

Ask HN: Privacy Concerns re: ga.js (Google Analytics) - leoh

Hi all,<p>Something that has bothered me for several years is he proliferation of websites that use Google Analytics. Clearly, it's an exceptionally useful tool. But is seems to me that it could be a vector for a serious breach of privacy. Let me explain: every time you log into GMail or another Google service, Google presumably logs your IP. Likewise, whenever using a site with Google Analytics (my estimate is that at least 50% of the web's most popular websites use it, if not more), Google also takes down your IP and the website visited. It seems to me that it would be trivial for Google to assemble a rather complete web history for most people with a google account (let alone history for an arbitrary IP) in this manner. Perhaps this is old news and certainly there are other more grave violations of privacy on the net and via other mediums. But I have never heard the this particular tact discussed and would love to hear others thoughts on the issue. I wish I had an established blog, in which case I would link to a post about this matter. But this seems like a decent stand-in.<p>A short addendum: I suppose it would be possible to mitigate the effcts by blocking Google Analytics at the hosts level/by blocking JS, though either could have undesirable effects at some level.<p>Another addendum: one thing that makes this so troubling is that it potentially works across devices as well (mobile devices, desktops, etc.)
======
shanelja
Unfortunately, this is the whole point of Google Analytics, aside from the
normal usage, EG, tracking the users of your websites as they go through goal
funnels etc, it allows Google to build up a bigger picture.

Google knows the sites you've been too, how long you were there, what you did
and where you clicked, and they have this history of you for a long time
(assuming you keep the cookies enabled and don't delete them) but the real
question is: why do you care?

It's all to easy to think of it as spying, but in the end, Google is building
up this mountain of data on how _you_ browse the internet, all this invasive
data which is linked inextricably to you, _and then using it to server you
adverts for Shaving cream_.

The adverts are always going to be present on the page, it's how websites make
their money, in my honest opinion, they might as well be relevant adverts.

~~~
waxjar
> but the real question is: why do you care?

Translate what Google does to the analog world. It might look like this: some
guy following you around in every shop, every café you eat. He'll note what
you buy, what you talk about, what you don't talk about. He'll read your mail
to see what interests you (and your friends!). I hope this will help you
answer "the real question".

~~~
aviraldg
Extending your poorly thought out analogy: in the real world, a person who
uses "free" services is equivalent to a homeless person - you get almost
everything for free, in exchange for other people getting to see what you're
doing. If you care about privacy, you'll pay for a proper home.

~~~
waxjar
This is irrelevant. Google Analytics can be included on any website that
wishes to do so.

You can try not using Google services (which is nearly impossible in the first
place), but there's no getting away from Google Analytics and countless
similar services without installing ad-blockers and browser extensions like
Ghostery.

~~~
jnorthrop
You are just fear mongering. If you are really concerned and wanted to find a
solution, a simple search would turn up that Google provides a plug in to opt
out of GA tracking. <https://tools.google.com/dlpage/gaoptout>

~~~
waxjar
I don't think I am and I don't see how this makes it okay. Services that want
to track people shouldn't be opt-out in the first place. It isn't obvious to
anyone without some knowledge of computers (the vast majority of people) when
they're being tracked.

------
runjake
A good start: [https://www.eff.org/deeplinks/2012/04/4-simple-changes-
prote...](https://www.eff.org/deeplinks/2012/04/4-simple-changes-protect-your-
privacy-online)

I also use NoScript whenever possible.

