openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus (OOo)" <>
Subject Re: [WWW] Web analytics
Date Fri, 12 Aug 2011 23:01:59 GMT
Am 08/13/2011 12:30 AM, schrieb Rob Weir:
> On Fri, Aug 12, 2011 at 5:48 PM, Marcus (OOo)<>  wrote:
>> Am 08/12/2011 10:42 PM, schrieb Rob Weir:
>>> On Fri, Aug 12, 2011 at 4:14 PM, Eike Rathke<>    wrote:
>>>> Hi Rob,
>>>> On Friday, 2011-08-12 13:29:00 -0400, Rob Weir wrote:
>>>>>> Before taking that step, it's worth asking if the project actually
>>>>>> has a need for web analytics yet. They were included on OO.o site
>>>>>> mainly because Sun was using the data as part of its business
>>>>>> metrics. It's not obvious that the same need exists in AOOo.
>>>>> I think it is an essential tool to optimizing the web experience for
>>>>> our visitors.  It is part of a feedback loop where we look at the
>>>>> traffic stats, how our website is actually being used, the
>>>>> demographics of the visitors, etc., and then iteratively improve the
>>>>> website to make it more useful.
>>>> So first question is: analytics yes or no, which affects also the
>>>> Privacy Policy.
>>>>> On the question of Piwik (open source, used, for example by
>>>>> LibreOffice) versus Google Analytics,  I'm very familiar with Google,
>>>>> so I could help more there.  But I don't have an informed opinion on
>>>>> the virtues of each.  I've never heard of Piwik until today.
>>>> The big difference is that with Piwik the data collected stays inhouse
>>>> at Apache, whereas with Google it goes to Google that does whatever you
>>>> don't know. This again implies that at Apache measures must be taken to
>>>> protect the privacy of collected data. The German "Landeszentrum für
>>>> Datenschutz Schleswig-Holstein" (center of data protection) has a few
>>>> documents about tracking [1], unfortunately only in German, why Google
>>>> Analytics doesn't comply with the German data protection law [2] and how
>>>> Piwik can be configured to be used in compliance with the law [3].
>>> Does this law matter if the servers are hosted in the US, not in
>>> Germany?  (I'm assuming that the Apache servers are in the US).
>> No, but it not a secret that the protection of private data is, hm, not the
>> best in the US compared with other. So, why stick with this?
> Remember, even if we used Piwik, the data would be in the US.  All
> user accounts for Apache, all wiki accounts, all mailing lists
> subscription data, etc., is in the US.  We have a jurisdiction.

So, it's in our hands to protect them and don't have to trust others 

> As you know trying to comply with the laws of every country is nearly
> impossible.  If we try to do that, then we'll immediately run into

That's not the point. Of course we cannot follow every law as you also 
cannot satisfy everybody's favorite feature. But we could go with a law 
that has a great protection.

> problems, like the status of Taiwan (Chinese Formosa), which has come
> up previously:

Could be easily solved when using the term "Chinese (Taiwan)" or better 
"Taiwanese". But this doesn't matter here.

>>> Storing the data ourselves is a double-edged sword.  If we store it,
>>> then we are responsible for any problems with that data.
>> I don't think that would be more difficult than what Apache is storing
>> anyway (mail addresses, user names, passwords). I don't think that we would
>> be interested in IP addresses, postal addresses, etc.
> Any web analytics package is going to track IP address and store a
> cookie.  That is how it knows what country you are from and whether
> you are a new or a returning user.

But there is a difference if you track and analyze the IP address (e.g., 
via a GeoIP library) but store only the country or if you store the 
whole IP address. ;-)

> I agree that it is not much more difficult.  If we use Google, then we
> need to secure and control access to the login for Google Analytics.
> If we use Piwik then we need to control access there.  And if we just
> use web logs and run reports on those, then we need to control access
> to the raw http logs.

Yes, so we should discuss this in more details and should really decide 
on concensus.

> For any of these options, we'll have some information that we need to
> keep secure.   The PPMC has the ability to do this, via a private area
> in SVN.
>> The main part would be to know the user's browser data (OS, language,
>> browser app and version). For me no special data that should get special
>> treated.
>>> Google states what they can do with the data, but it is rather broad,
>>> as you know.
>> When you are really concerned about protection of private data, then you
>> wouldn't use Google Analytics. ;-)
> Or you would disable cookies and Javascript from your browser, right?

Maybe. But I doubt that it would give you a real protection against 
analytics methods.

> Actually, that is a great goal for this project:  We should try to
> make sure that our website, downloads, etc., all work, even if
> Javascript and cookies are disabled.  This is a good thing for
> accessibility as well.

That's what we've already done on the old project.

>>>> [1]
>>>> [2]
>>>> [3]
>>>>   Eike
>> Marcus


View raw message