Sharing Google Analytics data with Google - & how to disable data sharing

Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 简体中文

The EU cookie law means all bloggers and websites have to be careful about cookies etc saved via their blogs or sites, even for personal rather than commerical blogs. I'll be blogging more about that soon, but that's the reason why I've got big Cookie and Privacy Policy links all over my blog now.

One issue that the cookie law doesn't specifically tackle, which I think is more important for privacy in practice, is one point about Google Analytics which, let's face it, is used by most or at least a vast number of blogs and sites.

The point is this. When a site adds Google Analytics code to its webpages, it's enabling Google to set cookies on the machines of the site's users, through which Google collects information about the users' browsing. Of course, the reason the site does this is so to enable it to view and analyse the metrics and statistics collected for it by Google, and Google provide some excellent analytics tools, reports and visualisations etc for that, all for free.

But the side effect of this is that Google gets the collected information too. It stores it on its own servers, and is able to use it - if you share it with Google. This data sharing is turned on by default. You have to take active steps to turn it off, if you don't want to share your Analytics data with Google (I'll explain how below).

Shouldn't whether a site shares analytics data with Google be more important than whether it uses cookies? Yes, we may all wonder that. For those who care more about controlling data usage than limting the mechanics of storing or retrieving, well, everything, here's the lowdown on Analytics data sharing.

Google Analytics data sharing

When you go to your Analytics settings there's a page (on which more below) all about "data sharing". The info on Google Analytics privacy is scattered around. Here are a few links (if anyone finds any I've missed please let me know):

• Analytics privacy overview
• Another, slightly different, page - Google Analytics privacy
• How to disable tracking on your site (needs coding experience!)
• Data sharing overview
• Analytics data sharing FAQs

What can Google do with your Analytics data?

The FAQs say:

What will Google do with my data?

Shared data will be used to improve the services we provide you and will help create more powerful features for you to choose from. As they become available, only those who share their data with Google will gain access to these services and features (e.g. benchmarking and an enhanced version of AdWords Conversion Optimizer). The DoubleClick Ad Planner Publisher Center will also offer greater insight to the customers who have opted in to share their data in Analytics and Ad Planner.

As for data sharing specifics:

What does it mean to share my Google Analytics data anonymously with Google and others?

If you only choose the anonymous data sharing option, Google will remove all identifiable information about your website, then combine that data with hundreds of other anonymous sites in comparable industries and report them in an aggregate form. Google will use this anonymous data to improve products and services and provide you with a benchmarking report.

What does it mean to share my Google Analytics data with Google products only?

If you choose to share your site's data, Google will use the data to improve the products and services we provide you. Additionally, only users who have opted to share their site's data with Google may use these new or improved services.

There's a bit more detail once you get to your Analytics settings data sharing page (on which more below). There are two types of sharing you can disable or enable:

1. With other Google products only optional

Enable enhanced ad features and an improved experience with AdWords, AdSense and other Google products by sharing your website's Google Analytics data with other Google services. Only Google services (no third parties) will be able to access your data.

Example Use:Google Conversion Optimizer

If you are an AdWords customer, selecting this option will allow you to use Conversion Optimizer once it is available, with the following key benefits:

- Meet your ROI objectives by automatically managing your bids according to maximum CPA goals.

- Minimize your conversion costs while saving your time.

2. Anonymously with Google and others optional

Enable benchmarking by sharing your website data in an anonymous form. Google will remove all identifiable information about your website, combine the data with hundreds of other anonymous sites in comparable industries and report aggregate trends in the benchmarking service.

Example Use: Google Analytics Industry Benchmarking

- Use Benchmarking to compare your site's performance with those of other websites in your industry.

- Pinpoint performance problems and estimate how much you can improve your site metrics.

How to disable Google Analytics data sharing

The data sharing overview says "Data sharing settings may be edited on the Account Settings page."

The trick is to get to that Account Settings page. After hours, OK certainly tens of minutes, of clicking around, I found it. It's the hardest settings page to find that I've ever had to deal with, I won't venture to suggest why…

So here's how to find the Account Settings page for data sharing (should work until Google changes it!).

