4160Re: Odd things noted with Google Analytics
- Nov 17, 2005Fulton, see my comments >>> below ...
--- In firstname.lastname@example.org, "webbanalys" <webbanalys@y...> wrote:
> The lack of guidance is alarming, and has now put a lot of people
> into a position of breaking the law. I do however wonder why you
> would mention it, do you do consulting work for them?
>>> I'm a helper. That's what I do. Does it upset you that I would
help Google? If so, why?
> I think you are very wrong on the assumption that their cookie
> strategy is the least likely to be deleted. Just look at the naming
> convention, withtin a few weeks I predict that all anti-spyware
> applications will remove cookies containing ___ in their names no
> matter which domain they say they come from.
>>> An interesting prediction. Suffice to say, I disagree with your
assessment but that's the great thing about this group ... it's okay
to disagree with each other as long as we're polite about it.
>>> How about we wait a few weeks and see if "all anti-spyware
applications will remove cookies containing ___ in their names no
matter which domain they say they come from" (your exact words) to
test your prediction. That will be really easy to test since I
suspect that if they all did this, they would advertise "new and
improved to disable Google Analytics!" Or, you can visit a site known
to be using Google Analytics and then install all anti-spyware
applications to see if they recommend removing that site's cookie.
Either way, a pretty easy thing to test.
> On the opposite a 1st party cookie with individual naming has a far
> better survavial rate, and that is a cookie that is sent from the
> collection point on amchine within the customers own domain. In
> theory all vendors can do this BUT why have so few? Simply because
> either their architecture isn't built to support it or they are
> cutting corners.
>>> You lost me there. What are you arguing?
> No matter how low the number of opt-out that occurs, it must be
> possible. If I were to opt-out from cookies from *.some.com then the
> regular cookies for user settings would also be disabled. Not a very
> smart move to disable the opt-out don't you think?
>>> You've lost me there too.
>>> I know how to opt-out of tracking by visiting the vendor's web
site (see for example
WebSideStory) and I know how to block a cookie domain in my browser
(for example, using Firefox's Tools > Options > Cookies > Exceptions
list) but I'm not sure how to opt-out of all cookies from *.some.com.
Do you mean blocking cookies from *.some.com is not very smart? If
so, I agree with you, which is why I said that Urchin (and similar
vendors) strategy in this regard is particularly good.
>>> In order to block Google's tracking cookie you have to also block
whatever cookie-dependent functionality the site has. Oh, allright,
maybe this is kinda "dodgy." Still, I suspect these cookies will be
removed less frequently than third-party and contractual first-party
cookies (but we've agreed to disagree on this point already, haven't
we?) That said, I'll add it to my list of things to study in 2006.
> Finally it would not surprise me a bit if the next version of IE
> comes with a block on some domains as part of the medium security
> setting, if so then all outbound calls to the collectors running on
> domains not belonging to the customer would cause massive data loss.
> Not much love between MS and Google, is there? This could happen as
> well if companies like Websense block those domains as dodgy in their
> filtering product due to the fact that data is going to a generic
> collection point.
>>> Hmm, so you're saying that Microsoft would block all any cookie
they determined to be from Google's tracking system? Or are you
saying that Microsoft might block all domains to known third-party
data collectors? Either way, a bold prediction, bold indeed.
> For the customer who has used services that are using web analytics
> based on such limited solutions the massive dataloss will then be a
> nasty surprise. That if anything would put those running such systems
> out of business, not the entry of GA.
>>> I agree with you that when companies realize how much data they're
losing from cookie deletion it comes as some surprise. But even I
don't think we're seeing "massive dataloss" and I'm the one writing
the damn reports. I think the problem is substantial and unlikely to
improve but not likely to become so aggrevated that nobody trusts web
>>> My position on cookie blocking and deletion is and has always been
"accept that it is happening, correct for it if possible, quantify the
rate of deletion and get the hell back to work." My goal is to help
companies quantify the rate of deletion, something we're very close to
for third-party cookies and I'm working on for first-party cookies.
> Must say I am a bit surprised you don't see this coming Eric.
>>> Perhaps your predictions are a touch too bold for my flavor of
analysis. Let's touch base soon to test your prediction that "withtin
a few weeks I predict that all anti-spyware applications will remove
cookies containing ___ in their names no matter which domain they say
they come from" and see if the bottom has fallen out on the web
analytics industry. If this happens, I'll gladly apologize for
disagreeing with you in this public forum.
>>> All the best,
> --- In email@example.com, "Eric Peterson"
> <eric.peterson@g...> wrote:
> > I'm not up-to-date on cookie legislation overseas but it goes
> > saying that any company deploying ** any ** analytics application
> > I poked around at the Google Analytics site and didn't find any such
> > guidance but will suggest it next time I chat with those folks.
> > Based on my research on cookies, the strategy Google Analytics is
> > using is the least likely to be deleted. It is not a third-party
> > cookie, it is not a contractual or mapped first-party cookie, it is
> > true first-party cookie. Whether the cookie comes from the
> > domain or the site domain is a technical decision that each vendor
> > makes and is theoretically able to change.
> > Perhaps from a transparency standpoint this is dodgy, but from a
> > accuracy standpoint, this strategy is the recommendation.
> > I have not seen any published data regarding how many Internet users
> > are opting out of tracking domains but given that opting-out
> > you at accept a cookie (so the system knows not to track your
> > right?) and given that cookies are being deleted at some rate, I
> > suspect opting-out is far less likely than consumer use of
> > anti-spyware to "protect" themselves or occassional manual
> > I mean think about it ... if you don't want to be tracked you have
> > visit dozens of different opt-out pages (at each of the vendors) and
> > every time you delete your cookies you have to repeat that action?
> > Unlikely, in my opinion.
> > If the GA code is removed, the cookies may remain but are certainly
> > rendered useless.
> > Eric Peterson
> > --- In firstname.lastname@example.org, "webbanalys" <webbanalys@y...>
> > >
> > > I've found some odd things going on with Google Analytics (GA),
> > > one of them is connected to the statement Eric made that GA uses
> > > party cookie (FPC). It seems that GA DOES NOT send FPC from the
> > > collection domain at all. Instead the code will perform the
> > > of sending cookies looking as if they were from the website
> > > itself! If I am wrong then please correct me.
> > >
> > > It seems as if a massive amount of websites not using cookies
> > > now are sending out 4 new ones and thus as a result not following
> > > law which states the following (at least for us in Europe):
> > >
> > > EU-directive 5.3 on integrity and communication, every visitor to
> > > website containing cookies is entitled information:
> > >
> > > * that the website contains cookies,
> > > * how these cookies are used,
> > > * how cookies can be avoided.
> > >
> > > Even worse is that if users select to opt out to avoid the GA
> > > generated cookies then ALL cookies from the domain in question
> > > be blocked, even the ones that are used to keep user details and
> > > enhance website functionality!
> > >
> > > If the GA code is removed the created cookies will remain, and
> > > actually is set to last until 2038. Given the recent coverage on
> > > users deleting cookies this adds fuel to the fire, sending
> cookies in
> > > this fashion is rather dodgy.
> > >
- << Previous post in topic Next post in topic >>