Our Google Analytics premium account is set to opt-out on all of 3rd party
uses of the data and the only people who have access to the anonymous
aggregated data is Mozilla Employees. This is not the normal Google
Analytics setup that most people use on other websites.
Also, to increase privacy we flipped the anonymize flag in the Google
Analytics request...
For example, running some log files offline through AWstats is not that hard, and the AWstats output is quite good for most purposes.
You haven't done any serious web analytics at scale, have you?
Funnels, Segmentation, Retention, Path Visualisation, Event Tracking.
These are basic features used by marketing teams every day.
And rolling your own solution with something like Hadoop (which would need for Mozilla sized traffic) is a big undertaking.
As we speak police vans are en route to round up visitors to that Mozilla page, in co-ordination with Google's security division...
They could, but honestly, it's questionable whether Piwik would even work for their use case & scale, and even if it does, it's debatable whether it would be the best use of their limited resources.
This situation makes for a really catchy headline, but the page is primarily talking about privacy in the context of government surveillance. In that context, Piwik is just as vulnerable to NSLs (active surveillance) or NSA snooping (passive surveillance) as Google Analytics is. There is a marginal harm to using Google Analytics instead of a self-hosted service, but it's quite possible that the benefits (of being able to reach more people and better educate people about those evils) outweighs those harms, especially given that the target audience for this site is already being tracked by Google on the vast majority of their web browsing anyway[0][1].
Furthermore, we could just use this as an opportunity to underscore the importance of the problem itself: it's a rather damning statement about the effectiveness and pervasiveness of digital tracking that Mozilla feels that Google is its best (or only) option[1] for educating as many people as possible about the evils of online surveillance.
[0] http://w3techs.com/technologies/details/ta-googleanalytics/a...
[1] This isn't even counting the other ways that Google tracks web users: Google's CDNs for JQuery and web fonts, people who use Google's DNS servers, etc.
[2] I'm making the assumption that someone at Mozilla has made this decision consciously, which is not an unreasonable assumption for this discussion - it's rather unlikely that the people building the website about digital surveillance and working at the company partnered with EFF and Tor are unaware that Google Analytics is digital surveillance.
Is there any way for anyone else to verify that?
Web analytics for most serious sites are managed by dedicated marketing teams so features are to meet their requirements.
you should really use it sometime, or at least familiarise yourself with its capabilites.
Yes, anybody can change the startpage, delete all cookies and restart the browser. How many users will do this? And does forcing every user into google surveillance comply with this privacy marketing of mozilla, or is it just a zynical fake campaign?
There should be a startpage explaining what cookies are, describing the difference between temporary and permanent cookies and how these help to track your web usage, and provide one single, visible button to delete all cookies.
After this I should be asked if I would like to help mozilla funding by redirecting me to a google web search which will set a permanent cookie.
I'll also add that there is a button that lets you delete all private info (cookies, history, etc.) acquired in a certain period of time: the Forget button [1].
If you're looking for something more advanced, you'll have to use something like this addon [2]
[1] https://support.mozilla.org/en-US/kb/forget-button-quickly-d... [2] https://addons.mozilla.org/en-US/firefox/addon/selectivecook...
If so then it shouldn’t be present in current versions. Did you accidentally import cookies from another browser? Probably worth filing a bug if not.
This is what I see at launch[1]:
http://clients1.google.com/ocsp
https://safebrowsing.google.com/safebrowsing/download?...
It's also another one of these single-page-apps that require JavaScript to display any content at all.
I think with such a design they're clearly not targeting the sort of privacy levels that more users on HN than the Internet in general expect.
There are other extensions that do a similar job, including a volunteer effort to continue the original extension, but right now none of them seems quite as neat and reliable as the original.
Say I open a youtube.com and it wants to load cross-origin content from google (and thus sends cookies to google) then it can use different cookies than those used when I browse google search directly.
But I can't find it anymore.
This seems like a much bigger issue than the NSA copying entire datastreams from American internet hubs.
If we cannot pick our battles, then we will just lose because of the dissipation of all of our efforts across everything "that is still a problem".
When I weigh out the benefits vs the costs, I dont see why moz would pick any other option, everything else is more work, and google already tracks you across most of the internet.
Whether or not you showed up on a mozilla page is not going to change their understanding of your habits by much.
See section 7 "Privacy" here for the full text. http://www.google.com/analytics/terms/us.html
https://www.mozilla.org/en-US/privacy/websites/
Third party Services We use third party services such as Google Analytics and Optimizely. They use cookies, IP addresses, and online data tools.
I suppose they would argue that's the same but I don't think it is good enough (especially for a site preaching privacy values). It should be down in the footer, or even better they should be using Piwik and skipping GA completely.
To me, this feels like a website built by a pro-privacy team who had some marketing or PR person slap the GA code in there with no comprehension of irony at all.
EDIT: Also to note that mozilla.org uses UA-36116321-1 tracking and shapeoftheweb.mozilla.org uses UA-49796218-22, which indicates to me that they are aware that these are two distinctly different sites.
Preaching water and drinking wine, eh?
If they’d really want some kind of tracking, they could have used a locally installed system like piwik, as the largest issue with tracking comes when the data from many sites is combined.
