Other voting/ranking sites are even worse on privacy, see e.g.

http://www.sivacracy.net/2007/11/question_for_the_techie_reader.html

Online voting “integrity” is probably completely incompatible with user privacy.

I agree with you, Bithead (anyone see the irony here? click the link, scroll down the blog, you find out Bithead’s real name, apparently)

Correct, you do. You also see it in the blog’s address. And on the “About” page, as well. (Looks like this thing won’t accept a link in the comments, sorry. “About is on the top of any page on my blog) No irony involved whatsoever. “Bithead” is a nick I’ve used for many years, but I’ve never made a secret about who I am. Nor have I hidden behind a name that wasn’t mine, ever.

But, just as well, people often feel more free to talk when anonymous.

No doubt. But of course that’s because they need not consider closely what they say. Considerations of repercussions of violence and whatnot aside, it’s harder to be labeled an idiot when they don’t know who you are. Thereby you need not think things through before speaking in such a situation. Somehow that doesn’t strike me as furthering the cause of freedom, or free speech.

Dennis wrote: “While it is true that Sitemeter reveals a number of statistics about web visits, it does NOT reveal a users specific IP address.”

This is something that originally perplexed both Dan and me. I explained it in my article, but it appears Dan didn’t quite spell it out explicitly. JustADude explains above: when you pay, you not only get the full IP address yourself, but everybody else does as well. This seems like a bug on Sitemeter’s part, and it violates the spirit of their Privacy Guidelines. They didn’t concede as such to Dan or me.

C. Lee Davis wrote: “I don’t find any use in seeing other people’s visitor stats, or even those of my own site. I don’t wish my IP address publicly displayed.”

Well, yes, this data has been out there all these years and no one thought to look at it. I only got the idea after reading Dan’s book (and meeting him) and re-visiting some thoughts I’d long had on anonymous comments. And I provided examples (as Kaimi does here) where a third party would be tempted to peek at the IP logs.

Bithead wrote: “Stop whining, America, and have the courage to stand up and be identified with your words and ideas.”

I agree with you, Bithead (anyone see the irony here? click the link, scroll down the blog, you find out Bithead’s real name, apparently). I stated in my analysis that I happen to think that named communities on the Internet are generally more civil and constructive. But, just as well, people often feel more free to talk when anonymous.

That said, at the Yale ISP conference, Alessandro Acquisti of Carnegie Mellon presented some fascinating research which showed that the more detailed a privacy statement, the more people were primed to think about privacy, and thus they felt less free to speak openly.

anon wrote: “I believe it’s a poster’s responsibility for his or her own privacy.”

Well, I can’t contest what you believe, but it’s a question what works for a given forum/blog. I don’t know how many Internet users use, or are familiar with, IP-masking tools. I think that Dan has covered this in his book– and forgive me for not citing it chapter & verse– that people have reasonable expectation of privacy from a service provider, and can’t always be expected to be technically proficient to “opt out” themselves. Christopher Caldwell made a similar point in today’s NYT Magazine.

Stop whining, America, and have the courage to stand up and be identified with your words and ideas.

Also the upgrade version has a larger buffer of the past visitor history.

Even at 5000 visits remembered with the upgrade version, on a very busy blog that doesn’t take long to start over writes after a full buffer exists.

I have also seen some commentary on how they determine site visits and page views which there is no real industry standard to define what that is for advertisement cost structures from blog to blog.

If you are running a blog at a blog aggregation place rather than on a dedicated server you are stuck with one of the middleware counters since you don’t have access to the server logs which can have much more detail than sitemeter could even dream of.

Besides spammers , the worst offense I have seen is some very busy blogs that don’t require registration and the software has a whole where you can post by the same name as one of the regulars there and start bogus thread wars saying stuff from two or three names which pit regular users against each other until the catch on to what has been done.

Off the top of my head, I can think of a few different categories, and I’d be initially inclined to treat them somewhat differently.

First, we could be subpoenaed in a relatively morally unambiguous criminal case. For instance, someone could anonymously comment at Co-Op, “I just robbed the bank at State and Main,” and then the police could seek that commenter’s information. That seems relatively unlikely to happen. It also seems pretty easy. I wouldn’t have any problem handing over information on a bank robber.

