Use of Google Analytics and +1 on Koha website
Dear list, it came to my attention that the Koha website (http://www.koha-community.org/) includes code of Google Analytics and Google +1. I am wondering why a free and open source software community would use a corporation's spyware like Google Analytics on their users. More so as the site also includes code for Piwik analytics which runs locally on the Koha server afaics and seems to do the same things Google Analytics does, minus the "give all your data to an evil corporation"-part -- if you think analysing Koha users is neccessary. I would appreciate a discussion about the why and personally prefer these things to disappear so I am able to send people to the community website in good conscience. Have a nice weekend, Mirko
I've had similar concerns -- not just with Koha (and its website) or Google specifically -- but with the way libraries "collect" user info online (via their website or online catalog/database - Koha or not) even if the info is just a card number and password. A lot of libraries have privacy policies stating what's being done and NOT done with patron information, but it's disingenuous to say that no one else has access to patron data when we're indeed using Google Analytics to collect statistical information, etc. Google Analytics aggregates the IP address along with web history, key words, page visits, browsers used, screen resolution, and other data about the patrons. With an unsecure connection (https, anyone?) this unencrypted data can easily be gathered by keystroke logging software/hardware or a hacker with a little know-how. Without pointing fingers, I think "we" (in general) need to be a little more careful with the apps, websites, databases, catalogs, software, etc. that we're creating and using. -----Original Message----- From: koha-bounces@lists.katipo.co.nz [mailto:koha-bounces@lists.katipo.co.nz] On Behalf Of Mirko Sent: Saturday, May 26, 2012 12:56 AM To: koha@lists.katipo.co.nz Subject: [Koha] Use of Google Analytics and +1 on Koha website Dear list, it came to my attention that the Koha website (http://www.koha-community.org/) includes code of Google Analytics and Google +1. I am wondering why a free and open source software community would use a corporation's spyware like Google Analytics on their users. More so as the site also includes code for Piwik analytics which runs locally on the Koha server afaics and seems to do the same things Google Analytics does, minus the "give all your data to an evil corporation"-part -- if you think analysing Koha users is neccessary. I would appreciate a discussion about the why and personally prefer these things to disappear so I am able to send people to the community website in good conscience. Have a nice weekend, Mirko _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
Hi Mirko. I am wondering why a free and open source software community would
use a corporation's spyware like Google Analytics on their users.
While I can understand the sentiment, I don't have an issue with free software projects using Google and other webmaster tools and services on their websites. Many free software projects do use these tools. Many don't, I assume because their philosophy is to only use free software (as in the fsf.org / GPL four freedoms sense). While I can't speak for the Koha community web team, my thought would be that when the koha-community.org website was setup in early 2010 Google Analytics was the only real game in town (unless you like log file analysis). Google Analytics also doesn't require any additional hosting resources (remembering that the services/servers etc that provide the Koha community infrastructure are provided by community members and support companies, at their cost). Now there are more alternatives to choose from, including Piwiki and services offered by other companies. See http://en.wikipedia.org/wiki/List_of_web_analytics_software I think it is great that the site is using Piwik - it is a great product that is improving quickly, provides good information, is easy to use, and you 'own' the data. However, whether we like it or not, Google Analytics is very ubiquitous on the web today. Many organisations use it. Most would be reluctant to give it up - if they do consider other options they would most likely run it side-by-side for some time to see how they compare. I would not classify it as 'spyware', no more so than any other cookies set by websites. What information does Google Analytics collect? Google Analytics is implemented through a cookie which is placed on the visitor's computer along with code in the webpage which collects visitor data and relays it to Google's servers for processing. It generally collects: - IP addresses - Geographical location of the IP address - Pages visited - How the visitor arrived at the webpage - Computer information, such as the operating system, screen size, browser browser being used. That does not mean that there are not any privacy issues. See also http://en.wikipedia.org/wiki/Google_Analytics#Privacy_issues for information on some of these. For people concerned about privacy there are options to block it (search Google for more options 8-' ): http://www.brighthub.com/guides/google-analytics.aspx minus the "give all your data to an
evil corporation"-part -- if you think analysing Koha users is neccessary.
I'm not in the Google is an "evil corporation" camp, and think this is a more extreme view. There is the http://www.dataliberation.org/ if you are concerned about Google's dominance and practices. The purpose of web analytics, whatever the tool, is not analysing users per se. It is about how people are using your website, whether it is helping you achieve your goals, finding out what they are looking at and for, how to improve it and make it a better experience. I would be happy to do this if the data was available, from whatever source. I would appreciate a discussion about the why and personally prefer
these things to disappear so I am able to send people to the community website in good conscience.
