The Register uses Google Analytics among other tools to keep track of readership size
You do know that useage of Google Analytics is illegal under GDPR?
https://noyb.eu/en/update-cnil-decides-eu-us-data-transfer-google-analytics-illegal
Google was sued on Thursday for allegedly "wiretapping" several tax preparation websites and gathering people's sensitive personal data. And by wiretapping, they mean Google Analytics code added by the tax firms themselves to their own websites to measure visitor traffic and demographics. The complaint [PDF], filed in a US …
Haven't they just signed a new data transfer agreement?
There is also the question of how - or indeed whether - these things work if the viewer of a website is running a JS or ad-blocker. For a site with a technical readership such as El Reg this must surely skew the analytics sommat awful.
And El Reg has possibly better ways to track anyway - those of us who comment have accounts and many of us will be logged in across several devices - so what is the point of Google Analytics?
M.
The fact that you're running it and feeding data abroad is what makes it illegal, your ability to block it doesn't matter.
They should use Matomo. It's been around for ages, and they have been doing it right from early on, even respecting the 'Do Not Track" browser flag, even if nobody else did. I have my own instance running which picks up the Matomo signalling from all sites I run, and even without any paid options it does a good job collecting data from those who permit it, and the tests I've run against it do suggest it's doing the right thing on "my" sites.
Personally I think respecting "Do Not Track" is simply respecting a site visitor. That it makes it EU/GDPR compliant is a nice bonus but I think it starts with considering a visitor a guest, not a data cow, free to milk for information.
But I'm not in the US, apparently it's OK over there.
That said, on the monitoring side I have seen a sharp uptick in dictionary attacks over the last few days. I find that setting a trap on attempts to log in ad 'admin' or 'administrator' is a good way to throw out and blacklist those idiots early (and no, none of the sites even have that user, it's the first I remove after enabling 2FA).
Anyway, I digress. Don't use Google other than for searches, and even then I'd consider using alternatives. If you need any reasons why, just go into the source code of their default search page and see how large a program you're actually running when you hit that innocuous, almost blank page. Or properly read the Terms you have to agree to.
"I've never got the point (for website owners) of GA"
I'm sure it produces lots of figures so that management can put them into spreadsheets and create PDFs to show each other so as to look busy. Whether they mean anything is a different matter.
> I would have thought that analysing the server logs would tell you everything you want to know.
Indeed, including number of new/returning guests over a given period, their countries, pages visited, the flow (path taken), everything. And it's free...
But don't forget, what marketing wants, marketing gets, and Google promises the moon, a better moon, the real moon, the moon real professionals need to fly over the competition. If you don't use our patented snake oil you're but an amateur, and everybody will scoff at you.
...a better moon, the real moon...
Google promises the real Moon better, but Samsung delivers!
[Spoiler: it's snake oil!]
Analysing server logs is only "free" if you have admins who are twiddling their thumbs looking for something to do.
And Google Analytics does a considerably better job of distinguishing between genuine visitors and bots, crawlers and DDoS attacks. (Well, probably better. Certainly a lot faster and easier.)
Is using Reg.com* when testing new distros/browsers/VMs messing with the googley analytics?
I think using GA for some web owners, who aren't server jockeys, makes life easier, trawling through web logs can be tedious?
*(we all know the old El Reg wouldn't touch Google with a bargepole)
"I think using GA for some web owners, who aren't server jockeys, makes life easier, trawling through web logs can be tedious?"
Back in the day when I used to herd a few websites running on Apache, I used Webalyser(??), which gave me pretty summaries and graphs of more than I really needed to know direct from the Apache log files. I'm sure that or similar log analysers are still available. Ut not as if some non-technical person needs to manage it. That will be set up by the person(s) setting up the site for them. Of course, this may not apply those who think a professional website is a something on facebook or using one of the "build your own website" services such as Wordpress.
..."build your own website" services such as Wordpress.
Even worse, by far IMHO, are offers like Wix. Talk about vendor lock in! Websites are not my main thing, although I've done a "few" over the years. But I do like helping start-ups. The number of times I've heard "I've got so far with my site, but I'm stuck, and time's running short! Can you help...?". "Ah feck! You're using Wix. We cannot migrate that, and it won't go further towards your needs. Your many weeks of effort are for nought." And that hurts when a start-up is banging out 95+ hours a week.
[Disclaimer: I've not tried migrating from Wix for a couple of years. I'm *cough* sure *cough* they've sorted that out by now...]
"I've not tried migrating from Wix for a couple of years. I'm *cough* sure *cough* they've sorted that out by now..."
