On his blog, Wladimir Palant complains about Google providing browser users with a not effective enough way to opt-out from Google Analytics.
Specifically, he doesn’t like how the Google Analytics Opt-out Browser Add-on actually allows Google Analytics scripts to load and run, just setting a global variable (
) in the hosting page which tells the code not to send back data.
This approach is inherently flawed, because the hosting page can easily force Google Analytics to run by simply overwriting the aforementioned
can make a nice test to update the Panopticlick suite with, singling out privacy concerned persons.
However, the original sin is that the Google Analytics’ script still being downloaded and executed, and if you find this questionable from a security/privacy perspective, then the Google’s Analytics Opt-Out Browser Add-on serves no purpose.
Wladimir’s post initially advertised his own extension as a better solution, but later he had to retract:
Still, until Google can come up with something better I recommend people to use Adblock Plus with EasyPrivacy filter subscription,
that’s the easy and reliable solution(check the update below).
Update: Sorry, that last part wasn’t entirely correct — EasyPrivacy doesn’t block Google Analytics script either, due to many websites being broken without it as mentioned above.
This is no news (and no problem) at all for NoScript users, though: in fact, almost one year and half ago, this very issue prompted the development of NoScript’s Script Surrogates feature, which prevents the breakage by “emulating” the blocked script with dummy replacements. This means that NoScript users have Google Analytics blocked by default, with no site-breaking side effects.
So, until Google can come up with something better I recommend people to use the reliable and easy solution ;)