Thanks for your lengthy response, EnigmaticT, which I would like to address in sections:
TheEnigmaticT: ... We aren't giving Google any private information...
GOG is providing full details of every order placed to Google. Now there has been debate by some in this thread about whether that is private or not, and the viewpoint I wish to put is that anything we do on GOG should be private and that
financial transactions should be doubly so.
As such, I regard your response here as both inadequate and incorrect.
TheEnigmaticT: ...we've had the privacy set to "do not share any information with Google".
Given the information offered in my initial post, this setting needs reassessment because it certainly isn't doing what it says.
TheEnigmaticT: ...Google Analytics has the option to randomize the last octet of your IP address to further obscure your data and protect your privacy. In response to your concerns, we have enabled this option to further protect your privacy.
While the gesture is not unappreciated, it is quite irrelevant. If users' browsers are connecting to GA directly, Google gets their full IP address regardless of settings on GOG's side.
TheEnigmaticT: ...Since we have opted for the highest level of privacy with the data that we're analyzing with GA, we still stand by that statement. They are not allowed to collect any data for their own use.
Please review
Google Analytics' Terms of Service and pay attention to section 6:
"Google and its wholly owned subsidiaries may retain and use, subject to the terms of its Privacy Policy (located at http://www.google.com/privacy.html , or such other URL as Google may provide from time to time), information collected in Your use of the Service." Google's
Privacy Policy then includes the following:
"We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones..." "We may combine personal information from one service with information, including personal information, from other Google services..." "We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions...We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to...protect against harm to the rights, property or safety of Google... So Google state several situations where they intend to use data provided by GOG and other GA participants. Your statement is therefore incorrect.
TheEnigmaticT: Further, we do not at any time share any of the information in our database with any third party: your username and email are not shared with anyone, and given the encryption that we use on your passwords, even we don't know what those are.
Nice to know, but these specific items of data weren't the subject of my original post.
TheEnigmaticT: ...so there's no possibility of a malicious attack from a Google employee (which is the common vector proposed for a security threat from GA).
The "thank you" page includes the following HTML:
<script type="text/javascript">
(function() {
var ga = document.createElement('script');
ga.type = 'text/javascript';
ga.async = true;
ga.src = ('https:' == document.location.protocol ? '
https://ssl' : '
http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
This directs users' browsers to
GA's Javascript code which can be modified by Google at will. As long as this call to GA's code exists, your webmasters can do nothing to prevent a
possible compromise through GA (this applies to other GA users too).
TheEnigmaticT: ...One of the helpful things that we can do with Google Analytics is measure how well our new page does at taking, for example, new visitors and delivering them to specific game pages to look at and buy games. Some of you have proposed using an in-house system to track this, or else use one of the alternative open-source self-hosted analytics solutions. Neither of those options is as flexible, as simple, and--yes---as secure as Google Analytics.
So you are saying that a third party solution, that requires disclosure of private data, that has stated the intent to use such data and which allows a third party to alter the behaviour of your webpage is more secure than on-site processing which would involve none of these?
That is equivalent of saying:
I have some money I want to deposit in a bank - rather than going there myself and getting a receipt, I'll send Bernard Madoff to do it. Yes, he's said he may not deliver all the money and I might not get a return on it, but he has a great reputation and all my other friends use him. TheEnigmaticT: ... If you believe that the information that we collect is still somehow detrimental to your privacy and security, you are always welcome to install one of any number of javascript blockers; because this is client-side instead of server-side...
Yes, this can be blocked but because the thank-you page is encrypted (https)
many filters will fail to do this. Only browser plugins and those filters capable of handling https (like Proxomitron) will do the job - anyone using a third party filter (and that includes those offered by most online security/private suites) will still have this information sent. Even using an HTTP filter to block access to google-analytics.com will probably not work with https traffic.
The fact that this action
can be blocked however is another strike against GA compared to in-house analytics - processing your own web logs would give you more accurate results.
