As geeks will know already, Google Analytics is a new, free traffic analysis service for websites from Google. It’s essentially the functionality that Google acquired from Urchin, except that instead of money you pay for the service by giving Google full knowledge of all of the hits to your site.
There’s already a Google Analytics Plugin for Wordpress that lets you add Google analytics to your blog with no template editing.
The thing that’s a little bit disappointing is that Google used their standard search engine terms of service and privacy policy with Google analytics. This seems inappropriate– even the Adwords policies would have been more inappropriate.
[Update: An additional concern about the terms of service is that appear to allow Google to track users from your site to the main Google search and present competing ads there, see here for more.]
It’s one thing to give Google full access to all of the information I enter into Google. It’s another thing to share with a third party the complete session history of everyone on my site. Google’s privacy policy ought to more clearly spell out what they will do with this data. (They do promise not to give it away to a third party, but when you’re a large corporation you don’t need to give it away to extract a great deal of value.)
I know that Doubleclick and all of the targeted online advertising players do similar things to track users across the internet. The thing that bothers me a little bit in the case of Google is that they seem to be encouraging site owners to gloss over the issues by presenting the standard privacy policy as if it was adequate, and that they are targeting the least sophisticated sites which tend not to even have privacy policies for their users.
Keep in mind that Google is injecting Javascript into your page, in principle giving them access to form contents and anything else on the page. As far as I can tell, Google’s terms of service would allow them to spam every email address that users entered into my site. (Not that they would do this, but still…)
Update: I note from Tim Bray that there is 17k (!) worth of Javascript that Google inserts into the page; further work is needed to dissect this code and figure out what it does.
If I were a company, their terms of service appear to allow them to market to my customers directly or act in other ways contrary to my interest. Here are some choice quotes from the terms of service and privacy policy that seem especially ill suited.
The Google Services are made available for your personal, non-commercial use only. You may not use the Google Services to sell a product or service, or to increase traffic to your Web site for commercial reasons, such as advertising sales.
Does this mean I can’t use Google analytics on a commercial web site? Clearly not, this is boilerplate text.
We may use personal information to provide the services you’ve requested, including services that display customized content and advertising.
That’s my personal information, but what about the personal information of people who use a site that is enabled with Google analytics? Google’s Adword privacy policy promises not to correlate Google search history with adwords history, but their analytics policy does not. (Google also has the ability to track all the pages you visit through your mobile browser that are linked to from Google search results; these too could presumably be tied to the same user identity.)
Unless You notify Google otherwise in writing, You hereby grant to Google and its wholly owned subsidiaries a limited license to use Your trade names, trademarks, service marks, logos, domain names and other distinctive brand features (”Brand Features”) in presentations, marketing materials, customer lists, and financial reports
Does this mean we’re selling out not only our users but also our brand?
With great power comes great responsibility, and the requirement to go beyond the usual yada yada when doing new things.
Will I still use Google analytics? Yes, but only because this is an absolutely public blog with no commercial aspects or sensitive personal data.
