Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google Tracking

From: "Thomas Coppi" <thisnukes4u () gmail com>
Date: Sat, 15 Sep 2007 12:30:37 -0600
On 9/15/07, Marcin Wielgoszewski <marcinw86 () gmail com> wrote:

dre posted about "Using Google Analytics to Subvert Privacy" several
days ago here:

http://www.tssci-security.com/?p=303

The fact is, you can't block Google Analytics using NoScript unless
you inspect all JavaScript running on every website. This is because
any site can download the urchin.js code locally and host it on their
own site. If you set NoScript to implicitly trust a domain, one that's
running urchin.js, you're tracked. The best way to prevent GA from
tracking you is to block all cookies globally, only allowing cookies
for domains you implicitly trust.

See the post for more details.



The CustomizeGoogle Firefox extension has an option to prevent cookies
from Google Analytics and also to "Anonymize the Google cookie UID",
whatever that means.


--
Marcin


On 9/15/07, Cyberheb <cyb3rh3b () gmail com> wrote:

"Noscript is ur friend"?!

Beside using that firefox add-on to block the google-analytics thing, you
can also use the anonymity tools to hide from other analysis tracking
application.

- h3b

On 9/15/07, Kristian Erik Hermansen <kristian.hermansen () gmail com> wrote:


It appears to me that Google has the ability to know nearly all the
sites you have visited because many larger web presences utilize
Google Analytics.  What this means is that Google is continually
compiling data on every visitor across the Internet.  If they like,
they should have the ability to tie this to any Google services
account you operate.  Thus, perhaps they can search your Google user
id and see nearly all the web sites you have ever visited across the
Internet (not necessarily using their search engine, mind you).
Pretty cool, or scary, depending on which side of the fence you sit.

Now, correct me if I am wrong here, but I would like to hear from
anyone who utilizes Google Analytics and believes this is not the
case.  Does the EULA suggest that Google is not tracking users across
the entire Internet?  Just a random though I had.  Maybe this is
widely known and everyone has taken proactive measures to hide this
data from Google already.  It is merely as simple as blocking the
domain.  Maybe there is a more elegant way to do it?
--
Kristian Erik Hermansen





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
Thomas Coppi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: