I could spend all my time reviewing site statistics or I could just write some articles. I typically choose to do the later. But occasionally (typically about once a month) I’ll look at the statistics for the site. Typically it’s just to see if the world is still an insane place and if people still view the dribble I tend to write here. But I see a lot of funny stuff in there and so those statistics tend to also afford me a bit of comedic relief.
For example, images I use in my site are often used by others. I am guessing that the webmaster for a site simply goes to Google Images and ends up grabbing a link to my site for an image. I’m not all that worried about the amount of traffic and so I don’t tend to get overly anxious about this type of thing, although I do often visit the site to see what they’re using my graphics for. And sometimes I quickly close my browser window out of fear that my daughter will walk by.
Other than images I also see a lot of patterns in those that visit my site. There are the bogus patters, with obviously fake IP addresses. There are crawlers that aren’t really crawlers and there are the occasional port scans (I guess I asked for some of that when I put the word security in the title of a book I wrote). There are also legitimate users, whose IP I see once every day or 10, there are trackbacks and pingbacks and other forms of linking to the site, there are a lot of incoming links from various social networks and other sites (thanks for that btw), but most interestingly are the non-public details you can glean from looking at links. You can see intranets that aggregate feeds that you wouldn’t otherwise see and the folders that people file away emails into. You can also see the pages that various competitors visit and you can learn a little bit about things that would otherwise be closed to you.
For example, if you use a web-based service for email and you click on a link for an email then chances are I now know the name of that folder. It might seem like something minor, but based on the name of that folder I might learn a little something about how you perceive me. As an example, if that folder is called douchebags then I know where I rate with ya’. I can also see who you follow or who that maybe doesn’t follow me but still manages to visit my site from certain social networks. Especially when they do it routinely. This is always a little fun.
And then there are IP addresses. Many a visitor will access my site from their office. Many of those offices have IP space registered in their names. Some people even have IP space registered at their homes. Sure, you can use an anonymizer, such as TOR to hide your IP space, but even that can tell a savvy web admin a little about you, when the link that brings you to the site has your gMail address in the request…
The best part of all this is that I have very little time. I can barely manage to go through my email on a daily basis and so I can spend less than an hour per month trying to make heads or tails of the logs on my website. I likely forget about anything I pick up on about as quickly as I’ve picked up on it. But it raises an interesting point from a security perspective: just how anonymous is your browsing? And this isn’t a FUD kinda’ thing. It’s a real, icucme type of thing. With a lot of effort put into security and anonymity on the web, you might not be as anonymous as you think you are. And while I am not going to be doing anything with a minor breach in anonymity there are others who likely have a little more time on their hands. I’d be curious if they would be interested in that user name and password of that crappy cloud email site you use that for some lame reason is actually in the address you used to access my site?!?!
My new project: the web analytics wall of shame. OK, maybe not… But perhaps someone at DefCon will come up with that next…