[HN Gopher] To opt out of Google Analytics you have to install a...
___________________________________________________________________
To opt out of Google Analytics you have to install a browser
extension
Author : asimpletune
Score : 220 points
Date : 2021-12-18 15:26 UTC (7 hours ago)
(HTM) web link (tools.google.com)
(TXT) w3m dump (tools.google.com)
| UI_at_80x24 wrote:
| While working on website optimization for a specific company, 3
| of of the slowest were all Google .js files. What's funny to me
| is that running Google Lighthouse/PageSpeed Insights recognize
| them and still recommend you change/replace them.
|
| Adsense, Tag Manager, Analytics
| SnaKeZ wrote:
| I prefer ublock origin.
|
| https://ublockorigin.com/
| tchalla wrote:
| Is there a way to get this on macOS Monterey / BigSur Safari?
| JumpCrisscross wrote:
| No, but Wipr and 1Blocker have worked well in my experience.
| Nextgrid wrote:
| I would recommend AdGuard for Safari - its ruleset is much
| more up to date in my experience.
| TingPing wrote:
| You can just select that ruleset in ublock...
| diroussel wrote:
| You can run ublock origin on macOS with Firefox
| tristan957 wrote:
| No, but you can install Firefox on macOS.
| oblak wrote:
| Firefox + NoScript is the only easy solution that actually works.
|
| That said, you have to keep in mind that ms/apple/google crap is
| whitelested so you're going to need to purge their pages. Takes
| about a minute to disable all whitelisted entries.
| gorhill wrote:
| > the only
|
| I disagree with your "the only", uBO also supports deny-allow
| for script blocking.[1]
|
| Beside, `google-analytics.com` is wholly blocked by default in
| uBO -- i.e. without having to fiddle with the default, out-of-
| the-box configuration -- and the blocked GA scripts are
| replaced with neutered ones in order to reduce likelihood of
| site breakage.
|
| ---
|
| [1] https://twitter.com/gorhill/status/1379819815657996290
| a5aAqU wrote:
| uBlock Matrix works too, and it gives fine-grained control over
| what assets are loaded.
|
| https://addons.mozilla.org/en-US/firefox/addon/umatrix/
| oblak wrote:
| I know. My point is you don't need fine grained control when
| it only makes sense to deny allow of it
| mro_name wrote:
| I would rather not have an dedicated extension for every
| encroaching participant on the internet. I prefer, to have
| one tool for the same task in various situations (GA, FB,
| you name it).
| userbinator wrote:
| I thought it was as simple as putting 0.0.0.0
| google-analytics.com 0.0.0.0 ssl.google-analytics.com
| 0.0.0.0 www.google-analytics.com
|
| in your HOSTS file (or equivalent)? I've put that in all my
| default OS installs and local DNS server.
| worldmerge wrote:
| To the people recommending Firefox. I would if they decided to
| support the modern web. Start supporting Web Bluetooth/USB. Have
| a Firefox based version of electron. Make it easy for people to
| make forks of your browser engine (there a ton of chromium based
| browsers, not a lot of firefox based ones). Oh, and NodeJS uses
| Chromium's JS engine. Mozilla lost the fight for the modern web.
| I want competition but I don't see how Mozilla is going to be it,
| maybe another browser engine will come.
| jasonhansel wrote:
| The reason why it's so hard to make forks of Firefox is that
| it's available under a copyleft license. But that copyleft
| license is the only thing stopping it from being commercialized
| and turning into Chrome.
| detaro wrote:
| Why does the license make it hard to fork Firefox?
| worldmerge wrote:
| From this comment on the Firefox subreddit, seems like
| Gecko is just too hard to work with. https://www.reddit.com
| /r/firefox/comments/m8cwdu/why_arent_t...
|
| And not related to their license.
| nicole_express wrote:
| I find it exceedingly unlikely another browser engine will
| come; not even Microsoft finds it worthwhile to keep up with
| the dizzying array of standards Google is pushing as required
| for the "modern web".
| phgn wrote:
| I often wonder how many people block analytics, since it's the
| default AFAIK in uBlock Origin. For HN it must be the majority.
|
| You'll not be able to block the next generation of server-side
| analytics tools like Cloudflare Analytics [0] -- seems like
| that's a direct response to increasing block rates.
|
| [0] https://www.cloudflare.com/en-gb/analytics/
| GordonS wrote:
| Any idea about lightweight OSS alternatives to Cloudflare Web
| Analytics?
|
| I don't need the information Google Analytics provides and want
| to avoid 3rd party cookies - something like Cloudflare
| Analytics looks appealing, but I'd prefer an OSS, self-hosted
| solution.
