I justed visited https://www.mozilla.org/en-US/ and browsed the source, and they still have the Google Analytics tracking crap on their website. Strange for a company that claims to be "committed to your privacy."
Mozilla has an enterprise agreement with Google that limits what data is collected through GA and how it can be used. Quote:
Our Google Analytics premium account is set to opt-out on all of 3rd party
uses of the data and the only people who have access to the anonymous
aggregated data is Mozilla Employees. This is not the normal Google
Analytics setup that most people use on other websites.
Also, to increase privacy we flipped the anonymize flag in the Google
Analytics request [...] and don't do any cross-domain cookies within Google
Analytics.
If it's on Google's servers, then clearly Mozilla employees aren't the only ones with access to it, and the anonymization he's referring to is mere IP address anonymization, where the last octet of an IPv4 address is zeroed. The viability of browser fingerprinting as demonstrated by the EFF's Panopticlick shows cookies, cross-domain or otherwise, are no longer the only viable means to persistently tracking users.
Google obviously have systems in place to allow employee access for absolute emergencies - but alarmed in case of unauthorised access.
in any case, the analytics data is anonymised and as such cannot be used to identify you. google goes to huge lengths anonymising data to aggregate you as a user into groups of millions for advertisers to bid on, you are simply not a big enough fish for special treatment.
> google goes to huge lengths anonymising data to aggregate you as a user into groups of millions for advertisers to bid on, you are simply not a big enough fish for special treatment
You're mixing different products and people here. That may be true of Google Analytics data (I don't know either way), but it's not true for their advertising services. Google purposely tracks individual people in a non-anonymous way in order to sell remarketing products, to e.g. show a banner of items currently in your Amazon shopping cart alongside an article you're reading at CNN through their AdSense/DoubleClick platforms.
It's a valid objection. GA at this point is on most websites you visit. The data is forwarded to Google where it's processed and stored forever. GA is one of the biggest threats to privacy on the web, and any company claiming to care about your privacy should not be using it.
I agree with you that it's a valid objection. I disagree however, when you say " any company claiming to care about your privacy should not be using it." That's an easy accusation to throw around, but what is hard to is come up with a better alternative.
What is your suggestion, that they should abandon all analytics, or that they should build their own, or do you not have one? Are you willing to acknowledge that GA solves a real problem and provides valuable information?
In my judgement, it makes a lot of sense that Mozilla would use GA. I want them to use it because I believe in their mission, and I'm sure in the balance of things, it helps them maintain a stronger position as an organization.
>What is your suggestion, that they should abandon all analytics
Ideally, yes. Or at the very least don't use Google for it. Use something like Pwiki instead. Or perhaps try actually allowing your users to decide what if any information they feel comfortable sharing with you.
There are other non-profits like the Wikimedia Foundation and the Internet Archive whose websites still somehow manage to function despite not triggering any of the multitude of filter rules that plugins like uBlock ship with.
But Mozilla doesn't appear to have done that. "We need analytics, and we respect privacy, so we've come up with something that's better than most companies but still not good enough for some of our users".
It's easy to bash someone for hypocrisy when they're trying trying to do the right thing. It's a bit weird seeing this consternation at Mozilla considering just how scummy the other companies are.
I find it very, very hard to get outraged over analytics code on a web browser site. And as previously mentioned every time someone brings up this idiotic factoid, Mozilla's use of GA isn't exactly standard.
You find it very, very hard to get outraged because you either use GA yourself and do not wish to acknowledge your complicity in the matter or you've simply failed to make the obvious leap from analytics to clickstream data.
Google wants to know what web pages you visit, when, and how often, and a GA beacon that phones home that information placed on every web page is the easiest way for them to do it.
EDIT: there are either a lot of angry GA users in this thread or Google apologists. Either was, I do believe Google is now or will soon use GA for clickstream tracking. I also believe this is why they offer to host frequently requested assets like JQuery.
Yes, let's not forget the fonts and js libraries served on cookie-less domains for speed. Surely, these are part of a plan to create a New World Order. https://developers.google.com/fonts/faq#Privacy