Loading ...
Sorry, an error occurred while loading the content.

4160Re: Odd things noted with Google Analytics

Expand Messages
  • Eric Peterson
    Nov 17, 2005
      Fulton, see my comments >>> below ...

      --- In webanalytics@yahoogroups.com, "webbanalys" <webbanalys@y...> wrote:
      > The lack of guidance is alarming, and has now put a lot of people
      > into a position of breaking the law. I do however wonder why you
      > would mention it, do you do consulting work for them?

      >>> I'm a helper. That's what I do. Does it upset you that I would
      help Google? If so, why?

      > I think you are very wrong on the assumption that their cookie
      > strategy is the least likely to be deleted. Just look at the naming
      > convention, withtin a few weeks I predict that all anti-spyware
      > applications will remove cookies containing ___ in their names no
      > matter which domain they say they come from.

      >>> An interesting prediction. Suffice to say, I disagree with your
      assessment but that's the great thing about this group ... it's okay
      to disagree with each other as long as we're polite about it.

      >>> How about we wait a few weeks and see if "all anti-spyware
      applications will remove cookies containing ___ in their names no
      matter which domain they say they come from" (your exact words) to
      test your prediction. That will be really easy to test since I
      suspect that if they all did this, they would advertise "new and
      improved to disable Google Analytics!" Or, you can visit a site known
      to be using Google Analytics and then install all anti-spyware
      applications to see if they recommend removing that site's cookie.
      Either way, a pretty easy thing to test.

      > On the opposite a 1st party cookie with individual naming has a far
      > better survavial rate, and that is a cookie that is sent from the
      > collection point on amchine within the customers own domain. In
      > theory all vendors can do this BUT why have so few? Simply because
      > either their architecture isn't built to support it or they are
      > cutting corners.

      >>> You lost me there. What are you arguing?

      > No matter how low the number of opt-out that occurs, it must be
      > possible. If I were to opt-out from cookies from *.some.com then the
      > regular cookies for user settings would also be disabled. Not a very
      > smart move to disable the opt-out don't you think?

      >>> You've lost me there too.

      >>> I know how to opt-out of tracking by visiting the vendor's web
      site (see for example
      http://www.websidestory.com/privacy/cookie-opt-out.html at
      WebSideStory) and I know how to block a cookie domain in my browser
      (for example, using Firefox's Tools > Options > Cookies > Exceptions
      list) but I'm not sure how to opt-out of all cookies from *.some.com.
      Do you mean blocking cookies from *.some.com is not very smart? If
      so, I agree with you, which is why I said that Urchin (and similar
      vendors) strategy in this regard is particularly good.

      >>> In order to block Google's tracking cookie you have to also block
      whatever cookie-dependent functionality the site has. Oh, allright,
      maybe this is kinda "dodgy." Still, I suspect these cookies will be
      removed less frequently than third-party and contractual first-party
      cookies (but we've agreed to disagree on this point already, haven't
      we?) That said, I'll add it to my list of things to study in 2006.

      > Finally it would not surprise me a bit if the next version of IE
      > comes with a block on some domains as part of the medium security
      > setting, if so then all outbound calls to the collectors running on
      > domains not belonging to the customer would cause massive data loss.
      > Not much love between MS and Google, is there? This could happen as
      > well if companies like Websense block those domains as dodgy in their
      > filtering product due to the fact that data is going to a generic
      > collection point.

      >>> Hmm, so you're saying that Microsoft would block all any cookie
      they determined to be from Google's tracking system? Or are you
      saying that Microsoft might block all domains to known third-party
      data collectors? Either way, a bold prediction, bold indeed.

      > For the customer who has used services that are using web analytics
      > based on such limited solutions the massive dataloss will then be a
      > nasty surprise. That if anything would put those running such systems
      > out of business, not the entry of GA.

      >>> I agree with you that when companies realize how much data they're
      losing from cookie deletion it comes as some surprise. But even I
      don't think we're seeing "massive dataloss" and I'm the one writing
      the damn reports. I think the problem is substantial and unlikely to
      improve but not likely to become so aggrevated that nobody trusts web
      analytics data.