| realityking wrote:
| Plausible is a good candidate for lightweight analytics
|
| https://github.com/plausible/analytics
| hdjjhhvvhga wrote:
| > I often wonder how many people block analytics, since it's
| the default AFAIK in uBlock Origin. For HN it must be the
| majority.
|
| I went to visit a friend a few days ago. At some point she
| wanted to show me something on YouTube on her laptop. While
| staring surprised at the screen, I asked, "What is this? Is it
| what you wanted to show me?" She was as surprised as me, "No,
| of course not, this is just an ad." It felt very strange to me
| as I haven't seen an ad on YouTube for many years.
|
| So I inquired, "You know adblockers exist, why do you put up
| with this crap?" She answered, "Yes, sometimes people tell me
| this, then I install it, and then something breaks, like
| YouTube layout or the comments don't load etc., so I uninstall
| it, this happens every few years."
|
| So this gave me some insight why a non-technical person may
| choose not to use an adblocker. I fixed it for her and I hope
| she enjoys smooth experience for a few months.
| glidergun wrote:
| I've heard variants of this story so many times, but it
| leaves me confused over my own experience. This sort of high
| frequency breakage just does not happen for me, I can't even
| say rarely. Definitely not on youtube. So what is going on
| there?
| phgn wrote:
| It happened to me when I enabled some of the optional
| annoyances filter lists in uBlock Origin. Things like sign-
| up pages not working, full-page cookie modals you can't
| quit etc.
| arbol wrote:
| Some people like clicking on Google shopping links etc.
| Volker_W wrote:
| I would prefer comments not loader over ads loading.
| mdoms wrote:
| Although they're still not the highest grade comments on
| the internet I have noticed a marked improvement in Youtube
| comments over the last 5 years. I'm not sure what Youtube
| changed but it's definitely working. However they're still
| utterly toxic in some circles (eg, anything gaming
| related).
| lrem wrote:
| Don't you come to YouTube for the comments? ;)
| Volker_W wrote:
| I didn't meant to say that YouTube comments are bad, I
| meant to say that some websites breaking is still better
| than having Ads.
| rfw300 wrote:
| In fact, even if the ads do load, I'd prefer that the
| comments don't.
| cmeacham98 wrote:
| I don't care about server-side analytics. They can keep my IP,
| user agent, what pages I visit, etc - I give them those details
| willingly.
|
| What I do care about and actively block is JavaScript trying to
| enumerate fonts or fingerprint my canvas or whatever is the
| latest and greatest web API abuse for fingerprinting.
| Volker_W wrote:
| If you have a static IP (afaik, I do) it can be used for
| fingerprinting.
| tgsovlerkhgsel wrote:
| I don't care about one web site doing their analytics. It
| becomes a problem when one analytics company is building a
| profile across many sites.
|
| Unfortunately, Cloudflare is in a position to do just that,
| just like major analytics providers.
| cmeacham98 wrote:
| Cloudflare doesn't make their money by selling user data to
| advertisers - I'll start worrying when they do, or Google
| starts doing this.
| zelphirkalt wrote:
| Maybe not yet, but the simple fact, that there even is a
| Cloudflare "analytics", hints at a direction, in which
| this will probably develop. Some people inside Cloudflare
| will think "If only we could sell our analytics data, we
| could profit more!" and then they might just do that. The
| temptation is huge for them. Lets be realistic. They are
| not all idealistic developers at Cloudflare. It is a huge
| business with lots of unethical people working at it,
| like in many big businesses. At some point some internal
| pressure might overwhelm a minority fighting against it
| and the change will happen. Perhaps it will happen step
| by step, slowly boiling the frog.
| aaomidi wrote:
| I mean, it's pretty clear they're gonna be able to do
| this very easily once cf analytics becomes widely
| adopted.
| phgn wrote:
| If any network gets significant market share (like Google or
| Cloudflare), they can probably still follow you around by
| correlation of IP, user agent, routing location etc.
| legitster wrote:
| I think there's some confusion about what Google Analytics
| does. It doesn't really engage in browser fingerprinting. It
| only tracks down to the individual session.
| tata71 wrote:
| Is that what they're slurping?
|
| Or just what they're showing you?
| legitster wrote:
| I work in marketing systems administration. I've had
| access to over a dozen GA implementations, some for
| Fortune 500 companies.
|
| It doesn't remotely do what people in this thread seems
| to think it does. Which is bizarre given you can go set
| up an account for free and see for yourself.
|
| They seem to be confusing it with some of the third party
| ad tracking software. But GA is really dumb as a brick
| (and that's a feature, not a bug).
| Nextgrid wrote:
| > I've had access to over a dozen GA implementations,
| some for Fortune 500 companies.
|
| The concern isn't about what GA gives to its
| implementers, it's about what it collects internally.
