Site Statistics and User Privacy for Nonprofit Websites
But is your visitors’ information being used by others? What responsibility do you have to explain to your site’s users what information they’re giving away by visiting your site and to whom? In this article, we’ll explore some privacy issues surrounding web analytics and other website tools. Since Google Analytics (GA) is the most prominent third-party analytics tool on the market, we’ll pay particular attention to it, but the recommendations we offer apply to other third-party services too.
This article is intended for readers who are already familiar with the basics of site statistics. If you’ve never thought about utilizing statistics on your nonprofit’s website, start with Idealware’s A Few Good Web Analytics Tools.
Understanding Site Statistics and Web Beacons
Every time someone visits your website, information about that visitor is stored in a server log, including the date and time of the visit, which pages the person viewed, her approximate location, and information about the computer and software she used to access your site. Most modern web hosts let you view and analyze your website’s log files. AWStats and Webalizer are the two most common log-file-analysis tools offered by hosting providers. What makes third-party analysis different from server-log analysis? If you have a third-party tool installed on your website, users’ information is sent directly to the provider of that tool, data which the provider may use for its own purposes. Google, for example, uses Google Analytics data to build your web analytics reports, but it also synthesizes it with data from all of the other websites that use GA in its own private market-research database. In other words, if there’s another website that’s frequently viewed by your organization’s supporters, Google can recognize that correlation and use it to place ads more effectively on behalf of its advertising customers (it can’t, however, connect this information to names of individual users).
To use GA, you must insert a web beacon into each page on your website. A beacon, sometimes referred to more disparagingly as a web bug, is a small piece of code that sends information about the viewer to a third party. According to Know Privacy’s 2009 report on Internet privacy, the 50 most popular websites on the Internet all contain at least one third-party web beacon; some sites carry as many as 100 (for example, one site may use GA, AdWords, and AddThis so this would be three different sets of beacons on a variety of pages throughout the site). Beacons send immediate information about a visitor to their manufacturer and in many cases create cookies to track the visitor’s future interactions. For more on how cookies work, see Understanding Cookies and Their Effect on Your Privacy.
Source: Know Privacy
Google’s beacons are particularly ubiquitous: Google can track activity not only on sites with GA installed, but also on sites that subscribe to Google-operated advertising services (AdSense and DoubleClick) or Google’s Widgets and FriendConnect services. Know Privacy estimates that taking all of these offerings into account, Google tracks 88.4% of the traffic on the web. Know Privacy notes that Google does purport to keep this data in separate silos. Google offers advanced features to webmasters who allow it to share data between different services and with partners.
GA isn’t the only third-party analytics tool that uses web beacons, but it’s the most popular. Similar services include StatCounter, Quantcast, and Wordpress Stats. As we alluded to above, advertising services like AdSense and Yahoo! APT also use beacons to track visitor activity; so do some social media widgets like AddThis and Meebo.
How Do Web Beacons Impact User Privacy?
How severe of an invasion of privacy is Google Analytics? It’s a difficult question, and opinions vary. While some people insist that web beacons and cookies must be regulated more stringently to preserve the Internet as a venue for safe communication, others compare GA to legal market-research techniques that advertisers have employed since long before the web existed.
According to a September 2009 report (Part 1, Part 2) from the Electronic Frontier Foundation (EFF, an organization known for its uncompromising approach to Internet privacy issues), large companies have begun to collate browsing histories with users’ social networking profiles, yielding a much more complete picture of Internet users than was previously possible. “We’re fearful that the vast majority of Internet users will continue to be tracked by dozens of companies — companies they've never heard of, companies they have no relationship with, companies they would never choose to trust with their most private thoughts and reading habits.” (To Google’s credit, its Orkut is the only major social networking service the Electronic Frontier Foundation found not to share information with third parties.)
To make matters worse, many privacy policies on popular websites are unclear even to legal experts, let alone laypeople, about the extent to which third parties use visitor data. According to the Know Privacy study, “While most policies stated that information would not be shared with third parties, many of these sites allowed third-party tracking through web bugs… It makes little sense to disclaim formal information sharing but allow functionally equivalent tracking by third parties.”
We spoke with noted library consultant and advocate Jessamyn West on the use of services like GA in libraries and the broader social sector. West was quick to point out that bugs and cookies are neither the only nor the most severe modern threats to privacy. “There are many things that could happen to you as soon as you pick up the telephone, walk out the door, or connect to the Internet. You might have your picture taken and posted online. You might have your credit card skimmed. What’s important is to gauge relative risks and your personal feeling about those risks. Some people refuse to enter their credit card information on the Internet; others are comfortable with that level of risk.”
