As many of us have said, it's fine to analyse server logs. Also, you have the burden of proof backwards. Why do you think it's ok to hide spying on what people do with your content. Again, at best this makes you a creepy/nosy neighbour. The book author gets to know that they sold a book, not how long it took you to read it.
You could consider this similar to the concept of "1st sale" - once you hand over data, it's the other parties business - and not yours - what they do with it. If you want further control over what the recipient does with your stuff, negotiate that up front in a contract. I recommended against that, because aggregation is dangerous.
As for 3rd parties, you know very well that "analytics" meas "google-analytics" to most people. Besides, one of my points was that you, an independent 3rd part, building up a database of what people have been reading is an attractive nuisance to governments with national security letters about PRISM. You are also creating a moral hazard where you will be tempted to sell that data, which has been the "monitizing" method of choice for a while now.
Are you saying you are not going to create any additional risk for your customers? That you won't misuse that data? (even though it is impossible to predict what "misuse" is) That you wouldn't sell your the list of what people have been reading to the government or an insurance company? Are you saying that you are willing to pull a LavaBit and shutdown your company and face whatever charges the government throws at you for doing so to prevent that data from leaking out? What about your security - data exfiltration is common.
No, you're not. Obviously. I wouldn't believe you even if you said yes. So the way to prevent this kind of risk is to make sure that the violations of personal privacy didn't happen in the first place.
Unfortunately, your salary probably depends on one a surveillance business model, so there it is unlikely that I will be able to convince you of much in this area.
// clearly you didn't watch that talk that I linked to...
[script]
Now that you have finished reading this comment, please reply with how long it took you to read, your current IP address, your browser's USER_AGENT (and any other interesting HTTP headers). You should have no problem doing so, as that is exactly what you're doing to others with analytics.
> Besides, one of my points was that you, an independent 3rd part, building up a database of what people have been reading is an attractive nuisance to governments with national security letters about PRISM.
I am not a third party. In no world is the person who actually gave you the content a third party.
When you're on my website, you're in my theater. In my store. The idea that you shouldn't be monitored while doing so is ridiculous. A store owner doesn't need to negotiate a contract with everyone who visits to put up a camera.
[response]
I spent approximately 2 minutes considering your comment and opened it twice.
My current IP address is 108.30.103.76.
Here are the headers you requested:
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8
cache-control:no-cache
pragma:no-cache
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36
x-ua-device:tablet-ipad
> When you're on my website, you're in my theater. In my store. The idea that you shouldn't be monitored while doing so is ridiculous. A store owner doesn't need to negotiate a contract with everyone who visits to put up a camera.
That's a ridiculous analogy. I own the computer your content is being displayed on. I am not in your store--you are in my home.
You are like a traveling magazine salesman. I open my front door and you offer me a magazine sample. If I take it from your hand, close the door, and sit down to read it in my home, you are not authorized to come in through the back door and watch me, or walk through my yard and spy on me through a window. And do not complain if I put up curtains that prevent you from watching through binoculars from across the street. You are not entitled to access the inside of my home.
The model you propose is akin to a bait-and-switch. "Hey, want some free content? Great, enjoy! What, you want privacy in your home? Hey, you took the content, so I'm entitled to do whatever it takes to observe you consuming it." If you are not content with my having taken the content you offered, then do not offer it.
You could consider this similar to the concept of "1st sale" - once you hand over data, it's the other parties business - and not yours - what they do with it. If you want further control over what the recipient does with your stuff, negotiate that up front in a contract. I recommended against that, because aggregation is dangerous.
As for 3rd parties, you know very well that "analytics" meas "google-analytics" to most people. Besides, one of my points was that you, an independent 3rd part, building up a database of what people have been reading is an attractive nuisance to governments with national security letters about PRISM. You are also creating a moral hazard where you will be tempted to sell that data, which has been the "monitizing" method of choice for a while now.
Are you saying you are not going to create any additional risk for your customers? That you won't misuse that data? (even though it is impossible to predict what "misuse" is) That you wouldn't sell your the list of what people have been reading to the government or an insurance company? Are you saying that you are willing to pull a LavaBit and shutdown your company and face whatever charges the government throws at you for doing so to prevent that data from leaking out? What about your security - data exfiltration is common.
No, you're not. Obviously. I wouldn't believe you even if you said yes. So the way to prevent this kind of risk is to make sure that the violations of personal privacy didn't happen in the first place.
Unfortunately, your salary probably depends on one a surveillance business model, so there it is unlikely that I will be able to convince you of much in this area.
// clearly you didn't watch that talk that I linked to...
[script]
Now that you have finished reading this comment, please reply with how long it took you to read, your current IP address, your browser's USER_AGENT (and any other interesting HTTP headers). You should have no problem doing so, as that is exactly what you're doing to others with analytics.
[/script]