Google Beefs Up Privacy Options in Browser and for Website Operators

In 2008, I spent some time in China and would while away homesickness by perusing friends’ blogs. One day, a friend whose blog I frequented emailed me: Google Analytics reported that he had a visitor in Beijing. Was it me?

That afternoon I started using Tor regularly. Ironically, I wasn’t booting up the online anonymizer everyday because I needed to scale the great firewall, but because I simply wanted to read my friends’ blogs without being identified. On the days when Tor slowed down my connection too much, I just avoided these sites all together (I hadn’t yet discovered NoScript).

Two years later, analytics is a booming business, and Google Analytics is still going strong. The package is used by the majority of the top 100,000 sites on the Web and by over 30% of the top million. Analytics provide a valuable service for personal and professional bloggers and Web site operators alike, making it easy to monitor their sites’ traffic. But this measurement also presents potential privacy risks because it involves the collection of individualized information about how people use the sites. Until today, no analytics provider to our knowledge had offered web users a way to opt out of this data collection. Earlier this week, Google Analytics began offering that choice, along with a mechanism for Web site operators to limit the information that Google receives about their users.

Now users can defy detection by Google Analytics simply by installing an extension to their browser. By choosing to implement the opt out as a browser extension, instead of as a more typical opt-out cookie, users don’t have to worry about losing their protection every time they clear their cookies. In the long run users can’t be expected to add corresponding browser extensions for every analytics or advertising company whose tracking they want to avoid, but until better controls are build into browser releases, this seems like an appropriate solution.

Meanwhile, Google has also announced a new tool for Web site operators who run Google Analytics: code that masks the last octet of each visitors’ IP address before the address is stored or processed by Google. While this partial deletion may well leave some users’ IP addresses in an identifiable state, these changes are an important – and timely – reminder that even in a so-called data-driven economy, more is not always better.  From bloggers in repressive regimes to government agencies to your local library and beyond, many Web site operators have a vested interest in sharing as little information about their visitors as possible with third parties. Many entities will welcome the chance to measure site traffic without having to ship complete IP addresses off to Google.

Indeed, CDT, in partnership with the Electronic Frontier Foundation (EFF), has been encouraging analytics companies like Google to offer controls that will make their products more appealing to those Web sites that want to share less information and that want to empower users to opt out.  As the federal government works out a new policy for web measurement on its sites, we hope that it will lead by example by requiring protections, like those included in the improved Google Analytics product, that reflect the incorporation of Fair Information Practice principles (FIPs).

In the meantime, I’ve opted out of tracking by Google Analytics on my Firefox browser, and by following this link  you can too.