
UBlock defaults to blocking Google Analytics tracking - bhouston
https://github.com/gorhill/uBlock/blob/e6707fe8b155cc92da1cb5e4aad7098b057429cd/assets/thirdparties/easylist-downloads.adblockplus.org/easyprivacy.txt#L106
======
gergles
The Panopticon approach of "I am entitled to everything about you and your
browsing activity because I technically CAN get it" is very troublesome and
I'm glad that µblock takes a small step to revert that.

If some guy followed you around a store with a clipboard literally writing
down microsecond-level details of your time spent in the store, you wouldn't
be OK with that just because "I promise I didn't write down your name!"
There's no reason to suffer LESS privacy online.

~~~
bhouston
uBlock's philosophy is to, by default, block crash reporters (bugsnag,
newrelic) and all forms of analytics (customer.io, optimizely, kissmetrics,
mixpanel, newrelic, pingdom, piwik) because it can.

This is a stupid policy that hurts independent website developers because now
I have to write my own version of these tools because if I use third-party
services they will be listed in uBlock and blocked by default.

It is stupid but these are not used to run ad-networks, but rather improve the
quality of the website you are on.

~~~
_f71y
You could always respect your users and continue using Google Analytics etc.
knowing that some of your users won't be tracked.

Does missing out on the few people who use these tools actually have a
meaningful effect on your ability to run your business?

I understand how the crash reporters help you but do you really need
Optimizely/Analytics/MixPanel etc. running on 100% of your client browsers?

~~~
bhouston
uBlock is going to become very very popular. It isn't just going to be a small
percentage of users. It is going to be the majority of tech savvy users. That
is the problem.

ublock isn't Ghostery or NoScript. It is being sold to most has an ad blocker,
but really it blocks everything.

~~~
gorhill
> ublock [...] is being sold to most has an ad blocker, but really it blocks
> everything.

This is the first sentence on the project page:

> µBlock is not an ad blocker; it's a general-purpose blocker.

And toward the end:

> Free. Open source. For users by users. No donations sought.

It's not "being sold".

~~~
bhouston
>> ublock [...] is being sold to most has an ad blocker, but really it blocks
everything.

> It's not "being sold".

See definition #7 here of "sold":
[http://dictionary.reference.com/browse/sold](http://dictionary.reference.com/browse/sold)

"to cause to be accepted, especially generally or widely"

And it is, especially when all comparisons are with AdBlock Plus -- people are
being told by you that uBlock is a faster, more efficient alternative to ABP:

[https://github.com/gorhill/uBlock/wiki/%C2%B5Block-
vs.-ABP:-...](https://github.com/gorhill/uBlock/wiki/%C2%B5Block-
vs.-ABP:-efficiency-compared)

------
Glyptodon
The smallest violin in the world is playing a tune while I cry crocodile
tears.

It's just doing what it's supposed to do.

------
mtmail
If you read
[https://github.com/gorhill/uBlock/#philosophy](https://github.com/gorhill/uBlock/#philosophy)
then that's not surprising at all. Disconnect.me also blocks Google Analytics.

~~~
bhouston
Blocking standard analytics on small websites who do not server ads is being
dick. Now I do not know who is using my website. I can not optimize it for
longer user sessions, I can not figure out which are the most popular pages, I
can not record client-side errors, I can not track caching and page load time.

Basically this screws over those want to create good website experiences.
Blinding us in this way is pretty useless.

This type of stuff should be opt-in. Most people install uBlock to remove Ads.
But now we are making them invisible to websites at the same time, which is
not what most people signed up for.

~~~
DangerousPie
I don't think this is such a big issue. Only a small minority of people use
uBlock. Whatever data you measure on the 90% of your visitors that don't block
GA can, most likely, be extrapolated to the remaining 10% as well.

I'm a lot more concerned about the revenue I am losing due to the decrease in
ad views/clicks than I am about a slight decrease in GA hits...

~~~
at-fates-hands
>> Whatever data you measure on the 90% of your visitors that don't block GA
can, most likely, be extrapolated to the remaining 10% as well.

