Or, how not to leak crime victims’ data to an advertising company
Several websites exist for the purpose of reporting crime anonymously. Crimestoppers-uk.org, Fearless.org, Integrity Line, and AskListenRespect.co.uk (which I wrote about before. All emphasize that users can “report crime anonymously”. That is not entirely truthful.
Each of these sites silently connect you to one or more web services operated by Google which is an advertising company. It is in my opinion unethical because it requires visitors trust Google to handle personally identifying data responsibly. That is a big mistake.
I trust Crimestoppers and I trust the States of Jersey Police with sensitive data. These are both responsible organisations with a good history of serving the public. I do not trust Google, and I urge Crimestoppers and the police to stop this practice. It is easy to avoid by hosting the data themselves.
Before you decide whether you should trust these services you should learn a tiny bit about how websites work. It is probably easiest to draw an analogy with the telephone system. When you connect to a website you might assume this is like making a call to a single telephone number. Many sites still work that way but this is changing. Imagine you called a friend to ask a question and your friend didn’t have an answer, but someone from Google was listening in and suddenly spoke the answer. It would be nice to have that little bit of data injected into the conversation but it is unlikely most people would be comfortable with that scenario.
Many websites use resources from Google and others for basic functionality. For example, I use something called a CDN or “content delivery network” which loads resources from another company to help style this website. It speeds up page load time and alleviates the need to load the same tools from each website individually. This is standard practice nowadays and the crime reporting sites are doing something similar too. It is easy to check for yourself by pressing Ctrl+U in Firefox or Chrome (probably Command+U on a Mac?) and viewing the page source. Scroll down and look for something like this:
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-9236826-1']);
_gaq.push(['_setDomainName', '.crimestoppers-uk.org']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<!--[if lt IE 9]>
<script src="//css3-mediaqueries-js.googlecode.com/files/css3-mediaqueries.js"></script>
<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->There is nothing wrong with this in principle. Someone has to pay for all the cool stuff Google are providing. For many sites this is a great solution. Sites targeting rape victims and soliciting “anonymous” crime reports must be held to a higher standard.
There are a number of easy work-arounds that allow fast page loads, plus measuring visitor traffic, that do not leak data to a third party. The simplest is to just host the data yourself. That’s what I do. In addition, I do my own traffic monitoring using the free and open-source Piwik Analytics. That data resides on my server and is not shared with advertisers. DigitalOcean even have a dead-simple tutorial on how to set up an inexpensive cloud server running Piwik. This being Digital Jersey, we must have a hundred or more people on-island right now who could make that happen.
Who visits my website is nobody else’s business. I even go so far as to pay for an SSL certificate to allow HTTPS access. It doesn’t cost much but I am privacy conscious and so provide this additional service to readers.
I just tested the “give information anonymously” link at fearless.org and got this warning:
That is unacceptable. I know they can do better. I have written the police and Crimestoppers and still see tracking code after two months. Now they have let their SSL certificate expire. Next it is over to you. Do contact Crimestoppers and the States of Jersey Police if you feel the same way. The fix for this is to raise awareness and to educate the public and the police.
The current position of the States of Jersey Police:
I can confirm that we do use the Google Analytics tracking code on both the Ask Listen Respect website and Corporate website at www.jersey.police.uk. These tracking codes have been intentionally put in place to allow States of Jersey Police to monitor the effectiveness of our online campaigns and plan for future website requirements, and we’ve found Google Analytics to be the most effective tool for obtaining these metrics. The statistics also provide us with an essential insight into any potential threat of this kind of offending in Jersey. We acknowledge there may be a perceived privacy issue with respect to Google Analytics but can confirm that the data obtained by States of Jersey Police through Google Analytics is anonymous, in that we are unable to obtain any personally identifiable information from these statistics. Further details can be found in our privacy policy at http://www.jersey.police.uk/Pages/Privacy-policy.aspx. It is not our policy to go into further technical detail on this matter.
(later…)
We agree with you that this is a very important campaign and whereas we are comfortable with our position re Google analytics we have removed it from the site so that potential victims will have no doubts that their information will not be seen by anyone but officers here, We hope that alleviates your concerns.
The current position of Crimestoppers:
Thanks for getting in touch. I can assure you that our use of Google Analytics and tracking codes is solely to provide us with geo-demographic information only, and no recording or retention of IP addresses is carried out in this process. Our anonymous giving information service is at the heart of our operations and our service to the public and we take the utmost care to maintain the anonymity of anyone who visits our sites and we carry out regular penetration testing to support this.
Neither address my primary concern that requiring crime victims to trust Google with sensitive data is a mistake. Neither recognise that Google Analytics are not the only page resource being loaded onto visitors computers when they visit.