January 26, 2011

Proxyservers, statistics and usability


When realizing there is such a thing as web visitors statistics many people feel very bad at ease. I can understand that – I do not want my footprints on the net to be recorded. I do not want my Internet habits to give background to commercial campaigns for example. I can see more and more people are hiding from web statistic programs like Google Analytics - they only show up in server based statistics.

Some people use free proxy serves when they want to hide their identity. There are several free proxy serves to use on Internet. Just surf around. But keep in mind that most of them do not work as great as they say...
A proxy server can hide:
  • the referring address
  • the page name visited either by not showing it at all or make some kind of encryption
  • your IP address & the name of your Internet Service provider
These servers can if correctly set make you totally invisible. But most are not set up in that way. Not even those who say they are safe. And the reason why is there is very clever web statistics programs

In my statistics about 95% of all proxy servers leak the true accessing IP address. And despite encryption of accessed URL – I can read the filenames. It is just the path before the filename that is encrypted. How useful is it if "brittabettina.blogspot" is encrypted when I still can see the name of the blogpost read?

Why are your true IP address revealed then?
Web statistics program can do a kind of cascade lookup and identify the true accessing IP address instead of the one the proxy server have. I have tried up to 6 different web statistics programs. They differ all but Google Analytics seems to have one method, Statcounter one  and all the rest another method. Combined I can actually read 95% of the Internet Server providers names and home towns. Together with user agent characteristics like operating system browser program & version, flash version etc. you can if you want to get a "fingerprint" of a visitor even if the IP address is hidden. So proxy servers do not always give you 100% integrity.

So what should you do then to keep your integrity?
I think we all should consider why we want to hide. For most of us I think the answer is that we are visiting places we shouldn´t be at. As long as we go to “innocent” websites I do not think many people mind showing up in statistics. Or is it just so that you surf to wrong sites during working hours? Perhaps you should visit those at free time instead.

If you are porno surfing via a proxy server at work it is just stupid. Your employer can probably see what you do anyhow. And besides your employers name may show up in the web statistics of that porno website creating bad PR. Very often the name of the company owning the server is show as Internet Service provider name - your employer.

I know one person who used to comment and harass a politician at work time. The employers name was shown in the the statistics so the politician made a phone call to that company. With help of IT department they could follow the accessed path down to one single person. He got a severe warning for what he did during work time.

Bloggers internal statistics and proxies
Many people ask me tf it is possible to identify a proxy server with help of Bloggers internal statistics tools. The answer is no. That statistics can only show browser, country and operating system. If  visitor turns up at blogger statistics but not at your other statistics tool it might be a proxy server. But it may also be a visitor just having disabled third party images and javascript

Some last words about proxy servers
  • If anyone really want to be anonymous send me a mail. I have a list of great proxy servers and other ways to disguise.
  • If you have problems with proxy server visits or other specific IP addresses visits - send me a mail too. There are great solutions even for blogs like this one. But best protection you can get if you have access to the server and can create a .httaccess file.
  • If anyone needs tips in how to identify proxy servers - mail me. Not all have it clearly written names like "anoymous server". There is excellent help in some statistic program.
    At Googel Analytics you can for example read hostname that should be your own address. Anything else show that your webpage is downloaded to another server by some reason before showing the information to the user (in proxy cases usually for decryption of file name). It can be any kind of proxyserver - also big cooperate proxies not used for integrity reasons,
  • I have a few more tips in how to identify a user coming in with a proxy server - but those I will not tell in public.

    My mailadress is found under Contact & Copyright on top of this page


    What about usability then? 

    There are more ways to disguise than proxy servers. But I will talk about those another day. But before we end this post I would like you to watch the bad side of anonymous traffic - from website developers and owners view.

    If you do not want a internet shop to analyse your clicks and the way you find the stuff you like – then that kind of websites will have a hard time to make really user friendly interfaces. The click pattern is valuable contributions to building usable websites. Some statistic program have the feature that staff can open up a chat window when they see a customer is lost in the navigation. They cannot help you if you are invisible.

    If you do not want a blogger to see your visits - how should he/she feel appreciated for what he/she writes? How often have you commented a blogger? That is the only way to know for sure if there only are anonymous visitors-.

    My experience is that more and more people hide from web statistics and I can mostly understand that. In my blogs almost 75% of the traffic is anonymous for all statistics except for the server based Blogger provide. That was not the case six months ago.

    But if the majority are 100% anonymous it will be hard to build user friendly websites and less blogger will find it fun to blog. Of course there still are server based statistics showing every single page hit and every single IP address. But that kind of statistics – as far as I have seen – do not show click patterns. The result is presented in an abstract way making it hard for usability studies.


    Me and my web statistics
    My own spontaneous reaction on a proxy visits is anyhow always suspicion combined with surprise and sadness. Sadness because I find it hard to understand why anyone wants to be anonymous while reading my stuff. I frankly think that if these people feel bad reading my blogs - they should stay away. Why be here at all?

    There is absolutely no better way to get attention in my web statistics than using a proxy server. So even if you perhaps are anonymous - that is if server is set up the right way - you are definitely watched.

    If you want to be anonymous at my sites - just surf in. Then you are simply one more visitors - one among all others.




      It has to be fun, or else we cannot make it

      2 comments:

      1. I can see that a lot of people end up here with searcher indicating they want to know more about proxy servers with help of bloggers internal statistics. This cannot be done at all. You need to know the proxy server IP address to address that problem and perhaps stop it.

        ReplyDelete
      2. Next search engine question - "Is there a way to not show up on blogger stats". No there isn´t. This statistics is severbased. The server always knows who you "are" since it must send the result to you. If you use a proxyserver that server will be shown in Blogger stats. Blogger stats do not perform cascade lookups like other statistics tools.

        ReplyDelete