|
| Google is an advertising company and has a financial
| incentive to stalk everyone. Their bad faith
| implementation of the GDPR consent flow (which IMO does
| not actually comply, but the regulators are incompetent
| or unwilling to enforce the law) proves it. The current
| regulatory environment doesn't do enough to discourage
| non-consensual data collection, so given this fact and
| the company's past history we need to assume the worst
| until proven otherwise.
| kevin_thibedeau wrote:
| They can keep GA dumb as cover and do their dirty work
| with tag manager or fonts.
| legitster wrote:
| I work in marketing. For general audience it might be something
| like 3% of users have a tracking blocker, and specifically for
| developers it's something like 30%.
|
| It actually becomes a bit of an issue when some idiot somewhere
| designs a business process around client side tracking. I'm
| currently fixing a broken process with a client where their
| users can request an upgrade, and ~1/3 of them (the technical
| users from above) never even process because some yuckster
| built it all inside of the tracker.
| herodotus wrote:
| On Safari, when you highlight this extension, you get this
| warning:
|
| * Webpage Contents Can read sensitive information from webpages,
| including passwords, phone numbers, and credit cards ..... * Can
| see when you visit all webpages
|
| Is the cure worse than the disease? Analytics might be an
| invasion of my privacy, but it is benign compared with seeing my
| password. I am not saying that the extension steals my passwords,
| but how do I know it does not?
| gruez wrote:
| that's just the generic warning that they have for most
| extensions, because the webextension security model doesn't
| allow for granular permissions.
| lrem wrote:
| There are about 60: https://developer.chrome.com/docs/extensi
| ons/mv3/declare_per...
|
| The warning is for the "inject arbitrary code into any page"
| one.
| gruez wrote:
| Right, that's why I said "most", not all. There might be 60
| separate permissions, but to do most non-trivial things you
| need the "inject arbitrary code into any page" permission.
| mdavidn wrote:
| Third-party JavaScript running on a domain could similarly
| steal passwords typed into that domain.
| herodotus wrote:
| True, but if I activate the extension, can it steal passwords
| from any domain I visit?
| lrem wrote:
| The permission this warning is for is "inject arbitrary
| code into any site", so yes.
| hmottestad wrote:
| Would your bank add third party js to their site without
| vetting it and locking it down?
|
| Also, please don't answer that honestly because lots of banks
| actually had vulnerabilities that allowed hackers to inject
| js into their sites to steal login info.
| hmottestad wrote:
| This was one of the issues with ad-blockers. They would start
| of legit and say that they needed all this access in order to
| efficiently block everything. Then a few years down the line
| they would sell out to a company that would use this access to
| mine information about you and sell it to the highest bidder.
| They would obviously not go as far as to mine your credit card
| info, because that would get them banned I'm sure.
|
| So then Apple made a sandboxed ad-block extension point which
| would take a list of rules and apply them directly.
|
| This wasn't flexible enough for everyone, so now we are back to
| square one again.
| Volker_W wrote:
| You know how many right the average windows/linux/macos
| desktop application has?
| klyrs wrote:
| If they only ship the credit card mining code to 1 in 10k
| users, they could go undetected for long time and still make
| a tidy profit...
| ashtonkem wrote:
| DNS level blocking with a Pihole is much safer in this regard,
| but also less capable, since it only works on anything that
| uses a dedicated domain that can be identified.
|
| In this case, google analytics only goes through
| analytics.google.com, so it's easy to block at a DNS level.
| herodotus wrote:
| Thanks: I will use my Pihole. Should have thought of that.
| ashtonkem wrote:
| Google Analytics should be on the default list, I didn't
| have to take any explicit steps to block it other than
| select whichever blocklist the pihole developers
| recommended.
| tgsovlerkhgsel wrote:
| You'd basically have to read the code every single time it
| updates, or at least hope _someone_ does that and would
| publicly raise the issue (and that you 're getting the same
| version as everyone else).
|
| That said, the analytics scripts can also do all of that. They
| can only do it on pages where they're embedded, of course, but
| especially for Google's scripts, that's probably most (not all)
| web sites (either in the form of Analytics, Tag Manager, or
| Ads).
| GeekyBear wrote:
| >You'd basically have to read the code every single time it
| updates, or at least hope someone does that
|
| Firefox now has a program where they go through a vetting
| process for a subset of the available extensions.
|
| >Recommended extensions differ from other extensions that are
| regularly reviewed by Firefox staff in that they are curated
| extensions that meet the highest standards of security,
| functionality, and user experience. Firefox staff thoroughly
| evaluate each extension before it receives Recommended
| status.
|
| https://support.mozilla.org/en-US/kb/recommended-
| extensions-...
| snowwrestler wrote:
| Browser extensions seem like a security nightmare in general.
