Recherche avancée

Sur d’autres sites (7636)

• Neutral net or neutered

  4 juin 2013, par Mans — Law and liberty

  In recent weeks, a number of high-profile events, in the UK and elsewhere, have been quickly seized upon to promote a variety of schemes for monitoring or filtering Internet access. These proposals, despite their good intentions of protecting children or fighting terrorism, pose a serious threat to fundamental liberties. Although at a glance the ideas may seem like a reasonable price to pay for the prevention of some truly hideous crimes, there is more than first meets the eye. Internet regulation in any form whatsoever is the thin end of a wedge at whose other end we find severely restricted freedom of expression of the kind usually associated with oppressive dictatorships. Where the Internet was once a novelty, it now forms an integrated part of modern society ; regulating the Internet means regulating our lives.

  Terrorism

  Following the brutal murder of British soldier Lee Rigby in Woolwich, attempts were made in the UK to revive the controversial Communications Data Bill, also dubbed the snooper’s charter. The bill would give police and security services unfettered access to details (excluding content) of all digital communication in the UK without needing so much as a warrant.

  The powers afforded by the snooper’s charter would, the argument goes, enable police to prevent crimes such as the one witnessed in Woolwich. True or not, the proposal would, if implemented, also bring about infrastructure for snooping on anyone at any time for any purpose. Once available, the temptation may become strong to extend, little by little, the legal use of these abilities to cover ever more everyday activities, all in the name of crime prevention, of course.

  In the emotional aftermath of a gruesome act, anything with the promise of preventing it happening again may seem like a good idea. At times like these it is important, more than ever, to remain rational and carefully consider all the potential consequences of legislation, not only the intended ones.

  Hate speech

  Hand in hand with terrorism goes hate speech, preachings designed to inspire violence against people of some singled-out nation, race, or other group. Naturally, hate speech is often to be found on the Internet, where it can reach large audiences while the author remains relatively protected. Naturally, we would prefer for it not to exist.

  To fulfil the utopian desire of a clean Internet, some advocate mandatory filtering by Internet service providers and search engines to remove this unwanted content. Exactly how such censoring might be implemented is however rarely dwelt upon, much less the consequences inadvertent blocking of innocent material might have.

  Pornography

  Another common target of calls for filtering is pornography. While few object to the blocking of child pornography, at least in principle, the debate runs hotter when it comes to the legal variety. Pornography, it is claimed, promotes violence towards women and is immoral or generally offensive. As such it ought to be blocked in the name of the greater good.

  The conviction last week of paedophile Mark Bridger for the abduction and murder of five-year-old April Jones renewed the debate about filtering of pornography in the UK ; his laptop was found to contain child pornography. John Carr of the UK government’s Council on Child Internet Safety went so far as suggesting a default blocking of all pornography, access being granted to an Internet user only once he or she had registered with some unspecified entity. Registering people wishing only to access perfectly legal material is not something we do in a democracy.

  The reality is that Google and other major search engines already remove illegal images from search results and report them to the appropriate authorities. In the UK, the Internet Watch Foundation, a non-government organisation, maintains a blacklist of what it deems ‘potentially criminal’ content, and many Internet service providers block access based on this list.

  While well-intentioned, the IWF and its blacklist should raise some concerns. Firstly, a vigilante organisation operating in secret and with no government oversight acting as the nation’s morality police has serious implications for freedom of speech. Secondly, the blocks imposed are sometimes more far-reaching than intended. In one incident, an attempt to block the cover image of the Scorpions album Virgin Killer hosted by Wikipedia (in itself a dubious decision) rendered the entire related article inaccessible as well as interfered with editing.

  Net neutrality

  Content filtering, or more precisely the lack thereof, is central to the concept of net neutrality. Usually discussed in the context of Internet service providers, this is the principle that the user should have equal, unfiltered access to all content. As a consequence, ISPs should not be held responsible for the content they deliver. Compare this to how the postal system works.

  The current debate shows that the principle of net neutrality is important not only at the ISP level, but should also include providers of essential services on the Internet. This means search engines should not be responsible for or be required to filter results, email hosts should not be required to scan users’ messages, and so on. No mandatory censoring can be effective without infringing the essential liberties of freedom of speech and press.

  Social networks operate in a less well-defined space. They are clearly not part of the essential Internet infrastructure, and they require that users sign up and agree to their terms and conditions. Because of this, they can include restrictions that would be unacceptable for the Internet as a whole. At the same time, social networks are growing in importance as means of communication between people, and as such they have a moral obligation to act fairly and apply their rules in a transparent manner.

