The urchinTracker() method: How Dozier Internet Law, PC’s website secretly spies on its visitors

Many web sites track or (to use a less friendly word) “spy”on their users. As sits on top of blogspirit’s blog content system, I can view aggregate data about who is accessing my posts. Many other sites use SiteMeter or another third-party tool to get even more detailed information.

Some attempt to hide their espionage, however. One such good example is Dozier Internet Law, PC (a company which forbids hyperlinking). They forbid the “view source” option in a web browser that allows individuals to see what code is being activated by their presense. A view source on Slashdot‘s copy of their web code reveals the following

<script type="text/javascript">
_uacct = "UA-294347-1";

Curious about what this (I was inspired by Raise the Hammer‘s investigation) I searched, and found that it is part of Google Analytics:

Google Analytics’ urchinTracker allows you to track events on your site that do not generate a pageview. Using the urchinTracker JavaScript, you can assign a specific page filename to Flash events, JavaScript events, file downloads, outbound links, and more.

For more information on using urchinTracker, please refer to the following help articles:

To be, this presents an ethical dilemma. Dozier eavesdrops on the browsers that visits it. Simultaneously, Dozier’s rules make it impossible to notice the eavesdropping while obeying its terms of use. I’m not sure what the ethics rules for “attorney advertising” (which Dozier’s website is classified as) are for lawyers in the jurisdiction where they operate, but I assume they do not encourage making informed consent impossible.


2 thoughts on “The urchinTracker() method: How Dozier Internet Law, PC’s website secretly spies on its visitors”

  1. Excellent catch!

    I wonder what is the process for refusing the user agreement, and un-tracking yourself on the index and user agreement pages?”

    Also from the agreement:

    “We don’t presently conduct e-commerce activities in the sense of accepting registrations or providing private access to a protected area of our website.”

    Which means, I assume that the protected area of their website, available by clicking on “Administration (authorization required)” [1], is unavailable for any non-Dozier-employee. Which makes it all the stranger there would be a link to it.

    (a) the user agreement is in error
    (b) Dozier has no security sense whatsoever
    (c) the link is a honey-pot designed to track hackers



Leave a Reply

Your email address will not be published. Required fields are marked *