| Volker_W wrote:
| You know how many right the average windows/linux/macos
| desktop application has?
| ronsor wrote:
| They used to be much worse. People ended up with a dozen
| toolbars, plugins, and extensions that hijacked their search
| to sketchy sites like "Internet Web Search" and injected
| random ads into the page.
| kevin_thibedeau wrote:
| As opposed to running scripts from random websites with zero
| oversight.
| [deleted]
| legitster wrote:
| I mean, of course?
|
| Google Analytics is a decentralized service. Individual websites
| are running their own implementations. The alternative where
| Google has a central database you can opt out of seems worse.
| [deleted]
| stickfigure wrote:
| Not only is the title heavily editorialized, the link takes you
| to some sort of add extension page without explanation.
|
| There might be an interesting conversation to have here, but this
| isn't it. AFAICT this is someone guerilla marketing their chrome
| extension.
| CogitoCogito wrote:
| > Not only is the title heavily editorialized, the link takes
| you to some sort of add extension page without explanation.
|
| > There might be an interesting conversation to have here, but
| this isn't it. AFAICT this is someone guerilla marketing their
| chrome extension.
|
| This is Google's extension...
| tyingq wrote:
| No, it is what Google provides themselves:
|
| _" You can opt-out of having your site activity available to
| Google Analytics by installing the Google Analytics opt-out
| browser add-on"_
|
| https://support.google.com/analytics/answer/181881?hl=en
|
| https://tools.google.com/dlpage/gaoptout
| mro_name wrote:
| lol. Get rid of GA by installing GA. Quite my humour.
| [deleted]
| tchalla wrote:
| I don't know how long will it take to simply make a law where
| opt-in and opt-out effort should equivocate.
| mmarq wrote:
| Sometimes I think one should have to install an extension to opt-
| in, opt-out being the most reasonable default
| rvalue wrote:
| I believe Safari blocks Google Analytics by default. No extension
| needed.
| [deleted]
| NicoJuicy wrote:
| Why shouldn't popular plugins copy-paste that method?
| subbz wrote:
| Everybody: Avoid Google Chrome for the sake of privacy.
|
| Google is doing everything to track even if you opt-out. And they
| will continue to implement their workarounds.
|
| _Quick solution: Use Firefox._
|
| Stop throwing data at Google. Google is evil (Google "don't be
| evil" for more info on that).
| tata71 wrote:
| Being objectively less secure is not a solution.
|
| Use Chromium. Use Vanadium.
| zufallsheld wrote:
| Why is using Firefox less secure?
| tata71 wrote:
| https://madaidans-insecurities.github.io/firefox-
| chromium.ht...
| hutzlibu wrote:
| I just glimpsed over it, but that sounds actually not
| good.
|
| I would suppose the advantage of FF is the way smaller
| marketshare, along with technical competence of at least
| some of its user making it not such a attractive target,
| compared to chrome.
| systemvoltage wrote:
| Every single hacker here should switch to Firefox. If not for
| how much better it is (IMO it is), purely for the sake of
| common good.
|
| Firefox team also needs a bit of spanking - WTF are you doing
| with this product? The PMs and the leadership of Firefox is
| fucking things up. We just want a goddamn browser. Stop
| changing the UI. Stop with all this other bullshit. No one is
| asking for it. I _really_ don 't want a future Firefox-AI
| assistant. The way things are going, the probability of this is
| pretty high.
| nnutter wrote:
| Is Firefox really a solution anymore? Recent news about Firefox
| implementing [Manifest
| V3](https://9to5google.com/2021/05/28/firefox-
| manifest-v3-extens...) with "Manifest V3" appearing to be
| another attempt from Google to kneecap privacy extensions. I've
| been considering Brave which I had pretty much ignored but I
| honestly don't know who to trust. I think it's basically common
| knowledge we can't trust either Google Chrome or Microsoft
| Edge.
| detaro wrote:
| The answer to your concern is even in the headline of the
| article you link!
| nnutter wrote:
| If only. Even just the headline makes it clear that Firefox
| has no leverage and are capitulating. Plus, that was just
| one example.
| detaro wrote:
| So Firefox _not_ doing the thing that kneecaps adblockers
| is evidence of Firefox not being a solution? how does
| that work?
| nnutter wrote:
| After seeing tjpnz's comment and re-reading and reading
| the linked Mozilla announcement I was misinterpreting the
| article. I thought the article was just saying that they
| would continue to support Manifest v2 while adopting
| Google's Manifest v3 and then was saying Manifest v2 was
| going to be retired around a year later. However, the
| Mozilla announcement makes it clearer that they are
| implementing a fork of Google's Manifest v3.
| tjpnz wrote:
| Firefox is implementing Manifest V3 but not the part designed
| to hinder content blockers.
