
Safari now blocks Google Analytics on sites, new Privacy Report feature shows - imheretolearn
https://appleinsider.com/articles/20/06/22/safari-now-blocks-google-analytics-on-sites-new-privacy-report-feature-shows
======
TomAnthony
_This article is incorrect._

There does not appear to be a change between Safari 13.1 and Safari 14 for how
it handles GA. I have tested it myself.

With Safari 13.1 Apple made a change [1] to their Intelligent Tracking
Prevention that blocks all 3rd party cookies for cross site resources.

The only change in Safari 14 appears to be that it reports which domains have
had cookies blocked. _The Google Analytics beacon is still sent by the
browser._

Benedict Evans (cited in article) since deleted his tweet, but this article
seems not yet to have been updated.

[1] [https://webkit.org/blog/10218/full-third-party-cookie-
blocki...](https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-
more/)

~~~
Twisell
Could someone translate this statement to something a layman might understand?
(I'm not a web dev nor am I following SEO news closely enought)

Do you imply that Apple is putting up a misleading interface in the new
version of Safari where GA appear blocked while it actually isn't?

That's a pretty bold assertion and the provided link is irrelevant on that.

Again only looking for more information maybe I didn't get your point at all
because I'm not in the SEO field.

~~~
saagarjha
No, it's that Safari is blocking third-parties under the same policies that it
laid out earlier.

~~~
Twisell
Original commenter stated that

> _The Google Analytics beacon is still sent by the browser_

This is what I'd like some clarification about.

Wether policy changed or if it is just a UI change is another subject. Do they
actually block GA or not? And if not does the UI mislead users to think
otherwise?

~~~
TomAnthony
Original commenter here. They are not blocking GA.

Apple's ITP affects both 3rd party HTTP cookies and 1st party JS cookies.
There does not appear to be anything but a UI change between Safari 13.1 and
14, from my initial analysis.

GA primarily utilises 1st party JS cookies. If you have GA on example.com then
the cookie will be stored against example.com. On of these cookies stores a
unique ID for you as a user.

GA will then send 'beacons' (GET requests to Google endpoint, with data passed
in URL parameters) for pageviews and other events. Your unique ID is included
in these URL parameters, which allows the various events from you to be joined
up into a 'session'. _That has not changed_.

What ITP did previously (just over a year ago, I think) is limit the age of
these cookies to auto delete after 7 days, meaning that if you leave a site
for more than 7 days your new session won't be able to be joined up with your
previous session. That is still the case.

If it is of interest I have a deck [1] that discusses this (link goes to the
relevant section - skip to slide 71 if you just want to understand the ITP
impact on GA).

I'll caveat this a bit - I've not done an in-depth analysis. The person I
strongly recommend following for expert updates on this topic is (my friend)
Simo Ahava [2] - he is an authority of GA and the impact of ITP.

[1] [https://www.slideshare.net/TomAnthony/browser-changes-
that-w...](https://www.slideshare.net/TomAnthony/browser-changes-that-will-
impact-seo-from-20192020/59)

[2] [https://twitter.com/SimoAhava](https://twitter.com/SimoAhava)

~~~
cosmie
Simo also has this[1] handy site, for tracking the impact of ITP and other
browser cookie restriction schemes.

[1] [https://www.cookiestatus.com/](https://www.cookiestatus.com/)

------
TazeTSchnitzel
Suggestion: the access logs your web server collects are enough for basic
analytics, and if you are curious for more, you can manually instrument your
site a little. You don't need to give Google the power to spy on your users.

~~~
JimDabell
Server logs can't do this job well.

If the system is designed well, in a lot of cases the users won't be receiving
the resource from your server, they will be receiving it from a) their browser
cache, b) their local network cache, c) their ISP's cache, or d) a CDN. Your
server logs might be showing several thousand hits while the number of times a
page is actually shown to somebody might be tens of thousands of hits.

Server logs are great for logging what is happening on your server, but awful
for understanding your user base.

~~~
throw10382
Is it possible to add a basic ping that pings your server whenever a page
loads (cached or not) to get around this?

~~~
renewiltord
Yes, with Cache-Control, and then if you turn that product into a SaaS so that
not every website has to run a copy, you get Google Analytics.

~~~
nindalf
I think some startups are now trying to offer this as a self hosted service.
That sidesteps the concerns around using a half baked, DIY solution as well as
issues with privacy and data ownership.

------
mark_l_watson
I am running the new betas iOS 14, iPadOS 14, and macOS Big Sur.

I love this feature in Safari. You open a new tab or browser window and there
is a message area letting you know what is being blocked.

I am sick and tired of large tech companies like Facebook, Google, Amazon,
etc. making money off of my data with scant benefit to me.

Not to pick on Facebook and Google, but I only use them now (well, almost) for
paid services. I happily pay Facebook for Oculus Quest hardware and
entertainment. I happily pay Google for music, books, movies, and Google Cloud
Platform (which I personally like much better than AWS).

------
lenwood
I've done a bit more reading. This is not as dramatic as it seems. First party
GA is not blocked. Access to 3rd party storage may be blocked, but this would
not prevent web interactions from being visible to GA.