Those large web hosts are not sorting that out. They WANT to lock people in. It's dead simple to use their templates and tools to build a very good looking web site rather quickly, but, you're correct, they don't have much depth to their functionality so if you hit a wall with their services, you have to start from scratch again. You also have to hope that whoever did the signing up in the first place didn't subscribe to the plan where that host owns the domain name. I've seen that happen to a few people and all they could do was pay the increased pricing for that service for a couple of years while they worked to get their new domain name established while forwarding people from the old one they never owned.
It's more work to not use those big hosting companies and their tools, but I find it worth it to avoid them in the long term. I also avoid hosts that advertise a low first year price that doubles or triples afterwards. If they want to kick down free migration assistance some more space, great, but I'd rather have a much more level monthly/annual hosting cost. I also want the freedom to be able to pick up my site and take it someplace else in an hour or so.
"other than slight convenience."
That's what's being sold for many things. Look at the Google push for people to "log in with Google" at all sorts of web sites even when the user already has a L/P for that site. It's more convenient just like one-click purchasing is more convenient. Auto-pay, auto-unlocking key fobs that obviate needing to use a physical key, etc.
I'm a big believer in inconvenience. It makes me stop and think about what I'm doing or it makes me more secure. I don't need to have a car that unlocks for me when I get close. I'd have my car unlocking and locking all day long as I worked around the garden/house. It could also open me up for a relay attack. I do like my wireless fob, but it's doing nothing until I press a button and it's attached to a physical key that works when the battery in either the fob or car goes flat. With bills, I've had auto-pay cost me a load of money and I find paying my bills manually makes me understand where my money is going.
<blockquote>those of us who comment have accounts and many of us will be logged in across several devices - so what is the point of Google Analytics?</blockquote>
What do you suppose the advantages would be of tracking users at that level of granularity rather than, say, tracking more broadly where incoming traffic is coming from (by social media links, by country, etc.)? Knowing what individual users are up to is of much narrower use to publishers than knowing where a broader set of readers come from, how long most tend to spend on various pages, etc.
How can a respectable technical website in all conciousness run a story critical of Google Analytics whilst also using it.
We really do need less hypocracy in this world.
How about setting an example of good practice.
The article mentions El Reg's position.
And the story isn't "critical of Google Analytics", it's a factual report of a legal proceeding, the likes of which happen all the time.
Personally, I think the plaintiffs will find themselves completely unable to demonstrate that Google is holding any data about their tax information, beyond possibly a record of the times and dates they visited these sites (and I wouldn't bet on even that much), and the case will go nowhere, like so many others before it.
To be fair, this article is critical of GA in the context of financial transactions (say, tax preparation) which is not really the business El Reg is in!
At the end of the day, I'm pretty sure this website is running on one of Intel or AMD CPUs.... does that mean they can't be critical of Intel and AMD?
Fundamentally, as I see it, the dishonesty lies in not disclosing what you're doing, not the doing itself.
Let's face it people... Almost everything Google does is designed to liberate us from OUR data. They go about it in the most nefarious ways.
On my own blog, (not in my name so don't try to find it), the firewall protects data from going to Google, Facebook, MS and a host of others (most of the chinese and indian IP ranges are blocked as well)
One commentator complained that the Facebook Icon that they tried to add to one of their comments did not work. FB is blocked... that user was disabled soon after.
Google is the personification of EVIL and the sooner that people wake up to it the better. Just say NO to anything from Google.
"You do know that useage of Google Analytics is illegal under GDPR?"
From a UK perspective the ICO infers it's all OK so long as you get permission - The usual ICO fob off "Get the client to tick a box about cookies and all will be OK"
The ICO is, IMHO, another Quango, not fit for service, who spends more time allowing industry to do suspect tings than outright protecting it's paymasters (the UK Taxpayers) by banning all tracking.
The ICO apparently have teeth lets see them digging them into some flesh then.;
The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The ICO has specific responsibilities set out in the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information
Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
Since 25 May 2018, the ICO has the power to impose a civil monetary penalty (CMP) on a data controller of up to £17million (20m Euro) or 4% of global turnover.
The DPA2018 and UK GDPR gave the ICO new strengthened powers.
When the ICO fairly quickly decided that 'soft opt-in' to marketing is fine, I lost all faith in them. GDPR says 'informed consent' to marketing. ICO says 'well you did buy a widget from them'. Take a look at ICOs published advice on CC-TV - "yes your neighbour's Ring doorbell pointed at your driveway is illegal - no we won't help you with that'.
Okay, so Google could be sued for holding data illegally, but did they design those sites and place the beacon poxels there? Shirley it's the website stakeholders (eg "H&R Block, TaxAct, and TaxSlayer, among others") that are liable for the inclusion of the facilitating intercept[1] code on their sites, sue them FFS!