| nnutter wrote:
| Thank you, your comment helped me realize I was
| misinterpreting the article.
| anticristi wrote:
| Permanent solution: Move to the EU and enforce your rights
| under GDPR. :)
| tata71 wrote:
| > Google is evil (Google "don't be evil" for more info on
| that).
|
| Or better....
|
| Use Ecosia.org, Startpage.com, or Qwant.com to search for
|
| "Google is Not What It Seems"
| tgv wrote:
| Yesterday I tried to buy an from Google's Play Store for an
| Android tablet, on which I had installed an account with
| minimal information. Not wanting to hand out my credit card
| number to them, I bought one of those cards with prepaid
| credit. And guess what you need to fill in to redeem the card:
| your address and phone number. Why would that be needed? The
| answer: it isn't needed, but they want it, and they've got you
| by your balls. This is such awful abuse of their position.
|
| And yes, I filled in a fake address, and then was not able to
| redeem the card. They need "more details", and the process can
| take several weeks. Google is evil in every pore.
| edoceo wrote:
| This might be a better link
|
| https://tools.google.com/dlpage/gaoptout/index.html?hl=en
| decrypt wrote:
| That page seems to eventually redirect to the link shared in
| the post.
| sahkopoyta wrote:
| Yes but you get some context instead of just download link
| Shacklz wrote:
| Has anyone tried it out and knows if this also gets rid of the
| Cookie banners?
|
| Blocking them with uBlock origin is a bit of a PITA, as the rules
| always break sooner or later, and whenever I happen to end up on
| google somehow, getting the banner does tend to get a bit
| annoying
| legitster wrote:
| This will not. Cooke banners are implemented by the legal team.
| 95% of the time they come as a prepackaged service that runs on
| every new web session.
|
| Source: I've been on several implementation teams for cookie
| banners.
| cma wrote:
| To keep it from grinding your hard drives scanning for viruses
| (obstnsibly to protect you, but really o protect them from
| clickfraud) you have to use administrator privileges to blackhole
| one of its folders. There is no option to turn it off. It will
| grind your media and backup drives every week, shortening their
| life.
|
| (Chrome Cleanup Tool)
| tinus_hn wrote:
| Alternatively you could block the Google Analytics domain
| altogether.
| tyingq wrote:
| What it does, under the covers: (function() {
| var a = document.createElement("script"); a.type =
| "text/javascript"; a.innerText =
| 'window["_gaUserPrefs"] = { ioo : function() { return true; } }';
| document.documentElement.insertBefore(a,
| document.documentElement.firstChild); })()
|
| And it injects that into every site you visit:
| "matches": [ "http://*/*",
| "https://*/*" ],
|
| They should probably replace it with their declarative blocking
| functionality.
| najqh wrote:
| It would be much simpler to block all requests to download the
| analytics javascript/web bug URL. Makes me think they want to
| keep collecting user data even if you install this.
| kevincox wrote:
| But the analytics script provides an API that some websites
| rely on so it would end up breaking some sites. This
| necessitates the approach of disarming the script rather than
| just blocking it.
| mlindner wrote:
| I just don't use websites that break because of that.
| tedivm wrote:
| I use ublock, which does block the script, and run into
| issues occasionally because of this. It seems to be mostly
| an issue with shopping carts.
| smitop wrote:
| uBlock Origin includes a dummy script that emulates the
| real Google Analytics script: https://github.com/gorhill/
| uBlock/blob/master/src/web_access...
| neltnerb wrote:
| Hmm, I don't think I've ever encountered a website that
| was broken without enabling javascript that was obviously
| analytics (I use umatrix pretty aggressively). The one
| that usually breaks checkout flow for me is that the
| credit card processors all want to use an iframe and
| often recaptcha and usually it takes 3-4 reloads before
| it actually even tries to load it all.
| btdmaster wrote:
| Fortunately Firefox has a shim to deal with this[1].
|
| [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1637329
| neilparikh wrote:
| Doesn't adding this to every site help fingerprint you?
| Hopefully most sites won't use this to track you, but a
| malicious site could definitely use this as an additional bit
| of information (and a fairly useful one, given that most people
| probably don't have this extension installed).
| judge2020 wrote:
| Perhaps, but there are much easier ways to fingerprint
| browsers who would have this installed and not a real ad-
| blocker.
| Sephr wrote:
| Looks like this extension doesn't work for XHTML documents as
| well. Extensions that want to inject elements should use
| document.createElementNS with an explicit namespace.
| jchw wrote:
| Wow, thanks. Back when XHTML 1.0 was gaining traction and you
| had to serve a different content type to IE vs other
| browsers, I was trying to adopt it early, and yet I never
| realized that it had this impact on the DOM that entire time.