Agreed.

I think we as tech people tend to assume everybody is as tech savy as we are -
when in fact, it's not even close. Also, when you talk about an aging baby
boomer population who didn't grow up with Facebook and Instagram, they could
care less about being tracked.

------
acheron
Good. So does Ghostery, for that matter. It'd be a pretty poor blocker if it
didn't block one of the biggest trackers out there.

------
gorhill
Yes, but not because of EasyPrivacy. As I found out at one point, EasyPrivacy
does not block everything from Google Analytics. [1]

The one that does the job is Peter Lowe's [2]

I wish you would see how convoluted is your suggestion "to let users _opt-in_
to not be tracked by Google Analytics". (paraphrased) [3]

[1]
[https://www.diffchecker.com/r7v1cq6x](https://www.diffchecker.com/r7v1cq6x)

[2]
[https://github.com/gorhill/uBlock/blob/master/assets/thirdpa...](https://github.com/gorhill/uBlock/blob/master/assets/thirdparties/pgl.yoyo.org/as/serverlist#L1512)

[3]
[https://github.com/gorhill/uBlock/issues/564](https://github.com/gorhill/uBlock/issues/564)

Edit: "being" => "be"

------
dozy
Little nitpick - the line linked to is /googleanalytics.js, which I believe in
most situations will do absolutely nothing. It's the lines referring to
"analytics.js" and "ga.js" that actually matter.

EDIT: For clarification, analytics.js and ga.js are in indeed listed, as are
many other analytics services, bugsnag and kissmetrics to name a few.

~~~
DangerousPie
The filter that actually blocks it (at least in my installation) is "||google-
analytics.com^".

~~~
dozy
good point, if you can't even get to the domain, who cares what the file name
is.

~~~
zwetan
because you can host locally the javascript file
[https://support.google.com/analytics/answer/1032389?hl=en-
GB](https://support.google.com/analytics/answer/1032389?hl=en-GB)

------
bigbugbag
So does "no google analytics"[1]. It seems I'll soon be able to replace
several extension by µBlock which is a good news.

I've long wished firefox would actually block ads and trackers by default, but
it seems they'd rather make money instead.

[1] : [https://github.com/erikvold/no-ga](https://github.com/erikvold/no-ga)

------
ubercow13
Thanks, ublock

------
edgarvaldes
Serious: Why are people surprised to find this? I know GA is not ads, but it's
tracking. Not the same category, but the same idea.

------
kbart
Thanks for finally convincing me giving uBlock a try. And for those crying web
developers here -- if you respect your visitors, learn how to use server side
analysing and profiling without a use of 3rd party tools by companies known to
use privacy violations as a part of business model.

------
sergiotapia
Fantastic, I decided to install this extension and give it a whirl and it
works as expected with zero configuration. Loving it!

I appreciate the fact that this is blocking everything about my usage to
spying companies/individuals.

------
zwetan
it is pretty easy to unblock

    
    
      1. host the analytic js on your own domain
      2. and/or rename it
    

at the very worst you can do the analytic tracking server side, I know that
because I had to do it to track RESTful API usage as json/xml can not allow
you to embed the ga.js

eg.

    
    
      1. read a _ga cookie, if it does not exists create it
      2. not fan of it but you can make it more persistent with a session (I know, opposite to the idea of stateless with REST)
      3. and use the measurement protocol (universal analytics) server side which is trivial to implement
    

here an example in PHP
[http://pastebin.com/PQCRcJXq](http://pastebin.com/PQCRcJXq)

------
ArtDev
Maybe it will balance out all of the false positives from bots? I get so much
fake traffic, I don't know the real numbers anyhow.

~~~
maxmcd
Fake traffic? I have access to a few mid/high-traffic sites on GA. We do a lot
of event tracking, so unless these are very sophisticated bots I imagine I
would pick up on a lot of bot traffic.