  Facebook was recently under fire, accused of not taking sufficient measures to curb ‘hate speech,’ particularly against women. Eventually they pledged to review their policies and methods, and reducing the proliferation of such content will surely make the web a better place. Nevertheless, one must ask how Facebook (or another social network) might react to similar pressure from, say, a religious group demanding removal of ‘blasphemous’ content. What about demands from a foreign government ? Only yesterday, the Turkish prime minister Erdogan branded Twitter ‘a plague’ in a TV interview.

  Rather than impose upon Internet companies the burden of law enforcement, we should provide them the latitude to set their own policies as well as the legal confidence to stand firm in the face of unreasonable demands. The usual market forces will promote those acting responsibly.

  Further reading

  • Tory-Labour pact could save data bill, says Lord Howard
  • Internet companies warn May over ‘snooper’s charter’
  • Snooper’s charter ‘should be replaced by strengthening of existing powers’
  • Exclusive : ‘Snooper’s charter’ would not have prevented Woolwich attack, says MI5
  • Search engines urged to block more online porn sites
  • Why technology must be the solution to child abuse material online
  • Google must take more action to police explicit content, says Vince Cable
  • Facebook bows to campaign groups over ‘hate speech’
  • Facebook sexism campaign attracts thousands online
  • Türkischer Ministerpräsident : Twitter ist eine Plage
  • Valls : « La traque sur Internet doit être une priorité pour nous »
  • La Cnil, futur juge d’Internet
  • “National security matter” : Third agency caught unilaterally blocking web sites

• Your Essential SOC 2 Compliance Checklist

  11 mars, par Daniel Crough — Privacy, Security

  With cloud-hosted applications becoming the norm, organisations face increasing data security and compliance challenges. SOC 2 (System and Organisation Controls 2) provides a structured framework for addressing these challenges. Established by the American Institute of Certified Public Accountants (AICPA), SOC 2 has become a critical standard for demonstrating trustworthiness to clients and partners.

  A well-structured SOC 2 compliance checklist serves as your roadmap to successful audits and effective security practices. In this post, we’ll walk through the essential steps to achieve SOC 2 compliance and explain how proper analytics practices play a crucial role in maintaining this important certification.

  Download SOC2 Checklist

  

  What is SOC 2 compliance ?

  SOC 2 compliance applies to service organisations that handle sensitive customer data. While not mandatory, this certification builds significant trust with customers and partners.

  According to the AICPA, “SOC 2 reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organisation relevant to security, availability, and processing integrity of the systems the service organisation uses to process users’ data and the confidentiality and privacy of the information processed by these systems.“

  At its core, SOC 2 helps organisations protect customer data through five fundamental principles : security, availability, processing integrity, confidentiality, and privacy.

  Think of it as a seal of approval that tells customers, “We take data protection seriously, and here’s the evidence.”

  Companies undergo SOC 2 audits to evaluate their compliance with these standards. During these audits, independent auditors assess internal controls over data security, availability, processing integrity, confidentiality, and privacy.

  What is a SOC 2 compliance checklist ?

  A SOC 2 compliance checklist is a comprehensive guide that outlines all the necessary steps and controls an organisation needs to implement to achieve SOC 2 certification. It covers essential areas including :

  • Security policies and procedures
  • Access control measures
  • Risk assessment protocols
  • Incident response plans
  • Disaster recovery procedures
  • Vendor management practices
  • Data encryption standards
  • Network security controls

  SOC 2 compliance checklist benefits

  A structured SOC 2 compliance checklist offers several significant advantages :

  Preparedness

  Preparing for a SOC 2 examination involves many complex elements. A checklist provides a clear, structured path, breaking the process into manageable tasks that ensure nothing is overlooked.

  Resource optimisation

  A comprehensive checklist reduces time spent identifying requirements, minimises costly mistakes and oversights, and enables more precise budget planning for the compliance process.

  Better team alignment

  A SOC 2 checklist establishes clear responsibilities for team members and maintains consistent understanding across all departments, helping align internal processes with industry standards.

  Risk reduction

  Following a SOC 2 compliance checklist significantly reduces the risk of compliance violations. Systematically reviewing internal controls provides opportunities to catch security gaps early, mitigating the risk of data breaches and unauthorised access.

  Audit readiness

  A well-maintained checklist simplifies audit preparation, reduces stress during the audit process, and accelerates the certification timeline.

  Business growth

  A successful SOC 2 audit demonstrates your organisation’s commitment to data security, which can be decisive in winning new business, especially with enterprise clients who require this certification from their vendors.