| darknavi wrote:
| > They should probably replace it with their declarative
| blocking functionality.
|
| I see what you did there. Won't this break with ManifestV3?
| greyface- wrote:
| No. ManifestV3 removes the webRequest API, which is used to
| modify/block in-flight requests. Injecting a script into
| every page, as this does, is still possible. https://develope
| r.chrome.com/docs/extensions/mv3/intro/mv3-o...
| GioM wrote:
| It's a bit of a shame, the inability to modify requests for
| CORS will break a lot of frontend developer workflows.
|
| It's going to force the adoption of cors-proxy type
| solutions instead of a relatively simpler extension.
| rbinv wrote:
| Here's the actual extension code for those interested:
| (function() { var a = document.createElement("script");
| a.type = "text/javascript"; a.innerText =
| 'window["_gaUserPrefs"] = { ioo : function() { return true; } }';
| document.documentElement.insertBefore(a,
| document.documentElement.firstChild); })()
| darkstar999 wrote:
| I opted out with ublock origin and dns blocking.
| fartcannon wrote:
| And by using Firefox, or an ungoogled Chromium.
| josefx wrote:
| As far as I understand Firefox uses it for various browser
| features like its add-on page, it also prevents add-ons from
| running on these sites.
| 5e92cb50239222b wrote:
| Firefox disables Google Analytics even without any add-ons
| if you have the anti-tracking options on. This also works
| on "special" pages. Go to addons.mozilla.org and have a
| gander at dev tools: [GA] Do Not Track
| Enabled; Google Analytics not loaded and tracking disabled
|
| Edit: actually, this is them simply respecting your DNT
| policy, but Firefox also has a special blocker for these
| things. It also ships with some shims that unbreak badly
| developed sites which break without Analytics scripts
| present.
| littlestymaar wrote:
| Has Firefox stopped using Google Analytics for themselves
| (IIRC they used it to monitor how people where using the
| "preference" section of Firefox, which caused quite a bit
| of outrage when it was known)?
| [deleted]
| solnyshok wrote:
| same. using ublock on desktop (firefox and edge) and mobile
| (firefox). why kill only google analytics when there are
| thousands of creeps
| amelius wrote:
| I opted out by setting the do-not-track header.
| guessmyname wrote:
| Very few advertising companies actually supported DNT, due to
| a lack of regulatory or voluntary requirements for its use.
|
| > _DNT is not widely adopted by the industry, with companies
| citing the lack of legal mandates for its use, as well as
| unclear standards and guidelines for how websites are to
| interpret the header. Thus, critics proport that it is not
| guaranteed enabling DNT will actually have any effect at
| all._
|
| > -- https://en.wikipedia.org/wiki/Do_Not_Track
| yabones wrote:
| Does that actually do anything? I was always under the
| impression the DNT header was just screaming into the void.
| jspazz wrote:
| I've noticed that on some sites where I enable cookies and
| JS, the cookie banner/popup has fewer checkboxes
| preselected with DNT than without. I don't know how to
| check if they honor my choices, but at least this is
| something you could sue them over coz of GDPR.
| mdaniel wrote:
| I recently saw the NYT has a paragraph in their CCPA
| document that speaks about the DNT header, although without
| using the word header. They say the text in the footer
| changes based on the opt-out so maybe they're handling that
| server side, but I haven't checked it
|
| https://www.nytimes.com/privacy/california-notice
| alvarlagerlof wrote:
| You basically didn't
| amelius wrote:
| It's an industry standard. Folks better adhere to it or
| else they might get into legal trouble.
| MaxBarraclough wrote:
| It doesn't have legal force. Wikipedia tells me it isn't
| really even a proper standard; standardisation efforts
| stopped when it became clear it wasn't going to be
| effective.
|
| https://en.wikipedia.org/wiki/Do_Not_Track
|
| https://en.wikipedia.org/wiki/Do_Not_Track_legislation
| [deleted]
| ronnier wrote:
| Same: Brave Browser, ublock origin, privacy badger, pihole.
| propogandist wrote:
| isn't Google Chrome's Manifest V3 update going to limit
| effectiveness of uBlock Origin and similar content blockers?
| contravariant wrote:
| Well obviously you should be using a browser that actually
| supports uBlock Origin for it to work.
| propogandist wrote:
| the chromium variant I use will be impacted; FF is adopting
| Manifest V3 too, it seems - https://blog.mozilla.org/addons
| /2021/05/27/manifest-v3-updat...
| oneweekwonder wrote:
| From the blog post, FF will keep the functionality to
| block web requests, unlike chrome.
|
| > After discussing this with several content blocking
| extension developers, we have decided to implement DNR
| and continue maintaining support for blocking webRequest
| kxrm wrote:
| They are adopting v3 but the important aspect is they are
| not deprecating the old v2 functionality. Chrome is
| deprecating v2 which will break these types of
| extensions.