The Koha community uses free software for everything I can see at koha-community.org: Wordpress for the website, Wikimedia for the wiki, Bugzilla for bug (and feature) tracking, Git for revision control, Mailman for mailing lists, Jenkins for continuous integration testing, Linux as the operating system that Koha runs on, Perl and all the associated modules, translation using Pootle, etc. Koha community members come from across the spectrum in terms of awareness of free software. Many are very strong free software supporters. There are also probably many community members who don't have such strong views, but use and contribute to Koha because it is great software, has many benefits for them and their organisation, and is free. I would imagine many also use non-free software, whether by choice or because of the policies of the organisations they work for. Koha offers a great free software product and community. It is developed in a very open and transparent way and reflects the best aspects of free software, in the truest sense. Promoting your website (any website, not just for free software projects) and understanding how your 'customers' use it are important parts of having a web presence, especially for a world-wide community. The Google webmaster tools used (Google Analytics; G+ - for promoting Koha, a good thing since there is often confusion between koha-community.org and the fork; Google search - searching across the koha-community.org sites e.g. site, wiki, manual, mailing lists, irc logs etc.) all play a useful part in this, whether free software or not. The Koha community also uses other "non-free" web services to promote Koha e.g Twitter, Youtube. While there are alternatives for some of these ( http://libreprojects.net/), it requires community members to propose them, work on them, and probably in some cases pay for them, especially where hosting is required. Should the Koha community have a privacy statement to address any concerns about privacy? I'm not sure if one is required. I'm also not sure how easy it would be to do, as community members come from countries with different privacy laws, requirements and cultures. It would require someone to propose it as an RFC on the wiki, to develop one, and get approval a general IRC meeting ( http://wiki.koha-community.org/wiki/General_IRC_meeting,_13_June_2012). I think I've rambled enough now...... David Nind | david.nind@gmail.com PO Box 12367, Thorndon, Wellington, New Zealand 6144 h. +64 4 9720 600 | m. +64 21 0537 847 | w. +64 4 8906 098 Note: I am an individual fsf.org member, use Ubunbtu as my desktop of choice (closely followed by Debian), use Piwiki and other free software e.g. Drupal, Firefox, LibreOffice. I also use Windows and other non-free software when I have to, although my first preference is to look for and use free software.
Hello David. David Nind wrote: […]
I would not classify it as 'spyware', no more so than any other cookies set by websites.
What information does Google Analytics collect? Google Analytics is implemented through a cookie which is placed on the visitor's computer along with code in the webpage which collects visitor data and relays it to Google's servers for processing. It generally collects:
- IP addresses - Geographical location of the IP address - Pages visited - How the visitor arrived at the webpage - Computer information, such as the operating system, screen size, browser browser being used.
Together with the data collected on all other Google-"enhanced" websites (embedding Google analytics, Google+1, Google ads, googleapis, Youtube clips etc.) and the data generated by "standalone" enduser products like all flavours of Google search, Google Maps/ Streetview, Gmail, Google+, Google checkout, Youtube, Blogger.com, Android and all the other things Google does, this data may represent, depending on your online behaviour, your complete life on the internet and even more. While I can understand that people may find the term spyware harsh, from my point of view it is not inappropriate. Google watches a lot of things we do on the internet and I am not comfortable with that. It's not only Google of course, I am very concerned with how much things are outsourced to third parties nowadays, giving them access to user data and power over our own websites, blogs etc. It sure makes things easier for webmasters, gives them new tools, reduces bandwidth and so on, but it is done on the cost of the user's privacy.
That does not mean that there are not any privacy issues. See also http://en.wikipedia.org/wiki/Google_Analytics#Privacy_issues for information on some of these.
Thanks for pointing that out.
For people concerned about privacy there are options to block it (search Google for more options 8-' ): http://www.brighthub.com/guides/google-analytics.aspx
Personally I block third party scripts, but that is no option for the general public. I get frequently told that my computer is not usable to browse the web because nothing works ;) I think it is a problem that most people don't even know things like Google Anaylitics are used, or if they do, they have no idea what that means and disregard it because it's "too technical". From a user perspective it would be fair to ask people to actively opt in to such things to turn this situation around and have some kind of informed consent.
minus the "give all your data to an
evil corporation"-part -- if you think analysing Koha users is neccessary.
I'm not in the Google is an "evil corporation" camp, and think this is a more extreme view. There is the http://www.dataliberation.org/ if you are concerned about Google's dominance and practices.
As far as I understand, dataliberation.org is about transporting your data from or to Google, not about getting your data "out" like in "delete it"?
The purpose of web analytics, whatever the tool, is not analysing users per se. It is about how people are using your website, whether it is helping you achieve your goals, finding out what they are looking at and for, how to improve it and make it a better experience. I would be happy to do this if the data was available, from whatever source.
I think there are several problems here from a user perspective. 1. As a user, I may not want you to do that without my consent. I generally may not want to be watched using a website and especially not if this data is stored and used by a third party that neither of us has control over and perhaps even without me knowing that they are involved at all. 2. Your goal may be making the website better and you may not be interested in the data of the single user. Google definitely IS interested in that. Their goal is to connect as much data as possible to one account. Again, neither one of us has any saying about what they are going to do with that data, who else will be using it now or in the future, how long it will be stored and so on.
