jaster@???:
> Once upon a time, webmasters had the same problem with AOL's proxy.
> Millions of people had the same IP. The workaround was to count a new
> user session every time the same IP was inactive for a few minutes.
The past is repeating :)
> One problem with IPs now is that the EU privacy rules seem to require
> not identifying users to websites without their opting in for that.
I guess you are referring here to the EU Directive 2002/58/EC Article 5,
aka. the "Cookie Law":
https://en.wikipedia.org/wiki/Privacy_and_Electronic_Communications_Directive_2002#Cookies
Indeed, we have to think about that. Thanks for pointing that out!
I like this companion document with examples:
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf
And it makes it clear (Section 4.3) that first-party analytics cookies
are not exempt from explicit consent (login cookies don't need consent
for example).
« This analysis also shows that first party analytics cookies are not
exempt from consent but pose limited privacy risks, provided reasonable
safeguards are in place, including adequate information, the ability to
opt-out easily and comprehensive anonymisation mechanisms. »
To summarize our options, the pros and cons, to single out most of Tor
Browser users:
1. Use server logs with IP addresses
- (+) Will take into account people without JavaScript.
- (-) People going out through the same exit node will appear as a
single visit.
2. Use the JavaScript and cookie of Piwik
- (-) We won't take into account people without JavaScript.
- (-) Have to add a consent message as of the Cookie Law.
- (+) Will be able to differentiate Tor Browser users going out through
the same exit node.
In both cases, we can use the IP anonymization feature of Piwik on top
of that (and delete the server logs for example).
> IMO, counting people is overrated. The better questions are around why
> people come and what they ask for and do. User vocabulary. Page views.
> Search terms. You can learn a lot about those things without needing to
> identify individuals.
Right. My main concern about being able to differentiate visits was
actually about being able to analyze what people do. Because if all the
website activity of people using Tails appears as a single person, I'm
afraid we won't be able to understand much about what they do from one
page to another (on top of aggregate page views).
But you now convinced me that even if both options won't be perfect in
terms of identifying visits, they are both good enough. And given the
Cookie Law we should probably go for option 1 (server logs and then
delete them).
