Improving metrics gathering

Paul W. Frields stickster at
Wed Feb 10 22:22:19 UTC 2010

On Thu, Feb 04, 2010 at 03:58:31PM -0800, Luis Villa wrote:
> On Thu, Feb 4, 2010 at 3:49 PM, Paul W. Frields <stickster at> wrote:
> > On Thu, Feb 04, 2010 at 03:03:21PM -0800, Luis Villa wrote:
> >> On Thu, Feb 4, 2010 at 8:16 AM, Matt Domsch <matt at> wrote:
> >> > Personally, I don't think this is a big problem.  Maybe it is.  If it
> >> > were, the entire industry which uses cookies exactly for such tracking
> >> > (and even more so) would have huge security, privacy, and other
> >> > lawsuit concerns which I just don't hear about.  Whatever we do will
> >> > have to run past Legal.
> >>
> >> I'm not giving legal, or even moral, advice here, but aiming to be as
> >> ethical as the internet advertising industry is a really, really low
> >> bar. :)
> >>
> >> I actually think collecting good usage data is really, really
> >> important, and open source projects and their legal counsels would be
> >> well-served to collaborate on defining best practices for this area.
> >> And I think if we sat down and thought it through, we could come up
> >> with best practices that would simultaneously let us gather a lot more
> >> data than we currently gather, and do as good (or possibly even
> >> better) by our users.
> >>
> >> So I'm not trying to discourage you; I think this is great. I'm just
> >> saying you don't do yourself any favors by saying 'well, the ad
> >> industry gets away with it, so it is OK for us' :)
> >
> > Great point, Luis.  Matt and I took as an action item getting with our
> > legal counsel, and I think it would be wonderful to approach that as a
> > collaboration the way you suggest here.
> I've discussed data-gathering casually with SFLC in the past, for what
> it is worth, though we never went anywhere with it. Mozilla went
> through a bit of soul-searching around the Test Pilot program; Mozilla
> has talked about the privacy guarantees in there extensively, but I'm
> not sure if the evaluation process was done publicly enough so as to
> provide a checklist or process which others could follow.

Clearly, the objective is not just for us to figure out what's legally
permissible, but to reconcile that with our community's expectations
as well.  I can think of at least two general areas of concern we
might have with other forms of statistics gathering:

* Records we're creating and retaining, and any requirements they

* Privacy concerns for specific regions, and how we might meet or
  hopefully exceed those expectations beyond just the opt-out measure.

I'd like to build up some specific questions that we can use to
develop the best practices Luis described above.  While we may not be
able to just publish legal advice as such, we should be able to take
that advice and use it as background to explain how we might set up
better statistics gathering.  Mailing list isn't ideal for that back
and forth -- would a wiki page work for the people who want to help?

Paul W. Frields                      
  gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233  5906 ACDB C937 BD11 3717   -  -  -  -
          Where open source multiplies:

More information about the advisory-board mailing list