i'm currently pitching some website development. The majority of this site is behind a paywall (meaning users must pay subscription to view the content). There is much talk about google analytics being used. I can't help but wonder a few things about this:

1) does google analytics function correctly behind a paywall -- i.e., when a session is required for viewing?

2) Does this present any kind of security problems?

I'm imagining that the google analytics script will most definitely load if embedded in a paywalled page. I'm also imagining that such a script could easily parse the content of that page and deliver it to google. Any thoughts on this matter are welcome.

    1) The Google Analytics js sends a request containing the data to be logged to Google's servers. Analytics won't be able to verify that the original page request is genuine (because it can't access it for itself), but it can still log that data.
    2) That depends on the data submitted in the above request.
    The Google Analytics site should have more precise info.

    If you do have security concerns it might be that Urchin (the predecessor to Analytics) would be closer to what you want, since that it hosted on your own server. But that costs.

      Thanks weedpacket.

      Weedpacket;10942943 wrote:

      1) The Google Analytics js sends a request containing the data to be logged to Google's servers. Analytics won't be able to verify that the original page request is genuine (because it can't access it for itself), but it can still log that data.

      I'm wondering if trans-sid or the session id being in the requested url might change that?

      Weedpacket;10942943 wrote:

      2) That depends on the data submitted in the above request.
      The Google Analytics site should have more precise info.

      If you do have security concerns it might be that Urchin (the predecessor to Analytics) would be closer to what you want, since that it hosted on your own server. But that costs.

      I suppose I'll need to go find exactly what GA sends. No interest in Urchin, just want to be informed for the next concall. FYI, I believe this is from the GA terms of service:

      Google will not share information associated with You or your Site with any third parties unless Google (i) has Your consent; (ii) concludes that it is required by law or has a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of Google, its users or the public; or (iii) provides such information in certain limited circumstances to third parties to carry out tasks on Google's behalf (e.g., billing or data storage) with strict restrictions that prevent the data from being used or shared except as directed by Google

        sneakyimp wrote:

        I'm wondering if trans-sid or the session id being in the requested url might change that?

        It can; according to the website you can tell Analytics to ignore it.

          Write a Reply...