Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Not blocking google analytics ? #298
Unfortuantely privacy badger's heuristic doesn't recognize google analytics as a tracker because they don't use any third party cookies. Google analytics relies only on first party cookies. We are working on some improved heuristics though which may start blocking google analytics.
pushed a commit
Oct 7, 2015
@antistress Google Analytics is not considered a 3rd Party because the website you went to made the decision to run the tracking.
Google Analytics provides usage details to websites including visitors, unique visitors, bounce rate, and much more so it is a very popular service that websites use in order to gauge the amount of users/visitors they have and their engagement with the site.
For example: if site GitHub.com wants to use Google Analytics (which it does btw) they would pro-actively put the code in their website. This means that a 1st Party (the website you visited) loaded the script for tracking data. This data is used to understand user engagement and is now a necessity in website development. (though of course it could be ran through a different service)
Google Analytics is exempt, at least for now, because it is in fact a 1st Party Tracking service.
@skorokithakis that is not what it means, any data could be shared between websites in fact some data is shared by default, such as Referrers. 3rd Party means that you chose to load some kind of script from a separate party (this is still 1st party) but that separate party decided to load more scripts that the website didn't choose to load.
A = user | B = website you wanted to visit | GA = Google Analytics | 3P = 3rd Party Scripts
If A were to go to B and B decided to use GA then that is a 1st Party decision because A chose to go there and B chose to use GA. (both A and B are 1st Parties)
If A were to go to B and B decided to use GA and then GA decided to use another service (3P) then GA would still be 1st Party, thus allowed, but that service GA tried to load would be blocked because that would be 3rd Party.
If yes, is this still the case in PB v1.0.2 & v1.0.3?
That same argument would also permit many (any?) pernicious forms of tracking and malvertising because the website made the decision to run the tracking and/or malvertising.
Google Analytics is a 3rd party tracking website. The user did not choose to visit or otherwise interact with Google Analytics.
Whether or not Google Analytics is useful (or benign) to the visited website and user is orthogonal to it's status as 3rd party website.
No. 3rd party means that the website a user visits chooses to load resources from a separate party. It is from the perspective of the user not the website.
The "same origin" policy means user agents such as web browsers should prevent a.com from accessing cookies set by b.com and vice versa.
Separately, GA has the concept of cross-domain tracking whereby the owner of multiple (perhaps otherwise unrelated) domains can consolidate them in GA. Relies on these domains cooperatively sharing visitor identifier data (same info contained in cookies) to bypass the "same origin" policy's restrictions.
@cypherpunk I've found RequestPolicy + PrivacyBadger combination and in my opinion PB should include RP by default.
What is the advantage of using Privacy Badger vs. completely disabling 3rd party cookies in your browser if sites such as GA are not being blocked in PB by default?
Privacy badger name is quite misleading if you're seeking it to protect your digital rights.
@Osteri I think there are a few different ideas being conflated here, let me see if I can clear up some of the confusion.