My only issue with that is that you have to trust google to do it. The info is still transmitted (even if only in the form of the initial request to download ga.js) so we only have their word on the matter.
A small point (although I don't claim it militates against the central impulse of the article), is that serving analytics.js through gtag.js is obviously going to inflate the tag size unnecessarily. The latter is a unified interface for all of Google's various page snippets. Also, though not recommended, there's no reason you can't self-host GA, although practically speaking Google-hosted GA is likelier cached more often and on pretty snappy geolocated servers.
There's an easy solution here: Load Google Analytics locally. There's no urgent need to load ga.js from Google's servers; there are benefits, namely speed, utilizing client cache, and getting updates, but its core functionality does not rely on where ga.js comes from.
Then, the only resource loaded form Google's servers is http://ssl.google-analytics.com/__utm.gif, and that's just loaded via a new Image(), so even if you MITM that resource request, it doesn't execute as a script or anything similar.
Yes. GA has server-side API's available to premium accounts.
You can also just host the ga.js file yourself. Or run a reverse proxy or any of a dozen other methods to collect data and pass it to GA. Using the standard 3rd party tag is just for convenience.
As another option - you can cache GA js code locally and combine it with the rest site's js code. That's what Google Analytics module for Drupal is doing. Result - no third-party requests at all.
That would be more effort than including a single html-script tag to import google analytics. I have hope that most parties would decide that the extra server load and difficulties would make it not worth it.
One of the places I use GA is on my blog which is hosted on Github Pages. There's no server (which I can access). Without js tracking (GA or not) what you've left with is something along the lines of putting it behind Cloudflare and seeing the little you get there.
Ironically on the other hand, services like Cloudflare are also what makes server logs less useful in some cases - users might not hit your servers at all for you to record them there.
Yes. It's all just data in the end. Javascript can handle collecting all the information outside of setting cookies. But cookies are outdated and just a fallback now so all you need is the javascript to run.
This can be as simple as hosting a copy of GA.js yourself but there are plenty of options like using the server-side API if you have GA enterprise or just using a reverse-proxy like Nginx with some rewriting logic.
3rd-party only means it's a different domain (with security usually implemented at the browser level) - it's not some magical wall of isolation.
Not familiar with the particulars, but server-side GA, has the same theoretical ability as the current Javascript-based GA. The only difference is that the client code is served by the first party, and not the Google servers.
> In a privacy-conscious implementation of GTM/GA, those scripts can be loaded from a first-party server controlled by the company,
Thanks! I didn't know that was an option. I haven't noticed sites doing it yet at least, but I hope it catches on even for sites targeting US visitors! It'd be especially nice for government websites using GA.
They already have a counter move, to an extent. One of the deployment models for GA is via Google Tag Manager. One of the deployment models for GTM is this[1] server-side mode deployed to an App Engine container in Google Cloud. The only browser-visible communication happens between your browser and the App Engine instance, and then you send server side calls from that to the downstream systems based on those events (GA, Facebook Conversion API, etc).
It can also be used like the traditional GTM model, where it loads the primary GTM script browser-side, then that loads additional browser-side scripts based on the tags you implement (GA, Facebook, chat systems, map widgets, whatever). But the default GA support built into it avoids loading anything from Google's domains directly by the browser. And it's not even subject to the CNAME cloaking protections[2] that ITP have implemented, since it's not using the "CNAME to third party" technique that's typically common for these sorts of things to get first party access/privileges and is instead actually running on your infrastructure.
I'll get it working shortly, but it is a static website and all the functionality is in a single page ("ga.html"), so "view source" will show you everything that github will.
> which properties should be read-only
When I say "properties", I'm talking about the Google Analytics accounts, properties & views. You don't want to leave a PC/TV logged in with admin rights to GA, so the sensible thing is to add a new user just for the PC/TV with read access to the GA stuff you want to show.
I sure hope people aren't looking in my awful source to try to do anything.
Sibling comment shares this link, but you can run this in your own infrastructure (this is actually how Segment does server-side publishing to Google Analytics, because until very recently there hasn't been a proper API for it): https://developers.google.com/tag-platform/tag-manager/serve...
Very interesting. I started a service like this a few months ago called Add This Script (http://www.addthisscript.com/).
Collecting marketing/ad tracking scripts is just one use case for something like this (although it's likely the most easily monetizable). A host script like this can also manage script (e.g. jQuery) dependencies or provide unified APIs (e.g. a common API for web analytics/tracking usage with the ability to plug in which services you want data sent to).
Also, for anyone saying companies doing similar things are screwed, I actually think the opposite. Google entering this space validates what others are doing and gets people comfortable with the idea of putting all their scripts/tags in one hosted file. There are so many use cases for something like this and Google won't address them all, so there's plenty of opportunity. Google's primary focus will probably be on making it easier to tie together GA, AdWords conversions and other Google products.
I can't find the link that advises its use right now, but this link talks about hosting ga.js on your server: http://www.google.com/support/googleanalytics/bin/answer.py?...
reply