~~~
gowld
What is the difference between First party and third party GA?

~~~
lenwood
Strictly speaking, GA is always 3rd party (it would only be 1st party if/when
its used to measure google-analytics.com which is not a user-facing domain).
For measuring any other website, its 3rd party.

I believe that this would limit GA's ability to store data in cookies on my
system (user or session-based attributes). GA could still create unique
identifiers based on my user or session-based attributes and store those IDs
on their own servers, then call them back up when I revisit the site.

I'm still coming up to speed on this, maybe someone with more experience could
correct or clarify my statements.

~~~
lmkg
In the context of web analytics, first-party vs third-party usually refers to
_how the user is identified_ , not to where the analytics status is hosted.
Google Analytics uses first-party data for its tracking. Third-party tracking
builds a universal profile of the user across the internet, first-party
tracking builds user profiles that are silo'd to the website.

Google Analytics stores a _first-party cookie_ with a unique ID for each user.
This is used to de-duplicate traffic from the same user to the same domain.
This cookie not shared across websites. If you go to example.com and
website.com, those are two different first-party cookies without views into
each other.

Optionally, Google Analytics can be configured correlated this with a _third-
party cookie_ from google.com for advertising purposes. This allows the
website owner for example.com to connect a user converting on example.com to
that same user having seen or clicked an ad on google.com. It also allows the
website owner to target ads on google.com towards users based on their
activity on example.com

Previous iterations of Safari's ITP have outright blocked the third-party
cookie, and have limited first-party cookies based on whether they're HTTP
cookies or JavaScript cookies.

------
com
It’s time. GA does seem like a privacy destroying data grab and it’s so hard
to argue with marketing because it’s free (for us).

I like the fact that open source and managed analytics which is privacy-
sensitive is becoming a thing.

When looking for a privacy-sensitive analytics service I stumbled on
[https://plausible.io/](https://plausible.io/) which checked my boxes at the
time. I imagine that there are more out there.

------
dave_aiello
I have no love for Google Analytics, but as a small-scale publisher, I have
serious questions about what tools can replace it:

1) Which analytics can a website employ that is not geared toward enriching
the analytics platform developer by violating site visitor privacy?

2) Do those analytics mechanisms have any kind of aftermarket, such that
third-party developers integrate it into publishing platforms that publishers
use.

3) What do those analytics mechanisms and the associated tooling cost?

~~~
kall
I think collecting analytics from the server logs is going to get more popular
again, though a problem for SPAs? We could call it Edge Analytics this time
around and run it on cloudflare.

For publishing systems, couldn't wordpress report back analytics data to
itself, on its own domain? Something like that existed but i'm not sure if it
was using Jetpack servers or not. If this isn't already possible, it seems
like an obvious thing for someone privacy concious to build.

~~~
m90
This exists over here: [https://github.com/ibericode/koko-
analytics](https://github.com/ibericode/koko-analytics) \- never used it
myself though.

------
heavymark
The webkit engineer behind "Safari’s Intelligent Tracking Prevention" on
Twitter confirmed when asked there have been no changes to how it blocks GA in
the new version, it just is now visible in the report. And details, ITP
doesn’t block loads, it blocks cookie access, deletes cookies and website data
for sites you don’t interact with, downgrades referrers, and more. Its cookie
blocking applies to _all_ third parties." I responded that it seems all the
new sites are reporting that GA is now being blocked/prevented in the new
version are incorrect then. And these headlines appearing on Hacker News it
looks like will only further unintentionally spread that misinformation.

------
zpeti
That little rumour about Apple buying DuckDuckGo seem to make more and more
sense by the day.

~~~
nojito
DDG is also front and center in the Big Sur new features for safari page.

[https://www.apple.com/macos/big-sur-
preview/](https://www.apple.com/macos/big-sur-preview/)

~~~
doublerabbit
If you lookup street addresses within DDG it now returns a result with
AppleMaps.

I don't mind this but I hope they've partnered with Apple and not sold out.

~~~
mcyukon
I've had that for what I though was 2 years, so I looked it up and it appears
they partnered with Apple back in Jan 2019.

[https://www.theverge.com/2019/1/15/18183653/duckduckgo-
apple...](https://www.theverge.com/2019/1/15/18183653/duckduckgo-apple-maps-
local-search-mapkit-js-web)

------
panpanna
How about the 500 other tracking/analytics companies?

Even Adobe is now in analytics business.

