Q&A: Simple Analytics’ Adriaan van Rossum – Digital Privacy News (archive)

‘Analytics Is Basically a Knife’

By Jackson Chen

Google Analytics may be one of the most popular analytics platforms, but Adriaan van Rossum felt it was far from being the best.

Van Rossum, who created a privacy-friendly alternative called Simple Analytics, believes analytics platforms do not need to track cookies while still providing essential visitor data.

With more users concerned with how their data is being used and with governments passing laws on how companies can gather peoples’ online history, van Rossum told Digital Privacy News that not all analytics tools should be invasive.

Why did you start Simple Analytics?

I wanted to see if people were actually interested and willing to pay for a service that didn’t give them all the data they were used to in Google Analytics, but some of the data while keeping the privacy of the visitor in mind.

And a lot of people want to use it in that way.

Isn’t analytics in general somewhat invasive for users?

As a website owner, you need to have some idea on how many people visit your website.

If you don’t collect any data at all, you can’t really run your business well.

With analytics, there are certain gray zones with stuff you can do by law in some countries. There’s also the green zone and the red zone.

If you stay in the green zone, there’s still a lot of value that you can add to a website and where the end-user or visitor doesn’t have any negative impact from that service.

That’s where Simple Analytics wants to be and is at the moment.

Where does Simple Analytics draw the line on what’s too invasive?

For us, a very clear wall is the cookie.

We don’t ever want to set the cookie and all similar technologies.

That’s definitely a hard line — and we’re not going to cross that.

What makes cookies so bad?

If you set a cookie, then you need a cookie banner — so, then, you’re adding some extra requirements onto the website owner.

They have to go through a legal team and add the whole thing — and they don’t really want to do that.

Also, there are ways you can use a cookie in a privacy-friendly way.

For example, you can set a cookie for seven days, saying in the cookie that this visitor already visited this website — and within the seven days, you know this person is not a unique visitor.

After seven days, the cookie is reset or thrown away.

There’s extra information from the user without being privacy-invasive, because you just know that this is a non-unique user.

Do you think the Simple Analytics model will set a new precedent and change the view of analytics?

There’s one thing still very wrong in analytics-land: Between the website owner and the website visitor, there’s usually a party in between, which is the marketing role of the company.

The marketing role of the company has the same mission: to collect as much data from the user, so they can target their marketing way-better at the user or visitor.

That comes with a few problems, because if they really want to use Google Analytics to track as much as possible — but the visitor doesn’t want to be tracked — there’s a miscommunication or, at least, a mis-interest.

That’s where it goes wrong with traditional companies and with the marketeers that really want to use all the data.

Is the industry shifting towards being less data-hungry?

There is, indeed, a movement coming where marketeers make decisions on less data.

This market will grow in the future big time, because we have certain laws in place that will change the behavior of the marketeers.

But there’s also an incentive coming for the marketeers to find a way to still get the limited data in a legal way.

Is there a better way to inform visitors about how a site gathers analytics?

There’s some research that if you implement cookie banners correctly — which means you have checkboxes that are not pre-checked, a button that says cancel them all and stuff like that — then there’s around 0.1% that says OK and allows those cookies.

Where do big companies get it wrong when it comes to analytics?

It’s all about the defaults.

That’s the most important privacy thing that’s out there: whatever a business has as defaults.

If it’s default to set cookies, if it’s default to get all the IP addresses from users, that’s where you have a good business or not.

What are some of the bad practices of the analytics industry?

If you as a company will lie about a certain data leak, and there’s proof, that’s very bad — and it doesn’t build any trust at all.

It’s very hard to trust a company that lies to you.

Then, all the other stuff they promise in their terms becomes a little vague.

They say they don’t do it, but they might do it.

The same happens with Facebook, which is also quite eager to collect data.

Maybe your email address ends up on their server — and they said they wouldn’t do that.

That’s a major thing where they cross the line.

How does analytics tie into how users interact with the internet through algorithms, targeted ads and similar technologies?

For me, it’s weird — but I care about privacy, so I’m pretty clear on the spectrum of privacy versus data-collecting.

It’s weird — because it’s, basically, a black box of power: You don’t know what you’re going to end up doing with it — and you are collecting a lot of information that, maybe it’s not valuable now, but it could be valuable later.

People are more annoyed with the targeted advertisements than not being annoyed.

I hear from friends all the time that they were searching for whatever shoe — and now, they’re haunted on the internet with this shoe.

I understand it from a data perspective and a money perspective — but if your goal is to make money over the privacy of individuals, you have a bad and unethical business model.

Like with analytics: Analytics is basically a knife.

You can use it for cutting your food, which is great, but you can also use it to stab people.

So, there’s two sides to it.

Jackson Chen is a writer based in Groton, Conn.