Full Disclosure mailing list archives
Re: Google Tracking
From: "Thomas Coppi" <thisnukes4u () gmail com>
Date: Sat, 15 Sep 2007 12:30:37 -0600
On 9/15/07, Marcin Wielgoszewski <marcinw86 () gmail com> wrote:
dre posted about "Using Google Analytics to Subvert Privacy" several days ago here: http://www.tssci-security.com/?p=303 The fact is, you can't block Google Analytics using NoScript unless you inspect all JavaScript running on every website. This is because any site can download the urchin.js code locally and host it on their own site. If you set NoScript to implicitly trust a domain, one that's running urchin.js, you're tracked. The best way to prevent GA from tracking you is to block all cookies globally, only allowing cookies for domains you implicitly trust. See the post for more details.
The CustomizeGoogle Firefox extension has an option to prevent cookies from Google Analytics and also to "Anonymize the Google cookie UID", whatever that means.
-- MarcinOn 9/15/07, Cyberheb <cyb3rh3b () gmail com> wrote: "Noscript is ur friend"?! Beside using that firefox add-on to block the google-analytics thing, you can also use the anonymity tools to hide from other analysis tracking application. - h3b On 9/15/07, Kristian Erik Hermansen <kristian.hermansen () gmail com> wrote:It appears to me that Google has the ability to know nearly all the sites you have visited because many larger web presences utilize Google Analytics. What this means is that Google is continually compiling data on every visitor across the Internet. If they like, they should have the ability to tie this to any Google services account you operate. Thus, perhaps they can search your Google user id and see nearly all the web sites you have ever visited across the Internet (not necessarily using their search engine, mind you). Pretty cool, or scary, depending on which side of the fence you sit. Now, correct me if I am wrong here, but I would like to hear from anyone who utilizes Google Analytics and believes this is not the case. Does the EULA suggest that Google is not tracking users across the entire Internet? Just a random though I had. Maybe this is widely known and everyone has taken proactive measures to hide this data from Google already. It is merely as simple as blocking the domain. Maybe there is a more elegant way to do it? -- Kristian Erik Hermansen_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Thomas Coppi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google Tracking Kristian Erik Hermansen (Sep 15)
- Re: Google Tracking Cyberheb (Sep 15)
- Re: Google Tracking Peter Besenbruch (Sep 15)
- Re: Google Tracking Michał Jęczalik (Sep 15)
- Re: Google Tracking Peter van den Heuvel (Sep 16)
- <Possible follow-ups>
- Re: Google Tracking Throwaway1 () columbus rr com (Sep 15)
- Re: Google Tracking php0t (Sep 15)
- Re: Google Tracking Valdis . Kletnieks (Sep 17)
- Re: Google Tracking Marcin Wielgoszewski (Sep 15)
- Re: Google Tracking Thomas Coppi (Sep 15)
- Re: Google Tracking Cyberheb (Sep 15)