  Challenges in implementing SOC 2

  Implementing SOC 2 presents several significant challenges :

  Time-intensive documentation

  Maintaining accurate records throughout the SOC 2 compliance process requires diligence and attention to detail. Many organisations struggle to compile comprehensive documentation of all controls, policies and procedures, leading to delays and increased costs.

  Incorrect scoping of the audit

  Misjudging the scope can result in unnecessary expenses and extended timelines. Including too many systems complicates the process and diverts resources from critical areas.

  Maintaining ongoing compliance

  After achieving initial compliance, continuous monitoring becomes essential but is often neglected. Regular internal control audits can be overwhelming, especially for smaller organisations without dedicated compliance teams.

  Resource constraints

  Many organisations lack sufficient resources to dedicate to compliance efforts. This limitation can lead to staff burnout or reliance on expensive external consultants.

  Employee resistance

  Staff members may view new security protocols as unnecessary hurdles. Employees who aren’t adequately trained on SOC 2 requirements might inadvertently compromise compliance efforts through improper data handling.

  Analytics and SOC 2 compliance : A critical relationship

  One often overlooked aspect of SOC 2 compliance is the handling of analytics data. User behaviour data collection directly impacts multiple Trust Service Criteria, particularly privacy and confidentiality.

  Why analytics matters for SOC 2

  Standard analytics platforms often collect significant amounts of personal data, creating potential compliance risks :

  1. Privacy concerns : Many analytics tools collect personal information without proper consent mechanisms
  2. Data ownership issues : When analytics data is processed on third-party servers, maintaining control becomes challenging
  3. Confidentiality risks : Analytics data might be shared with advertising networks or other third parties
  4. Processing integrity questions : When data is transformed or aggregated by third parties, verification becomes difficult

  How Matomo supports SOC 2 compliance

  

  Matomo’s privacy-first analytics approach directly addresses these concerns :

  1. Complete data ownership : With Matomo, all analytics data remains under your control, either on your own servers or in a dedicated cloud instance
  2. Consent management : Built-in tools for managing user consent align with privacy requirements
  3. Data minimisation : Configurable anonymisation features help reduce collection of sensitive personal data
  4. Transparency : Clear documentation of data flows supports audit requirements
  5. Configurable data retention : Set automated data deletion schedules to comply with your policies

  By implementing Matomo as part of your SOC 2 compliance strategy, you address key requirements while maintaining the valuable insights your organisation needs for growth.

  Conclusion

  A SOC 2 compliance checklist helps organisations meet critical security and privacy standards. By taking a methodical approach to compliance and implementing privacy-respecting analytics, you can build trust with customers while protecting sensitive data.

  Start your 21-day free trial — no credit card needed.

• 7 Reasons to Migrate from Google Analytics to Matomo Now

  15 mai 2022, par Erin

  The release of Google Analytics 4 (GA4), and the subsequent depreciation of Universal Analytics, has caused a stir amongst webmasters, SEO experts, marketers and the likes.

  Google’s Universal Analytics is the most widely used web analytics platform in the world, but from 1 July 2023, it will no longer process any new data. Google is now pushing users to set up GA4 tracking imminently.

  If you’re like many and wondering if you should upgrade to Google Analytics 4, there are two key reasons why this might be a risk :

  1. GDPR violations : recent rulings have deemed Google Analytics illegal in France and Austria, and it’s likely that this trend will continue across the EU.
  2. Data loss : users switching to Google Analytics 4 can’t migrate their data from Universal Analytics.

  To mitigate these risks, many organisations are looking to switch to a Google Analytics alternative like Matomo. This is an ideal option for organisations that want to take ownership of their data, get compliant with privacy regulations and save themselves the stress of Google deprecating the software they rely on.

  Whilst there are two major reasons to steer clear of Google Analytics 4, there are 7 reasons why migrating to Matomo instead could save your business time, money and peace of mind.

  If you want to avoid the pitfalls of GA4 and are thinking about migrating from Universal Analytics to Matomo, here’s why you should make the switch now.

  1. Keep your historical Universal Analytics data

  Users switching to Google Analytics 4 will be disappointed to find out that GA4 does not accept data imports from Universal Analytics. On top of that, Google also announced that after Universal Analytics stops processing new data (1 July 2023), users will only be able to access this data for “at least six months”. 

  Years of valuable insights will be completely wiped and organisations will not be able to report on year over year results.

  Fortunately, any organisation using Universal Analytics can import this data into Matomo using our Google Analytics Importer plugin. So you can reduce business disruptions and retain years of valuable web analytics data when you switch to Matomo.

  Our comprehensive migration documentation features a handy video, written guides and FAQs to ensure a smooth migration process.

