incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <apa...@robweir.com>
Subject Re: [WWW] Web analytics
Date Fri, 12 Aug 2011 22:30:44 GMT
On Fri, Aug 12, 2011 at 5:48 PM, Marcus (OOo) <marcus.mail@wtnet.de> wrote:
> Am 08/12/2011 10:42 PM, schrieb Rob Weir:
>>
>> On Fri, Aug 12, 2011 at 4:14 PM, Eike Rathke<ooo@erack.de>  wrote:
>>>
>>> Hi Rob,
>>>
>>> On Friday, 2011-08-12 13:29:00 -0400, Rob Weir wrote:
>>>
>>>>> Before taking that step, it's worth asking if the project actually
>>>>> has a need for web analytics yet. They were included on OO.o site
>>>>> mainly because Sun was using the data as part of its business
>>>>> metrics. It's not obvious that the same need exists in AOOo.
>>>>
>>>> I think it is an essential tool to optimizing the web experience for
>>>> our visitors.  It is part of a feedback loop where we look at the
>>>> traffic stats, how our website is actually being used, the
>>>> demographics of the visitors, etc., and then iteratively improve the
>>>> website to make it more useful.
>>>
>>> So first question is: analytics yes or no, which affects also the
>>> Privacy Policy.
>>>
>>>> On the question of Piwik (open source, used, for example by
>>>> LibreOffice) versus Google Analytics,  I'm very familiar with Google,
>>>> so I could help more there.  But I don't have an informed opinion on
>>>> the virtues of each.  I've never heard of Piwik until today.
>>>
>>> The big difference is that with Piwik the data collected stays inhouse
>>> at Apache, whereas with Google it goes to Google that does whatever you
>>> don't know. This again implies that at Apache measures must be taken to
>>> protect the privacy of collected data. The German "Landeszentrum für
>>> Datenschutz Schleswig-Holstein" (center of data protection) has a few
>>> documents about tracking [1], unfortunately only in German, why Google
>>> Analytics doesn't comply with the German data protection law [2] and how
>>> Piwik can be configured to be used in compliance with the law [3].
>>>
>>
>> Does this law matter if the servers are hosted in the US, not in
>> Germany?  (I'm assuming that the Apache servers are in the US).
>
> No, but it not a secret that the protection of private data is, hm, not the
> best in the US compared with other. So, why stick with this?
>

Remember, even if we used Piwik, the data would be in the US.  All
user accounts for Apache, all wiki accounts, all mailing lists
subscription data, etc., is in the US.  We have a jurisdiction.

As you know trying to comply with the laws of every country is nearly
impossible.  If we try to do that, then we'll immediately run into
problems, like the status of Taiwan (Chinese Formosa), which has come
up previously:

http://openoffice.org/projects/www/lists/discuss/archive/2003-06/message/38

>> Storing the data ourselves is a double-edged sword.  If we store it,
>> then we are responsible for any problems with that data.
>
> I don't think that would be more difficult than what Apache is storing
> anyway (mail addresses, user names, passwords). I don't think that we would
> be interested in IP addresses, postal addresses, etc.
>

Any web analytics package is going to track IP address and store a
cookie.  That is how it knows what country you are from and whether
you are a new or a returning user.

I agree that it is not much more difficult.  If we use Google, then we
need to secure and control access to the login for Google Analytics.
If we use Piwik then we need to control access there.  And if we just
use web logs and run reports on those, then we need to control access
to the raw http logs.

For any of these options, we'll have some information that we need to
keep secure.   The PPMC has the ability to do this, via a private area
in SVN.

> The main part would be to know the user's browser data (OS, language,
> browser app and version). For me no special data that should get special
> treated.
>
>> Google states what they can do with the data, but it is rather broad,
>> as you know.
>
> When you are really concerned about protection of private data, then you
> wouldn't use Google Analytics. ;-)
>

Or you would disable cookies and Javascript from your browser, right?

Actually, that is a great goal for this project:  We should try to
make sure that our website, downloads, etc., all work, even if
Javascript and cookies are disabled.  This is a good thing for
accessibility as well.

>>> [1] https://www.datenschutzzentrum.de/tracking/
>>> [2]
>>> https://www.datenschutzzentrum.de/tracking/20090123_GA_stellungnahme.pdf
>>> [3] https://www.datenschutzzentrum.de/tracking/piwik/
>>>
>>>  Eike
>
> Marcus
>

Mime
View raw message