A bit of privacy for Google Analytics

Discussion in 'privacy technology' started by lotuseclat79, May 26, 2010.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
  2. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    If anyone installs this, i'd be Very interested to hear your observations on it.

    Does it work 100% ?

    Does it call home ?

    Other ?
     
  4. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    still at beta?
     
  5. axle00

    axle00 Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    92
    NoScript (the addon for FireFox) has been blocking google analytics for years.


    edit: I thought I'd mention another great addon I use for FireFox that blocks google analytics among other things: Ghostery. http://www.ghostery.com/
     
    Last edited: May 27, 2010
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,766
    Location:
    Outer space
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Last I checked customizegoogle was no longer compatible for Firefox.
     
  8. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    The addon "optimizegoogle" supposedly picked up the project and continues development to make it compatible with new releases. It is an official addon, although I have never tried it.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I'm curious, why block Google Analytics? It's just a tool to help webmasters analyze their site traffic.

    ----
    rich
     
  10. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Instead of asking why people block Google Analytics, a better Question instead which I ask is why do we need to allow our browser to make outbound connections to Google Analytics every time we load a web page? What benefit or gain do we get if we allow outbound connections to Google Analytics? As most of us here already know it is a good Security policy to Block all unnecessary internet connections and also to block all unnecessary activities on your pc with a HIPS
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I realize that many think it is a good security policy, and I wouldn't have thought much about it, except this thread is posted in a Privacy Forum, which leads me to assume that people are concerned that their IP address is being stored in a database of statistics. So, I asked the question from a privacy standpoint.

    (Google Analytics provides a service to webmasters, putting all of the raw data into tables and logs, saving the webmaster the trouble of doing it himself/herself.)

    But if users are concerned about this from a privacy standpoint, they should know that web sites can accrue the same data automatically, unless users browse anonymously somehow.

    There are many services, and one is cPanel, http://www.cpanel.net/

    My ISP provides that service for webmasters. Opening cPanel displays:


    cpanel_1.gif

    Some statistics:

    cpanel_3.gif


    Pages visited on the site:

    cpanel_2.gif

    IP Addresses listed:

    cpanel_4.gif

    So, Users that are concerned about privacy should know that Google Analytics isn't the only service that collects web surfing data. It just happens to be an off-site service, requiring a connection out.

    ----
    rich
     
  12. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Yea Rmus I did Presume that you have a website I thought so. Because of how common and widespread FF No Script is on the internet using Google Analytics wouldn't be an accurate measure as to visitor stats hence you would get a lot of visitors blocking Google Analytics with FF No script, You have to rely more on your own web server logs.

    For allowing outbound connections to Google Analytics from a web site visitors point of view it is a Privacy matter. Google has a bad reputation when it comes to privacy. With Google Analytics They can and probably already have a huge data base of IP adressess and there browsing habits.

    True how a website has logs every time you visit the site but it only has logs of its own website, But unless you block Google Analytics Google has logs of every other web site you visit as well. That is the difference.
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Rmus

    I, and lots of other people who have expressed their preference over the years, choose not to allow google to data mine us. Having our visited www's permanently stored on googles giant servers, via whatever means, which can then all be collated together, is not what we consider as privacy :thumbd:

    So anything we can do to prevent this is a plus ;) This doesn't only apply to google though :D
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I first became aware of Google Analytics (GA) years ago when my firewall alerted to an outbound HTTPS connection while on csmonitor.com:

    googleanalytics.gif

    This was because my Port 443 firewall rule allows only custom-entered addresses. Looking in the page source code, I found:

    Code:
    <!-- Begin Google Analytics -->
    
    <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
    
    <script type="text/javascript">
    	_uacct = "UA-69821-1";
        urchinTracker();
    </script>
    <!-- End Google Analytics -->
    
    (You can see that the user can prevent this from running by configuring scripting per site)

    I emailed the webmaster at csmonitor.com and received a reply explaining what GA was, so I thought nothing more about it, and set a firewall rule to allow the connection. If the GA data helped the web site in its administration, that didn't bother me. Discovering later that security sites such as dslreports.com and isc.sans.org also used GA dispelled any notion in my thought that this was a security problem.

    As far as privacy, are people concerned from an individual, or collective basis?

    Individually, since IP addresses change on each connection (unless someone has a static address), I don't see any profiling occurring, unlike GMail, for example, where users set a cookie, which does permit profiling. For example, I store a cookie for Amazon.com, and upon connecting, I receive notifications of books/music based on my browsing history of that site.

    Even this is certainly nothing approaching the scope of the Facebook mess, where user names and private data have the potential to be broadcast all over the web.

    Collectively, GA is used by such a miniscule percentage of websites worldwide that its statistics would not represent the total population of billions of websites.

    Now, I haven't kept up with GA, and I may be missing another point, so I'm willing to consider other ideas about this. Barring that, it seems the average user has more important security/privacy matters to deal with!

    ----
    rich
     
  15. JBob555

    JBob555 Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    23
    Location:
    Texas
    I use AdMuncher and I regularly see the following entry in items that are filtered.

    'Default filter match - Block retrieval of URL: .google-analytics.*.js [http://www.google-analytics.com/urchin.js]'

    Does this mean that my info. is not going to google analytics? o_O
     
  16. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Ghostery will/does block google-analytics :thumb: as tested on here for eg http://www.broadbandreports.com/forum/security

    g.gif

    @Rmus

    I think it all helps ;)

    @JBob555

    I don't use AdMuncher, but it sure sounds like a block to me :)
     
  17. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    but ghostery is only for firefox right?
    think someone mention to block google analytics in hosts,works too.
     
  18. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Hi acuariano,

    With regard to hosts file entries, they only block you from being able to visit the website in terms of DNS lookup (where hosts file lookup shortcuts the DNS lookup) - i.e. not your browser visits triggering data being sent to google analytics unless you use something like the NoScript Firefox add-on, CustomizeGoogle (0.76) to block data being sent to google analytics (Privacy tab: check both boxes).

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.