Not blocking google analytics ? #298
Comments
Unfortuantely privacy badger's heuristic doesn't recognize google analytics as a tracker because they don't use any third party cookies. Google analytics relies only on first party cookies. We are working on some improved heuristics though which may start blocking google analytics. |
Is it a bug, if they don't use third-party cookies? Meanwhile, can I just block them manually everywhere? |
Exaclty, they don't use third party cookies so this works as expected. And yes, you can block them anyway by moving the slider to red. |
I do not think this is a bug they shouldnt be blocked because they are not doing third party tracking...they are doing first party tracking. http://www.openwebanalytics.com/ looks very interesting though so I am going to look into this. |
lots of domains to add to the cookie block list
Sorry, I don't understand. If i go on a given site not related with Google and that Google analytics does some... analytics (=tracking), whereas I'm not a Google analytics, how could this be 1st party tracking ? Isn't the definition of 3rd party tracking ? Thanks ! |
I wanted to write : "whereas I'm not a Google analytics user", sorry |
Third-party tracking cookies are cookies that are shared between websites. If you visit a.com and GA can read its cookie from a.com or b.com, that's third-party tracking. |
@antistress Google Analytics is not considered a 3rd Party because the website you went to made the decision to run the tracking. Google Analytics provides usage details to websites including visitors, unique visitors, bounce rate, and much more so it is a very popular service that websites use in order to gauge the amount of users/visitors they have and their engagement with the site. For example: if site GitHub.com wants to use Google Analytics (which it does btw) they would pro-actively put the code in their website. This means that a 1st Party (the website you visited) loaded the script for tracking data. This data is used to understand user engagement and is now a necessity in website development. (though of course it could be ran through a different service) Google Analytics is exempt, at least for now, because it is in fact a 1st Party Tracking service. @skorokithakis that is not what it means, any data could be shared between websites in fact some data is shared by default, such as Referrers. 3rd Party means that you chose to load some kind of script from a separate party (this is still 1st party) but that separate party decided to load more scripts that the website didn't choose to load. A = user | B = website you wanted to visit | GA = Google Analytics | 3P = 3rd Party Scripts If A were to go to B and B decided to use GA then that is a 1st Party decision because A chose to go there and B chose to use GA. (both A and B are 1st Parties) If A were to go to B and B decided to use GA and then GA decided to use another service (3P) then GA would still be 1st Party, thus allowed, but that service GA tried to load would be blocked because that would be 3rd Party. |
@cooperq If yes, is this still the case in PB v1.0.2 & v1.0.3? That would allow a 3rd party website to run arbitary Javascript and implement pervasive Javascript/CSS/Canvas-based fingerprinting techniques and still not be considered to be "tracking" users who are probably unaware of - and certainly did not consent to - the 3rd party website's actions.
That same argument would also permit many (any?) pernicious forms of tracking and malvertising because the website made the decision to run the tracking and/or malvertising.
Google Analytics is a 3rd party tracking website. The user did not choose to visit or otherwise interact with Google Analytics. Whether or not Google Analytics is useful (or benign) to the visited website and user is orthogonal to it's status as 3rd party website.
No. 3rd party means that the website a user visits chooses to load resources from a separate party. It is from the perspective of the user not the website. |
The "same origin" policy means user agents such as web browsers should prevent a.com from accessing cookies set by b.com and vice versa. Separately, GA has the concept of cross-domain tracking whereby the owner of multiple (perhaps otherwise unrelated) domains can consolidate them in GA. Relies on these domains cooperatively sharing visitor identifier data (same info contained in cookies) to bypass the "same origin" policy's restrictions. |
@cypherpunk I've found RequestPolicy + PrivacyBadger combination and in my opinion PB should include RP by default. What is the advantage of using Privacy Badger vs. completely disabling 3rd party cookies in your browser if sites such as GA are not being blocked in PB by default? Privacy badger name is quite misleading if you're seeking it to protect your digital rights. |
@Osteri without some kind of usage tracking, websites will have no data in order to improve their content. Are you against GA because of the tracking in general or because Google is the one doing the tracking? |
@MichaelTunnell I'm not against user analysis in websites when they are doing the analysis inside their own system. I'm against user analysis which is done by a distributed system such as GA. |
ok great so you would agree, @Osteri , that something like http://www.openwebanalytics.com/ would be ideal for both site and users? |
@Osteri I think there are a few different ideas being conflated here, let me see if I can clear up some of the confusion. |
@cooperq Yes, but still, even though they are different cookies, nothing prevents GA from tracking you based on your IP-address. |
For example on http://httpbin.org/ privacybadger only reports blocking tag.perfectaudience.com, not googleanalytics (which is also used).
The text was updated successfully, but these errors were encountered: