I recently wrote about the potential dangers of Google’s Chrome browser to user privacy. However, Google has another product that is far more dangerous in the short term to privacy – Google Analytics. What is Google Analytics? I will let Google answer that one:
Google Analytics is the enterprise-class web analytics solution that gives you rich insights into your website traffic and marketing effectiveness. Powerful, flexible and easy-to-use features now let you see and analyze your traffic data in an entirely new way. With Google Analytics, you’re more prepared to write better-targeted ads, strengthen your marketing initiatives and create higher converting websites.
In other words, websites can use Google Analytics to analyze their web traffic to see who is visiting what pages, for how long, and in what order. Websites can also see how visitors made it to their site (whether via an ad, or a search, or a link from another site). Obviously this is invaluable information to most websites, and like so many Google products, is a great service. And Google Analytics is free for lower traffic websites, which means smaller websites are encouraged to use the service as well.
I should also say at this point that I don’t really have a problem with any individual website monitoring and analyzing its traffic. It’s pretty much a necessity these days if you are doing business on the web to get information about what is going on with your site. So my problem is not with the website operators who depend on this tool.
Which is what makes Google Analytics so dangerous. It is a ubiquitous service. Go to just about any website and you’ll see the Google Analytics tracking code on the bottom of the source code. And every time a website uses Google Analytics, it is sharing its traffic data with Google. Since you are giving your IP address to both the website and Google, Google is able to cross-reference your visit across websites.
In other words, Google knows just about every website you visit, whether the website is affiliated with Google or not, since chances are that websites that you frequent depend on Google Analytics. You don’t have to ever use any of Google’s services for Google to spy on you. All you have to do is surf.
Fortunately, there are steps you can take to protect yourself. You can block Google Analytics unilaterally via your HOSTS file, for example (see here for more information). There are also several Firefox plugins, such as NoScript and RequestPolicy that will block Google Analytics. But the most important step right now is to raise awareness, and to let websites know that you are concerned about your privacy. The fact is that any third-party service that does analytics (like Chartbeat, a competitor in that sphere) will become dangerous if a critical mass of websites use it. So the best suggestion would be to use in-house analytics tools to analyze the website’s server logs, which is exactly what people did before Google Analytics came along. That way websites can still see what is happening with their traffic without sharing their data, as well as their users’, with a third party.