A second scenario could be a criminal case where the morality is less clear-cut. For instance, one of us might write a post about Raich, the medicinal marijuana case. An anonymous commenter might then say, “I live in a state which has no medicinal marijuana provision (and of course, Raich held that the U.S. can still prosecute). However, I regularly purchase marijuana for my dying cancer-stricken grandmother, to ease her pain.” That’s an admission of a criminal act, but it’s much less morally clear-cut than the bank robber. My initial inclination would be to fight a subpoena in that kind of case — or at least, not to just roll over. I don’t know how much of a fight my co-bloggers would want to put up.

A third case is the morally clear-cut civil case. A clear-cut defamation, for instance, where an anonymous commenter writes “Person X is a child molester,” and then Person X sues for defamation. Again, if it looks like just a gratuitous, defamatory attack, I wouldn’t be averse to providing information.

But then there’s the fourth case — the less clear-cut civil case. A commenter says, “Professor Z’s views on the Constitution show that he is a fool,” and Professor Z sues and wants identifying information.

The Luskin/Atrios lawsuit is an example of category four, I think. Atrios made a harsh statement about Luskin’s political views, and Luskin sought to unmask Atrios in a subpoena.

It’s entirely possible that a commenter her will write, “[political commenter] is a fool,” or the like, and then political commenter then sues for defamation and seeks to identify the commenter.

My offhand reaction would be that, unless I was convinced of the rightness of the suit, I would be inclined to resist providing that information.

In general, though, it’s something that I’m sure we would discuss among the bloggers, and I’m not sure that all of my colleagues would always agree with my own views.

These are good points and I’ve brought it up over at the scienceblogs for discussion as well.

I don’t think that people realize that with many of the blogging comment systems that the blog owners get a lot of information about the posters as well and should be reassured that they will not have that information be abused in any way. It’s nice of you to point that out.

Most of this stuff is common sense, and short of threatening the president or some other person, it’s pretty hard to commit a crime requiring subpoenas of IP addresses from a blog (I can’t think of an instance of this happening, can you?). But it would be reassuring, especially on blogs with lots of anonymous commenters for people to develop a privacy policy. That way people can feel safe to write whatever without the worry of being “outed” and chastised.

Within one day of posting on your board for the first time, I was suddenly getting e-mails from the Huckabee campaign.

If the two are connected at all, please stop it.

In this respect this issue resembles the debate over the installation of a rural traffic-light: The question usually boils down to, “How many people have gotten hurt (or worse) at the subject intersection?”

If noone’s daughter has died there yet, the installation usually must wait ’til she has. Same goes, I think, for the installation of rules, or “safety barriers” for users of the world wide web.

Has anyone tallied the “victims” from this virtual intersection? Are there any data to work with?

People need to get

Privacy is the site visitors responsibility. If I don’t want you to know who I am, I use anonymouse, and turn off Java scripting entirely (Sitemeter has to have Java enabled to pick up referral info).

I believe it’s a poster’s responsibility for his or her own privacy. A website (this one or any other) can do whatever they like; if one really wants privacy, one can have it.

As an aside, anyone who pays for sitemeter must have a tremendous ego. There’s no need for that, really, unless you have vanity issues. You can make your stats invisible to the public if you’re concerned (just show a number, folks); that should be sufficient.

For the ego/vanity thing? You have your own soul to search.

Right after your perusal of your sitemeter stats, of course…

I’ve considered using anonymizing software to disguise my location, but never got around to it. I suppose I should though, because if anyone ever cared enough to unmask me (not that I’m trollish!), they easily could whenever I comment on another site with public sitemeter, such as yours. Or link up comments I make under the pseudonym with comments I make under my real name (which I do on law blogs in my area of research).

I suppose someone could check now, except that I’m visiting family, and for some reason our ISP broadcasts from a different location anyway. I think the servers run through Los Angeles.

In any case, I make my Sitemeter public (but for no particular edifying reason; I could just as easily make them private. And I am aware that I am not entirely anonymous or protective of my privacy when I participate on other blog forums, but that I could take steps to protect my privacy if I really tried. Of course, this is an “opt out” strategy, which is, I admit, a little interesting coming from privacy advocates.

Perhaps your stats could be made public (it is interesting to note how many people read your blog on a daily basis, if not from where or who or how they arrive there), but not broadcast IPs? Or perhaps the interesting details could be kept to you and your co-bloggers for site-management purposes, but not be made public.