I would appreciate a discussion about the why and personally prefer
these things to disappear so I am able to send people to the community website in good conscience.
The Koha community uses free software for everything I can see at koha-community.org: Wordpress for the website, Wikimedia for the wiki, Bugzilla for bug (and feature) tracking, Git for revision control, Mailman for mailing lists, Jenkins for continuous integration testing, Linux as the operating system that Koha runs on, Perl and all the associated modules, translation using Pootle, etc.
Koha community members come from across the spectrum in terms of awareness of free software. Many are very strong free software supporters. There are also probably many community members who don't have such strong views, but use and contribute to Koha because it is great software, has many benefits for them and their organisation, and is free. I would imagine many also use non-free software, whether by choice or because of the policies of the organisations they work for.
Koha offers a great free software product and community. It is developed in a very open and transparent way and reflects the best aspects of free software, in the truest sense.
Promoting your website (any website, not just for free software projects) and understanding how your 'customers' use it are important parts of having a web presence, especially for a world-wide community. The Google webmaster tools used (Google Analytics; G+ - for promoting Koha, a good thing since there is often confusion between koha-community.org and the fork; Google search - searching across the koha-community.org sites e.g. site, wiki, manual, mailing lists, irc logs etc.) all play a useful part in this, whether free software or not.
I do understand the fork problem. I have no insight into how much the use of G+1 can help with that but I suppose Google Analytics has nothing to do with that? I would not want to tell people what kind of licenses the software they use is allowed to have. I can't use free software whenever I want to, even though I would prefer to do so. Google Analytics is different though, because in this case it's not just that the Koha website uses a non-free software, but the Koha website allows a non-free software to use me (my data) and I think that should be considered something else than somebody using a non-free tool locally to build or host a website. […]
Should the Koha community have a privacy statement to address any concerns about privacy? I'm not sure if one is required. I'm also not sure how easy it would be to do, as community members come from countries with different privacy laws, requirements and cultures. It would require someone to propose it as an RFC on the wiki, to develop one, and get approval a general IRC meeting ( http://wiki.koha-community.org/wiki/General_IRC_meeting,_13_June_2012).
I think in Germany it is at least considered safer to have a privacy statement, the law seems not to cover such problems yet. Personally I think the statement is not enough, as stated before. To make that clear, I do not think that the Koha website or it's maintainers really want to spy on me or others. Ever since I started working with Koha I have experienced a very friendly, open and nice community and I did not want to imply bad intentions by anyone, I am sorry if I gave that impression. There are free alternatives (like the already mentioned Piwik that seems to be used in the site already) that could be used instead of services of third parties. If people think using analyzing software on the Koha website is neccessary then I would prefer a free software that stores data only locally and does not send anything to a third party we cannot control. - Mirko
On Mon, May 28, 2012 at 9:30 AM, Mirko <5p4m@gmx.de> wrote:
Hello David.
David Nind wrote:
[…]
I would not classify it as 'spyware', no more so than any other cookies
set
by websites.
What information does Google Analytics collect? Google Analytics is implemented through a cookie which is placed on the visitor's computer along with code in the webpage which collects visitor data and relays it to Google's servers for processing. It generally collects:
- IP addresses - Geographical location of the IP address - Pages visited - How the visitor arrived at the webpage - Computer information, such as the operating system, screen size, browser browser being used.
Together with the data collected on all other Google-"enhanced" websites (embedding Google analytics, Google+1, Google ads, googleapis, Youtube clips etc.) and the data generated by "standalone" enduser products like all flavours of Google search, Google Maps/ Streetview, Gmail, Google+, Google checkout, Youtube, Blogger.com, Android and all the other things Google does, this data may represent, depending on your online behaviour, your complete life on the internet and even more.
This is a very valid concern. Given enough data about an individual, it is possible to use data-crunching software to prognosticate the said individual's future actions with a very high level of probability. We are, after all, creatures of habit. This is no small concern and extends well beyond Google. The aggregate of data collected on a given individual today is tremendous. A large part of it is collected with no further consent of the individual than the simple choice of the individual to use technology.
While I can understand that people may find the term spyware harsh, from my point of view it is not inappropriate. Google watches a lot of things we do on the internet and I am not comfortable with that.
Spyware is not too harsh imho. It is probably not strong enough if the raw truth were known.
It's not only Google of course, I am very concerned with how much things are outsourced to third parties nowadays, giving them access to user data and power over our own websites, blogs etc. It sure makes things easier for webmasters, gives them new tools, reduces bandwidth and so on, but it is done on the cost of the user's privacy.
Exactly. Nothing is free. You always pay for it somehow. In many cases today, you trade your personal information for ease and convenience. it's still true: If you are going to dance, you will have to pay the fiddler. At least be sure that you preserve the right to choose whether or not you dance. Kind Regards, Chris
participants (4)
-
Adams, Jason -
Chris Nighswonger -
David Nind -
Mirko