Internet Archive is not storing any IPs, but just one-way hashes of
them, which they cycle regularly. So they can still have statistics,
but no privacy information is stored.
And yes, please don't use Google Analytics if you worry about your
users' privacy. But for that, users can use things like Ghostery
(https://www.ghostery.com/) to protect themselves. If you do not have
HTTPS, they cannot do much to protect themselves.
On Mon, Nov 11, 2013 at 9:58 AM, Ordway, Ryan <[log in to unmask]> wrote:
> HTTPS prevents passive monitoring at the application level, but there is
> still nothing stopping the government from issuing a subpoena for the
> webserver log files. They can still see what you're doing at the network
> level, granted they can only see source and destination IPs and ports. With
> enough analysis, some level of usage can be inferred.
> Unless we want to turn off the access logs and remove any Google Analytics
> tags, there are still ways for usage to be monitored and tracked. Unless
> you always delete your browser history or use something like Chrome's
> Incognito mode, your browser is tracking you too.
> If Internet Archive has issues with HTTPS, it's easy enough to exclude them
> from any URL rewriting so they can continue to harvest via HTTP.
> On Sun, Nov 10, 2013 at 2:45 AM, Mitar <[log in to unmask]> wrote:
>> On Wed, Nov 6, 2013 at 5:37 PM, Riley Childs <[log in to unmask]> wrote:
>> > Why? HTTPS is used when there is sensitive data involved, code4lib.org(at least to my knowledge) does not have sensitive data?
>> It is not just about the security of the users but privacy of the
>> users as well. Internet Archive moved to HTTPS so that nobody could
>> monitor what their users are accessing.