> We don't send any personally identifiable information to Google.
Yes, you do. While you use[1] the "Anonymize IP" option, a packet is still sent from the user's IP. Google's business model includes gathering as much data as possible so it's foolish to think that they are throwing data away in this situation. You may disagree and trust Google to honor the "Anonymize IP" option, but trust is not transitive so you shouldn't ever assume users agree (use opt-in in every situation).
However, claiming you don't send pii to Google makes me wonder if you have actually read the documentation for GA? The "Anonymize IP" (aid=1) option is blatant doublespeak. From their own documentation[2]:
> The IP anonymization feature in Analytics sets the last octet of IPv4 user IP addresses ...
They are only masking out the last 8 bits of the address, which are the least interesting bits. You can still discover the ASN from the remaining data. At worst all that option did is add a 1-in-256 guess when correlating your analytics data to the rest of Google's tracking data. That is trivial to overcome Google's massive databases of tracking data.
You even provide a unique additional per-install tracking number that lets Google track users when they move to a different IP address. Once a correlation exists between your analytics data and everything else at Google, your analytics events provide a reliable report about that can allows other tracking data to be correlated to the new IP address.
Why does that option exist? It's possible that it was designed to mislead developers into sending Google tracking information, but their own documentation[2] suggests a different hypothesis:
> This feature is designed to help site owners comply with their own privacy policies or, in some countries, recommendations from local data protection authorities
This is a feature designed to check boxes on compliance requirements, not to provide any provide actual anonymity to users.
[1] https://github.com/Homebrew/brew/blob/fd4fe3b80cab9902437016...
[2] https://support.google.com/analytics/answer/2763052?hl=en
>> We don't send any personally identifiable information to Google.
> Yes, you do
PII is a term of the art which the GP is using in its standard sense and you are not. https://en.wikipedia.org/wiki/Personally_identifiable_inform...
(This is independent of the deontolic status of your comment.)
Redefining a phrase to omit much of its common meaning is what got us here. I appreciate you helping to bridge the gap by translating, I am just bemoaning its nessessity.