Mind expanding on the fake traffic you're getting?

~~~
michaelbuckbee
Here's the most prominent one that's happening now:
[http://www.incapsula.com/blog/semalt-botnet-
spam.html](http://www.incapsula.com/blog/semalt-botnet-spam.html)

Basically referrer spam.

------
fs111
That is awesome!

------
irongeek
Good, this is awesome.

------
davidgerard
Good!

------
beedogs
I don't see any problem with this.

------
bhouston
More here:

[https://github.com/gorhill/uBlock/blob/e6707fe8b155cc92da1cb...](https://github.com/gorhill/uBlock/blob/e6707fe8b155cc92da1cb5e4aad7098b057429cd/assets/thirdparties/easylist-
downloads.adblockplus.org/easyprivacy.txt#L2912)

This screws my efforts to try to optimize my site for increased traffic and to
work towards longer user sessions. This hurts my website.

~~~
conphill
I agree. I understand that people have issues with being retargeted by ad
platforms and hate seeing the same ad follow them around, but I don't really
seem any downside to users being tracked by 3rd party platforms like Google
Analytics. Platforms like GA, don't track first party information and
anonymize who you are with a randomly generated ID. This is the only thing
that makes your visit unique from the rest. I don't see any harm in providing
that information. How do you expect businesses to get insights into what
features users like or dislike in their product? I can easily see users of a
tool like this complain about a change in one of their favorite products, but
by preventing them from any insights how does the business figure that out?

~~~
teamhappy
> How do you expect businesses to get insights into what features users like
> or dislike in their product?

Collect the data you need yourself. If you don't want to do that (it's
_really_ easy) then the data can't be that useful/important to you. Another
way would be to, you know, ask your users.

What bugs me is that people seem to think it's okay to send my data to another
company (usually many, in all kinds of different jurisdictions) without even
considering to ask for my consent. That's not nice, is it?

You could ask me, on first visit, if I'm okay with you sending my (anonymous)
data set to Google. It's really not that hard, is it? Just ask. But you don't.
Not only does nobody do that, I'm pretty sure most people don't even consider
doing it. That's the most offensive part.

So what am I left with? I could stop using the WWW all together, I suppose,
_or_ , I could block Google Analytics and the likes before hand, and then, if
I feel comfortable doing it, opt in to sharing my data because I like your
service and I want it to improve.

You and Google don't ask for my consent, but Ghostery does. That's why I (have
to) use it.

\---

bhouston said: "This type of stuff should be opt-in." (blocking GA, that is)

I hope the people reading my comment can appreciate the irony.

[By the way, the hypothetical guy I'm yelling at — _not_ you]

\---

One hour later. Can't make this up.

[https://www.eff.org/deeplinks/2015/01/healthcare.gov-
sends-p...](https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-
personal-data)

[https://news.ycombinator.com/item?id=8920294](https://news.ycombinator.com/item?id=8920294)

~~~
Karunamon
The reason "nobody does that" is because it's a stupid question that only a
tiny minority of people actually care about.

It's like the EU cookie law, the net result of which is that a handful of
websites are required to post obnoxious warnings.

Great. Your solution means even more obnoxious warnings internet wide. "Hey,
the person running this website wants to see what its users are doing. Allow
Y/N?" This is a future I literally cannot wait to see. </s>

~~~
teamhappy
Do you really think it's stupid to consider asking a client whether they're
okay with you sending their personal data to another company? Just assuming
that only a tiny minority of them actually care seems a bit careless.

I don't like the EU cookie law either, but that's a completely different
thing. The only thing they do have in common is that they make UX designer's
lives a bit harder, but that's really no excuse.

~~~
Karunamon
Considering "their personal data" in this case consists of "what you clicked
on my website", no, I don't think that should require any special permission.

I think you and I have different definitions of personal data. When I hear
that phrase, I think things like addresses, income, contacts, and so forth,
but not email or phone numbers (both of which are basically public info), and
certainly not what you clicked on my site.

~~~
nfoz
What someone clicks on websites is _extremely_ sensitive private information.
Extremely private sensitive matters of peoples' lives is directly observable
in the things they click on websites.