In any case, I should probably think a little more about how much information I leave behind on other blogs. I’m already the worst-kept secret in the blogosphere!

I was not aware that the tracking information you gather was publicly available. I did know that the connection could be made through your web server logs, but I didn’t know your blogging software collected the data as well.

I would prefer that no site retain records of its visitors. I would suggest you implement a policy of peroidically purging those records, and to whatever extent possible avoid providing records on anonymous or pseudononymous commenters. If I want to be identified, I’ll identify myself.

It’s crucial for site owners to have this data, because it is sometimes necessary to ban access by stalkers, trolls, and other undesirables who would otherwise destroy the community you’re trying to create.

I support the right to post anonymously, but I think that maintaining anonymity is really up to the end user. If you really need privacy, then you need to use a proxy server and take other steps to assure your privacy.

I’ve found the public sitemeter stats of our own and other blogs very helpful. Blogs are often linked together by overlapping groups of regular readers and commenters. Occasionally, a psycho/stalker/troll type will follow from one blog to another in the group. Comparing sitemeter stats makes it much easier to identify the troll. Our own site has good logs and blocking tools, but not all blogging systems make it that easy to identify the IP address of a specific commenter.

I would add, in a related vein, that the privacy concerns you raise are greater for the smaller sites. Even with the premium sitemeter, if you’re looking at the Instapundit site, for example, you’re looking at the past few minutes of traffic only. With the free sitemeter account, the 100 visit limit keeps track of only the past few hours, minutes, or even seconds of very popular blogs.

As for subpoena policies, my own reaction would likely depend on the nature of the comment the government was seeking to unmask. If I could see that there was a decent reason for the subpoena, I’d probably comply, providing notice only if required by law. But if I thought the subpoena was merely part of an illegitimate attempt at harassment or intimidation, then I would do my best to notify before compliance to allow the anonymous commenter time to challenge the subpoena.

By the way, the coolest thing about Sitemeter stats is when you see that, on the day you’ve posted a “separated at birth?” post comparing Ruth Bader Ginsburg and Willie Wonka, you receive a visit from a computer belonging to the Supreme Court of the United States. I love having that ability, and it’s always exciting when you see that people you are writing about are reading what you said about them.

On the other hand I can also see where it could become a privacy concern, particularly in the hands of a Socialist Administration bent on, for example, auditing or otherwise using heavy handed tactics against its political opponents. My current plan is to continue using it, but should events in our country turn in a more unfortunate direction, I can certainly see a day when another tool might be preferable.

http://www.concurringopinions.com/archives/2007/01/our_millionth_v.html

that “My general response to this post is that for casual surfing, this kind of information is routinely collected by sites. You can block certain information by disabling Javascript etc., or go through anonymous proxies (e.g., Tor) for more privacy. But it’s not privacy-friendly to republish this kind of information with full IP addresses. Even though this person may not actually (still) be at this IP addresss, we can find out more things, such as that this IP address currently has an open Telnet server port open (and possibly others). In theory, with a full IP address available, one could potentially do some hacking. Not that one couldn’t do this to any random IP address…”

I fully expect sites to log information about visitors, for a variety of reasons. Sites should have a clear privacy policy. But I don’t see why detailed stats are needed by the blog readers. It’s interesting at most to see general trends.

There are certainly easy ways to increase one’s privacy and anonymity on the web, to protect from hacking, but perhaps more importantly to protect general privacy. Routinely changing IP address (I do that daily), blocking 3rd-party cookies, blocking known 3rd-party tracking servers via a hosts file, using anonymous proxies and/or onion routers, etc., etc. Unfortunately, most surfers are not that savvy.

Personally I use Firefox’s NoScript extension to control what JavaScript my browser downloads and runs. I’ve marked sitemeter.com as forbidden. Since NoScript’s default policy is to block unless explicitly allowed I don’t run any of the others (though with a single click I can temporarily–for the duration of my browsers current session–run them). I probably do get bit by the web bug image from extreme-dm.com, and naturally I know that your server’s access logs will be recording my IP address.

(here’s a tip I left out of my piece: you can still use lynx to post.

Dan, thanks for your interest in this. I’ll read the comments and respond over the weekend. Adam, I did consider the challenge you raise here and will be addressing it in a followup.

And no, I didn’t hear from Sitemeter today.