How To Opt Out Of WordPress.com’s Internal Analytics Tracking

WordPress internal analytics opt-out

Don’t you just love the way GDPR has forced the data mining giants of cyberspace to begrudgingly provide us with more detailed privacy disclosures and a little “Get Lost Peeping Tom!” button? A handy means for us to reclaim at least some of our privacy and limit the amount of our personal data the companies can collect or preseve?

Of course, most businesses are only telling us as much as the law says they have to tell us, and plenty of information about newer tracking technologies is flying under the radar. But GDPR’s tighter data regulation is a step in the right direction, and the general fuss it’s created has prompted a lot of us to pay more attention to web tracking. We’re better understanding our rights as site users and visitors, as well as our responsibilities as site administrators.

In fairness to WordPress.com, the privacy page I’m discussing in this post was a feature of the site long before anyone had even heard of GDPR. However, the link between the page’s past, and its present, may give some insight into why saying yay or nay to internal analytics tracking is important.

WHAT IS WORDPRESS’S INTERNAL ANALYTICS TRACKING?

As the new Automattic cookie page states…

In order to better understand how our services are used, we monitor certain user activities that take place within our products, including page views and clicks on any links used when managing a site via our dashboards.

We call each one of these actions an “event.” Analytics events are attached to your WordPress.com account and are handled via a first party system that Automattic owns and maintains. In general, we record the following data for each event: IP address, WordPress.com user ID and username, WordPress.com-connected site ID (for sites not hosted on WordPress.com), user agent, referring URL, timestamp of event, browser language, and country code.

This is a system designed to track the behaviour of content publishers, as opposed to blog visitors.

LAYER OF PRIVACY

Whereas WordPress likes to offer us its ‘extra layer of login security’ with merciless repetition, the site is rather more coy when it comes to offering us even the most basic layer of privacy. Not a major surprise. The former gains the company valuable personal data, whilst the latter loses the company valuable personal data. Indeed, in the new May 2018 cookie policy where GDPR requires Automattic/WordPress to disclose their tracking practices, they carefully avoid inserting a link to the privacy page. Instead, we get a plain text…

“You may opt out of our analytics program through your user settings.”

Where might that be, then? Far be it from me to suggest that they’re hoping our quest to find out will prove a tad too irksome, and we just, like… you know… won’t bother.

I’ll post the relevant link in a moment, but first, does this even matter? That depends on your attitude to privacy. I’ve known and worked with people who would happily post their marriage certificate on Facebook and enthusiastically share their full medical history with a ‘digital marketer’ they met approximately four minutes ago on LinkedIn. Others feel deeply oppressed by a clear GIF on an advertorial page. If you lean more towards the latter category, you should probably be aware of some history…

THE WORDPRESS PRIVACY PAGE

In the past, WordPress.com’s user privacy settings page included a disclosure that the site used an aggressive tracking and profiling tool called Inspectlet.

If you’re unfamiliar with Inspectlet, a sense of the degree to which it can track us can be found here. Looks scary, and it’s certainly not nice, but before anyone starts hyperventilating, please bear the following in mind…

  • WordPress.com now states that it uses an in house tracking and analytics tool and no longer mentions Inspectlet on the user privacy settings page. Inspectlet is not mentioned in the WordPress.com cookie documentation either, so my assumption is that they’ve either replaced Inspectlet with their own equivalent, or dropped mouse pointer monitoring.
  • Even if WordPress.com now has its own version of the Inspectlet tool, these routines do not actually capture your computer screen. What they capture is live event information within a browser window, which is then overlaid onto a static replica of the web page at their end of the connection. So if you have your personal diary open alongside your browser, a tracking app equivalent to Inspectlet would not see what you’ve written in your diary.

But, any business that would want to use a tool like Inspectlet in the first place is clearly intent on gathering some pretty detailed information about user behaviour. If they’re associating their behavioural profiling with personally identifying data, as the Automattic cookie policy suggests, then privacy-sensitive users need to carefully consider opting out of WordPress.com’s internal tracking.

OPTING OUT

If you want to opt out, do it now, because the action is not retrospective. Your tracking data is only discarded forward from the moment you opt out. To opt out, make sure you’re logged into your WordPress account, and go here…

https://wordpress.com/me/privacy/

Move the ‘Share information with our analytics tool…’ switch to the left, opting yourself out.

Then, importantly, hit the ‘Save Privacy Settings’ button.

WordPress Privacy Settings

When you’ve completed the opt-out, you’ll see the green-tick ‘Settings saved successfully!’ confirmation near the top of the page. You can see this visually represented in the screenshot at the top of the post.

Advertisements