When I made my first web page, well over ten years ago, site statistics-gathering was limited to a very basic pageload counter (want to see "You are number 100 to visit this page"? Load the page and refresh 99 times; see also: how a college nerd spends his free time).
Now, however, site statistics-gathering has become much more sophisticated and elaborate. I have used SiteMeter for years to track my site's statistics, and I am able to know, for example, what search-engine search strings lead people to my web site, the entry and exit pages, duration of a visit, and what link a visitor clicks to leave my web site.
Unfortunately, it has come to my attention that SiteMeter is now pushing spyware browser cookies (specifically, the specificclick.net and variant tracking cookies) on unsuspecting visitors to members' web sites.
Therefore, I will be in the process of phasing out sitemeter, and in its place I am experimenting with both StatCounter and Google Analytics.
Bloggers are furious, and by all accounts are leaving sitemeter in droves. For the sitemeter-specificclick.net saga, see Eric Odom's coverage here, here, here, and here. See also Debbie's Blatherings, Progressive Gold, Phantom Scribbler, NetWizard (with follow-up), Small But Disorganized, and Geek News Central.
Thus far, SiteMeter's response has been one of damage control and implicit confession of the change, under the guise of a "feature" being passed on to SiteMeter member websites. To date, no response has been forthcoming on the company's official blog, but several email responses and blog comments have surfaced. The following is representative:
To be clear, SiteMeter fully vets out all potential 3rd parties that we work with to make sure that they are reputable companies that are completely above board and are industry leaders. In keeping with this, we did extensive due diligence on Specific Media and found them to be a trustworthy and reputable company. In fact, Specific Media is a board member of the Network Advertising Initiative (NAI) (one of 10 companies) which is tasked with the protection of consumer privacy on the Internet and related legislative issues. We found that Specific Media’s technology completely protects consumer privacy and also allows users to permanently opt out of the cookie if they so choose to do so via the NAI website, which was a big factor in us choosing Specific Media. In addition, many of the Internet’s biggest web publishers utilize Specific Media’s technology including Foxnews, CBS, NBC and Time.com. These companies utilize this technology in the same way that we are using it, to provide useful information about the users who visit their websites so that they can create relevant content on their websites. The only difference is that SiteMeter, which is primarily a free service, has licensed the technology and are passing it onto our customers.
The specificclick.net cookie is being inaccurately characterized as Spyware, as it is only a cookie and does NOT install any software. The specificclick.net cookie is NOT spyware. The specificclick.net cookie performs no such activities that can be construed as spyware. We cannot control the fact that anti-spyware software companies incorrectly mark cookies as spyware. However, the specificclick.net cookie IS a cookie that enables SiteMeter to accurately provide true unique user counts, user demographics, content interests, heat mapping and other useful information about your website’s visitors, see a full list here.
SiteMeter is a community driven company and we would never do anything that would compromise the integrity of our customers or their users’ privacy. All of our customers can opt out by requesting that we move them to a separate server that does not include the specificclick.net cookie or you can simply begin using the HTML version of our code which does not include the specificclick.net cookie. We have also posted a survey on our homepage where customers can vote if they think this type of information is useful. As previously stated, we are a community driven company, the SiteMeter community is what drives our innovation and development. We feel that this information will help our customers attract more users to their site and keep them engaged in relevant content offerings. If our customers vote on the site that they do not think that certain information is useful, then we will not provide that information.
We hope that clearly defines our use of the specificclick.net cookie and that SiteMeter has in no way sold out to Spyware, nor would we engage in any such activities. We are strictly committed to providing the best service to possible to our customers. We hope that this will help earn your trust and that we may be able to have you as a customer again.
Thus, sitemeter's response/defense is two-fold: 1) we're not doing anything wrong, because a third-party tracking cookie isn't "spyware" and doesn't compromise privacy, and 2) it's okay to use a tracking cookie because big-name websites use them and because we are providing a service/feature to our members. The former point uses semantics to avoid the issue, and the latter point is almost Orwellian in its spin.
First, on sitemeter's assertion that the specificclick.net cookie is not spyware:
The specificclick.net cookie is being inaccurately characterized as Spyware, as it is only a cookie and does NOT install any software. The specificclick.net cookie is NOT spyware. The specificclick.net cookie performs no such activities that can be construed as spyware.
This argument is purely semantic. According to strict definition, "spyware" refers to installed applications on one's computer, while a "cookie" is a snippet of HTML code contained in a web page served to a browser. Regardless, when the cookie in question is a third-party tracking cookie, the purpose of both spyware and the cookie is indistinguishable - to collect information about the user in question, to report that information, and to do so without disclosing its activity.
While third-party tracking cookies may not meet the strict definition of spyware, nevertheless, their purpose is considered to be an invasion of privacy equal to that of spyware. In the Web 2.0 website-as-application world of today, the argument that a tracking cookie doesn't meet the strict definition of "spyware" becomes ever weaker as the line between website and installed application becomes blurred almost to the point of imperceptibility.
On the company's assertion that their use of the specificclick.net cookie doesn't compromise security, sitemeter is on shaky ground at best with this claim. True, their use of the cookie conforms with their own privacy policy in that the cookie doesn't collect any personally identifiable information, as defined by that policy:
Site Meter may from time to time also authorize and facilitate the use of cookies from trusted third party business partners to gather and aggregate additional, anonymous, and non-Personal Information data from general internet visitors for the purpose of providing our customers with additional information about their viewing audience.