  2. Ease of use

  Web analytics is complicated enough without having to navigate confusing platform user interfaces (UIs). One of GA4’s biggest drawbacks is the “awful and unusable” interface which has received an overwhelming amount of negative backlash online. 

  Matomo’s intuitive UI contains many of the familiar features that made Universal Analytics so well-liked. You’ll find the same popular features like Visitors, Behaviour, and Acquisition to name a few.

  

  User Flow in Matomo

  When you switch to Matomo you can get up to speed quickly and spend more time focusing on high-value tasks, rather than learning about everything new in GA4.

  3. 100% accurate unsampled data

  GA4 implements data sampling and machine learning to fill gaps. Often what you are basing critical business decisions on is actually an estimate of activity. 

  Matomo does not use data sampling, so this guarantees you will always see the full picture.

  “My primary reason to use Matomo is to get the unsampled data, [...] if your website gets lots of traffic and you can’t afford an enterprise level tool like GA premium [GA360] then Matomo is your best choice.”

  With Matomo you can be confident your data-driven decisions are being made with real data.

  4. Privacy by design

  Built-in privacy has always been at the core of Matomo. One key method we use to achieve this, is by giving you 100% data ownership of your web analytics data. You don’t ever have to worry about the data landing in the wrong hands or being used in unethical ways – like unsolicited advertising. 

  On the contrary, Google Analytics is regularly under fire for controversial uses of data. While Google has made changes to make GA4 more privacy-focused, it’s all just smoke and mirrors. The data collected from Google Analytics accounts is used by Google to create digital profiles on internet users, which is then used for advertising. 

  Consumers are becoming increasingly concerned about how businesses are using their data. Businesses that develop privacy strategies, utilise privacy-focused tools will gain a competitive advantage and a loyal customer-base. 

  Prioritise the protection of your user data by switching to a privacy-by-design analytics solution.

  5. Compliance with global privacy laws

  To date, Google Analytics has been deemed illegal to use in France and Austria due to data transfers to the US. Upgrading to GA4 doesn’t make this problem go away either since data is still transferred to the US. 

  Matomo is easily configured to follow even the strictest of privacy laws like GDPR, HIPAA, CCPA, LGPD and PECR. Here’s how :

  • Matomo’s opt-out mechanism lets users opt-out of web analytics tracking
  • You can configure analytics for data retention of raw data and aggregated reports
  • Users can anonymise IP addresses as well as implement other data anonymisation techniques
  • Matomo can respect DoNotTrack setting
  • Users can set up Matomo so it doesn’t process any personal data or PII (personally identifiable information)
  • It’s easy to set shorter expiration dates for tracking cookies
  • Matomo allows you to disable Visits Log and Visitor Profile
  • Users aren’t tracked across websites unless specifically enabled

  Matomo can also be used without cookie consent banners (unlike with Google Analytics, which will always need user consent to track). Matomo has been approved by the French Data Protection Authority (CNIL) as one of the select few web analytics tools that can be used to collect data without tracking consent.

  Every year more countries are drafting legislation that mirrors the European Union’s GDPR (like the Brazilian LGPD). Matomo is designed to stay data-privacy law compliant, and always will be.

  Stay on top of global privacy laws and reduce the time you spend on compliance by switching to a privacy-compliant solution. 

  6. All-in-one web analytics

  Matomo gives you easy access to Heatmaps, Session Recordings, A/B testing, Funnels analytics, and more right out of the box. This means that digital marketing, UX and procurement teams won’t need to set up and manage multiple tools for behavioural analytics – it’s all in one place.

  Learn more about your audience, save money and reduce complexity by switching to an all-in-one analytics solution.

  Check out Matomo’s extensive product features.

  

  Page Scroll Depth in Matomo

  7. Tag Manager built-in

  Unlike GA4, the Matomo Tag Manager comes built-in for an efficient and consistent user experience. Matomo Tag Manager offers a pain-free solution for embedding tracking codes on your website without needing help from a web developer or someone with technical knowledge.

  Help your Marketing team track more website actions and give time back to your web developer by switching to Matomo Tag Manager.

  Final Thoughts

  Google Analytics is free to use, but the surrounding legal issues with the platform and implications of switching to GA4 will make migrating a tough choice for many businesses. 

  Now is the chance for organisations to step away from the advertising tech giant, take ownership of web analytics data and get compliant. Switch to the leading Google Analytics alternative and see why over 1 million websites choose Matomo for their web analytics.

  Ready to get started with your own Google Analytics to Matomo migration ? Try Matomo free for 21 days now – no credit card required. 

  21 day free trial. No credit card required.

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I hereby accept the terms and conditions and the data processing agreeement (DPA).

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  

  » Start improving your websites now