[1] Nope, can't even put wiretap in quotes.
Google Analytics no doubt hoovers up a lot of stuff we would rather that it didn't - which we know about because it is widely known and we would laugh derisively at anyone claiming to be a "professional website creator" who had not found that out.
A website chooses to embed Google Analytics into its pages, despite all the information and accusations about what those Analytics do, and you think that this makes Google responsible?
> it has every website categorised by type
So do you also believe Google must figure out which pages are corporate advertising or basic information ("FAQ: yes, you must pay taxes") - which, if you have decided to use the analytics, are reasonable pages to track - and which pages are involved in the collection of information to go into the tax returns? You don't believe that that is the responsibility of the people putting up the web pages?
Obviously you can have your own opinion about whether you like Google Analytics - or even whether you totally despise Google and all it stands for - but how does make them a suable party? Where is the gun that Google is presumably holding to the head of the people who wrote those websites?
> A website chooses to embed Google Analytics into its pages ... and you think that this makes Google responsible?
Yes, and it's not either/or here. They're both responsible:
1. The website designers for using GA
2. Google, for abusing the f*ck out of the data, and railing it up the back alley as hard as it can, for every last possible penny. They should be sued on general privacy grounds, but the US doesn't really have the concept of "privacy" except in certain special cases, and this is one of them.
That's why I hope they're both getting sued.
> do you also believe Google must figure out which pages are ... involved in the collection of information to go into the tax returns?
Yes, with the currently written law.
In an ideal world, Google wouldn't be taking all our data and selling it to the highest bidder. But they do, and with that comes responsibilities and consequences.
> In an ideal world, Google wouldn't be taking all our data and selling it to the highest bidder. But they do, and with that comes responsibilities and consequences.
At the risk of being repetitive:
Google are not *taking* any data from Google Analytics.
They are being explicitly *given* our data by the deliberate action of the person responsible for putting Analytics on their web pages. We all know this.
As you probably do, you can avoid most of the other ways Google gather your data by avoiding things that are explicitly labelled "Google", such as their search page. That way, you can reduce the amount of your data that you are explicitly giving them.[1]
[1] yes, *you* would be giving them that data - you are very well aware what using Gogle services mean (Joe Bloggs may not, but anyone reading this does).
This post has been deleted by its author
Exactly. It's not like web designers are forced to put this privacy-invading javascript on their websites. They do it on purpose, so they are the ones responsible for the data sharing. I've had it with the attitude that "just because you're on my website doesn't mean I'm responsible for the contents, that's somebody else whose identity and privacy policy I will not tell you about".
Back in the day, it would often turn out that people who had viruses/malware regularly used yahoo. It wasn't yahoo themselves doing the dirty work, it was being done via syndicated advertising that they didn't bother to monitor.
Unless these web apps are leaking tax info in the GET parameters or Google Analytics is recording the values of all submitted forms, it's unlikely Google has tax info, at least not through the tracking code.
Incidentally, recently at work migrated a major client from GA to a Matomo (The Analytics Tool Formly Known As Piwik) instance, in order to prevent being sued under the GDPR. This after last year removing all google-hosted font imports from all client's websites.
You don't need to read the value of forms to get some really useful meta info.
Different pages manage different parts of your tax return. Adding additional sections or pages to stocks and shares portion, property, or employer give lots of useful info without ever saying what people earn. Not to mention how long they spend on each of those pages.
"Different pages manage different parts of your tax return. Adding additional sections or pages to stocks and shares portion, property, or employer give lots of useful info without ever saying what people earn. Not to mention how long they spend on each of those pages."
As long as I can, I am going to submit my returns on paper filled out by hand. With reports from my accounting software, my business stuff it just a matter of transferring the data from one piece of paper to another. All of my personal stuff is rather easy to do. Even if it takes a day, it's going to take an auditor more work to digitize and analyze over returns that are submitted digitally and can be machine scrutinized.
Just asking: why sue Google? Web agencies gladly put Google Analytics code in all their websites, sometimes without their client's approval.
I don't see the logic in suing Google instead of the tax services companies, and the article seems to miss this point, too. Any help?
An informal survey of my important bookmarked sites has google in various hostnames on over 90% of them. I use a handful of tools manage third party content on sites I visit. I have seen functionality of sites requiring more and more of Google hosts' content. Google has a multitude of products/services for the website operator to integrate.
P.S. also present on www.irs.gov
Wow. I must be getting old - it feels like it wasn't that long ago that when someone mentioned this sort of thing on here, the stock response was "don't like Google tracking you? Don't use their stuff!" - despite how at the time approximately two-thirds of websites in regular use incorporated analytics...