While more tempered in her assessment than EFF, West reminded us that when you install a web beacon on your organization’s website, the decision impacts not only you but your constituents too. “When you make a decision about privacy on your library’s website, you’re implicitly making that decision on behalf of your users too, and most of the time, they don’t even know that a decision has been made. This is about the library’s personal association with the user: when users interact with a library’s website, that website is a part of the library.” West said that organizations need to strike a reasonable balance between their own needs and their members’ expectation of privacy. “We shouldn’t necessarily stick to our guns for no reason,” she said, “but we should take the implications seriously when we make these sorts of decisions.”
Communicate, Empower, Test
In early 2009, TechSoup Global made the decision to start using Google Analytics to track traffic on TechSoup.org. It was difficult for us to build a holistic view of site activity on server logs alone, as many components of our website are on different servers; for example, the TechSoup Blog and TechSoup forums are currently hosted by separate providers. We had trouble gaining a clear understanding of how visitors were using our site as a whole. Did mentioning a product donation in an article result in more users requesting that donation? Was traffic to the forums coming primarily from other parts of the site or from outside searches? Without a single record of activity throughout TechSoup.org, it was difficult to answer these questions with much precision.
It’s not our place to endorse or oppose the use of GA in the nonprofit sector, but we did learn a lot from our own experience implementing it. Some users were disheartened by what they perceived as an unnecessary breach of privacy; others wished that we had communicated the switch more clearly. To make matters worse, the GA code caused temporary problems with some of the site’s functionality. The experience taught us three important lessons: communicate changes to users, empower users to opt out, and test changes thoroughly.
Communicate Changes to Users
Your nonprofit’s supporters, friends, and constituents will appreciate the extra effort to inform them regardless of how they feel about your policy. “Explain why you’re using it,” West said, “And have good reasons. If you don’t have good reasons, that sends the message that you really haven’t thought about the implications of these tools.”
Empower Users to Opt Out
But what’s the point of using GA if you allow users to disable it? Won’t that skew the results? Yes and no. It may have a small impact on the accuracy of your GA reports, but no statistics tool is 100% accurate. For measuring the impact of a particular message, campaign, or site redesign, precision is more important than accuracy.
Test Changes Thoroughly
There’s always the possibility that introducing new code to your website will have unforeseen consequences. If your site is very simple, testing might mean adding the GA code late at night and spending an hour or two testing the site with a variety of computers, operating systems, and web browsers.
Whatever your site’s size and level of complexity, back it up before adding the GA tracking tags to it. If your website isn’t part of your backup strategy (or if you don’t have a backup strategy), this might be a good time to think about beginning to back up your website regularly. For more information, see the chapter on backup in The Resilient Organization, TechSoup’s disaster planning guide.
In today’s world, individuals must decide every day what privacy risks they’re willing to accept. For some people, that means using a local mail server rather than a webmail service, or not using email at all. Some people avoid entering their credit card information online, while others choose not to have cards.
These choices belong to the individual, but in the nonprofit community, we occasionally must make similar decisions on behalf of our donors, supporters, volunteers, and beneficiaries. It would be impossible to maintain a nonprofit or library airtight from privacy risks and irresponsible to ignore our role in user privacy altogether, thus we should strike a balance that caters to users’ needs without curtailing the organization’s impact. When you make a change to your website that impacts user privacy, your constituents will appreciate you taking the time to communicate the change clearly and empower them to opt out.
“I’ve kind of made my peace with this,” West said when asked for her personal take on web privacy. “I’m more-or-less comfortable with the idea of letting my life be an open book. But there are people who feel differently, and you have to respect them. We make accommodations so that people with disabilities or underprivileged people can use the library; well, privacy freaks are part of the public too. We need to make our institutions accessible for them too – find a way to make our tools work for them. It’s an interesting challenge.”
Using Site Statistics
- A Few Good Web Analytics Tools
- Web Stats: What Does It All Mean?
- Using Google Analytics to Track a Nonprofit Website
- Turning Web Analytics into Nonprofit Success
- Know Privacy
- Disabling Google Analytics
- Recommendations for Web Measurement on Government Websites
- Defending Firefox from Interest-Based Ad Cookies
- Tech Beginner’s Guide
- sample_privacy_policy (34 KB DOC)
- SANS Technology Institute: Security Policy Resources
This article originally published on TechSoup
This work is licensed under a  Creative Commons Attribution 3.0 United States License