      >>> My position on cookie blocking and deletion is and has always been
      "accept that it is happening, correct for it if possible, quantify the
      rate of deletion and get the hell back to work." My goal is to help
      companies quantify the rate of deletion, something we're very close to
      for third-party cookies and I'm working on for first-party cookies.

      > Must say I am a bit surprised you don't see this coming Eric.

      >>> Perhaps your predictions are a touch too bold for my flavor of
      analysis. Let's touch base soon to test your prediction that "withtin
      a few weeks I predict that all anti-spyware applications will remove
      cookies containing ___ in their names no matter which domain they say
      they come from" and see if the bottom has fallen out on the web
      analytics industry. If this happens, I'll gladly apologize for
      disagreeing with you in this public forum.

      > Rgds
      > Fulton

      >>> All the best,
      >>> Eric

      > --- In webanalytics@yahoogroups.com, "Eric Peterson"
      > <eric.peterson@g...> wrote:
      > >
      > > I'm not up-to-date on cookie legislation overseas but it goes
      > without
      > > saying that any company deploying ** any ** analytics application
      > that
      > > depends on cookies needs to update their privacy policy
      > accordingly.
      > > I poked around at the Google Analytics site and didn't find any such
      > > guidance but will suggest it next time I chat with those folks.
      > >
      > > Based on my research on cookies, the strategy Google Analytics is
      > > using is the least likely to be deleted. It is not a third-party
      > > cookie, it is not a contractual or mapped first-party cookie, it is
      > a
      > > true first-party cookie. Whether the cookie comes from the
      > collection
      > > domain or the site domain is a technical decision that each vendor
      > > makes and is theoretically able to change.
      > >
      > > Perhaps from a transparency standpoint this is dodgy, but from a
      > data
      > > accuracy standpoint, this strategy is the recommendation.
      > >
      > > I have not seen any published data regarding how many Internet users
      > > are opting out of tracking domains but given that opting-out
      > requires
      > > you at accept a cookie (so the system knows not to track your
      > browser,
      > > right?) and given that cookies are being deleted at some rate, I
      > > suspect opting-out is far less likely than consumer use of
      > > anti-spyware to "protect" themselves or occassional manual
      > deletion.
      > >
      > > I mean think about it ... if you don't want to be tracked you have
      > to
      > > visit dozens of different opt-out pages (at each of the vendors) and
      > > every time you delete your cookies you have to repeat that action?
      > >
      > > Unlikely, in my opinion.
      > >
      > > If the GA code is removed, the cookies may remain but are certainly
      > > rendered useless.
      > >
      > > Eric Peterson
      > >
      > >
      > >
      > > --- In webanalytics@yahoogroups.com, "webbanalys" <webbanalys@y...>
      > wrote:
      > > >
      > > > I've found some odd things going on with Google Analytics (GA),
      > and
      > > > one of them is connected to the statement Eric made that GA uses
      > 1st
      > > > party cookie (FPC). It seems that GA DOES NOT send FPC from the
      > > > collection domain at all. Instead the code will perform the
      > function
      > > > of sending cookies looking as if they were from the website
      > domain
      > > > itself! If I am wrong then please correct me.
      > > >
      > > > It seems as if a massive amount of websites not using cookies
      > before
      > > > now are sending out 4 new ones and thus as a result not following
      > the
      > > > law which states the following (at least for us in Europe):
      > > >
      > > > EU-directive 5.3 on integrity and communication, every visitor to
      > a
      > > > website containing cookies is entitled information:
      > > >
      > > > * that the website contains cookies,
      > > > * how these cookies are used,
      > > > * how cookies can be avoided.
      > > >
      > > > Even worse is that if users select to opt out to avoid the GA
      > > > generated cookies then ALL cookies from the domain in question
      > will
      > > > be blocked, even the ones that are used to keep user details and
      > > > enhance website functionality!
      > > >
      > > > If the GA code is removed the created cookies will remain, and
      > one
      > > > actually is set to last until 2038. Given the recent coverage on
      > > > users deleting cookies this adds fuel to the fire, sending
      > cookies in
      > > > this fashion is rather dodgy.
      > > >
      > >
    • Show all 20 messages in this topic