Google Analytics, or my preferred name for it “google anal-tics”, is a service designed to provide web site owners with statistics about visitors movements on their site. One would think this is a simple and ordinary enough service and nothing to worry about.
However, I have two issues with this:
urchin.js from Google or the more advanced
ga.js file. Essentially a web site is telling your browser to execute some remote 3rd party script on your system. This is a BAD idea in terms of security, since it might be possible to hijack that script in transit and replace it with attack / hack code. Also the script is not loaded securely via HTTPS, so no certificate authentication or validation of any kind is done; just blind trust that
google-analytics.com has not been hijack by DNS cache poisioning or that some intermediate web proxy hasn’t been compromised.
Second, I am interested in protecting my privacy online as much as possible these days. I already have a pretty big online foot print dating as far back as 1986; regardless I see it as my right to restrict data collected about me. So whenever a web site asks for HTTP cookies, Flash Cookies (How to Manage Flash Settings), tries to load advertising, or track my movements through scripts and/or cookies, I’ll go out of my way to block that from happening.
So when a web site loads
ga.js, it is going to communicate information about visitors back to Google. I find this an invasion of my online privacy. What I do online is my business, not Google’s. Google already has enough data about what search terms I look for (this can be controlled through Google, though who knows if it is honoured or not). Frankly I don’t think Google or any other 3rd party advertiser needs to know where and what the frack I’m doing.
Simple solution: use a URL blocker, like
Bork Bork Bork! or Adblock Plus, to block
ga.js, and/or anything from
google-analytics.com from being accessed. If you don’t want to use a URL block, this can also be achieved by adding to the Unix or Mac OS X
/etc/hosts file (Windows has an equivalent
C:\WINDOWS\system32\drivers\etc\hosts) and add an entry like:
Most webs sites where
google-analytics.com has been blocked are designed well enough to continue functioning. However, there are a small handful of web sites that refuse to do anything when the tracking code is not loaded. Typical bad design on the web sites part. In the end I see Google Anal-Tics as evil and chose not to do business with web sites that expect me to put up with that shit.