~~~
saagarjha
Adobe is on my list, affiliated with the domain "demdex.net".

~~~
duskwuff
Every time I see that domain name, I think of skin mites ( _Demodex
folliculorum_ ).

------
tweetle_beetle
Google Analytics is the default attribution tool for many (most?) small and
medium sized digital marketing agencies. Most businesses have some kind of GA
account set up with a few years of history and it's quick to leverage the
data.

With ad and taking blocking becoming more popular all the time, there will
reach a tipping point where the data is unreliable enough that ROI can no
longer be proved with it. It will be interesting to see what happens then in
this space.

Alternative attribution models, more insidious fingerprinting?

------
Jonnax
What's a good tool for doing server side analytics?

Like for a small site I've made for fun. The only way I can easily know how
many users visit is via Google analytics.

Well easily that is.

~~~
renewiltord
When I was a child, I used AWStats. It's still around. Sorry this isn't of
much help! Honestly I just wanted to reminisce :)

------
winrid
Won't this be the norm with pushing to get rid of third party cookies? Or are
we backpedaling on that now?

------
api
We run Matomo (formerly Piwik), and I recommend it. It's actually better than
Google Analytics in some ways, and you get your own data. This makes deeper
analytics easier and also helps protect user privacy since the data is held
only by the operators of the site being visited.

~~~
XCSme
Are you happy with how fast the data loads in Matomo? I tried their online
demo and everything load very slowly and content kept jumping around, it felt
pretty bad in terms of UX.

~~~
Cenk
Agreed on this – everything in Matomo is slow and I find the UI clunky.

~~~
XCSme
I am actually working on an alternative (
[https://usertrack.net/](https://usertrack.net/) ), even though I never used
Matomo. I did try their demo a few days ago and, being so popular, I expected
it to be really good, but it felt like an outdated platform that couldn't care
less about UX.

------
Razengan
Good. Currently I have to modify my hosts file or use something like NextDNS
to block Google and others from gathering data from me even when I’m not
explicitly using their services.

------
hkai
Is there any chance that this is about reducing Google's competitive advantage
and not really about users' privacy?

------
3pt14159
I wish Apple would enable this at the OS level, though in the long run it
won't matter. People will proxy requests and find all sorts of ways around it.
It's an arms race with billions of dollars on one side and a vague sense of
"privacy would be nice" on the other.

------
gentleman11
I used simpleanalytics for a bit and it was nice. Less granular data but that
is by design.

------
hardikgupta
This is not new. Safari has been blocking third-party cookies for a while.
Even Chrome offers this setting now. With that setting turned on, Chrome will
also block Google Analytics when you are not on a google.com page.

------
AJRF
Federated analytics soon? - Google gives you a docker container and an API key
to run that collects metrics on your public/own cloud, that gets slurped up to
Google and you still get your demographic info.

~~~
sergeykish
Clever, but could just send them logs

------
aabbcc1241
If that's really the case, 3rd party analytic service can still work by taking
over the traffic from the service domain, then proxy back the traffic to the
web server, somehow like cloudflare.

------
heavymark
While it certainly blocks it by default in the new Safari beta, can anyone
confirm if the existing Safari which already blocked third party trackers
explicitly blocked google analytics?

------
raxxorrax
This is pretty awesome. All browsers should do this with malware.

I get that people like statistics, but if you share it with a third party, it
can safely be condemned.

------
intopieces
Shots fired - Apple will take Google’s money to be the default search engine
but won’t let them track “their” users.

------
Pete-Codes
I've been using Simple Analytics since day one so I can kick back and relax I
guess

------
hkai
Personally I am not at all concerned when my data is used for marketing.
Instead, I like learning about products tailor-made for me.

By privacy I understand not sharing data with the public or with the
oppressive regimes when it may lead to harassment, firing or arrests of
people.

But using my data to sell me some watches or bike parts? I'm in.

~~~
taurath
The internet is used for more than shopping. Your searches should not be
public domain. Your health records. Your location. The time you go to bed at
night. Where your house is. How many children you have. When you’ll next be
away from home on vacation. That you looked around on a dating website while
married. That you’re gay in a country where it carries the death penalty.

~~~
hkai
Is this currently public?

I advertise on Facebook but I can't see anyone's searches or current location.
Although I can target people who are interested in LGBT or people who have
been to SFO recently. If they like my post, I can also see their name and
photo.

That seems reasonable to me.

------
bactisme
I really thinks it's a weird move. Safari user will disapear from our
understanding of the web. We might not design and code for Safari because
these users will become virtually innexistent.

I am a small publisher, Safari users are demonetized , untracable, i might
just say to them gtfo.

~~~
speedgoose
Aren't safari users more rich on average, and more willing to spend money on
your website?

If you need to track your visitors without thinking about their privacy,
perhaps your business model isn't great.

~~~
andy_ppp
Haha because surveillance capitalism isn’t making hundreds of billions with
data!

------
gregoriol
I'm wondering how self-hosted solutions like Matomo will be treated?

~~~
XCSme
How do you think they should be treated?

------
kevin_thibedeau
Tag manager too?

~~~
saagarjha
I see Google Tag Manager in my list.