1. Log in to Google Analytics. You'll see something like this (but with your sites listed rather than mine, of course).
   
   
   
2. UPDATE: there's an alternative, you can just click the Accounts tab on the right, then drill down on the page itself by clicking each account/sub-site etc if necessary, until you can see the Account Settings tab shown in step 7.
   Click the + against your site's name.
   
   
   
   
3. Click the + against the "UA-whatever" link under that.
   
4. Just keep going on the + signs till you've expanded it all, to find the site you want to change settings for.
   
   
   
5. Click the site's name, under all that (in my case, it's ACE). You'll see something like what's below. On the right, click Admin.
   
   
   
6. Now after "All Accounts >", along the top (ish), click the name of your site, the one where you want to disable sharing.
   
   
   
7. Finally, click Account Settings.
   
   
   
8. You're there at the Data Sharing settings page!
   
   
   
9. Here you can UNtick either or both of the data sharing options. Then click Apply, and that's it.

The cynical might ask, how do you really know whether Google are in fact honouring that setting, if you disable sharing?

Well, you don't know, you'll just have to take on trust - but at least you've done the best you can, and hopefully that will make your use of Analytics more defensible from a cookie law viewpoint.

Internet Explorer cookie contents - the new format analysed

Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 简体中文

Microsoft changed the way that Internet Explorer cookie files work and randomised cookie filenames, for security reasons; the cookie text files now have random names which don't indicate the name of the website that saved the cookie, and you have to open up each cookie file individually to check what that is.

However, you can still view the contents of all your IE cookies, unmangled, by exporting your cookies to a single cookies.txt file. Then if you open up that cookies.txt file, you can see the cookie info, in a much more comprehensible, intelligible user-friendly format, eg:

Webtrends seems to be used by Microsoft for recording web visitor analytics & statistics info.

I compared the contents of a couple of the new cookies against the cookies.txt versions to try to figure out how they work. I found that if you copy and paste the text from the cookie file into something else (eg a new text document), the info is broken up into separate lines (ie there's hidden new lines to separate the different components of the info).

For example, the contents of a Twitter cookie file named J0R4GWEF.txt, which like the other contents of cookies appeared to run continuously on in the txt file, was split up like this:

guest_id
v1%3A131542058071389408
twitter.com/
214748475215010693123032155316242192030174605*

The cookies.txt equivalent of that was:

twitter.com TRUE / FALSE 1378897943 guest_id v1%3A131542058071389408

So that helps to figure out the new format of the cookie file. The elements seem to be in this order:

1. variable name (eg "guest_id")
   
2. variable value (eg "v1%3A131542058071389408") - the equivalent of the old "guest_id=v1%3A131542058071389408"
3. domain name (ie the website which set the cookie, eg "twitter.com/")
4. something I haven't figured out yet (in the example above, it's "214748475215010693123032155316242192030174605") - but it must convert to the expiration date for the variable (ie 1378897943 in the example above), which traditionally is the number of seconds since 1 Jan 1970, and shows up as the "proper" figure in the cookies.txt version. Maybe this long figure also contains other info about the cookie file
5. * symbol - which marks the end of this variable, and the start of the next variable set by the website, whose name etc follow in the same order.
   

I worked out the purpose of the * from looking at a single Google cookie file, for example these contents, of a single txt file:

PREF
ID=15025770280c4f56:U=8cbfd7d77ff8ecf4:FF=0:TM=1315398473:LM=1315408615:S=zAzaJeJ5lq1Y-EEk
google.com/
1536
521981312
30321428
744646208
30174577
*
NID
50=IVMzsW2RssDmmdt21XYqM-m6GMBe731GqCispetEG495dEdHdl_tlLqIv8h8tINpCg1kI2lgsAgLheW-TVQzbGoBoiHfBjSJuhOPJSEfWVNTw-H-_Nt16tyNCyIL2zCf
google.com/
9728
2103298560
30211390
722926208
30174577
*

- showed up in the cookies.txt file as this:

google.com TRUE / FALSE 1378844158 PREF ID=15025770280c4f56:U=8cbfd7d77ff8ecf4:FF=0:TM=1315398473:LM=1315408615:S=zAzaJeJ5lq1Y-EEk

google.com TRUE / FALSE 1331583355 NID 50=IVMzsW2RssDmmdt21XYqM-m6GMBe731GqCispetEG495dEdHdl_tlLqIv8h8tINpCg1kI2lgsAgLheW-TVQzbGoBoiHfBjSJuhOPJSEfWVNTw-H-_Nt16tyNCyIL2zCf

