Hacker News new | past | comments | ask | show | jobs | submit login

What it does or what it does not is of no consequence to me. What it could do is what matters because I don't have the time to check whether or not someone at Google or some US agency decided that they want to know. The easy solution is to make sure that it can't happen, which is to stop using GA tags on logged in parts of the website.

They would need to remove GA from all pages on the same origin. JavaScript in any page can perform an AJAX request to read HTML, and those requests will send cookies.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact