at 6:01 AM, Neil Harris
<usenet(a)tonal.clara.co.uk>wrote;wrote:
> Tim 'avatar' Bartel wrote:
>> Hi,
>>
>> recently the report of the KnowPrivacy [1] study - a research
>> project
>> by the School of Information from University of California in
>> Berkeley
>> - hit the German media [2].
>>
>> It came to the conclusion that "All of the top 50 websites contained
>> at least one web bug at some point in a one month time period." [3]
>> which includes
wikipedia.org.
>>
>> This is very troubleing and irritating for some of our (German)
>> users
>> who are very sensitive to data privacy topics. So I established
>> contact to Brian W. Carver (University of California) who
>> connected me
>> to David Cancel, the maintainer of Ghostery, which was used to
>> identify the web bugs. David wrote me today:
>>
>>
>>> The following web bug trackers were reported to us, on the
>>> following
> subdomains:
>>> Google Analytics -
vls.wikipedia.org
>>> Doubleclick -
hu.wikipedia.org
>>> Both were seen in yesterday's data so they're recent. We don't
>>> receive
> any page level information so that's as much detail as we have.
> Hope that
> helps.
>>>
>>
>> I wasn't able to track down the Doubleclick web bug on the hungarian
>> Wikipedia, but Google Analytics web bug is integrated in every
>> page of
>> the West Flemish Wikipedia via JavaScript [4].
>>
>> Our privacy policy [5] states "The Wikimedia Foundation may keep raw
>> logs of such transactions [IP and other technical information], but
>> these will not be published or used to track legitimate users." and
>> "As a general principle, the access to, and retention of, personally
>> identifiable data in all projects should be minimal and should be
>> used
>> only internally to serve the well-being of the projects."
>>
>> I think we should stop the current use of Google Analytics ASAP.
>>
>> Bye, Tim.
>>
>>
Surely this is something which should be possible
to block at the
> MediaWiki level, by suppressing the generation of any HTML
that
> loads
> any indirect resources (scripts, iframes, images, etc.) whatsoever
> other
> than from a clearly defined whitelist of Wikimedia-Foundation-
> controlled
> domains?
>
> Doing this should completely stop site admins from adding web bugs.
>
> -- Neil
>
>
> _______________________________________________
> foundation-l mailing list
> foundation-l(a)lists.wikimedia.org
> Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/
> foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/foundation-l