Final example, from a Facebook cookie:

eLlnTol8k9yayreWIGxF-h6m
facebook.com/
2147492864
3767864320
30321455
3978419216
30174604
*
translates to:

facebook.com TRUE / FALSE 1378856079 datr eLlnTol8k9yayreWIGxF-h6m
datr

I've not yet worked out how the name of the cookie text file relates to anything in its contents (which no doubt is part of the purpose of the security fix!), so you still can't tell which file was set by which site without opening up each file. The order of info in the cookies.txt document doesn't match the order of the dates that the cookies were created or modified, and they're not in alphabetical order of domain name either. But at least it's possible to check out all the contents of all cookie files at once.

Internet Explorer cookie names change

Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 简体中文

Worried that your cookie filenames have changed to incomprehensible random strings of letters and numbers? No need. Microsoft has, for security reasons, changed the way IE cookies are named. This is to improve security and reduce "cookiejacking", addressing one way in which attackers might be able to access your cookies (which could include your login information etc).

Side effects: some apps depending on the old cookies names system broke, eg CCleaner and WinPatrol. Also, it's now harder for users to figure out which cookies were set by which websites, as you can't tell the website name from the cookie name anymore. You have to open up the cookie file to check.

However, other browsers like Firefox aren't affected by the change - it's Internet Explorer only.

Old cookie names structure

Internet Explorer cookies used to have filenames with the structure: yourcomputerloginname@partialdomainname.txt eg johnsmith@microsoft.txt (or johnsmith@msdn.microsoft[2].txt etc).

IE cookies are typically located in your AppData\Roaming\Microsoft\Windows\Cookies folder (to find the AppData folder, click Start, in the search box type "appdata" without the quotes and hit Enter. If that doesn't work try "%AppData%" again without the quotes which may go straight to the "Roaming" subfolder).

The security hole, and update

However, in August Microsoft released a Cumulative Security Update for Internet Explorer (2559049) which (according to Microsoft Security Bulletin MS11-057) addresses a "Drag and Drop Information Disclosure Vulnerability CVE-2011-2383" which existed because IE (all versions) didn't properly restrict access to store cookie files.

In more detail for the techies, before the update Internet Explorer did not "properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue".

This vulnerability meant that "An attacker who exploited the vulnerability when a user views a Web page and performs a drag-and-drop operation could gain access to cookie files stored in the local machine."

What the security fix changes

To fix the vulnerability, this update modified how Internet Explorer accesses locally stored cookies, and how it manages cookie files. These changes included changing how Internet Explorer sets file names for cookies, to help make cookie file names less predictable.

Reportedly this change has been seen in several Windows operating systems, ie XP, Vista and Windows 7, and several versions of Internet Explorer including IE8 and IE9 (which would make sense as Microsoft's info says the vulnerability affects Internet Explorer 9 and previous versions).

A Microsoft blog explained the change - see the "Cookie Filenames are Randomized" heading. It's now harder for attackers to guess the location of a particular cookie as IE cookie files are now named "using a randomly-generated alphanumeric string. Cookies are not instantly renamed on [the security] upgrade, but are instead renamed as soon as any update to the cookie’s data occurs."

Consequences of the cookie name change

Now, cookie names look like this:

As mentioned earlier, certain software depending on the old system doesn't work anymore, and will have to be tweaked.

From the viewpoint of those protective of their privacy, while you can't see the website's name from looking at the cookie filename, you can still see it if you open up the cookie in Notepad or other text editor.

For example, here's the contents of cookies saved by Microsoft when I visited and then re-visited their webpage about the cookie change. You can see "microsoft" in there:

And here's the contents of a cookie saved by Google when I searched for info on the cookie change using the search box in Internet Explorer. Again, you can see "google.com" in there, although the filename is now "25Z1H29G.txt", and no longer mylogin@google.txt:

For more details of how it seems to work behind the scenes, I've done a separate blog post on how to view the contents of your Internet Explorer cookies in a more user-friendly way.