Re: [Tails-ux] Report on Piwik prototype

Delete this message

Reply to this message
Author: jaster
Date:  
To: Tails user experience & user interface design
Subject: Re: [Tails-ux] Report on Piwik prototype
>On 2017-09-06 06:48, sajolida wrote:
>> jaster@???:
>> One problem with IPs now is that the EU privacy rules seem to require
>> not identifying users to websites without their opting in for that.
>
> I guess you are referring here to the EU Directive 2002/58/EC Article 5,
> aka. the "Cookie Law":
>
> https://en.wikipedia.org/wiki/Privacy_and_Electronic_Communications_Directive_2002#Cookies


I think this GDPR might be newer and sharper than the cookie law, but I
am not sure. It goes into effect next May:

https://www.pensar.co.uk/blog/prepare-your-business-for-the-gdpr GDPR
Some links here and an overview.

jaster






previously:

> Indeed, we have to think about that. Thanks for pointing that out!
>
> I like this companion document with examples:
>
> http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf
>
> And it makes it clear (Section 4.3) that first-party analytics cookies
> are not exempt from explicit consent (login cookies don't need consent
> for example).
>
> « This analysis also shows that first party analytics cookies are not
> exempt from consent but pose limited privacy risks, provided reasonable
> safeguards are in place, including adequate information, the ability to
> opt-out easily and comprehensive anonymisation mechanisms. »
>
> To summarize our options, the pros and cons, to single out most of Tor
> Browser users:
>
> 1. Use server logs with IP addresses
>
> - (+) Will take into account people without JavaScript.
> - (-) People going out through the same exit node will appear as a
>       single visit.

>
> 2. Use the JavaScript and cookie of Piwik
>
> - (-) We won't take into account people without JavaScript.
> - (-) Have to add a consent message as of the Cookie Law.
> - (+) Will be able to differentiate Tor Browser users going out through
>       the same exit node.

>
> In both cases, we can use the IP anonymization feature of Piwik on top
> of that (and delete the server logs for example).
>
>> IMO, counting people is overrated. The better questions are around why
>> people come and what they ask for and do. User vocabulary. Page views.
>> Search terms. You can learn a lot about those things without needing to
>> identify individuals.
>
> Right. My main concern about being able to differentiate visits was
> actually about being able to analyze what people do. Because if all the
> website activity of people using Tails appears as a single person, I'm
> afraid we won't be able to understand much about what they do from one
> page to another (on top of aggregate page views).
>
> But you now convinced me that even if both options won't be perfect in
> terms of identifying visits, they are both good enough. And given the
> Cookie Law we should probably go for option 1 (server logs and then
> delete them).
> _______________________________________________
> Tails-ux mailing list
> Tails-ux@???
> https://mailman.boum.org/listinfo/tails-ux