: Is it ethical to use Google Analytics on a site crime victims use to make 'anonymous' reports? Our local police force have a website for rape victims to use to report attacks anonymously. At
Our local police force have a website for rape victims to use to report attacks anonymously. At the top of the page is a 'Report anonymously' link, which takes you to a page using Google Analytics as well as several Google CDN links (for jquery, etc).
I was a bit surprised by this, so I checked the Crimestoppers site (similar service, but for the entire UK population). They also use Google Analytics on every page, including anonymous report forms. They even go so far as to state: "your call or online form will not be traced".
While the data entered into the forms may be anonymised, it is my opinion that visitors to the site aren't anonymous. Individuals with Google accounts can most definitely be identified by Google.
Is this ethical?
Are these sites being honest when they tell crime victims they 'will not be traced' and that they are 'reporting anonymously'?
More posts by @Shakeerah822
5 Comments
Sorted by latest first Latest Oldest Best
Using Google Analytics is not unethical
Google Analytics does not track Google accounts. GA uses a special set of cookies _ga, __utma, __utmb, __utmv and __utmz to track user activity. And Google Analytics does not allow individual users to be "traced" any more than they would otherwise without GA present.
Perfect privacy on the web is impossible
Whether an analytics system is present or not, any visitor to a site will leave footprints of their activity through the intermediate ISP servers relaying their traffic to the web server, as well as the web server's server logs. Just like analytics are a basic business necessity for a website operator, server logs are a basic security necessity for website operators. And each time you make a request to a site, the web server will record an entry in its logs, though the logs may be purged or anonymized after a period (as is Google's policy).
So if you were hoping that just because a site doesn't use specialized analytics software, all visits would be completely untrackable, that is sadly never going to happen. By simply visiting the site, you've created evidence of your visit on your computer and a bunch of different internet servers. Analytics platforms simply processes readily available traffic data into usable form to be presented as actionable metrics to webmasters.
If the website operator wishes, they can perform more extensive tracking, such as recording actions (usually campaign-related) or custom variables. But recording that 10% of visitors to the page were directed there by a particular AdWords campaign or search term does not make individuals more easy to trace.
Using CDNs is not unethical either
Likewise, CDNs are irrelevant when it comes to privacy. Most professional sites use CDNs to improve performance and save bandwidth. Simply embedding a JS/image/CSS file hosted on a CDN server does not compromise the user's anonymity. They're just normal HTTP requests that at most include the visited page in the referer heading. No cookies or other data is shared with the CDN server. And pretty much any external link on the site would also reveal the visited page in the referer heading.
It's up to users to protect their own anonymity
If you truly want anonymity for sensitive web surfing, then it's up to you to take special precautions. You should use HTTPS to encrypt your web traffic, use anonymity proxies like Tor, and customize your browser to your needs. If you don't want cross-site tracking bugs (used by advertising networks, not GA) to record your surfing habits, then disable cookies. If you don't want your visit to be recorded locally, surf in incognito mode. If you don't want your browser to be identifiable by other signatures, then clean it of potentially compromising plugins and edit its settings and behavior so it blends in with the crowd. If you don't want your location or connection tracked, then use public internet access.
But it's silly to expect a major site to not record analytics data. Such data does not tell Google or anyone else who is filing the report, only that someone at some IP has visited the site within a certain time frame, just like the server logs. And it's even against GA policy to transmit personally-identifiable info to Google via GA, and GA itself only uses anonymous identifiers. Besides, it would be far easier and completely undetectable for the site operator to record PII server-side. So why would they use GA for that?
If someone wanted to "trace" a victim, they'd have to:
Hack into the Crimestopper's database to obtain the reports that might contain PII or to look at its timestamp.
Then they'd need to hack into the GA account or simply look at the logs on the server they've already hacked into. If the form submissions are recorded (HTTPS POSTS aren't recorded) and the data hasn't been purged/anonymized, then they might be able to get a number of IP addresses that coincide with the report submission.
Then they'd have to figure out where the hosts using those IPs are located. There's no easy way to do this, especially as most non-business users have dynamic IPs. Without a court order to get ISP cooperation, you can only find where the ISP central office that routes that IP is located, which often is a nearby metropolitan city, which can be far away from the suburb where the actual host is located.
If by some miracle they're able to get that, they'd still only have evidence that someone used that particular connection/network to access the site, and possibly filed the report in question. But that could be a public network or just a connection shared by dozens of computers. Just finding the actual computer that made the request would be tough.
If you're lucky, and there's only 4-5 computers, you can then check
each for evidence of visiting the site. But if they were smart
enough to use private browsing or simply purged their web
history/cache, then you're not gonna find anything unless you're
some digital forensics god. If this was an open hotspot and the
target simply hopped on with their laptop/iPad/smartphone, submitted
the report, and left, then you're pretty much shit out of luck.
Don't confuse the words Anonymous and Track-able
Any form of communication can be traced and extends further than the use of Google Analytics, you are miss understanding what they refer to 'anonymously'. What they are implying is that the data you input or provide will not be shared to the public nor will they ask for your name.
Making a telephone call is a anonymous unless identified, even with the usage of 141 your number is logged and at any point can be used to find out who you are...
Most web servers have logs so again IP address information could be used to identify someone, but again this remains anonymous until someone requests and reveals this data.
Internet Service Providers have logs of your visits, this data can be used to identify when you visited such and such page, even when the connection is secure the data may not be visible but the connection is.
The use of Google Analytics remains anonymous unless that data is used to identify someone.
When you submit data to 'Crimestoppers' you are putting the data in the trust of their employees, again this remains anonymous until the data is shared which in term is comparable to any other.
If you were to send a letter to Crime Stoppers your letter is anonymous until they finger print the letter or they use CCTV and narrow down who sent the letter in the area it was sent, see you can go on all day....
Bottom line is that they claim their policy is anonymous but this doesn't mean your not track-able or identifiable, They claim that you will not be tracked and I believe this will be the case for the majority of crimes. But also this doesn't mean they won't or can't... for example national security threats would over-rule this policy and I can bet top dollar that they will exhaust resources to identify if this was the case, The only thing I find unethical is their terms and conditions page as they do not mention much in terms of data protection act, privacy or anything I said.
Google's privacy policy states that the data collected by Google Analytics is not personally identifiable. Google's 'phone home' to load the Google Analytics code goes to google-analytics.com, which is not a domain that holds Google account cookies.
So I guess the answer to the "is it ethical?" question comes down to whether you consider a page to be anonymous if said page collects non personally identifiable data about each visitor.
To be honest, if it says "anonymous" (and that term is up for debate anyway), I'd expect it to be 100% anonymous. No Google Analytics, no Clicktale, no Piwik, no Facebook Beacons nor any other type of data gathering mechanisms.
Now, of course, most website visitors wouldn't have a clue what is going on under the hood, therefore I'd expect the site provider to ensure "anonymous" is really "anonymous".
If it's ethical or not ... you be the judge. But from a user's perspective, I would freak and not use the site should the "anonymous" part be important to me.
Ethical or not, that can be discussed. However, Google Analytics is customizable as to how visitor data is shared, according to their own privacy document:
www.google.com/analytics/learn/privacy.html
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.