| _jal wrote:
| I'd rather just firewall off AS15169, which also solves other
| Google-related problems for entire networks of machines.
| lucb1e wrote:
| A more practical approach, on mobile at least, is
| TrackerControl which will let you choose which trackers you
| want to allow per app. E.g. I can allow Spotify to connect to
| some CDN but not Facebook, and disallow internet access
| altogether for a photo editor and my keyboard.
|
| You can let a browser with privacy extensions access Google
| services but not other apps that don't need it.
|
| https://f-droid.org/en/packages/net.kollnig.missioncontrol.f...
|
| I'm not affiliated, just a fan. No root needed, it pretends to
| be a VPN. It does take some time to set this up, though,
| especially if you take the strict approach and block all
| trackers for all apps by default.
| xanaxagoras wrote:
| I tried this when I switched to a privacy ROM but ultimately
| I can't cough up my 1 VPN slot, I need to be always on my
| home network to use the various self hosted services I rely
| on. I heard on matrix that at some point Datura Firewall may
| allow more fine grained host level blocking, fingers crossed.
| xanaxagoras wrote:
| I like this idea except for YouTube, I don't want to have to
| stay on top of what IPs are used for its main page, API,
| thumbnails, etc.
| rightisleft wrote:
| Brave is great. It works on 99% of websites. For those that tank,
| turning down the shield is a 2 click task. I've been using it for
| 12 months now and recommend it to everyone I know.
|
| ( You can also turn off the crypto notifications )
| yabones wrote:
| The fact that they're wrapped up in crypto tells you all you
| need to know. Use Firefox + uBlockOrigin.
| 77pt77 wrote:
| What should it tell me?
| riboflavin wrote:
| Here's JS for letting people opt out on your own site, if you use
| GA but want to offer the option: https://www.ercule.co/google-
| analytics-opt-out-javascript
|
| (Disclaimer, written by me)
| snowwrestler wrote:
| The basic functionality of Google Analytics does not have a way
| to identify you server-side. It uses first party cookies and does
| not store personally identifying information. Therefore the only
| reliable way to opt out of it is client-side.
|
| Obviously ad blockers will accomplish that. But Google can't just
| tell people "go install ublock origin." It's not a project under
| their control and they're not going to vouch for it in that way.
| And of course they don't want to promote ad blocking in general.
|
| One of the comments posted the code; it seems pretty simple. It
| looks like it just tells every website the same thing: basically
| "this browser opts out of GA."
| [deleted]
| greyface- wrote:
| They could have opted to respect the DNT header.
| dylan604 wrote:
| bwhahahahaha, Googs respecting user choices. LOL. you should
| try stand up.
|
| seriously though, to expect the Googs to do anything that
| would negatively impact their operations is just naive or
| super hopeful the world is a nice place. It would be nice to
| live in a world like that, but sadly it's not this one. Am I
| just super cynical? Maybe, but it's companies like Googs that
| have made me that way.
| ratww wrote:
| They control the browser and the server, so they could also
| implement GPC if they have any objections to DNT.
|
| https://globalprivacycontrol.github.io/gpc-spec/
| fault1 wrote:
| > The basic functionality of Google Analytics does not have a
| way to identify you server-side.
|
| I know that used to be true, but is that true anymore?
|
| I saw comments like this in previous discussions about this
| snippet: https://news.ycombinator.com/item?id=18680149
| Nextgrid wrote:
| > The basic functionality of Google Analytics does not have a
| way to identify you server-side
|
| You absolutely can identify someone server-side with
| heuristics. Your browser sends its IP address, user-agent and
| possibly referer header at a minimum when fetching the Google
| Analytics JS, and I'm not even talking about fingerprinting
| your TCP or TLS stack.
| judge2020 wrote:
| user-agents are becoming increasingly frozen[0], and IP
| addresses are getting even more temporary with IPv6 (they
| already are for mobile networks). It's indeed _possible_ to
| tie a browser to a user account server-side without cookies,
| but it 's by no means reliable and providing a guarantee
| based on circumstances you can't control is a terrible idea.
|
| 0: https://chromestatus.com/feature/5704553745874944
| [deleted]
| jspazz wrote:
| > IP addresses are getting even more temporary with IPv6
|
| That's true but kinda irrelevant. IPv6 is at best as bad
| for privacy as static IPv4 since you're assigned a fixed
| range, so the adversary can both identify you by the static
| part of your address, and possibly resolve devices behind
| the router which would be hidden by NAT in IPv4.
| [deleted]
| IsThisYou wrote:
| Or simply add tracker domains to your `/etc/hosts` file and be
| done with it. This is a list of about 100k known trackers:
|
| https://raw.githubusercontent.com/StevenBlack/hosts/master/h...
