Which brings me to the point of all this. Last March Google announced it was acquiring a small firm named Urchin Software Corporation, a San Diego-based company that provided software to help businesses analyze their Web traffic. Web analytics is a big business. There are a half-dozen major players that offer hosted services or installable packages that allow users to analyze Web traffic patterns and trends on their Web sites. Most businesses have Web sites for one reason–to generate revenue–and they need to know just how their Web sites are being used to maximize that revenue. If you are going to sell advertising on your Web site, you better have a story to tell–and that story will start with Web analytics.

Google took the software it had acquired and offered a free Web analytics service, Google Analytics (http://www. google.com/analytics/). Free Web analysis for a product that previously had cost about $500 a month is a pretty good deal. I believe the product initially was offered to current users of Google AdWords, which are the sponsored links that appear on the right side of the page when you do a Google search. Free Google Analytics was enormously successful, so much so it had to quit accepting new users. How many users it currently has is anybody's guess.

I had just finished checking on the online reports Google Analytics provides and was praising the free service to our network administrator. His response was: “Free–only if you consider selling your soul free.” This guy also thinks Bill Gates is a nom de plume for Beelzebub, but we won't go there. The very real truth is privacy is an important “issue” in Western culture today, and we need to be sensitive to it. Not because privacy is a problem a priori but because it is perceived as a problem by our customers. Reality doesn't play into the mix much anymore–perception has become reality.

Back to the point. Google Analytics is an extremely sophisticated product. It delivers very good graphical representations of your Web statistics in different broad categories: executive overview, conversion summary, marketing summary, and content summary. There are lots of marketing and content reports that can be drilled down to a nice granular level. All reports are exportable as text, CSV, or XML. There are useful help and definition areas. In short, this is a satisfactory product for which most users would be willing to pay real money. Did I mention it also integrates with AdWords so you easily can track your return on investment? Good stuff.

So, what about this selling of your soul? What are you really giving up in exchange for your free service? A lot of Web analysis is done after the fact–analyzing logs. Every request and response from your Web server can be logged, and those logs are analyzed to provide an analysis of Web site usage. But Google doesn't have access to your logs . . . we hope. That means it needs to collect information about your site traffic as it happens. When you sign up for Google Analytics, it supplies a few lines of JavaScript you insert into the pages you want analyzed. All the code does is download a JavaScript file from Google (urchin.js), produce a unique identifier for your Web site (Google provides), and then execute the downloaded JavaScript. This is the part those with extreme paranoia may find suspect. You essentially are granting Google carte blanche to download a script to all your users that will execute, place some cookies on your customers' computers, and report information back to Google. Once again, all this is covered with a privacy policy that is readily available and written in plain English–not legalese. And once again, I personally don't see a problem with this arrangement. We generally are more than willing to allow a paid service provider to gather this sort of data. It isn't logical to deny that trust to Google just because it has a different revenue model. The last time I looked, Google was generating slightly more than 50 percent of its revenue for ads on Google and slightly less than 50 percent from ads placed by Google on other Web sites (such as Google AdSense).

I do understand paranoia, not personally but from dealing with it. Some people will always distrust successful enterprises–computer geeks seem particularly susceptible to this. Google is enormously successful, thus it must be evil ipso facto. So, take a look at the code. You easily can find the urchin.js code on your own box (if you have been to a site with Google Analytics), or you can download it directly from Google. It is a 16.7 KB 500-line script. No tricks that I can see. All it does is collect information that is readily available in any HTTP header. Take a look at the cookies generated. They take the form of username@analytics[X].txt. Nothing scary there, either. If you like open source, you should love this. It is all there for your inspection and study. It is not often we get to examine source code from the evil empire. Enjoy.

Let's assume you have decided to use Google Analytics. Are you then obligated to inform your customers their actions on your Web sites are being tracked by Google? Are you obligated to do so if you are using another paid service provider, that is, do you identify the service provider? The answer to both is probably no. Internet users should expect to be tracked routinely by some sort of analytic software. Is it any less nefarious to be tracked by log analysis than by a downloaded JavaScript? Not really. The only difference is your Web browsing is being tracked on a server in my data center rather than on a Google server somewhere. The end result is the same. Someone, somewhere has knowledge of what you have done on a particular site–the entry page, the exit page, path between the two, etc. You may not be identified by name, but you will be known by your IP address. There is a moral obligation to inform your customer such tracking is taking place. The site privacy statement usually is the place to handle this. I am not a lawyer, nor do I play one on TV, so I will state unequivocally I am not expressing legal opinions or judgments–just personal opinions.

The real issue here has nothing to do with Web analytics, nor does it have anything to do with Google. Google's success simply has made it an easy target. The real issue is virtually nothing we do on the Internet, whether it be Web surfing or e-mail, provides any assurance we cannot be tracked. The Internet is using barely mature first-generation technology. And that technology was designed to create robust, redundant connectivity, not privacy or anonymity. Search has become the killer marketing application for e-commerce. That means everyone–not just Google–is attempting to track and quantify Web behavior. In turn, that means there exist terabytes of data about our Web habits. That data is what concerns civil libertarians. It doesn't really matter whether Yahoo knows I ordered a book from Barnes & Noble online. What does matter is the possibility the federal government or some other loosely run organization may misuse that data. In the 9/11 aftermath, it is not unreasonable to assume persons seeking to understand the cockpit controls of a 757 may be potential terrorists. But they also may be 15-year-old high-school students working on a school project. Misuse of data is every bit as evil as misuse of power. Thus, the real fear that comes from all that meticulously collected information is not the data itself but the misuse of that data. As for me, I am going to continue accepting cookies and JavaScript. I am not paranoid. After all, the truth is out there.