What is your problem with Google Analytics?

Does GA (Google Analytics) provide slick products and performant services that can make the difference for your business?

The answer is unequivocally yes! Google brings even more value with a complete suite of products that can be combined effortlessly to capture critical trends.

For those who want to dive into the technique, I suggest Simo’s blog, which has a clever approach on the topic, to me (and lots of readers).

GA rocks but is it ethical?

Everywhere?

Everywhere, for example, at the time of writing:

We know of at least 28,152,477 live websites using Google Analytics.

Source: trends.builtwith.com

While most users get pretty much everything they need with the free version, there’s a premium version that can put things to the next level with expert support, account managing, training, and many other great features.

Still, the free version is more than enough to achieve both simple and complex analysis, which might explain its popularity, at least, partly.

If it’s free, you are the product

Whether it’s for re-marketing purposes or other treatments, Google may use and reuse your GA data at will, for example, to profile users.

You don’t own your data with GA, which makes privacy compliance and protection much harder for you, perhaps impossible for some aspects.

Source: Google - Marketing platform

Are you serious?

EU does not seem ok with GA:

The CNIL, in cooperation with its European counterparts, analysed the conditions under which the data collected through this service [Google Analytics] is transferred to the United States. The CNIL considers that these transfers are illegal and orders a French website manager to comply with the GDPR and, if necessary, to stop using this service under the current conditions

Source: CNIL

Data transfers can be a huge concern for Non-US Countries. The Austrian data protection authority’s (DSB) also concluded there are some incompatibilities:

In view of the above, the DSB outlined that Google Analytics could not be used in accordance with Chapter V of the GDPR

Telemetry rules the Internet

Telemetry is such a vast topic, so let’s focus on the facts. Google collects all kinds of data, LOTS of data:

20 times more telemetry from Android devices than Apple from iOS

It happens even when users are not logged in, in various products, including GA, and users have very few (or zero) options to disable it.

Source: Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google

Google would probably argue that telemetry is required for its core functioning. Undeniable, but does the company need to sit on such mountains of data?

Maybe the future holds some magic. Recently, I stumbbled uppon a video with Eli Jaffe that mentioned the potential benefits of multi-party computation protocols for telemetry, but it seems early stage researches.

In the meantime, technological leaders will keep collecting astronomical volumes of confidential data.

Disabling GA

Remember GA is everywhere!

Ad blockers do a tremendous job but there are various ways to circumvent them, for example, dataunlocker. Note that Google has a browser extension to truly prevent GA from tracking users called gaoptout.

If you’re not quite sure, because some websites could/will bypass gaoptout with a few lines of JavaScript to force tracking, you can block GA domains in your hosts file to avoid the DNS request.

However, there are known techniques that consist of using other domains than GA to maintain the tracking, so you might need to block them manually (there are browser extensions for that).

Firewalls and other traffic monitoring tools can filter all requests, allowing you to block unwanted calls.

It works great but it can be tedious to configure and it’s hard to define generic rules, as websites usually rely on dozens of intermediary services (e.g., data brokers, marketing) that ultimately do business with Google.

Paranoid mode would consist of disabling JavaScript, but for many apps:

no js, no fun

The problem is not data collection

Professionals need telemetry and data, but Google’s products are not the only way.

The company kinda shifts the responsibility to its customers without telling explicitly its policy when they actually collect PII (personal identifiable information):

You will not and will not assist or permit any third party to, pass information to Google that Google could use or recognize as personally identifiable information

I’ve read about potential sanctions, but I’ve never read about any occurrence.

Alternatives to GA you might want to try

Just go to switching.software > Google Analytics and you’ll get a list of credible alternatives for professional or personal use.

Note that some of them do not even need tracking consent to be compliant with the GDPR.

See Also