|
| And since this is passive blocking (no need to install
| executables, like add-ons) its probably the safest way to block
| ads and trackers.
| r0m4n0 wrote:
| More context: https://tools.google.com/dlpage/gaoptout
|
| Extensions for all the major browsers.
|
| I mean to give credit, it's hard to provide a universal opt out
| as it can't be buried in account settings in some profile
| somewhere (the end user may not have a google account).
| Technically speaking, how do you opt out of something that is
| both invisible and universal?
|
| Disclaimer: googler but opinions are my own
| shakna wrote:
| > I mean to give credit, it's hard to provide a universal opt
| out as it can't be buried in account settings in some profile
| somewhere (the end user may not have a google account).
| Technically speaking, how do you opt out of something that is
| both invisible and universal?
|
| Respect the Do-Not-Track HTTP header and never generate the
| return response.
| r0m4n0 wrote:
| A) DNT is no longer a standard B) maybe they will respect
| GPC, the new equivalent. Actually they will probably legally
| be required to...
| tdrdt wrote:
| Off topic but related: sometimes I see developers who track
| interactions without checking if analytics is available.
| onclick="trackInteraction();doInteraction()"
|
| Because the first action gives an error the other actions is not
| called. This means a broken site and a user that will not return.
| AdriaanvRossum wrote:
| It looks like they want to prevent ad-blockers taking over. Now
| they have more control over what is blocked and what is not.
| fault1 wrote:
| I mean, the old adage is:
|
| google knows what you browse
|
| facebook knows who you know
|
| amazon knows what you buy
|
| but for a browser company, isn't a browser extension better than
| some other way to opt out? otherwise they would have to associate
| you to an account.
| Volker_W wrote:
| I can't find the source right now, but IIRC, google checks your
| @gmail mails for shopping receipts and build a list of stuff
| you bought.
| HarveyKandola wrote:
| I believe this is why Amazon order confirmation emails
| nowadays don't state what you purchased!
| hericium wrote:
| Also, increasing number of "you've got a ticket response,
| log in to read" e-mails sent to non-Gmail customers.
|
| Thanks Google.
| Coding_Cat wrote:
| And facebook also tracks what you browse. (And Amazon lets
| people die in a storm.)
| shtack wrote:
| Can confirm to some degree as I built this system almost 10
| years ago. Back then it was used for rich data in 3 apps that
| were all turned down years ago. I've been out of Google for a
| long time, so I don't know if it's still around or what it
| would be used for anymore.
| ItsBob wrote:
| You're assuming that "opt-out" is the right thing here!
|
| It's not. All this stuff should be opt-in: I shouldn't have to
| tell people to leave me alone.
| fault1 wrote:
| maybe, but you are likely using their software or services,
| so in some sense, it's "first party" data, where at least
| historically, some expectation of privacy has not been as
| strong since you are in effect, having direct interaction
| with a business.
|
| at least, this is how it's been argued in the US in the past.
| Closi wrote:
| > but for a browser company, isn't a browser extension better
| than some other way to opt out? otherwise they would have to
| associate you to an account.
|
| Well the better way would have been to honour the browsers 'Do
| Not Track' headers, but Google pretty much ignored these,
| presumably because it would have caused too much impact, which
| is one of the reasons it failed.
|
| But now, Google could support 'Global Privacy Control' by
| implementing it in Chrome and honouring GPC headers across
| Google! That's the obvious way to support an opt-out
| considering there is an emerging standard and that they own a
| browser. But... again, it's probably better for them to ignore
| this from a commercial perspective and in their best interests
| if GPC fails, so better to implement some shitty add-in that
| discourages people from opting out (if you want to opt out of
| tracking from 100 companies, are you expected to have 100
| different plugins?).
| Volker_W wrote:
| > Well the better way would have been to honour the browsers
| 'Do Not Track' headers,
|
| If the GDPR would make ignoring DNT illegal, that would be
| great. Is there anyone who honours the DNT header?
| hericium wrote:
| > Is there anyone who honours the DNT header
|
| Sure - creeps. It distinguishes you from other viewers so
| is used as another vector to abuse your privacy.
| Closi wrote:
| You are right, nobody honoured the DNT headers - it needs
| legislative action (preferably GPC as it's the better
| standard).
|
| Apple even pulled support in Safari as pretty much no
| advertisers were using it to stop tracking, but some
| advertisers were (ironically) using the header setting for
| additional fingerprinting.
| Volker_W wrote:
| What is GPC?
| Closi wrote:
| https://globalprivacycontrol.github.io/gpc-spec/
| [deleted]
___________________________________________________________________
(page generated 2021-12-18 23:01 UTC)