there's nothing to disclose. they've told you they won't share your personal info, and they don't.

i didn't call anyone an idiot, did i? i do, however, maintain that anyone who keeps posting walls of text about this non-topic must have no life at all. if those people put at least as much energy into criticising their own government, maybe then they wouldn't live in a surveillance society.

now i bid you a good day, Sir, because i have to get back to my life which i've left somewhere outside the internets.

I think you implied that they were idiots, yes. And if them posting on this thread means they have "no life", then what does that make someone who repeatedly posts on it just to make fun of those people? Glass houses bro.

It's about domains. A browser will only send a cookie to the domain that created it. so a cookie for gog.com is only visible to gog.com.

a cookie for google.com is visible for any request to google.com. So if I go to amazon and buy something, and amazon cause me to send a request to google analytics, then I go to GOG and buy something, and GOG cause me to send a request to google analytics, then google can associate those 2 actions. The thing about google analytics is that it's very widely used, so there is a very large amount of information that can be associated. So when GOG cause our browser to send information to google, they are throwing that information into the pool of information that other sites also chose to send. Within this pool of information is amost certainly enough information to uniquely identify most people.

I'm in a country where any kind of porn is illegal enough that theoretically, the Witcher 2 could see me sent to jail.

We have posters here from Indonesia too, which as I understand it has even harsher laws. GOG states that they are keeping personal information for use under certain legal circumstances.

Even so, I'm not massively bothered or even remotely worried, but still it would have been very nice to know beforehand. You can understand that right?

So basically the concern is that it helps google compile data and that, even though the data in question is not really "personal" per se, it can be merged with other data that *is* personal. Right?

I think that clears it up for me, thanks.

Actually no, because you have separate tracking codes for each of the websites that use GA, and the cookies generated are independent from one another, as are the requests to Google Analytics.

And this really is a non-issue, because GOG does indeed not disclose any personal details: it does not disclose your username, nor does it disclose your email, nor the credit-card number or paypal account used to use the transaction.

An order ID does not count as personal details, because without access to the GOG database it can not be used to personally identify you as an individual.

And what information is that? I'm honestly asking because I've never used PayPal to pay on GOG, but from what I see, once you select PayPal it redirects you to their website to complete the payment.

I mean, I need clarification on what information you refer to when you say "the info you gave them" and to what you refer when you say "the info you give paypal".

I don't quite understand how they could achieve this, unless they generate a separate subdomain per GA account and label the cookies as being specific to that domain, they will be sent all cookies with each request. So if they wanted to then they could link the traffic.

Using and [url=https://addons.mozilla.org/en-US/firefox/addon/ghostery/?src=search]Ghostery along with BetterPrivacy with Firefox gives me the illusion of privacy . . . if nothing else.

On the attached image, image A shows what NoScript is blocking with image B showing what Ghostery is blocking on GOG.

I do have GhostRank disabled in the Ghostery Options. I can't see any diff in blocking with it disabled or enabled so I leave it disabled as I prefer not to send them data.

I assume GOG wants user data to some degree (maybe getting it from Google???) so they may not be too helpful concerning blocking methods

What's the concern about Ghostery? I tried Google it but found nothing. Has been using that thing for months on my Opera.

It seems that by European law, websites have to inform their users if they are collecting data for GA. This was ruled in May 2011, and companies have one year to comply before it is enforced.

Source.

Too bad most websites won't do a thing about it.

This is not how EU legislation works. EU can create "directives" but then it's up to each member countries to enforce laws from such directives (or don't). What you're linking is true for UK websites and that's it.

Get well soon.