I challenge this assertion on at least two counts: 1) the nature of the information gathered by the specificclick cookie can be considered personal information, and 2) sitemeter cannot guarantee or ensure that such information cannot be correlated with truly personally identifiable information; therefore, this information cannot be guaranteed to be anonymous.
Sitemeter details what information is collected by this cookie when the company touts what information will be available to members due to use of the cookie. This information includes (but is not necessarily limited to) demographic information and information about visitors' interests. (Note that Specific Media advertises that it provides - or will soon provide - such information as age/gender/income/education demographic information, behavioral information, and country/state/DMA/city/ZIP geographic information. Many - if not most - people would consider such information to be personal, even if, without correlating information, it is not explicitly "personally identifiable."
First-party cookies can gather quite a bit of information; however, this information is limited to what is gathered/used on the site in question. It cannot be correlated with a visitor's other information gathered/used on a different web site. Therefore, the user in question has a reasonable expectation that he will remain as anonymous on any given web site as the information explicitly given to that site.
However, with third-party cookies, the same user has no such expectation of anonymity. Since multiple web sites can use the same cookie, the information gathered by that cookie on one web site can be correlated with the information gathered by that cookie on a different web site. This information can all be maintained in a database, resulting in a complete loss of anonymity across all sites. Consider the "big name" web sites using the specificclick cookie, indicated in sitemeter's response above:
In addition, many of the Internet’s biggest web publishers utilize Specific Media’s technology including Foxnews, CBS, NBC and Time.com.
Note that most/all of these web sites utilize some form of registration process that gathers a great deal of demographic and personally identifying information (including name, address, phone number, etc.), and realize that every site that you visit that uses this cookie now potentially has access to this information.
Therefore, sitemeter implicitly violates its own privacy policy, since it cannot ensure that it does not gather or use information about web site visitors that is not anonymous and non-personal.
On sitemeter's latter contention that the use of the specificclick cookie is an added "feature" for members:
These companies utilize this technology in the same way that we are using it, to provide useful information about the users who visit their websites so that they can create relevant content on their websites. The only difference is that SiteMeter, which is primarily a free service, has licensed the technology and are passing it onto our customers.
Instituting the use of a third-party tracking cookie on my web site and without my knowledge or consent, thereby making me an unwitting accomplice in the invasion of the privacy of visitors to my web site, is not something I consider a "feature" or an "added benefit" to my use of the sitemeter service. If this addition were such a beneficial added feature, why were sitemeter members not made aware of the specific nature of this "feature" prior to its implementation? Why is any reference to Specific Media in particular, or third-party tracking cookies in general, conspicuously absent from the sitemeter blog, privacy policy, and general correspondence with the company's users?
I do not buy sitemeter's justification for the use of third-party tracking cookies, and I cannot in good conscience partner with a company with either such a lack of understanding of the issues of internet security and privacy, or else such a lack of respect for the privacy rights of visitors to my web site and also such disregard for the trust relationship between those visitors and me.
The change will mean a loss of two years' worth of statistical information on the web site, but it will also mean that I will no longer be an unwitting pawn in the invastion of my site visitors' privacy.
Thanks, Richard from GoStats, for your clarifying email. P.S. - to the GoStats people who are comment-spamming every other sitemeter-related blog post in the 'sphere: please refrain from doing so here. This post is not an open invitation for you to advertise, especially when doing so under the surreptitious guise of a non-affiliated blogger/commenter. Thanks.
Thanks for thr trackback and thanks also for your assiduous research, it’s answered some questions I still had.
It’s a philosphical and political issue for me: when anything can be broken down into patterns of information to be traded, who actually owns us? Are our thoughts the property of information traders or ourselves?
I think that the whole issue of identity ownership – especially as it relates to our internet identity, persona, and activities – is in its infancy, and much remains to be defined.
I don’t know what rights, if any, I should have to my internet surfing patterns and other personal information of interest to advertisers (or others) – but I do know that I will err on the side of the right of the individual to control his identity and to protect his privacy.
I’m glad I don’t use sitemeter anymore after reading this. I’ve been using http://www.histats.com and so far have loved it!
Oh.. did you see that we are having a low-carb meet up in September here in St. Louis? We’d love you to be there if you can.
I LOVE Statcounter and have used them from the start with only one problem in two years (the site was down for two days). Other than that hiccup, all has been GREAT! Another one that is super is http://www.OneStat.com.
Hey Sparky’s Girl, hook me up with the low-carb meet-up info, and we’ll do our best to be there!
Thanks for stopping by, Jimmy! The sad thing about sitemeter is, I really liked the service, and I liked the way the information was presented. But, now I’m trying out three new services, and I’m sure at least one of them will work just fine for my needs. Thanks for the tip on OneStat; I’ll check it out!
Hi Chip! The meet-up will be Saturday, July 21st at 12:00 pm, Ryan’s Steakhouse, 3579 Pennridge Drive in Bridgeton. We should have a great time! You can read details of who all may be there, etc. at St. Louis Low Carb meet-Up
As a user, I often run spyware cleaners, and always delete all tracking cookies. I have never consented to be tracked, and regard them as abuses of trust.