Google analytics integrated in to Chrome

6 points by djanogo ↗ HN
Was checking my network request log to see if any new tracking is getting past ublock extension, was surprised to see google analytics is loaded without a network request and ublock can't block it. I had to right click on the request and block it using chrome's internal blocker.

Have I been living under a rock or is this something new?

I use Firefox for all personal stuff, and Chrome for random browsing.

General Request URL: https://www.google-analytics.com/analytics.js Request Method: GET Status Code: 307 Internal Redirect Referrer Policy: no-referrer-when-downgrade

Response Headers Location: chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/web_accessible_resources/59fb24a2d12455d15bea20980e8a6801.javascript?secret=lef6ooqidsb6 Non-Authoritative-Reason: Delegate Provisional headers are shown

Request Headers Referer: https://www.engadget.com/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36

6 comments

[ 2.8 ms ] story [ 31.0 ms ] thread
Did you actually visit the link?

chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/web_accessible_resources/59fb24a2d12455d15bea20980e8a6801.javascript?secret=lef6ooqidsb6

  (function() {
	// https://developers.google.com/analytics/devguides/collection/analyticsjs/
	var noopfn = function() {
		;
	};
	var noopnullfn = function() {
		return null;
	};
	//
	var Tracker = function() {
		;
	};
	var p = Tracker.prototype;
	p.get = noopfn;
	p.set = noopfn;
	p.send = noopfn;
	//
	var w = window,
		gaName = w.GoogleAnalyticsObject || 'ga';
	var ga = function() {
		var len = arguments.length;
		if ( len === 0 ) {
			return;
		}
		var f = arguments[len-1];
		if ( typeof f !== 'object' || f === null || typeof f.hitCallback !== 'function' ) {
			return;
		}
		try {
			f.hitCallback();
		} catch (ex) {
		}
	};
	ga.create = function() {
		return new Tracker();
	};
	ga.getByName = noopnullfn;
	ga.getAll = function() {
		return [];
	};
	ga.remove = noopfn;
	w[gaName] = ga;
	// https://github.com/gorhill/uBlock/issues/3075
	var dl = w.dataLayer;
	if ( dl instanceof Object && dl.hide instanceof Object && typeof dl.hide.end === 'function' ) {
		dl.hide.end();
	}
  })();
That is uBlock Origin intercepting the request and responding with a no-op version of analytics.js
> Response Headers Location: chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/web_accessible_resources/59fb24a2d12455d15bea20980e8a6801.javascript?secret=lef6ooqidsb6

Looks like it's loading Google Analytics from an extension you have installed.

If you lookup the ID cjpalhdlnbpafiamejdnhcphjbkeiagm in the Chrome web store, you'll see that that's the ID for uBlock Origin.

https://chrome.google.com/webstore/detail/ublock-origin/cjpa...

If you download the CRX file, extract it, and check the file ./web_accessible_resources/59fb24a2d12455d15bea20980e8a6801.javascript (the one being loaded) you'll see that it's just a stub; probably designed as a substitute for Google Analytics that doesn't actually send any analytics data but still defines a few necessary functions to avoid breaking sites which rely on them.

The request never reached google-analytics.com, it was redirected by uBlock Origin to a local neutered script, to minimize page breakage.

Often web pages break because they were created as if network requests to google-analytics.com can never fail, and using a neutered script to expose a dummy API prevents such breakage most of the time.

End result: no need to whitelist google-analytics.com to un-break a page.